Skip to content
HISTORY 614 KiB
Newer Older
Boris Mühmer's avatar
Boris Mühmer committed
	ending in <LF>).  This simplifies integration with third-party
	mail generating applications. Specify "sendmail_fix_line_endings
	= strict" to restore historical Postfix behavior (i.e. convert
	all input lines ending in <CR><LF> only if the first input
	line ends in <CR><LF>).  Files: sendmail/sendmail.c,
	global/mail_params.h, proto/postconf.proto.

20111017

	Cleanup: refined the heuristic that automagically transforms
	legacy "sendmail -V" VERP requests into contemporary "sendmail
	-XV" syntax.  File: sendmail/sendmail.c.

	Cleanup: when the cleanup daemon goes into discard mode,
	don't get stuck when it runs onto milter file descriptor
	information. File: cleanup/cleanup.c.

Boris Mühmer's avatar
Boris Mühmer committed
20111020

	EAI Future-proofing: don't apply strict_mime_encoding_domain
	checks to unknown message subtypes such as message/global*.
	File: global/mime_state.c.

Boris Mühmer's avatar
Boris Mühmer committed
20111025

Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced: Postfix 2.8): postscreen sent non-compliant
	SMTP responses (220- followed by 421) when it could not
	hand off a connection to a real smtpd process, causing some
	remote SMTP clients to bounce mail. The fix redirects the
	client to the dummy SMTP engine which sends the 421 reply
	at the first legitimate opportunity.  Problem reported by
	Ralf Hildebrandt. Files: postscreen/postscreen_send.c,
	postscreen/postscreen_smtpd.c, postscreen/postscreen.h.
Boris Mühmer's avatar
Boris Mühmer committed
	Workaround: to improve inter-operability with broken remote
	SMTP servers, the Postfix SMTP client by default no longer
	appends the "AUTH=<>" option to the MAIL FROM command.
	Specify "smtp_send_dummy_mail_auth = yes" to restore the
	old behavior.
Boris Mühmer's avatar
Boris Mühmer committed
20111106
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: "postconf -M" support to show Postfix's idea of
	what is in the master.cf file. File: postconf/postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: postconf "-f" option to "nicely" format long lines
	from main.cf or master.cf. File: postconf/postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111108
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: postconf finally supports dynamic configuration
	parameter names: parameters whose name depend on a mail
	delivery transport or spawn service in master.cf, and
	parameters whose names are specified with smtpd_restriction_classes
	in main.cf. This adds 70 parameters to the "postconf" output,
	more if additional mail delivery transports are defined in
	master.cf.  File: postconf/postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111109
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: account for "," in smtpd_restriction_classes
	value (Victor Duchovni). File: postconf/postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111112
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: postconf finally warns about possible mis-typed
	main.cf and master.cf parameter names (i.e. parameters that
	aren't used anywhere), and it finally displays user-defined
	main.cf parameters that *are* used.  File: postconf/postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111113
Boris Mühmer's avatar
Boris Mühmer committed
	Portability: specify ``make makefiles "CCARGS=-DNO_NIS
	..."'' to build on systems without NIS support. Files:
	makedefs, util/sys_defs.h.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: documented the postconf algorithms and their
	limitations, and added regression tests to speed up future
	development. File: postconf/postconf.c
Boris Mühmer's avatar
Boris Mühmer committed
20111117
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: postconf didn't "bless" type "inet" service names.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: with pipelined sessions, smtp-sink flushed the
	output too often. Reported by Mark Martinec. File:
	smtpstone/smtp-sink.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Workaround: don't use IPv6 at build time. File: conf/main.cf.
Boris Mühmer's avatar
Boris Mühmer committed
	Workaround: don't abort when IPv6 is present but busted.
	File: util/inet_proto.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Portability: the Dovecot 2.0 authentication server supports
	more socket types for its authentication server. File:
	xsasl/xsasl_dovecot_server.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Documentation: the Dovecot 2.0 authentication server supports
	communication over TCP sockets. Patrick Ben Koetter.  File:
	proto/SASL_README.html.
Boris Mühmer's avatar
Boris Mühmer committed
20111118
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: "postconf -M" now supports filtering. For example,
	"postconf -M inet" shows only services that listen on the
	network, and "postconf -M smtp.unix" shows the SMTP delivery
	agent. File: postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111119
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: "postconf" commands in postfix-install needed to
	be updated before master.cf was installed.  Reported by
	Sahil Tandon. File: postfix-install.
Boris Mühmer's avatar
Boris Mühmer committed
20111120
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: support for parameter name spaces for master.cf
	entries. With this, postconf should no longer log false
	warnings for "-o user-defined-name=value" in master.cf.  As
	a benefit, it will warn for user-defined parameters with
	"name=value" entries that are unused because they are hidden
	by master.cf "-o name=value" entries with the same parameter
	name.  File: postconf/postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111121
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: documentation fixes. File: postconf/postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: in postconf "main.cf management" mode, errors
	opening master.cf are non-fatal. File: postconf/postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111122
Boris Mühmer's avatar
Boris Mühmer committed
	Documentation: examples to request VERP-style delivery at
	SMTP time with the smtpd_command_filter feature.  Files:
	proto/VERP_README.html, proto/postconf.proto.
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: TLS certificate public-key fingerprint matching
	(SMTP server and client), and TLS logging cleanup. Victor
	Duchovni. Files: proto/SMTPD_POLICY_README.html,
	proto/TLS_README.html, proto/postconf.proto, global/mail_proto.h,
	smtpd/smtpd_check.c, tls/tls.h, tls/tls_client.c, tls/tls_misc.c,
	tls/tls_proxy_print.c, tls/tls_proxy_scan.c, tls/tls_server.c,
	tls/tls_stream.c, tls/tls_verify.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Documentation: complete list of "make makefiles" overrides.
	File: proto/INSTALL.html.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: postscreen now logs more than the first word of
	non-SMTP commands. File: postscreen/postscreen_smtpd.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111124
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: eliminated false postconf "unused parameter"
	warnings with legacy parameters such as $virtual_maps, and
	with non-default parameter values for smtpd_expansion_filter
	that can contain legitimate "$" without a macro name.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: split postconf source into separate modules.
	Files: postconf/postconf.c, postconf/postconf_builtin.c,
	postconf/postconf_edit.c, postconf/postconf_main.c,
	postconf/postconf_master.c, postconf/postconf_misc.c,
	postconf/postconf_node.c, postconf/postconf_other.c,
	postconf/postconf_service.c postconf/postconf_unused.c,
	postconf/postconf_user.c, postconf/postconf.h.
Boris Mühmer's avatar
Boris Mühmer committed
20111126
Boris Mühmer's avatar
Boris Mühmer committed
	Bitrot: changes in error reporting to the under-documented
	OpenLDAP API. Problem reported by Quanah Gibson-Mount. Fix
	by Viktor Dukhovni. File: global/dict_ldap.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: four-space indentation had become a tab character.
	Files: postconf/postconf.h, postconf/test20.ref,
	postconf/test21.ref.
Boris Mühmer's avatar
Boris Mühmer committed
20111127
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: documented <transport>_suffix parameters that don't
	show in postconf command output of earlier Postfix versions.
	Files: proto/SMTPD_POLICY_README.html, proto/postconf.proto,
	proto/SCHEDULER_README.html.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: added the pipe(8) delivery agent to the list of
	programs that implement transport_time_limit parameters.
	File: postconf/postconf_service.c, postconf/test6.ref,
	postconf/test22.ref.
Boris Mühmer's avatar
Boris Mühmer committed
20111128
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: "postconf -C class,..." support to print parameters
	in one or more classes (builtin= built-in parameter names,
	service=service-defined parameter names, user=user-defined
	parameter names). Files: postconf/postconf.c, postconf/postconf.h,
	postconf_service.c, postconf/postconf_user.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111129
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: TLS logging level configuration. Files:
	global/mail_params.h, smtp/lmtp_params.c, smtp/smtp.c,
	smtp/smtp_params.c, smtp/smtp_proto.c, smtpd/smtpd.c,
	tls/tls.h, tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c,
	tlsmgr/tlsmgr.c, tlsproxy/tlsproxy.c.
20111203
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: time-dependent sender addresses of address
	verification probes.  Specify an address_verify_sender_ttl
	value of several hours or more to frustrate address harvesting.
	Files: global/verify_sender_addr.[hc], smtpd/smtpd.c,
	smtpd/smtpd_check.c, verify/verify.c, proto/postconf.proto,
	proto/ADDRESS_VERIFICATION_README.html.
Boris Mühmer's avatar
Boris Mühmer committed
20111204
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: removed the log_level arguments from tls_client_start()
	and tls_server_start() calls. This information is already
	given to tls_client_init() and tls_server_init(). Files:
	smtpd/smtpd.c, tlsproxy/tlsproxy.c, smtp/smtp_proto.c,
	tls/tls.h, tls/tls_client.c, tls/tls_server.c, tls/tls_misc.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111205
Boris Mühmer's avatar
Boris Mühmer committed
	Documentation: made the postconf(5) manpage more precise
	in its use of "client" and "server"; reorganized the
	TLS_README presentation of client configuration so that
	most relevant information is presented earlier. Files:
	proto/postconf.proto, proto/TLS_README.html.
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix: tlsproxy(8) stored TLS sessions with a serverID of
	"tlsproxy" instead of "smtpd", wasting an opportunity for
	session reuse.  File: tlsproxy/tlsproxy.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111206
Boris Mühmer's avatar
Boris Mühmer committed
	Documentation: removed descriptions of Postfix < 2.3 user
	interface from TLS_README. Users of earlier releases are
	referred to TLS_LEGACY_README. File: proto/TLS_README.html.
Boris Mühmer's avatar
Boris Mühmer committed
20111207
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: tlsproxy(8) now receives the session cache serverID
	from its client (postscreen(8)). Files: global/mail_proto.h,
	postscreen/postscreen_starttls.c, tlsproxy/tlsproxy.[hc],
	tlsproxy_state.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: the postscreen(8) daemon did not support a zero
	cache cleanup interval. This is needed for memcache support.
	File: postscreen/postscreen.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced: 20110227): null pointer bug while
	updating dictionary owner attributes, after reading an empty
	(database) configuration file. File: util/dict.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111208
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: db_common_parse_domain() could not be called without
	preceding db_common_parse() call. Files: global/db_common.[hc].
Boris Mühmer's avatar
Boris Mühmer committed
20111209
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: memcache client support. This implementation is
	based on the under-documented libmemcache library, and
	therefore supports only libmemcache version 1.4.0.  Files:
	conf/postfix-files, global/dict_memcache.[hc], global/mail_dict.c,
	html/index.html, mantools/postlink, postconf/postconf.c,
	postfix/postfix.c, proto/DATABASE_README.html,
	proto/MEMCACHE_README.html, proto/memcache_table.
Boris Mühmer's avatar
Boris Mühmer committed
20111209
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: support for scripted and manual database tests with
	LDAP, *SQL, and memcache. Files: util/dict_test.c, util/dict.c,
	global/mail_dict.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Workaround: apparently, some distributions use Postfix
	shared libraries without proper so-number versioning. This
	causes programs to fail mysteriously, after an update
	replaces the Postfix library but not the program (someone
	experienced this with an extra copy of the Postfix SMTP
	server).  Files: global/mail_version.[hc], master/*server.c,
	master/master.c, src/postalias/postalias.c,
	src/postdrop/postdrop.c, src/postfix/postfix.c,
	src/postlog/postlog.c, src/postmap/postmap.c,
	src/postmulti/postmulti.c, src/postqueue/postqueue.c,
	src/postsuper/postsuper.c, src/sendmail/sendmail.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111211
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: first/next (sequence) support in the proxymap
	protocol. This is needed for cache cleanup of a proxied
	postscreen or verify persistent cache. Files:
	global/dict_proxy.[hc], proxymap/proxymap.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: memcache client support without libmemcache
	dependencies. Files: global/memcache_proto.[hc],
	global/dict_memcache.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix: missing lookup table entry and terminator, causing
	proxymap(8) server segfault when postscreen(8) or verify(8)
	attempted to access their cache via the proxymap(8) server.
	This could never have worked anyway, because the Postfix
	proxymap protocol did not support cache cleanup.  File
	util/dict.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: support for persistent backup database in the
	memcache client. The database can be shared with the proxymap
	service, but it needs to be listed as "proxy:maptype:mapname"
	in the proxy_read_maps or proxy_write_maps parameter value
	(depending on whether the access is read-only or read-write).
	Support for proxymap-over-tcp (proxy:maptype:mapname@host:port)
	is under development.  File: global/dict_memcache.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111214
Boris Mühmer's avatar
Boris Mühmer committed
	Documentation: updated the submission and smtps examples
	in the sample master.cf file, so that their logging is
	easier to recognize.  File: conf/master.cf.
Boris Mühmer's avatar
Boris Mühmer committed
20111215
Boris Mühmer's avatar
Boris Mühmer committed
	Documentation: use different hosts to separate MUA "port
	25" traffic from the "port 25" MX service. Files:
	postscreen/postscreen.c, proto/POSTSCREEN_README.html.
Boris Mühmer's avatar
Boris Mühmer committed
20111216
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: the proxymap client did not correctly propagate
	the "open_lock" flag, causing the proxymap service to open
	postscreen(8) and verify(8) caches twice, instead of once.
	File: global/dict_proxy.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: the verify and postscreen caches were not listed
	as "authorized" for access via the proxywrite service. File:
	global/mail_params.h.
Boris Mühmer's avatar
Boris Mühmer committed
	Refactoring: the postscreen permanent access list code is
	now a library module, so that it can be also used for remote
	access to the proxymap server.  Files: global/server_acl.[hc].
Boris Mühmer's avatar
Boris Mühmer committed
	Hardening: read/write deadlines, to make the proxymap server
	suitable for remote access. File: proxymap/proxymap.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111217
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: more orthogonal definition of when the proxymap
	server can/cannot share a single map instance among multiple
	requestors, and corresponding code cleanup in the proxymap
	client and server. Files: util/dict.h, util/dict_test.c,
	global/dict_proxy.c, proxymap/proxymap.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Human factors: the postscreen/verify cache manager now logs
	the full database name including the proxy: prefix, to avoid
	WTF surprises. File: util/dict_cache.c.

20111218

	Cleanup: more configurable memcache client error handling.
	Files: global/dict_memcache.c, proto/memcache_table.

	Feature: the Postfix SMTP server XCLIENT command now supports
	the LOGIN attribute (e.g., login information from nginx).
	Based on the nginx:xclient-login-patch from citrin.ru (Anton
	Yuzhis). The patch was further enhanced to support SASL
	login information everywhere in the Postfix SMTP server
	without having to specify "smtpd_sasl_auth_enable = yes"
	in main.cf.  Files: smtpd.[hc], smtpd_sasl_glue.[hc],
	smtpd_check.c, smtpd_sasl_proto.[hc], smtpd_state.c,
	proto/XCLIENT_README.html.

	Incompatibility: the Postfix SMTP server now always checks
	the smtpd_sender_login_maps table, even without having
	"smtpd_sasl_auth_enable = yes" in main.cf.

20111219

	Cleanup: the match_list-based primitives now provide an
	option to return an error result instead of terminating the
	process with a fatal error.  Files: util/match_ops.[hc],
	util/match_list.c, global/addr_list_match.c, domain_list.c,
	string_list.c, namadr_list.c.

	Cleanup: a "fail:" database type that reliably fails all
	requests. The lookup table name specifies the internal error
	result code. having this table facilitates a systematic
	review of all Postfix table lookup error handling.

	Cleanup: trivial-rewrite now "catches" errors with implicit
	database lookups in virtual_alias_domains, relay_domains,
	virtual_mailbox_domains, just like it already caught explicit
	database lookup errors. This means there are fewer occasions
	where trivial-rewrite clients will appear to hang. File:
	trivial-rewrite/resolve.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: a broken relay_domains table would cause many
	Postfix processes to terminate with fatal error as they
	initialized the flush() client (used by defer_append()
	etc.). Postfix now logs a warning instead.  File:
	global/flush_clnt.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: the Postfix SMTP server now "catches" errors with
	implicit database lookups in mynetworks, TLS client certificate
	tables, and local_header_rewrite_clients, and reports "server
	configuration error" or "table lookup error" instead of
	terminating with a fatal error. This is work in progress;
	errors with opening a database may be covered later. Files:
	smtpd/smtpd.c, smtpd/smtpd_check.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111220

	Cleanup: the Postfix SMTP server now "catches" errors with
	implicit database lookups in mynetworks, debug_peer_list,
	smtpd_client_event_limit_exceptions, permit_mx_backup_networks.
	This continues work started 20111219, and does not cover
	errors with opening a database.  Files: smtpd/smtpd.c,
	smtpd/smtpd_checks.c, smtpd/smtpd_error.in, smtpd/smtpd_error.ref.

	Cleanup: memory leak testing of error handling. File:
	util/name_mask.c.

20111222

	Cleanup: memory leak testing of error handling. File:
        util/name_mask.c.

	Cleanup: simplified the match_list error reporting, thereby
	reducing the footprint of the changes to "catch" errors
	with implicit database lookups in mynetworks, and other
	lists.  Files: util/match_ops.[hc], util/match_list.c,
	global/addr_list_match.c, domain_list.c, string_list.c,
	namadr_list.c, trivial-rewrite/resolve.c, smtpd/smtpd.c,
	smtpd/smtpd_check.c, global/flush_clnt.c, flush/flush.c.

20111224

	Cleanup: eliminated the global dict_errno variable that
	made error reporting convenient but not necessarily precise.
	This was a straightforward change except in the few modules
	that propagate errors from one dictionary API to another:
	dict_cache.c, dict_debug.c, maps.c, dict_memcache.c.  Files:
	src/cleanup/cleanup_map11.c, src/cleanup/cleanup_map1n.c,
	src/global/addr_match_list.c, src/global/dict_ldap.c,
	src/global/dict_memcache.c, src/global/dict_mysql.c,
	src/global/dict_pgsql.c, src/global/dict_proxy.c,
	src/global/dict_sqlite.c, src/global/domain_list.c,
	src/global/flush_clnt.c, src/global/mail_addr_find.c,
	src/global/mail_addr_map.c, src/global/maps.c, src/global/maps.h,
	src/global/match_parent_style.h, src/global/namadr_list.c,
	src/global/resolve_local.c, src/global/resolve_local.h,
	src/global/server_acl.c, src/global/string_list.c,
	src/local/alias.c, src/local/bounce_workaround.c,
	src/local/mailbox.c, src/local/unknown.c, src/proxymap/proxymap.c,
	src/qmqpd/qmqpd.c, src/smtp/smtp_map11.c, src/smtpd/smtpd_check.c,
	src/trivial-rewrite/resolve.c, src/trivial-rewrite/transport.c,
	src/util/dict.h, src/util/dict_alloc.c, src/util/dict_cache.c,
	src/util/dict_cidr.c, src/util/dict_db.c, src/util/dict_debug.c,
	src/util/dict_env.c, src/util/dict_fail.c, src/util/dict_ht.c,
	src/util/dict_pcre.c, src/util/dict_regexp.c,
	src/util/dict_static.c, src/util/dict_tcp.c, src/util/dict_test.c,
	src/util/dict_thash.c, src/util/dict_unix.c, src/util/match_list.c,
	src/util/match_list.h, src/util/match_ops.c, src/virtual/mailbox.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111226
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced 20110426): after lookup error with
	mailbox_transport_maps, mailbox_command_maps or
	fallback_transport_maps, the local delivery agent did not
	log the problem before deferring mail, and produced no defer
	logfile record. Files: local/mailbox.c, local/unknown.c.
Boris Mühmer's avatar
Boris Mühmer committed
20120102
Boris Mühmer's avatar
Boris Mühmer committed
	Workaround: degrade gracefully when the network protocols
	specified with inet_protocols are unavailable.  Files:
	global/mail_params.c, global/mynetworks.c, global/own_inet_addr.c
	master/master_ent.c, master/master_vars.c, postscreen/postscreen.c,
	qmqpd/qmqpd.c, smtp/smtp_connect.c, smtpd/smtpd.c,
	util/inet_proto.c.

20120107

	Workaround: degrade gracefully when the "domain" feature
	of LDAP, *SQL and memcache databases has a table lookup
	problem.  Files: global/db_common.c, global/dict_ldap.c,
	global/dict*sql*.c, global/dict_memcache.c.

	Cleanup: fixed memcache client error handling for things
	that never happen.  global/dict_memcache.c.

	Future proofing: prepare postmap/postalias error logging
	for future changes to database code. Files: postalias/postalias.c,
	postmap/postmap.c.
Boris Mühmer's avatar
Boris Mühmer committed
20120108
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: the postscreen(8) and verify(8) cache managers log
	warnings at a reduced rate of one per second per cache
	operation, to avoid logging large numbers of warnings about
	a problem with low-value information. File: util/msg_rate_delay.c,
	util/dict_cache.c.
Boris Mühmer's avatar
Boris Mühmer committed
20120110

	Cleanup: added logging for failed table lookups, and replaced
	some "fatal" errors by warnings. Files: cleanup/cleanup_addr.c,
	cleanup/cleanup_message.c, cleanup/cleanup_milter.c,
	cleanup/cleanup_masquerade.c, global/header_body_checks.c,
	global/smtp_stream.c, postscreen/postscreen_dnsbl.c,
	postscreen/postscreen_smtpd.c, smtp/smtp_chat.c,
	smtp/smtp_proto.c, smtp/smtp_sasl_auth_cache.c,
	smtp/smtp_sasl_glue.c, smtp/smtp_session.c, smtp/smtp_trouble.c,
	smtpd/smtpd.c, smtpd/smtpd_check.c.

20120114

	Cleanup: gradual degradation after database file open errors.
	Instead of terminating immediately with a "fatal" error, a
	Postfix daemon logs an error and continues execution with
	reduced functionality. In other words, features that don't
	depend on the unavailable table will keep working.  However,
	for the sake of sanity, the number of such errors over the
	life of a process is limited to 13.  Files:
	src/global/cfg_parser.c, src/util/dict_thash.c,
	src/util/dict_cidr.c, src/util/dict_nis.c, src/util/dict_nisplus.c,
	src/global/dict_ldap.c, src/global/dict_mysql.c,
	src/global/dict_pgsql.c, src/global/dict_sqlite.c,
	src/postconf/postconf_main.c, src/global/mail_conf.c,
	src/util/dict.h, src/util/dict.c, src/global/dict_memcache.c,
	src/util/dict_tcp.c, src/util/dict_unix.c, src/util/dict_pcre.c,
	src/util/dict_regexp.c, src/master/trigger_server.c,
	src/master/single_server.c, src/master/multi_server.c,
	src/master/event_server.c, src/util/dict_test.c,
	src/util/dict_surrogate.c, src/util/dict_alloc.c, src/util/msg.c,
	src/util/dict_cdb.c, src/util/dict_dbm.c, src/util/msg.h,
	src/util/dict_db.c.

	Incompatibility: the Postfix SMTP server no longer reports
	transcripts of sessions where a client command is rejected
	because a table is unavailable.  To receive such reports,
	add the new "data" class to the notify_classes parameter
	value. The reports will be sent to the error_notice_recipient
	address as before. This class is also used by the Postfix
	SMTP client to report about sessions that fail because a
	table is unavailable. Files: global/mail_error.[hc],
	smtpd/smtpd_check.c, smtp/smtp_trouble.c.

20120115

	Fine tuning: SMTP server error messages. File: smtpd/smtpd.c.

	Fine tuning: documentation. Files: proto/MEMCACHE_README.html.
	proto/memcache_table.html.

	Apply "gradual degradation" also when an unsupported database
	*type* is specified. File: util/dict_open.c.

	Cleanup: tiny memory leaks after surrogate database opens.
	Files: util/dict_cidr.c, util/dict_db.c.

20120117

	Cleanup: support for legacy-style database configuration
	where parameter names are generated by appending suffixes
	to the database name. Files: postconf/postconf_dbms.c.

	Other: build without Berkeley DB support (make makefiles
	"CCARGS=$CCARGS -DNO_DB"). Files: makedefs, util/sys_defs.h,
	proto/DB_README.html, proto/INSTALL.html.

20120120

	Compatibility: added file pflogsumm_quickfix.txt with quick
	patches for pflogsumm that handle the new default master.cf
	entries for the submission and smtps services.

20120121

	Cleanup: getopt(3) compatibility in the postconf(1) master.cf
	parser. Process "--" as the end-of-options indicator, and
	process "-oname=value" as "-o name=value".  Files:
	util/argv.[hc], postconf/postconf_master.cf,
	postconf/postconf_user.c.

20120122

	Workaround: log a warning and suggested solution for common
	stat()/fstat()/lstat() problems caused by 32-bit overflow.
	This is a real stinker that causes Postfix to fail without
	any prior warning.  File: util/warn_stat.[hc], and everything
	that directly calls stat(), fstat() or lstat().

20120127

	Bugfix (introduced: Postfix 2.8): the Postfix client sqlite
	quoting routine returned the unquoted result instead of the
	quoted text.  The opportunities for misuse are limited,
	because Postfix sqlite files are usually owned by root, and
	Postfix daemons usually run with non-root privileges so
	they can't corrupt the database. Problem reported by Rob
	McGee (rob0).  File: global/dict_sqlite.c.

20120130

	Bugfix (introduced: Postfix 2.3): the trace service did not
	distinguish between notifications for a non-bounce or a
	bounce message. This code pre-dates DSN support and should
	have been updated when it was re-purposed to handle DSN
	SUCCESS notifications. Problem reported by Sabahattin
	Gucukoglu.  File: bounce/bounce_trace_service.c.
Boris Mühmer's avatar
Boris Mühmer committed

20120202

	Bugfix (introduced: Postfix 2.3): the "change header" milter
	request could replace the wrong header. A long header name
	could match a shorter one, because a length check was done
	on the wrong string.  Reported by Vladimir Vassiliev.  File:
	cleanup/cleanup_milter.c.

20120214

	Bugfix (introduced: Postfix 2.4): extraneous null assignment
	caused core dump when postlog emitted the "usage" message.
	Reported by Kant (fnord.hammer). File: postlog/postlog.c.

20120217

	Bugfix (introduced 20111219): sendmail -bs segfault, due
	to a missing guard statement after an smtpd_check_rewrite()
	call was moved closer to the command processor loop. Fix
	by Bartek Szady. File: smtpd/smtpd.c.
Boris Mühmer's avatar
Boris Mühmer committed

20120401

	Bitrot: shut up useless warnings about Cyrus SASL call-back
	function pointer type mis-matches. Files: xsasl/xsasl_cyrus.h,
	xsasl/xsasl_cyrus_server.c, xsasl/xsasl_client.c.

20120422

	Bit-rot: OpenSSL 1.0.1 introduces new protocols. Update the
	known TLS protocol list so that protocols can be turned off
	selectively to work around implementation bugs.  Based on
	a patch by Victor Duchovni.  Files: proto/TLS_README.html,
	proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c,
	tls/tls_server.c.
Boris Mühmer's avatar
Boris Mühmer committed

20120425

	Workaround: bugs in 10-year old gcc versions break compilation
	with #ifdef inside a macro invocation (NOT: definition).
	This synchronizes the Postfix 2.9 TLS implementation with
	Postfix 2.10 to simplify code maintenance.  Files: tls/tls.h,
	tls/tls_client.c, tls/tls_server.c.

20120426

	Bugfix (introduced Postfix 2.9): the postconf command flagged
	parameters defined in master.cf as "unused" when they were
	used only in main.cf. Problem reported by Michael Tokarev.
	Files: postconf/postconf_user.c.

20120516

	Workaround: apparently, FreeBSD 8.3 kqueue notifications
	sometimes break when a dnsblog(8) process loses an accept()
	race on a shared socket, resulting in repeated "connect to
	private/dnsblog service: Connection refused" warnings.  This
	condition is unique to dnsblog(8). The postscreen(8) daemon
	closes a postscreen-to-dnsblog connection as soon as it
	receives a dnsblog(8) reply, resulting in hundreds or
	thousands of connection requests per second.  All other
	multi-server daemons such as anvil(8) or proxymap(8) have
	connection lifetimes ranging from 5s to 1000s depending on
	server load.  The workaround is for dnsblog to use the
	single_server driver instead of the multi_server driver.
	This one-line code change eliminates the accept() race
	without any Postfix performance impact.  Problem reported
	by Sahil Tandon.  File: dnsblog/dnsblog.c.

20120517

	Workaround: to avoid crashes when the OpenSSL library is
	updated without "postfix reload", the Postfix TLS session
	cache ID now includes the OpenSSL library version number.
	Note: this problem cannot be fixed in tlsmgr(8). Code by
	Victor Duchovni. Files: tls/tls_server.c, tls_client.c.

20120520

	Bugfix (introduced Postfix 2.4): the event_drain() function
	was comparing bitmasks incorrectly causing the program to
	always wait for the full time limit. This error affected
	the unused postkick command, but only after s/fifo/unix/
	in master.cf.  File: util/events.c.

	Cleanup: laptop users have always been able to avoid
	unnecessary disk spin-up by doing s/fifo/unix/ in master.cf
	(this is currently not supported on Solaris systems).
	However, to make this work reliably, the "postqueue -f"
	command must wait until its requests have reached the pickup
	and qmgr servers before closing the UNIX-domain request
	sockets.  Files: postqueue/postqueue.c, postqueue/Makefile.in.
Boris Mühmer's avatar
Boris Mühmer committed

20120621

	Bugfix (introduced: Postfix 2.8): the unused "pass" trigger
	client could close the wrong file descriptors.  File:
	util/unix_pass_trigger.c.

20120702

	Bugfix (introduced: 19990127): the BIFF client leaked an
	unprivileged UDP socket. Fix by Jaroslav Skarvada.  File:
	local/biff_notify.c.

20120730

	Bugfix (introduced: 20000314): AUTH is not allowed after
	MAIL. Timo Sirainen.  File: smtpd/smtpd_sasl_proto.c.
Boris Mühmer's avatar
Boris Mühmer committed

20121003

	Bugfix: the postscreen_access_list feature was case-sensitive
	in the first character of permit, reject, etc. Reported by
	Francis Picabia. File: global/server_acl.c.

20121010

	Bugfix (introduced: Postfix 2.5): memory leak in program
	initialization. Reported by Coverity. File: tls/tls_misc.c.

	Bugfix (introduced: Postfix 2.3): memory leak in the unused
	oqmgr program. Reported by Coverity. File: oqmgr/qmgr_message.c.

20121013

	Cleanup: to compute the LDAP connection cache lookup key,
	join the numeric fields with null, just like string fields.
	Viktor Dukhovni. File: global/dict_ldap.c.

20121029

	Workaround: strip datalink suffix from IPv6 addresses
	returned by the system getaddrinfo() routine.  Such suffixes
	mess up the default mynetworks value, host name/address
	verification and possibly more. This change obsoletes the
	20101108 change that removes datalink suffixes in the SMTP
	and QMQP servers, but we leave that code alone.  File:
	util/myaddrinfo.c.

20121210

	Bugfix (introduced: Postfix 2.9) nesting count error while
	stripping the optional [] around a DNS[BW]L address pattern.
	This part of the code is not documented and had escaped
	testing.  Files: util/ip_match.c, util/ip_match.in,
	util/ip_match.ref.
Boris Mühmer's avatar
Boris Mühmer committed

20121230

	Bugfix (omission in feature 20111106): the postconf(1)
	master.cf options parser didn't support "clusters" of
	command-line option letters. File: postconf/postconf_master.c,
	postconf/test40.ref.

20130131

	Bugfix: the local(8) delivery agent dereferenced a null
	pointer while delivering to null command (for example, "|"
	in a .forward file).  Reported by Gilles Chehade.

20130203

	Bugfix: the undocumented OpenSSL X509_pubkey_digest()
	function is unsuitable for computing certificate PUBLIC KEY
	fingerprints.  Postfix now provides a correct procedure
	that accounts for the algorithm and parameters in addition
	to the key data.  Specify "tls_legacy_public_key_fingerprints
	= yes" if you need backwards compatibility. Fix by Victor
	Duchovni, BC added by Wietse.  Files: tls/tls_verify.c,
	tls/tls_misc.c, proto/TLS_README.html, global/mail_params.h.

	Bugfix: the 20121010 fix for tls_misc.c was documented but
	not included.
Boris Mühmer's avatar
Boris Mühmer committed

20130403

	Bugfix (introduced: Postfix 2.3): don't reuse TCP connections
	when smtp_tls_policy_maps is specified. Victor Duchovni.
	Found during Postfix 2.11 code maintenance.  File:
	smtp/smtp_reuse.c.

20130423

	Bugfix (introduced: Postfix 2.0): when myhostname is not
	listed in mydestination, the trivial-rewrite resolver may
	log "do not list <myhostname value> in both mydestination
	and <name of non-mydestination domain list>".  The fix is
	to re-resolve a domain-less address after adding $myhostname
	as the surrogate domain, so that it pops out with the right
	address-class label.  Problem reported by Quanah Gibson-Mount.
	File: trivial-rewrite/resolve.c.

20130425

	Bugfix (introduced: Postfix 2.2): don't reuse TCP connections
	when SASL authentication is enabled. SASL passwords may
	depend on the remote SMTP server hostname, but the Postfix
	<2.11 SMTP connection cache client does not distinguish
	between different hostnames that resolve to the same IP
	address.  Found during Postfix 2.11 code maintenance.  File:
	smtp/smtp_connect.c.
Boris Mühmer's avatar
Boris Mühmer committed

20130518

	Bugfix (introduced: 1997): memory leak after error while
	forwarding mail through the cleanup server. Viktor found
	one, Wietse eliminated the rest.  File: local/forward.c.

20130615

	TLS Interoperability: turn on SHA-2 digests by force.  This
	improves interoperability with clients and servers that
	deploy SHA-2 digests without the required support for
	TLSv1.2-style digest negotiation.  Based on patch by Viktor
	Dukhovni.  Files: tls/tls_client.c, tls/tls_server.c.

20130616

	Workaround: The Postfix SMTP server TLS session cache was
	broken because OpenSSL now enables session tickets by
	default, resulting in a different ticket encryption key for
	each smtpd(8) process.  The workaround turns off session
	tickets. In 2.11 we'll enable session tickets properly.
	Viktor Dukhovni. File: tls/tls_server.c.