Newer
Older
17001
17002
17003
17004
17005
17006
17007
17008
17009
17010
17011
17012
17013
17014
17015
17016
17017
ending in <LF>). This simplifies integration with third-party
mail generating applications. Specify "sendmail_fix_line_endings
= strict" to restore historical Postfix behavior (i.e. convert
all input lines ending in <CR><LF> only if the first input
line ends in <CR><LF>). Files: sendmail/sendmail.c,
global/mail_params.h, proto/postconf.proto.
20111017
Cleanup: refined the heuristic that automagically transforms
legacy "sendmail -V" VERP requests into contemporary "sendmail
-XV" syntax. File: sendmail/sendmail.c.
Cleanup: when the cleanup daemon goes into discard mode,
don't get stuck when it runs onto milter file descriptor
information. File: cleanup/cleanup.c.
20111020
EAI Future-proofing: don't apply strict_mime_encoding_domain
checks to unknown message subtypes such as message/global*.
File: global/mime_state.c.
Bugfix (introduced: Postfix 2.8): postscreen sent non-compliant
SMTP responses (220- followed by 421) when it could not
hand off a connection to a real smtpd process, causing some
remote SMTP clients to bounce mail. The fix redirects the
client to the dummy SMTP engine which sends the 421 reply
at the first legitimate opportunity. Problem reported by
Ralf Hildebrandt. Files: postscreen/postscreen_send.c,
postscreen/postscreen_smtpd.c, postscreen/postscreen.h.
Workaround: to improve inter-operability with broken remote
SMTP servers, the Postfix SMTP client by default no longer
appends the "AUTH=<>" option to the MAIL FROM command.
Specify "smtp_send_dummy_mail_auth = yes" to restore the
old behavior.
Feature: "postconf -M" support to show Postfix's idea of
what is in the master.cf file. File: postconf/postconf.c.
Feature: postconf "-f" option to "nicely" format long lines
from main.cf or master.cf. File: postconf/postconf.c.
Cleanup: postconf finally supports dynamic configuration
parameter names: parameters whose name depend on a mail
delivery transport or spawn service in master.cf, and
parameters whose names are specified with smtpd_restriction_classes
in main.cf. This adds 70 parameters to the "postconf" output,
more if additional mail delivery transports are defined in
master.cf. File: postconf/postconf.c.
Cleanup: account for "," in smtpd_restriction_classes
value (Victor Duchovni). File: postconf/postconf.c.
Cleanup: postconf finally warns about possible mis-typed
main.cf and master.cf parameter names (i.e. parameters that
aren't used anywhere), and it finally displays user-defined
main.cf parameters that *are* used. File: postconf/postconf.c.
Portability: specify ``make makefiles "CCARGS=-DNO_NIS
..."'' to build on systems without NIS support. Files:
makedefs, util/sys_defs.h.
Cleanup: documented the postconf algorithms and their
limitations, and added regression tests to speed up future
development. File: postconf/postconf.c
Cleanup: postconf didn't "bless" type "inet" service names.
Cleanup: with pipelined sessions, smtp-sink flushed the
output too often. Reported by Mark Martinec. File:
smtpstone/smtp-sink.c.
Workaround: don't use IPv6 at build time. File: conf/main.cf.
Workaround: don't abort when IPv6 is present but busted.
File: util/inet_proto.c.
Portability: the Dovecot 2.0 authentication server supports
more socket types for its authentication server. File:
xsasl/xsasl_dovecot_server.c.
Documentation: the Dovecot 2.0 authentication server supports
communication over TCP sockets. Patrick Ben Koetter. File:
proto/SASL_README.html.
Cleanup: "postconf -M" now supports filtering. For example,
"postconf -M inet" shows only services that listen on the
network, and "postconf -M smtp.unix" shows the SMTP delivery
agent. File: postconf.c.
Cleanup: "postconf" commands in postfix-install needed to
be updated before master.cf was installed. Reported by
Sahil Tandon. File: postfix-install.
Cleanup: support for parameter name spaces for master.cf
entries. With this, postconf should no longer log false
warnings for "-o user-defined-name=value" in master.cf. As
a benefit, it will warn for user-defined parameters with
"name=value" entries that are unused because they are hidden
by master.cf "-o name=value" entries with the same parameter
name. File: postconf/postconf.c.
Cleanup: documentation fixes. File: postconf/postconf.c.
Cleanup: in postconf "main.cf management" mode, errors
opening master.cf are non-fatal. File: postconf/postconf.c.
Documentation: examples to request VERP-style delivery at
SMTP time with the smtpd_command_filter feature. Files:
proto/VERP_README.html, proto/postconf.proto.
Feature: TLS certificate public-key fingerprint matching
(SMTP server and client), and TLS logging cleanup. Victor
Duchovni. Files: proto/SMTPD_POLICY_README.html,
proto/TLS_README.html, proto/postconf.proto, global/mail_proto.h,
smtpd/smtpd_check.c, tls/tls.h, tls/tls_client.c, tls/tls_misc.c,
tls/tls_proxy_print.c, tls/tls_proxy_scan.c, tls/tls_server.c,
tls/tls_stream.c, tls/tls_verify.c.
Documentation: complete list of "make makefiles" overrides.
File: proto/INSTALL.html.
Cleanup: postscreen now logs more than the first word of
non-SMTP commands. File: postscreen/postscreen_smtpd.c.
Cleanup: eliminated false postconf "unused parameter"
warnings with legacy parameters such as $virtual_maps, and
with non-default parameter values for smtpd_expansion_filter
that can contain legitimate "$" without a macro name.
Cleanup: split postconf source into separate modules.
Files: postconf/postconf.c, postconf/postconf_builtin.c,
postconf/postconf_edit.c, postconf/postconf_main.c,
postconf/postconf_master.c, postconf/postconf_misc.c,
postconf/postconf_node.c, postconf/postconf_other.c,
postconf/postconf_service.c postconf/postconf_unused.c,
postconf/postconf_user.c, postconf/postconf.h.
Bitrot: changes in error reporting to the under-documented
OpenLDAP API. Problem reported by Quanah Gibson-Mount. Fix
by Viktor Dukhovni. File: global/dict_ldap.c.
Cleanup: four-space indentation had become a tab character.
Files: postconf/postconf.h, postconf/test20.ref,
postconf/test21.ref.
Cleanup: documented <transport>_suffix parameters that don't
show in postconf command output of earlier Postfix versions.
Files: proto/SMTPD_POLICY_README.html, proto/postconf.proto,
proto/SCHEDULER_README.html.
Cleanup: added the pipe(8) delivery agent to the list of
programs that implement transport_time_limit parameters.
File: postconf/postconf_service.c, postconf/test6.ref,
postconf/test22.ref.
Feature: "postconf -C class,..." support to print parameters
in one or more classes (builtin= built-in parameter names,
service=service-defined parameter names, user=user-defined
parameter names). Files: postconf/postconf.c, postconf/postconf.h,
postconf_service.c, postconf/postconf_user.c.
Cleanup: TLS logging level configuration. Files:
global/mail_params.h, smtp/lmtp_params.c, smtp/smtp.c,
smtp/smtp_params.c, smtp/smtp_proto.c, smtpd/smtpd.c,
tls/tls.h, tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c,
tlsmgr/tlsmgr.c, tlsproxy/tlsproxy.c.
20111203
Cleanup: time-dependent sender addresses of address
verification probes. Specify an address_verify_sender_ttl
value of several hours or more to frustrate address harvesting.
Files: global/verify_sender_addr.[hc], smtpd/smtpd.c,
smtpd/smtpd_check.c, verify/verify.c, proto/postconf.proto,
proto/ADDRESS_VERIFICATION_README.html.
Cleanup: removed the log_level arguments from tls_client_start()
and tls_server_start() calls. This information is already
given to tls_client_init() and tls_server_init(). Files:
smtpd/smtpd.c, tlsproxy/tlsproxy.c, smtp/smtp_proto.c,
tls/tls.h, tls/tls_client.c, tls/tls_server.c, tls/tls_misc.c.
Documentation: made the postconf(5) manpage more precise
in its use of "client" and "server"; reorganized the
TLS_README presentation of client configuration so that
most relevant information is presented earlier. Files:
proto/postconf.proto, proto/TLS_README.html.
Bugfix: tlsproxy(8) stored TLS sessions with a serverID of
"tlsproxy" instead of "smtpd", wasting an opportunity for
session reuse. File: tlsproxy/tlsproxy.c.
Documentation: removed descriptions of Postfix < 2.3 user
interface from TLS_README. Users of earlier releases are
referred to TLS_LEGACY_README. File: proto/TLS_README.html.
Cleanup: tlsproxy(8) now receives the session cache serverID
from its client (postscreen(8)). Files: global/mail_proto.h,
postscreen/postscreen_starttls.c, tlsproxy/tlsproxy.[hc],
tlsproxy_state.c.
Cleanup: the postscreen(8) daemon did not support a zero
cache cleanup interval. This is needed for memcache support.
File: postscreen/postscreen.c.
Bugfix (introduced: 20110227): null pointer bug while
updating dictionary owner attributes, after reading an empty
(database) configuration file. File: util/dict.c.
Cleanup: db_common_parse_domain() could not be called without
preceding db_common_parse() call. Files: global/db_common.[hc].
Feature: memcache client support. This implementation is
based on the under-documented libmemcache library, and
therefore supports only libmemcache version 1.4.0. Files:
conf/postfix-files, global/dict_memcache.[hc], global/mail_dict.c,
html/index.html, mantools/postlink, postconf/postconf.c,
postfix/postfix.c, proto/DATABASE_README.html,
proto/MEMCACHE_README.html, proto/memcache_table.
Cleanup: support for scripted and manual database tests with
LDAP, *SQL, and memcache. Files: util/dict_test.c, util/dict.c,
global/mail_dict.c.
Workaround: apparently, some distributions use Postfix
shared libraries without proper so-number versioning. This
causes programs to fail mysteriously, after an update
replaces the Postfix library but not the program (someone
experienced this with an extra copy of the Postfix SMTP
server). Files: global/mail_version.[hc], master/*server.c,
master/master.c, src/postalias/postalias.c,
src/postdrop/postdrop.c, src/postfix/postfix.c,
src/postlog/postlog.c, src/postmap/postmap.c,
src/postmulti/postmulti.c, src/postqueue/postqueue.c,
src/postsuper/postsuper.c, src/sendmail/sendmail.c.
Feature: first/next (sequence) support in the proxymap
protocol. This is needed for cache cleanup of a proxied
postscreen or verify persistent cache. Files:
global/dict_proxy.[hc], proxymap/proxymap.c.
Feature: memcache client support without libmemcache
dependencies. Files: global/memcache_proto.[hc],
global/dict_memcache.c.
Bugfix: missing lookup table entry and terminator, causing
proxymap(8) server segfault when postscreen(8) or verify(8)
attempted to access their cache via the proxymap(8) server.
This could never have worked anyway, because the Postfix
proxymap protocol did not support cache cleanup. File
util/dict.c.
Feature: support for persistent backup database in the
memcache client. The database can be shared with the proxymap
service, but it needs to be listed as "proxy:maptype:mapname"
in the proxy_read_maps or proxy_write_maps parameter value
(depending on whether the access is read-only or read-write).
Support for proxymap-over-tcp (proxy:maptype:mapname@host:port)
is under development. File: global/dict_memcache.c.
Documentation: updated the submission and smtps examples
in the sample master.cf file, so that their logging is
easier to recognize. File: conf/master.cf.
Documentation: use different hosts to separate MUA "port
25" traffic from the "port 25" MX service. Files:
postscreen/postscreen.c, proto/POSTSCREEN_README.html.
Cleanup: the proxymap client did not correctly propagate
the "open_lock" flag, causing the proxymap service to open
postscreen(8) and verify(8) caches twice, instead of once.
File: global/dict_proxy.c.
Cleanup: the verify and postscreen caches were not listed
as "authorized" for access via the proxywrite service. File:
global/mail_params.h.
Refactoring: the postscreen permanent access list code is
now a library module, so that it can be also used for remote
access to the proxymap server. Files: global/server_acl.[hc].
Hardening: read/write deadlines, to make the proxymap server
suitable for remote access. File: proxymap/proxymap.c.
Cleanup: more orthogonal definition of when the proxymap
server can/cannot share a single map instance among multiple
requestors, and corresponding code cleanup in the proxymap
client and server. Files: util/dict.h, util/dict_test.c,
global/dict_proxy.c, proxymap/proxymap.c.
17353
17354
17355
17356
17357
17358
17359
17360
17361
17362
17363
17364
17365
17366
17367
17368
17369
17370
17371
17372
17373
17374
17375
17376
17377
17378
17379
17380
17381
17382
17383
17384
17385
17386
17387
17388
17389
17390
17391
17392
17393
17394
Human factors: the postscreen/verify cache manager now logs
the full database name including the proxy: prefix, to avoid
WTF surprises. File: util/dict_cache.c.
20111218
Cleanup: more configurable memcache client error handling.
Files: global/dict_memcache.c, proto/memcache_table.
Feature: the Postfix SMTP server XCLIENT command now supports
the LOGIN attribute (e.g., login information from nginx).
Based on the nginx:xclient-login-patch from citrin.ru (Anton
Yuzhis). The patch was further enhanced to support SASL
login information everywhere in the Postfix SMTP server
without having to specify "smtpd_sasl_auth_enable = yes"
in main.cf. Files: smtpd.[hc], smtpd_sasl_glue.[hc],
smtpd_check.c, smtpd_sasl_proto.[hc], smtpd_state.c,
proto/XCLIENT_README.html.
Incompatibility: the Postfix SMTP server now always checks
the smtpd_sender_login_maps table, even without having
"smtpd_sasl_auth_enable = yes" in main.cf.
20111219
Cleanup: the match_list-based primitives now provide an
option to return an error result instead of terminating the
process with a fatal error. Files: util/match_ops.[hc],
util/match_list.c, global/addr_list_match.c, domain_list.c,
string_list.c, namadr_list.c.
Cleanup: a "fail:" database type that reliably fails all
requests. The lookup table name specifies the internal error
result code. having this table facilitates a systematic
review of all Postfix table lookup error handling.
Cleanup: trivial-rewrite now "catches" errors with implicit
database lookups in virtual_alias_domains, relay_domains,
virtual_mailbox_domains, just like it already caught explicit
database lookup errors. This means there are fewer occasions
where trivial-rewrite clients will appear to hang. File:
trivial-rewrite/resolve.c.
Cleanup: a broken relay_domains table would cause many
Postfix processes to terminate with fatal error as they
initialized the flush() client (used by defer_append()
etc.). Postfix now logs a warning instead. File:
global/flush_clnt.c.
Cleanup: the Postfix SMTP server now "catches" errors with
implicit database lookups in mynetworks, TLS client certificate
tables, and local_header_rewrite_clients, and reports "server
configuration error" or "table lookup error" instead of
terminating with a fatal error. This is work in progress;
errors with opening a database may be covered later. Files:
smtpd/smtpd.c, smtpd/smtpd_check.c.
17410
17411
17412
17413
17414
17415
17416
17417
17418
17419
17420
17421
17422
17423
17424
17425
17426
17427
17428
17429
17430
17431
17432
17433
17434
17435
17436
17437
17438
17439
17440
17441
17442
17443
17444
17445
17446
17447
17448
17449
17450
17451
17452
17453
17454
17455
17456
17457
17458
17459
17460
17461
17462
20111220
Cleanup: the Postfix SMTP server now "catches" errors with
implicit database lookups in mynetworks, debug_peer_list,
smtpd_client_event_limit_exceptions, permit_mx_backup_networks.
This continues work started 20111219, and does not cover
errors with opening a database. Files: smtpd/smtpd.c,
smtpd/smtpd_checks.c, smtpd/smtpd_error.in, smtpd/smtpd_error.ref.
Cleanup: memory leak testing of error handling. File:
util/name_mask.c.
20111222
Cleanup: memory leak testing of error handling. File:
util/name_mask.c.
Cleanup: simplified the match_list error reporting, thereby
reducing the footprint of the changes to "catch" errors
with implicit database lookups in mynetworks, and other
lists. Files: util/match_ops.[hc], util/match_list.c,
global/addr_list_match.c, domain_list.c, string_list.c,
namadr_list.c, trivial-rewrite/resolve.c, smtpd/smtpd.c,
smtpd/smtpd_check.c, global/flush_clnt.c, flush/flush.c.
20111224
Cleanup: eliminated the global dict_errno variable that
made error reporting convenient but not necessarily precise.
This was a straightforward change except in the few modules
that propagate errors from one dictionary API to another:
dict_cache.c, dict_debug.c, maps.c, dict_memcache.c. Files:
src/cleanup/cleanup_map11.c, src/cleanup/cleanup_map1n.c,
src/global/addr_match_list.c, src/global/dict_ldap.c,
src/global/dict_memcache.c, src/global/dict_mysql.c,
src/global/dict_pgsql.c, src/global/dict_proxy.c,
src/global/dict_sqlite.c, src/global/domain_list.c,
src/global/flush_clnt.c, src/global/mail_addr_find.c,
src/global/mail_addr_map.c, src/global/maps.c, src/global/maps.h,
src/global/match_parent_style.h, src/global/namadr_list.c,
src/global/resolve_local.c, src/global/resolve_local.h,
src/global/server_acl.c, src/global/string_list.c,
src/local/alias.c, src/local/bounce_workaround.c,
src/local/mailbox.c, src/local/unknown.c, src/proxymap/proxymap.c,
src/qmqpd/qmqpd.c, src/smtp/smtp_map11.c, src/smtpd/smtpd_check.c,
src/trivial-rewrite/resolve.c, src/trivial-rewrite/transport.c,
src/util/dict.h, src/util/dict_alloc.c, src/util/dict_cache.c,
src/util/dict_cidr.c, src/util/dict_db.c, src/util/dict_debug.c,
src/util/dict_env.c, src/util/dict_fail.c, src/util/dict_ht.c,
src/util/dict_pcre.c, src/util/dict_regexp.c,
src/util/dict_static.c, src/util/dict_tcp.c, src/util/dict_test.c,
src/util/dict_thash.c, src/util/dict_unix.c, src/util/match_list.c,
src/util/match_list.h, src/util/match_ops.c, src/virtual/mailbox.c.
Bugfix (introduced 20110426): after lookup error with
mailbox_transport_maps, mailbox_command_maps or
fallback_transport_maps, the local delivery agent did not
log the problem before deferring mail, and produced no defer
logfile record. Files: local/mailbox.c, local/unknown.c.
17474
17475
17476
17477
17478
17479
17480
17481
17482
17483
17484
17485
17486
17487
17488
17489
17490
17491
17492
17493
Workaround: degrade gracefully when the network protocols
specified with inet_protocols are unavailable. Files:
global/mail_params.c, global/mynetworks.c, global/own_inet_addr.c
master/master_ent.c, master/master_vars.c, postscreen/postscreen.c,
qmqpd/qmqpd.c, smtp/smtp_connect.c, smtpd/smtpd.c,
util/inet_proto.c.
20120107
Workaround: degrade gracefully when the "domain" feature
of LDAP, *SQL and memcache databases has a table lookup
problem. Files: global/db_common.c, global/dict_ldap.c,
global/dict*sql*.c, global/dict_memcache.c.
Cleanup: fixed memcache client error handling for things
that never happen. global/dict_memcache.c.
Future proofing: prepare postmap/postalias error logging
for future changes to database code. Files: postalias/postalias.c,
postmap/postmap.c.
Cleanup: the postscreen(8) and verify(8) cache managers log
warnings at a reduced rate of one per second per cache
operation, to avoid logging large numbers of warnings about
a problem with low-value information. File: util/msg_rate_delay.c,
util/dict_cache.c.
17503
17504
17505
17506
17507
17508
17509
17510
17511
17512
17513
17514
17515
17516
17517
17518
17519
17520
17521
17522
17523
17524
17525
17526
17527
17528
17529
17530
17531
17532
17533
17534
17535
17536
17537
17538
17539
17540
17541
17542
17543
17544
17545
17546
17547
17548
17549
17550
17551
17552
17553
17554
17555
17556
17557
17558
17559
17560
17561
17562
17563
17564
17565
17566
17567
17568
17569
17570
17571
17572
17573
17574
17575
17576
17577
17578
17579
17580
17581
17582
17583
17584
17585
17586
17587
17588
17589
17590
17591
17592
17593
17594
17595
17596
17597
17598
17599
17600
17601
17602
17603
17604
17605
17606
17607
17608
17609
17610
20120110
Cleanup: added logging for failed table lookups, and replaced
some "fatal" errors by warnings. Files: cleanup/cleanup_addr.c,
cleanup/cleanup_message.c, cleanup/cleanup_milter.c,
cleanup/cleanup_masquerade.c, global/header_body_checks.c,
global/smtp_stream.c, postscreen/postscreen_dnsbl.c,
postscreen/postscreen_smtpd.c, smtp/smtp_chat.c,
smtp/smtp_proto.c, smtp/smtp_sasl_auth_cache.c,
smtp/smtp_sasl_glue.c, smtp/smtp_session.c, smtp/smtp_trouble.c,
smtpd/smtpd.c, smtpd/smtpd_check.c.
20120114
Cleanup: gradual degradation after database file open errors.
Instead of terminating immediately with a "fatal" error, a
Postfix daemon logs an error and continues execution with
reduced functionality. In other words, features that don't
depend on the unavailable table will keep working. However,
for the sake of sanity, the number of such errors over the
life of a process is limited to 13. Files:
src/global/cfg_parser.c, src/util/dict_thash.c,
src/util/dict_cidr.c, src/util/dict_nis.c, src/util/dict_nisplus.c,
src/global/dict_ldap.c, src/global/dict_mysql.c,
src/global/dict_pgsql.c, src/global/dict_sqlite.c,
src/postconf/postconf_main.c, src/global/mail_conf.c,
src/util/dict.h, src/util/dict.c, src/global/dict_memcache.c,
src/util/dict_tcp.c, src/util/dict_unix.c, src/util/dict_pcre.c,
src/util/dict_regexp.c, src/master/trigger_server.c,
src/master/single_server.c, src/master/multi_server.c,
src/master/event_server.c, src/util/dict_test.c,
src/util/dict_surrogate.c, src/util/dict_alloc.c, src/util/msg.c,
src/util/dict_cdb.c, src/util/dict_dbm.c, src/util/msg.h,
src/util/dict_db.c.
Incompatibility: the Postfix SMTP server no longer reports
transcripts of sessions where a client command is rejected
because a table is unavailable. To receive such reports,
add the new "data" class to the notify_classes parameter
value. The reports will be sent to the error_notice_recipient
address as before. This class is also used by the Postfix
SMTP client to report about sessions that fail because a
table is unavailable. Files: global/mail_error.[hc],
smtpd/smtpd_check.c, smtp/smtp_trouble.c.
20120115
Fine tuning: SMTP server error messages. File: smtpd/smtpd.c.
Fine tuning: documentation. Files: proto/MEMCACHE_README.html.
proto/memcache_table.html.
Apply "gradual degradation" also when an unsupported database
*type* is specified. File: util/dict_open.c.
Cleanup: tiny memory leaks after surrogate database opens.
Files: util/dict_cidr.c, util/dict_db.c.
20120117
Cleanup: support for legacy-style database configuration
where parameter names are generated by appending suffixes
to the database name. Files: postconf/postconf_dbms.c.
Other: build without Berkeley DB support (make makefiles
"CCARGS=$CCARGS -DNO_DB"). Files: makedefs, util/sys_defs.h,
proto/DB_README.html, proto/INSTALL.html.
20120120
Compatibility: added file pflogsumm_quickfix.txt with quick
patches for pflogsumm that handle the new default master.cf
entries for the submission and smtps services.
20120121
Cleanup: getopt(3) compatibility in the postconf(1) master.cf
parser. Process "--" as the end-of-options indicator, and
process "-oname=value" as "-o name=value". Files:
util/argv.[hc], postconf/postconf_master.cf,
postconf/postconf_user.c.
20120122
Workaround: log a warning and suggested solution for common
stat()/fstat()/lstat() problems caused by 32-bit overflow.
This is a real stinker that causes Postfix to fail without
any prior warning. File: util/warn_stat.[hc], and everything
that directly calls stat(), fstat() or lstat().
20120127
Bugfix (introduced: Postfix 2.8): the Postfix client sqlite
quoting routine returned the unquoted result instead of the
quoted text. The opportunities for misuse are limited,
because Postfix sqlite files are usually owned by root, and
Postfix daemons usually run with non-root privileges so
they can't corrupt the database. Problem reported by Rob
McGee (rob0). File: global/dict_sqlite.c.
20120130
Bugfix (introduced: Postfix 2.3): the trace service did not
distinguish between notifications for a non-bounce or a
bounce message. This code pre-dates DSN support and should
have been updated when it was re-purposed to handle DSN
SUCCESS notifications. Problem reported by Sabahattin
Gucukoglu. File: bounce/bounce_trace_service.c.
17611
17612
17613
17614
17615
17616
17617
17618
17619
17620
17621
17622
17623
17624
17625
17626
17627
17628
17629
17630
17631
20120202
Bugfix (introduced: Postfix 2.3): the "change header" milter
request could replace the wrong header. A long header name
could match a shorter one, because a length check was done
on the wrong string. Reported by Vladimir Vassiliev. File:
cleanup/cleanup_milter.c.
20120214
Bugfix (introduced: Postfix 2.4): extraneous null assignment
caused core dump when postlog emitted the "usage" message.
Reported by Kant (fnord.hammer). File: postlog/postlog.c.
20120217
Bugfix (introduced 20111219): sendmail -bs segfault, due
to a missing guard statement after an smtpd_check_rewrite()
call was moved closer to the command processor loop. Fix
by Bartek Szady. File: smtpd/smtpd.c.
20120401
Bitrot: shut up useless warnings about Cyrus SASL call-back
function pointer type mis-matches. Files: xsasl/xsasl_cyrus.h,
xsasl/xsasl_cyrus_server.c, xsasl/xsasl_client.c.
20120422
Bit-rot: OpenSSL 1.0.1 introduces new protocols. Update the
known TLS protocol list so that protocols can be turned off
selectively to work around implementation bugs. Based on
a patch by Victor Duchovni. Files: proto/TLS_README.html,
proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c,
tls/tls_server.c.
17647
17648
17649
17650
17651
17652
17653
17654
17655
17656
17657
17658
17659
17660
17661
17662
17663
17664
17665
17666
17667
17668
17669
17670
17671
17672
17673
17674
17675
17676
17677
17678
17679
17680
17681
17682
17683
17684
17685
17686
17687
17688
17689
17690
17691
17692
17693
17694
17695
17696
17697
17698
17699
17700
17701
17702
17703
20120425
Workaround: bugs in 10-year old gcc versions break compilation
with #ifdef inside a macro invocation (NOT: definition).
This synchronizes the Postfix 2.9 TLS implementation with
Postfix 2.10 to simplify code maintenance. Files: tls/tls.h,
tls/tls_client.c, tls/tls_server.c.
20120426
Bugfix (introduced Postfix 2.9): the postconf command flagged
parameters defined in master.cf as "unused" when they were
used only in main.cf. Problem reported by Michael Tokarev.
Files: postconf/postconf_user.c.
20120516
Workaround: apparently, FreeBSD 8.3 kqueue notifications
sometimes break when a dnsblog(8) process loses an accept()
race on a shared socket, resulting in repeated "connect to
private/dnsblog service: Connection refused" warnings. This
condition is unique to dnsblog(8). The postscreen(8) daemon
closes a postscreen-to-dnsblog connection as soon as it
receives a dnsblog(8) reply, resulting in hundreds or
thousands of connection requests per second. All other
multi-server daemons such as anvil(8) or proxymap(8) have
connection lifetimes ranging from 5s to 1000s depending on
server load. The workaround is for dnsblog to use the
single_server driver instead of the multi_server driver.
This one-line code change eliminates the accept() race
without any Postfix performance impact. Problem reported
by Sahil Tandon. File: dnsblog/dnsblog.c.
20120517
Workaround: to avoid crashes when the OpenSSL library is
updated without "postfix reload", the Postfix TLS session
cache ID now includes the OpenSSL library version number.
Note: this problem cannot be fixed in tlsmgr(8). Code by
Victor Duchovni. Files: tls/tls_server.c, tls_client.c.
20120520
Bugfix (introduced Postfix 2.4): the event_drain() function
was comparing bitmasks incorrectly causing the program to
always wait for the full time limit. This error affected
the unused postkick command, but only after s/fifo/unix/
in master.cf. File: util/events.c.
Cleanup: laptop users have always been able to avoid
unnecessary disk spin-up by doing s/fifo/unix/ in master.cf
(this is currently not supported on Solaris systems).
However, to make this work reliably, the "postqueue -f"
command must wait until its requests have reached the pickup
and qmgr servers before closing the UNIX-domain request
sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in.
17704
17705
17706
17707
17708
17709
17710
17711
17712
17713
17714
17715
17716
17717
17718
17719
17720
20120621
Bugfix (introduced: Postfix 2.8): the unused "pass" trigger
client could close the wrong file descriptors. File:
util/unix_pass_trigger.c.
20120702
Bugfix (introduced: 19990127): the BIFF client leaked an
unprivileged UDP socket. Fix by Jaroslav Skarvada. File:
local/biff_notify.c.
20120730
Bugfix (introduced: 20000314): AUTH is not allowed after
MAIL. Timo Sirainen. File: smtpd/smtpd_sasl_proto.c.
17721
17722
17723
17724
17725
17726
17727
17728
17729
17730
17731
17732
17733
17734
17735
17736
17737
17738
17739
17740
17741
17742
17743
17744
17745
17746
17747
17748
17749
17750
17751
17752
17753
17754
17755
17756
17757
17758
20121003
Bugfix: the postscreen_access_list feature was case-sensitive
in the first character of permit, reject, etc. Reported by
Francis Picabia. File: global/server_acl.c.
20121010
Bugfix (introduced: Postfix 2.5): memory leak in program
initialization. Reported by Coverity. File: tls/tls_misc.c.
Bugfix (introduced: Postfix 2.3): memory leak in the unused
oqmgr program. Reported by Coverity. File: oqmgr/qmgr_message.c.
20121013
Cleanup: to compute the LDAP connection cache lookup key,
join the numeric fields with null, just like string fields.
Viktor Dukhovni. File: global/dict_ldap.c.
20121029
Workaround: strip datalink suffix from IPv6 addresses
returned by the system getaddrinfo() routine. Such suffixes
mess up the default mynetworks value, host name/address
verification and possibly more. This change obsoletes the
20101108 change that removes datalink suffixes in the SMTP
and QMQP servers, but we leave that code alone. File:
util/myaddrinfo.c.
20121210
Bugfix (introduced: Postfix 2.9) nesting count error while
stripping the optional [] around a DNS[BW]L address pattern.
This part of the code is not documented and had escaped
testing. Files: util/ip_match.c, util/ip_match.in,
util/ip_match.ref.
17759
17760
17761
17762
17763
17764
17765
17766
17767
17768
17769
17770
17771
17772
17773
17774
17775
17776
17777
17778
17779
17780
17781
17782
17783
17784
17785
20121230
Bugfix (omission in feature 20111106): the postconf(1)
master.cf options parser didn't support "clusters" of
command-line option letters. File: postconf/postconf_master.c,
postconf/test40.ref.
20130131
Bugfix: the local(8) delivery agent dereferenced a null
pointer while delivering to null command (for example, "|"
in a .forward file). Reported by Gilles Chehade.
20130203
Bugfix: the undocumented OpenSSL X509_pubkey_digest()
function is unsuitable for computing certificate PUBLIC KEY
fingerprints. Postfix now provides a correct procedure
that accounts for the algorithm and parameters in addition
to the key data. Specify "tls_legacy_public_key_fingerprints
= yes" if you need backwards compatibility. Fix by Victor
Duchovni, BC added by Wietse. Files: tls/tls_verify.c,
tls/tls_misc.c, proto/TLS_README.html, global/mail_params.h.
Bugfix: the 20121010 fix for tls_misc.c was documented but
not included.
17786
17787
17788
17789
17790
17791
17792
17793
17794
17795
17796
17797
17798
17799
17800
17801
17802
17803
17804
17805
17806
17807
17808
17809
17810
17811
17812
17813
20130403
Bugfix (introduced: Postfix 2.3): don't reuse TCP connections
when smtp_tls_policy_maps is specified. Victor Duchovni.
Found during Postfix 2.11 code maintenance. File:
smtp/smtp_reuse.c.
20130423
Bugfix (introduced: Postfix 2.0): when myhostname is not
listed in mydestination, the trivial-rewrite resolver may
log "do not list <myhostname value> in both mydestination
and <name of non-mydestination domain list>". The fix is
to re-resolve a domain-less address after adding $myhostname
as the surrogate domain, so that it pops out with the right
address-class label. Problem reported by Quanah Gibson-Mount.
File: trivial-rewrite/resolve.c.
20130425
Bugfix (introduced: Postfix 2.2): don't reuse TCP connections
when SASL authentication is enabled. SASL passwords may
depend on the remote SMTP server hostname, but the Postfix
<2.11 SMTP connection cache client does not distinguish
between different hostnames that resolve to the same IP
address. Found during Postfix 2.11 code maintenance. File:
smtp/smtp_connect.c.
17814
17815
17816
17817
17818
17819
17820
17821
17822
17823
17824
17825
17826
17827
17828
17829
17830
17831
17832
17833
17834
17835
17836
20130518
Bugfix (introduced: 1997): memory leak after error while
forwarding mail through the cleanup server. Viktor found
one, Wietse eliminated the rest. File: local/forward.c.
20130615
TLS Interoperability: turn on SHA-2 digests by force. This
improves interoperability with clients and servers that
deploy SHA-2 digests without the required support for
TLSv1.2-style digest negotiation. Based on patch by Viktor
Dukhovni. Files: tls/tls_client.c, tls/tls_server.c.
20130616
Workaround: The Postfix SMTP server TLS session cache was
broken because OpenSSL now enables session tickets by
default, resulting in a different ticket encryption key for
each smtpd(8) process. The workaround turns off session
tickets. In 2.11 we'll enable session tickets properly.
Viktor Dukhovni. File: tls/tls_server.c.
17837
17838
17839
17840
17841
17842
17843
17844
17845
17846
17847
17848
17849
17850
17851
17852
17853
17854
17855
17856
17857
17858
17859
17860
17861
17862
17863
17864
17865
17866
17867
17868
17869
20131026
Future proofing: API changes in the PCRE library. File:
util/dict_pcre.c.
20131127
Bugfix (introduced: 20090106): the postconf '-#' option
erased prior options. File: postconf/postconf.c.
20131129
Bugfix: Makefile example in MULTI_INSTANCE_README. Viktor
Dukhovni. File: proto/MULTI_INSTANCE_README.html.
20131216
OpenSSL future proofing: tolerate disappearance of named
bug-workaround bits without invalidating tls_disable_workarounds
configurations. When support for a bug workaround is removed
from OpenSSL, the corresponding bit is defined as zero (i.e.
NOOP) instead of causing programs to break. Viktor Dukhovni.
File: tls/tls_misc.c.
20131220
Documentation: typo in SASL_README. Patrick Ben Koetter.
File: proto/SASL_README.html.
20140104
Bugfix: malformed error message. File: conf/post-install.
17870
17871
17872
17873
17874
17875
17876
17877
17878
17879
17880
17881
17882
17883
17884
17885
17886
17887
17888
17889
17890
17891
17892
17893
17894
17895
17896
17897
17898
17899
17900
17901
17902
17903
17904
17905
17906
17907
20140116
Workaround: prepend "-I. -I../../include" to CCARGS, to
avoid name clashes with non-Postfix header files. File:
makedefs.
20140223
Logging: the TLS client logged that an "Untrusted" TLS
connection was established instead of "Anonymous". Viktor
Dukhovni. File: tls/tls_client.c.
20140619
Bugfix (introduced: 2001): qmqpd null pointer bug when it
logs a lost connection while not in a mail transaction.
Reported by Michal Adamek. File: qmqpd/qmqpd.c.
20140920
Bugfix (introduced: 20080212): incorrect client name in
reject messages from check_reverse_client_hostname_access
and check_reverse_client_hostname_{mx,ns}_access. They
replied with the verified client name, instead of the name
that was rejected. Problem reported by Reindl Harald. File:
smtpd/smtpd_check.c.
20141012
Bugfix (introduced: Postfix 2.3): the PREPEND access/policy
action added headers ABOVE Postfix's own Received: header,
exposing Postfix's own Received: header to Milters (protocol
violation) and hiding the PREPENDed header from Milters.
The latter caused problems for DMARC implementations with
SPF policy plus DKIM Milter. PREPENDed headers are now
added BELOW Postfix's own Received: header and remain visible
to Milters. File: smtpd/smtpd.c.
20141018
Bugfix (introduced: Postfix 2.3): when a Milter inserted a
header ABOVE Postfix's own Received: header, Postfix would
expose its own Received: header to Milters (violating
protocol) and hide the Milter-inserted header from Milters
(wtf). Files: cleanup/cleanup.h, cleanup/cleanup_message.c,
cleanup/cleanup_state.c, milter/milter.[hc], milter/milter8.c.
Cleanup: revert the workaround that places headers inserted
with PREPEND actions or policy requests BELOW Postfix's own
Received: message header. File: smtpd/smtpd.c.
20150106
Robustness: don't segfault due to excessive recursion after
a faulty configuration runs into the virtual_alias_recursion_limit.
File: global/tok822_tree.c.
20150115
Safety: stop aliasing loops that exponentially increase the
address length with each iteration. Back-ported from Postfix
3.0. File: cleanup/cleanup_map1n.c.
17933
17934
17935
17936
17937
17938
17939
17940
17941
17942
17943
17944
17945
17946
17947
17948
17949
17950
20150324
Bugfix (introduced: Postfix 2.6): sender_dependent_relayhost_maps
ignored the relayhost setting in the case of a DUNNO lookup
result. It would use the recipient domain instead. Viktor
Dukhovni. Wietse took the pieces of code that enforce the
precedence of a sender-dependent relayhost, the global
relayhost, and the recipient domain, and put that code
together in once place so that it is easier to maintain.
File: trivial-rewrite/resolve.c.
20150408
Portability: FreeBSD10 support. Files: makedefs, util/sys_defs.h.
Incompatibility: specifying "make makefiles" with "CC=command"
will no longer override the default WARN setting.
17951
17952
17953
17954
17955
17956
17957
17958
17959
17960
17961
17962
17963
17964
17965
17966
17967
17968
17969
17970
20150501
Support for Linux 4.*, and some simplification for future
makedefs files. Files: makedefs, util/sys_defs.h.
20150718
Security: opportunistic TLS by default uses "medium" or
stronger ciphers instead of "export" or stronger. See the
RELEASE_NOTES file for how to get the old settings back.
Files: global/mail_params.h, proto/TLS_README.html,
proto/postconf.proto, and files derived from those.
20150719
Security: Postfix TLS support by default no longer uses
SSLv2 or SSLv3. See the RELEASE_NOTES file for how to get
the old settings back. Files: global/mail_params.h,
proto/postconf.proto, and files derived from those.
17971
17972
17973
17974
17975
17976
17977
17978
17979
17980
17981
17982
17983
17984
17985
17986
17987
17988
17989
17990
17991
17992
17993
17994
20150924
Bugfix (introduced: 20090216-24): incorrect postmulti error
message. Reported by Patrik Koetter. Fix by Viktor Dukhovni.
File: postmulti/postmulti.c.
Workaround: don't create a new instance when the template
main.cf and master.cf files are missing, as happens on
Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script.
20150925
Bugfix (introduced: 19970309, fixed 20150421 in development
release): reset errno before calling readdir(), in order
to distinguish between an end-of-directory and an error
condition. File: scandir.c.
20150930
Bugfix (introduced: 20040124): Milter client panic while
adding a header, because the PREPEND action used the same
output function for header_checks and body_checks. Viktor
Dukhovni and Wietse. File: cleanup/cleanup_message.c.