HISTORY

	ending in <LF>).  This simplifies integration with third-party
	mail generating applications. Specify "sendmail_fix_line_endings
	= strict" to restore historical Postfix behavior (i.e. convert
	all input lines ending in <CR><LF> only if the first input
	line ends in <CR><LF>).  Files: sendmail/sendmail.c,
	global/mail_params.h, proto/postconf.proto.

20111017

	Cleanup: refined the heuristic that automagically transforms
	legacy "sendmail -V" VERP requests into contemporary "sendmail
	-XV" syntax.  File: sendmail/sendmail.c.

	Cleanup: when the cleanup daemon goes into discard mode,
	don't get stuck when it runs onto milter file descriptor
	information. File: cleanup/cleanup.c.

20111020

	EAI Future-proofing: don't apply strict_mime_encoding_domain
	checks to unknown message subtypes such as message/global*.
	File: global/mime_state.c.

20111025

	Bugfix (introduced: Postfix 2.8): postscreen sent non-compliant
	SMTP responses (220- followed by 421) when it could not
	hand off a connection to a real smtpd process, causing some
	remote SMTP clients to bounce mail. The fix redirects the
	client to the dummy SMTP engine which sends the 421 reply
	at the first legitimate opportunity.  Problem reported by
	Ralf Hildebrandt. Files: postscreen/postscreen_send.c,
	postscreen/postscreen_smtpd.c, postscreen/postscreen.h.

20111102

	Workaround: to improve inter-operability with broken remote
	SMTP servers, the Postfix SMTP client by default no longer
	appends the "AUTH=<>" option to the MAIL FROM command.
	Specify "smtp_send_dummy_mail_auth = yes" to restore the
	old behavior.

20111106

	Feature: "postconf -M" support to show Postfix's idea of
	what is in the master.cf file. File: postconf/postconf.c.

	Feature: postconf "-f" option to "nicely" format long lines
	from main.cf or master.cf. File: postconf/postconf.c.

20111108

	Cleanup: postconf finally supports dynamic configuration
	parameter names: parameters whose name depend on a mail
	delivery transport or spawn service in master.cf, and
	parameters whose names are specified with smtpd_restriction_classes
	in main.cf. This adds 70 parameters to the "postconf" output,
	more if additional mail delivery transports are defined in
	master.cf.  File: postconf/postconf.c.

20111109

	Cleanup: account for "," in smtpd_restriction_classes
	value (Victor Duchovni). File: postconf/postconf.c.

20111112

	Cleanup: postconf finally warns about possible mis-typed
	main.cf and master.cf parameter names (i.e. parameters that
	aren't used anywhere), and it finally displays user-defined
	main.cf parameters that *are* used.  File: postconf/postconf.c.

20111113

	Portability: specify ``make makefiles "CCARGS=-DNO_NIS
	..."'' to build on systems without NIS support. Files:
	makedefs, util/sys_defs.h.

	Cleanup: documented the postconf algorithms and their
	limitations, and added regression tests to speed up future
	development. File: postconf/postconf.c

20111117

	Cleanup: postconf didn't "bless" type "inet" service names.

	Cleanup: with pipelined sessions, smtp-sink flushed the
	output too often. Reported by Mark Martinec. File:
	smtpstone/smtp-sink.c.

	Workaround: don't use IPv6 at build time. File: conf/main.cf.

	Workaround: don't abort when IPv6 is present but busted.
	File: util/inet_proto.c.

	Portability: the Dovecot 2.0 authentication server supports
	more socket types for its authentication server. File:
	xsasl/xsasl_dovecot_server.c.

	Documentation: the Dovecot 2.0 authentication server supports
	communication over TCP sockets. Patrick Ben Koetter.  File:
	proto/SASL_README.html.

20111118

	Cleanup: "postconf -M" now supports filtering. For example,
	"postconf -M inet" shows only services that listen on the
	network, and "postconf -M smtp.unix" shows the SMTP delivery
	agent. File: postconf.c.

20111119

	Cleanup: "postconf" commands in postfix-install needed to
	be updated before master.cf was installed.  Reported by
	Sahil Tandon. File: postfix-install.

20111120

	Cleanup: support for parameter name spaces for master.cf
	entries. With this, postconf should no longer log false
	warnings for "-o user-defined-name=value" in master.cf.  As
	a benefit, it will warn for user-defined parameters with
	"name=value" entries that are unused because they are hidden
	by master.cf "-o name=value" entries with the same parameter
	name.  File: postconf/postconf.c.

20111121

	Cleanup: documentation fixes. File: postconf/postconf.c.

	Cleanup: in postconf "main.cf management" mode, errors
	opening master.cf are non-fatal. File: postconf/postconf.c.

20111122

	Documentation: examples to request VERP-style delivery at
	SMTP time with the smtpd_command_filter feature.  Files:
	proto/VERP_README.html, proto/postconf.proto.

	Feature: TLS certificate public-key fingerprint matching
	(SMTP server and client), and TLS logging cleanup. Victor
	Duchovni. Files: proto/SMTPD_POLICY_README.html,
	proto/TLS_README.html, proto/postconf.proto, global/mail_proto.h,
	smtpd/smtpd_check.c, tls/tls.h, tls/tls_client.c, tls/tls_misc.c,
	tls/tls_proxy_print.c, tls/tls_proxy_scan.c, tls/tls_server.c,
	tls/tls_stream.c, tls/tls_verify.c.

	Documentation: complete list of "make makefiles" overrides.
	File: proto/INSTALL.html.

	Cleanup: postscreen now logs more than the first word of
	non-SMTP commands. File: postscreen/postscreen_smtpd.c.

20111124

	Cleanup: eliminated false postconf "unused parameter"
	warnings with legacy parameters such as $virtual_maps, and
	with non-default parameter values for smtpd_expansion_filter
	that can contain legitimate "$" without a macro name.

	Cleanup: split postconf source into separate modules.
	Files: postconf/postconf.c, postconf/postconf_builtin.c,
	postconf/postconf_edit.c, postconf/postconf_main.c,
	postconf/postconf_master.c, postconf/postconf_misc.c,
	postconf/postconf_node.c, postconf/postconf_other.c,
	postconf/postconf_service.c postconf/postconf_unused.c,
	postconf/postconf_user.c, postconf/postconf.h.

20111126

	Bitrot: changes in error reporting to the under-documented
	OpenLDAP API. Problem reported by Quanah Gibson-Mount. Fix
	by Viktor Dukhovni. File: global/dict_ldap.c.

	Cleanup: four-space indentation had become a tab character.
	Files: postconf/postconf.h, postconf/test20.ref,
	postconf/test21.ref.

20111127

	Cleanup: documented <transport>_suffix parameters that don't
	show in postconf command output of earlier Postfix versions.
	Files: proto/SMTPD_POLICY_README.html, proto/postconf.proto,
	proto/SCHEDULER_README.html.

	Cleanup: added the pipe(8) delivery agent to the list of
	programs that implement transport_time_limit parameters.
	File: postconf/postconf_service.c, postconf/test6.ref,
	postconf/test22.ref.

20111128

	Feature: "postconf -C class,..." support to print parameters
	in one or more classes (builtin= built-in parameter names,
	service=service-defined parameter names, user=user-defined
	parameter names). Files: postconf/postconf.c, postconf/postconf.h,
	postconf_service.c, postconf/postconf_user.c.

20111129

	Cleanup: TLS logging level configuration. Files:
	global/mail_params.h, smtp/lmtp_params.c, smtp/smtp.c,
	smtp/smtp_params.c, smtp/smtp_proto.c, smtpd/smtpd.c,
	tls/tls.h, tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c,
	tlsmgr/tlsmgr.c, tlsproxy/tlsproxy.c.
20111203

	Cleanup: time-dependent sender addresses of address
	verification probes.  Specify an address_verify_sender_ttl
	value of several hours or more to frustrate address harvesting.
	Files: global/verify_sender_addr.[hc], smtpd/smtpd.c,
	smtpd/smtpd_check.c, verify/verify.c, proto/postconf.proto,
	proto/ADDRESS_VERIFICATION_README.html.

20111204

	Cleanup: removed the log_level arguments from tls_client_start()
	and tls_server_start() calls. This information is already
	given to tls_client_init() and tls_server_init(). Files:
	smtpd/smtpd.c, tlsproxy/tlsproxy.c, smtp/smtp_proto.c,
	tls/tls.h, tls/tls_client.c, tls/tls_server.c, tls/tls_misc.c.

20111205

	Documentation: made the postconf(5) manpage more precise
	in its use of "client" and "server"; reorganized the
	TLS_README presentation of client configuration so that
	most relevant information is presented earlier. Files:
	proto/postconf.proto, proto/TLS_README.html.

	Bugfix: tlsproxy(8) stored TLS sessions with a serverID of
	"tlsproxy" instead of "smtpd", wasting an opportunity for
	session reuse.  File: tlsproxy/tlsproxy.c.

20111206

	Documentation: removed descriptions of Postfix < 2.3 user
	interface from TLS_README. Users of earlier releases are
	referred to TLS_LEGACY_README. File: proto/TLS_README.html.

20111207

	Cleanup: tlsproxy(8) now receives the session cache serverID
	from its client (postscreen(8)). Files: global/mail_proto.h,
	postscreen/postscreen_starttls.c, tlsproxy/tlsproxy.[hc],
	tlsproxy_state.c.

	Cleanup: the postscreen(8) daemon did not support a zero
	cache cleanup interval. This is needed for memcache support.
	File: postscreen/postscreen.c.

	Bugfix (introduced: 20110227): null pointer bug while
	updating dictionary owner attributes, after reading an empty
	(database) configuration file. File: util/dict.c.

20111208

	Cleanup: db_common_parse_domain() could not be called without
	preceding db_common_parse() call. Files: global/db_common.[hc].

20111209

	Feature: memcache client support. This implementation is
	based on the under-documented libmemcache library, and
	therefore supports only libmemcache version 1.4.0.  Files:
	conf/postfix-files, global/dict_memcache.[hc], global/mail_dict.c,
	html/index.html, mantools/postlink, postconf/postconf.c,
	postfix/postfix.c, proto/DATABASE_README.html,
	proto/MEMCACHE_README.html, proto/memcache_table.

20111209

	Cleanup: support for scripted and manual database tests with
	LDAP, *SQL, and memcache. Files: util/dict_test.c, util/dict.c,
	global/mail_dict.c.

	Workaround: apparently, some distributions use Postfix
	shared libraries without proper so-number versioning. This
	causes programs to fail mysteriously, after an update
	replaces the Postfix library but not the program (someone
	experienced this with an extra copy of the Postfix SMTP
	server).  Files: global/mail_version.[hc], master/*server.c,
	master/master.c, src/postalias/postalias.c,
	src/postdrop/postdrop.c, src/postfix/postfix.c,
	src/postlog/postlog.c, src/postmap/postmap.c,
	src/postmulti/postmulti.c, src/postqueue/postqueue.c,
	src/postsuper/postsuper.c, src/sendmail/sendmail.c.

20111211

	Feature: first/next (sequence) support in the proxymap
	protocol. This is needed for cache cleanup of a proxied
	postscreen or verify persistent cache. Files:
	global/dict_proxy.[hc], proxymap/proxymap.c.

	Feature: memcache client support without libmemcache
	dependencies. Files: global/memcache_proto.[hc],
	global/dict_memcache.c.

	Bugfix: missing lookup table entry and terminator, causing
	proxymap(8) server segfault when postscreen(8) or verify(8)
	attempted to access their cache via the proxymap(8) server.
	This could never have worked anyway, because the Postfix
	proxymap protocol did not support cache cleanup.  File
	util/dict.c.

	Feature: support for persistent backup database in the
	memcache client. The database can be shared with the proxymap
	service, but it needs to be listed as "proxy:maptype:mapname"
	in the proxy_read_maps or proxy_write_maps parameter value
	(depending on whether the access is read-only or read-write).
	Support for proxymap-over-tcp (proxy:maptype:mapname@host:port)
	is under development.  File: global/dict_memcache.c.

20111214

	Documentation: updated the submission and smtps examples
	in the sample master.cf file, so that their logging is
	easier to recognize.  File: conf/master.cf.

20111215

	Documentation: use different hosts to separate MUA "port
	25" traffic from the "port 25" MX service. Files:
	postscreen/postscreen.c, proto/POSTSCREEN_README.html.

20111216

	Cleanup: the proxymap client did not correctly propagate
	the "open_lock" flag, causing the proxymap service to open
	postscreen(8) and verify(8) caches twice, instead of once.
	File: global/dict_proxy.c.

	Cleanup: the verify and postscreen caches were not listed
	as "authorized" for access via the proxywrite service. File:
	global/mail_params.h.

	Refactoring: the postscreen permanent access list code is
	now a library module, so that it can be also used for remote
	access to the proxymap server.  Files: global/server_acl.[hc].

	Hardening: read/write deadlines, to make the proxymap server
	suitable for remote access. File: proxymap/proxymap.c.

20111217

	Cleanup: more orthogonal definition of when the proxymap
	server can/cannot share a single map instance among multiple
	requestors, and corresponding code cleanup in the proxymap
	client and server. Files: util/dict.h, util/dict_test.c,
	global/dict_proxy.c, proxymap/proxymap.c.

	Human factors: the postscreen/verify cache manager now logs
	the full database name including the proxy: prefix, to avoid
	WTF surprises. File: util/dict_cache.c.

20111218

	Cleanup: more configurable memcache client error handling.
	Files: global/dict_memcache.c, proto/memcache_table.

	Feature: the Postfix SMTP server XCLIENT command now supports
	the LOGIN attribute (e.g., login information from nginx).
	Based on the nginx:xclient-login-patch from citrin.ru (Anton
	Yuzhis). The patch was further enhanced to support SASL
	login information everywhere in the Postfix SMTP server
	without having to specify "smtpd_sasl_auth_enable = yes"
	in main.cf.  Files: smtpd.[hc], smtpd_sasl_glue.[hc],
	smtpd_check.c, smtpd_sasl_proto.[hc], smtpd_state.c,
	proto/XCLIENT_README.html.

	Incompatibility: the Postfix SMTP server now always checks
	the smtpd_sender_login_maps table, even without having
	"smtpd_sasl_auth_enable = yes" in main.cf.

20111219

	Cleanup: the match_list-based primitives now provide an
	option to return an error result instead of terminating the
	process with a fatal error.  Files: util/match_ops.[hc],
	util/match_list.c, global/addr_list_match.c, domain_list.c,
	string_list.c, namadr_list.c.

	Cleanup: a "fail:" database type that reliably fails all
	requests. The lookup table name specifies the internal error
	result code. having this table facilitates a systematic
	review of all Postfix table lookup error handling.

	Cleanup: trivial-rewrite now "catches" errors with implicit
	database lookups in virtual_alias_domains, relay_domains,
	virtual_mailbox_domains, just like it already caught explicit
	database lookup errors. This means there are fewer occasions
	where trivial-rewrite clients will appear to hang. File:
	trivial-rewrite/resolve.c.

	Cleanup: a broken relay_domains table would cause many
	Postfix processes to terminate with fatal error as they
	initialized the flush() client (used by defer_append()
	etc.). Postfix now logs a warning instead.  File:
	global/flush_clnt.c.

	Cleanup: the Postfix SMTP server now "catches" errors with
	implicit database lookups in mynetworks, TLS client certificate
	tables, and local_header_rewrite_clients, and reports "server
	configuration error" or "table lookup error" instead of
	terminating with a fatal error. This is work in progress;
	errors with opening a database may be covered later. Files:
	smtpd/smtpd.c, smtpd/smtpd_check.c.

20111220

	Cleanup: the Postfix SMTP server now "catches" errors with
	implicit database lookups in mynetworks, debug_peer_list,
	smtpd_client_event_limit_exceptions, permit_mx_backup_networks.
	This continues work started 20111219, and does not cover
	errors with opening a database.  Files: smtpd/smtpd.c,
	smtpd/smtpd_checks.c, smtpd/smtpd_error.in, smtpd/smtpd_error.ref.

	Cleanup: memory leak testing of error handling. File:
	util/name_mask.c.

20111222

	Cleanup: memory leak testing of error handling. File:
        util/name_mask.c.

	Cleanup: simplified the match_list error reporting, thereby
	reducing the footprint of the changes to "catch" errors
	with implicit database lookups in mynetworks, and other
	lists.  Files: util/match_ops.[hc], util/match_list.c,
	global/addr_list_match.c, domain_list.c, string_list.c,
	namadr_list.c, trivial-rewrite/resolve.c, smtpd/smtpd.c,
	smtpd/smtpd_check.c, global/flush_clnt.c, flush/flush.c.

20111224

	Cleanup: eliminated the global dict_errno variable that
	made error reporting convenient but not necessarily precise.
	This was a straightforward change except in the few modules
	that propagate errors from one dictionary API to another:
	dict_cache.c, dict_debug.c, maps.c, dict_memcache.c.  Files:
	src/cleanup/cleanup_map11.c, src/cleanup/cleanup_map1n.c,
	src/global/addr_match_list.c, src/global/dict_ldap.c,
	src/global/dict_memcache.c, src/global/dict_mysql.c,
	src/global/dict_pgsql.c, src/global/dict_proxy.c,
	src/global/dict_sqlite.c, src/global/domain_list.c,
	src/global/flush_clnt.c, src/global/mail_addr_find.c,
	src/global/mail_addr_map.c, src/global/maps.c, src/global/maps.h,
	src/global/match_parent_style.h, src/global/namadr_list.c,
	src/global/resolve_local.c, src/global/resolve_local.h,
	src/global/server_acl.c, src/global/string_list.c,
	src/local/alias.c, src/local/bounce_workaround.c,
	src/local/mailbox.c, src/local/unknown.c, src/proxymap/proxymap.c,
	src/qmqpd/qmqpd.c, src/smtp/smtp_map11.c, src/smtpd/smtpd_check.c,
	src/trivial-rewrite/resolve.c, src/trivial-rewrite/transport.c,
	src/util/dict.h, src/util/dict_alloc.c, src/util/dict_cache.c,
	src/util/dict_cidr.c, src/util/dict_db.c, src/util/dict_debug.c,
	src/util/dict_env.c, src/util/dict_fail.c, src/util/dict_ht.c,
	src/util/dict_pcre.c, src/util/dict_regexp.c,
	src/util/dict_static.c, src/util/dict_tcp.c, src/util/dict_test.c,
	src/util/dict_thash.c, src/util/dict_unix.c, src/util/match_list.c,
	src/util/match_list.h, src/util/match_ops.c, src/virtual/mailbox.c.

20111226

	Bugfix (introduced 20110426): after lookup error with
	mailbox_transport_maps, mailbox_command_maps or
	fallback_transport_maps, the local delivery agent did not
	log the problem before deferring mail, and produced no defer
	logfile record. Files: local/mailbox.c, local/unknown.c.

20120102

	Workaround: degrade gracefully when the network protocols
	specified with inet_protocols are unavailable.  Files:
	global/mail_params.c, global/mynetworks.c, global/own_inet_addr.c
	master/master_ent.c, master/master_vars.c, postscreen/postscreen.c,
	qmqpd/qmqpd.c, smtp/smtp_connect.c, smtpd/smtpd.c,
	util/inet_proto.c.

20120107

	Workaround: degrade gracefully when the "domain" feature
	of LDAP, *SQL and memcache databases has a table lookup
	problem.  Files: global/db_common.c, global/dict_ldap.c,
	global/dict*sql*.c, global/dict_memcache.c.

	Cleanup: fixed memcache client error handling for things
	that never happen.  global/dict_memcache.c.

	Future proofing: prepare postmap/postalias error logging
	for future changes to database code. Files: postalias/postalias.c,
	postmap/postmap.c.

20120108

	Cleanup: the postscreen(8) and verify(8) cache managers log
	warnings at a reduced rate of one per second per cache
	operation, to avoid logging large numbers of warnings about
	a problem with low-value information. File: util/msg_rate_delay.c,
	util/dict_cache.c.

20120110

	Cleanup: added logging for failed table lookups, and replaced
	some "fatal" errors by warnings. Files: cleanup/cleanup_addr.c,
	cleanup/cleanup_message.c, cleanup/cleanup_milter.c,
	cleanup/cleanup_masquerade.c, global/header_body_checks.c,
	global/smtp_stream.c, postscreen/postscreen_dnsbl.c,
	postscreen/postscreen_smtpd.c, smtp/smtp_chat.c,
	smtp/smtp_proto.c, smtp/smtp_sasl_auth_cache.c,
	smtp/smtp_sasl_glue.c, smtp/smtp_session.c, smtp/smtp_trouble.c,
	smtpd/smtpd.c, smtpd/smtpd_check.c.

20120114

	Cleanup: gradual degradation after database file open errors.
	Instead of terminating immediately with a "fatal" error, a
	Postfix daemon logs an error and continues execution with
	reduced functionality. In other words, features that don't
	depend on the unavailable table will keep working.  However,
	for the sake of sanity, the number of such errors over the
	life of a process is limited to 13.  Files:
	src/global/cfg_parser.c, src/util/dict_thash.c,
	src/util/dict_cidr.c, src/util/dict_nis.c, src/util/dict_nisplus.c,
	src/global/dict_ldap.c, src/global/dict_mysql.c,
	src/global/dict_pgsql.c, src/global/dict_sqlite.c,
	src/postconf/postconf_main.c, src/global/mail_conf.c,
	src/util/dict.h, src/util/dict.c, src/global/dict_memcache.c,
	src/util/dict_tcp.c, src/util/dict_unix.c, src/util/dict_pcre.c,
	src/util/dict_regexp.c, src/master/trigger_server.c,
	src/master/single_server.c, src/master/multi_server.c,
	src/master/event_server.c, src/util/dict_test.c,
	src/util/dict_surrogate.c, src/util/dict_alloc.c, src/util/msg.c,
	src/util/dict_cdb.c, src/util/dict_dbm.c, src/util/msg.h,
	src/util/dict_db.c.

	Incompatibility: the Postfix SMTP server no longer reports
	transcripts of sessions where a client command is rejected
	because a table is unavailable.  To receive such reports,
	add the new "data" class to the notify_classes parameter
	value. The reports will be sent to the error_notice_recipient
	address as before. This class is also used by the Postfix
	SMTP client to report about sessions that fail because a
	table is unavailable. Files: global/mail_error.[hc],
	smtpd/smtpd_check.c, smtp/smtp_trouble.c.

20120115

	Fine tuning: SMTP server error messages. File: smtpd/smtpd.c.

	Fine tuning: documentation. Files: proto/MEMCACHE_README.html.
	proto/memcache_table.html.

	Apply "gradual degradation" also when an unsupported database
	*type* is specified. File: util/dict_open.c.

	Cleanup: tiny memory leaks after surrogate database opens.
	Files: util/dict_cidr.c, util/dict_db.c.

20120117

	Cleanup: support for legacy-style database configuration
	where parameter names are generated by appending suffixes
	to the database name. Files: postconf/postconf_dbms.c.

	Other: build without Berkeley DB support (make makefiles
	"CCARGS=$CCARGS -DNO_DB"). Files: makedefs, util/sys_defs.h,
	proto/DB_README.html, proto/INSTALL.html.

20120120

	Compatibility: added file pflogsumm_quickfix.txt with quick
	patches for pflogsumm that handle the new default master.cf
	entries for the submission and smtps services.

20120121

	Cleanup: getopt(3) compatibility in the postconf(1) master.cf
	parser. Process "--" as the end-of-options indicator, and
	process "-oname=value" as "-o name=value".  Files:
	util/argv.[hc], postconf/postconf_master.cf,
	postconf/postconf_user.c.

20120122

	Workaround: log a warning and suggested solution for common
	stat()/fstat()/lstat() problems caused by 32-bit overflow.
	This is a real stinker that causes Postfix to fail without
	any prior warning.  File: util/warn_stat.[hc], and everything
	that directly calls stat(), fstat() or lstat().

20120127

	Bugfix (introduced: Postfix 2.8): the Postfix client sqlite
	quoting routine returned the unquoted result instead of the
	quoted text.  The opportunities for misuse are limited,
	because Postfix sqlite files are usually owned by root, and
	Postfix daemons usually run with non-root privileges so
	they can't corrupt the database. Problem reported by Rob
	McGee (rob0).  File: global/dict_sqlite.c.

20120130

	Bugfix (introduced: Postfix 2.3): the trace service did not
	distinguish between notifications for a non-bounce or a
	bounce message. This code pre-dates DSN support and should
	have been updated when it was re-purposed to handle DSN
	SUCCESS notifications. Problem reported by Sabahattin
	Gucukoglu.  File: bounce/bounce_trace_service.c.

20120202

	Bugfix (introduced: Postfix 2.3): the "change header" milter
	request could replace the wrong header. A long header name
	could match a shorter one, because a length check was done
	on the wrong string.  Reported by Vladimir Vassiliev.  File:
	cleanup/cleanup_milter.c.

20120214

	Bugfix (introduced: Postfix 2.4): extraneous null assignment
	caused core dump when postlog emitted the "usage" message.
	Reported by Kant (fnord.hammer). File: postlog/postlog.c.

20120217

	Bugfix (introduced 20111219): sendmail -bs segfault, due
	to a missing guard statement after an smtpd_check_rewrite()
	call was moved closer to the command processor loop. Fix
	by Bartek Szady. File: smtpd/smtpd.c.

20120401

	Bitrot: shut up useless warnings about Cyrus SASL call-back
	function pointer type mis-matches. Files: xsasl/xsasl_cyrus.h,
	xsasl/xsasl_cyrus_server.c, xsasl/xsasl_client.c.

20120422

	Bit-rot: OpenSSL 1.0.1 introduces new protocols. Update the
	known TLS protocol list so that protocols can be turned off
	selectively to work around implementation bugs.  Based on
	a patch by Victor Duchovni.  Files: proto/TLS_README.html,
	proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c,
	tls/tls_server.c.

20120425

	Workaround: bugs in 10-year old gcc versions break compilation
	with #ifdef inside a macro invocation (NOT: definition).
	This synchronizes the Postfix 2.9 TLS implementation with
	Postfix 2.10 to simplify code maintenance.  Files: tls/tls.h,
	tls/tls_client.c, tls/tls_server.c.

20120426

	Bugfix (introduced Postfix 2.9): the postconf command flagged
	parameters defined in master.cf as "unused" when they were
	used only in main.cf. Problem reported by Michael Tokarev.
	Files: postconf/postconf_user.c.

20120516

	Workaround: apparently, FreeBSD 8.3 kqueue notifications
	sometimes break when a dnsblog(8) process loses an accept()
	race on a shared socket, resulting in repeated "connect to
	private/dnsblog service: Connection refused" warnings.  This
	condition is unique to dnsblog(8). The postscreen(8) daemon
	closes a postscreen-to-dnsblog connection as soon as it
	receives a dnsblog(8) reply, resulting in hundreds or
	thousands of connection requests per second.  All other
	multi-server daemons such as anvil(8) or proxymap(8) have
	connection lifetimes ranging from 5s to 1000s depending on
	server load.  The workaround is for dnsblog to use the
	single_server driver instead of the multi_server driver.
	This one-line code change eliminates the accept() race
	without any Postfix performance impact.  Problem reported
	by Sahil Tandon.  File: dnsblog/dnsblog.c.

20120517

	Workaround: to avoid crashes when the OpenSSL library is
	updated without "postfix reload", the Postfix TLS session
	cache ID now includes the OpenSSL library version number.
	Note: this problem cannot be fixed in tlsmgr(8). Code by
	Victor Duchovni. Files: tls/tls_server.c, tls_client.c.

20120520

	Bugfix (introduced Postfix 2.4): the event_drain() function
	was comparing bitmasks incorrectly causing the program to
	always wait for the full time limit. This error affected
	the unused postkick command, but only after s/fifo/unix/
	in master.cf.  File: util/events.c.

	Cleanup: laptop users have always been able to avoid
	unnecessary disk spin-up by doing s/fifo/unix/ in master.cf
	(this is currently not supported on Solaris systems).
	However, to make this work reliably, the "postqueue -f"
	command must wait until its requests have reached the pickup
	and qmgr servers before closing the UNIX-domain request
	sockets.  Files: postqueue/postqueue.c, postqueue/Makefile.in.

20120621

	Bugfix (introduced: Postfix 2.8): the unused "pass" trigger
	client could close the wrong file descriptors.  File:
	util/unix_pass_trigger.c.

20120702

	Bugfix (introduced: 19990127): the BIFF client leaked an
	unprivileged UDP socket. Fix by Jaroslav Skarvada.  File:
	local/biff_notify.c.

20120730

	Bugfix (introduced: 20000314): AUTH is not allowed after
	MAIL. Timo Sirainen.  File: smtpd/smtpd_sasl_proto.c.

20121003

	Bugfix: the postscreen_access_list feature was case-sensitive
	in the first character of permit, reject, etc. Reported by
	Francis Picabia. File: global/server_acl.c.

20121010

	Bugfix (introduced: Postfix 2.5): memory leak in program
	initialization. Reported by Coverity. File: tls/tls_misc.c.

	Bugfix (introduced: Postfix 2.3): memory leak in the unused
	oqmgr program. Reported by Coverity. File: oqmgr/qmgr_message.c.

20121013

	Cleanup: to compute the LDAP connection cache lookup key,
	join the numeric fields with null, just like string fields.
	Viktor Dukhovni. File: global/dict_ldap.c.

20121029

	Workaround: strip datalink suffix from IPv6 addresses
	returned by the system getaddrinfo() routine.  Such suffixes
	mess up the default mynetworks value, host name/address
	verification and possibly more. This change obsoletes the
	20101108 change that removes datalink suffixes in the SMTP
	and QMQP servers, but we leave that code alone.  File:
	util/myaddrinfo.c.

20121210

	Bugfix (introduced: Postfix 2.9) nesting count error while
	stripping the optional [] around a DNS[BW]L address pattern.
	This part of the code is not documented and had escaped
	testing.  Files: util/ip_match.c, util/ip_match.in,
	util/ip_match.ref.

20121230

	Bugfix (omission in feature 20111106): the postconf(1)
	master.cf options parser didn't support "clusters" of
	command-line option letters. File: postconf/postconf_master.c,
	postconf/test40.ref.

20130131

	Bugfix: the local(8) delivery agent dereferenced a null
	pointer while delivering to null command (for example, "|"
	in a .forward file).  Reported by Gilles Chehade.

20130203

	Bugfix: the undocumented OpenSSL X509_pubkey_digest()
	function is unsuitable for computing certificate PUBLIC KEY
	fingerprints.  Postfix now provides a correct procedure
	that accounts for the algorithm and parameters in addition
	to the key data.  Specify "tls_legacy_public_key_fingerprints
	= yes" if you need backwards compatibility. Fix by Victor
	Duchovni, BC added by Wietse.  Files: tls/tls_verify.c,
	tls/tls_misc.c, proto/TLS_README.html, global/mail_params.h.

	Bugfix: the 20121010 fix for tls_misc.c was documented but
	not included.

20130403

	Bugfix (introduced: Postfix 2.3): don't reuse TCP connections
	when smtp_tls_policy_maps is specified. Victor Duchovni.
	Found during Postfix 2.11 code maintenance.  File:
	smtp/smtp_reuse.c.

20130423

	Bugfix (introduced: Postfix 2.0): when myhostname is not
	listed in mydestination, the trivial-rewrite resolver may
	log "do not list <myhostname value> in both mydestination
	and <name of non-mydestination domain list>".  The fix is
	to re-resolve a domain-less address after adding $myhostname
	as the surrogate domain, so that it pops out with the right
	address-class label.  Problem reported by Quanah Gibson-Mount.
	File: trivial-rewrite/resolve.c.

20130425

	Bugfix (introduced: Postfix 2.2): don't reuse TCP connections
	when SASL authentication is enabled. SASL passwords may
	depend on the remote SMTP server hostname, but the Postfix
	<2.11 SMTP connection cache client does not distinguish
	between different hostnames that resolve to the same IP
	address.  Found during Postfix 2.11 code maintenance.  File:
	smtp/smtp_connect.c.

20130518

	Bugfix (introduced: 1997): memory leak after error while
	forwarding mail through the cleanup server. Viktor found
	one, Wietse eliminated the rest.  File: local/forward.c.

20130615

	TLS Interoperability: turn on SHA-2 digests by force.  This
	improves interoperability with clients and servers that
	deploy SHA-2 digests without the required support for
	TLSv1.2-style digest negotiation.  Based on patch by Viktor
	Dukhovni.  Files: tls/tls_client.c, tls/tls_server.c.

20130616

	Workaround: The Postfix SMTP server TLS session cache was
	broken because OpenSSL now enables session tickets by
	default, resulting in a different ticket encryption key for
	each smtpd(8) process.  The workaround turns off session
	tickets. In 2.11 we'll enable session tickets properly.
	Viktor Dukhovni. File: tls/tls_server.c.

20131026

	Future proofing: API changes in the PCRE library.  File:
	util/dict_pcre.c.

20131127

	Bugfix (introduced: 20090106): the postconf '-#' option
	erased prior options. File: postconf/postconf.c.

20131129

	Bugfix: Makefile example in MULTI_INSTANCE_README. Viktor
	Dukhovni. File: proto/MULTI_INSTANCE_README.html.

20131216

	OpenSSL future proofing: tolerate disappearance of named
	bug-workaround bits without invalidating tls_disable_workarounds
	configurations.  When support for a bug workaround is removed
	from OpenSSL, the corresponding bit is defined as zero (i.e.
	NOOP) instead of causing programs to break. Viktor Dukhovni.
	File: tls/tls_misc.c.

20131220

	Documentation: typo in SASL_README. Patrick Ben Koetter.
	File: proto/SASL_README.html.

20140104

	Bugfix: malformed error message. File: conf/post-install.

20140116

	Workaround: prepend "-I. -I../../include" to CCARGS, to
	avoid name clashes with non-Postfix header files. File:
	makedefs.

20140223

	Logging: the TLS client logged that an "Untrusted" TLS
	connection was established instead of "Anonymous".  Viktor
	Dukhovni. File: tls/tls_client.c.

20140619

	Bugfix (introduced: 2001): qmqpd null pointer bug when it
	logs a lost connection while not in a mail transaction.
	Reported by Michal Adamek. File: qmqpd/qmqpd.c.

20140920

	Bugfix (introduced: 20080212): incorrect client name in
	reject messages from check_reverse_client_hostname_access
	and check_reverse_client_hostname_{mx,ns}_access.  They
	replied with the verified client name, instead of the name
	that was rejected.  Problem reported by Reindl Harald. File:
	smtpd/smtpd_check.c.

20141012

	Bugfix (introduced: Postfix 2.3): the PREPEND access/policy
	action added headers ABOVE Postfix's own Received: header,
	exposing Postfix's own Received: header to Milters (protocol
	violation) and hiding the PREPENDed header from Milters.
	The latter caused problems for DMARC implementations with
	SPF policy plus DKIM Milter.  PREPENDed headers are now
	added BELOW Postfix's own Received: header and remain visible
	to Milters. File: smtpd/smtpd.c.

20141018

	Bugfix (introduced: Postfix 2.3): when a Milter inserted a
	header ABOVE Postfix's own Received: header, Postfix would
	expose its own Received: header to Milters (violating
	protocol) and hide the Milter-inserted header from Milters
	(wtf).  Files: cleanup/cleanup.h, cleanup/cleanup_message.c,
	cleanup/cleanup_state.c, milter/milter.[hc], milter/milter8.c.

	Cleanup: revert the workaround that places headers inserted
	with PREPEND actions or policy requests BELOW Postfix's own
	Received: message header. File: smtpd/smtpd.c.

20150106

	Robustness: don't segfault due to excessive recursion after
	a faulty configuration runs into the virtual_alias_recursion_limit.
	File: global/tok822_tree.c.

20150115

	Safety: stop aliasing loops that exponentially increase the
	address length with each iteration. Back-ported from Postfix
	3.0. File: cleanup/cleanup_map1n.c.

20150324

	Bugfix (introduced: Postfix 2.6): sender_dependent_relayhost_maps
	ignored the relayhost setting in the case of a DUNNO lookup
	result.  It would use the recipient domain instead.  Viktor
	Dukhovni. Wietse took the pieces of code that enforce the
	precedence of a sender-dependent relayhost, the global
	relayhost, and the recipient domain, and put that code
	together in once place so that it is easier to maintain.
	File: trivial-rewrite/resolve.c.

20150408

	Portability: FreeBSD10 support. Files: makedefs, util/sys_defs.h.

	Incompatibility: specifying "make makefiles" with "CC=command"
	will no longer override the default WARN setting.

20150501

	Support for Linux 4.*, and some simplification for future
	makedefs files. Files: makedefs, util/sys_defs.h.

20150718

	Security: opportunistic TLS by default uses "medium" or
	stronger ciphers instead of "export" or stronger. See the
	RELEASE_NOTES file for how to get the old settings back.
	Files: global/mail_params.h, proto/TLS_README.html,
	proto/postconf.proto, and files derived from those.

20150719

	Security: Postfix TLS support by default no longer uses
	SSLv2 or SSLv3.  See the RELEASE_NOTES file for how to get
	the old settings back. Files: global/mail_params.h,
	proto/postconf.proto, and files derived from those.

20150924

	Bugfix (introduced: 20090216-24): incorrect postmulti error
	message. Reported by Patrik Koetter. Fix by Viktor Dukhovni.
	File: postmulti/postmulti.c.

	Workaround: don't create a new instance when the template
	main.cf and master.cf files are missing, as happens on
	Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script.

20150925

	Bugfix (introduced: 19970309, fixed 20150421 in development
	release): reset errno before calling readdir(), in order
	to distinguish between an end-of-directory and an error
	condition. File: scandir.c.

20150930

	Bugfix (introduced: 20040124): Milter client panic while
	adding a header, because the PREPEND action used the same
	output function for header_checks and body_checks.  Viktor
	Dukhovni and Wietse. File: cleanup/cleanup_message.c.