Newer
Older
= strict" to restore historical Postfix behavior (i.e. convert
all input lines ending in <CR><LF> only if the first input
line ends in <CR><LF>). Files: sendmail/sendmail.c,
global/mail_params.h, proto/postconf.proto.
20111017
Cleanup: refined the heuristic that automagically transforms
legacy "sendmail -V" VERP requests into contemporary "sendmail
-XV" syntax. File: sendmail/sendmail.c.
Cleanup: when the cleanup daemon goes into discard mode,
don't get stuck when it runs onto milter file descriptor
information. File: cleanup/cleanup.c.
20111020
EAI Future-proofing: don't apply strict_mime_encoding_domain
checks to unknown message subtypes such as message/global*.
File: global/mime_state.c.
Bugfix (introduced: Postfix 2.8): postscreen sent non-compliant
SMTP responses (220- followed by 421) when it could not
hand off a connection to a real smtpd process, causing some
remote SMTP clients to bounce mail. The fix redirects the
client to the dummy SMTP engine which sends the 421 reply
at the first legitimate opportunity. Problem reported by
Ralf Hildebrandt. Files: postscreen/postscreen_send.c,
postscreen/postscreen_smtpd.c, postscreen/postscreen.h.
Workaround: to improve inter-operability with broken remote
SMTP servers, the Postfix SMTP client by default no longer
appends the "AUTH=<>" option to the MAIL FROM command.
Specify "smtp_send_dummy_mail_auth = yes" to restore the
old behavior.
Feature: "postconf -M" support to show Postfix's idea of
what is in the master.cf file. File: postconf/postconf.c.
Feature: postconf "-f" option to "nicely" format long lines
from main.cf or master.cf. File: postconf/postconf.c.
Cleanup: postconf finally supports dynamic configuration
parameter names: parameters whose name depend on a mail
delivery transport or spawn service in master.cf, and
parameters whose names are specified with smtpd_restriction_classes
in main.cf. This adds 70 parameters to the "postconf" output,
more if additional mail delivery transports are defined in
master.cf. File: postconf/postconf.c.
Cleanup: account for "," in smtpd_restriction_classes
value (Victor Duchovni). File: postconf/postconf.c.
Cleanup: postconf finally warns about possible mis-typed
main.cf and master.cf parameter names (i.e. parameters that
aren't used anywhere), and it finally displays user-defined
main.cf parameters that *are* used. File: postconf/postconf.c.
Portability: specify ``make makefiles "CCARGS=-DNO_NIS
..."'' to build on systems without NIS support. Files:
makedefs, util/sys_defs.h.
Cleanup: documented the postconf algorithms and their
limitations, and added regression tests to speed up future
development. File: postconf/postconf.c
Cleanup: postconf didn't "bless" type "inet" service names.
Cleanup: with pipelined sessions, smtp-sink flushed the
output too often. Reported by Mark Martinec. File:
smtpstone/smtp-sink.c.
Workaround: don't use IPv6 at build time. File: conf/main.cf.
Workaround: don't abort when IPv6 is present but busted.
File: util/inet_proto.c.
Portability: the Dovecot 2.0 authentication server supports
more socket types for its authentication server. File:
xsasl/xsasl_dovecot_server.c.
Documentation: the Dovecot 2.0 authentication server supports
communication over TCP sockets. Patrick Ben Koetter. File:
proto/SASL_README.html.
Cleanup: "postconf -M" now supports filtering. For example,
"postconf -M inet" shows only services that listen on the
network, and "postconf -M smtp.unix" shows the SMTP delivery
agent. File: postconf.c.
Cleanup: "postconf" commands in postfix-install needed to
be updated before master.cf was installed. Reported by
Sahil Tandon. File: postfix-install.
Cleanup: support for parameter name spaces for master.cf
entries. With this, postconf should no longer log false
warnings for "-o user-defined-name=value" in master.cf. As
a benefit, it will warn for user-defined parameters with
"name=value" entries that are unused because they are hidden
by master.cf "-o name=value" entries with the same parameter
name. File: postconf/postconf.c.
Cleanup: documentation fixes. File: postconf/postconf.c.
Cleanup: in postconf "main.cf management" mode, errors
opening master.cf are non-fatal. File: postconf/postconf.c.
Documentation: examples to request VERP-style delivery at
SMTP time with the smtpd_command_filter feature. Files:
proto/VERP_README.html, proto/postconf.proto.
Feature: TLS certificate public-key fingerprint matching
(SMTP server and client), and TLS logging cleanup. Victor
Duchovni. Files: proto/SMTPD_POLICY_README.html,
proto/TLS_README.html, proto/postconf.proto, global/mail_proto.h,
smtpd/smtpd_check.c, tls/tls.h, tls/tls_client.c, tls/tls_misc.c,
tls/tls_proxy_print.c, tls/tls_proxy_scan.c, tls/tls_server.c,
tls/tls_stream.c, tls/tls_verify.c.
Documentation: complete list of "make makefiles" overrides.
File: proto/INSTALL.html.
Cleanup: postscreen now logs more than the first word of
non-SMTP commands. File: postscreen/postscreen_smtpd.c.
Cleanup: eliminated false postconf "unused parameter"
warnings with legacy parameters such as $virtual_maps, and
with non-default parameter values for smtpd_expansion_filter
that can contain legitimate "$" without a macro name.
Cleanup: split postconf source into separate modules.
Files: postconf/postconf.c, postconf/postconf_builtin.c,
postconf/postconf_edit.c, postconf/postconf_main.c,
postconf/postconf_master.c, postconf/postconf_misc.c,
postconf/postconf_node.c, postconf/postconf_other.c,
postconf/postconf_service.c postconf/postconf_unused.c,
postconf/postconf_user.c, postconf/postconf.h.
Bitrot: changes in error reporting to the under-documented
OpenLDAP API. Problem reported by Quanah Gibson-Mount. Fix
by Viktor Dukhovni. File: global/dict_ldap.c.
Cleanup: four-space indentation had become a tab character.
Files: postconf/postconf.h, postconf/test20.ref,
postconf/test21.ref.
Cleanup: documented <transport>_suffix parameters that don't
show in postconf command output of earlier Postfix versions.
Files: proto/SMTPD_POLICY_README.html, proto/postconf.proto,
proto/SCHEDULER_README.html.
Cleanup: added the pipe(8) delivery agent to the list of
programs that implement transport_time_limit parameters.
File: postconf/postconf_service.c, postconf/test6.ref,
postconf/test22.ref.
Feature: "postconf -C class,..." support to print parameters
in one or more classes (builtin= built-in parameter names,
service=service-defined parameter names, user=user-defined
parameter names). Files: postconf/postconf.c, postconf/postconf.h,
postconf_service.c, postconf/postconf_user.c.
Cleanup: TLS logging level configuration. Files:
global/mail_params.h, smtp/lmtp_params.c, smtp/smtp.c,
smtp/smtp_params.c, smtp/smtp_proto.c, smtpd/smtpd.c,
tls/tls.h, tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c,
tlsmgr/tlsmgr.c, tlsproxy/tlsproxy.c.
Cleanup: time-dependent sender addresses of address
verification probes. Specify an address_verify_sender_ttl
value of several hours or more to frustrate address harvesting.
Files: global/verify_sender_addr.[hc], smtpd/smtpd.c,
smtpd/smtpd_check.c, verify/verify.c, proto/postconf.proto,
proto/ADDRESS_VERIFICATION_README.html.
Cleanup: removed the log_level arguments from tls_client_start()
and tls_server_start() calls. This information is already
given to tls_client_init() and tls_server_init(). Files:
smtpd/smtpd.c, tlsproxy/tlsproxy.c, smtp/smtp_proto.c,
tls/tls.h, tls/tls_client.c, tls/tls_server.c, tls/tls_misc.c.
Documentation: made the postconf(5) manpage more precise
in its use of "client" and "server"; reorganized the
TLS_README presentation of client configuration so that
most relevant information is presented earlier. Files:
proto/postconf.proto, proto/TLS_README.html.
Bugfix: tlsproxy(8) stored TLS sessions with a serverID of
"tlsproxy" instead of "smtpd", wasting an opportunity for
session reuse. File: tlsproxy/tlsproxy.c.
Documentation: removed descriptions of Postfix < 2.3 user
interface from TLS_README. Users of earlier releases are
referred to TLS_LEGACY_README. File: proto/TLS_README.html.
Cleanup: tlsproxy(8) now receives the session cache serverID
from its client (postscreen(8)). Files: global/mail_proto.h,
postscreen/postscreen_starttls.c, tlsproxy/tlsproxy.[hc],
tlsproxy_state.c.
Cleanup: the postscreen(8) daemon did not support a zero
cache cleanup interval. This is needed for memcache support.
File: postscreen/postscreen.c.
Bugfix (introduced: 20110227): null pointer bug while
updating dictionary owner attributes, after reading an empty
(database) configuration file. File: util/dict.c.
Cleanup: db_common_parse_domain() could not be called without
preceding db_common_parse() call. Files: global/db_common.[hc].
Feature: memcache client support. This implementation is
based on the under-documented libmemcache library, and
therefore supports only libmemcache version 1.4.0. Files:
conf/postfix-files, global/dict_memcache.[hc], global/mail_dict.c,
html/index.html, mantools/postlink, postconf/postconf.c,
postfix/postfix.c, proto/DATABASE_README.html,
proto/MEMCACHE_README.html, proto/memcache_table.
Cleanup: support for scripted and manual database tests with
LDAP, *SQL, and memcache. Files: util/dict_test.c, util/dict.c,
global/mail_dict.c.
Workaround: apparently, some distributions use Postfix
shared libraries without proper so-number versioning. This
causes programs to fail mysteriously, after an update
replaces the Postfix library but not the program (someone
experienced this with an extra copy of the Postfix SMTP
server). Files: global/mail_version.[hc], master/*server.c,
master/master.c, src/postalias/postalias.c,
src/postdrop/postdrop.c, src/postfix/postfix.c,
src/postlog/postlog.c, src/postmap/postmap.c,
src/postmulti/postmulti.c, src/postqueue/postqueue.c,
src/postsuper/postsuper.c, src/sendmail/sendmail.c.
Feature: first/next (sequence) support in the proxymap
protocol. This is needed for cache cleanup of a proxied
postscreen or verify persistent cache. Files:
global/dict_proxy.[hc], proxymap/proxymap.c.
Feature: memcache client support without libmemcache
dependencies. Files: global/memcache_proto.[hc],
global/dict_memcache.c.
Bugfix: missing lookup table entry and terminator, causing
proxymap(8) server segfault when postscreen(8) or verify(8)
attempted to access their cache via the proxymap(8) server.
This could never have worked anyway, because the Postfix
proxymap protocol did not support cache cleanup. File
util/dict.c.
Feature: support for persistent backup database in the
memcache client. The database can be shared with the proxymap
service, but it needs to be listed as "proxy:maptype:mapname"
in the proxy_read_maps or proxy_write_maps parameter value
(depending on whether the access is read-only or read-write).
Support for proxymap-over-tcp (proxy:maptype:mapname@host:port)
is under development. File: global/dict_memcache.c.
Documentation: updated the submission and smtps examples
in the sample master.cf file, so that their logging is
easier to recognize. File: conf/master.cf.
Documentation: use different hosts to separate MUA "port
25" traffic from the "port 25" MX service. Files:
postscreen/postscreen.c, proto/POSTSCREEN_README.html.
Cleanup: the proxymap client did not correctly propagate
the "open_lock" flag, causing the proxymap service to open
postscreen(8) and verify(8) caches twice, instead of once.
File: global/dict_proxy.c.
Cleanup: the verify and postscreen caches were not listed
as "authorized" for access via the proxywrite service. File:
global/mail_params.h.
Refactoring: the postscreen permanent access list code is
now a library module, so that it can be also used for remote
access to the proxymap server. Files: global/server_acl.[hc].
Hardening: read/write deadlines, to make the proxymap server
suitable for remote access. File: proxymap/proxymap.c.
Cleanup: more orthogonal definition of when the proxymap
server can/cannot share a single map instance among multiple
requestors, and corresponding code cleanup in the proxymap
client and server. Files: util/dict.h, util/dict_test.c,
global/dict_proxy.c, proxymap/proxymap.c.
17352
17353
17354
17355
17356
17357
17358
17359
17360
17361
17362
17363
17364
17365
17366
17367
17368
17369
17370
17371
17372
17373
17374
17375
17376
17377
17378
17379
17380
17381
17382
17383
17384
17385
17386
17387
17388
17389
17390
17391
17392
17393
Human factors: the postscreen/verify cache manager now logs
the full database name including the proxy: prefix, to avoid
WTF surprises. File: util/dict_cache.c.
20111218
Cleanup: more configurable memcache client error handling.
Files: global/dict_memcache.c, proto/memcache_table.
Feature: the Postfix SMTP server XCLIENT command now supports
the LOGIN attribute (e.g., login information from nginx).
Based on the nginx:xclient-login-patch from citrin.ru (Anton
Yuzhis). The patch was further enhanced to support SASL
login information everywhere in the Postfix SMTP server
without having to specify "smtpd_sasl_auth_enable = yes"
in main.cf. Files: smtpd.[hc], smtpd_sasl_glue.[hc],
smtpd_check.c, smtpd_sasl_proto.[hc], smtpd_state.c,
proto/XCLIENT_README.html.
Incompatibility: the Postfix SMTP server now always checks
the smtpd_sender_login_maps table, even without having
"smtpd_sasl_auth_enable = yes" in main.cf.
20111219
Cleanup: the match_list-based primitives now provide an
option to return an error result instead of terminating the
process with a fatal error. Files: util/match_ops.[hc],
util/match_list.c, global/addr_list_match.c, domain_list.c,
string_list.c, namadr_list.c.
Cleanup: a "fail:" database type that reliably fails all
requests. The lookup table name specifies the internal error
result code. having this table facilitates a systematic
review of all Postfix table lookup error handling.
Cleanup: trivial-rewrite now "catches" errors with implicit
database lookups in virtual_alias_domains, relay_domains,
virtual_mailbox_domains, just like it already caught explicit
database lookup errors. This means there are fewer occasions
where trivial-rewrite clients will appear to hang. File:
trivial-rewrite/resolve.c.
Cleanup: a broken relay_domains table would cause many
Postfix processes to terminate with fatal error as they
initialized the flush() client (used by defer_append()
etc.). Postfix now logs a warning instead. File:
global/flush_clnt.c.
Cleanup: the Postfix SMTP server now "catches" errors with
implicit database lookups in mynetworks, TLS client certificate
tables, and local_header_rewrite_clients, and reports "server
configuration error" or "table lookup error" instead of
terminating with a fatal error. This is work in progress;
errors with opening a database may be covered later. Files:
smtpd/smtpd.c, smtpd/smtpd_check.c.
20111220
Cleanup: the Postfix SMTP server now "catches" errors with
implicit database lookups in mynetworks, debug_peer_list,
smtpd_client_event_limit_exceptions, permit_mx_backup_networks.
This continues work started 20111219, and does not cover
errors with opening a database. Files: smtpd/smtpd.c,
smtpd/smtpd_checks.c, smtpd/smtpd_error.in, smtpd/smtpd_error.ref.
Cleanup: memory leak testing of error handling. File:
util/name_mask.c.
20111222
Cleanup: memory leak testing of error handling. File:
17425
17426
17427
17428
17429
17430
17431
17432
17433
17434
17435
17436
17437
17438
17439
17440
17441
17442
17443
17444
17445
17446
17447
17448
17449
17450
17451
17452
17453
17454
17455
17456
17457
17458
17459
17460
17461
Cleanup: simplified the match_list error reporting, thereby
reducing the footprint of the changes to "catch" errors
with implicit database lookups in mynetworks, and other
lists. Files: util/match_ops.[hc], util/match_list.c,
global/addr_list_match.c, domain_list.c, string_list.c,
namadr_list.c, trivial-rewrite/resolve.c, smtpd/smtpd.c,
smtpd/smtpd_check.c, global/flush_clnt.c, flush/flush.c.
20111224
Cleanup: eliminated the global dict_errno variable that
made error reporting convenient but not necessarily precise.
This was a straightforward change except in the few modules
that propagate errors from one dictionary API to another:
dict_cache.c, dict_debug.c, maps.c, dict_memcache.c. Files:
src/cleanup/cleanup_map11.c, src/cleanup/cleanup_map1n.c,
src/global/addr_match_list.c, src/global/dict_ldap.c,
src/global/dict_memcache.c, src/global/dict_mysql.c,
src/global/dict_pgsql.c, src/global/dict_proxy.c,
src/global/dict_sqlite.c, src/global/domain_list.c,
src/global/flush_clnt.c, src/global/mail_addr_find.c,
src/global/mail_addr_map.c, src/global/maps.c, src/global/maps.h,
src/global/match_parent_style.h, src/global/namadr_list.c,
src/global/resolve_local.c, src/global/resolve_local.h,
src/global/server_acl.c, src/global/string_list.c,
src/local/alias.c, src/local/bounce_workaround.c,
src/local/mailbox.c, src/local/unknown.c, src/proxymap/proxymap.c,
src/qmqpd/qmqpd.c, src/smtp/smtp_map11.c, src/smtpd/smtpd_check.c,
src/trivial-rewrite/resolve.c, src/trivial-rewrite/transport.c,
src/util/dict.h, src/util/dict_alloc.c, src/util/dict_cache.c,
src/util/dict_cidr.c, src/util/dict_db.c, src/util/dict_debug.c,
src/util/dict_env.c, src/util/dict_fail.c, src/util/dict_ht.c,
src/util/dict_pcre.c, src/util/dict_regexp.c,
src/util/dict_static.c, src/util/dict_tcp.c, src/util/dict_test.c,
src/util/dict_thash.c, src/util/dict_unix.c, src/util/match_list.c,
src/util/match_list.h, src/util/match_ops.c, src/virtual/mailbox.c.
Bugfix (introduced 20110426): after lookup error with
mailbox_transport_maps, mailbox_command_maps or
fallback_transport_maps, the local delivery agent did not
log the problem before deferring mail, and produced no defer
logfile record. Files: local/mailbox.c, local/unknown.c.
17473
17474
17475
17476
17477
17478
17479
17480
17481
17482
17483
17484
17485
17486
17487
17488
17489
17490
17491
17492
Workaround: degrade gracefully when the network protocols
specified with inet_protocols are unavailable. Files:
global/mail_params.c, global/mynetworks.c, global/own_inet_addr.c
master/master_ent.c, master/master_vars.c, postscreen/postscreen.c,
qmqpd/qmqpd.c, smtp/smtp_connect.c, smtpd/smtpd.c,
util/inet_proto.c.
20120107
Workaround: degrade gracefully when the "domain" feature
of LDAP, *SQL and memcache databases has a table lookup
problem. Files: global/db_common.c, global/dict_ldap.c,
global/dict*sql*.c, global/dict_memcache.c.
Cleanup: fixed memcache client error handling for things
that never happen. global/dict_memcache.c.
Future proofing: prepare postmap/postalias error logging
for future changes to database code. Files: postalias/postalias.c,
postmap/postmap.c.
Cleanup: the postscreen(8) and verify(8) cache managers log
warnings at a reduced rate of one per second per cache
operation, to avoid logging large numbers of warnings about
a problem with low-value information. File: util/msg_rate_delay.c,
util/dict_cache.c.
17502
17503
17504
17505
17506
17507
17508
17509
17510
17511
17512
17513
17514
17515
17516
17517
17518
17519
17520
17521
17522
17523
17524
17525
17526
17527
17528
17529
17530
17531
17532
17533
17534
17535
17536
17537
17538
17539
17540
17541
17542
17543
17544
17545
17546
17547
17548
17549
17550
17551
17552
17553
17554
17555
17556
17557
17558
17559
17560
17561
17562
17563
17564
17565
17566
17567
17568
17569
17570
17571
17572
17573
17574
17575
17576
17577
17578
17579
17580
17581
17582
17583
17584
17585
17586
17587
17588
17589
17590
17591
17592
17593
17594
17595
17596
17597
17598
17599
17600
17601
17602
17603
17604
20120110
Cleanup: added logging for failed table lookups, and replaced
some "fatal" errors by warnings. Files: cleanup/cleanup_addr.c,
cleanup/cleanup_message.c, cleanup/cleanup_milter.c,
cleanup/cleanup_masquerade.c, global/header_body_checks.c,
global/smtp_stream.c, postscreen/postscreen_dnsbl.c,
postscreen/postscreen_smtpd.c, smtp/smtp_chat.c,
smtp/smtp_proto.c, smtp/smtp_sasl_auth_cache.c,
smtp/smtp_sasl_glue.c, smtp/smtp_session.c, smtp/smtp_trouble.c,
smtpd/smtpd.c, smtpd/smtpd_check.c.
20120114
Cleanup: gradual degradation after database file open errors.
Instead of terminating immediately with a "fatal" error, a
Postfix daemon logs an error and continues execution with
reduced functionality. In other words, features that don't
depend on the unavailable table will keep working. However,
for the sake of sanity, the number of such errors over the
life of a process is limited to 13. Files:
src/global/cfg_parser.c, src/util/dict_thash.c,
src/util/dict_cidr.c, src/util/dict_nis.c, src/util/dict_nisplus.c,
src/global/dict_ldap.c, src/global/dict_mysql.c,
src/global/dict_pgsql.c, src/global/dict_sqlite.c,
src/postconf/postconf_main.c, src/global/mail_conf.c,
src/util/dict.h, src/util/dict.c, src/global/dict_memcache.c,
src/util/dict_tcp.c, src/util/dict_unix.c, src/util/dict_pcre.c,
src/util/dict_regexp.c, src/master/trigger_server.c,
src/master/single_server.c, src/master/multi_server.c,
src/master/event_server.c, src/util/dict_test.c,
src/util/dict_surrogate.c, src/util/dict_alloc.c, src/util/msg.c,
src/util/dict_cdb.c, src/util/dict_dbm.c, src/util/msg.h,
src/util/dict_db.c.
Incompatibility: the Postfix SMTP server no longer reports
transcripts of sessions where a client command is rejected
because a table is unavailable. To receive such reports,
add the new "data" class to the notify_classes parameter
value. The reports will be sent to the error_notice_recipient
address as before. This class is also used by the Postfix
SMTP client to report about sessions that fail because a
table is unavailable. Files: global/mail_error.[hc],
smtpd/smtpd_check.c, smtp/smtp_trouble.c.
20120115
Fine tuning: SMTP server error messages. File: smtpd/smtpd.c.
Fine tuning: documentation. Files: proto/MEMCACHE_README.html.
proto/memcache_table.html.
Apply "gradual degradation" also when an unsupported database
*type* is specified. File: util/dict_open.c.
Cleanup: tiny memory leaks after surrogate database opens.
Files: util/dict_cidr.c, util/dict_db.c.
20120117
Cleanup: support for legacy-style database configuration
where parameter names are generated by appending suffixes
to the database name. Files: postconf/postconf_dbms.c.
Other: build without Berkeley DB support (make makefiles
"CCARGS=$CCARGS -DNO_DB"). Files: makedefs, util/sys_defs.h,
proto/DB_README.html, proto/INSTALL.html.
20120120
Compatibility: added file pflogsumm_quickfix.txt with quick
patches for pflogsumm that handle the new default master.cf
entries for the submission and smtps services.
20120121
Cleanup: getopt(3) compatibility in the postconf(1) master.cf
parser. Process "--" as the end-of-options indicator, and
process "-oname=value" as "-o name=value". Files:
util/argv.[hc], postconf/postconf_master.cf,
postconf/postconf_user.c.
20120122
Workaround: log a warning and suggested solution for common
stat()/fstat()/lstat() problems caused by 32-bit overflow.
This is a real stinker that causes Postfix to fail without
any prior warning. File: util/warn_stat.[hc], and everything
that directly calls stat(), fstat() or lstat().
20120127
Bugfix (introduced: Postfix 2.8): the Postfix client sqlite
quoting routine returned the unquoted result instead of the
quoted text. The opportunities for misuse are limited,
because Postfix sqlite files are usually owned by root, and
Postfix daemons usually run with non-root privileges so
they can't corrupt the database. Problem reported by Rob
McGee (rob0). File: global/dict_sqlite.c.
20120130
Bugfix (introduced: Postfix 2.3): the trace service did not
distinguish between DSN SUCCESS notifications for a non-bounce
or a bounce message. This code pre-dates DSN support and
should have been updated when it was re-purposed to handle
DSN SUCCESS notifications. Problem reported by Sabahattin
20120202
Bugfix (introduced: Postfix 2.3): the "change header" milter
request could replace the wrong header. A long header name
could match a shorter one, because a length check was done
on the wrong string. Reported by Vladimir Vassiliev. File:
cleanup/cleanup_milter.c.
20120214
Bugfix (introduced: Postfix 2.4): extraneous null assignment
caused core dump when postlog emitted the "usage" message.
Reported by Kant (fnord.hammer). File: postlog/postlog.c.
20120217
Bugfix (introduced 20111219): sendmail -bs segfault, due
to a missing guard statement after an smtpd_check_rewrite()
call was moved closer to the command processor loop. Fix
by Bartek Szady. File: smtpd/smtpd.c.
17632
17633
17634
17635
17636
17637
17638
17639
17640
17641
17642
17643
17644
17645
17646
17647
17648
17649
17650
17651
17652
17653
17654
17655
17656
17657
17658
17659
17660
17661
17662
17663
17664
17665
17666
17667
17668
17669
17670
17671
17672
17673
17674
17675
17676
17677
17678
17679
17680
17681
17682
17683
17684
17685
17686
17687
17688
17689
17690
17691
17692
17693
17694
17695
17696
17697
17698
17699
20120220
Cleanup: documentation of how to use only system-supplied
certificates with *CAfile and *CApath. File: proto/postconf.proto.
Cleanup: documentation of smtp_sasl_mechanism_filter. File:
proto/postconf.proto.
20120222
Cleanup: when multiple DNSBLs block an SMTP client, the
postscreen "reject" message now gives credit to the DNSBL
with the largest weight, instead of the DNSBL that replies
first. File: postscreen/postscreeb_dnsbl.c.
Cleanup: memcache_table(5) manpage. File proto/memcache_table.
20120225
Cleanup: eliminated the build-time Perl dependency. File:
bounce/annotate.sh.
Cleanup: when -DNO_DB support was added, the makedefs script
was not updated to skip the Linux Berkeley DB tests.
FreeBSD9 is now a supported platform. Files: makedefs,
util/sys_defs.h.
20120226
Cleanup: documentation in postfix-install.
20120229
Feature: smtpd_log_access_permit_actions to enable logging
of specific permit-like actions in Postfix SMTP server
access lists. Files: mantools/postlink, proto/postconf.proto,
global/mail_params.h, smtpd/smtpd.c, smtpd/smtpd_check.c.
20120306
To improve the interaction with start-up scripts, "postfix
start" now waits for master daemon process initialization
to complete, and returns a non-zero exit status if daemon
initialization failed or if it did not complete in a
reasonable amount of time. This involves a new "-w" master
option. Files: conf/postfix-script, master/master.c,
master/master.h. master/master_monitor.c.
20120307
postconf -X option to exclude parameters from main.cf
(require two-finger action, because this is irreversible).
Files: postconf/postconf.[hc], postconf/postconf_edit.c.
20120317
Feature: Sendmail-style socketmap. Files: util/dict_sockmap.[hc],
util/netstring.[hc], proto/DATABASE_README.html,
postconf/postconf.c.
20120330
Workaround: specify "\c" at the start of an smtp_reject_footer
template to suppress the line break between the reply text
and the footer text. Files: global/smtp_reply_footer.c,
proto/postconf.proto.
Bugfix (introduced Postfix 2.6): irrelevant memory leak
that was introduced with postconf -#. File:
postconf/postconf_edit.c.
Bitrot: shut up useless warnings about Cyrus SASL call-back
function pointer type mis-matches. Files: xsasl/xsasl_cyrus.h,
xsasl/xsasl_cyrus_server.c, xsasl/xsasl_client.c.
20120404
Cleanup: added smtpd_sender_login_maps to the default
proxy_read_maps value. Files: global/mail_params.h,
proxymap/proxymap.c.
Cleanup: weed out stale TODO's from the WISHLIST, and moved
some CYA text from WISHLIST into the code. Files: WISHLIST,
smtpd/smtpd_proxy.c.
20120407
Bugfix (introduced: 20120330): don't replace <reply-code>
<space> by <reply-code> <hyphen> when a reply footer starts
with \c and contains no \n. File: global/smtp_reply_footer.c.
20120422
Bit-rot: OpenSSL 1.0.1 introduces new protocols. Update the
known TLS protocol list so that protocols can be turned off
selectively to work around implementation bugs. Based on
a patch by Victor Duchovni. Files: proto/TLS_README.html,
proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c,
tls/tls_server.c.
20120425
Workaround: bugs in 10-year old gcc versions break compilation
with #ifdef inside a macro invocation (NOT: definition).
Files: tls/tls.h, tls/tls_client.c, tls/tls_server.c.
20120426
Bugfix (introduced Postfix 2.9): the postconf command flagged
parameters defined in master.cf as "unused" when they were
used only in main.cf. Problem reported by Michael Tokarev.
Files: postconf/postconf_user.c, postconf/test4b.ref,
postconf Makefile.in.
20120513
Cleanup: report both the first and last line number when a
malformed main.cf entry spans multiple lines, instead of
reporting the last line number only. File: util/dict.c,
util/line_number.[hc].
17755
17756
17757
17758
17759
17760
17761
17762
17763
17764
17765
17766
17767
17768
17769
17770
17771
17772
17773
20120516
Workaround: apparently, FreeBSD 8.3 kqueue notifications
sometimes break when a dnsblog(8) process loses an accept()
race on a shared socket, resulting in repeated "connect to
private/dnsblog service: Connection refused" warnings. This
condition is unique to dnsblog(8). The postscreen(8) daemon
closes a postscreen-to-dnsblog connection as soon as it
receives a dnsblog(8) reply, resulting in hundreds or
thousands of connection requests per second. All other
multi-server daemons such as anvil(8) or proxymap(8) have
connection lifetimes ranging from 5s to 1000s depending on
server load. The workaround is for dnsblog to use the
single_server driver instead of the multi_server driver.
This one-line code change eliminates the accept() race
without any Postfix performance impact. Problem reported
by Sahil Tandon. File: dnsblog/dnsblog.c.
Logging: postscreen now logs a warning when a dnsblog(8)
request takes longer than the hard-coded time limit of 10s.
File: postscreen/postscreen_dnsbl.c.
17778
17779
17780
17781
17782
17783
17784
17785
17786
17787
17788
17789
17790
17791
17792
17793
17794
17795
17796
17797
17798
17799
17800
20120517
Workaround: to avoid crashes when the OpenSSL library is
updated without "postfix reload", the Postfix TLS session
cache ID now includes the OpenSSL library version number.
Note: this problem cannot be fixed in tlsmgr(8). Code by
Victor Duchovni. Files: tls/tls_server.c, tls_client.c.
20120520
Bugfix (introduced Postfix 2.4): the event_drain() function
was comparing bitmasks incorrectly causing the program to
always wait for the full time limit. This error affected
the unused postkick command, but only after s/fifo/unix/
in master.cf. File: util/events.c.
Cleanup: laptop users have always been able to avoid
unnecessary disk spin-up by doing s/fifo/unix/ in master.cf
(this is currently not supported on Solaris systems).
However, to make this work reliably, the "postqueue -f"
command must wait until its requests have reached the pickup
and qmgr servers before closing the UNIX-domain request
sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in.
17802
17803
17804
17805
17806
17807
17808
17809
17810
17811
17812
17813
17814
17815
17816
17817
17818
17819
17820
17821
17822
17823
17824
17825
17826
17827
17828
17829
17830
17831
17832
17833
17834
17835
17836
17837
17838
17839
17840
17841
17842
17843
17844
17845
17846
17847
17848
20120522
Robustness: set LC_ALL=C in post-install to avoid surprises
when parsing output from Postfix or non-Postfix commands.
File: postfix-install.
20120611
Bugfix (introduced: 20031216-21): with soft_bounce=yes, the
SMTP client did not move on to the next MX host or fallback
relay after a 5xx reply. File: smtp/smtp_trouble.c.
20120527-8
Infrastructure: limited support to shrink VSTREAM buffers.
The change takes place when reading from (a stream for the
first time | an empty buffer) or when writing to (a stream
for the first time | a full buffer). TODO: the change should
also happen after purging or flushing a buffer. File:
util/vstream.c.
20120531-617
Feature: haproxy support in postscreen(8) and smtpd(8). To
enable, specify "smtpd_upstream_proxy_protocol = haproxy"
or "postscreen_upstream_proxy_protocol = haproxy". Files:
mantools/postlink, proto/postconf.proto, global/Makefile.in,
global/haproxy_srvr.c, global/haproxy_srvr.h, global/mail_params.h,
global/mail_proto.h, master/single_server.c, master/multi_server.c,
master/event_server.c, postscreen/Makefile.in,
postscreen/postscreen.c, postscreen/postscreen.h,
postscreen/postscreen_endpt.c, postscreen/postscreen_haproxy.c,
postscreen/postscreen_haproxy.h, postscreen/postscreen_send.c,
postscreen/postscreen_state.c, smtpd/Makefile.in, smtpd/smtpd.h,
smtpd/smtpd_peer.c, smtpd/smtpd_sasl_glue.c, smtpd/smtpd_haproxy.c,
util/Makefile.in, util/listen.h, util/recv_pass_attr.c,
util/stream_listen.c, util/sys_defs.h, util/unix_pass_listen.c.
20120618
Cleanup: made the postscreen-to-smtpd haproxy attribute
transmission more robust for Solaris. Files: util/sys_defs.h,
util/connect.h, util/steam_listen.c, postscreen/postscreen_send.c.
Cleanup: simplified the "stream used" workaround. Files:
util/vstream.h, master/event_server.c, master/multi_server.c.
17851
17852
17853
17854
17855
17856
17857
17858
17859
17860
17861
17862
17863
17864
17865
17866
17867
17868
17869
17870
17871
17872
17873
17874
17875
17876
17877
17878
17879
17880
17881
17882
Cleanup: simplified workarounds for Solaris streams versus
UNIX-domain sockets. Files: util/pass_accept.c (new),
util/pass_trigger.c (new), util/stream_pass_connect.c
(deleted), util/unix_pass_listen.c (deleted),
util/unix_pass_trigger.c (deleted), updated header files,
and replaced PASS_XXX macros by pass_xxx function calls.
Cleanup: don't clobber errno when logging a problem.
File util/msg_output.c.
20120627
Bugfix (introduced: 20120531-617): in the postscreen module
for HAproxy sypport, a VSTREAM buffer size request was not
LP64-clean. File: postscreen/postscreen_haproxy.c.
Cleanup: avoid single-character reads in the postscreen
HAproxy module. File: postscreen/postscreen_haproxy.c.
20120628
Workaround: heuristic to detect missing (ssize_t) type-cast
in VSTREAM buffer size requests. File: util/vstream.c.
20120629
Workaround: "sendmail -bl" emulation. File: sendmail/sendmail.c.
20120630
Cleanup: sub-optimal hash performance on systems where the
"char" type is signed. Files: util/htable.c, util/binhash.c.
20120702
Bugfix (introduced: 19990127): the BIFF client leaked an
unprivileged UDP socket. Fix by Jaroslav Skarvada. File:
local/biff_notify.c.
17890
17891
17892
17893
17894
17895
17896
17897
17898
17899
17900
17901
17902
17903
17904
17905
17906
20120713
Bugfix (introduced: 20120527-8): infrastructure to specify
a smaller-than-default VSTREAM buffer, without the complex
run-time checks. File: util/vstream.c, vstream_tweak.c.
20120714
Cleanup: semantics of requests to query or modify the VSTREAM
buffer size that will be used with the next read(2) or
write(2) operation. Files: util/vstream.c, util/vstream.h,
util/vstream_tweak.c.
20120717
Documentation: update to RFC5321.
20120730
Bugfix (introduced: 20000314): AUTH is not allowed after
MAIL. Timo Sirainen. Files: smtpd/smtpd.c, smtpd/smtpd.h,
smtpd/smtpd_sasl_proto.c.
20120801
Documentation: point of what virtual_xxx parameters are
specific to the virtual(8) delivery agent, and will have
no effect when mail is delivered with a different program.
Files: proto/postconf.proto, proto/VIRTUAL_README.html.
20120824
Feature: support for "sendmail -R hdrs|full". Jan Kundr?t.
17923
17924
17925
17926
17927
17928
17929
17930
17931
17932
17933
17934
17935
17936
17937
17938
17939
17940
17941
17942
17943
17944
17945
17946
17947
17948
17949
17950
17951
17952
17953
17954
17955
17956
17957
17958
17959
17960
17961
17962
17963
17964
17965
17966
17967
17968
17969
17970
17971
17972
17973
17974
17975
17976
17977
17978
17979
17980
17981
17982
17983
17984
17985
17986
17987
17988
17989
17990
17991
17992
17993
17994
17995
17996
17997
17998
17999
18000
File: sendmail/sendmail.c.
20120902
Documentation: updated TUNING_README with new pointers to
the STRESS_README and POSTSCREEN_README documents. Miscellaneous
documentation clarifications based on postfix-users discussions.
20120903
Bugfix (introduced 20120317): the socketmap client should
not share unrelated client endpoint handles. File:
util/dict_sockmap.c.
20120907
Cleanup (for change 20120824): the DSN RET attribute should
not be stored once per recipient. It is a message property
just like DSN ENVID. File: sendmail/sendmail.c.
20120911
Documentation: more explicit enumeration of what happens
when setting a per-destination recipient limit value to 1.
File: proto/postconf.proto.
20120918
Documentation: clarified the bounce/queue_life-time parameter
descriptions. File: proto/postconf.proto.
20120920
Documentation: the postscreen_whitelist_interfaces parameter
syntax was defined only by example. File: proto/postconf.proto.
20120923
Infrastructure: cleaned up the support for database
lock-on-open. This is needed for databases that are not
multi-updater safe. Files: util/dict_alloc.c, util/dict.c,
util/dict_open.c, util/dict.h. tls/tls_scache.c.
20120924
Documentation: some people are read-challenged distribute
their own incorrect understanding of master.cf syntax.
File: proto/master.
Cleanup: don't emulate UNIX-domain sockets over FIFOs on
Solaris systems less than 10 years old. This allows us to
globally s/fifo/unix/ in master.cf. Files: makedefs,
util/sys_defs.h.
Laptop-friendliness: avoid disk spin-up on idle systems by
s/fifo/unix/ in master.cf. Files: conf/master.cf.
20120928-30
Feature: smtpd_relay_restrictions, proposed long ago by
Victor. The idea is to separate the mail relay policy from
the spam blocking policy, so that a permissive spam blocking
policy under smtpd_recipient_restrictions will no longer
unexpectedly result in a permissive mail relay policy.
This involves a change in default settings. Similar to the
way that local_recipient_maps was introduced, there is a
safety net that prevents unexpected mail bounces when a
site upgrades to Postfix 2.10 or later, and there is no
change in documented smtpd_recipient_restrictions behavior.
See the RELEASE_NOTES file for details. Files:
global/mail_params.h, smtpd/smtpd.c, smtpd/smtpd_check.c,
proto/postconf.proto, proto/SMTPD_ACCESS_README.html,
mantools/postlink, conf/post-install, RELEASE_NOTES.
20120931-1001
Documentation: updated the remainder of the README files