HISTORY

20151018

	Added RFC 7672 (SMTP security via opportunistic DANE TLS)
	and RFC 7505 ("Null MX" No Service Resource Record) to the
	lists of supported RFCs in manpages. Viktor Dukhovni. Files:
	smtp/smtp.c, smtpd/smtpd.c.

20151031

	Bitrot: OpenSSL API cleanups. Viktor Dukhovni. Files:
	.indent.pro, tls/tls.h, tls/tls_dane.c, tls/tls_fprint.c,
	tls/tls_misc.c, tls/tls_server.c, tls/tls_verify.c.

20151124

	Bugfix (introduced: Postfix 3.0): don't throttle a destination
	after opportunistic TLS failure. Viktor Dukhovni and Wietse.
	Files: smtp/smtp_proto.c, smtp/smtp.h, smtp/smtp_trouble.c.

20151128

	Feature: JSON-formatted queue listing with "postqueue -j".
	Output is a stream of JSON objects, one per queue file.  To
	simplify stream-mode parsing, each JSON object is followed by
	a newline character. Files: postqueue/postqueue.c,
	postqueue/postqueue.h, postqueue/showq_compat.c,
	postqueue/showq_json.c, showq/showq.c.

20151216

	Bugfix (introduced: 20151128) bogus queue file parsing error.
	File: showq/showq.c.

20151226

	Cleanup: postlog(1) now pauses for 1s after reporting a
	fatal or panic error. This makes behavior of scripts such
	as postfix-script consistent with built-in error messages.
	File: postlog/postlog.c.

20151227

	Robustness: don't allow for whitespace in command-line
	arguments.  Files; postfix-install, conf/post-install.

	Robustness: added a comment to discourage people who keep
	adding code that calls gethostbyname() to determine the
	default myhostname setting.  This is a mistake: all Postfix
	programs will hang when the DNS is unavailable.  File:
	global/mail_params.c.

	Safety: a limit on the number of address verification probes
	in the active queue (address_verify_pending_request_limit),
	by default 1/4 of the active queue maximum size. The queue
	manager tempfails probe messages that exceed the limit.
	Files: mantools/postlink, proto/postconf.proto, cleanup/cleanup.h,
	cleanup/cleanup_envelope.c, cleanup/cleanup_out_recipient.c,
	cleanup/cleanup_state.c, global/mail_params.h, global/post_mail.c,
	global/post_mail.h, global/verify.c, oqmgr/qmgr.c, oqmgr/qmgr.h,
	oqmgr/qmgr_message.c, qmgr/qmgr.c, qmgr/qmgr.h,
	qmgr/qmgr_message.c, verify/verify.c.

20160102

	Workaround: MacOS/X 10.11.x /bin/sh unsets DYLD_LIBRARY_PATH,
	which breaks the build and install.  Viktor Dukhovni and
	Wietse.  Files: makedefs, postfix-install, Makefile.in.

	Bitrot: OpenSSL 1.1.0-dev drops support for EXPORT ciphers
	and ephemeral RSA.  Viktor Dukhovni. Files: tls/tls_client.c,
	tls/tls_rsa.c, tls/tls_server.c.

	Bugfix: memory leak in tls_set_eecdh_curve(). Viktor Dukhovni.
	File: tls/tls_dh.c.

	Bugfix (introduced 20150326): when lmtp_fallback_relay
	support was added, the code that generates lmtp_mumble
	parameters from smtp_mumble parameters wasn't updated. File:
	smtp/smtp-only.

	Bugfix (introduced 20151017): the smtpd_client_auth_rate_limit
	implementation was not guarded with #ifdef USE_SASL_AUTH.
	File: smtpd/smtpd.c.

20160103

	Feature: enable DANE policies when an MX host has a secure
	TLSA DNS record, even if the MX DNS record was obtained
	with insecure lookups. The existence of a secure TLSA record
	implies that the host wants to talk TLS and not plaintext.
	This behavior is controlled with smtp_tls_dane_insecure_mx_policy
	(default: "dane", other settings: "encrypt" and "may"; the
	latter is backwards-compatible with earlier Postfix releases).
	Viktor Dukhovni.  Files: mantools/postlink, proto/postconf.proto,
	src/global/mail_params.h, src/posttls-finger/posttls-finger.c,
	src/smtp/smtp-only, src/smtp/smtp.c, src/smtp/smtp.h,
	src/smtp/smtp_addr.c, src/smtp/smtp_params.c,
	src/smtp/smtp_tls_policy.c, src/tls/tls.h, src/tls/tls_client.c.

20160104

	Cleanup: distinct TLS levels for "full" DANE and for DANE
	with insecure MX records.  Viktor Dukhovni. Files:
	posttls-finger/posttls-finger.c, smtp/smtp_tls_policy.c,
	tls/tls.h, tls/tls_client.c, tls/tls_level.c.

20160108

	Cleanup: smtp_reply_footer() now restores state in case of
	input error; unit tests that cover most if not all error
	and non-error cases.  Files: global/smtp_reply_footer.c,
	global/smtp_reply_footer.ref.

20160110

	Bitrot: const-ification for OpenSSL 1.1.0. Viktor Dukhovni.
	File: tls/tls_misc.c.

20160116

	"postconf -H" support (show names without the =value).
	Initial use case: mass reversal of TLS-related main.cf
	parameters (postconf -nH | grep _tls_ | xargs postconf -X).
	This flag also works with "postconf -F" and "postconf -P".
	Added missing documentation that -h works with "postconf
	-F" and "postconf -P".  Files: postconf.c, postconf.h,
	postconf_master.c, postconf_main.c.

	Robustness: force html2text to produce ASCII output.  File:
	mantools/html2readme.

	Feature: "postfix tls" commands to enable opportunistic TLS
	in the Postfix SMTP client or server, or generate or replace
	Postfix SMTP server TLS private keys and server certificates.
	Viktor Dukhovni, Wietse. Files: conf/postfix-files,
	conf/postfix-script, conf/postfix-tls-script, makedefs,
	proto/INSTALL.html, proto/postconf.proto, global/mail_params.h,
	postfix/postfix.c, tls/tls_misc.c.

	Portability: added a tls_random_source default setting for
	MacOS X. Viktor Dukhovni. File: util/sys_defs.h.

20150118

	Bitrot: OpenSSL 1.1.0-dev (aka the "master" branch) has new
	security levels ranging from 0 to 5. Level "0" is backwards
	compatible, and other levels are increasingly restrictive.
	Viktor Dukhovni. Files: tls/tls_server.c, tls/tls_client.c.

20161205

	Portability: Postfix TLS support uses /dev/urandom if
	available and no system-specific setting exists in sys_defs.h.
	Files: makedefs, util/sys_defs.h.

20160208

	Cleanup: building the INSTALL file had failed, added
	hyperlinks for "postfix tls". Files: mantools/postlink.

20160210

	Feature: all-default-client and all-default-server subcommands.
	Eray Aslan. File: conf/postfix-tls-script.

	Bugfix: the postqueue(1) JSON formatter wrote a spurious
	comma after the delay reason. Reported by Christian Roessner.
	File: postqueue/showq_json.c.

20160212

	Cleanup: Bold/Italic cleanup in manpages.

20160213

	Added Google credits to external manpages.

20160214

	More manpage cleanups. Viktor, Wietse.

20160215

	Cleanup: "match_list_match: permit_mynetworks: no match" after
	a SUCCESSFUL permit_mynetworks match of a client IP address was
	complicating troubleshooting.  The fix is to log additional
	context to clarify that this "no match" condition is for
	smtpd_log_access_permit_actions. File: smtpd/smtpd_check.c.

20160228

	Documentation: typos in postfix-tls-script(1) manpage.

20160327

	Documentation: line wrapping in postconf(1) manpage.

20160310

	Bugfix (introduced: Postfix 2.6): the Milter SMFIR_CHGFROM
	(replace sender) request lost the sender_bcc_maps address.
	Fixed by moving some record keeping to the sender output
	function.  Files: cleanup/cleanup_envelope.c,
	cleanup/cleanup_addr.c, cleanup/cleanup_milter.c,
	cleanup/cleanup.h, regression tests.

20160410

	Bugfix (introduced: Postfix 2.6): the "bad filetype"
	header_checks pattern falsely rejected Content-Mumble headers
	with ``name="example"; x-apple-part-url="example.com"''.
	Fixed by respecting the ";" separator between content
	attribute values.  Reported by Cedric Knight.  File:
	proto/header_checks.

20160515

	Portability: OpenBSD 6.0. Files: makedefs, util/sys_defs.h.

20160819

	Bugfix (introduced: Postfix 3.0): the makedefs script ignored
	readme_directory=pathname overrides. Fix by Todd C. Olson.
	File: makedefs.

20160821

	Bugfix (introduced: Postfix 3.0): the tls_session_ticket_cipher
	documentation says aes-256-cbc, but the implementation was
	using aes-128-cbc (note that Postfix session ticket keys
	are rotated after 1/2 hour, to limit the impact of attacks
	on session ticket keys).

20160828

	Bitrot: fixes for incompatible OpenSSL 1.1.0 API changes.
	Viktor Dukhovni.  Files: posttls-finger/posttls-finger.c,
	tls/tls.h, tls/tls_dane.c, tls/tls_verify.c, tls/tls_server.c,
	tls/tls_client.c.

20160911

	Bugfix (introduced: Postfix 3.0): the SMTP daemon did not
	reset a previous session's command counts before rejecting
	a client that exceeds request or concurrency rates. File:
	smtpd/smtpd.c.

20160917

	Bugfix (introduced: Postfix 3.0): the unionmap did not
	propagate table lookup errors.  Based on patch by Roel van
	Meer.  Files: util/dict_union.c, util/dict_union_test.*.

20160925

	Workaround (problem introduced: Postfix 2.11): to avoid
	false "not found" errors with MySQL map queries that contain
	UTF8-encoded text, specify "option_group = client" in Postfix
	MySQL configuration files.  This will be the default setting
	with Postfix 3.2 and later.