5912 lines
247 KiB
Plaintext
5912 lines
247 KiB
Plaintext
-------------------------------------------------------------------
|
||
Thu Aug 1 08:36:10 UTC 2024 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- postfix gives warnings about deprecated parameters (bsc#1225397)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 18 18:15:47 UTC 2024 - chris@computersalat.de
|
||
|
||
- fix for Invalid cross-device link
|
||
* failed to create hard link 'etc/localtime' => '/usr/share/zoneinfo/Etc/UTC'
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 11 11:57:53 UTC 2024 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- Set built-in path values to suse values (bsc#1215689)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 20 20:45:06 UTC 2024 - chris@computersalat.de
|
||
|
||
- Update update_chroot.systemd
|
||
* Add missing checks for DKIM (openDKIM)
|
||
- keep spec and changes files in sync
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 17 11:42:53 UTC 2024 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- config.postfix needs updating (bsc#1224207)
|
||
* chkconfig -> systemctl
|
||
* Link Cyrus lmtp only if this exsists
|
||
* /usr/lib64/sasl2 does not need to exist
|
||
* Fetch timezone via readlink from /etc/localtime
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 5 01:44:30 UTC 2024 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
|
||
|
||
- Move qshape(1) out of -doc, install it as a binary with the main package
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 7 18:42:30 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
|
||
|
||
- update to 3.9.0
|
||
* As described in DEPRECATION_README, the SMTP server features
|
||
"permit_naked_ip_address", "check_relay_domains", and
|
||
"reject_maps_rbl" have been removed, after they have been logging
|
||
a warning for some 20 years. These features now log a warning
|
||
and return a "server configuration error" response.
|
||
* The MySQL client no longer supports MySQL versions < 4.0. MySQL
|
||
version 4.0 was released in 2003.
|
||
* As covered in DEPRECATION_README, the configuration parameter
|
||
"disable_dns_lookup" and about a dozen TLS-related parameters
|
||
are now officially obsolete. These parameters still work, but
|
||
the postconf command logs warnings that they will be removed
|
||
from Postfix.
|
||
* As covered in DEPRECATION_README, "permit_mx_backup" logs a
|
||
warning that it will be removed from Postfix.
|
||
* In message headers, Postfix now formats numerical days as
|
||
two-digit days, i.e. days 1-9 have a leading zero instead of a
|
||
leading space. This change was made because the RFC 5322 date
|
||
and time specification recommends (i.e. SHOULD) that a single
|
||
space be used in each place that folding white space appears.
|
||
This change avoids a breaking change in the length of a date
|
||
string.
|
||
* The MySQL client default characterset is now configurable with
|
||
the "charset" configuration file attribute. The default is
|
||
"utf8mb4", consistent with the MySQL 8.0 built-in default, but
|
||
different from earlier MySQL versions where the built-in default
|
||
was "latin1".
|
||
* Support to query MongoDB databases, contributed by Hamid Maadani,
|
||
based on earlier code by Stephan Ferraro. See MONGODB_README
|
||
and mongodb_table(5)
|
||
* The RFC 3461 envelope ID is now exported in the local(8) delivery
|
||
agent with the ENVID environment variable, and in the pipe(8)
|
||
delivery agent with the ${envid} command-line attribute.
|
||
* Configurable idle and retry timer settings in the mysql: and
|
||
pgsql: clients. A shorter than default retry timer can sped up
|
||
the recovery after error, when Postfix is configured with only
|
||
one server in the "hosts" attribute. After the code was frozen
|
||
for release, we have learned that Postfix can recover faster
|
||
from some errors when the single server is specified multiple
|
||
times in the "hosts" attribute.
|
||
* Optional Postfix TLS support to request an RFC7250 raw public
|
||
key instead of an X.509 public-key certificate. The configuration
|
||
settings for raw key public support will be ignored when there
|
||
is no raw public key support in the local TLS implementation
|
||
(i.e. Postfix with OpenSSL versions before 3.2). See RELEASE_NOTES
|
||
for more information.
|
||
* Preliminary support for OpenSSL configuration files, primarily
|
||
OpenSSL 1.1.1b and later. This introduces two new parameters
|
||
"tls_config_file" and "tls_config_name", which can be used to
|
||
limit collateral damage from OS distributions that crank up
|
||
security to 11, increasing the number of plaintext email
|
||
deliveries. Details are in the postconf(5) manpage under
|
||
"tls_config_file" and "tls_config_name".
|
||
* With "smtpd_forbid_unauth_pipelining = yes" (the default),
|
||
Postfix defends against multiple "blind" SMTP attacks. This
|
||
feature was back-ported to older stable releases but disabled
|
||
by default.
|
||
* With "smtpd_forbid_bare_newline = normalize" (the default)
|
||
Postfix defends against SMTP smuggling attacks. See RELEASE_NOTES
|
||
for details. This feature was back-ported to older stable
|
||
releases but disabled by default.
|
||
* Prevent outbound SMTP smuggling, where an attacker uses Postfix
|
||
to send email containing a non-standard End-of-DATA sequence,
|
||
to exploit inbound SMTP smuggling at a vulnerable remote SMTP
|
||
server. With "cleanup_replace_stray_cr_lf = yes" (the default),
|
||
the cleanup daemon replaces each stray <CR> or <LF> character
|
||
in message content with a space character. This feature was
|
||
back-ported to older stable releases with identical functionality.
|
||
* The Postfix DNS client now limits the total size of DNS lookup
|
||
results to 100 records; it drops the excess records, and logs
|
||
a warning. This limit is 20x larger than the number of server
|
||
addresses that the Postfix SMTP client is willing to consider
|
||
when delivering mail, and is far below the number of records
|
||
that could cause a tail recursion crash in dns_rr_append() as
|
||
reported by Toshifumi Sakaguchi. This also introduces a similar
|
||
limit on the number of DNS requests that a check_*_*_access
|
||
restriction can make. All this was back-ported to older stable
|
||
releases with identical functionality.
|
||
- refreshed patch:
|
||
% postfix-no-md5.patch
|
||
- change obsoleted "disable_dns_lookups" to "smtp_dns_support_level"
|
||
% postfix-SUSE.tar.gz
|
||
% postfix-main.cf.patch
|
||
% postfix-master.cf.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 5 16:46:16 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
|
||
|
||
- update to 3.8.6
|
||
* Bugfix (defect introduced: Postfix 2.3, date 20051222): the
|
||
Dovecot auth client did not reset the 'reason' from a previous
|
||
Dovecot auth service response, before parsing the next Dovecot
|
||
auth server response in the same SMTP session, resulting in a
|
||
nonsensical "authentication failed" warning message. Reported
|
||
by Stephan Bosch.
|
||
* Bugfix (defect introduced: Postfix 3.1, date: 20151128):
|
||
"postqueue -j" produced broken JSON when escaping a control
|
||
character as \uXXXX. Found during code maintenance.
|
||
* Cleanup: this fixes posttls-finger certificate match expectations
|
||
for all TLS security levels, including warnings for levels that
|
||
don't implement certificate matching. By Viktor Dukhovni.
|
||
* Bugfix (defect introduced: Postfix 2.3): after prepending a
|
||
header at the top of a message (with an access(5), header_checks(5)
|
||
or Milter action), the Postfix Milter "delete header" or "update
|
||
header" action was skipping the prepended header, instead of
|
||
skipping the Postfix-generated Received: header. Problem report
|
||
by Carlos Velasco.
|
||
* Workaround: tlsmgr logfile spam. Reportedly, some OS lies under
|
||
load: it says that a socket is readable, then it says that the
|
||
socket has unread data, and then it says that read returns EOF,
|
||
causing Postfix to spam the log with a warning message.
|
||
* Bugfix (defect introduced: Postfix 3.4): the SMTP server's BDAT
|
||
command handler could be tricked to read $message_size_limit
|
||
bytes into memory. Found during code maintenance.
|
||
* Safety: limit the total size of DNS lookup results to 100
|
||
records; drop the excess records, and log a warning. This limit
|
||
is 20x larger than the number of server addresses that the
|
||
Postfix SMTP client is willing to consider when delivering mail,
|
||
and is far below the number of records that could cause a tail
|
||
recursion crash in dns_rr_append() as reported by Toshifumi
|
||
Sakaguchi. This fix also limits the number of DNS requests that
|
||
a check_*_*_access restriction can make.
|
||
* Performance, related to the previous problem: eliminate worst-case
|
||
behavior where the queue manager could defer delivery to all
|
||
destinations over a specific delivery transport, after only a
|
||
single delivery agent crash. The scheduler now throttles
|
||
deliveries to one destination, and allows other deliveries to
|
||
keep making progress.
|
||
- change to functioning mirror (http://cdn.postfix.johnriley.me/
|
||
has been dead for a while although it is still listed upstream)
|
||
- make output of %setup less verbose by restoring -q option
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 5 12:19:01 UTC 2024 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- %autosetup does not works with multiple -a.
|
||
https://github.com/rpm-software-management/rpm/issues/1204
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 29 14:40:38 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
||
|
||
- Use %autosetup macro. Allows to eliminate the usage of deprecated
|
||
%patchN.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 23 18:24:16 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
|
||
|
||
- update to 3.8.5
|
||
* Security: this release improves support to defend against an email
|
||
spoofing attack (SMTP smuggling) on recipients at a Postfix server.
|
||
For background, see https://www.postfix.org/smtp-smuggling.html.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 6 22:41:09 UTC 2024 - chris@computersalat.de
|
||
|
||
- rework fix for bsc#1192173: keep myhostname and mydestination
|
||
patched, but with upstream default to have them in correct place
|
||
when updated via config.postfix
|
||
- rework SMTP Smuggling defaults
|
||
* yes is now alias of 'normalize'
|
||
smtpd_forbid_bare_newline = normalize
|
||
* another new option is 'reject' wich should be used in connection
|
||
with
|
||
smtpd_forbid_bare_newline_reject_code = 521
|
||
- rework patches
|
||
* postfix-bdb-main.cf.patch
|
||
* postfix-main.cf.patch
|
||
- rebase patches
|
||
* postfix-linux45.patch
|
||
* postfix-ssl-release-buffers.patch
|
||
* postfix-vda-v14-3.0.3.patch
|
||
* set-default-db-type.patch
|
||
- sync changes files
|
||
* add missing entries in postfix-bdb.changes
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 28 07:57:23 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update default configuration to enable the long-term fix for
|
||
bsc#1218304, bsc#1218314 CVE-2023-51764, SMTP smuggling attack:
|
||
* smtpd_forbid_bare_newline = yes
|
||
* smtpd_forbid_bare_newline_exclusions = $mynetworks
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 22 17:57:57 UTC 2023 - Arjen de Korte <suse+build@de-korte.org>
|
||
|
||
- update to 3.8.4 (bsc#1218304, CVE-2023-51764):
|
||
* Security: this release adds support to defend
|
||
against an email spoofing attack (SMTP smuggling) on
|
||
recipients at a Postfix server. For background, see
|
||
https://www.postfix.org/smtp-smuggling.html
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 3 14:55:20 UTC 2023 - Arjen de Korte <suse+build@de-korte.org>
|
||
|
||
- update to 3.8.3
|
||
* Bugfix (defect introduced Postfix 2.5, date 20080104): the
|
||
Postfix SMTP server was waiting for a client command instead
|
||
of replying immediately, after a client certificate verification
|
||
error in TLS wrappermode. Reported by Andreas Kinzler.
|
||
* Usability: the Postfix SMTP server (finally) attempts to log
|
||
the SASL username after authentication failure. In Postfix
|
||
logging, this appends ", sasl_username=xxx" after the reason
|
||
for SASL authentication failure. The logging replaces an
|
||
unavailable reason with "(reason unavailable)", and replaces
|
||
an unavailable sasl_username with "(unavailable)". Based on
|
||
code by Jozsef Kadlecsik.
|
||
* Compatibility bugfix (defect introduced: Postfix 2.11, date
|
||
20130405): in forward_path, the expression ${recipient_delimiter}
|
||
would expand to an empty string when a recipient address had
|
||
no recipient delimiter. The compatibility fix is to use a
|
||
configured recipient delimiter value instead. Reported by Tod
|
||
A. Sandman.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 23 07:43:31 UTC 2023 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- Syntax error in update_postmaps script (bsc#1216061)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 18 12:38:19 UTC 2023 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- postfix: config.postfix causes too tight permission on main.cf
|
||
(bsc#1215372)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 15 09:07:07 UTC 2023 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- CVE-2023-32182: postfix: config_postfix SUSE specific script
|
||
potentially bad /tmp file usage (bsc#1211196)
|
||
Use temp file created by mktemp
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 6 18:37:03 UTC 2023 - Arjen de Korte <suse+build@de-korte.org>
|
||
|
||
- update to 3.8.1
|
||
* Optional: harden a Postfix SMTP server against remote SMTP
|
||
clients that violate RFC 2920 (or 5321) command pipelining
|
||
constraints. With "smtpd_forbid_unauth_pipelining = yes", the
|
||
server disconnects a client immediately, after responding with
|
||
"554 5.5.0 Error: SMTP protocol synchronization" and after
|
||
logging "improper command pipelining" with the unexpected remote
|
||
SMTP client input. This feature is disabled by default in Postfix
|
||
3.5-3.8 to avoid breaking home-grown utilities, but it is enabled
|
||
by default in Postfix 3.9. A similar feature is enabled by
|
||
default in the Exim SMTP server.
|
||
* Optional: some OS distributions crank up TLS security to 11,
|
||
and in doing so increase the number of plaintext email deliveries.
|
||
This introduces basic OpenSSL configuration file support that
|
||
may be used to override OS-level settings.
|
||
Details are in the postconf(5) manpage under tls_config_file
|
||
and tls_config_name.
|
||
* Bugfix (defect introduced: Postfix 1.0): the command "postconf
|
||
.. name=v1 .. name=v2 .." (multiple instances of the same
|
||
parameter name) created multiple main.cf name=value entries
|
||
with the same parameter name. It now logs a warning and skips
|
||
the earlier name(s) and value(s). Found during code maintenance.
|
||
* Bugfix (defect introduced: Postfix 3.3): the command "postconf
|
||
-M name1/type1='name2 type2 ...'" died with a segmentation
|
||
violation when the request matched multiple master.cf entries.
|
||
The master.cf file was not damaged. Problem reported by SATOH
|
||
Fumiyasu.
|
||
* Bugfix (defect introduced: Postfix 2.11): the command "postconf
|
||
-M name1/type1='name2 type2 ...'" could add a service definition
|
||
to master.cf that conflicted with an already existing service
|
||
definition. It now replaces all existing service definitions
|
||
that match the service pattern 'name1/type1' or the service
|
||
name and type in 'name2 type2 ...' with a single service
|
||
definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu.
|
||
* Bugfix (defect introduced: Postfix 3.8) the posttls-finger
|
||
command could access uninitialized memory when reconnecting.
|
||
This also fixes a malformed warning message when a destination
|
||
contains ":service" information. Reported by Thomas Korbar.
|
||
* Bugfix (defect introduced: Postfix 3.2): the MySQL client could
|
||
return "not found" instead of "error" (for example, resulting
|
||
in a 5XX SMTP status instead of 4XX) during the time that all
|
||
MySQL server connections were turned down after error. Found
|
||
during code maintenance. File: global/dict_mysql.c. This was
|
||
already fixed in Postfix 3.4-3.7.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 4 11:23:41 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
|
||
|
||
- Add _multibuild to define 2nd spec file as additional flavor.
|
||
Eliminates the need for source package links in OBS.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 18 18:14:49 UTC 2023 - Arjen de Korte <suse+build@de-korte.org>
|
||
|
||
- update to 3.8.0
|
||
* Support to look up DNS SRV records in the Postfix SMTP/LMTP
|
||
client, Based on code by Tomas Korbar (Red Hat). For example,
|
||
with "use_srv_lookup = submission" and "relayhost =
|
||
example.com:submission", the Postfix SMTP client will look up
|
||
DNS SRV records for _submission._tcp.example.com, and will relay
|
||
email through the hosts and ports that are specified with those
|
||
records.
|
||
* TLS obsolescence: Postfix now treats the "export" and "low"
|
||
cipher grade settings as "medium". The "export" and "low" grades
|
||
are no longer supported in OpenSSL 1.1.1, the minimum version
|
||
required in Postfix 3.6.0 and later. Also, Postfix default
|
||
settings now exclude deprecated or unused ciphers (SEED, IDEA,
|
||
3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms
|
||
(DH, ECDH), and public key algorithm (DSS).
|
||
* Attack resistance: the Postfix SMTP server can now aggregate
|
||
smtpd_client_*_rate and smtpd_client_*_count statistics by
|
||
network block instead of by IP address, to raise the bar against
|
||
a memory exhaustion attack in the anvil(8) server; Postfix TLS
|
||
support unconditionally disables TLS renegotiation in the middle
|
||
of an SMTP connection, to avoid a CPU exhaustion attack.
|
||
* The PostgreSQL client encoding is now configurable with the
|
||
"encoding" Postfix configuration file attribute. The default
|
||
is "UTF8". Previously the encoding was hard-coded as "LATIN1",
|
||
which is not useful in the context of SMTP.
|
||
* The postconf command now warns for #comment in or after a Postfix
|
||
parameter value. Postfix programs do not support #comment after
|
||
other text, and treat that as input.
|
||
- rebase/refresh patches
|
||
* pointer_to_literals.patch
|
||
* postfix-linux45.patch
|
||
* postfix-master.cf.patch
|
||
* postfix-ssl-release-buffers.patch
|
||
* set-default-db-type.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 25 15:15:58 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
|
||
|
||
- update to 3.7.4
|
||
* Workaround: with OpenSSL 3 and later always turn on
|
||
SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
|
||
opportunities for TLS session reuse. This is safe because the SMTP protocol
|
||
implements application-level framing, and is therefore not affected by TLS
|
||
truncation attacks.
|
||
* Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound
|
||
handles for digest implementations. In sufficiently hostile configurations,
|
||
Postfix could mistakenly believe that a digest algorithm is available, and
|
||
fail when it is not. A similar workaround may be needed for
|
||
EVP_get_cipherbyname().
|
||
* Bugfix (bug introduced in Postfix 2.11): the checkok() macro in
|
||
tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate
|
||
the argument only if there was no prior error.
|
||
* Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation
|
||
violation when postscreen_dnsbl_threshold < 1. It should reject such input
|
||
with a fatal error instead.
|
||
* Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions.
|
||
* Portability: Linux 6 support.
|
||
* Added missing documentation that cidr:, pcre: and regexp: tables support
|
||
inline specification only in Postfix 3.7 and later.
|
||
* Rebased postfix-linux45.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 9 20:13:42 UTC 2023 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- SELinux: postfix denied to access /var/spool/postfix/pid/master.pid
|
||
(bsc#1207177) Apply proposed changes in postfix.service
|
||
- remove patch included into the source:
|
||
harden_postfix.service.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 25 13:30:52 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
|
||
|
||
- Disable NIS support on Factory (deprecated and will be removed)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 18 12:09:13 UTC 2023 - Hu <cathy.hu@suse.com>
|
||
|
||
- Fix SELinux labeling issue caused by /usr/sbin/config.postfix (bsc#1207227).
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 14 15:05:42 UTC 2022 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- postfix default main.cf myhostname default causes conflict
|
||
(bsc#1192173)
|
||
Use the postfix build in defaults for myhostname and mydestination
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 9 12:00:55 UTC 2022 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- update to 3.7.3
|
||
* Fixed a bug where some messages were not delivered after
|
||
"warning: Unexpected record type 'X'. (bsc#1213515)
|
||
* Workaround: in a TLS server disable Postfix's 1-element internal session
|
||
cache, to work around an OpenSSL 3.0 regression that broke TLS handshakes.
|
||
* Code health: the fix for milter_header_checks (3.7.1, 3.6.6, 3.5.16, 3.4.26)
|
||
introduced a missing msg_panic() argument (in code that never executes).
|
||
* Code health: Postfix 3.3.0 introduced an uninitialized verify_append()
|
||
request status in case of a null original recipient address.
|
||
* Postfix 3.5.0 introduced debug logging noise in map_search_create().
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 6 09:17:20 UTC 2022 - Ludwig Nussel <lnussel@suse.de>
|
||
|
||
- own /var/spool/mail (boo#1179574)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 4 19:09:34 UTC 2022 - chris@computersalat.de
|
||
|
||
- use correct source signature file (gpg2)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 11 14:21:41 UTC 2022 - chris@computersalat.de
|
||
|
||
- update to 3.7.2
|
||
https://de.postfix.org/ftpmirror/official/postfix-3.7.2.RELEASE_NOTES
|
||
- rebase patches
|
||
* pointer_to_literals.patch
|
||
* postfix-linux45.patch
|
||
* postfix-main.cf.patch
|
||
* postfix-master.cf.patch
|
||
* postfix-no-md5.patch
|
||
* postfix-ssl-release-buffers.patch
|
||
* postfix-vda-v14-3.0.3.patch
|
||
* set-default-db-type.patch
|
||
- build against libpcre2
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 10 20:14:54 UTC 2022 - chris@computersalat.de
|
||
|
||
- remove *.swp from postfix-SUSE.tar.gz
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 3 20:16:49 UTC 2022 - chris@computersalat.de
|
||
|
||
- fix config.postfix 'hash' leftover with relay_recipients
|
||
- update postfix-main.cf.patch about
|
||
* smtp_tls_security_level (obsoletes smtp_use_tls, smtp_enforce_tls)
|
||
* smtpd_tls_security_level (obsoletes smtpd_use_tls, smtpd_enforce_tls)
|
||
- rebase/refresh patches
|
||
* harden_postfix.service.patch
|
||
* postfix-avoid-infinit-loop-if-no-permission.patch
|
||
* postfix-master.cf.patch
|
||
* postfix-vda-v14-3.0.3.patch
|
||
* set-default-db-type.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 2 07:27:19 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
|
||
|
||
- Change ed requires to /usr/bin/ed: allow busybox-ed to be used
|
||
inside containers.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 25 13:59:17 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
|
||
|
||
- add missing requires for config.postfix and the postfix
|
||
postinstall script: perl and ed
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 18 19:59:01 UTC 2022 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- update to 3.6.6
|
||
* (problem introduced: Postfix 2.7) The milter_header_checks maps
|
||
are now opened before the cleanup(8) server enters the chroot
|
||
jail.
|
||
* In an internal client module, "host or service not found" was
|
||
a fatal error, causing the milter_default_action setting to be
|
||
ignored. It is now a non-fatal error, just like a failure to
|
||
connect.
|
||
* The proxy_read_maps default value was missing up to 27 parameter
|
||
names. The corresponding lookup tables were not automatically
|
||
authorized for use with the proxymap(8) service. The parameter
|
||
names were ending in _checks, _reply_footer, _reply_filter,
|
||
_command_filter, and _delivery_status_filter.
|
||
* (problem introduced: Postfix 3.0) With dynamic map loading
|
||
enabled, an attempt to create a map with "postmap regexp:path"
|
||
would result in a bogus error message "Is the postfix-regexp
|
||
package installed?" instead of "unsupported map type for this
|
||
operation". This happened with all non-dynamic map types (static,
|
||
cidr, etc.) that have no 'bulk create' support.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 4 09:01:56 UTC 2022 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- config.postfix fails to set smtp_tls_security_level
|
||
(bsc#1192314)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 29 10:12:29 UTC 2022 - Илья Индиго <ilya@ilya.cf>
|
||
|
||
- Refreshed spec-file via spec-cleaner and manual optimizated.
|
||
* Added -p flag to all install commands.
|
||
* Removed -f flag from all ln commands.
|
||
- Changed file harden_postfix.service.patch (boo#1191988).
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 18 20:29:34 UTC 2022 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- update to 3.6.5
|
||
* Glibc 2.34 implements closefrom(). This was causing a conflict
|
||
with Postfix's implementation for systems that have no closefrom()
|
||
implementation.
|
||
* Support for Berkeley DB version 18.
|
||
- removed obsolete postfix-3.6.2-glibc-234-build-fix.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 14 09:52:48 UTC 2022 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- Postfix on start don't run postalias /etc/postfix/aliases
|
||
(error open database /etc/postfix/aliases.lmdb). (bsc#1197041)
|
||
Apply proposed patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 9 09:22:41 UTC 2022 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- config.postfix can't handle symlink'd /etc/resolv.cof
|
||
(bsc#1195019)
|
||
Adapt proposed change: using "cp -afL" by copying.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 18 23:32:41 UTC 2022 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.6.4
|
||
* Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient
|
||
entries in postconf output. This was caused by an incomplete
|
||
fix to send SMTP session transcripts to $bounce_notice_recipient.
|
||
* Bug introduced in Postfix 3.0: the proxymap daemon did not
|
||
automatically authorize proxied maps inside pipemap (example:
|
||
pipemap:{proxy:maptype:mapname, ...}) or inside unionmap.
|
||
* Bug introduced in Postfix 2.5: off-by-one error while writing
|
||
a string terminator. This code passed all memory corruption
|
||
tests, presumably because it wrote over an alignment padding
|
||
byte, or over an adjacent character byte that was never read.
|
||
* The proxymap daemon did not automatically authorize map features
|
||
added after Postfix 3.3, caused by missing *_maps parameter
|
||
names in the proxy_read_maps default value. Found during code
|
||
maintenance.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 8 10:26:56 UTC 2021 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.6.3
|
||
* (problem introduced in Postfix 2.4, released in 2007): queue
|
||
file corruption after a Milter (for example, MIMEDefang) made
|
||
a request to replace the message body with a copy of that message
|
||
body plus additional text (for example, a SpamAssassin report).
|
||
* (problem introduced in Postfix 2.10, released in 2012): The
|
||
postconf "-x" option could produce incorrect output, because
|
||
multiple functions were implicitly sharing a buffer for
|
||
intermediate results. Problem report by raf, root cause analysis
|
||
by Viktor Dukhovni.
|
||
* (problem introduced in Postfix 2.11, released in 2013): The
|
||
check_ccert_access feature worked as expected, but produced a
|
||
spurious warning when Postfix was built without SASL support.
|
||
Fix by Brad Barden.
|
||
* Fix for a compiler warning due to a missing 'const' qualifier
|
||
when compiling Postfix with OpenSSL 3. Depending on compiler
|
||
settings this could cause the build to fail.
|
||
* The known_tcp_ports settings had no effect. It also wasn't fully
|
||
implemented. Problem report by Peter.
|
||
* Fix for missing space between a hostname and warning text.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 22 09:45:40 UTC 2021 - Dirk Stoecker <opensuse@dstoecker.de>
|
||
|
||
- Ensure postfix can write to home directory or server side
|
||
filtering wont work (sieve)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 22 08:46:19 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
||
|
||
- Ensure service can write to /etc/postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 21 15:39:55 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
||
|
||
- Added hardening to systemd service (bsc#1181400). Added
|
||
harden_postfix.service.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 7 08:03:40 UTC 2021 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- config.postfix not updatet after lmdb switch
|
||
(bsc#1190945)
|
||
Adapt config.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 26 13:59:42 UTC 2021 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- postfix master.cf: to include "submissions" service
|
||
(bsc#1189684)
|
||
Adapt master.cf patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 24 09:55:42 UTC 2021 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- postfix fails with glibc 2.34
|
||
Define HAS_CLOSEFROM
|
||
(bsc#1189101)
|
||
add patch
|
||
- postfix-3.6.2-glibc-234-build-fix.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 5 19:09:36 UTC 2021 - chris@computersalat.de
|
||
|
||
- fix config.postfix (follow up of bsc#1188477)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 26 19:59:12 UTC 2021 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- Syntax error in config.postfix
|
||
(bsc#1188477)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jul 25 23:22:23 UTC 2021 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.6.2
|
||
* In Postfix 3.6, fixed a false "Result too large" (ERANGE) fatal
|
||
error in the compatibility_level parser, because there was no
|
||
'errno = 0' statement before an strtol() call.
|
||
* (problem introduced in Postfix 3.3) "Null pointer read" error
|
||
in the cleanup daemon when "header_from_format = standard" (the
|
||
default as of Postfix 3.3), and email was submitted with
|
||
/usr/sbin/sendmail without From: header, and an all-space full
|
||
name was specified in 1) the password file, 2) with "sendmail
|
||
-F", or 3) with the NAME environment variable. Found by Renaud
|
||
Metrich.
|
||
* (problem introduced in Postfix 2.4) False "too many reverse
|
||
jump" warnings in the showq daemon, because loop detection code
|
||
was comparing memory addresses instead of queue file names.
|
||
Reported by Mehmet Avcioglu.
|
||
* (problem introduced in 1999) The Postfix SMTP server was sending
|
||
all session transcripts to the error_notice_recipient (default:
|
||
postmaster), instead of sending transcripts of bounced mail to
|
||
the bounce_notice_recipient (default: postmaster). Reported by
|
||
Hans van Zijst.
|
||
* The texthash: map implementation broke tls_server_sni_maps,
|
||
because it did not support multi-file inputs. Reported by
|
||
Christopher Gurnee, who also found an instance of the missing
|
||
code in the "postmap -F" source code. File: util/dict_thash.c.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 14 14:37:24 UTC 2021 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- spamd wants to start before mail-transfer-agent.target, but that target doesn't exist
|
||
(bsc#1066854)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 6 22:23:17 UTC 2021 - Christian Wittmer <chris@computersalat.de>
|
||
|
||
- postfix-SUSE
|
||
* rework sysconfig.postfix, add
|
||
- POSTFIX_WITH_DKIM
|
||
- POSTFIX_DKIM_CONN
|
||
* rework config.postfix for main.cf
|
||
- with_dkim
|
||
- update postfix-main.cf.patch
|
||
* add OpenDKIM settings
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 23 22:28:52 UTC 2021 - Christian Wittmer <chris@computersalat.de>
|
||
|
||
- postfix-mysql
|
||
* add mysql_relay_recipient_maps.cf
|
||
- postfix-SUSE
|
||
* rework sysconfig.postfix, add
|
||
- POSTFIX_RELAY_RECIPIENTS
|
||
- POSTFIX_BACKUPMX
|
||
* add relay_recipients
|
||
* rework config.postfix for main.cf
|
||
- is_backupmx
|
||
- relay_recipient_maps
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 18 17:11:05 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Add now working CONFIG parameter to sysusers generator
|
||
- Remove unnecessary group line from postfix-vmail-user.conf
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 14 15:46:54 UTC 2021 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.6.1
|
||
* Bugfix (introduced: Postfix 2.11): the command "postmap
|
||
lmdb:/file/name" (create LMDB database from textfile) handled
|
||
duplicate input keys ungracefully, discarding entries stored
|
||
up to and including the duplicate key, and causing a double
|
||
free() call with lmdb versions 0.9.17 and later. Reported by
|
||
Adi Prasaja; double free() root cause analysis by Howard Chu.
|
||
* Typo (introduced: Postfix 3.4): silent_discard should be
|
||
silent-discard in BDAT_README.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jun 6 12:51:35 UTC 2021 - Christian Wittmer <chris@computersalat.de>
|
||
|
||
- fix postfix-master.cf.patch
|
||
* set correct indentation (again) for options of
|
||
- submission (needs 3 spaces)
|
||
- smtps (needs 4 spaces)
|
||
to make config.postfix work nicely again
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 2 00:26:36 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
||
|
||
- Update to 3.6.0
|
||
- Major changes - internal protocol identification
|
||
Internal protocols have changed. You need to "postfix stop"
|
||
before updating, or before backing out to an earlier release,
|
||
otherwise long-running daemons (pickup, qmgr, verify, tlsproxy,
|
||
postscreen) may fail to communicate with the rest of Postfix,
|
||
causing mail delivery delays until Postfix is restarted.
|
||
For more see /usr/share/doc/packages/postfix/RELEASE_NOTES
|
||
- refreshed patches to apply cleanly again:
|
||
fix-postfix-script.patch
|
||
ipv6_disabled.patch
|
||
pointer_to_literals.patch
|
||
postfix-linux45.patch
|
||
postfix-main.cf.patch
|
||
postfix-master.cf.patch
|
||
postfix-no-md5.patch
|
||
postfix-ssl-release-buffers.patch
|
||
postfix-vda-v14-3.0.3.patch
|
||
set-default-db-type.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 1 10:47:29 UTC 2021 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- (bsc#1186669) - postfix.service has "Requires=var-run.mount"
|
||
Remove bad requirements
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 12 09:00:22 UTC 2021 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.5.10 with security fixes:
|
||
* Missing null pointer checks (introduced in Postfix 3.4) after
|
||
an internal I/O error during the smtp(8) to tlsproxy(8) handshake.
|
||
Found by Coverity, reported by Jaroslav Skarvada. Based on a
|
||
fix by Viktor Dukhovni.
|
||
* Null pointer bug (introduced in Postfix 3.0) and memory leak
|
||
(introduced in Postfix 3.4) after an inline: table syntax error
|
||
in main.cf or master.cf. Found by Coverity, reported by Jaroslav
|
||
Skarvada. Based on a fix by Viktor Dukhovni.
|
||
* Incomplete null pointer check (introduced: Postfix 2.10) after
|
||
truncated HaProxy version 1 handshake message. Found by Coverity,
|
||
reported by Jaroslav Skarvada. Fix by Viktor Dukhovni.
|
||
* Missing null pointer check (introduced: Postfix alpha) after
|
||
null argv[0] value.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 10 15:12:11 UTC 2021 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- (bsc#1183305) - config.postfix uses db as suffix for postmaps
|
||
Depending on DEF_DB_TYPE uses lmdb or db
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 5 13:22:42 UTC 2021 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- (bsc#1182833) - /usr/share/fillup-templates/sysconfig.postfix
|
||
still refers to /etc/services
|
||
Use getent to detect if smtps is already defined.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 5 17:51:49 UTC 2021 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- (bsc#1180473) [Build 20201230] postfix has invalid default config
|
||
(bsc#1181381) [Build 130.3] openQA test fails in mta, mutt -
|
||
postfix broken: "queue file write error" and "error: unsupported
|
||
dictionary type: hash"
|
||
Export DEF_DB_TYPE before starting the perl script.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 27 15:14:50 UTC 2021 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- bsc#1180473 - [Build 20201230] postfix has invalid default config
|
||
Fixing config.postfix and sysconfig.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 25 10:28:26 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>
|
||
|
||
- Update to 3.5.9
|
||
* improves the reporting of DNSSEC problems that may affect
|
||
DANE security
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 7 12:26:08 UTC 2021 - Arjen de Korte <suse+build@de-korte.org>
|
||
|
||
- Only do the conversion from the hash/btree databases to lmdb when
|
||
the default database type changes from hash to lmdb and do not
|
||
stop and start the service (the old compiled databases can live
|
||
together with the new ones)
|
||
- convert-bdb-to-lmdb.sh
|
||
- Clean up the specfile
|
||
* Remove < 1330 conditional builds
|
||
* Use generated postfix-files instead of the obsolete one from
|
||
postfix-SUSE.tar.gz
|
||
* Use dynamicmaps.cf.d instead of modifying dynamicmaps.cf upon
|
||
(de)installation of optional mysql, pgsql and ldap subpackages
|
||
* Use default location for post-install, postfix-tls-script,
|
||
postfix-wrapper and postmulti-script
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 4 12:17:03 UTC 2021 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- Set lmdb to be the default db.
|
||
- Convert btree tables to lmdb too. Stop postfix before converting from
|
||
bdb to lmdb
|
||
- This package is without bdb support. That's why convert must be done
|
||
without any suse release condition.
|
||
o remove patch postfix-no-btree.patch
|
||
o add set-default-db-type.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 25 20:32:04 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
|
||
|
||
- Set database type for address_verify_map and postscreen_cache_map
|
||
to lmdb (btree requires Berkeley DB)
|
||
o add postfix-no-btree.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 25 10:28:30 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
|
||
|
||
- Set default database type to lmdb and fix update_postmaps script
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 24 14:09:32 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
|
||
|
||
- Use variable substition instead of sed to remove .db suffix and
|
||
substitute hash: for lmdb: in /etc/postfix/master.cf as well.
|
||
Check before substitution if there is something to do (to keep
|
||
rpmcheck happy).
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 8 13:36:35 UTC 2020 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- bsc#1176650 L3: What is regularly triggering the "fillup"
|
||
command and changing modify-time of /etc/sysconfig/postfix?
|
||
o Remove miss placed fillup_only call from %verifyscript
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 26 15:30:10 UTC 2020 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- Remove Berkeley DB dependency (JIRA#SLE-12191)
|
||
The pacakges postfix is build without Berkely DB support.
|
||
lmdb will be used instead of BDB.
|
||
The pacakges postfix-bdb is build with Berkely DB support.
|
||
o add patch for main.cf for postfix-bdb package
|
||
postfix-bdb-main.cf.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Nov 8 20:59:23 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.5.8
|
||
* The Postfix SMTP client inserted <CR><LF> into message headers longer
|
||
than $line_length_limit (default: 2048), causing all subsequent header
|
||
content to become message body content.
|
||
* The postscreen daemon did not save a copy of the
|
||
postscreen_dnsbl_reply_map lookup result. This has no effect when the
|
||
recommended texthash: look table is used, but it could result in stale
|
||
data with other lookup tables.
|
||
* After deleting a recipient with a Milter, the Postfix recipient
|
||
duplicate filter was not updated; the filter suppressed requests
|
||
to add the recipient back.
|
||
* Memory leak: the static: maps did not free their casefolding buffer.
|
||
* With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a
|
||
TLS handshake, after processing an XCLIENT command.
|
||
* The smtp_sasl_mechanism_filter implementation ignored table lookup
|
||
errors, treating them as 'not found'.
|
||
* The code that looks for Delivered-To: headers ignored headers longer
|
||
than $line_length_limit (default: 2048).
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 31 13:38:04 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.5.7
|
||
* Fixed random certificate verification failures with
|
||
"smtp_tls_connection_reuse = yes", because tlsproxy(8) was using
|
||
the wrong global TLS context for connections that use DANE or
|
||
non-DANE trust anchors.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 25 13:54:40 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
|
||
|
||
- Move ldap into an own sub-package like all other databases
|
||
- Move manual pages to correct sub-package
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 21 08:44:22 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
|
||
|
||
- Use sysusers.d to create system accounts
|
||
- Remove wrong %config for systemd directory content
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Aug 9 06:55:01 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
|
||
|
||
- Use the correct signature file for source verification
|
||
- Rename postfix-3.5.6.tar.gz.sig to postfix-3.5.6.tar.gz.asc (to
|
||
prevent confusion, as the signature file from upstream with .sig
|
||
extension is incompatible with the build service)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jul 26 21:22:39 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.5.6 with following fixes:
|
||
* Workaround for unexpected TLS interoperability problems when Postfix
|
||
runs on OS distributions with system-wide OpenSSL configurations.
|
||
* Memory leaks in the Postfix TLS library, the largest one
|
||
involving multiple kBytes per peer certificate.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 16 20:42:19 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
|
||
|
||
- Add source verification (add postfix.keyring)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 3 14:06:53 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
|
||
|
||
- Use systemd_ordering instead of systemd_require.
|
||
- Move /etc/postfix/system to /usr/lib/postfix/systemd [bsc#1173688]
|
||
- Drop /var/adm/SuSEconfig from %post, it does nothing.
|
||
- Rename postfix-SuSE to postfix-SUSE
|
||
- Delete postfix-SUSE/README.SuSE, company name spelled wrong,
|
||
completly outdated and not used.
|
||
- Delete postfix-SUSE/SPAMASSASSIN+POSTFIX.SuSE, company name
|
||
spelled wrong, outdated and not used.
|
||
- sysconfig.mail-postfix: Fix description of MAIL_CREATE_CONFIG,
|
||
SuSEconfig is gone since ages.
|
||
- update_chroot.systemd: Remove advice to run SuSEconfig.
|
||
- Remove rc.postfix, not used, outdated.
|
||
- mkpostfixcert: Remove advice to run SuSEconfig.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 29 18:44:13 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.5.4:
|
||
* The connection_reuse attribute in smtp_tls_policy_maps always
|
||
resulted in an "invalid attribute name" error.
|
||
* SMTP over TLS connection reuse always failed for Postfix SMTP
|
||
client configurations that specify explicit trust anchors (remote
|
||
SMTP server certificates or public keys).
|
||
* The Postfix SMTP client's DANE implementation would always send
|
||
an SNI option with the name in a destination's MX record, even
|
||
if the MX record pointed to a CNAME record. MX records that
|
||
point to CNAME records are not conformant with RFC5321, and so
|
||
are rare.
|
||
Based on the DANE survey of ~2 million hosts it was found that
|
||
with the corrected SMTP client behavior, sending SNI with the
|
||
CNAME-expanded name, the SMTP server would not send a different
|
||
certificate. This fix should therefore be safe.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 15 16:09:57 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.5.3:
|
||
* TLS handshake failure in the Postfix SMTP server during SNI
|
||
processing, after the server-side TLS engine sent a TLSv1.3
|
||
HelloRetryRequest (HRR) to a remote SMTP client.
|
||
* The command "postfix tls deploy-server-cert" did not handle a
|
||
missing optional argument. This bug was introduced in Postfix
|
||
3.1.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun May 17 19:57:57 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.5.2:
|
||
* A TLS error for a database client caused a false 'lost connection'
|
||
error for an SMTP over TLS session in the same Postfix process.
|
||
This bug was introduced with Postfix 2.2.
|
||
* The same bug existed in the tlsproxy(8) daemon, where a TLS
|
||
error for one TLS session could cause a false 'lost connection'
|
||
error for a concurrent TLS session in the same process. This
|
||
bug was introduced with Postfix 2.8.
|
||
* The Postfix build now disables DANE support on Linux systems
|
||
with libc-musl such as Alpine, because libc-musl provides no
|
||
indication whether DNS responses are authentic. This broke DANE
|
||
support without a clear explanation.
|
||
* Due to implementation changes in the ICU library, some Postfix
|
||
daemons reported file access errrors (U_FILE_ACCESS_ERROR) after
|
||
chroot(). This was fixed by initializing the ICU library before
|
||
making the chroot() call.
|
||
* Minor code changes to silence a compiler that special-cases
|
||
string literals.
|
||
* Segfault (null pointer) in the tlsproxy(8) client role when the
|
||
server role was disabled. This typically happened on systems
|
||
that do not receive mail, after configuring connection reuse
|
||
for outbound SMTP over TLS.
|
||
* The date portion of the maillog_file_rotate_suffix default value
|
||
used the minute (%M) instead of the month (%m).
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 11 20:07:40 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
|
||
|
||
- boo#1106004 fix incorrect locations for files in postfix-files
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Apr 19 10:22:12 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Dropped deprecated-RES_INSECURE1.patch to make DNSSEC-secured
|
||
lookups and DANE mail transport work again
|
||
- Update to 3.5.1:
|
||
* Support for the haproxy v2 protocol. The Postfix implementation
|
||
supports TCP over IPv4 and IPv6, as well as non-proxied
|
||
connections; the latter are typically used for heartbeat tests.
|
||
* Support to force-expire email messages. This introduces new
|
||
postsuper(1) command-line options to request expiration, and
|
||
additional information in mailq(1) or postqueue(1) output.
|
||
* The Postfix SMTP and LMTP client support a list of nexthop
|
||
destinations separated by comma or whitespace. These destinations
|
||
will be tried in the specified order.
|
||
* Incompatible changes:
|
||
* Logging: Postfix daemon processes now log the from= and to=
|
||
addresses in external (quoted) form in non-debug logging (info,
|
||
warning, etc.). This means that when an address localpart
|
||
contains spaces or other special characters, the localpart will
|
||
be quoted, for example:
|
||
from=<"name with spaces"@example.com>
|
||
Specify "info_log_address_format = internal" for backwards compatibility.
|
||
* Postfix now normalizes IP addresses received with XCLIENT,
|
||
XFORWARD, or with the HaProxy protocol, for consistency with
|
||
direct connections to Postfix. This may change the appearance
|
||
of logging, and the way that check_client_access will match
|
||
subnets of an IPv6 address.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 13 14:29:32 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.4.10:
|
||
* Bug (introduced: Postfix 2.3): Postfix Milter client state
|
||
was not properly reset after one Milter in a multi-Milter
|
||
configuration failed during MAIL FROM, resulting in a Postfix
|
||
Milter client panic during the next MAIL FROM command in the
|
||
same SMTP session.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 7 17:07:39 UTC 2020 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- bsc#1162891 server:mail/postfix: cond_slp bug on TW after
|
||
moving /etc/services to /usr/etc/services
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 5 12:27:07 UTC 2020 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- bsc#1160413 postfix fails with -fno-common
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 3 12:31:48 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.4.9:
|
||
* Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were
|
||
broken while adding support for negative DNS response caching
|
||
in postscreen. Postfix was inadvertently changed to call
|
||
res_query() instead of res_search().
|
||
* Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro
|
||
overrides from a Milter application. Postfix now evaluates the
|
||
Milter macros for an SMTP CONNECT event after the Postfix-to-Milter
|
||
connection is negotiated.
|
||
* Bug (introduced: Postfix 3.0): sanitize (remote) server responses
|
||
before storing them in the verify database, to avoid Postfix
|
||
warnings about malformed UTF8. Found during code maintenance.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 27 19:55:30 UTC 2019 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.4.8:
|
||
* Fix for an Exim interoperability problem when postscreen after-220
|
||
checks are enabled. Bug introduced in Postfix 3.4: the code
|
||
that detected "PIPELINING after BDAT" looked at the wrong
|
||
variable. The warning now says "BDAT without valid RCPT", and
|
||
the error is no longer treated as a command PIPELINING error,
|
||
thus allowing mail to be delivered. Meanwhile, Exim has been
|
||
fixed to stop sending BDAT commands when postscreen rejects all
|
||
RCPT commands.
|
||
* Usability bug, introduced in Postfix 3.4: the parser for
|
||
key/certificate chain files rejected inputs that contain an EC
|
||
PARAMETERS object. While this is technically correct (the
|
||
documentation says what types are allowed) this is surprising
|
||
behavior because the legacy cert/key parameters will accept
|
||
such inputs. For now, the parser skips object types that it
|
||
does not know about for usability, and logs a warning because
|
||
ignoring inputs is not kosher.
|
||
* Bug introduced in Postfix 2.8: don't gratuitously enable all
|
||
after-220 tests when only one such test is enabled. This made
|
||
selective tests impossible with 'good' clients. This will be
|
||
fixed in older Postfix versions at some later time.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 24 07:59:04 UTC 2019 - Martin Liška <mliska@suse.cz>
|
||
|
||
- Backport deprecated-RES_INSECURE1.patch in order to fix
|
||
boo#1149705.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 22 16:45:39 UTC 2019 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.4.7:
|
||
* Robustness: the tlsproxy(8) daemon could go into a loop, logging
|
||
a flood of error messages. Problem reported by Andreas Schulze
|
||
after enabling SMTP/TLS connection reuse.
|
||
* Workaround: OpenSSL changed an SSL_Shutdown() non-error result
|
||
value into an error result value, causing logfile noise.
|
||
* Configuration: the new 'TLS fast shutdown' parameter name was
|
||
implemented incorrectly. The documentation said
|
||
"tls_fast_shutdown_enable", but the code said "tls_fast_shutdown".
|
||
This was fixed by changing the code, because no-one is expected
|
||
to override the default.
|
||
* Performance: workaround for poor TCP loopback performance on
|
||
LINUX, where getsockopt(..., TCP_MAXSEG, ...) reports a bogus
|
||
TCP maximal segment size that is 1/2 to 1/3 of the real MSS.
|
||
To avoid client-side Nagle delays or server-side delayed ACKs
|
||
caused by multiple smaller-than-MSS writes, Postfix chooses a
|
||
VSTREAM buffer size that is a small multiple of the reported
|
||
bogus MSS. This workaround increases the multiplier from 2x to
|
||
4x.
|
||
* Robustness: the Postfix Dovecot client could segfault (null
|
||
pointer read) or cause an SMTP server assertion to fail when
|
||
talking to a fake Dovecot server. The Postfix Dovecot client
|
||
now logs a proper error instead.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 19 06:20:48 UTC 2019 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- bsc#1120757 L3: File Permissions->Paranoid can cause a system hang
|
||
Break loop if postfix has no permission in spool directory.
|
||
- add postfix-avoid-infinit-loop-if-no-permission.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 9 14:50:12 UTC 2019 - chris@computersalat.de
|
||
|
||
- fix for boo#1144946
|
||
mydestination - missing default localhost
|
||
* update config.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 26 08:26:07 UTC 2019 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- bsc#1142881 - mkpostfixcert from Postfix still uses md
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 25 12:38:43 UTC 2019 - matthias.gerstner@suse.com
|
||
|
||
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
|
||
firewalld, see [1].
|
||
|
||
[1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jul 21 23:54:34 UTC 2019 - chris@computersalat.de
|
||
|
||
- update example POSTFIX_BASIC_SPAM_PREVENTION: permit_mynetworks for
|
||
* POSTFIX_SMTPD_HELO_RESTRICTIONS
|
||
* POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS
|
||
- fix for: Can't connect to local MySQL server through socket
|
||
'/run/mysql/mysql.sock'
|
||
* update config.postfix
|
||
* update update_chroot.systemd
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 3 08:43:58 UTC 2019 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.4.6:
|
||
* Workaround for implementations that hang Postfix while shutting
|
||
down a TLS session, until Postfix times out. With
|
||
"tls_fast_shutdown_enable = yes" (the default), Postfix no
|
||
longer waits for the TLS peer to respond to a TLS 'close'
|
||
request. This is recommended with TLSv1.0 and later.
|
||
* Fixed a too-strict censoring filter that broke multiline Milter
|
||
responses for header/body events. Problem report by Andreas
|
||
Thienemann.
|
||
* The code to reset Postfix SMTP server command counts was not
|
||
called after a HaProxy handshake failure, causing stale numbers
|
||
to be reported. Problem report by Joseph Ward.
|
||
* postconf(5) documentation: tlsext_padding is not a tls_ssl_options
|
||
feature.
|
||
* smtp(8) documentation: updated the BUGS section text about
|
||
Postfix support to reuse open TLS connections.
|
||
* Portability: added "#undef sun" to util/unix_dgram_connect.c.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 26 13:52:30 UTC 2019 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- Ensure that postfix is member of all groups as before.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 12 14:30:34 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
|
||
|
||
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
|
||
shortcut the build queues by allowing usage of systemd-mini
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 6 09:29:34 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Drop the omc config fate#301838:
|
||
* it is obsolete since SLE11
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 8 09:27:51 UTC 2019 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- bsc#1104543 config.postfix does not start tlsmgr in master.cf
|
||
when using POSTFIX_SMTP_TLS_CLIENT="must". Applyed the proposed
|
||
patch.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 31 09:08:58 UTC 2019 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.4.5:
|
||
Bugfix (introduced: Postfix 3.0): LMTP connections over
|
||
UNIX-domain sockets were cached but not reused, due to a
|
||
cache lookup key mismatch. Therefore, idle cached connections
|
||
could exhaust LMTP server resources, resulting in two-second
|
||
pauses between email deliveries. This problem was investigated
|
||
by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 18 09:56:11 UTC 2019 - Peter Varkoly <varkoly@suse.com>
|
||
|
||
- Update to 3.4.4
|
||
|
||
o Incompatible changes
|
||
- The Postfix SMTP server announces CHUNKING (BDAT
|
||
command) by default. In the unlikely case that this breaks some
|
||
important remote SMTP client, disable the feature as follows:
|
||
|
||
/etc/postfix/main.cf:
|
||
# The logging alternative:
|
||
smtpd_discard_ehlo_keywords = chunking
|
||
# The non-logging alternative:
|
||
smtpd_discard_ehlo_keywords = chunking, silent_discard
|
||
- This introduces a new master.cf service 'postlog'
|
||
with type 'unix-dgram' that is used by the new postlogd(8) daemon.
|
||
Before backing out to an older Postfix version, edit the master.cf
|
||
file and remove the postlog entry.
|
||
- Postfix 3.4 drops support for OpenSSL 1.0.1
|
||
- To avoid performance loss under load, the
|
||
tlsproxy(8) daemon now requires a zero process limit in master.cf
|
||
(this setting is provided with the default master.cf file). By
|
||
default, a tlsproxy(8) process will retire after several hours.
|
||
- To set the tlsproxy process limit to zero:
|
||
postconf -F tlsproxy/unix/process_limit=0
|
||
postfix reload
|
||
o Major changes
|
||
- Postfix SMTP server support for RFC 3030 CHUNKING
|
||
(the BDAT command) without BINARYMIME, in both smtpd(8) and
|
||
postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions,
|
||
and smtpd_proxy_filter. See BDAT_README for more.
|
||
- Support for logging to file or stdout, instead of using syslog.
|
||
- Logging to file solves a usability problem for MacOS, and
|
||
eliminates multiple problems with systemd-based systems.
|
||
- Logging to stdout is useful when Postfix runs in a container, as
|
||
it eliminates a syslogd dependency.
|
||
- Better handling of undocumented(!) Linux behavior
|
||
whether or not signals are delivered to a PID=1 process.
|
||
- Support for (key, list of filenames) in map source text.
|
||
Currently, this feature is used only by tls_server_sni_maps.
|
||
- Automatic retirement: dnsblog(8) and tlsproxy(8) process
|
||
will now voluntarily retire after after max_idle*max_use, or some
|
||
sane limit if either limit is disabled. Without this, a process
|
||
could stay busy for days or more.
|
||
- Postfix SMTP client support for multiple deliveries
|
||
per TLS-encrypted connection. This is primarily to improve mail
|
||
delivery performance for destinations that throttle clients when
|
||
they don't combine deliveries.
|
||
This feature is enabled with "smtp_tls_connection_reuse=yes" in
|
||
main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps.
|
||
It supports all Postfix TLS security levels including dane and
|
||
dane-only.
|
||
- SNI support in the Postfix SMTP server, the
|
||
Postfix SMTP client, and in the tlsproxy(8) daemon (both server and
|
||
client roles). See the postconf(5) documentation for the new
|
||
tls_server_sni_maps and smtp_tls_servername parameters.
|
||
- Support for files that contain multiple (key, certificate, trust chain)
|
||
instances. This was required to implement
|
||
server-side SNI table lookups, but it also eliminates the need for
|
||
separate cert/key files for RSA, DSA, Elliptic Curve, and so on.
|
||
- Support for smtpd_reject_footer_maps (as well as the postscreen
|
||
variant postscreen_reject_footer_maps) for more informative reject
|
||
messages. This is indexed with the Postfix SMTP server response
|
||
text, and overrides the footer specified with smtpd_reject_footer.
|
||
One will want to use a pcre: or regexp: map with this.
|
||
o Bugfixes
|
||
- Andreas Schulze discovered that reject_multi_recipient_bounce
|
||
was producing false rejects with BDAT commands. This problem
|
||
already existed with Postfix 2.2 smtpd_end_of_data_restrictons.
|
||
Postfix 3.4.4 fixes both.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 5 13:21:35 UTC 2019 - Jiri Slaby <jslaby@suse.com>
|
||
|
||
- postfix-linux45.patch: support also newer kernels -- pretend
|
||
we are still at kernel 3. Note that there are no conditionals for
|
||
LINUX3 or LINUX4. And LINUX5 was generated, but not tested in the
|
||
code which caused build failures.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 4 14:43:05 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
|
||
|
||
- skip set -x and fix version update changes entry
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 2 19:26:21 UTC 2019 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.3.3
|
||
* When the master daemon runs with PID=1 (init mode), it will now
|
||
reap child processes from non-Postfix code running in the same
|
||
container, instead of terminating with a panic.
|
||
* Bugfix (introduced: postfix-2.11): with posttls-finger,
|
||
connections to unix-domain servers always resulted in "Failed
|
||
to establish session" even after a connection was established.
|
||
Jaroslav Skarva. File: posttls-finger/posttls-finger.c.
|
||
* Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes,
|
||
table lookups could casefold the search string when searching
|
||
a lookup table that does not use fixed-string keys (regexp,
|
||
pcre, tcp, etc.). Historically, Postfix would not case-fold
|
||
the search string with such tables. File: util/dict_utf8.c.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 1 16:23:13 UTC 2019 - Reinhard Max <max@suse.com>
|
||
|
||
- PostrgeSQL's pg_config is meant for linking server extensions,
|
||
use libpq's pkg-config instead, if available.
|
||
This is needed to fix build with PostgreSQL 11.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 7 18:22:14 UTC 2019 - chris@computersalat.de
|
||
|
||
- rework config.postfix
|
||
* disable commenting of smtpd_sasl_path/smtpd_sasl_type
|
||
no need to comment, cause it is set to default anyway
|
||
and 'uncommenting' would place it at end of file then
|
||
which is not wanted
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 26 19:28:02 UTC 2019 - chris@computersalat.de
|
||
|
||
- rework postfix-main.cf.patch
|
||
* disable virtual_alias_domains cause (default: $virtual_alias_maps)
|
||
- rework config.postfix
|
||
* disable PCONF of virtual_alias_domains
|
||
virtual_alias_maps will be set anyway to the correct value
|
||
* extend virtual_alias_maps with
|
||
- mysql_virtual_alias_domain_maps.cf
|
||
- mysql_virtual_alias_domain_catchall_maps.cf
|
||
- rework postfix-mysql, added
|
||
* mysql_virtual_alias_domain_maps.cf
|
||
* mysql_virtual_alias_domain_catchall_maps.cf
|
||
needed for reject_unverified_recipient
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 13 10:20:31 UTC 2018 - malte.kraus@suse.com
|
||
|
||
- binary hardening: link with full RELRO
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Nov 25 10:18:07 UTC 2018 - Michael Ströder <michael@stroeder.com>
|
||
|
||
- Update to 3.3.2
|
||
* Support for OpenSSL 1.1.1 and TLSv1.3.
|
||
* Bugfixes:
|
||
- smtpd_discard_ehlo_keywords could not disable "SMTPUTF8", because
|
||
some lookup table was using "EHLO_MASK_SMTPUTF8" instead.
|
||
- minor memory leak in DANE support when minting issuer certs.
|
||
- The Postfix build did not abort if the m4 command was not installed,
|
||
resulting in a broken postconf command.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Nov 24 17:08:30 UTC 2018 - chris@computersalat.de
|
||
|
||
- add POSTFIX_RELAY_DOMAINS
|
||
* more flexibility to add to relay_domains without breaking
|
||
config.postfix
|
||
* rework restriction examples in sysconf.postfix
|
||
based on postfix-buch.com (2. edtion by Hildebrandt, Koetter)
|
||
- disable weak cipher: RC4
|
||
after check with https://ssl-tools.net/mailservers
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 22 13:00:03 UTC 2018 - chris@computersalat.de
|
||
|
||
- update config.postfix
|
||
* don't reject mail from authenticated users even if
|
||
reject_unknown_client_hostname would match,
|
||
add permit_sasl_authenticated to all restrictions
|
||
requires smtpd_delay_reject = yes
|
||
- update postfix-main.cf.patch
|
||
* recover removed setting smtpd_sasl_path and smtpd_sasl_type,
|
||
set to default value
|
||
config.postfix will not 'enable' (remove #) var, but place
|
||
modified (enabled) var at end of file, far away from place
|
||
where it should be
|
||
- rebase patches
|
||
* fix-postfix-script.patch
|
||
* postfix-vda-v14-3.0.3.patch
|
||
* postfix-linux45.patch
|
||
* postfix-master.cf.patch
|
||
* pointer_to_literals.patch
|
||
* postfix-no-md5.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 4 12:51:32 UTC 2018 - varkoly@suse.com
|
||
|
||
- bsc#1092939 - Postfixes postconf gives a lot of LDAP related warnings
|
||
o add m4 as buildrequires, as proposed.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 27 09:38:29 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Add zlib-devel as buildrequires, previously included from
|
||
openssl-devel
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 25 11:19:22 UTC 2018 - varkoly@suse.com
|
||
|
||
- bsc#1087471 Unreleased Postfix update breaks SUSE Manager
|
||
o Removing setting smtpd_sasl_path and smtpd_sasl_type to empty
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 21 16:31:57 UTC 2018 - michael@stroeder.com
|
||
|
||
- Update to 3.3.1
|
||
* Postfix did not support running as a PID=1 process, which
|
||
complicated Postfix deployment in containers. The "postfix
|
||
start-fg" command will now run the Postfix master daemon as a
|
||
PID=1 process if possible. Thanks for inputs from Andreas
|
||
Schulze, Eray Aslan, and Viktor Dukhovni.
|
||
* Segfault in the postconf(1) command after it could not open a
|
||
Postfix database configuration file due to a file permission
|
||
error (dereferencing a null pointer). Reported by Andreas
|
||
Hasenack, fixed by Viktor Dukhovni.
|
||
* The luser_relay feature became a black hole, when the luser_relay
|
||
parameter was set to a non-existent local address (i.e. mail
|
||
disappeared silently). Reported by J?rgen Thomsen.
|
||
* Missing error propagation in the tlsproxy(8) daemon could result
|
||
in a segfault after TLS handshake error (dereferencing a
|
||
0xffff...ffff pointer). This daemon handles the TLS protocol
|
||
when a non-whitelisted client sends a STARTTLS command to
|
||
postscreen(8).
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 9 09:02:12 UTC 2018 - lnussel@suse.de
|
||
|
||
- remove pre-requirements on sysvinit(network) and sysvinit(syslog).
|
||
There seems to be no good reason for that other than blowing up
|
||
the dependencies (bsc#1092408).
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 9 09:32:56 UTC 2018 - adam.majer@suse.de
|
||
|
||
- bsc#1071807 postfix-SuSE/config.postfix: only reload postfix
|
||
if the actual service is running. This prevents spurious
|
||
and irrelevant error messages in system logs.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 22 14:20:20 UTC 2018 - varkoly@suse.com
|
||
|
||
- bsc#1082514 autoyast: postfix gets not set myhostname properly -
|
||
set to localhost
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 12 13:43:43 UTC 2018 - ilya@ilya.pp.ua
|
||
|
||
- Refresh spec-file via spec-cleaner and manual optinizations.
|
||
* Add %license macro.
|
||
* Set license to IPL-1.0 OR EPL-2.0.
|
||
- Update to 3.3.0
|
||
* http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.0.RELEASE_NOTES
|
||
* Dual license: in addition to the historical IBM Public License
|
||
1.0, Postfix is now also distributed with the more recent Eclipse
|
||
Public License 2.0. Recipients can choose to take the software
|
||
under the license of their choice. Those who are more comfortable
|
||
with the IPL can continue with that license.
|
||
* The postconf command now warns about unknown parameter names
|
||
in a Postfix database configuration file. As with other unknown
|
||
parameter names, these warnings can help to find typos early.
|
||
* Container support: Postfix 3.3 will run in the foreground with
|
||
"postfix start-fg". This requires that Postfix multi-instance
|
||
support is disabled (the default). To collect Postfix syslog
|
||
information on the container's host, mount the host's /dev/log
|
||
socket into the container, for example with "docker run -v
|
||
/dev/log:/dev/log ...other options...", and specify a distinct
|
||
Postfix syslog_name setting in the container (for example with
|
||
"postconf syslog_name=the-name-here").
|
||
* Milter support: applications can now send RET and ENVID parameters
|
||
in SMFIR_CHGFROM (change envelope sender) requests.
|
||
* Postfix-generated From: headers with 'full name' information
|
||
are now formatted as "From: name <address>" by default. Specify
|
||
"header_from_format = obsolete" to get the earlier form "From:
|
||
address (name)".
|
||
* Interoperability: when Postfix IPv6 and IPv4 support are both
|
||
enabled, the Postfix SMTP client will now relax MX preferences
|
||
and attempt to schedule similar numbers of IPv4 and IPv6
|
||
addresses. This works around mail delivery problems when a
|
||
destination announces lots of primary MX addresses on IPv6, but
|
||
is reachable only over IPv4 (or vice versa). The new behavior
|
||
is controlled with the smtp_balance_mx_inet_protocols parameter.
|
||
* Compatibility safety net: with compatibility_level < 1, the
|
||
Postfix SMTP server now warns for mail that would be blocked
|
||
by the Postfix 2.10 smtpd_relay_restrictions feature, without
|
||
blocking that mail. There still is a steady trickle of sites
|
||
that upgrade from an earlier Postfix version.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 13 10:39:37 UTC 2018 - varkoly@suse.com
|
||
|
||
- bsc#1065411 Package postfix should require package system-user-nobody
|
||
- bsc#1080772 postfix smtpd throttle getting "hello" if no sasl auth
|
||
was configured
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 7 15:02:14 UTC 2017 - dimstar@opensuse.org
|
||
|
||
- Fix usage of fillup_only:-y is not a valid option to this macro.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 23 13:43:17 UTC 2017 - rbrown@suse.com
|
||
|
||
- Replace references to /var/adm/fillup-templates with new
|
||
%_fillupdir macro (boo#1069468)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 8 13:32:28 CET 2017 - kukuk@suse.de
|
||
|
||
- Don't mark postfix.service as config file, this is no config
|
||
file.
|
||
- Some of the Requires(pre) are needed for post-install and at
|
||
runtime, fix the requires.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 30 12:12:08 UTC 2017 - michael@stroeder.com
|
||
|
||
- update to 3.2.4
|
||
* DANE interoperability. Postfix builds with OpenSSL 1.0.0 or
|
||
1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS
|
||
records associated with an intermediate CA certificate. Problem
|
||
report and initial fix by Erwan Legrand.
|
||
* Missing dynamicmaps support in the Postfix sendmail command.
|
||
This broke authorized_submit_users settings that use a
|
||
dynamically-loaded map type. Problem reported by Ulrich Zehl.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 20 12:27:12 UTC 2017 - varkoly@suse.com
|
||
|
||
- bnc#1059512 L3: Postfix Problem
|
||
The applied changes breaks existing postfix configurations because
|
||
daemon_directory was not adapted to the new value.
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 15 22:47:29 UTC 2017 - chris@computersalat.de
|
||
|
||
- fix build for SLE
|
||
* nothing provides libnsl-devel
|
||
* add bcond_with libnsl
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 4 10:58:28 UTC 2017 - varkoly@suse.com
|
||
|
||
- bnc#1059512 L3: Postfix Problem
|
||
To manage multiple Postfix instances on a single host requires
|
||
that daemon_directory and shlib_directory is different to
|
||
avoid use of the shared directories also as per-instance directories.
|
||
For this reason daemon_directory was set to /usr/lib/postfix/bin/.
|
||
shlib_directory stands /usr/lib/postfix/.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 28 08:44:41 UTC 2017 - varkoly@suse.com
|
||
|
||
- bnc#1016491 postfix raported to log "warning: group or other writable:"
|
||
on each symlink in config.
|
||
* Add fix-postfix-script.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 25 16:25:05 UTC 2017 - michael@stroeder.com
|
||
|
||
- update to 3.2.3
|
||
* Extension propagation was broken with "recipient_delimiter = .".
|
||
This change reverts a change that was trying to be too clever.
|
||
* The postqueue command would abort with a panic message after it
|
||
experienced an output write error while listing the mail queue.
|
||
This change restores a write error check that was lost with the
|
||
Postfix 3.2 rewrite of the vbuf_print formatter.
|
||
* Restored sanity checks for dynamically-specified width and precision
|
||
in format strings (%*, %.*, and %*.*). These checks were lost with
|
||
the Postfix 3.2 rewrite of the vbuf_print formatter.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 17 08:56:15 CEST 2017 - kukuk@suse.de
|
||
|
||
- Add libnsl-devel build requires for glibc obsoleting libnsl
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 27 10:31:01 UTC 2017 - varkoly@suse.com
|
||
|
||
- bnc#1045264 L3: postmap problem
|
||
* Applying proposed patch of leen.meyer@ziggo.nl in bnc#771811
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 16 17:45:55 UTC 2017 - michael@stroeder.com
|
||
|
||
- update to 3.2.2
|
||
* Security: Berkeley DB versions 2 and later try to read settings
|
||
from a file DB_CONFIG in the current directory. This undocumented
|
||
feature may introduce undisclosed vulnerabilities resulting in
|
||
privilege escalation with Postfix set-gid programs (postdrop,
|
||
postqueue) before they chdir to the Postfix queue directory,
|
||
and with the postmap and postalias commands depending on whether
|
||
the user's current directory is writable by other users. This
|
||
fix does not change Postfix behavior for Berkeley DB versions
|
||
< 3, but it does reduce postmap and postalias 'create' performance
|
||
with Berkeley DB versions 3.0 .. 4.6.
|
||
* The SMTP server receive_override_options were not restored at
|
||
the end of an SMTP session, after the options were modified by
|
||
an smtpd_milter_maps setting of "DISABLE". Milter support
|
||
remained disabled for the life time of the smtpd process.
|
||
* After the Postfix 3.2 address/domain table lookup overhaul, the
|
||
check_sender_access and check_recipient_access features ignored
|
||
a non-default parent_domain_matches_subdomains setting.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 19 20:36:03 UTC 2017 - chris@computersalat.de
|
||
|
||
- revert changes of postfix-main.cf.patch from rev=261
|
||
* config.postfix will not 'enable' (remove #) var, but place
|
||
modified (enabled) var at end of file, far away from place
|
||
where it should be
|
||
* keep vars enabled but empty
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 13 09:18:45 UTC 2017 - werner@suse.de
|
||
|
||
- Some cleanups
|
||
* Fix SUSE postfix-files to avoid chown errors (anyway this file
|
||
seems to be obsolete)
|
||
* Avoid installing shared libraries twice
|
||
* Refresh patch postfix-linux45.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Apr 8 15:06:14 UTC 2017 - chris@computersalat.de
|
||
|
||
- update postfix-master.cf.patch
|
||
* recover lost (with 3.2.0 update) submission, smtps sections
|
||
* merge with upstream update
|
||
- update config.postfix
|
||
* update master.cf generation for submission
|
||
- rebase patches against 3.2.0
|
||
* pointer_to_literals.patch
|
||
* postfix-no-md5.patch
|
||
* postfix-ssl-release-buffers.patch
|
||
* postfix-vda-v14-3.0.3.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 20 18:01:36 CET 2017 - kukuk@suse.de
|
||
|
||
- Require system group mail
|
||
- Use mail group name instead of GID
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 6 21:27:38 UTC 2017 - mrueckert@suse.de
|
||
|
||
- update to 3.2.0
|
||
- [Feature 20170128] Postfix 3.2 fixes the handling of address
|
||
extensions with email addresses that contain spaces. For
|
||
example, the virtual_alias_maps, canonical_maps, and
|
||
smtp_generic_maps features now correctly propagate an address
|
||
extension from "aa bb+ext"@example.com to "cc
|
||
dd+ext"@other.example, instead of producing broken output.
|
||
- [Feature 20161008] "PASS" and "STRIP" actions in
|
||
header/body_checks. "STRIP" is similar to "IGNORE" but also
|
||
logs the action, and "PASS" disables header, body, and Milter
|
||
inspection for the remainder of the message content.
|
||
Contributed by Hobbit.
|
||
- [Feature 20160330] The collate.pl script by Viktor Dukhovni for
|
||
grouping Postfix logfile records into "sessions" based on queue
|
||
ID and process ID information. It's in the auxiliary/collate
|
||
directory of the Postfix source tree.
|
||
- [Feature 20160527] Postfix 3.2 cidr tables support if/endif and
|
||
negation (by prepending ! to a pattern), just like regexp and
|
||
pcre tables. The primarily purpose is to improve readability
|
||
of complex tables. See the cidr_table(5) manpage for syntax
|
||
details.
|
||
- [Incompat 20160925] In the Postfix MySQL database client, the
|
||
default option_group value has changed to "client", to enable
|
||
reading of "client" option group settings in the MySQL options
|
||
file. This fixes a "not found" problem with Postfix queries
|
||
that contain UTF8-encoded non-ASCII text. Specify an empty
|
||
option_group value (option_group =) to get backwards-compatible
|
||
behavior.
|
||
- [Feature 20161217] Stored-procedure support for MySQL
|
||
databases. Contributed by John Fawcett. See mysql_table(5) for
|
||
instructions.
|
||
- [Feature 20170128] The postmap command, and the inline: and
|
||
texthash: maps now support spaces in left-hand field of the
|
||
lookup table "source text". Use double quotes (") around a
|
||
left-hand field that contains spaces, and use backslash (\) to
|
||
protect embedded quotes in a left-hand field. There is no
|
||
change in the processing of the right-hand field.
|
||
- [Feature 20160611] The Postfix SMTP server local IP address and
|
||
port are available in the policy delegation protocol (attribute
|
||
names: server_address, server_port), in the Milter protocol
|
||
(macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT
|
||
protocol (attribute names: DESTADDR, DESTPORT).
|
||
- [Feature 20161024] smtpd_milter_maps support for per-client
|
||
Milter configuration that overrides smtpd_milters, and that has
|
||
the same syntax. A lookup result of "DISABLE" turns off Milter
|
||
support. See MILTER_README.html for details.
|
||
- [Feature 20160611] The Postfix SMTP server local IP address and
|
||
port are available in the policy delegation protocol (attribute
|
||
names: server_address, server_port), in the Milter protocol
|
||
(macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT
|
||
protocol (attribute names: DESTADDR, DESTPORT).
|
||
- [Incompat 20170129] The postqueue command no longer forces all
|
||
message arrival times to be reported in UTC. To get the old
|
||
behavior, set TZ=UTC in main.cf:import_environment (this
|
||
override is not recommended, as it affects all Postfix utities
|
||
and daemons).
|
||
- [Incompat 20161227] For safety reasons, the sendmail -C option
|
||
must specify an authorized directory: the default configuration
|
||
directory, a directory that is listed in the default main.cf
|
||
file with alternate_config_directories or
|
||
multi_instance_directories, or the command must be invoked with
|
||
root privileges (UID 0 and EUID 0). This mitigates a recurring
|
||
problem with the PHP mail() function.
|
||
- [Feature 20160625] The Postfix SMTP server now passes remote
|
||
client and local server network address and port information to
|
||
the Cyrus SASL library. Build with ``make makefiles
|
||
"CCARGS=$CCARGS -DNO_IP_CYRUS_SASL_AUTH"'' for backwards
|
||
compatibility.
|
||
- [Feature 20161103] Postfix 3.2 disables the 'transitional'
|
||
compatibility between the IDNA2003 and IDNA2008 standards for
|
||
internationalized domain names (domain names beyond the limits
|
||
of US-ASCII).
|
||
|
||
This change makes Postfix behavior consistent with contemporary
|
||
web browsers. It affects the handling of some corner cases such
|
||
as German sz and Greek zeta. See
|
||
http://unicode.org/cldr/utility/idna.jsp for more examples.
|
||
|
||
Specify "enable_idna2003_compatibility = yes" to restore
|
||
historical behavior (but keep in mind that the rest of the
|
||
world may not make that same choice).
|
||
- [Feature 20160828] Fixes for deprecated OpenSSL 1.1.0 API
|
||
features, so that Postfix will build without depending on
|
||
backwards-compatibility support.
|
||
|
||
[Incompat 20161204] Postfix 3.2 removes tentative features that
|
||
were implemented before the DANE spec was finalized:
|
||
|
||
- Support for certificate usage PKIX-EE(1),
|
||
|
||
- The ability to disable digest agility (Postfix now behaves as
|
||
if "tls_dane_digest_agility = on"), and
|
||
|
||
- The ability to disable support for "TLSA 2 [01] [12]" records
|
||
that specify the digest of a trust anchor (Postfix now
|
||
behaves as if "tls_dane_trust_anchor_digest_enable = yes).
|
||
- [Feature 20161217] Postfix 3.2 enables elliptic curve
|
||
negotiation with OpenSSL >= 1.0.2. This changes the default
|
||
smtpd_tls_eecdh_grade setting to "auto", and introduces a new
|
||
parameter tls_eecdh_auto_curves with the names of curves that
|
||
may be negotiated.
|
||
|
||
The default tls_eecdh_auto_curves setting is determined at
|
||
compile time, and depends on the Postfix and OpenSSL versions.
|
||
At runtime, Postfix will skip curve names that aren't supported
|
||
by the OpenSSL library.
|
||
- [Feature 20160611] The Postfix SMTP server local IP address and
|
||
port are available in the policy delegation protocol (attribute
|
||
names: server_address, server_port), in the Milter protocol
|
||
(macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT
|
||
protocol (attribute names: DESTADDR, DESTPORT).
|
||
- refresh postfix-master.cf.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 6 14:04:13 UTC 2017 - wr@rosenauer.org
|
||
|
||
- make sure that system users can be created in %pre
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 18 14:01:35 UTC 2017 - kukuk@suse.com
|
||
|
||
- Fix requires:
|
||
- shadow is needed for postfix-mysql pre-install section
|
||
- insserv is not needed if systemd is used
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 21 23:27:34 UTC 2017 - chris@computersalat.de
|
||
|
||
- update postfix-mysql
|
||
* update mysql_*.cf files
|
||
* update postfix-mysql.sql (INNODB, utf8)
|
||
- update postfix-main.cf.patch
|
||
* uncomment smtpd_sasl_path, smtpd_sasl_type
|
||
can be changed via POSTFIX_SMTP_AUTH_SERVICE=(cyrus,dovecot)
|
||
* add option for smtp_tls_policy_maps (commented)
|
||
- update postfix-master.cf.patch
|
||
* fix indentation of submission, smtps options for correct
|
||
enabling via config.postfix
|
||
- update config.postfix
|
||
* fix sync of CA certificates
|
||
* fix master.cf generation for submission, smtps
|
||
- rebase postfix-vda-v14-3.0.3.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 11 14:07:35 UTC 2017 - varkoly@suse.com
|
||
|
||
- FATE#322322 Update postfix to version 3.X
|
||
Merging changes with SLES12-SP2
|
||
Removeved patches: add_missed_library.patch bnc#947707.diff dynamic_maps.patch postfix-db6.diff
|
||
postfix-opensslconfig.patch bnc#947519.diff dynamic_maps_pie.patch
|
||
postfix-post-install.patch
|
||
These are included in the new version of postfix
|
||
- Remove references to SuSEconfig.postfix from sysconfig docs.
|
||
(bsc#871575)
|
||
- bnc#947519 SuSEconfig.postfix should enforce umask 022
|
||
- bnc#947707 mail generated by Amavis being prevented from being re-adressed by /etc/postfix/virtual
|
||
- bnc#972346 /usr/sbin/SuSEconfig.postfix is wrong
|
||
- postfix-linux45.patch: handle Linux 4.x and Linux 5.x (used by aarch64)
|
||
(bsc#940289)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 3 12:20:18 UTC 2017 - varkoly@suse.com
|
||
|
||
- update to 3.1.4
|
||
* The postscreen daemon did not merge the client test status information
|
||
for concurrent sessions from the same IP address.
|
||
* The Postfix SMTP server falsely rejected a sender address when validating
|
||
a sender address with "smtpd_reject_unlisted_recipient = yes" or with
|
||
"reject_unlisted_sender". Cause: the address validation code did not query sender_canonical_maps.
|
||
* The virtual delivery agent did not detect failure to skip to the end
|
||
of a mailbox file, so that mail would be delivered to the beginning of the file.
|
||
This could happen when a mailbox file was already larger than the virtual mailbox size limit.
|
||
* The postsuper logged an incorrect rename operation count after creating a missing directory.
|
||
* The Postfix SMTP server falsely rejected mail when a sender-dependent "error"
|
||
transport was configured. Cause: the SMTP server address validation code
|
||
was not updated when the sender_dependent_default_transport_maps feature
|
||
was introduced.
|
||
* The Postfix SMTP server falsely rejected an SMTPUTF8 sender address, when "smtpd_delay_reject = no".
|
||
* The "postfix tls deploy-server-cert" command used the wrong certificate
|
||
and key file. This was caused by a cut-and-paste error in the postfix-tls-script file.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Nov 26 15:43:57 UTC 2016 - chris@computersalat.de
|
||
|
||
- improve config.postfix
|
||
* improve SASL stuff
|
||
* add POSTFIX_SMTP_AUTH_SERVICE=(cyrus|dovecot)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 14 21:53:18 UTC 2016 - chris@computersalat.de
|
||
|
||
- improve config.postfix
|
||
* improve with MySQL stuff
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 7 13:35:38 UTC 2016 - chris@computersalat.de
|
||
|
||
- update vda patch to latest available
|
||
* remove postfix-vda-v13-3.10.0.patch
|
||
* add postfix-vda-v14-3.0.3.patch
|
||
- rebase patches (and to be p0)
|
||
* pointer_to_literals.patch
|
||
* postfix-main.cf.patch
|
||
* postfix-master.cf.patch
|
||
* postfix-no-md5.patch
|
||
* postfix-ssl-release-buffers.patch
|
||
- add /etc/postfix/ssl as default DIR for SSL stuff
|
||
* cacerts -> ../../ssl/certs/
|
||
* certs/
|
||
- revert POSTFIX_SSL_PATH from '/etc/ssl' to '/etc/postfix/ssl'
|
||
- improve config.postfix
|
||
* revert smtpd_tls_CApath to POSTFIX_SSL_PATH/cacerts which is a
|
||
symlink to /etc/ssl/certs
|
||
Without reverting, 'gen_CA' would create files which would then be on
|
||
the previous defined 'sslpath(/etc/ssl)/certs' (smtpd_tls_CApath)
|
||
Cert reqs would be placed in 'sslpath(/etc/ssl)/certs/postfixreq.pem'
|
||
which is not a good idea.
|
||
* mkchroot: sync '/etc/postfix/ssl' to chroot
|
||
* improve PCONF for smtp{,d}_tls_{cert,key}_file, adding/removing from
|
||
main.cf, show warning if enabled and file is missing
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 9 20:11:34 UTC 2016 - michael@stroeder.com
|
||
|
||
- update to 3.1.3:
|
||
* The Postfix SMTP server did not reset a previous session's
|
||
failed/total command counts before rejecting a client that
|
||
exceeds request or concurrency rates. This resulted in incorrect
|
||
failed/total command counts being logged at the end of the
|
||
rejected session.
|
||
* The unionmap multi-table interface did not propagate table
|
||
lookup errors, resulting in false "user unknown" responses.
|
||
* The documentation was updated with a workaround for false "not
|
||
found" errors with MySQL map queries that contain UTF8-encoded
|
||
text. The workaround is to specify "option_group = client" in
|
||
Postfix MySQL configuration files. This will be the default
|
||
setting with Postfix 3.2 and later.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 4 15:33:27 UTC 2016 - michael@stroeder.com
|
||
|
||
- update to 3.1.2:
|
||
* Changes to make Postfix build with OpenSSL 1.1.0.
|
||
* The makedefs script ignored readme_directory=pathname overrides.
|
||
Fix by Todd C. Olson.
|
||
* The tls_session_ticket_cipher documentation says that the default
|
||
cipher for TLS session tickets is aes-256-cbc, but the implemented
|
||
default was aes-128-cbc. Note that TLS session ticket keys are
|
||
rotated after 1/2 hour, to limit the impact of attacks on session
|
||
ticket keys.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 2 12:26:17 UTC 2016 - schwab@suse.de
|
||
|
||
- postfix-post-install.patch: remove empty patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun May 29 16:45:30 UTC 2016 - chris@computersalat.de
|
||
|
||
- fix Changelog cause of Factory decline
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 24 13:18:55 UTC 2016 - varkoly@suse.com
|
||
|
||
- Fix typo in config.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 24 04:29:41 UTC 2016 - varkoly@suse.com
|
||
|
||
- bnc#981097 config.postfix creates broken main.cf for tls client configuration
|
||
- bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete
|
||
- update to 3.1.1:
|
||
- The new address_verify_pending_request_limit
|
||
parameter introduces a safety limit for the number of address
|
||
verification probes in the active queue. The default limit is 1/4
|
||
of the active queue maximum size. The queue manager enforces the
|
||
limit by tempfailing probe messages that exceed the limit. This
|
||
design avoids dependencies on global counters that get out of sync
|
||
after a process or system crash.
|
||
- Machine-readable, JSON-formatted queue listing with "postqueue -j"
|
||
(no "mailq" equivalent).
|
||
- The milter_macro_defaults feature provides an optional list of macro
|
||
name=value pairs. These specify default values for Milter macros when
|
||
no value is available from the SMTP session context.
|
||
- Support to enforce a destination-independent delay between email
|
||
deliveries. The following example inserts 20 seconds of delay
|
||
between all deliveries with the SMTP transport, limiting the delivery
|
||
rate to at most three messages per minute.
|
||
smtp_transport_rate_delay = 20s
|
||
- Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes
|
||
that a "not found" result from a DNSBL server will be valid for one
|
||
hour. This may have been adequate five years ago when postscreen
|
||
was first implemented, but nowadays, that one hour can result in
|
||
missed opportunities to block new spambots.
|
||
To address this, postscreen now respects the TTL of DNSBL "not
|
||
found" replies, as well as the TTL of DNSWL replies (both "found"
|
||
and "not found"). The TTL for a "not found" reply is determined
|
||
according to RFC 2308 (the TTL of an SOA record in the reply).
|
||
|
||
Support for DNSBL or DNSWL reply TTL values is controlled by two
|
||
configuration parameters:
|
||
|
||
postscreen_dnsbl_min_ttl (default: 60 seconds).
|
||
postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour)
|
||
|
||
The postscreen_dnsbl_ttl parameter is now obsolete, and has become
|
||
the default value for the new postscreen_dnsbl_max_ttl parameter.
|
||
- New "smtpd_client_auth_rate_limit" feature, to
|
||
enforce an optional rate limit on AUTH commands per SMTP client IP
|
||
address. Similar to other smtpd_client_*_rate_limit features, this
|
||
enforces a limit on the number of requests per $anvil_rate_time_unit.
|
||
- New SMTPD policy service attribute "policy_context",
|
||
with a corresponding "smtpd_policy_service_policy_context" configuration
|
||
parameter. Originally, this was implemented to share the same SMTPD
|
||
policy service endpoint among multiple check_policy_service clients.
|
||
- A new "postfix tls" command to quickly enable opportunistic TLS
|
||
in the Postfix SMTP client or server, and to manage SMTP server keys
|
||
and certificates, including certificate signing requests and
|
||
TLSA DNS records for DANE.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 19 07:59:32 UTC 2016 - opensuse@dstoecker.de
|
||
|
||
- build with working support for SMTPUTF8
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 20 14:11:27 UTC 2016 - mrueckert@suse.de
|
||
|
||
- fix build on sle11 by pointing _libexecdir to /usr/lib all the
|
||
time.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 20 13:46:56 UTC 2016 - mrueckert@suse.de
|
||
|
||
- some distros did not pull pkgconfig indirectly. pull it directly.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 20 08:19:23 UTC 2016 - mrueckert@suse.de
|
||
|
||
- fix building the dynamic maps: the old build had postgresql e.g.
|
||
with missing symbols.
|
||
- convert to AUXLIBS_* instead of plain AUXLIBS which is needed
|
||
for proper dynamic maps.
|
||
- reordered the CCARGS and AUXLIBS* lines to group by feature
|
||
- use pkgconfig or *_config tools where possible
|
||
- picked up signed char from fedora spec file
|
||
- enable lmdb support: new BR lmdb-devel, new subpackage
|
||
postfix-lmdb.
|
||
- don't delete vmail user/groups
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 9 13:06:35 UTC 2016 - varkoly@suse.com
|
||
|
||
- update to 3.1.0
|
||
- Since version 3.0 postfix supports dynamic loading of cdb:, ldap:,
|
||
lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients.
|
||
Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch
|
||
could be removed.
|
||
- Adapting all the patches to postfix 3.1.0
|
||
- remove obsolete patches
|
||
* add_missed_library.patch
|
||
* postfix-opensslconfig.patch
|
||
- update vda patch
|
||
* remove postfix-vda-v13-2.10.0.patch
|
||
* add postfix-vda-v13-3.10.0.patch
|
||
- The patch postfix-db6.diff is not more neccessary
|
||
|
||
- Backwards-compatibility safety net.
|
||
With NEW Postfix installs, you MUST install a main.cf file with
|
||
the setting "compatibility_level = 2". See conf/main.cf for an
|
||
example.
|
||
|
||
With UPGRADES of existing Postfix systems, you MUST NOT change the
|
||
main.cf compatibility_level setting, nor add this setting if it
|
||
does not exist.
|
||
|
||
Several Postfix default settings have changed with Postfix 3.0. To
|
||
avoid massive frustration with existing Postfix installations,
|
||
Postfix 3.0 comes with a safety net that forces Postfix to keep
|
||
running with backwards-compatible main.cf and master.cf default
|
||
settings. This safety net depends on the main.cf compatibility_level
|
||
setting (default: 0). Details are in COMPATIBILITY_README.
|
||
|
||
- Major changes - tls
|
||
* [Feature 20160207] A new "postfix tls" command to quickly enable
|
||
opportunistic TLS in the Postfix SMTP client or server, and to
|
||
manage SMTP server keys and certificates, including certificate
|
||
signing requests and TLSA DNS records for DANE.
|
||
* As of the middle of 2015, all supported Postfix releases no longer
|
||
nable "export" grade ciphers for opportunistic TLS, and no longer
|
||
use the deprecated SSLv2 and SSLv3 protocols for mandatory or
|
||
opportunistic TLS.
|
||
* [Incompat 20150719] The default Diffie-Hellman non-export prime was
|
||
updated from 1024 to 2048 bits, because SMTP clients are starting
|
||
to reject TLS handshakes with primes smaller than 2048 bits.
|
||
* [Feature 20160103] The Postfix SMTP client by default enables DANE
|
||
policies when an MX host has a (DNSSEC) secure TLSA DNS record,
|
||
even if the MX DNS record was obtained with insecure lookups. The
|
||
existence of a secure TLSA record implies that the host wants to
|
||
talk TLS and not plaintext. For details see the
|
||
smtp_tls_dane_insecure_mx_policy configuration parameter.
|
||
|
||
- Major changes - default settings
|
||
[Incompat 20141009] The default settings have changed for relay_domains
|
||
(new: empty, old: $mydestination) and mynetworks_style (new: host,
|
||
old: subnet). However the backwards-compatibility safety net will
|
||
prevent these changes from taking effect, giving the system
|
||
administrator the option to make an old default setting permanent
|
||
in main.cf or to adopt the new default setting, before turning off
|
||
backwards compatibility. See COMPATIBILITY_README for details.
|
||
|
||
[Incompat 20141001] A new backwards-compatibility safety net forces
|
||
Postfix to run with backwards-compatible main.cf and master.cf
|
||
default settings after an upgrade to a newer but incompatible Postfix
|
||
version. See COMPATIBILITY_README for details.
|
||
|
||
While the backwards-compatible default settings are in effect,
|
||
Postfix logs what services or what email would be affected by the
|
||
incompatible change. Based on this the administrator can make some
|
||
backwards-compatibility settings permanent in main.cf or master.cf,
|
||
before turning off backwards compatibility.
|
||
|
||
- Major changes - address verification safety
|
||
[Feature 20151227] The new address_verify_pending_request_limit
|
||
parameter introduces a safety limit for the number of address
|
||
verification probes in the active queue. The default limit is 1/4
|
||
of the active queue maximum size. The queue manager enforces the
|
||
limit by tempfailing probe messages that exceed the limit. This
|
||
design avoids dependencies on global counters that get out of sync
|
||
after a process or system crash.
|
||
|
||
Tempfailing verify requests is not as bad as one might think. The
|
||
Postfix verify cache proactively updates active addresses weeks
|
||
before they expire. The address_verify_pending_request_limit affects
|
||
only unknown addresses, and inactive addresses that have expired
|
||
from the address verify cache (by default, after 31 days).
|
||
|
||
- Major changes - json support
|
||
[Feature 20151129] Machine-readable, JSON-formatted queue listing
|
||
with "postqueue -j" (no "mailq" equivalent). The output is a stream
|
||
of JSON objects, one per queue file. To simplify parsing, each
|
||
JSON object is formatted as one text line followed by one newline
|
||
character. See the postqueue(1) manpage for a detailed description
|
||
of the output format.
|
||
|
||
- Major changes - milter support
|
||
[Feature 20150523] The milter_macro_defaults feature provides an
|
||
optional list of macro name=value pairs. These specify default
|
||
values for Milter macros when no value is available from the SMTP
|
||
session context.
|
||
|
||
For example, with "milter_macro_defaults = auth_type=TLS", the
|
||
Postfix SMTP server will send an auth_type of "TLS" to a Milter,
|
||
unless the remote client authenticates with SASL.
|
||
|
||
This feature was originally implemented for a submission service
|
||
that may authenticate clients with a TLS certificate, without having
|
||
to make changes to the code that implements TLS support.
|
||
|
||
- Major changes - output rate control
|
||
|
||
[Feature 20150710] Destination-independent delivery rate delay
|
||
|
||
Support to enforce a destination-independent delay between email
|
||
deliveries. The following example inserts 20 seconds of delay
|
||
between all deliveries with the SMTP transport, limiting the delivery
|
||
rate to at most three messages per minute.
|
||
|
||
/etc/postfix/main.cf:
|
||
smtp_transport_rate_delay = 20s
|
||
|
||
For details, see the description of default_transport_rate_delay
|
||
and transport_transport_rate_delay in the postconf(5) manpage.
|
||
|
||
- Major changes - postscreen dnsbl
|
||
[Feature 20150710] postscreen support for the TTL of DNSBL and DNSWL
|
||
lookup results
|
||
|
||
Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes
|
||
that a "not found" result from a DNSBL server will be valid for one
|
||
hour. This may have been adequate five years ago when postscreen
|
||
was first implemented, but nowadays, that one hour can result in
|
||
missed opportunities to block new spambots.
|
||
|
||
To address this, postscreen now respects the TTL of DNSBL "not
|
||
found" replies, as well as the TTL of DNSWL replies (both "found"
|
||
and "not found"). The TTL for a "not found" reply is determined
|
||
according to RFC 2308 (the TTL of an SOA record in the reply).
|
||
|
||
Support for DNSBL or DNSWL reply TTL values is controlled by two
|
||
configuration parameters:
|
||
|
||
postscreen_dnsbl_min_ttl (default: 60 seconds).
|
||
|
||
This parameter specifies a minimum for the amount of time that
|
||
a DNSBL or DNSWL result will be cached in the postscreen_cache_map.
|
||
This prevents an excessive number of postscreen cache updates
|
||
when a DNSBL or DNSWL server specifies a very small reply TTL.
|
||
|
||
postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour)
|
||
|
||
This parameter specifies a maximum for the amount of time that
|
||
a DNSBL or DNSWL result will be cached in the postscreen_cache_map.
|
||
This prevents cache pollution when a DNSBL or DNSWL server
|
||
specifies a very large reply TTL.
|
||
|
||
The postscreen_dnsbl_ttl parameter is now obsolete, and has become
|
||
the default value for the new postscreen_dnsbl_max_ttl parameter.
|
||
|
||
- Major changes - sasl auth safety
|
||
[Feature 20151031] New "smtpd_client_auth_rate_limit" feature, to
|
||
enforce an optional rate limit on AUTH commands per SMTP client IP
|
||
address. Similar to other smtpd_client_*_rate_limit features, this
|
||
enforces a limit on the number of requests per $anvil_rate_time_unit.
|
||
|
||
- Major changes - smtpd policy
|
||
[Feature 20150913] New SMTPD policy service attribute "policy_context",
|
||
with a corresponding "smtpd_policy_service_policy_context" configuration
|
||
parameter. Originally, this was implemented to share the same SMTPD
|
||
policy service endpoint among multiple check_policy_service clients.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 9 14:05:22 UTC 2015 - varkoly@suse.com
|
||
|
||
- bnc#958329 postfix fails to start when openslp is not installed
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 12 20:49:27 UTC 2015 - michael@stroeder.com
|
||
|
||
- upstream update postfix 2.11.7:
|
||
* The Postfix Milter client aborted with a panic while adding a
|
||
message header, after adding a short message header with the
|
||
header_checks PREPEND action. Fixed by invoking the header
|
||
output function while PREPENDing a message header.
|
||
* False alarms while scanning the Postfix queue. Fixed by resetting
|
||
errno before calling readdir(). This defect was introduced
|
||
19970309.
|
||
* The postmulti command produced an incorrect error message.
|
||
* The postmulti command now refuses to create a new MTA instance
|
||
when the template main.cf or master.cf file are missing. This
|
||
is a common problem on Debian-like systems.
|
||
* Turning on Postfix SMTP server HAProxy support broke TLS
|
||
wrappermode. Fixed by temporarily using a 1-byte VSTREAM buffer
|
||
to read the HAProxy connection hand-off information.
|
||
* The xtext_unquote() function did not propagate error reports
|
||
from xtext_unquote_append(), causing the decoder to return
|
||
partial output, instead of rejecting malformed input. The Postfix
|
||
SMTP server uses this function to parse input for the ENVID and
|
||
ORCPT parameters, and for XFORWARD and XCLIENT command parameters.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 12 10:51:51 UTC 2015 - jkeil@suse.de
|
||
|
||
- boo#934060: Remove quirky hostname logic from config.postfix
|
||
* /etc/hostname doesn't contain anything useful
|
||
* linux.local is no good either
|
||
* postfix will use `hostname`.localdomain as fallback
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 4 09:09:04 UTC 2015 - meissner@suse.com
|
||
|
||
- postfix-no-md5.patch: replace fingerprint defaults by sha1. bsc#928885
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 4 09:07:25 UTC 2015 - meissner@suse.com
|
||
|
||
- %verifyscript is a new section, move it out of the %ifdef
|
||
so the fillups are run afterwards.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 22 16:44:44 UTC 2015 - michael@stroeder.com
|
||
|
||
- upstream update postfix 2.11.6:
|
||
Default settings have been updated so that they no longer enable
|
||
export-grade ciphers, and no longer enable the SSLv2 and SSLv3
|
||
protocols.
|
||
- removed postfix-2.11.5_linux4.patch because it's obsolete
|
||
- Bugfix (introduced: Postfix 2.11): with connection caching
|
||
enabled (the default), recipients could be given to the wrong
|
||
mail server. (bsc#944722)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 1 22:25:51 UTC 2015 - crrodriguez@opensuse.org
|
||
|
||
- postfix-SuSE.tar.gz/postfix.service: None of
|
||
nss-lookup.target network.target local-fs.target time-sync.target
|
||
should be Wanted or Required except by the services
|
||
the implement the relevant functionality i.e network.target
|
||
is wanted/required by networkmanager, wicked,
|
||
systemd-network. other software must be ordered After them,
|
||
see systemd.special(7)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun May 17 18:41:52 UTC 2015 - mpluskal@suse.com
|
||
|
||
- Fix library symlink generation (boo#928662)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 21 09:55:44 UTC 2015 - mrueckert@suse.de
|
||
|
||
- added postfix-2.11.5_linux4.patch:
|
||
Allow building on kernel 4. Patch taken from:
|
||
https://groups.google.com/forum/#!topic/mailing.postfix.users/fufS22sMGWY
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Apr 19 23:03:25 UTC 2015 - mrueckert@suse.de
|
||
|
||
- update to postfix 2.11.5
|
||
- Bugfix (introduced: Postfix 2.6):
|
||
sender_dependent_relayhost_maps ignored the relayhost setting
|
||
in the case of a DUNNO lookup result. It would use the
|
||
recipient domain instead. Viktor Dukhovni. Wietse took the
|
||
pieces of code that enforce the precedence of a
|
||
sender-dependent relayhost, the global relayhost, and the
|
||
recipient domain, and put that code together in once place so
|
||
that it is easier to maintain. File:
|
||
trivial-rewrite/resolve.c.
|
||
- Bitrot: prepare for future changes in OpenSSL API. Viktor
|
||
Dukhovni. File: tls_dane.c.
|
||
- Incompatibility: specifying "make makefiles" with "CC=command"
|
||
will no longer override the default WARN setting.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 9 18:01:38 UTC 2015 - michael@stroeder.com
|
||
|
||
- upstream update postfix 2.11.4:
|
||
|
||
Postfix 2.11.4 only:
|
||
|
||
* Fix a core dump when smtp_policy_maps specifies an invalid TLS
|
||
level.
|
||
|
||
* Fix a missing " in \%s\", in postconf(1) fatal error messages,
|
||
which violated the C language spec. Reported by Iain Hibbert.
|
||
|
||
All supported releases:
|
||
|
||
* Stop excessive recursion in the cleanup server while recovering
|
||
from a virtual alias expansion loop. Problem found at Two Sigma.
|
||
|
||
* Stop exponential memory allocation with virtual alias expansion
|
||
loops. This came to light after fixing the previous problem.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Feb 8 13:08:36 UTC 2015 - varkoly@suse.com
|
||
|
||
- correct pf_daemon_directory in spec. This must be /usr/lib/
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 22 09:36:09 UTC 2015 - varkoly@suse.com
|
||
|
||
- bnc#914086 syntax error in config.postfix
|
||
- Adapt config.postfix to be able to run on SLE11 too.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 19 22:15:30 UTC 2015 - mpluskal@suse.com
|
||
|
||
- Don't install sysvinit script when systemd is used
|
||
- Make explicit PreReq dependencies conditional only for older
|
||
systems
|
||
- Don't try to set explicit attributes to symlinks
|
||
- Cleanup spec file vith spec-cleaner
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 13 07:04:52 UTC 2015 - varkoly@suse.com
|
||
|
||
- bnc#912594 config.postfix creates config based on old options
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 6 14:26:51 UTC 2015 - varkoly@suse.com
|
||
|
||
- bnc#911806 config.postfix does not set up correct saslauthd socket directory for chroot
|
||
- bnc#910265 config.postfix does not upgrade the chroot
|
||
- bnc#908003 wrong access rights on /usr/sbin/postdrop causes
|
||
permission denied when trying to send a mail as non root user
|
||
- bnc#729154 wrong permissions for some postfix components
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 21 14:49:19 UTC 2014 - tchvatal@suse.com
|
||
|
||
- Remove keyring and things as it is md5 based one no longer
|
||
accepted by gpg 2.1
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 14 09:19:00 UTC 2014 - dimstar@opensuse.org
|
||
|
||
- No longer perform gpg validation; osc source_validator does it
|
||
implicit:
|
||
+ Drop gpg-offline BuildRequires.
|
||
+ No longer execute gpg_verify.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 27 18:22:02 UTC 2014 - dmueller@suse.com
|
||
|
||
- restore previously lost fix:
|
||
Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de
|
||
- Ignore errors in %pre/%post.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 20 07:52:39 UTC 2014 - michael@stroeder.com
|
||
|
||
- postfix 2.11.3:
|
||
|
||
* Fix for configurations that prepend message headers with Postfix
|
||
access maps, policy servers or Milter applications. Postfix now
|
||
hides its own Received: header from Milters and exposes prepended
|
||
headers to Milters, regardless of the mechanism used to prepend
|
||
a header. This fix reverts a partial solution that was released
|
||
on October 13, 2014, and replaces it with a complete solution.
|
||
* Portability fix for MacOS X 10.7.x (Darwin 11.x) build procedure.
|
||
|
||
- postfix 2.11.2:
|
||
|
||
* Fix for DMARC implementations based on SPF policy plus DKIM
|
||
Milter. The PREPEND access/policy action added headers ABOVE
|
||
Postfix's own Received: header, exposing Postfix's own Received:
|
||
header to Milters (protocol violation) and hiding the PREPENDed
|
||
header from Milters. PREPENDed headers are now added BELOW
|
||
Postfix's own Received: header and remain visible to Milters.
|
||
* The Postfix SMTP server logged an incorrect client name in
|
||
reject messages for check_reverse_client_hostname_access and
|
||
check_reverse_client_hostname_{mx,ns}_access. They replied with
|
||
the verified client name, instead of the name that was rejected.
|
||
* The qmqpd daemon crashed with null pointer bug when logging a
|
||
lost connection while not in a mail transaction.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 14 16:50:57 UTC 2014 - andreas.stieger@gmx.de
|
||
|
||
- switch from md5 based signature to one using the SHA-512 digest
|
||
algorithm supplied by maintainer on ML to pass source_validator
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Sep 13 21:44:41 UTC 2014 - andreas.stieger@gmx.de
|
||
|
||
- postfix 2.11.1:
|
||
* With connection caching enabled (the default), recipients could
|
||
be given to the wrong mail server.
|
||
* Enforce TLS when TLSA records exist, but all are unusable.
|
||
* Don't leak memory when TLSA records exist, but all are unusable.
|
||
* Prepend "-I. -I../../include" to the compiler command-line
|
||
options, to avoid name clashes with non-Postfix header files.
|
||
* documentation fixes
|
||
* logging fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 29 15:40:00 UTC 2014 - rusjako@rus.uni-stuttgart.de
|
||
|
||
- fix dynamic_maps patch to enable memcache support, which does not
|
||
need any libraries
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 31 12:44:59 UTC 2014 - dimstar@opensuse.org
|
||
|
||
- Rename rpmlintrc to %{name}-rpmlintrc.
|
||
Follow the packaging guidelines.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 27 23:16:21 UTC 2014 - chris@computersalat.de
|
||
|
||
- fix typo in postfix-SuSE/update_chroot.systemd
|
||
- fix config.postfix
|
||
* 'insserv amavis' -> 'chkconfig amavis on'
|
||
- rework main.cf patch
|
||
* fix virtual stuff
|
||
* add some dovecot stuff
|
||
- rework master.cf patch
|
||
* add some dovecot stuff
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 23 21:41:23 UTC 2014 - jamesp@vicidial.com
|
||
|
||
- The included postfix-mysql.tar.bz2 was using a MySQL 4.1 style of
|
||
table engine specification. Modified so that the sql uses
|
||
'ENGINE=' instead of 'TYPE=' for creating tables.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 23 15:17:52 UTC 2014 - varkoly@suse.com
|
||
|
||
- bnc#816769 - config.postfix issues warnings about missing master.cf
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 10 13:34:03 UTC 2014 - varkoly@suse.com
|
||
|
||
- bnc#882033 - Package postfix has changed files according to rpm
|
||
- bnc#855688 - possible systemd bug: postfix & cifs dependency confict
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 9 12:17:35 UTC 2014 - varkoly@suse.com
|
||
|
||
- bnc#863350 - SuSEconfig.postfix complains about modified /etc/postfix/main.cf after updating postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 26 17:21:54 UTC 2014 - chris@computersalat.de
|
||
|
||
- replace vda patch:
|
||
* add postfix-vda-v13-2.10.0.patch
|
||
* remove postfix-vda-v11-2.9.6.patch
|
||
- rebase patches
|
||
- config.postfix
|
||
* add master.cf support for submission (587)
|
||
* rework master.cf support for smtps
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 12 15:10:27 UTC 2014 - varkoly@suse.com
|
||
|
||
- bnc#862662 - Unable to configure postfix SMTP with forced TLS using YaST2
|
||
|
||
- Update to 2.11.0
|
||
* TLS
|
||
o Support for PKI-less TLS server certificate verification, where
|
||
the CA public key or the server certificate is identified via DNSSEC lookup
|
||
* LMDB database support
|
||
* master
|
||
o The master_service_disable parameter value syntax has changed:
|
||
use "service/type" instead of "service.type".
|
||
* postconf:
|
||
o Support for advanced master.cf query and update operations.
|
||
This was implemented primarily to support automated system management tools.
|
||
o The postconf command produces more warnings
|
||
* relay safety
|
||
New smtpd_relay_restrictions parameter built-in default settings:
|
||
smtpd_relay_restrictions =
|
||
permit_mynetworks
|
||
permit_sasl_authenticated
|
||
defer_unauth_destination
|
||
* postscreen whitelisting
|
||
Allow a remote SMTP client to skip postscreen(8) tests based on
|
||
its postscreen_dnsbl_sites score.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de
|
||
|
||
- Ignore errors in %pre/%post.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 3 02:47:54 UTC 2013 - crrodriguez@opensuse.org
|
||
|
||
- two improvements for 13.1 and factory
|
||
* postfix-opensslconfig.patch call openSSL_config
|
||
so postfix respects the system's openssl configuration
|
||
* postfix-SuSE/postfix.service since a few months there
|
||
is no mail-transfer-agent.target, units must be ordered
|
||
after a list of smtpd implementations instead.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 20 04:48:08 UTC 2013 - varkoly@suse.com
|
||
|
||
- Proc is not needed in chroot anymore
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 30 14:34:01 UTC 2013 - schwab@suse.de
|
||
|
||
- postfix-main.cf.patch: remove duplicate entry for inet_protocols
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 17 10:50:08 UTC 2013 - chris@computersalat.de
|
||
|
||
- fix for warning
|
||
* unused parameter: virtual_create_maildirsize=yes
|
||
* unused parameter: virtual_mailbox_extended=yes
|
||
* rework main.cf.patch
|
||
- fix rcpostfix for sysvinit systems
|
||
* /etc/postfix/system/update_postmaps: No such file or directory
|
||
- rebase patches
|
||
* vda-v11-2.9.5 -> vda-v11-2.9.6
|
||
- fix file postfix-SuSE.tar.gz
|
||
* made a tar.gz
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jun 16 02:12:07 UTC 2013 - jengelh@inai.de
|
||
|
||
- postfix.spec forces the use of SSL and SASL libraries,
|
||
so make sure the BuildRequires are there
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 14 01:33:52 UTC 2013 - jengelh@inai.de
|
||
|
||
- Add postfix-db6.diff to fix compile abort with libdb-6.0
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 22 11:51:37 UTC 2013 - idonmez@suse.com
|
||
|
||
- Add Source URL, see https://en.opensuse.org/SourceUrls
|
||
- Add GPG verification
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Apr 20 05:46:00 UTC 2013 - crrodriguez@opensuse.org
|
||
|
||
- postfix-SuSE/postfix.service do not Require or
|
||
order after syslog.target as it no longer exists
|
||
postfix will fail to start in the next systemd version.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 23 09:33:08 UTC 2013 - rmilasan@suse.com
|
||
|
||
- Install postfix.service accordingly (/usr/lib/systemd for 12.3
|
||
and up or /lib/systemd for older versions).
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 6 19:56:57 UTC 2013 - varkoly@suse.com
|
||
|
||
- update to 2,9.6
|
||
Bugfix: the local(8) delivery agent dereferenced a null pointer
|
||
while delivering to null command (for example, "|" in a .forward file).
|
||
Bugfix: memory leak in program initialization. tls/tls_misc.c.
|
||
Bugfix: he undocumented OpenSSL X509_pubkey_digest() function is
|
||
unsuitable for computing certificate PUBLIC KEY fingerprints.
|
||
Postfix now provides a correct procedure that accounts for
|
||
the algorithm and parameters in addition to the key data. Specify
|
||
"tls_legacy_public_key_fingerprints = yes" if you need backwards compatibility.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 17 22:01:16 UTC 2013 - varkoly@suse.com
|
||
|
||
- bnc#796162 - script to assign path elements not working in postfix install Build-0284(iso)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 10 18:23:56 UTC 2013 - chris@computersalat.de
|
||
|
||
- rebase patches
|
||
* vda-v10-2.8.12 -> vda-v11-2.9.5 (and to be a p0)
|
||
* main, master, post-instal, ssl-release-buffers (remove version)
|
||
* dynamic_maps, dynamic_maps_pie, pointer_to_literals
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 10 14:45:59 UTC 2013 - varkoly@suse.com
|
||
|
||
- update to 2,9.5
|
||
* tls support:
|
||
Support to turn off the TLSv1.1 and TLSv1.2 protocols:
|
||
To temporarily turn off problematic protocols globally:
|
||
/etc/postfix/main.cf:
|
||
smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
|
||
smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
|
||
However, it may be better to temporarily turn off problematic
|
||
protocols for broken sites only:
|
||
/etc/postfix/main.cf:
|
||
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
|
||
/etc/postfix/tls_policy:
|
||
example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2
|
||
* 20111012 To simplify integration with third-party
|
||
applications, the Postfix sendmail command now always transforms
|
||
all input lines ending in <CR><LF> into UNIX format (lines ending
|
||
in <LF>). Specify "sendmail_fix_line_endings = strict" to restore
|
||
historical Postfix behavior (i.e. convert all input lines ending
|
||
in <CR><LF> only if the first line ends in <CR><LF>).
|
||
* 20120114 Logfile-based alerting systems may need to be
|
||
updated to look for "error" messages in addition to "fatal" messages.
|
||
Specify "daemon_table_open_error_is_fatal = yes" to get the historical
|
||
behavior (immediate termination with "fatal" message).
|
||
* enable_long_queue_ids Postfix 2.9 introduces support for non-repeating queue IDs (also
|
||
used as queue file names). These names are encoded in a mix of upper
|
||
case, lower case and decimal digit characters. Long queue IDs are
|
||
disabled by default to avoid breaking tools that parse logfiles and
|
||
that expect queue IDs with the smaller [A-F0-9] character set.
|
||
* 20111209 memcache lookup and update support. This provides
|
||
a way to share postscreen(8) or verify(8) caches between Postfix
|
||
instances. See MEMCACHE_README and memcache_table(5) for details
|
||
and limitations.
|
||
* 20111218 To support external SASL authentication, e.g.,
|
||
in an NGINX proxy daemon, the Postfix SMTP server now always checks
|
||
the smtpd_sender_login_maps table, even without having
|
||
"smtpd_sasl_auth_enable = yes" in main.cf.
|
||
* ipv6
|
||
o The default inet_protocols value is now "all" instead of "ipv4",
|
||
meaning use both IPv4 and IPv6.
|
||
o The default smtp_address_preference value is now "any" instead
|
||
of "ipv6", meaning choose randomly between IPv6 and IPv4. With
|
||
this the Postfix SMTP client will have more success delivering
|
||
mail to sites that have problematic IPv6 configurations.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Dec 15 16:33:24 UTC 2012 - chris@computersalat.de
|
||
|
||
- update to 2.8.13
|
||
* 20121029
|
||
Workaround: strip datalink suffix from IPv6 addresses
|
||
returned by the system getaddrinfo() routine. Such suffixes
|
||
mess up the default mynetworks value, host name/address
|
||
verification and possibly more. This change obsoletes the
|
||
20101108 change that removes datalink suffixes in the SMTP
|
||
and QMQP servers, but we leave that code alone. File:
|
||
util/myaddrinfo.c.
|
||
* 20121013
|
||
Cleanup: to compute the LDAP connection cache lookup key,
|
||
join the numeric fields with null, just like string fields.
|
||
Viktor Dukhovni. File: global/dict_ldap.c.
|
||
* 20121010
|
||
Bugfix (introduced: Postfix 2.5): memory leak in program
|
||
initialization. Reported by Coverity. File: tls/tls_misc.c.
|
||
Bugfix (introduced: Postfix 2.3): memory leak in the unused
|
||
oqmgr program. Reported by Coverity. File: oqmgr/qmgr_message.c.
|
||
* 20121003
|
||
Bugfix: the postscreen_access_list feature was case-sensitive
|
||
in the first character of permit, reject, etc. Reported by
|
||
Feancis Picabia. File: global/server_acl.c.
|
||
- rebase dynamic_maps_pie patch
|
||
- rpmlint
|
||
* invalid-suse-version-check 1140
|
||
* obsolete-suse-version-check 920 (changes file)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 14 06:03:42 UTC 2012 - varkoly@suse.com
|
||
|
||
- bnc#790141 - Command SuSEconfig.postfix reports ERROR -
|
||
"can not find /lib/YaST/SuSEconfig.functions!!"
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 8 11:33:33 UTC 2012 - varkoly@suse.com
|
||
|
||
- bnc#782048 - postfix uses /sbin/conf.d
|
||
- bnc#784659 - remove SuSEconfig calls from yast2-mail
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 10 18:56:59 UTC 2012 - chris@computersalat.de
|
||
|
||
- update to 2.8.12
|
||
* 20120730
|
||
Bugfix (introduced: 20000314): AUTH is not allowed after
|
||
MAIL. Timo Sirainen. File: smtpd/smtpd_sasl_proto.c.
|
||
* 20120702
|
||
Bugfix (introduced: 19990127): the BIFF client leaked an
|
||
unprivileged UDP socket. Fix by Jaroslav Skarvada. File:
|
||
local/biff_notify.c.
|
||
* 20120621
|
||
Bugfix (introduced: Postfix 2.8): the unused "pass" trigger
|
||
client could close the wrong file descriptors. File:
|
||
util/unix_pass_trigger.c.
|
||
- fix for bnc#771303
|
||
* add 'version = 3' to ldap_aliases.cf
|
||
- rebase patches
|
||
* main, master, post-install: 2.8.3 -> 2.8.12
|
||
* ssl-release-buffers: 2.8.5 -> 2.8.12
|
||
* vda-v10: 2.8.9 -> 2.8.12
|
||
* dynamic_maps, dynamic_maps_pie, ipv6_disabled, pointer_to_literals
|
||
- fix changes file
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 19 06:52:18 UTC 2012 - varkoly@suse.com
|
||
|
||
- bnc#771811 - postfix update does not regenerate the maps
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 11 09:51:22 UTC 2012 - varkoly@suse.com
|
||
|
||
- update to 2.8.11
|
||
* 20120520
|
||
- Bugfix (introduced Postfix 2.4): the event_drain() function
|
||
was comparing bitmasks incorrectly causing the program to
|
||
always wait for the full time limit. This error affected
|
||
the unused postkick command, but only after s/fifo/unix/
|
||
in master.cf. File: util/events.c.
|
||
- Cleanup: laptop users have always been able to avoid
|
||
unnecessary disk spin-up by doing s/fifo/unix/ in master.cf
|
||
(this is currently not supported on Solaris systems).
|
||
However, to make this work reliably, the "postqueue -f"
|
||
command must wait until its requests have reached the pickup
|
||
and qmgr servers before closing the UNIX-domain request
|
||
sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 9 10:07:10 UTC 2012 - varkoly@suse.com
|
||
|
||
- bnc#753910 - {name} instead of %{name} in postfix .spec
|
||
- bnc#756452 - VUL-1: postfix: VRFY allows enumerating users
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 3 16:47:11 UTC 2012 - chris@computersalat.de
|
||
|
||
- update to 2.8.10
|
||
* 20120401
|
||
Bitrot: shut up useless warnings about Cyrus SASL call-back
|
||
function pointer type mis-matches. Files: xsasl/xsasl_cyrus.h,
|
||
xsasl/xsasl_cyrus_server.c, xsasl/xsasl_client.c.
|
||
* 20120422
|
||
Bit-rot: OpenSSL 1.0.1 introduces new protocols. Update the
|
||
known TLS protocol list so that protocols can be turned off
|
||
selectively to work around implementation bugs. Based on
|
||
a patch by Victor Duchovni. Files: proto/TLS_README.html,
|
||
proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c,
|
||
tls/tls_server.c.
|
||
- update to 2.8.9
|
||
* 20120217
|
||
Cleanup: missing #include statement for bugfix code added
|
||
20111226. File: local/unknown.c.
|
||
* 20120214
|
||
Bugfix (introduced: Postfix 2.4): extraneous null assignment
|
||
caused core dump when postlog emitted the "usage" message.
|
||
Reported by Kant (fnord.hammer). File: postlog/postlog.c.
|
||
* 20120202
|
||
Bugfix (introduced: Postfix 2.3): the "change header" milter
|
||
request could replace the wrong header. A long header name
|
||
could match a shorter one, because a length check was done
|
||
on the wrong string. Reported by Vladimir Vassiliev. File:
|
||
cleanup/cleanup_milter.c.
|
||
- use latest VDA patch (2.8.9)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 12 08:15:06 UTC 2012 - varkoly@suse.com
|
||
|
||
- bnc#756450 - postfix: remove version from banner
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 9 16:13:28 UTC 2012 - bruno@ioda-net.ch
|
||
|
||
- add port 587 smtp-auth submission to postfix-fw bnc#756289
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 2 22:09:00 CEST 2012 - dmueller@suse.de
|
||
|
||
- set exit code explicitely in cond_slp, systemd checks for it
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 13 13:35:13 UTC 2012 - varkoly@suse.com
|
||
|
||
- Documentation for bnc#751994 - SuSEconfig module postfix does not exist
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 7 06:31:05 UTC 2012 - varkoly@suse.com
|
||
|
||
- rcpostfix now updates the aliases too
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 27 16:35:56 UTC 2012 - chris@computersalat.de
|
||
|
||
- update to 2.8.8
|
||
Bugfixes:
|
||
tlsproxy(8) stored TLS sessions with a serverID of
|
||
"tlsproxy" instead of "smtpd", wasting an opportunity for
|
||
session reuse. File: tlsproxy/tlsproxy.c.
|
||
missing lookup table entry and terminator, causing
|
||
proxymap server segfault when postscreen(8) or verify(8)
|
||
attempted to access their cache via the proxymap server.
|
||
This could never have worked anyway, because the Postfix
|
||
2.8 proxymap protocol does not support cache cleanup. File
|
||
util/dict.c.
|
||
the Postfix client sqlite
|
||
quoting routine returned the unquoted result instead of the
|
||
quoted text. The opportunities for misuse are limited,
|
||
because Postfix sqlite files are usually owned by root, and
|
||
Postfix daemons usually run with non-root privileges so
|
||
they can't corrupt the database. Problem reported by Rob
|
||
McGee (rob0). File: global/dict_sqlite.c.
|
||
the trace service did not
|
||
distinguish between notifications for a non-bounce or a
|
||
bounce message. This code pre-dates DSN support and should
|
||
have been updated when it was re-purposed to handle DSN
|
||
SUCCESS notifications. Problem reported by Sabahattin
|
||
Gucukoglu. File: bounce/bounce_trace_service.c.
|
||
- use latest VDA patch (2.8.5)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 25 15:12:38 UTC 2012 - varkoly@suse.com
|
||
|
||
- bnc#743369 - yast2 mail module does not open the firewall
|
||
- Set MD5DIR in SuSEconfig.postfix to avoid warnings
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 17 11:14:30 UTC 2012 - varkoly@suse.com
|
||
|
||
- bnc738693 - upgrade from 11.4 enables mysql service for systemd
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 12 12:18:17 UTC 2012 - varkoly@suse.com
|
||
|
||
- Add postmap rebuild script to systemv init script too
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 11 14:21:21 UTC 2012 - varkoly@suse.com
|
||
|
||
- bnc#738900 - cyrus-imapd not receiving mail from postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 13 14:50:45 UTC 2011 - varkoly@suse.com
|
||
|
||
- Move the post map rebuild script into the start script
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 6 11:04:12 UTC 2011 - varkoly@suse.com
|
||
|
||
- Fix the last change in %post
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 2 06:44:28 UTC 2011 - varkoly@suse.com
|
||
|
||
- bnc#728308 - warning output after update the postfix package
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 9 20:05:38 UTC 2011 - varkoly@suse.com
|
||
|
||
- update to 2.8.7
|
||
Bugfixes:
|
||
smtpd(8) did not sanitize newline characters in cleanup(8)
|
||
REJECT messages, causing them to be sent out via SMTP as bare newline characters.
|
||
smtpd(8) sent multi-line responses from a before-queue content filter as text with
|
||
bare <LF> instead of <CR><LF>.
|
||
Workaround: postscreen sent non-compliant SMTP responses (220- followed by 421)
|
||
when it could not give a connection to a real smtpd process, causing some
|
||
remote SMTP clients to bounce mail.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 3 15:56:23 UTC 2011 - varkoly@suse.com
|
||
|
||
- Use the systemd macros in the spec file
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 14 16:43:02 CEST 2011 - mhrusecky@suse.cz
|
||
|
||
- only fix files that exists in %post
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 9 04:30:54 UTC 2011 - crrodriguez@opensuse.org
|
||
|
||
- Use SSL_MODE_RELEASE_BUFFERS if available, see
|
||
SSL_CTX_set_mode man page and
|
||
http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
|
||
for the full details.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 6 14:49:47 UTC 2011 - chris@computersalat.de
|
||
|
||
- update to 2.8.5
|
||
* Bugfix: allow for Milters that send an SMTP server reply
|
||
without RFC 3463 enhanced status code. Reported by Vladimir
|
||
Vassiliev. File: milter/milter8.c.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 22 09:31:02 UTC 2011 - varkoly@novell.com
|
||
|
||
- bnc#684304 - server:mail/postfix: Bugs in SuSEconfig chroot setup script
|
||
- Aplly SASL_SOCKET_DIR patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 18 09:32:04 UTC 2011 - varkoly@novell.com
|
||
|
||
- Move SuSEconfig.postfix into /usr/sbin/
|
||
(FATE#311272: Do not rewrite postfix.cf via SuSEconfig)
|
||
SuSEconfig.postfix will be executed only once after installation
|
||
automaticaly. Afterwards only you can start it manually or via
|
||
yast2 mail module.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 12 16:40:40 UTC 2011 - werner@suse.de
|
||
|
||
- Just the first strep forward to systemd, please test out
|
||
/etc/postfix/system/update_chroot
|
||
/etc/postfix/system/wait_qmgr
|
||
/etc/postfix/system/cond_slp
|
||
and
|
||
/lib/systemd/system/postfix.service
|
||
and also fill out the missing description.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 9 11:03:55 UTC 2011 - chris@computersalat.de
|
||
|
||
- rework SuSE patch
|
||
* add missing SASL stuff in rc.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 25 09:08:14 UTC 2011 - chris@computersalat.de
|
||
|
||
- when chrooted and using SASL
|
||
o mount -o bind SASL_SOCKET_DIR into postfix CHROOT
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 11 17:22:19 UTC 2011 - chris@computersalat.de
|
||
|
||
- update to 2.8.4
|
||
o Linux kernel version 3 support.
|
||
for more info see ChangeLog
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 6 13:11:07 UTC 2011 - varkoly@novell.com
|
||
|
||
- bnc#686436 - postfix bounces messages with improper use of 8-bit data in message body
|
||
- Apply patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 1 12:35:59 UTC 2011 - chris@computersalat.de
|
||
|
||
- rework master.cf patch
|
||
o fix receive_override_options line
|
||
- rework SuSE patch
|
||
o sysconfig: remove POSTFIX_WITH_POP_BEFORE_SMTP
|
||
o SuSEconfig: fix receive_override_options line
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 30 20:15:40 UTC 2011 - chris@computersalat.de
|
||
|
||
- replace vda patch
|
||
o 2.8.1 -> 2.8.3
|
||
- fix files doc
|
||
o remove 'doc auxiliary'
|
||
instead cp to pf_docdir
|
||
|
||
-------------------------------------------------------------------
|
||
Sat May 28 04:22:22 UTC 2011 - varkoly@novell.com
|
||
|
||
- fix spec for building on all repos
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 24 10:24:51 UTC 2011 - varkoly@novell.com
|
||
|
||
- bnc#679187 - suseconfig/postfix: missing dependency
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 17 22:31:46 UTC 2011 - chris@computersalat.de
|
||
|
||
- fix master.cf
|
||
o fix missing
|
||
- amavis unix - - n - 4 smtp
|
||
- localhost:10025 inet n - n - - smtpd
|
||
o add master.cf patch
|
||
- rework patches
|
||
o main.cf (add two missing sasl vars)
|
||
o postfix-SuSE (SuSEconfig, cleanup those vars,...)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun May 15 14:16:03 UTC 2011 - chris@computersalat.de
|
||
|
||
- rework TLS stuff
|
||
o reworked main.cf patch
|
||
o added postfix-SuSE patch
|
||
o added post-install patch
|
||
Editing /etc/postfix/master.cf, adding missing entry for tlsmgr service
|
||
add only if it really does not exist
|
||
- removed Author from description
|
||
- updated vda patch
|
||
o vda-2.7.1 > vda-v10-2.8.1
|
||
- fix build for SLE_10
|
||
o no fdupes ;)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 11 08:23:56 UTC 2011 - varkoly@novell.com
|
||
|
||
- remove document paths from postfix-files to avoid error messages
|
||
when postfix-doc is not installed
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 10 09:20:23 UTC 2011 - varkoly@novell.com
|
||
|
||
- update to 2.8.3 - VUL-0: postfix memory corruption
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Apr 10 07:00:18 UTC 2011 - varkoly@novell.com
|
||
|
||
- bnc#641271 - postfix-2.7.1: init script cannot properly stop
|
||
multi-instance configurations
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 30 21:21:16 UTC 2011 - varkoly@novell.com
|
||
|
||
- update to 2.8.2
|
||
* DNSBL/DNSWL:
|
||
o Support for address patterns in DNS blacklist and whitelist lookup results.
|
||
o The Postfix SMTP server now supports DNS-based whitelisting with several safety features
|
||
* Support for read-only sqlite database access.
|
||
* Alias expansion:
|
||
o Postfix now reports a temporary delivery error when the result
|
||
of virtual alias expansion would exceed the virtual_alias_recursion_limit
|
||
or virtual_alias_expansion_limit.
|
||
o To avoid repeated delivery to mailing lists with pathological
|
||
nested alias configurations, the local(8) delivery agent now keeps
|
||
the owner-alias attribute of a parent alias, when delivering mail
|
||
to a child alias that does not have its own owner alias.
|
||
* The Postfix SMTP client no longer appends the local domain when
|
||
looking up a DNS name without ".".
|
||
* The SMTP server now supports contact information that is appended
|
||
to "reject" responses: smtpd_reject_footer
|
||
* Postfix by default no longer adds a "To: undisclosed-recipients:;"
|
||
header when no recipient specified in the message header.
|
||
* tls support:
|
||
o The Postfix SMTP server now always re-computes the SASL mechanism
|
||
list after successful completion of the STARTTLS command.
|
||
o The smtpd_starttls_timeout default value is now stress-dependent.
|
||
o Postfix no longer appends the system-supplied default CA certificates
|
||
to the lists specified with *_tls_CAfile or with *_tls_CApath.
|
||
* New feature: Prototype postscreen(8) server that runs a number
|
||
of time-consuming checks in parallel for all incoming SMTP connections,
|
||
before clients are allowed to talk to a real Postfix SMTP server.
|
||
It detects clients that start talking too soon, or clients that appear
|
||
on DNS blocklists, or clients that hang up without sending any command.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 10 11:43:28 UTC 2011 - varkoly@novell.com
|
||
|
||
- bnc#667299 - Postfix LICENSE not marked as documentation
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 17 09:56:32 UTC 2011 - chris@computersalat.de
|
||
|
||
- add some min LDAP support for virtual LDAP-users
|
||
o sysconfig "WITH_LDAP"
|
||
o add ldap_aliases.cf
|
||
o SuSEconfig.postfix
|
||
virtual_alias_maps = ... ldap:/etc/postfix/ldap_aliases.cf
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 4 12:14:06 UTC 2011 - chris@computersalat.de
|
||
|
||
- update to 2.7.2
|
||
* Bugfix (introduced Postfix 2.2): Postfix no longer appends
|
||
the system default CA certificates to the lists specified
|
||
with *_tls_CAfile or with *_tls_CApath. This prevents
|
||
third-party certificates from getting mail relay permission
|
||
with the permit_tls_all_clientcerts feature. Unfortunately
|
||
this may cause compatibility problems with configurations
|
||
that rely on certificate verification for other purposes.
|
||
To get the old behavior, specify "tls_append_default_CA =
|
||
yes". Files: tls/tls_certkey.c, tls/tls_misc.c,
|
||
global/mail_params.h. proto/postconf.proto, mantools/postlink.
|
||
* Compatibility with Postfix < 2.3: fix 20061207 was incomplete
|
||
(undoing the change to bounce instead of defer after
|
||
pipe-to-command delivery fails with a signal). Fix by Thomas
|
||
Arnett. File: global/pipe_command.c.
|
||
* Bugfix: the milter_header_checks parser provided only the
|
||
actions that change the message flow (reject, filter,
|
||
discard, redirect) but disabled the non-flow actions (warn,
|
||
replace, prepend, ignore, dunno, ok). File:
|
||
cleanup/cleanup_milter.c.
|
||
* Performance: fix for poor smtpd_proxy_filter TCP performance
|
||
over loopback (127.0.0.1) connections. Problem reported by
|
||
Mark Martinec. Files: smtpd/smtpd_proxy.c.
|
||
* Cleanup: don't apply reject_rhsbl_helo to non-domain forms
|
||
such as network addresses. This would cause false positives
|
||
with dbl.spamhaus.org. File: smtpd/smtpd_check.c.
|
||
* Bugfix: the "421" reply after Milter error was overruled
|
||
by Postfix 1.1 code that replied with "503" for RFC 2821
|
||
compliance. We now make an exception for "final" replies,
|
||
as permitted by RFC. Solution by Victor Duchovni. File:
|
||
smtpd/smtpd.c.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Dec 11 19:50:25 UTC 2010 - chris@computersalat.de
|
||
|
||
- update vda patch
|
||
o remove 2.6.1-vda-ng.patch
|
||
o remove 2.6.1-vda-ng-64bit.patch
|
||
o add vda-2.7.1.patch
|
||
- rework main.cf.patch
|
||
o remove 2.2.9-main.cf.patch
|
||
o add 2.7.1-main.cf.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 7 22:02:56 UTC 2010 - coolo@novell.com
|
||
|
||
- prereq init scripts network and syslog
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 12 18:57:14 UTC 2010 - varkoly@novell.com
|
||
|
||
- Remove obsolate postscripts
|
||
- bnc#625657 - SuSEconfig.postfix and smtp_use_tls
|
||
- bnc#622873 - postfix doesn't start if ipv6 is disabled
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 6 15:04:30 UTC 2010 - chris@computersalat.de
|
||
|
||
- reworked bnc#606251 stuff (not checked in to Factory)
|
||
o used my_print_defaults command for parsing of /etc/my.cnf
|
||
o using quotation marks: "$PF_CHROOT"
|
||
o added sysconfig option POSTFIX_MYSQL_CONN=(socket,tcp)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 16 23:39:09 UTC 2010 - chris@computersalat.de
|
||
|
||
- bnc#606251 - postfix chrooted mysql.sock lost on mysql restart
|
||
o Now MYSQL_SOCK_DIR is mounted with '-o bind' to postfix CHROOT
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 10 10:55:54 UTC 2010 - varkoly@novell.com
|
||
|
||
- update to 2.7.1
|
||
* Bugfix (introduced Postfix 2.6) in the XFORWARD implementation,
|
||
which sends remote SMTP client attributes through SMTP-based content filters.
|
||
The Postfix SMTP client did not skip "unknown" SMTP client attributes,
|
||
causing a syntax error when sending an "unknown" client PORT attribute.
|
||
* Robustness: skip LDAP queries with non-ASCII search strings, instead of failing with a database lookup error.
|
||
* Safety: Postfix processes now log a warning when a matchlist has
|
||
a #comment at the end of a line (for example mynetworks or relay_domains).
|
||
* Portability: OpenSSL 1.0.0 changes the priority of anonymous cyphers.
|
||
* Portability: Berkeley DB 5.x is now supported.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 20 17:08:26 UTC 2010 - chris@computersalat.de
|
||
|
||
- fix obviously lost POSTFIX_MYHOSTNAME in SuSEconfig.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 7 12:39:16 UTC 2010 - varkoly@novell.com
|
||
|
||
- New file check_mail_queue. This script checks if there are some
|
||
mails in the queue and starts postfix if necessary. After delivering
|
||
the mails postfix will be stoped.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 1 10:28:09 UTC 2010 - varkoly@novell.com
|
||
|
||
- bnc#559145 - Changed Domain name not reflected when sending mail
|
||
First /var/run/dhcp-hostname will be evaluated
|
||
- Now POSTFIX_SMTP_TLS_CLIENT is ternary : no yes must
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Feb 28 18:38:18 UTC 2010 - varkoly@novell.com
|
||
- update to 2.7.0
|
||
* performance
|
||
- Periodic cache cleanup for the verify(8) cache database.
|
||
- Improved before-queue filter performance.
|
||
* sender reputation
|
||
- The FILTER action in access maps or header/body_checks now supports sender
|
||
reputation schemes that dynamically choose the SMTP source IP address.
|
||
* address verification
|
||
- The verify(8) service now uses a persistent cache by default.
|
||
* content filter
|
||
- The meaning of an empty filter next-hop destination has changed.
|
||
- The FILTER action in access maps or header/body_checks now supports sender
|
||
reputation schemes that dynamically choose the SMTP source IP address.
|
||
* milter
|
||
- Support for header checks on Milter-generated message headers.
|
||
Please read /usr/share/doc/packages/postfix/RELEASE_NOTES for details.
|
||
-------------------------------------------------------------------
|
||
Thu Feb 11 15:16:13 UTC 2010 - coolo@novell.com
|
||
|
||
- revert the change to PreReq openldap-devel, this increases the
|
||
default installation several MBs
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 2 15:45:26 UTC 2010 - varkoly@novell.com
|
||
|
||
- bnc#567569 - Postfix: move ldap support to a separate package
|
||
- bnc#557239 - postfix delivers mail to user's home instead of /var/spool/mail
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 5 23:28:12 UTC 2010 - chris@computersalat.de
|
||
|
||
- rpmlint fixes
|
||
o init-script-undefined-dependency $network-remotefs
|
||
- fix for SuSEconfig.postfix
|
||
o if use_amavis eq "yes"
|
||
then content_filter "amavis:[127.0.0.1]:10024]" is defined,
|
||
so removed "-o content_filter=smtp:[127.0.0.1]:10024" for smtp
|
||
- s#ldconfig#/sbin/ldconfig#
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 22 16:15:00 CEST 2009 - freespacer@gmx.de
|
||
|
||
- Add support for dovecot as MDA to SuSEconfig.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 16 10:45:14 CET 2009 - jengelh@medozas.de
|
||
|
||
- Package documentation as noarch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 10 13:15:15 CET 2009 - varkoly@suse.de
|
||
|
||
- Remove postfixs update script. This does not work now.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 8 19:15:15 CET 2009 - varkoly@suse.de
|
||
|
||
- Fix the %post section add missed %{fillup_only -an mail}
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 16 17:14:39 CET 2009 - varkoly@suse.de
|
||
|
||
- bnc#555814 – VUL-0: SMTPD_LISTEN_REMOTE="yes" by default
|
||
- bnc#555732 - Invalid $(hostname -i) usage SuSEconfig.postfix
|
||
- bnc#547928 – Postfix does not start during boot process
|
||
- Avoid append relay multiple times in POSTFIX_MAP_LIST
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 26 14:36:55 CET 2009 - varkoly@suse.de
|
||
|
||
- bnc#549612 – SuSEconfig.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 28 09:22:54 CEST 2009 - varkoly@suse.de
|
||
|
||
- bnc#540538 – postfix-2.6.1-10.1 installs new files in /etc/postfix and does not generate <file>.db
|
||
- bnc#519438 - Postfix: Running chrooted lets qmgr loosing his syslog-socket
|
||
- remove obsolate version tests from SuSEconfig.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 28 08:24:43 CEST 2009 - varkoly@suse.de
|
||
|
||
- bnc#525825 - when using cyrus in a chroot environment Suseconfig does not
|
||
create socket /var/lib/imap/socket/lmtp
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 14 11:34:41 UTC 2009 - chris@computersalat.de
|
||
|
||
- spec
|
||
o fdupes if >= 1100
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 10 21:22:46 CEST 2009 - chris@computersalat.de
|
||
|
||
- update to 2.6.1
|
||
o merge home:varkoly:Factory and o:F
|
||
- spec mods
|
||
o use of getent
|
||
- rpmlint
|
||
o remove unneeded dists from examples/chroot-setup/
|
||
o postin-without-ldconfig
|
||
o files-duplicate /usr/share/doc/packages/postfix-doc/html/
|
||
o files-duplicate /usr/share/man/man?
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 13 18:21:14 UTC 2009 - chris@computersalat.de
|
||
|
||
- added VDA patch
|
||
o Mailbox / Maildir size limit, known also as "soft quota",
|
||
to avoid user take all you disk space
|
||
o Customizable "limit" message when the soft quota limit is reached.
|
||
NOTE: message is sent to senders, but NOT to the owner of the mailbox.
|
||
o Limit only 'INBOX', because some people use IMAP and don't want
|
||
the same limit in IMAP folder that are differents from INBOX.
|
||
o Support for 'Courier' style Maildir, usefull for people that
|
||
use courier as pop3/imap server and to get fast soft quota summary.
|
||
Note that it is also compatible with qmail maildir per default.
|
||
o Supports for Courier 'maildirsize' file in Maildir folder that
|
||
is used to read quotas quickly. Note that this option is not
|
||
actived per default and can be dangerous on some NFS client
|
||
implementation
|
||
(like for example Solaris that cache some filesystem operations).
|
||
o Customisable suffix for Maildir support, when share same external
|
||
dict between postfix and pop3/imap server sometime "Maildir/" suffix
|
||
is needed to avoid extra database handling (eg LDAP, MySQL...).
|
||
- some improvements of SuSEconfig.postfix
|
||
o POSTFIX_LISTEN: Comma separated list of IP's
|
||
o POSTFIX_INET_PROTO: ipv4, ipv6, all
|
||
o POSTFIX_MYHOSTNAME: define SMTPs FQHOSTNAME
|
||
o POSTFIX_WITH_MYSQL: when using MySQL as backend
|
||
o POSTFIX_BASIC_SPAM_PREVENTION: "custom"
|
||
you can now define your own rules
|
||
- POSTFIX_SMTPD_CLIENT_RESTRICTIONS
|
||
- POSTFIX_SMTPD_HELO_RESTRICTIONS
|
||
- POSTFIX_SMTPD_SENDER_RESTRICTIONS
|
||
- POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS
|
||
- added helo_access for helo checks
|
||
- added relay for relaying domain
|
||
- added MySQL stuff when using MySQL as backend (virtuser)
|
||
o you should consider postfixAdmin as mgmnt interface
|
||
o when runninng postfix chrooted:
|
||
you have to run SUSEconfig each time when you have restarted MySQL
|
||
because of linking mysql.sock
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 29 15:18:52 CEST 2009 - varkoly@suse.de
|
||
|
||
- bnc#439287 - not all POSTFIX_ADD_* values are properly handled
|
||
by SuSEconfig.postfix
|
||
- bnc#483208 - Postfix configuration trashed after update
|
||
- bnc#488268 - SuSEconfig.postfix chroot setup misses /etc/ssl/certs
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 12 11:12:16 CET 2009 - varkoly@suse.de
|
||
|
||
- bnc#465165 - postfix src package
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 9 17:43:53 CET 2009 - varkoly@suse.de
|
||
|
||
- bnc#464869 - SuSEconfig.postfix causes DNS lookup
|
||
- bnc#460442 - amavisd-new and Postfix need fqdn-hostname in "uname -n"
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 5 13:54:11 CET 2009 - varkoly@suse.de
|
||
|
||
- update to 2.5.6
|
||
- The SMTP server did not ask for a client certificate
|
||
with "smtpd_tls_req_ccert = yes". Reported by Rob Foehl.
|
||
|
||
- Avoid reduced TCP performance when reusing an SMTP connection
|
||
with a larger than 4096-byte TCP MSS value. In practice, this
|
||
could happen only with loopback (localhost) connections.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Nov 16 12:16:03 CET 2008 - varkoly@suse.de
|
||
|
||
- (bnc#442456) - chrooted postfix and saslauthd
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 4 15:24:41 CET 2008 - ro@suse.de
|
||
|
||
- fix build
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 4 15:15:03 CET 2008 - varkoly@suse.de
|
||
|
||
- upgrade must not be executed during installation
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 14 11:16:21 CEST 2008 - varkoly@suse.de
|
||
|
||
- (bnc#403976) - permissions on /var/lib/postfix changed
|
||
- (bnc#433916) - postfix should be splitted into postfix and postfix-doc
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 11 14:34:22 CEST 2008 - varkoly@suse.de
|
||
|
||
- (bnc#415216) - Postfix RPM Install Displays Multiple Warnings
|
||
- clean up spec file
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 9 09:57:35 CEST 2008 - varkoly@suse.de
|
||
|
||
- Update to Version 2.5 patchlevel 5
|
||
* Bugfix (introduced Postfix 2.4): epoll file descriptor leak.
|
||
With Postfix >= 2.4 on Linux >= 2.6, Postfix has an epoll
|
||
file descriptor leak when it executes non-Postfix commands
|
||
in, for example, user-controlled $HOME/.forward files.
|
||
* Security: some systems have changed their link() semantics,
|
||
and will hardlink a symlink, contrary to POSIX and XPG4.
|
||
Sebastian Krahmer, SuSE. File: util/safe_open.c.
|
||
|
||
The solution introduces the following incompatible change:
|
||
when the target of mail delivery is a symlink, the parent
|
||
directory of that symlink must now be writable by root only
|
||
(in addition to the already existing requirement that the
|
||
symlink itself is owned by root). This change will break
|
||
legitimate configurations that deliver mail to a symbolic
|
||
link in a directory with less restrictive permissions.
|
||
* Bugfix: dangling pointer in vstring_sprintf_prepend().
|
||
File: util/vstring.c.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 25 18:45:03 CEST 2008 - mt@suse.de
|
||
|
||
- init script: copy LSB *-Start tags to *-Stop
|
||
- spec file: removed obsolete rc.config update hooks
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 6 13:33:01 CEST 2008 - varkoly@suse.de
|
||
|
||
- (bnc#414959) postfix doesn't have any "Name: " tag in firewall definition
|
||
- (bnc#405900) SuSEconfig.postfix changes owner and permissions of
|
||
/tmp if smtpd_tls_CApath is not set
|
||
|
||
- Update to Version 2.5 patchlevel 3
|
||
* Cleanup of code
|
||
* defer delivery when a mailbox file is not owned by the recipient.
|
||
Requested by Sebastian Krahmer, SuSE.
|
||
Specify "strict_mailbox_ownership=no" to ignore ownership discrepancies.
|
||
* Bugfix: null-terminate CN comment string after sanitization.
|
||
* Bugfix (introduced Postfix 2.0): after "warn_if_reject
|
||
reject_unlisted_recipient/sender", the SMTP server mistakenly
|
||
remembered that recipient/sender validation was already done.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 9 15:07:46 CEST 2008 - varkoly@suse.de
|
||
|
||
- (fate#305005) Enable SMTPS in postfix ootb
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 17 12:27:10 CEST 2008 - varkoly@suse.de
|
||
|
||
- (bnc#396985) sending of NUL character disallowed by RFC2822
|
||
- (bnc#397127) without relay is silent about undeliverable mails
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 13 18:17:09 CEST 2008 - varkoly@suse.de
|
||
|
||
- (bnc#389670) - postfix generates invalid config
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 1 16:17:31 CEST 2008 - mkoenig@suse.de
|
||
|
||
- remove dir /usr/share/omc/svcinfo.d as it is provided now
|
||
by filesystem
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 26 09:59:43 CET 2008 - varkoly@suse.de
|
||
|
||
- Update to Version 2.5 patchlevel 1
|
||
Changes: The Postfix 2.5 "postfix upgrade-configuration" command
|
||
now works even with Postfix 2.4 or earlier versions of the
|
||
postfix command. When installing Postfix 2.5.0 without upgrading
|
||
from an existing master.cf file, the new master.cf file had an
|
||
incorrect process limit for the proxywrite service. This service
|
||
is used only by the obscure "smtp_sasl_auth_cache_name" and
|
||
"lmtp_sasl_auth_cache_name" configuration parameters. Someone
|
||
needed multi-line support for header/body Milter replies. The
|
||
LDAP client's TLS support was broken in several ways.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 13 14:58:52 CET 2008 - varkoly@suse.de
|
||
|
||
- #360572 - postfix %post script leaves lots of backup files in /etc/postfix/
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 30 12:20:53 CET 2008 - varkoly@suse.de
|
||
|
||
- Update to Version 2.5 patchlevel 0
|
||
|
||
Major changes - critical
|
||
------------------------
|
||
|
||
[Incompat 20071224] The protocol to send Milter information from
|
||
smtpd(8) to cleanup(8) processes was cleaned up. If you use the
|
||
Milter feature, and upgrade a live Postfix system, you may see an
|
||
"unexpected record type" warning from a cleanup(8) server process.
|
||
To prevent this, execute the command "postfix reload". The
|
||
incompatibility affects only systems that use the Milter feature.
|
||
It does not cause loss of mail, just a minor delay until the remote
|
||
SMTP client retries.
|
||
|
||
[Incompat 20071212] The allow_min_user feature now applies to both
|
||
sender and recipient addresses in SMTP commands. With earlier Postfix
|
||
versions, only recipients were subject to the allow_min_user feature,
|
||
and the restriction took effect at mail delivery time, causing mail
|
||
to be bounced later instead of being rejected immediately.
|
||
|
||
[Incompat 20071206] The "make install" and "make upgrade" procedures
|
||
now create a Postfix-owned directory for Postfix-writable data files
|
||
such as caches and random numbers. The location is specified with
|
||
the "data_directory" parameter (default: "/var/lib/postfix"), and
|
||
the ownership is specified with the "mail_owner" parameter.
|
||
|
||
[Incompat 20071206] The tlsmgr(8) and verify(8) servers no longer
|
||
use root privileges when opening the address_verify_map,
|
||
*_tls_session_cache_database, and tls_random_exchange_name cache
|
||
files. This avoids a potential security loophole where the ownership
|
||
of a file (or directory) does not match the trust level of the
|
||
content of that file (or directory).
|
||
|
||
[Incompat 20071206] The tlsmgr(8) and verify(8) cache files should
|
||
now be stored as Postfix-owned files under the Postfix-owned
|
||
data_directory. As a migration aid, attempts to open these files
|
||
under a non-Postfix directory are redirected to the Postfix-owned
|
||
data_directory, and a warning is logged.
|
||
|
||
This is an example of the warning messages:
|
||
|
||
Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: request
|
||
to update file /etc/postfix/prng_exch in non-postfix directory
|
||
/etc/postfix
|
||
|
||
Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: redirecting
|
||
the request to postfix-owned data_directory /var/lib/postfix
|
||
|
||
If you wish to continue using a pre-existing tls_random_exchange_name
|
||
or address_verify_map file, move it to the Postfix-owned data_directory
|
||
and change ownership from root to Postfix (that is, change ownership
|
||
to the account specified with the mail_owner configuration parameter).
|
||
|
||
[Feature 20071205] The "make install" and "make upgrade" procedures
|
||
now create a Postfix-owned directory for Postfix-writable data files
|
||
such as caches and random numbers. The location is specified with
|
||
the "data_directory" parameter (default: "/var/lib/postfix"), and
|
||
the ownership is specified with the "mail_owner" parameter.
|
||
|
||
[Incompat 20071203] The "make upgrade" procedure adds a new service
|
||
"proxywrite" to the master.cf file, for read/write lookup table
|
||
access. If you copy your old configuration file over the updated
|
||
one, you may see warnings in the maillog file like this:
|
||
|
||
connect #xx to subsystem private/proxywrite: No such file or directory
|
||
|
||
To recover, run "postfix upgrade-configuration" again.
|
||
|
||
[Incompat 20070613] The pipe(8) delivery agent no longer allows
|
||
delivery with the same group ID as the main.cf postdrop group.
|
||
|
||
Major changes - malware defense
|
||
-------------------------------
|
||
|
||
[Feature 20080107] New "pass" service type in master.cf. Written
|
||
years ago, this allows future front-end daemons to accept all
|
||
connections from the network, and to hand over connections from
|
||
well-behaved clients to Postfix. Since this feature uses file
|
||
descriptor passing, it imposes no overhead once a connection is
|
||
handed over to Postfix. See master(5) for a few details.
|
||
|
||
[Feature 20070911] Stress-adaptive behavior. When a "public" network
|
||
service runs into an "all processes are busy" condition, the master(8)
|
||
daemon logs a warning, restarts the service, and runs it with "-o
|
||
stress=yes" on the command line (under normal conditions it runs
|
||
the service with "-o stress=" on the command line). This can be
|
||
used to make main.cf parameter settings stress dependent, for
|
||
example:
|
||
|
||
/etc/postfix/main.cf:
|
||
smtpd_timeout = ${stress?10}${stress:300}
|
||
smtpd_hard_error_limit = ${stress?1}${stress:20}
|
||
|
||
Translation: under conditions of stress, use an smtpd_timeout value
|
||
of 10 seconds instead of 300, and use smtpd_hard_error_limit of 1
|
||
instead of 20. The syntax is explained in the postconf(5) manpage.
|
||
|
||
The STRESS_README file gives examples of how to mitigate flooding
|
||
problems.
|
||
|
||
Major changes - tls support
|
||
---------------------------
|
||
|
||
[Incompat 20080109] TLS logging output has changed to make it more
|
||
useful. Existing logfile parser regular expressions may need
|
||
adjustment.
|
||
|
||
- More log entries include the "hostnamename[ipaddress]" of the
|
||
remote SMTP peer.
|
||
|
||
- Certificate trust chain error reports show only the first
|
||
error certificate (closest to the trust chain root), and the
|
||
reporting is more human-readable for the most likely errors.
|
||
|
||
- After the completion of the TLS handshake, the session is logged
|
||
with TLS loglevel >= 1 as either "Untrusted", "Trusted" or
|
||
"Verified" (SMTP client only).
|
||
- "Untrusted" means that the certificate trust chain is invalid,
|
||
or that the root CA is not trusted.
|
||
- "Trusted" means that the certificate trust chain is valid, and
|
||
that the root CA is trusted.
|
||
- "Verified" means that the certificate meets the SMTP client's
|
||
matching criteria for the destination:
|
||
- In the case of a destination name match, "Verified" also
|
||
implies "Trusted".
|
||
- In the case of a fingerprint match, CA trust is not applicable.
|
||
|
||
- The logging of protocol states with TLS loglevel >= 2 no longer
|
||
reports bogus error conditions when OpenSSL asks Postfix to refill
|
||
(or flush) network I/O buffers. This loglevel is for debugging
|
||
only; use 0 or 1 in production configurations.
|
||
|
||
[Feature 20080109] The Postfix SMTP client has a new "fingerprint"
|
||
security level. This avoids dependencies on CAs, and relies entirely
|
||
on bi-lateral exchange of public keys (really self-signed or private
|
||
CA signed X.509 public key certificates). Scalability is clearly
|
||
limited. For details, see the fingerprint discussion in TLS_README.
|
||
|
||
[Feature 20080109] The Postfix SMTP server can now use SHA1 instead
|
||
of MD5 to compute remote SMTP client certificate fingerprints. For
|
||
backwards compatibility, the default algorithm is MD5. For details,
|
||
see the "smtpd_tls_fingerprint_digest" parameter in the postconf(5)
|
||
manual.
|
||
|
||
[Feature 20080109] The maximum certificate trust chain depth
|
||
(verifydepth) is finally implemented in the Postfix TLS library.
|
||
Previously, the parameter had no effect. The default depth was
|
||
changed to 9 (the OpenSSL default) for backwards compatibility.
|
||
|
||
If you have explicity limited the verification depth in main.cf,
|
||
check that the configured limit meets your needs. See the
|
||
"lmtp_tls_scert_verifydepth", "smtp_tls_scert_verifydepth" and
|
||
"smtpd_tls_ccert_verifydepth" parameters in the postconf(5) manual.
|
||
|
||
[Feature 20080109] The selection of SSL/TLS protocols for mandatory
|
||
TLS can now use exclusion rather than inclusion. Either form is
|
||
acceptable; see the "lmtp_tls_mandatory_protocols",
|
||
"smtp_tls_mandatory_protocols" and "smtpd_tls_mandatory_protocols"
|
||
parameters in the postconf(5) manual.
|
||
|
||
Major changes - scheduler
|
||
-------------------------
|
||
|
||
[Feature 20071130] Revised queue manager with separate mechanisms
|
||
for per-destination concurrency control and for dead destination
|
||
detection. The concurrency control supports less-than-1 feedback
|
||
to allow for more gradual concurrency adjustments, and uses hysteresis
|
||
to avoid rapid oscillations. A destination is declared "dead" after
|
||
a configurable number of pseudo-cohorts(*) reports connection or
|
||
handshake failure.
|
||
|
||
(*) A pseudo-cohort is a number of delivery requests equal to a
|
||
destination's delivery concurrency.
|
||
|
||
The drawbacks of the old +/-1 feedback scheduler are a) overshoot
|
||
due to exponential delivery concurrency growth with each pseudo-cohort(*)
|
||
(5-10-20...); b) throttling down to zero concurrency after a single
|
||
pseudo-cohort(*) failure. The latter was especially an issue with
|
||
low-concurrency channels where a single failure could be sufficient
|
||
to mark a destination as "dead", and suspend further deliveries.
|
||
|
||
New configuration parameters: destination_concurrency_feedback_debug,
|
||
default_destination_concurrency_positive_feedback,
|
||
default_destination_concurrency_negative_feedback,
|
||
default_destination_concurrency_failed_cohort_limit, as well as
|
||
transport-specific versions of the same.
|
||
|
||
The default parameter settings are backwards compatible with older
|
||
Postfix versions. This may change after better defaults are field
|
||
tested.
|
||
|
||
The updated SCHEDULER_README document describes the theory behind
|
||
the new concurrency scheduler, as well as Patrik Rak's preemptive
|
||
job scheduler. See postconf(5) for more extensive descriptions of
|
||
the configuration parameters.
|
||
|
||
Major changes - small/home office
|
||
---------------------------------
|
||
|
||
[Feature 20080115] Preliminary SOHO_README document that combines
|
||
bits and pieces from other document in one place, so that it is
|
||
easier to find. This document describes the "mail sending" side
|
||
only.
|
||
|
||
[Feature 20071202] Output rate control in the queue manager. For
|
||
example, specify "smtp_destination_rate_delay = 5m", to pause five
|
||
minutes between message deliveries. More information in the postconf(5)
|
||
manual under "default_destination_rate_delay".
|
||
|
||
Major changes - smtp client
|
||
---------------------------
|
||
|
||
[Incompat 20080114] The Postfix SMTP client now by default defers
|
||
mail after a remote SMTP server rejects a SASL authentication
|
||
attempt. Specify "smtp_sasl_auth_soft_bounce = no" for the old
|
||
behavior.
|
||
|
||
[Feature 20080114] The Postfix SMTP client can now avoid making
|
||
repeated SASL login failures with the same server, username and
|
||
password. To enable this safety feature, specify for example
|
||
"smtp_sasl_auth_cache_name = proxy:btree:/var/lib/postfix/sasl_auth_cache"
|
||
(access through the proxy service is required). Instead of trying
|
||
to SASL authenticate, the Postfix SMTP client defers or bounces
|
||
mail as controlled with the new smtp_sasl_auth_soft_bounce configuration
|
||
parameter.
|
||
|
||
[Feature 20071111] Header/body checks are now available in the SMTP
|
||
client, after the implementation was moved from the cleanup server
|
||
to a library module. The SMTP client provides only actions that
|
||
don't change the message delivery time or destination: warn, replace,
|
||
prepend, ignore, dunno, ok.
|
||
|
||
[Incompat 20070614] By default, the Postfix Cyrus SASL client no
|
||
longer sends a SASL authoriZation ID (authzid); it sends only the
|
||
SASL authentiCation ID (authcid) plus the authcid's password. Specify
|
||
"send_cyrus_sasl_authzid = yes" to get the old behavior.
|
||
|
||
Major changes - smtp server
|
||
---------------------------
|
||
|
||
[Feature 20070724] Not really major. New support for RFC 3848
|
||
(Received: headers with ESMTPS, ESMTPA, or ESMTPSA); updated SASL
|
||
support according to RFC 4954, resulting in small changes to SMTP
|
||
reply codes and (DSN) enhanced status codes.
|
||
|
||
Major changes - milter
|
||
----------------------
|
||
|
||
[Incompat 20071224] The protocol to send Milter information from
|
||
smtpd(8) to cleanup(8) processes was cleaned up. If you use the
|
||
Milter feature, and upgrade a live Postfix system, you may see an
|
||
"unexpected record type" warning from a cleanup(8) server process.
|
||
To prevent this, execute the command "postfix reload". The
|
||
incompatibility affects only systems that use the Milter feature.
|
||
It does not cause loss of mail, just a minor delay until the remote
|
||
SMTP client retries.
|
||
|
||
[Feature 20071221] Support for most of the Sendmail 8.14 Milter
|
||
protocol features.
|
||
|
||
To enable the new features specify "milter_protocol = 6" and link
|
||
the filter application with a libmilter library from Sendmail 8.14
|
||
or later.
|
||
|
||
Sendmail 8.14 Milter features supported at this time:
|
||
|
||
- NR_CONN, NR_HELO, NR_MAIL, NR_RCPT, NR_DATA, NR_UNKN, NR_HDR,
|
||
NR_EOH, NR_BODY: The filter can tell Postfix that it won't reply
|
||
to some of the SMTP events that Postfix sends. This makes the
|
||
protocol less chatty and improves performance.
|
||
|
||
- SKIP: The filter can tell Postfix to skip sending the rest of
|
||
the message body, which also improves performance.
|
||
|
||
- HDR_LEADSPC: The filter can request that Postfix does not delete
|
||
the first space character between header name and header value
|
||
when sending a header to the filter, and that Postfix does not
|
||
insert a space character between header name and header value
|
||
when receiving a header from the filter. This fixes a limitation
|
||
in the old Milter protocol that can break DKIM and DK signatures.
|
||
|
||
- SETSYMLIST: The filter can override one or more of the main.cf
|
||
milter_xxx_macros parameter settings.
|
||
|
||
Sendmail 8.14 Milter features not supported at this time:
|
||
|
||
- RCPT_REJ: report rejected recipients to the mail filter.
|
||
|
||
- CHGFROM: replace sender, with optional ESMTP command parameters.
|
||
|
||
- ADDRCPT_PAR: add recipient, with optional ESMTP command parameters.
|
||
|
||
It is unclear when (if ever) the missing features will be implemented.
|
||
SMFIP_RCPT_REJ requires invasive changes in the SMTP server recipient
|
||
processing and error handling. SMFIR_CHGFROM and SMFIR_ADDRCPT_PAR
|
||
require ESMTP command-line parsing in the cleanup server. Unfortunately,
|
||
Sendmail's documentation does not specify what ESMTP options are
|
||
supported, but only discusses examples of things that don't work.
|
||
|
||
Major changes - address verification
|
||
------------------------------------
|
||
|
||
[Incompat 20070514] The default sender address for address verification
|
||
probes was changed from "postmaster" to "double-bounce", so that
|
||
the Postfix SMTP server no longer causes surprising behavior by
|
||
excluding "postmaster" from SMTP server access controls.
|
||
|
||
Major changes - ldap
|
||
--------------------
|
||
|
||
[Incompat 20071216] Due to an incompatible API change between
|
||
OpenLDAP 2.0.11 and 2.0.12, an LDAP client compiled for OpenLDAP
|
||
version <= 2.0.11 will refuse to work with an OpenLDAP library
|
||
version >= 2.0.12 and vice versa.
|
||
|
||
Major changes - logging
|
||
-----------------------
|
||
|
||
[Incompat 20080109] TLS logging output has changed to make it more
|
||
useful. Existing logfile parser regular expressions may need
|
||
adjustment.
|
||
|
||
- More log entries include the "hostnamename[ipaddress]" of the
|
||
remote SMTP peer.
|
||
|
||
- Certificate trust chain error reports show only the first
|
||
error certificate (closest to the trust chain root), and the
|
||
reporting is more human-readable for the most likely errors.
|
||
|
||
- After the completion of the TLS handshake, the session is logged
|
||
with TLS loglevel >= 1 as either "Untrusted", "Trusted" or
|
||
"Verified" (SMTP client only).
|
||
- "Untrusted" means that the certificate trust chain is invalid,
|
||
or that the root CA is not trusted.
|
||
- "Trusted" means that the certificate trust chain is valid, and
|
||
that the root CA is trusted.
|
||
- "Verified" means that the certificate meets the SMTP client's
|
||
matching criteria for the destination:
|
||
- In the case of a destination name match, "Verified" also
|
||
implies "Trusted".
|
||
- In the case of a fingerprint match, CA trust is not applicable.
|
||
|
||
- The logging of protocol states with TLS loglevel >= 2 no longer
|
||
reports bogus error conditions when OpenSSL asks Postfix to refill
|
||
(or flush) network I/O buffers. This loglevel is for debugging
|
||
only; use 0 or 1 in production configurations.
|
||
|
||
[Incompat 20071216] The SMTP "transcript of session" email now
|
||
includes the remote SMTP server TCP port number.
|
||
|
||
Major changes - loop detection
|
||
------------------------------
|
||
|
||
[Incompat 20070422] [Incompat 20070422] When the pipe(8) delivery
|
||
agent is configured to create the optional Delivered-To: header,
|
||
it now first checks if that same header is already present in the
|
||
message. If so, the message is returned as undeliverable. This test
|
||
should have been included with Postfix 2.0 when Delivered-To: support
|
||
was added to the pipe(8) delivery agent.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 8 10:00:12 CET 2008 - varkoly@suse.de
|
||
|
||
- Remove previous fix
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Dec 30 19:58:02 CET 2007 - varkoly@suse.de
|
||
|
||
- #301335 - [SuSEconfig]: Postfix module uses stderr
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 4 09:02:19 CET 2007 - varkoly@suse.de
|
||
|
||
- Update to Version 2.4 patchlevel 6
|
||
Bugfix (introduced Postfix 2.2.11): TLS client certificate
|
||
with unparsable canonical name caused the SMTP server's
|
||
policy client to allocate zero-length memory, triggering
|
||
an assertion that it shouldn't do such things. File:
|
||
smtpd/smtpd_check.c.
|
||
|
||
Bugfix (introduced Postfix 2.4) missing initialization of
|
||
event mask in the event_mask_drain() routine (used by the
|
||
obsolete postkick(1) command). Found by Coverity. File:
|
||
util/events.c.
|
||
|
||
Workaround: the flush daemon forces an access time update
|
||
for the per-destination logfile, to prevent an excessive
|
||
rate of delivery attempts when the queue file system is
|
||
mounted with "noatime". File: flush/flush.c.
|
||
|
||
- #330276 – /sbin/conf.d/SuSEconfig.postfix could copy certs into smtpd_tls_CApath
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 22 17:38:19 CEST 2007 - sbrabec@suse.cz
|
||
|
||
- Use correct SuSEfirewall2 rule directory.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 17 11:52:01 CEST 2007 - varkoly@suse.de
|
||
|
||
- #333629 - saslauthd typo in SuSEconfig.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 8 12:37:39 CEST 2007 - varkoly@suse.de
|
||
|
||
- #331044 - Postfix uses receive_override_options in main.cf
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 9 17:42:27 CEST 2007 - varkoly@suse.de
|
||
|
||
- fix the last fix
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 4 00:38:58 CEST 2007 - cthiel@suse.de
|
||
|
||
- fix the last fix
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 3 12:37:43 CEST 2007 - varkoly@suse.de
|
||
|
||
- Fixing bug: #297622 - SMTPD_LISTEN_REMOTE has no effect
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 6 00:26:31 CEST 2007 - mrueckert@suse.de
|
||
|
||
- Update to Version 2.4 patchlevel 5
|
||
Bugfix: the loopback TCP performance workaround was ineffective
|
||
due to a wetware bit-flip during code cleanup. File:
|
||
util/vstream_tweak.c.
|
||
|
||
(patch level 4)
|
||
Bugfix: the Milter client assumed that a Milter application
|
||
does not modify the message header or envelope, after that
|
||
same Milter application has modified the message body of
|
||
that same email message. This is not a problem with updates
|
||
by different Milter applications. Problem was triggered
|
||
by Jose-Marcio Martins da Cruz. Also simplified the handling
|
||
of queue file update errors. File: milter/milter8.c.
|
||
|
||
Workaround: some non-Cyrus SASL SMTP servers require SASL
|
||
login without authzid (authoriZation ID), i.e. the client
|
||
must send only the authcid (authentiCation ID) + the authcid's
|
||
password. In this case the server is supposed to derive
|
||
the authzid from the authcid. This works as expected when
|
||
authenticating to a Cyrus SASL SMTP server. To get the old
|
||
behavior specify "send_cyrus_sasl_authzid = yes", in which
|
||
case Postfix sends the (authzid, authcid, password), with
|
||
the authzid equal to the authcid. File: xsasl/xsasl_cyrus_client.c.
|
||
|
||
Portability: /dev/poll support for Solaris chroot jail setup
|
||
scripts. Files: examples/chroot-setup/Solaris8,
|
||
examples/chroot-setup/Solaris10.
|
||
|
||
Cleanup: Milter client error handling, so that the (Postfix
|
||
SMTP server's Milter client) does not get out of sync with
|
||
Milter applications after the (cleanup server's Milter
|
||
client) encounters some non-recoverable problem. Files:
|
||
milter/milter8.c, smtpd/smtpd.c.
|
||
|
||
Performance: workaround for poor TCP performance on loopback
|
||
(127.0.0.1) connections. Problem reported by Mark Martinec.
|
||
Files: util/vstream_tweak.c, milter/milter8.c, smtp/smtp_connect.c,
|
||
smtpstone/*source.c.
|
||
|
||
Bugfix: when a milter replied with ACCEPT at or before the
|
||
first RCPT command, the cleanup server would apply the
|
||
non_smtpd_milters setting as if the message was a local
|
||
submission. Problem reported by Jukka Salmi. Also, the
|
||
cleanup server would get out of sync with the milter when
|
||
a milter replied with ACCEPT at the DATA command. Files:
|
||
cleanup/cleanup_envelope.c, smtpd/smtpd.c, milter/milters.c.
|
||
- rediffed patches
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 31 18:21:11 CEST 2007 - varkoly@suse.de
|
||
|
||
- Update to Version 2.4 patchlevel 3
|
||
(patch level 1)
|
||
Bugfix (introduced Postfix 2.3): segfault with HOLD action
|
||
in access/header_checks/body_checks on 64-bit platforms.
|
||
File: cleanup/cleanup_api.c.
|
||
|
||
Portability (introduced 20070325): the fix for hardlinks
|
||
and symlinks in postfix-install forgot to work around shells
|
||
where "IFS=/ command" makes the IFS setting permanent. This
|
||
is allowed by some broken standard, and affects Solaris.
|
||
File: postfix-install.
|
||
|
||
Portability (introduced 20070212): the workaround for
|
||
non-existent library bugs with descriptors >= FD_SETSIZE
|
||
broke with "fcntl F_DUPFD: Invalid argument" on 64-bit
|
||
Solaris. Files: master/multi_server.c, *qmgr/qmgr_transport.c.
|
||
|
||
Cleanup: on (Linux) platforms that cripple signal handlers
|
||
with deadlock, "postfix stop" now forcefully stops all the
|
||
processes in the master's process group, not just the master
|
||
process alone. File: conf/postfix-script.
|
||
|
||
(patch level 2)
|
||
Bugfix: don't falsely report "lost connection from
|
||
localhost[127.0.0.1]" when Postfix is being portscanned.
|
||
Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.
|
||
|
||
Robustness: recommend a "0" process limit for policy servers
|
||
to avoid "connection refused" problems when the smtpd process
|
||
limit exceeds the default process limit. File:
|
||
proto/SMTPD_POLICY_README.html.
|
||
|
||
Safety: when IPv6 (or IPv4) is turned off, don't treat an
|
||
IPv6 (or IPv4) connection from e.g. inetd as if it comes
|
||
from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c,
|
||
qmqpd/qmqpd_peer.c.
|
||
|
||
Bugfix: Content-Transfer-Encoding: attribute values are
|
||
case insensitive. File: src/cleanup/cleanup_message.c.
|
||
|
||
Bugfix: mailbox_transport(_maps) and fallback_transport(_maps)
|
||
were broken when used with the error(8) or discard(8)
|
||
transports. Cause: insufficient documentation. Files:
|
||
error/error.c, discard/discard.c.
|
||
|
||
Bugfix (problem introduced Postfix 2.3): when DSN support
|
||
was introduced it broke "agressive" recipient duplicate
|
||
elimination with "enable_original_recipient = no". File:
|
||
cleanup/cleanup_out_recipient.c.
|
||
|
||
Bugfix (introduced Postfix 2.3): the sendmail/postdrop
|
||
commands would hang when trying to submit a message larger
|
||
than the per-message size limit. File: postdrop/postdrop.c.
|
||
|
||
Sabotage the saboteur who insists on breaking Postfix by
|
||
adding gethostbyname() calls that cause maildir delivery
|
||
to fail when the machine name is not found in /etc/hosts,
|
||
or that cause Postfix processes to hang when the network
|
||
is down.
|
||
|
||
(patch level 3)
|
||
Portability: Victor helpfully pointed out that change
|
||
20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c,
|
||
qmqpd/qmqpd_peer.c.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 21 08:30:45 CEST 2007 - varkoly@suse.de
|
||
|
||
- Bug 285553 amavisd inconsistency
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 19 18:55:43 CEST 2007 - dmueller@suse.de
|
||
|
||
- provide smtp meta-service as well
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 11 21:32:53 CEST 2007 - lrupp@suse.de
|
||
|
||
- don't PreRequire /sbin/ip: removed call in SuSEconfig.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 3 12:09:13 CEST 2007 - varkoly@suse.de
|
||
|
||
- dynamic_maps.patch: readded the chunk for dict_tcp and dict_pcre
|
||
- replaced prereq for postfix with a prereq on
|
||
%{name} = %{version}
|
||
- updated to postfix 2.4, patchlevel 0
|
||
Major changes - safety
|
||
* As a safety measure, Postfix now by default creates mailbox dotlock
|
||
files on all systems. This prevents problems with GNU POP3D which
|
||
subverts kernel locking by creating a new mailbox file and deleting
|
||
the old one
|
||
|
||
Major changes - Milter support
|
||
* The support for Milter header modification
|
||
requests was revised. With minimal change in the on-disk representation,
|
||
the code was greatly simplified, and regression tests were updated
|
||
to ensure that old errors were not re-introduced. The queue file
|
||
format is entirely backwards compatible with Postfix 2.3.
|
||
|
||
* Support for Milter requests to replace the message
|
||
body. Postfix now implements all the header/body modification
|
||
requests that are available with Sendmail 8.13.
|
||
|
||
* A new field is added to the queue file "size"
|
||
record that specifies the message content length. Postfix 2.3 and
|
||
older Postfix 2.4 snapshots will ignore this field, and will report
|
||
the message size as it was before the body was replaced.
|
||
|
||
Major changes - TLS support
|
||
* The check_smtpd_policy client sends TLS certificate
|
||
attributes (client ccert_subject, ccert_issuer) only after successful
|
||
client certificate verification. The reason is that the certification
|
||
verification status itself is not available in the policy request.
|
||
|
||
* The check_smtpd_policy client sends TLS certificate
|
||
fingerprint information even when the certificate itself was not
|
||
verified.
|
||
|
||
* The remote SMTP client TLS certificate fingerprint
|
||
can be used for access control even when the certificate itself was
|
||
not verified.
|
||
|
||
* The format of SMTP server TLS session cache
|
||
lookup keys has changed. The lookup key now includes the master.cf
|
||
service name.
|
||
|
||
Major changes - performance
|
||
* Better support for systems that run thousands
|
||
of Postfix processes. Postfix now supports FreeBSD kqueue(2),
|
||
Solaris poll(7d) and Linux epoll(4) as more scalable alternatives
|
||
to the traditional select(2) system call, and uses poll(2) when
|
||
examining a single file descriptor for readability or writability.
|
||
These features are supported on sufficiently recent versions of
|
||
FreeBSD, NetBSD, OpenBSD, Solaris and Linux; support for other
|
||
systems will be added as evidence becomes available that usable
|
||
implementations exist.
|
||
|
||
Major changes - delivery status notifications
|
||
* Small changes were made to the default bounce
|
||
message templates, to prevent HTML-aware software from hiding or
|
||
removing the text "<postmaster>", and producing misleading text.
|
||
|
||
* Postfix no longer announces its name in delivery
|
||
status notifications. Users believe that Wietse provides a free
|
||
help desk service that solves all their email problems.
|
||
|
||
Major changes - ETRN support
|
||
* More precise queue flushing with the ETRN,
|
||
"postqueue -s site", and "sendmail -qRsite" commands, after
|
||
minimization of race conditions. New per-queue-file flushing with
|
||
"postqueue -i queueid" and "sendmail -qIqueueid".
|
||
|
||
Major changes - small office/home office support
|
||
* Postfix no longer requires a domain name. It
|
||
uses "localdomain" as the default Internet domain name when no
|
||
domain is specified via main.cf or via the machine's hostname.
|
||
|
||
Major changes - SMTP access control
|
||
* The check_smtpd_policy client sends TLS certificate
|
||
attributes (client ccert_subject, ccert_issuer) only after successful
|
||
client certificate verification. The reason is that the certification
|
||
verification status itself is not available in the policy request.
|
||
|
||
* The check_smtpd_policy client sends TLS certificate
|
||
fingerprint information even when the certificate itself was not
|
||
verified.
|
||
|
||
* The remote SMTP client TLS certificate fingerprint can be used for
|
||
access control even when the certificate itself was not verified.
|
||
|
||
* The Postfix installation procedure no longer
|
||
updates main.cf with "unknown_local_recipient_reject_code = 450".
|
||
Four years after the introduction of mandatory recipient validation,
|
||
this transitional tool is no longer neeed.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 29 14:33:03 CEST 2007 - rguenther@suse.de
|
||
|
||
- Add pwdutils BuildRequires to allow postinst script to succeed.
|
||
- Add /usr/share/omc directory.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 26 10:32:36 CET 2007 - varkoly@suse.de
|
||
|
||
- #247351 - postfix - Ports for SuSEfirewall added via packages
|
||
|
||
- Move postfix.xml into the postfix-SuSE tarball
|
||
|
||
- #228479 - Postfix is configured for inet_protocols=all if
|
||
selecting ipv4 only support during installation.
|
||
Now we set both inet_protocols and inet_interfaces to all.
|
||
This means the available interfaces and protocols will be used.
|
||
To avoid bogus warnings inet_proto.c was patched.
|
||
|
||
- #251598 - postfix use pointers for literals
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 15 13:14:07 CET 2007 - varkoly@suse.de
|
||
|
||
- #144104 - postfix does not start
|
||
|
||
- Implementing Fate #301840: Postfix XML Service Description Document
|
||
|
||
- Enhancing /etc/sysconfig/postfix descripton to avoid problems
|
||
like Bug 228678 - Problems with setting up chroot environment if
|
||
/var/spool is not on same filesystem as /var
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 22 03:03:18 CET 2006 - mrueckert@suse.de
|
||
|
||
- moved the dict handling into a preun script instead of postun
|
||
and do not remove the dict entry on upgrade (#223176)
|
||
- removed duplicates in the filelists.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 10 11:43:00 CET 2006 - varkoly@suse.de
|
||
|
||
- #218229 - Postfix SuSEconfig script increases the max_proc line each run in master.cf
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 28 11:41:50 CEST 2006 - varkoly@suse.de
|
||
|
||
- #206414 - /usr/lib/sasl2/smtpd.conf misplaced
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 24 22:32:45 CEST 2006 - varkoly@suse.de
|
||
|
||
- #202119 – SuSEconfig script for Postfix incomplete
|
||
- #202162 – Postfix 2.3.2 slightly incorrect, Cyrus SASL unavailable
|
||
- #203174 – /sbin/conf.d/SuSEconfig.postfix should configure a TLS session cache for postfix 2.2
|
||
- #203575 – postfix-2.2.9-10 chokes without scache
|
||
- #213589 - No development package/headers for postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 16 01:24:20 CEST 2006 - ro@suse.de
|
||
|
||
- also add libpostfix-milter.so*
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 14 12:34:37 CEST 2006 - varkoly@suse.de
|
||
|
||
- updated to postfix 2.3, patchlevel 2
|
||
- Major changes
|
||
- Name server replies that contain a malformed hostname are now flagged
|
||
as permanent errors instead of transient errors.
|
||
- DSN support as described in RFC 3461 .. RFC 3464.
|
||
- The SMTP client now implements the LMTP protocol.
|
||
- Milter (mail filter) application support, compatible with Sendmail
|
||
version 8.13.6 and earlier.
|
||
- Major changes - SASL authentication
|
||
- Plug-in support for SASL authentication in the SMTP server and in the
|
||
SMTP/LMTP client.
|
||
- The Postfix-with-Cyrus-SASL build procedure has changed.
|
||
- Support for sender-dependent ISP accounts.
|
||
- Major changes - SMTP client
|
||
- The SMTP client now implements the LMTP protocol.
|
||
- This version addresses a performance stability problem with remote
|
||
SMTP servers.
|
||
- Major changes - SMTP server
|
||
- The Postfix SMTP server now refuses to receive mail from the network
|
||
if it isn't running with postfix mail_owner privileges.
|
||
- Optional suppression of remote SMTP client hostname lookup and hostname
|
||
verification.
|
||
- SMTPD Access control based on the existence of an address->name mapping
|
||
- Major changes - TLS
|
||
- New concept: TLS security levels ("none", "may", "encrypt", "verify"
|
||
or "secure") in the Postfix SMTP client.
|
||
- Both the Postfix SMTP client and server can be configured without a
|
||
client or server certificate.
|
||
- See
|
||
/usr/share/doc/packages/postfix/RELEASE_NOTES
|
||
/usr/share/doc/packages/postfix/TLS_CHANGES
|
||
/usr/share/doc/packages/postfix/README_FILES/SASL_README
|
||
for detailed informations.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 2 16:18:30 CEST 2006 - varkoly@suse.de
|
||
|
||
- Only %{conf_backup_dir} is contained by the package not /var/adm/backup
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 10 16:21:31 CEST 2006 - varkoly@suse.de
|
||
|
||
- Bugfix: #190639 Default number of processes for postfix
|
||
- Bugfix: #190270 postfix-postgresql
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 2 19:58:38 CEST 2006 - varkoly@suse.de
|
||
|
||
- Bugfix: #98188 - SuSE.tar.gz filename collision in cyrus/postfix SRPMs
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 24 17:14:40 CEST 2006 - varkoly@suse.de
|
||
|
||
- Bugfix: #165786 - yast2-mail modul uses obsolate postfix attributes
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 20 10:21:55 CET 2006 - varkoly@suse.de
|
||
|
||
- updated to postfix 2.2, patchlevel 9.
|
||
- Reasons:
|
||
Bugfix: the LMTP client would reuse a session after negative
|
||
reply to the RSET command (which may happen when client and
|
||
server somehow get out of sync).
|
||
Bugfix: race condition in the connection caching protocol,
|
||
causing the SMTP delivery agent to hang after delivering
|
||
mail, while trying to save a connection.
|
||
Bugfix: the best_mx_transport, mailbox_transport and
|
||
fallback_transport features did not write a per-recipient
|
||
defer logfile record when the target delivery agent was
|
||
broken.
|
||
Bugfix: an EHLO I/O error after STARTTLS would be reported
|
||
as a STARTTLS I/O error.
|
||
Bugfix: the *SQL, proxy and LDAP maps were not defined in
|
||
user-land commands such as postqueue.
|
||
Bugfix: the anvil server would terminate after "max_idle"
|
||
seconds, even when this was less than the anvil_rate_time_unit
|
||
interval.
|
||
Portability: 64-bit support for LINUX chroot script by Keith
|
||
Owens.
|
||
Safety: new "smtp_cname_overrides_servername" parameter.
|
||
|
||
Bugfix: mailbox_command_maps was not subject to $name
|
||
expansion.
|
||
Bugfix: don't ignore the per-site policy when SSL library
|
||
initialization fails.
|
||
Bugfix: a TLS per-site MUST_NOPEERMATCH policy could not
|
||
override a stronger main.cf policy, while a per-site NONE
|
||
policy could.
|
||
Bugfix: a combined TLS per-site (host, recipient) policy
|
||
of (NONE, MAY) changed a global MUST policy into NONE, and
|
||
a global MUST_NOPEERMATCH into MAY. The result is now NONE.
|
||
Problem found by exhaustive simulation.
|
||
Bugfix: an empty remote_header_rewrite_domain value caused
|
||
trivial-rewrite to dereference a null pointer, but only in
|
||
regression tests, not in production. Postfix rewrites
|
||
addresses in the remote rewriting context only when the
|
||
remote_header_rewrite_domain parameter value is non-empty.
|
||
Workaround: a malformed domain name lookup result (such as
|
||
null MX record) is now treated as a hard error, so that
|
||
Postfix will no longer repeatedly try to deliver mail until
|
||
the message expires in the queue. However, this will not
|
||
reject mail with reject_unknown_sender/recipient_domain.
|
||
That would require too much change for a stable release.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 27 02:19:42 CET 2006 - mls@suse.de
|
||
|
||
- converted neededforbuild to BuildRequires
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 24 09:11:46 CET 2006 - varkoly@suse.de
|
||
|
||
- Fixing the spec-file
|
||
- Bugfix: ID#143682 - Spurious (obsoleted?) configuration variable in postfix's main.cf
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 23 13:00:13 CET 2006 - varkoly@suse.de
|
||
|
||
- Bugfix: ID#140173 postfix allows relaying on the whole subnet
|
||
- Bugfix: ID#144091 postfix doesn't start with the latest kernel
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 20 11:56:24 CET 2006 - varkoly@suse.de
|
||
|
||
- Bugfix: ID#144091
|
||
- Postfix makes an entry in slp servre for smtp & smtps
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 16 14:49:29 CET 2006 - varkoly@suse.de
|
||
|
||
- removing openldap from "neededforbuild"
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 30 11:11:16 CET 2005 - choeger@suse.de
|
||
|
||
- updated to postfix 2.2, patchlevel 6
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 11 15:03:56 CEST 2005 - choeger@suse.de
|
||
|
||
- added patch ldap_api_changes.patch: openldap2.3 enforces to use
|
||
"The C LDAP Application Program Interface"
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 15 13:55:32 CEST 2005 - choeger@suse.de
|
||
|
||
- Bugfix Bugzilla ID#104663 - consistent use of variables in postfix
|
||
init-script
|
||
- Bugfix Bugzilla ID#104568 - SuSEconfig.postfix doesnt set $PATH properly to
|
||
find all binaries.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 12 10:25:09 CEST 2005 - mmj@suse.de
|
||
|
||
- Package the /usr/lib/sendmail -> /usr/sbin/sendmail link [#102947]
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 26 11:05:29 CEST 2005 - choeger@suse.de
|
||
|
||
- Bugfix Bugzilla ID#93884 - package postfix uses -fsigned-char
|
||
Remove -fsigned-char option for ppc and s390 archs
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 25 11:52:18 CEST 2005 - choeger@suse.de
|
||
|
||
- updated to postfix 2.2, patchlevel 5:
|
||
- Portability: the connection caching code broke on LP64
|
||
systems (inherited from Stevens Network Programming).
|
||
Files: util/unix_send_fd.c, util/unix_recv_fd.c. This code
|
||
is back-ported from the Postfix 2.3 snapshot release.
|
||
- Robustness: the SMTP client now disables connection caching
|
||
when it is unable to communicate with the scache(8) server,
|
||
instead of looping forever and not delivering mail. File:
|
||
global/scache_clnt.c. This code is back-ported from the
|
||
Postfix 2.3 snapshot release.
|
||
- Portability: after sending a socket, the scache(8) server
|
||
now waits for an ACK from the connection cache client before
|
||
closing the socket that it just sent. Files: scache/scache.c,
|
||
global/scache_clnt.c. This code is back-ported from the
|
||
Postfix 2.3 snapshot release.
|
||
- Portability: on LP64 systems, integer expressions are int,
|
||
but sizeof() and pointer difference expressions are larger.
|
||
Point fixes for a few discrepancies with variadic functions
|
||
that expect int (the permanent fix is to change the receiving
|
||
modules, but that results in too much change, and is not
|
||
allowed in the stable release). Files: tls/tls_scache.c,
|
||
util/clean_env.c, util/vstring.h, smtpstone/qmqp-source.c.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 18 15:49:16 CEST 2005 - choeger@suse.de
|
||
|
||
- force to set strict_8bitmime to "no" when POSTFIX_MDA != cyrus,
|
||
because once it is set to "yes", nobody sets it back.
|
||
- only install /etc/pam.d/smtp if suse_version > 920
|
||
- use Prereq instead of Requires for mysql and postgresql subpackages
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 13 16:59:14 CEST 2005 - choeger@suse.de
|
||
|
||
- added /etc/pam.d/smtp configuration file
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 7 16:44:05 CEST 2005 - choeger@suse.de
|
||
|
||
- Fixed build on x86_64: use -fPIC for libraries and -fPIE for the
|
||
rest
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 5 17:57:48 CEST 2005 - choeger@suse.de
|
||
|
||
- applied dynamic maps patch of LaMont Jones at debian
|
||
- Fix to SuSEconfig.postfix: only touch tlsmgr line in master.cf,
|
||
if it is the new one using unix socket instead of fifo
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 30 17:52:10 CEST 2005 - uli@suse.de
|
||
|
||
- build with -fPIE (not -fpie) to avoid GOT overflow on s390x
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 23 10:22:18 CEST 2005 - choeger@suse.de
|
||
|
||
- updated to postfix 2.2, patchlevel 4
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 17 17:06:39 CEST 2005 - choeger@suse.de
|
||
|
||
- fixed build using -pie/-fpie (hopefully)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 17 11:04:03 CEST 2005 - choeger@suse.de
|
||
|
||
- Build using -pie
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 13 18:24:50 CEST 2005 - choeger@suse.de
|
||
|
||
- set strict_8bitmime parameter to yes when using cyrus mailbox
|
||
delivery
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 4 15:54:33 CEST 2005 - choeger@suse.de
|
||
|
||
- Bugfix ID#66325 - postfix: permissions
|
||
also ship a postfix.paranoid file with the package with all suid and sgid
|
||
bits disabled
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 3 16:29:04 CEST 2005 - choeger@suse.de
|
||
|
||
- updated to postfix 2.2, patchlevel 3
|
||
- Bugfix ID#75717 - postfix init scripts reports success allthough postfix is
|
||
not running:
|
||
use checkproc again instead of "master -t", as "master -t" seems to be broken
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 21 17:42:04 CEST 2005 - choeger@suse.de
|
||
|
||
- updated to postfix 2.2, patchlevel 2
|
||
- Bugfix ID#74712, problems with read-only mounting of $chroot/proc:
|
||
don't mount /var/spool/postfix/proc ro as that results in /proc also mounted
|
||
ro.
|
||
- Bugfix ID#74709, postfix configuration and USE_IPV6 in
|
||
sysconfig/network/config
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 15 17:46:44 CET 2005 - choeger@suse.de
|
||
|
||
- updated to postfix 2.2, patchlevel 1
|
||
Postfix 2.2.1 solves four portability problems that surfaced in
|
||
the week since the 2.2.0 release, one harmless bug in the TLS
|
||
session cache cleaning code, and cleans up minor documentation
|
||
problems.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 10 10:18:45 CET 2005 - choeger@suse.de
|
||
|
||
- 2.2.0 is out
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 7 14:15:08 CET 2005 - choeger@suse.de
|
||
|
||
- update to RC2
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 2 15:01:33 CET 2005 - choeger@suse.de
|
||
|
||
- make it compile with gcc4
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 28 18:03:36 CET 2005 - choeger@suse.de
|
||
|
||
- RC1 of 2.2 is out
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 18 16:34:07 CET 2005 - choeger@suse.de
|
||
|
||
- use "usr/sbin/postfix upgrade-configuration" now instead of
|
||
"etc/postfix/post-install upgrade-package"
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 17 19:28:22 CET 2005 - choeger@suse.de
|
||
|
||
- removed some @ chars (don't know how they slipped in)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 17 13:42:18 CET 2005 - choeger@suse.de
|
||
|
||
- update to current pre 2.2 snapshot (2.2-20050216)
|
||
2.2 release could happen next week
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 10 09:08:18 CET 2005 - choeger@suse.de
|
||
|
||
- added patch needed for the Kolab project (this patch is part of the upcoming
|
||
postfix 2-2 release), see
|
||
http://wiki.kolab.org/index.php/Kolab-major-app-patches
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 3 10:00:38 CET 2005 - choeger@suse.de
|
||
|
||
- s/X-UnitedLinux-Should-Start/Should-Start/
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 2 16:44:34 CET 2005 - choeger@suse.de
|
||
|
||
- added long_header.patch
|
||
long lines piped into postfix sendmail can lead to errors.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 2 08:52:19 CET 2005 - choeger@suse.de
|
||
|
||
- Bugfix ID#49307: faster postfix startup: don't use hashed directories if
|
||
possible:
|
||
- added patch empty_hash_queue_names.patch to be able to modify
|
||
hash_queue_names parameter.
|
||
- added check to %post to change hash_queue_names in case of
|
||
/var/spool/postfix residing on a reiserfs partition when doing
|
||
a fresh installation
|
||
- Bugfix ID#50386 - postfix must prereq /sbin/ip (iproute2)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 28 16:29:05 CET 2005 - choeger@suse.de
|
||
|
||
- updated tls+ipv6 patchkit to v1.26
|
||
- Bugfix: Incomplete error checking in getaddrinfo() could cause lmtpd to
|
||
crash with debug_peer_list defined. Carsten Hoeger, SuSE. File:
|
||
util/match_ops.c
|
||
- Linux workaround: When mynetworks isn't set, a chrooted process could not
|
||
read the IPv6 address information from /proc. We now invoke own_inet_addr()
|
||
before chrooting, while processing main.cf. [backported from 2.2-nonprod
|
||
snapshot] File: global/mail_params.c
|
||
- Safety: when IPv6 netmask can't be determined, mynetworks is not set and
|
||
mynetworks_style = subnet, assume /128 (host only). Until now, Tru64Unix
|
||
assumed /64 (good for real subnets, but not safe for tunnel ranges etc.).
|
||
File: util/inet_addr_local.c
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 15 20:48:48 CET 2005 - schwab@suse.de
|
||
|
||
- Use <owner>:<group> in permissions file.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 13 16:16:41 CET 2005 - choeger@suse.de
|
||
|
||
- Two fixes to ipv6-patch related bugs:
|
||
- Bugfix Bugzilla ID#49435 - VUL-0: Postfix, permit_mx_backup, IPv6, chroot
|
||
--> Open Relay!
|
||
- Bugfix Bugzilla ID#49695 - SEGV while lmtp delivery
|
||
- mount /proc into chroot jail to be able to access /proc/net/if_inet6
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 24 14:46:16 CET 2004 - schwab@suse.de
|
||
|
||
- Put options first in find command line.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 9 09:20:27 CET 2004 - choeger@suse.de
|
||
|
||
- setting LC_ALL=POSIX in SuSEconfig.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 29 18:14:13 CEST 2004 - choeger@suse.de
|
||
|
||
- Bugfix Bugzilla ID#46462, postfix should switch biff off
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 21 12:48:02 CEST 2004 - choeger@suse.de
|
||
|
||
- updated to postfix 2.1, patchlevel 5
|
||
(several small bugfixes)
|
||
- updated tls+ipv6 patchkit (there have been some small bugs)
|
||
- use v4 address 127.0.0.1 as amavisd-new local contact address
|
||
as amavisd is not listening on any v6 address
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 20 09:51:25 CEST 2004 - choeger@suse.de
|
||
|
||
- also chmod the .db file resulting of a postmap (related to
|
||
bugfix ID#39045
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 16 13:57:32 CEST 2004 - choeger@suse.de
|
||
|
||
- Bugfix Bugzilla ID#39045 - tls_per_site table updates in SuSEconfig.postfix
|
||
introduced POSTFIX_MAP_LIST in /etc/sysconfig/postfix where additional
|
||
maps maintained by SuSEconfig.postfix can be added
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 16 10:34:58 CEST 2004 - choeger@suse.de
|
||
|
||
- Bugfix Bugzilla ID#45252 - rpm calls SuSEconfig.permissions which calls rpm
|
||
-> 3 minute timeout
|
||
Also don't call rpm from SuSEconfig.postfix
|
||
- Speedup: set timestamp of $TMPDIR/main.cf into the past to workaround
|
||
postconf safety which is not neccessary, because we do not touch the main.cf,
|
||
the postfix daemons are using.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 13 11:57:15 CEST 2004 - choeger@suse.de
|
||
|
||
- added $time to Required-Start in init-script
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 26 14:15:31 CEST 2004 - choeger@suse.de
|
||
|
||
- do not filter locally delivered mail when USE_AMAVIS=yes
|
||
(don't set content_filter=vscan in main.cf)
|
||
- removed obsolete vscan service definition from master.cf
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 20 12:47:52 CEST 2004 - choeger@suse.de
|
||
|
||
- use "$MASTER_BIN -t" to check whether postfix is already running
|
||
in start section of init-script. That's more reliable then checkproc.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 14 17:48:29 CEST 2004 - choeger@suse.de
|
||
|
||
- Bugfix Bugzilla ID#42995 - SuSEconfig.postfix should ignore
|
||
.swp and other files in /etc/aliases.d
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 13 16:22:02 CEST 2004 - choeger@suse.de
|
||
|
||
- Bugfix Bugzilla ID#42281, openssl ca segfaults:
|
||
added missing [ policy_anything ] configuration
|
||
options to openssl.cnf
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 12 14:58:58 CEST 2004 - choeger@suse.de
|
||
|
||
- updated to postfix 2.1, patchlevel 4
|
||
- updated tls+ipv6 patchkit to v1.25
|
||
- new feature POSTFIX_REGISTER_SLP in /etc/sysconfig/postfix
|
||
to be able to totally disable slptool from being started
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 25 12:42:45 CEST 2004 - choeger@suse.de
|
||
|
||
- updated tls+ipv6 patchkit to v1.24:
|
||
- Bugfix: Prefixlen non-null host portion validation (in CIDR maps for
|
||
example) yielded incorrect results sometimes because signed arithmetic was
|
||
used instad of unsigned.
|
||
- Patch correction: The TLS+IPv6 patch for Postfix 2.1.0 missed the master.cf
|
||
update (used for new installattions). Added it back.
|
||
- as tls and ipv6 patches have not been completely ported to postfix 2.1
|
||
new documentation system, especially the new postconf(5) manpage is
|
||
missing the complete ipv6 and tls related configuration parameters,
|
||
readded the sample-* files from ipv6+tls to %doc/samples
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 4 11:24:20 CEST 2004 - choeger@suse.de
|
||
|
||
- update to postfix 2.1, patchlevel 1:
|
||
- Patch 01 fixes a signal 11 problem in the check_policy_service
|
||
feature when SASL support is compiled in but turned off in the
|
||
SMTP server (smtpd_sasl_auth_enable = no).
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 28 10:46:55 CEST 2004 - choeger@suse.de
|
||
|
||
- added now officially released tls patchkit 0.8.18-2.1.0-0.9.7d to
|
||
the source package for the user to be able to build a non-ipv6
|
||
postfix package
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 26 17:46:01 CEST 2004 - choeger@suse.de
|
||
|
||
- official tls+ipv6 v1.23 patchkit released:
|
||
- Patch fixes: Several code fixes to make the patch compile and work
|
||
correctly when compiled without IPv6 support.
|
||
- Bugfix (Solaris only?): address family length was not updated
|
||
which could cause client hostname validation errors. File:
|
||
smtpd/smtpd_peer.c
|
||
- Portability: added support for Darwin 7.3+. This may need some
|
||
further testing.
|
||
- Cleanup: Restructure and redocument interface address retrieval
|
||
functions. (This reduced the number of preprocessor statements
|
||
from 99 to 93 ;) File: util/inet_addr_local.c
|
||
- Cleanup: make several explicit casts to have compilers shut their
|
||
pie holes about uninteresting things.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 23 11:22:35 CEST 2004 - choeger@suse.de
|
||
|
||
- update to final postfix v2.1
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 21 17:35:26 CEST 2004 - choeger@suse.de
|
||
|
||
- Bugfix: changed {main,master}.cf backup path in specfile, but not in
|
||
SuSEconfig script
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 21 11:55:43 CEST 2004 - choeger@suse.de
|
||
|
||
- update to postfix 2.1 RC5
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 19 14:23:19 CEST 2004 - choeger@suse.de
|
||
|
||
- update to current postfix 2.1 release candidate (RC4)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 7 13:09:09 CEST 2004 - choeger@suse.de
|
||
|
||
- Bugfix Bugzilla ID#38569, exit SuSEconfig.postfix if
|
||
mktemp fails
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 30 11:13:38 CEST 2004 - choeger@suse.de
|
||
|
||
- Bugfix Bugzilla ID#37409
|
||
the saslauthd socket is not copied to chroot jail due to
|
||
a wrong test in SuSEconfig.postfix (used -L instead of -S)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 29 20:03:16 CEST 2004 - choeger@suse.de
|
||
|
||
- only add ::1 to inet_interfaces when SMTPD_LISTEN_REMOTE=no
|
||
AND ipv6 is enabled
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 29 11:03:56 CEST 2004 - choeger@suse.de
|
||
|
||
- Bugfix Bug ID#37293, SuSEConfig complains POSTFIX_ADD_* parameters are
|
||
unknown (in turkish locale settings)
|
||
added LC_CTYPE=POSIX to SuSEconfig.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 25 10:54:26 CET 2004 - choeger@suse.de
|
||
|
||
- updated to tls+ipv6 version 1.22 (related to Bugzilla ID#35884)
|
||
- Feature: Support "inet_interfaces = IPv4:all" and "inet_interfaces =
|
||
IPv6:all", to restrict postfix to use either IPv4-only or IPv6-only. A more
|
||
complete implementation will be part of a future patch. (Slightly modified)
|
||
patch by Michal Ludvig, SuSE. Files: util/interfaces_to_af.[ch],
|
||
util/inet_addr_local.c, global/own_inet_addr.c,
|
||
global/wildcard_inet_addr.[ch], master/master_ent.ch
|
||
- Bugfix: In Postfix snapshots, a #define was misplaced with the effect that
|
||
IPv6 subnets were not included in auto- generated $mynetworks (i.e.,
|
||
mynetworks not defined in main.cf, when also mynetworks_style=subnet) on
|
||
Linux 2.x systems. File: utils/sys_defs.h
|
||
- now adding ::1 to inet_interfaces when SMTPD_LISTEN_REMOTE=no
|
||
(related to Bugzilla ID#35884)
|
||
- enabled ipv6 again
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 18 12:37:44 CET 2004 - choeger@suse.de
|
||
|
||
- updated to most recent snapshot version 2.0.19-20040312:
|
||
Patch 19 fixes two low-priority problems:
|
||
|
||
- When mail is submitted at a high rate with the Postfix sendmail
|
||
command, the pickup daemon is keps busy long enough that it it
|
||
terminated by the watchdog timer (a feature that prevents Postfix
|
||
from locking up permanently).
|
||
|
||
- Malformed addresses in SMTP commands could result in table looks
|
||
with zero-length search strings, causing trouble with NIS lookups.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 17 16:51:00 CET 2004 - choeger@suse.de
|
||
|
||
- disable IPv6 patch as it introduces problems for people
|
||
who do not use IPv6, see Bugzilla ID#35884,
|
||
"ipv6 mynetworks don't work"
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 8 15:58:35 CET 2004 - choeger@suse.de
|
||
|
||
- be a nice packager and strictly follow
|
||
http://www.porcupine.org/postfix-mirror/newdoc/PACKAGE_README.html
|
||
(added setgid_group=... to post-install upgrade-package)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 27 11:37:56 CET 2004 - choeger@suse.de
|
||
|
||
- update to most recent version 2.0.18-20040209
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 23 15:25:20 CET 2004 - choeger@suse.de
|
||
|
||
- Bugfix Bugzilla ID#34817, SuSEconfig.postfix doesn't specify direct path to
|
||
"postconf" and generates errors if run via sudo by a non-root user.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 6 13:15:49 CET 2004 - choeger@suse.de
|
||
|
||
- update to postfix 2.0.18-20040205
|
||
- enabled tls+ipv6 patch as it is now available for latest
|
||
pre 2.1 snapshot
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 2 13:22:54 CET 2004 - choeger@suse.de
|
||
|
||
- finally, the official TLS patchkit of Lutz hit the ground
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 2 11:02:16 CET 2004 - choeger@suse.de
|
||
|
||
- additional fix for the TLS extensions patch
|
||
should also fix Bugzilla ID#34218
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 23 12:15:00 CET 2004 - choeger@suse.de
|
||
|
||
- fixed the smtp segfault
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 22 21:37:51 CET 2004 - choeger@suse.de
|
||
|
||
- updated to postfix 2.0.18-20040122
|
||
- added new feature for specfile usetls to en/dis-able TLS
|
||
support
|
||
- temporary removed TLS support (self adapted patch to most recent
|
||
postfix snapshot version) as it currently results in smtp segfaulting
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 22 13:53:44 CET 2004 - choeger@suse.de
|
||
|
||
- update to recent postfix snapshot version 2.0.17-20040120
|
||
which will become the next official release 2.1 around
|
||
next week according to Wietse Venema.
|
||
- added possibility to compile using the combined IPV6/TLS patch
|
||
which can be downloaded from http://www.ipnet6.org/postfix/
|
||
just set useipv6 to 1 at the top of the specfile.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 22 01:45:58 CET 2004 - ro@suse.de
|
||
|
||
- remove call to ldap_enable_cache
|
||
(function has been removed from openldap and was already
|
||
obsolete before (warning was issued back then))
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 14 16:38:06 CET 2004 - choeger@suse.de
|
||
|
||
- added openslp register/derigister calls to postfix init-script
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 12 15:50:35 CET 2004 - choeger@suse.de
|
||
|
||
- add postfix user to group mail in case of POSTFIX_MDA==cyrus
|
||
to let postfix lmtp access /var/lib/imap/socket/lmtp
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 8 16:00:30 CET 2004 - choeger@suse.de
|
||
|
||
- Bugfix Bugzilla ID#33421, SMTP-Auth and relaying
|
||
added permit_sasl_authenticated also to smtpd_recipient_restrictions
|
||
in SuSEconfig.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 1 14:51:06 CET 2003 - choeger@suse.de
|
||
|
||
- always create temp files and always remove them later on
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 17 12:51:09 CET 2003 - choeger@suse.de
|
||
|
||
- some .spec improvements
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 30 12:13:51 CET 2003 - mmj@suse.de
|
||
|
||
- Run SuSEconfig after install
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 29 20:23:44 CET 2003 - mmj@suse.de
|
||
|
||
- Don't build as root
|
||
- Be nice and clean up after ourselves
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 14 15:47:52 CEST 2003 - choeger@suse.de
|
||
|
||
- update to postfix v2.0.16
|
||
- update to tls extensions v0.8.16
|
||
- Fix for Bugzilla ID#32114, fixed some if condition syntaxes
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 16 10:29:25 CEST 2003 - choeger@suse.de
|
||
|
||
- fixed example for POSTFIX_RELAYHOST, Bug ID#30756
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 8 09:49:49 CEST 2003 - choeger@suse.de
|
||
|
||
- updated some sysconfig descriptions
|
||
- removed relays.osirosoft.com from the examples, Bug ID#30215
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 4 15:40:25 CEST 2003 - kukuk@suse.de
|
||
|
||
- Fix next useradd call
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 3 11:31:54 CEST 2003 - choeger@suse.de
|
||
|
||
- conf/postfix-files as input for /etc/permissions.d/postfix (Bug ID#29915)
|
||
- generate better amavisd-new master.cf line:
|
||
limit maxproc to 2 and use brackets around localhost
|
||
(Bug ID#29917)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 1 13:08:33 CEST 2003 - choeger@suse.de
|
||
|
||
- use conf/postfix-files as input for directories and permissions
|
||
for files/directories in/below $queue_directory and $command_directory
|
||
- use /var/lib/imap/socket/lmtp as lmtp socket in SuSEconfig.postfix
|
||
and change access modes of /var/lib/imap and /var/lib/imap/socket
|
||
to let postfix lmtp access the unix socket
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 29 11:43:53 CEST 2003 - kukuk@suse.de
|
||
|
||
- Create postfix user as system account [Bug #29611]
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 29 08:48:52 CEST 2003 - kukuk@suse.de
|
||
|
||
- Adjust sendmail permissions
|
||
- Create /var/spool/postfix/public with permissions postfix is
|
||
using
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 29 00:27:03 CEST 2003 - mmj@suse.de
|
||
|
||
- Add sendmail to /etc/sysconfig/mail
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 14 18:41:19 CEST 2003 - choeger@suse.de
|
||
|
||
- update to Postfix 2.0 Patch 14
|
||
- Bugfix Bugzilla ID#28921:
|
||
missing activation metadata in sysconfig template
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 30 11:48:21 CEST 2003 - choeger@suse.de
|
||
|
||
- new macros for stop/restart of services on rpm update/removal
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 21 13:33:53 CEST 2003 - choeger@suse.de
|
||
|
||
- chown user:group instead of user.group
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 11 11:23:05 CEST 2003 - choeger@suse.de
|
||
|
||
- update to tls extensions 0.8.15-2.0.13-0.9.7b
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 1 15:44:05 CEST 2003 - choeger@suse.de
|
||
|
||
- updated SuSEconfig to use amavisd-new instead of amavis[d]-postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 30 17:43:20 CEST 2003 - choeger@suse.de
|
||
|
||
- update to Postfix 2.0 Patch 13
|
||
- After "postfix reload", the master daemon now warns when the
|
||
inet_interfaces parameter setting has changed, and ignores the
|
||
change, instead of passing incorrect information to the smtp
|
||
server.
|
||
- After the postdrop command change with Postfix 2.0.11, the postcat
|
||
command no longer recognized "maildrop" queue files as valid.
|
||
- Mail could bounce when two messages were delivered simultaneously
|
||
to a non-existent mailbox file. The safe_open() code that prevents
|
||
race condition exploits will now try a little harder when it
|
||
actually encounters a race condition.
|
||
- update to tls extensions 0.8.14-2.0.12-0.9.7b
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 12 13:27:48 CEST 2003 - choeger@suse.de
|
||
|
||
- also change path to smtpd.conf in sysconfig template parameter
|
||
description dependent on what %{_lib} is set to.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 12 09:51:33 CEST 2003 - choeger@suse.de
|
||
|
||
- update to postfix 2.0, patchlevel 12
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 11 17:55:21 CEST 2003 - choeger@suse.de
|
||
|
||
- mkdir -p $RPM_BUILD_ROOT/%{_libdir}/sasl2 instead of
|
||
$RPM_BUILD_ROOT/usr/lib/sasl2
|
||
and we also can build on 64bit archs
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 11 14:25:29 CEST 2003 - choeger@suse.de
|
||
|
||
- package /usr/lib/sasl2/smtpd.conf using %{_libdir}/sasl2/smtpd.conf
|
||
- added /etc/postfix to filelist
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 11 09:11:11 CEST 2003 - choeger@suse.de
|
||
|
||
- update to postfix 2.0, patchlevel 11
|
||
- update to tls extensions 0.8.13-2.0.10-0.9.7b
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 23 14:33:01 CEST 2003 - choeger@suse.de
|
||
|
||
- updated SuSE/master.cf toplevel comments
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 23 14:19:43 CEST 2003 - choeger@suse.de
|
||
|
||
- update to postfix 2.0, patchlevel 10
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 19 12:42:36 CEST 2003 - choeger@suse.de
|
||
|
||
- remove installed (but unpackaged) file /etc/postfix/aliases
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 19 10:12:52 CEST 2003 - choeger@suse.de
|
||
|
||
- path to ca, certificate and key is relative to $POSTFIX_SSL_PATH,
|
||
added $POSTFIX_SSL_PATH/ to the relevant parts of SuSEconfig.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 14 11:29:48 CEST 2003 - choeger@suse.de
|
||
|
||
- correctly handle new POSTFIX_SMTP_TLS_CLIENT parameter in
|
||
SuSEconfig.postfix (activate/deactivate master.cf entries)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 14 11:05:36 CEST 2003 - choeger@suse.de
|
||
|
||
- added libxcrypt to chroot jail, Bugzilla ID#25766
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 13 20:40:00 CEST 2003 - choeger@suse.de
|
||
|
||
- added TLS_CLIENT support, Bugzilla ID#26647
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 23 13:43:02 CEST 2003 - choeger@suse.de
|
||
|
||
- update to postfix 2.0, patchlevel 9
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 15 10:27:13 CEST 2003 - ro@suse.de
|
||
|
||
- fixed neededforbuild
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 7 12:58:01 CEST 2003 - choeger@suse.de
|
||
|
||
- update to postfix 2.0, patchlevel 7
|
||
- update to tls extensions 0.8.13-2.0.6-0.9.7a
|
||
- Bugfix Bugzilla ID#25905, do not restrict mailbox size per default
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 8 15:56:26 CET 2003 - choeger@suse.de
|
||
|
||
- use checkproc to check if there really is a postfix master
|
||
process running when there's a pid file lying around.
|
||
(Bugzilla ID#24910)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 6 11:02:12 CET 2003 - choeger@suse.de
|
||
|
||
- update to Postfix 2.0 Patch 06
|
||
- Postfix now truncates non-address information in message address
|
||
headers (comments, etc.) to 250 characters per address. This should
|
||
rarely present a problem. Reportedly, junk mail from poorly written
|
||
software can trigger the protection, but that is no great loss.
|
||
- Some little fixes to documentation.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 4 10:29:31 CET 2003 - choeger@suse.de
|
||
|
||
- update to Postfix 2.0 Patch 05
|
||
- The SMTP server's hard and soft error limits were off by one.
|
||
With "smtpd_hard_error_limit = 1", Postfix will now disconnect
|
||
after the first error, instead of the second one.
|
||
- The proxymap server could deadlock when the mydestination parameter
|
||
setting included a proxymapped lookup table.
|
||
- Some little fixes to documentation.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 1 16:41:10 CET 2003 - choeger@suse.de
|
||
|
||
- when updating postfix, check whether post-install changed
|
||
main/master.cf and update md5sums to not confuse SuSEconfig
|
||
- when installing postfix on a fresh system, create md5sums
|
||
in %post to be able to let check_md5_and_move() detect
|
||
changes that a user might have done without running SuSEconfig
|
||
before.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 27 19:01:32 CET 2003 - choeger@suse.de
|
||
|
||
- no longer remove md5sums of main.cf and master.cf during
|
||
postinstall, as SuSEconfig then no longer knows, whether
|
||
main.cf/master.cf had been modified by the user.
|
||
Disadvantage: as postfix permanently needs basic changes
|
||
to both main and master.cf, SuSEconfig.postfix will frequently
|
||
generate .SuSEconfig files although the user did not change anything
|
||
Bugzilla ID#24432
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 21 10:04:48 CET 2003 - choeger@suse.de
|
||
|
||
- update to Postfix 2.0 Patch 04
|
||
- The format of maildir filenames is synchronized with the present
|
||
version of the maildir definition document. This format was already
|
||
adopted by the 20030126 snapshot release.
|
||
- The time limit on delivery to external commands was not enforced.
|
||
This was broken probably some time before the first public Postfix
|
||
release.
|
||
- Duplicate elimination after virtual alias expansion works again.
|
||
This was broken with the introduction of the original recipient
|
||
attribute.
|
||
- The local pickup daemon dropped incomplete records from local
|
||
submissions. This was broken somewhere in the middle of 2002.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 15 14:59:54 CET 2003 - choeger@suse.de
|
||
|
||
- Bugfix Bugzilla ID#23675: new service proxymap will not be
|
||
appended during update
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 10 16:25:39 CET 2003 - choeger@suse.de
|
||
|
||
- also check whether amavisd-postfix is installed and set up
|
||
filter section in master.cf
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 30 11:43:03 CET 2003 - choeger@suse.de
|
||
|
||
- update to Postfix 2.0 Patch 03
|
||
- Postfix 2.0 broke relocated table lookup results with mail not
|
||
rejected at the SMTP port, causing "User has moved to" text to be
|
||
deleted.
|
||
- A widely used maildir filename generating algorithm was broken.
|
||
This affects all Postfix versions with maildir support. Instead of
|
||
TIME.PID_COUNT.HOST Postfix now uses TIME.DEVICE_INODE.HOST.
|
||
- Postfix 2.0 gave incorrect FILTER_README instructions for sites
|
||
that wish to disable virtual alias mapping before the content
|
||
filter.
|
||
- postfix-lib64.patch code now integrated in postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 24 11:52:17 CET 2003 - choeger@suse.de
|
||
|
||
- changed SuSEconfig.postfix and smtpd.conf to use sasl2
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 23 13:07:17 CET 2003 - choeger@suse.de
|
||
|
||
- forgot to add tlsmgr to master.cf
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 23 11:43:24 CET 2003 - choeger@suse.de
|
||
|
||
- Hmmm, just noticed, that suddenly 2.0.0.x became 2.0.x
|
||
must have missed something...
|
||
- updated SuSE/master.cf (new proxymap service)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 16 10:21:27 CET 2003 - choeger@suse.de
|
||
|
||
- added POSTFIX_ADD_MESSAGE_SIZE_LIMIT as example to sysconfig.postfix
|
||
(Bugzilla ID#22907)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 14 12:51:56 CET 2003 - choeger@suse.de
|
||
|
||
- build using sasl2
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 10 13:24:43 CET 2003 - choeger@suse.de
|
||
|
||
- update to postfix v2 (version 2.0.0.2)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 11 11:44:51 CET 2002 - choeger@suse.de
|
||
|
||
- added sysconfig metadata to sysconfig templates
|
||
- updated to new tls extensions
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 29 13:16:42 CET 2002 - choeger@suse.de
|
||
|
||
- Bugfix Bugzilla ID#21865: don't copy directories into
|
||
directories when updating chroot jail in cpifnewer()
|
||
- Update to version 1.11, pl12
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 19 14:29:36 CET 2002 - choeger@suse.de
|
||
|
||
- new SuSEconfig.postfix features:
|
||
. SMTP-AUTH server
|
||
. SMTP-AUTH client
|
||
. TLS Server
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 5 15:08:43 CET 2002 - choeger@suse.de
|
||
|
||
- quote args of tr command
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 4 13:52:51 CET 2002 - choeger@suse.de
|
||
|
||
- new feature: POSTFIX_ADD_* command in sysconfig/postfix to
|
||
be able to add any regular postfix command via SuSEconfig
|
||
- Bugfix Bugzilla ID#21120 added POSTFIX_ADD_MAILBOX_SIZE_LIMIT
|
||
as example with value 0 (unlimited)
|
||
- added a header to main.cf explaining that many postfix
|
||
parameters have been added to the end of main.cf
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 15 11:27:46 CEST 2002 - choeger@suse.de
|
||
|
||
- Bugfix for Bugzilla ID#20754
|
||
missed some parameters when restoring main.cf or master.cf
|
||
from scratch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 9 20:34:03 CEST 2002 - choeger@suse.de
|
||
|
||
- NULLCLIENT did not work because SuSEconfig searches for the wrong
|
||
keyword
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 7 17:47:56 CEST 2002 - choeger@suse.de
|
||
|
||
- Bugfix related to Bugzilla IDs 20506, 18298, 19294:
|
||
masquerade_classes should not be extended by envelope_recipient
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 6 17:04:57 CEST 2002 - choeger@suse.de
|
||
|
||
- added ypbind to X-UnitedLinux-Should-Start in init-script
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 28 11:37:38 CEST 2002 - choeger@suse.de
|
||
|
||
- added restoration mechanism to restore master.cf and/or main.cf
|
||
if they got deleted by (intention or) accident to SuSEconfig.postfix
|
||
- added ldap to X-UnitedLinux-Should-Start
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 26 11:11:26 CEST 2002 - choeger@suse.de
|
||
|
||
- Bugfix Bugzilla ID#18298: when setting FROM_HEADER, also unqualified
|
||
envelope recipients should be qualified to FROM_HEADER, not to
|
||
myorigin, added envelope_recipient to masquerade_classes
|
||
- Bugfix Bugzilla ID#18297: %post touches main.cf and master.cf so it
|
||
may happen, that an update leaves .SuSEconfig files.
|
||
Remove /var/adm/SuSEconfig/md5/etc/postfix/main.cf and master.cf
|
||
in %post
|
||
- Bugfix Bugzilla ID#18301: sendmail and postfix have different
|
||
opinions on the usage of NULLCLIENT. Moved NULLCLIENT to
|
||
sysconfig.postfix.POSTFIX_NULLCLIENT
|
||
- added exim to Conflicts
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 22 09:47:51 CEST 2002 - choeger@suse.de
|
||
|
||
- wait for qmgr in the background for a maximum of 60 seconds
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 21 17:07:39 CEST 2002 - choeger@suse.de
|
||
|
||
- Bugfix for init-script:
|
||
wait for qmgr to be ready before calling postfix flush
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 14 15:59:04 CEST 2002 - choeger@suse.de
|
||
|
||
- added accidently removed line in master.cf for amavis,
|
||
Bugzilla ID#17732
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 13 10:08:47 CEST 2002 - choeger@suse.de
|
||
|
||
- exclude .rpmsave and .rpmorig from /etc/aliases.d expansion
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 7 11:55:55 CEST 2002 - choeger@suse.de
|
||
|
||
- added netcfg to Prereq (/etc/aliases)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 6 11:28:56 CEST 2002 - choeger@suse.de
|
||
|
||
- added pcre openldap2-client to prereq (Bugzilla ID#17447)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 5 16:38:49 CEST 2002 - choeger@suse.de
|
||
|
||
- completed Prereq
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 19 16:49:57 CEST 2002 - choeger@suse.de
|
||
|
||
- Bugfix for the handling of POSTFIX_MASQUERADE_DOMAIN
|
||
and FROM_HEADER
|
||
- removed main.cf from SuSE.tar.gz
|
||
- added X-UnitedLinux-Should-Start: cyrus to init-script
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 18 13:57:44 CEST 2002 - choeger@suse.de
|
||
|
||
- set local as default MDA again
|
||
reason: postfix does not execute any external programs like procmail
|
||
with uid 0, so root mails will go to /var/mail/nobody, which
|
||
will confuse people
|
||
- remove setting of SUSE_RELEASE version in the (E)SMTP banner
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 12 11:08:03 CEST 2002 - choeger@suse.de
|
||
|
||
- removed /etc/aliases from filelist, it's now in netcfg
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 11 14:16:25 CEST 2002 - choeger@suse.de
|
||
|
||
- removed 'q' flag from vscan transport definition, because
|
||
current amavis versions have a rfc2821_mailbox_addr function
|
||
- remove old aliases.db files in %post
|
||
- do not use unset in %post
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 8 15:14:00 CEST 2002 - choeger@suse.de
|
||
|
||
- make procmail the default MDA
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 5 17:11:03 CEST 2002 - choeger@suse.de
|
||
|
||
- use %{_lib} macro to detect platforms with lib64
|
||
directories
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 5 16:34:38 CEST 2002 - choeger@suse.de
|
||
|
||
- make chroot jail function lib64 aware
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 4 13:53:40 CEST 2002 - uli@suse.de
|
||
|
||
- fixed libnsl detection on lib64 systems
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 4 10:34:26 CEST 2002 - choeger@suse.de
|
||
|
||
- ldap_url_search_st is no longer available in OpenLDAP v2.1
|
||
added a patch, that uses ldap_url_parse
|
||
- added new feature POSTFIX_MDA, Bugzilla ID#16720
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 7 13:34:09 CEST 2002 - choeger@suse.de
|
||
|
||
- changed POSTFIX_BASIC_SPAM_PREVENTION. It can now be set to
|
||
either off(default), medium or hard
|
||
- cleaned up SuSEconfig.postfix
|
||
- prepared for /etc/aliases.d
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 5 18:09:16 CEST 2002 - choeger@suse.de
|
||
|
||
- new FEATURES: POSTFIX_RBL_HOSTS, POSTFIX_BASIC_SPAM_PREVENTION,
|
||
Bugzilla ID#16383
|
||
- moved sample-*.cf files to %{_docdir}/postfix/samples
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 5 11:14:29 CEST 2002 - choeger@suse.de
|
||
|
||
- update to patchlevel 11, version 1.1.11
|
||
- new FEATURE: POSTFIX_UPDATE_MAPS
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 24 13:39:05 CEST 2002 - choeger@suse.de
|
||
|
||
- update to patchlevel 10, version 1.1.10
|
||
- create required users and groups in %pre install
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 25 16:55:58 CEST 2002 - choeger@suse.de
|
||
|
||
- removed provides of my own packagename...
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 19 13:25:32 CEST 2002 - choeger@suse.de
|
||
|
||
- Bugfix for README.SuSE: POSTFIX_CREATECF is now
|
||
MAIL_CREATE_CONFIG
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 4 11:36:52 CEST 2002 - choeger@suse.de
|
||
|
||
- update to patchlevel 7, version 1.1.7
|
||
- introduced new feature POSTFIX_LAPTOP
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 26 15:21:18 CET 2002 - choeger@suse.de
|
||
|
||
- update to patchlevel 5, version 1.1.5
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 12 15:28:24 CET 2002 - choeger@suse.de
|
||
|
||
- Bugfix: don't check whether POSTFIX_MASQUERADE_DOMAIN is empty
|
||
or not, because else we won't be able to clear it.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 28 10:21:36 CET 2002 - choeger@suse.de
|
||
|
||
- added flags=q to amavis transport definition (link@suse.de):
|
||
[...]
|
||
If your postfix is older than snapshot 20010610, leave out the
|
||
"flags=q" part. However, amavis will not function properly with
|
||
envelope adresses that contain whitespace in the local-part.
|
||
This is quite rare, but has been observed a few times.
|
||
[...]
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 25 13:58:05 CET 2002 - choeger@suse.de
|
||
|
||
- update to version 1.1.4 (1.1, patchlevel 4)
|
||
Bugfix (excerpt from HISTORY):
|
||
..................................................................
|
||
off-by-one error, causing a null byte to be
|
||
written outside dynamically allocated memory in
|
||
the queue manager with addresses of exactly 100
|
||
bytes long, resulting in SIGSEGV on systems with
|
||
an "exact fit" malloc routine.
|
||
..................................................................
|
||
- added new option SMTPD_LISTEN_REMOTE to /etc/sysconfig/mail
|
||
which has been introduced by the SuSE dist-team (excerpt):
|
||
..................................................................
|
||
sendmail does have an option to listen only on the local port,
|
||
this should be the default.
|
||
A flag "SMTPD_LISTEN_REMOTE" in /etc/sysconfig/mail will be used
|
||
to decide if port 25 should be opened externally.
|
||
The sendmail package will send a mail to root explaining this
|
||
fact. sendmail updates will copy the value of START_SMTPD to this
|
||
new flag.
|
||
..................................................................
|
||
As this is a totally different behaviour compared to old releases,
|
||
SMTPD_LISTEN_REMOTE will be set to "yes", if POSTFIX_CREATECF
|
||
(now MAIL_CREATE_CONFIG) had been set to "yes" before the update.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 21 12:39:55 CET 2002 - choeger@suse.de
|
||
|
||
- fillup workaround
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 21 11:23:52 CET 2002 - choeger@suse.de
|
||
|
||
- hostname handling is still annoying
|
||
added some piece of code to SuSEconfig.postfix to
|
||
get a valid hostname
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 18 16:03:40 CET 2002 - choeger@suse.de
|
||
|
||
- %postinst cleanup:
|
||
. use rename_sysconfig_variable macro
|
||
. use remove_and_set macro
|
||
instead of directly calling fillup
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 13 17:27:37 CET 2002 - choeger@suse.de
|
||
|
||
- FQHOSTNAME has been removed from /etc/sysconfig/network/config
|
||
and is now set in /etc/HOSTNAME, which wasn't FQ in the past.
|
||
*Please, don't change it again*
|
||
- if POSTFIX_LOCALDOMAINS is set, do not append
|
||
"$myhostname, localhost.$mydomain" anymore
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 12 16:31:14 CET 2002 - choeger@suse.de
|
||
|
||
- Also take care of the localhost:10025 mailer definition when
|
||
setting up chroot options
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 11 09:27:47 CET 2002 - choeger@suse.de
|
||
|
||
- Do not set myorigin to FROM_HEADER
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 7 10:10:55 CET 2002 - choeger@suse.de
|
||
|
||
- Bugfix(SuSEconfig.postfix): typo in path to /etc/sysconfig/amavis
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 4 11:25:51 CET 2002 - choeger@suse.de
|
||
|
||
- SuSEconfig.postfix enhancement: get hostname from hostname -f
|
||
Bugfix: get FQHOSTNAME from /etc/sysconfig/network/config
|
||
- added -y to fillup_and_insserv to create startlinks
|
||
after installation
|
||
- changed company name to SuSE Linux AG in copyright headers
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 4 09:44:45 CET 2002 - choeger@suse.de
|
||
|
||
- update to postfix 1.1.3 and tls extensions 0.8.3
|
||
minor bugfixes
|
||
http://groups.yahoo.com/group/postfix-users/message/52953
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 1 20:37:27 CET 2002 - choeger@suse.de
|
||
|
||
- Bugfix: Forgot to assign a name to TMPDIR in SuSEconfig.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 1 11:43:17 CET 2002 - choeger@suse.de
|
||
|
||
- added resolve_local_panic.patch
|
||
http://groups.yahoo.com/group/postfix-users/message/52746
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 30 15:44:10 CET 2002 - choeger@suse.de
|
||
|
||
- update of tls extensions to 0.8.2
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 28 15:00:07 CET 2002 - choeger@suse.de
|
||
|
||
- update to version 1.1.2
|
||
- sysconfig.mail changes
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 22 12:08:43 CET 2002 - choeger@suse.de
|
||
|
||
- renamed cleanup.fillup to sysconfig.postfix.cleanup
|
||
- added postqueue patch, see
|
||
http://groups.yahoo.com/group/postfix-users/message/51611
|
||
for more details
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 21 14:56:39 CET 2002 - choeger@suse.de
|
||
|
||
- update to official release version 1.1.0
|
||
- moved some stuff to /etc/sysconfig/mail
|
||
- cleaned up /etc/rc.config access
|
||
- added some safety checks to SuSEconfig.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 16 16:58:53 CET 2002 - choeger@suse.de
|
||
|
||
- update to version 20020115 (release candidate for Postfix
|
||
official release version 1.1)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 15 16:20:13 CET 2002 - choeger@suse.de
|
||
|
||
- some improvements to SuSEconfig.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 11 17:52:25 CET 2002 - choeger@suse.de
|
||
|
||
- updated to version 20020107
|
||
- added postinstall section to update from previous versions
|
||
of postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 8 20:11:07 CET 2002 - egmont@suselinux.hu
|
||
|
||
- Changed /sbin/init.d to /etc/init.d in init script comment
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 7 15:01:16 CET 2002 - choeger@suse.de
|
||
|
||
- added sender_canonical_maps to SuSEconfig.postfix to let
|
||
the new YaST2 module setup this map similar to sendmails
|
||
genericstable
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 3 13:51:45 CET 2002 - kukuk@suse.de
|
||
|
||
- SuSEconfig.postfix shell script is no config file [Bug #12712]
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 19 15:26:20 CET 2001 - choeger@suse.de
|
||
|
||
- Made initscript more LSB compliant (status codes)
|
||
- Bugfix for Bugzilla ID#12672 (improve explanation
|
||
of POSTFIX_LOCALDOMAINS)
|
||
- robustness enhancement for SuSEconfig.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 14 15:42:31 CET 2001 - choeger@suse.de
|
||
|
||
- typo in specfile (master.cf installed as main.cf)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 13 11:25:44 CET 2001 - choeger@suse.de
|
||
|
||
- update to version 20011210
|
||
- some changes to SuSEconfig.postfix:
|
||
. added POSTFIX_UPDATE_CHROOT_JAIL variable, see README.SuSE
|
||
. some cleanups for chroot jail
|
||
. little bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 13 01:16:57 CET 2001 - ro@suse.de
|
||
|
||
- moved rc.config.d -> sysconfig
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 28 18:36:10 CET 2001 - choeger@suse.de
|
||
|
||
- update to version 20011127
|
||
- some changes to SuSEconfig.postfix:
|
||
. added more robustness (Jehova)
|
||
. do not chown -R postfix to /var/spool/postfix
|
||
. query for package cyrus-sasl instead of sasl
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 20 16:13:00 CET 2001 - choeger@suse.de
|
||
|
||
- update to version 20011115
|
||
Bugfix for a memory exhaustion bug in smtpd
|
||
see http://groups.yahoo.com/group/postfix-users/message/46597
|
||
- remove START_ variable
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 9 14:54:24 CET 2001 - choeger@suse.de
|
||
|
||
- some changes to specfile (thanks to Simon J Mudd from whom
|
||
I copied some code)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 6 15:19:18 CET 2001 - choeger@suse.de
|
||
|
||
- fix some SuSEconfig.postfix bugs:
|
||
. master.cf chroot column can also contain '-'
|
||
. don't do anything if POSTFIX_CREATECF != yes
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 26 13:11:17 CEST 2001 - choeger@suse.de
|
||
|
||
- update to most recent snapshot version 20011008
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 25 14:36:47 CEST 2001 - choeger@suse.de
|
||
|
||
- update to pl05
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 19 12:53:44 CEST 2001 - choeger@suse.de
|
||
|
||
- Bugfix, Bugzilla ID#11914
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 26 09:33:34 CEST 2001 - choeger@suse.de
|
||
|
||
- ALWAYS create master.cf, even is POSTFIX_CREATECF is set
|
||
to no, because else chroot mode may not work, Bugzilla ID#11359
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 13 14:34:06 CEST 2001 - choeger@suse.de
|
||
|
||
- removed an obsolete echo in start section of init-script
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 6 13:48:29 CEST 2001 - choeger@suse.de
|
||
|
||
- Bugfix in init-script: redirect output of postfix start
|
||
to dev/null and do not use startproc to start postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 4 18:09:43 CEST 2001 - choeger@suse.de
|
||
|
||
- update to tls-extensions v0.7.9
|
||
see http://groups.yahoo.com/group/postfix-users/message/41094
|
||
for details
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 31 13:54:02 CEST 2001 - choeger@suse.de
|
||
|
||
- update of tls-extensions to 0.7.8
|
||
- update of postfix to pl04
|
||
- Bugfix: - check if postfix spool is set up before starting postfix
|
||
- start postfix with postfix start, because postfix-script
|
||
wouldn't be executed, else.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 10 14:34:17 CEST 2001 - choeger@suse.de
|
||
|
||
- update of tls-extensions to 0.7.3
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 28 13:06:47 CEST 2001 - choeger@suse.de
|
||
|
||
- bugfix: remove libs from chroot jail, that are no longer
|
||
valid, Bugzilla ID#9133
|
||
- bugfix: init script was not LSB compliant, Bugzilla ID#9063
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 15 09:44:49 CEST 2001 - choeger@suse.de
|
||
|
||
- added cyrus to require start in init-script
|
||
- "bugfix": bootstrap problem cyrus-imapd <-> postfix:
|
||
cyrus-imapd must run before postfix, but fails to create
|
||
lmtp socket, because /var/spool/postfix/public directory
|
||
isn't present. FIX: add it to filelist
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 13 15:08:33 CEST 2001 - choeger@suse.de
|
||
|
||
- install postrop with special SGID modes
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 12 13:29:36 CEST 2001 - choeger@suse.de
|
||
|
||
- improved SuSEconfig.postfix
|
||
- better main.cf handling
|
||
- new feature: chroot or not chroot
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 28 09:36:49 CEST 2001 - choeger@suse.de
|
||
|
||
- major bugfix: memory leak in the LDAP client module
|
||
- minor bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 9 20:15:27 CEST 2001 - mfabian@suse.de
|
||
|
||
- bzip2 sources
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 2 09:44:29 CEST 2001 - choeger@suse.de
|
||
|
||
- updated to pl02, bugfixrelease
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 30 11:41:35 CEST 2001 - choeger@suse.de
|
||
|
||
- Bugfix for SuSEconfig.postfix:
|
||
Handling of TIMEZONE variable if set to unappropriate or no
|
||
value
|
||
- Improvement: Warnings are printed out in bold
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 17 16:28:41 CEST 2001 - kukuk@suse.de
|
||
|
||
- Don't use a RPM macro for version number
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 30 10:08:15 CEST 2001 - choeger@suse.de
|
||
|
||
- update to pl01, bugfixrelease
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 27 13:16:45 CEST 2001 - choeger@suse.de
|
||
|
||
- added libcrack to chroot jail, because
|
||
it is needed by pam_pwcheck
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 15 01:08:35 CET 2001 - ro@suse.de
|
||
|
||
- fixed neededforbuild for openldap
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 5 11:49:48 CET 2001 - choeger@suse.de
|
||
|
||
- first non-beta of the next postfix generation
|
||
- v20010228
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 27 11:22:24 CET 2001 - ro@suse.de
|
||
|
||
- added cyrus-sasl-devel to neededforbuild
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 27 09:51:56 CET 2001 - choeger@suse.de
|
||
|
||
- new version, 20010225
|
||
- removed notification message
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 20 14:16:30 CET 2001 - choeger@suse.de
|
||
|
||
- bugfix: wrong permissions for maildrop directory
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 31 10:53:04 CET 2001 - choeger@suse.de
|
||
|
||
- update to version 20010128
|
||
- now linked against ldaplib2
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 5 14:25:11 CET 2001 - choeger@suse.de
|
||
|
||
- bugfix: maildrop must be owned by postfix.root
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 18 14:47:53 CET 2000 - choeger@suse.de
|
||
|
||
- update to version 20001212
|
||
- bugfix: insserv
|
||
- bugfix: missed openssl in neededforbuilt
|
||
- renamed to postfix, because a non-crypto version
|
||
is no longer needed
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 13 15:52:43 CET 2000 - choeger@suse.de
|
||
|
||
- Bugfix: postfix-script was not executable
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 12 15:13:40 CET 2000 - choeger@suse.de
|
||
|
||
- Bugfixes:
|
||
Provides in initscript
|
||
Use /bin/bash in SuSEconfig.postfix
|
||
- Update to version 20001210
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 30 08:35:09 CET 2000 - ro@suse.de
|
||
|
||
- startscript sbin -> etc
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 23 09:55:37 CET 2000 - choeger@suse.de
|
||
|
||
- new version
|
||
- fix for neededforbuild
|
||
- fix for master.cf
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 22 13:06:54 CET 2000 - choeger@suse.de
|
||
|
||
- adopted to new init scheme
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 15 16:13:12 CET 2000 - choeger@suse.de
|
||
|
||
- fixed neededforbuild
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 14 15:19:40 CET 2000 - choeger@suse.de
|
||
|
||
- update to version 20001030
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 9 17:14:48 CET 2000 - choeger@suse.de
|
||
|
||
- long packagename
|
||
- added rpm buildroot
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 8 15:59:41 CET 2000 - uli@suse.de
|
||
|
||
- fixed neededforbuild
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 3 18:12:57 CET 2000 - bk@suse.de
|
||
|
||
- src/util/dict_ldap.c:dict_ldap_lookup(): fix missing **-termination.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 24 17:28:06 CEST 2000 - fober@suse.de
|
||
|
||
- s390,ppc: added -fsigned-char compiler option, to fix obscure segfaults.
|
||
(code is not signed/unsigned-char-clean)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 12 18:24:54 CEST 2000 - choeger@suse.de
|
||
|
||
- yet another SuSEconfig.postfix bug (incorrect link)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 11 16:47:35 CEST 2000 - choeger@suse.de
|
||
|
||
- bugfix for SuSEconfig.postfix
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 9 13:54:13 CEST 2000 - choeger@suse.de
|
||
|
||
- bugfix: missed to install new flush service
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 9 11:48:39 CEST 2000 - choeger@suse.de
|
||
|
||
- inititial revision of pfixtls
|