From b102dd3c5fb758ef4f3053732903c6798df0f2cae62be2b50e19ade000444e59 Mon Sep 17 00:00:00 2001 From: Peter Varkoly Date: Mon, 19 Aug 2024 05:01:05 +0000 Subject: [PATCH] - Remove rcpostfix symlink [jsc#PED-266] - postfix-script requires cmp - Remove rcpostfix symlink [jsc#PED-266] - postfix-script requires cmp OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=494 --- .gitattributes | 23 + .gitignore | 1 + _multibuild | 4 + check_mail_queue | 24 + fix-postfix-script.patch | 24 + ipv6_disabled.patch | 12 + pointer_to_literals.patch | 59 + postfix-3.9.0.tar.gz | 3 + postfix-3.9.0.tar.gz.asc | 7 + postfix-SUSE.tar.gz | 3 + ...-avoid-infinit-loop-if-no-permission.patch | 19 + postfix-bdb-main.cf.patch | 178 + postfix-bdb.changes | 5921 +++++++++++++++++ postfix-bdb.spec | 583 ++ postfix-linux45.patch | 19 + postfix-main.cf.patch | 218 + postfix-master.cf.patch | 129 + postfix-mysql.tar.bz2 | 3 + postfix-no-md5.patch | 26 + postfix-rpmlintrc | 4 + postfix-ssl-release-buffers.patch | 31 + postfix-user.conf | 6 + postfix-vda-v14-3.0.3.patch | 1385 ++++ postfix-vmail-user.conf | 2 + postfix.changes | 5921 +++++++++++++++++ postfix.keyring | 154 + postfix.spec | 641 ++ pre_checkin.sh | 8 + set-default-db-type.patch | 187 + 29 files changed, 15595 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 _multibuild create mode 100644 check_mail_queue create mode 100644 fix-postfix-script.patch create mode 100644 ipv6_disabled.patch create mode 100644 pointer_to_literals.patch create mode 100644 postfix-3.9.0.tar.gz create mode 100644 postfix-3.9.0.tar.gz.asc create mode 100644 postfix-SUSE.tar.gz create mode 100644 postfix-avoid-infinit-loop-if-no-permission.patch create mode 100644 postfix-bdb-main.cf.patch create mode 100644 postfix-bdb.changes create mode 100644 postfix-bdb.spec create mode 100644 postfix-linux45.patch create mode 100644 postfix-main.cf.patch create mode 100644 postfix-master.cf.patch create mode 100644 postfix-mysql.tar.bz2 create mode 100644 postfix-no-md5.patch create mode 100644 postfix-rpmlintrc create mode 100644 postfix-ssl-release-buffers.patch create mode 100644 postfix-user.conf create mode 100644 postfix-vda-v14-3.0.3.patch create mode 100644 postfix-vmail-user.conf create mode 100644 postfix.changes create mode 100644 postfix.keyring create mode 100644 postfix.spec create mode 100644 pre_checkin.sh create mode 100644 set-default-db-type.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..6b0fe6c --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + postfix-bdb + + diff --git a/check_mail_queue b/check_mail_queue new file mode 100644 index 0000000..a3cd9de --- /dev/null +++ b/check_mail_queue @@ -0,0 +1,24 @@ +#!/bin/bash + +nm() +{ + NM=$( /usr/bin/mailq 2> /dev/null | tail -1 | /usr/bin/gawk '{ print $5 }' ) + if [ "$NM" ] + then + return 0 + else + return 1 + fi +} + +test -e /var/run/check_mail_queue.pid && exit; +echo $$ > /var/run/check_mail_queue.pid +while( nm ) +do + /etc/init.d/postfix status || /etc/init.d/postfix start + sleep 10 + /usr/sbin/postfix flush +done +/etc/init.d/postfix status && /etc/init.d/postfix stop +rm /var/run/check_mail_queue.pid + diff --git a/fix-postfix-script.patch b/fix-postfix-script.patch new file mode 100644 index 0000000..cb767bc --- /dev/null +++ b/fix-postfix-script.patch @@ -0,0 +1,24 @@ +Index: conf/postfix-script +=================================================================== +--- conf/postfix-script.orig ++++ conf/postfix-script +@@ -311,10 +311,17 @@ check-warn) + } + todo=`echo "$todo" | tr ' ' '\12' | sort -u` + +- find $todo ! -user root \ ++ if find -L $config_directory/main.cf >/dev/null 2>&1 ++ then ++ FIND="find -L" ++ else ++ FIND=find ++ fi ++ ++ $FIND $todo ! -user root \ + -exec $WARN not owned by root: {} \; + +- find $todo \( -perm -020 -o -perm -002 \) \ ++ $FIND $todo \( -perm -020 -o -perm -002 \) \ + -exec $WARN group or other writable: {} \; + + # Check Postfix mail_owner-owned directory tree owner/permissions. diff --git a/ipv6_disabled.patch b/ipv6_disabled.patch new file mode 100644 index 0000000..cc3ac86 --- /dev/null +++ b/ipv6_disabled.patch @@ -0,0 +1,12 @@ +Index: src/util/inet_proto.c +=================================================================== +--- src/util/inet_proto.c.orig ++++ src/util/inet_proto.c +@@ -200,7 +200,6 @@ const INET_PROTO_INFO *inet_proto_init(c + if ((sock = socket(PF_INET6, SOCK_STREAM, 0)) >= 0) { + close(sock); + } else if (errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) { +- msg_warn("%s: disabling IPv6 name/address support: %m", context); + inet_proto_mask &= ~INET_PROTO_MASK_IPV6; + } else { + msg_fatal("socket: %m"); diff --git a/pointer_to_literals.patch b/pointer_to_literals.patch new file mode 100644 index 0000000..727f60a --- /dev/null +++ b/pointer_to_literals.patch @@ -0,0 +1,59 @@ +Index: src/cleanup/cleanup_message.c +=================================================================== +--- src/cleanup/cleanup_message.c.orig ++++ src/cleanup/cleanup_message.c +@@ -300,7 +300,7 @@ static const char *cleanup_act(CLEANUP_S + while (*optional_text && ISSPACE(*optional_text)) + optional_text++; + +-#define STREQUAL(x,y,l) (strncasecmp((x), (y), (l)) == 0 && (y)[l] == 0) ++inline int STREQUAL(const char *x, const char *y, size_t l) { return (strncasecmp((x), (y), (l)) == 0 && (y)[l] == 0); } + #define CLEANUP_ACT_DROP 0 + + /* +Index: src/local/local_expand.c +=================================================================== +--- src/local/local_expand.c.orig ++++ src/local/local_expand.c +@@ -115,7 +115,7 @@ static const char *local_expand_lookup(c + LOCAL_EXP *local = (LOCAL_EXP *) ptr; + static char rcpt_delim[2]; + +-#define STREQ(x,y) (*(x) == *(y) && strcmp((x), (y)) == 0) ++inline int STREQ(const char *x, const char *y) { return (*(x) == *(y) && strcmp((x), (y)) == 0); } + + if (STREQ(name, "user")) { + return (local->state->msg_attr.user); +Index: src/smtpd/smtpd_check.c +=================================================================== +--- src/smtpd/smtpd_check.c.orig ++++ src/smtpd/smtpd_check.c +@@ -384,6 +384,10 @@ static STRING_LIST *smtpd_acl_perm_log; + #define CONST_STR(x) ((const char *) vstring_str(x)) + #define UPDATE_STRING(ptr,val) { if (ptr) myfree(ptr); ptr = mystrdup(val); } + ++inline int STREQ(const char *x, const char *y) { return (*(x) == *(y) && strcmp((x), (y)) == 0); } ++inline int STREQUAL(const char *x, const char *y, size_t l) { return (strncasecmp((x), (y), (l)) == 0 && (y)[l] == 0); } ++inline int STREQN(const char *x, const char *y, size_t n) { return (*(x) == *(y) && strncmp((x), (y), (n)) == 0); } ++ + /* + * If some decision can't be made due to a temporary error, then change + * other decisions into deferrals. +@@ -2395,8 +2399,6 @@ static int check_table_result(SMTPD_STAT + if (msg_verbose) + msg_info("%s: %s %s %s", myname, table, value, datum); + +-#define STREQUAL(x,y,l) (strncasecmp((x), (y), (l)) == 0 && (y)[l] == 0) +- + /* + * DUNNO means skip this table. Silently ignore optional text. + */ +@@ -3483,8 +3485,6 @@ static const char *rbl_expand_lookup(con + SMTPD_RBL_EXPAND_CONTEXT *rbl_exp = (SMTPD_RBL_EXPAND_CONTEXT *) context; + SMTPD_STATE *state = rbl_exp->state; + +-#define STREQ(x,y) (*(x) == *(y) && strcmp((x), (y)) == 0) +- + if (state->expand_buf == 0) + state->expand_buf = vstring_alloc(10); + diff --git a/postfix-3.9.0.tar.gz b/postfix-3.9.0.tar.gz new file mode 100644 index 0000000..314468b --- /dev/null +++ b/postfix-3.9.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:56f5e420e7c25455a4e96c19b672f80f9a0a35fb5becc9247c9e3d5dcc617f34 +size 4953133 diff --git a/postfix-3.9.0.tar.gz.asc b/postfix-3.9.0.tar.gz.asc new file mode 100644 index 0000000..1d8b99b --- /dev/null +++ b/postfix-3.9.0.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.18 (FreeBSD) + +iFcDBQBl6JfdDAtZDoDKFacRCspDAP9CWwo61cuT1VgMaP+TrcP5izmrJSRxLMJN +ubLPqIcYZAD9FM/D0BP7oUAbxDEY5vF3qWiayCJehlEmspmTg+xeYG8= +=dY5B +-----END PGP SIGNATURE----- diff --git a/postfix-SUSE.tar.gz b/postfix-SUSE.tar.gz new file mode 100644 index 0000000..6bde860 --- /dev/null +++ b/postfix-SUSE.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fb9bded937e9869d8e5e06147364653526c6c2219e4259393d25f5f34215286d +size 25381 diff --git a/postfix-avoid-infinit-loop-if-no-permission.patch b/postfix-avoid-infinit-loop-if-no-permission.patch new file mode 100644 index 0000000..9554f48 --- /dev/null +++ b/postfix-avoid-infinit-loop-if-no-permission.patch @@ -0,0 +1,19 @@ +Index: src/global/mail_queue.c +=================================================================== +--- src/global/mail_queue.c.orig ++++ src/global/mail_queue.c +@@ -363,6 +363,14 @@ VSTREAM *mail_queue_enter(const char *qu + break; + if (errno == EEXIST || errno == EISDIR) + continue; ++ /* ++ * Avoid getting into an infinite loop when we don't have permission to ++ * read temp_path ++ */ ++ if (errno == EACCES) { ++ msg_fatal("%s: create file %s: no permission", myname, STR(temp_path)); ++ break; ++ } + msg_warn("%s: create file %s: %m", myname, STR(temp_path)); + sleep(10); + } diff --git a/postfix-bdb-main.cf.patch b/postfix-bdb-main.cf.patch new file mode 100644 index 0000000..5724ca5 --- /dev/null +++ b/postfix-bdb-main.cf.patch @@ -0,0 +1,178 @@ +Index: conf/main.cf +=================================================================== +--- conf/main.cf.orig ++++ conf/main.cf +@@ -576,6 +576,7 @@ unknown_local_recipient_reject_code = 55 + # + #smtpd_banner = $myhostname ESMTP $mail_name + #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) ++smtpd_banner = $myhostname ESMTP + + # PARALLEL DELIVERY TO THE SAME DESTINATION + # +@@ -682,4 +683,165 @@ sample_directory = + # readme_directory: The location of the Postfix README files. + # + readme_directory = ++ ++############################################################ ++# ++# before changing values manually consider editing ++# /etc/sysconfig/postfix ++# and run ++# config.postfix ++# ++# if you miss a feature of config.postfix then just send a ++# mail to chris@computersalat.de ++# patches for new feature(s) are also welcome :) ++# ++############################################################ ++ ++biff = no ++content_filter = ++delay_warning_time = 0h ++disable_dns_lookups = no ++disable_mime_output_conversion = no ++disable_vrfy_command = yes ++inet_interfaces = all + inet_protocols = ipv4 ++masquerade_classes = envelope_sender, header_sender, header_recipient ++masquerade_domains = ++masquerade_exceptions = ++mydestination = $myhostname, localhost.$mydomain, localhost ++myhostname = ++mynetworks_style = subnet ++relayhost = ++ ++alias_maps = ++canonical_maps = ++relocated_maps = ++sender_canonical_maps = ++transport_maps = ++mail_spool_directory = /var/mail ++message_strip_characters = ++defer_transports = ++mailbox_command = ++mailbox_transport = ++mailbox_size_limit = 0 ++message_size_limit = 0 ++strict_8bitmime = no ++strict_rfc821_envelopes = no ++smtpd_delay_reject = yes ++smtpd_helo_required = no ++ ++smtpd_client_restrictions = ++ ++smtpd_helo_restrictions = ++ ++smtpd_sender_restrictions = ++ ++smtpd_recipient_restrictions = ++ ++ ++###################################################################### ++# SMTP Smuggling (CVE-2023-51764) ++# no: allows SMTP smuggling ++# yes / normalize : ++# but allow local clients with non-standard SMTP implementations ++# such as netcat, fax machines, or load balancer health checks. ++# reject: ++# rejects a command or message that contains a bare newline ++###################################################################### ++smtpd_forbid_bare_newline = normalize ++smtpd_forbid_bare_newline_exclusions = $mynetworks ++#smtpd_forbid_bare_newline_reject_code = 521 ++ ++############################################################ ++# SASL stuff ++############################################################ ++smtp_sasl_auth_enable = no ++smtp_sasl_security_options = ++smtp_sasl_password_maps = ++smtpd_sasl_auth_enable = no ++# cyrus : smtpd_sasl_type = cyrus ++# smtpd_sasl_path = smtpd ++# dovecot : smtpd_sasl_type = dovecot ++# smtpd_sasl_path = private/auth ++smtpd_sasl_type = cyrus ++smtpd_sasl_path = smtpd ++############################################################ ++# TLS stuff ++############################################################ ++#tls_append_default_CA = no ++relay_clientcerts = ++#tls_random_source = dev:/dev/urandom ++ ++smtp_use_tls = no ++#smtp_tls_loglevel = 0 ++smtp_enforce_tls = no ++smtp_tls_security_level = ++smtp_tls_CAfile = ++smtp_tls_CApath = ++smtp_tls_cert_file = ++smtp_tls_key_file = ++#smtp_tls_policy_maps = hash:/etc/postfix/tls_policy ++#smtp_tls_session_cache_timeout = 3600s ++smtp_tls_session_cache_database = ++ ++smtpd_use_tls = no ++#smtpd_tls_loglevel = 0 ++smtpd_enforce_tls = no ++smtpd_tls_security_level = ++smtpd_tls_CAfile = ++smtpd_tls_CApath = ++smtpd_tls_cert_file = ++smtpd_tls_key_file = ++smtpd_tls_ask_ccert = no ++smtpd_tls_exclude_ciphers = RC4 ++smtpd_tls_received_header = no ++############################################################ ++# OpenDKIM ++############################################################ ++#smtpd_milters = unix:/run/opendkim/opendkim.sock ++#non_smtpd_milters = $smtpd_milters ++#milter_default_action = accept ++#milter_protocol = 2 ++############################################################ ++# Start MySQL from postfixwiki.org ++############################################################ ++relay_domains = $mydestination, hash:/etc/postfix/relay ++#relay_recipient_maps = hash:/etc/postfix/relay_recipients ++#virtual_alias_domains = ++#virtual_alias_maps = hash:/etc/postfix/virtual ++#virtual_uid_maps = static:303 ++#virtual_gid_maps = static:303 ++#virtual_minimum_uid = 303 ++#virtual_mailbox_base = /srv/maildirs ++#virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf ++#virtual_mailbox_limit = 0 ++#virtual_mailbox_limit_inbox = no ++#virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf ++## For dovecot LMTP replace 'virtual' with 'lmtp:unix:private/dovecot-lmtp' ++#virtual_transport = virtual ++## Additional for quota support ++#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf ++#virtual_mailbox_limit_override = yes ++### Needs Maildir++ compatible IMAP servers, like Courier-IMAP ++#virtual_maildir_filter = yes ++#virtual_maildir_filter_maps = hash:/etc/postfix/vfilter ++#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later. ++#virtual_maildir_limit_message_maps = hash:/etc/postfix/vmsg ++#virtual_overquota_bounce = yes ++#virtual_trash_count = yes ++#virtual_trash_name = ".Trash" ++############################################################ ++# End MySQL from postfixwiki.org ++############################################################ ++# Rewrite reject codes ++############################################################ ++#unknown_address_reject_code = 550 ++#unknown_client_reject_code = 550 ++#unknown_hostname_reject_code = 550 ++#unverified_recipient_reject_code = 550 ++#unverified_sender_reject_code = 550 ++#soft_bounce = yes ++############################################################ ++#debug_peer_list = example.com ++#debug_peer_level = 3 ++ diff --git a/postfix-bdb.changes b/postfix-bdb.changes new file mode 100644 index 0000000..1c37a4d --- /dev/null +++ b/postfix-bdb.changes @@ -0,0 +1,5921 @@ +------------------------------------------------------------------- +Fri Aug 9 08:48:52 UTC 2024 - Thorsten Kukuk + +- Remove rcpostfix symlink [jsc#PED-266] + +------------------------------------------------------------------- +Wed Aug 7 06:34:05 UTC 2024 - Thorsten Kukuk + +- postfix-script requires cmp + +------------------------------------------------------------------- +Thu Aug 1 08:36:10 UTC 2024 - Peter Varkoly + +- postfix gives warnings about deprecated parameters (bsc#1225397) + +------------------------------------------------------------------- +Tue Jun 18 18:15:47 UTC 2024 - chris@computersalat.de + +- fix for Invalid cross-device link + * failed to create hard link 'etc/localtime' => '/usr/share/zoneinfo/Etc/UTC' + +------------------------------------------------------------------- +Tue Jun 11 11:57:53 UTC 2024 - Adam Majer + +- Set built-in path values to suse values (bsc#1215689) + +------------------------------------------------------------------- +Mon May 20 20:45:06 UTC 2024 - chris@computersalat.de + +- Update update_chroot.systemd + * Add missing checks for DKIM (openDKIM) +- keep spec and changes files in sync + +------------------------------------------------------------------- +Fri May 17 11:42:53 UTC 2024 - Peter Varkoly + +- config.postfix needs updating (bsc#1224207) + * chkconfig -> systemctl + * Link Cyrus lmtp only if this exsists + * /usr/lib64/sasl2 does not need to exist + * Fetch timezone via readlink from /etc/localtime + +------------------------------------------------------------------- +Fri Apr 5 01:44:30 UTC 2024 - Georg Pfuetzenreuter + +- Move qshape(1) out of -doc, install it as a binary with the main package + +------------------------------------------------------------------- +Thu Mar 7 18:42:30 UTC 2024 - Arjen de Korte + +- update to 3.9.0 + * As described in DEPRECATION_README, the SMTP server features + "permit_naked_ip_address", "check_relay_domains", and + "reject_maps_rbl" have been removed, after they have been logging + a warning for some 20 years. These features now log a warning + and return a "server configuration error" response. + * The MySQL client no longer supports MySQL versions < 4.0. MySQL + version 4.0 was released in 2003. + * As covered in DEPRECATION_README, the configuration parameter + "disable_dns_lookup" and about a dozen TLS-related parameters + are now officially obsolete. These parameters still work, but + the postconf command logs warnings that they will be removed + from Postfix. + * As covered in DEPRECATION_README, "permit_mx_backup" logs a + warning that it will be removed from Postfix. + * In message headers, Postfix now formats numerical days as + two-digit days, i.e. days 1-9 have a leading zero instead of a + leading space. This change was made because the RFC 5322 date + and time specification recommends (i.e. SHOULD) that a single + space be used in each place that folding white space appears. + This change avoids a breaking change in the length of a date + string. + * The MySQL client default characterset is now configurable with + the "charset" configuration file attribute. The default is + "utf8mb4", consistent with the MySQL 8.0 built-in default, but + different from earlier MySQL versions where the built-in default + was "latin1". + * Support to query MongoDB databases, contributed by Hamid Maadani, + based on earlier code by Stephan Ferraro. See MONGODB_README + and mongodb_table(5) + * The RFC 3461 envelope ID is now exported in the local(8) delivery + agent with the ENVID environment variable, and in the pipe(8) + delivery agent with the ${envid} command-line attribute. + * Configurable idle and retry timer settings in the mysql: and + pgsql: clients. A shorter than default retry timer can sped up + the recovery after error, when Postfix is configured with only + one server in the "hosts" attribute. After the code was frozen + for release, we have learned that Postfix can recover faster + from some errors when the single server is specified multiple + times in the "hosts" attribute. + * Optional Postfix TLS support to request an RFC7250 raw public + key instead of an X.509 public-key certificate. The configuration + settings for raw key public support will be ignored when there + is no raw public key support in the local TLS implementation + (i.e. Postfix with OpenSSL versions before 3.2). See RELEASE_NOTES + for more information. + * Preliminary support for OpenSSL configuration files, primarily + OpenSSL 1.1.1b and later. This introduces two new parameters + "tls_config_file" and "tls_config_name", which can be used to + limit collateral damage from OS distributions that crank up + security to 11, increasing the number of plaintext email + deliveries. Details are in the postconf(5) manpage under + "tls_config_file" and "tls_config_name". + * With "smtpd_forbid_unauth_pipelining = yes" (the default), + Postfix defends against multiple "blind" SMTP attacks. This + feature was back-ported to older stable releases but disabled + by default. + * With "smtpd_forbid_bare_newline = normalize" (the default) + Postfix defends against SMTP smuggling attacks. See RELEASE_NOTES + for details. This feature was back-ported to older stable + releases but disabled by default. + * Prevent outbound SMTP smuggling, where an attacker uses Postfix + to send email containing a non-standard End-of-DATA sequence, + to exploit inbound SMTP smuggling at a vulnerable remote SMTP + server. With "cleanup_replace_stray_cr_lf = yes" (the default), + the cleanup daemon replaces each stray or character + in message content with a space character. This feature was + back-ported to older stable releases with identical functionality. + * The Postfix DNS client now limits the total size of DNS lookup + results to 100 records; it drops the excess records, and logs + a warning. This limit is 20x larger than the number of server + addresses that the Postfix SMTP client is willing to consider + when delivering mail, and is far below the number of records + that could cause a tail recursion crash in dns_rr_append() as + reported by Toshifumi Sakaguchi. This also introduces a similar + limit on the number of DNS requests that a check_*_*_access + restriction can make. All this was back-ported to older stable + releases with identical functionality. +- refreshed patch: + % postfix-no-md5.patch +- change obsoleted "disable_dns_lookups" to "smtp_dns_support_level" + % postfix-SUSE.tar.gz + % postfix-main.cf.patch + % postfix-master.cf.patch + +------------------------------------------------------------------- +Tue Mar 5 16:46:16 UTC 2024 - Arjen de Korte + +- update to 3.8.6 + * Bugfix (defect introduced: Postfix 2.3, date 20051222): the + Dovecot auth client did not reset the 'reason' from a previous + Dovecot auth service response, before parsing the next Dovecot + auth server response in the same SMTP session, resulting in a + nonsensical "authentication failed" warning message. Reported + by Stephan Bosch. + * Bugfix (defect introduced: Postfix 3.1, date: 20151128): + "postqueue -j" produced broken JSON when escaping a control + character as \uXXXX. Found during code maintenance. + * Cleanup: this fixes posttls-finger certificate match expectations + for all TLS security levels, including warnings for levels that + don't implement certificate matching. By Viktor Dukhovni. + * Bugfix (defect introduced: Postfix 2.3): after prepending a + header at the top of a message (with an access(5), header_checks(5) + or Milter action), the Postfix Milter "delete header" or "update + header" action was skipping the prepended header, instead of + skipping the Postfix-generated Received: header. Problem report + by Carlos Velasco. + * Workaround: tlsmgr logfile spam. Reportedly, some OS lies under + load: it says that a socket is readable, then it says that the + socket has unread data, and then it says that read returns EOF, + causing Postfix to spam the log with a warning message. + * Bugfix (defect introduced: Postfix 3.4): the SMTP server's BDAT + command handler could be tricked to read $message_size_limit + bytes into memory. Found during code maintenance. + * Safety: limit the total size of DNS lookup results to 100 + records; drop the excess records, and log a warning. This limit + is 20x larger than the number of server addresses that the + Postfix SMTP client is willing to consider when delivering mail, + and is far below the number of records that could cause a tail + recursion crash in dns_rr_append() as reported by Toshifumi + Sakaguchi. This fix also limits the number of DNS requests that + a check_*_*_access restriction can make. + * Performance, related to the previous problem: eliminate worst-case + behavior where the queue manager could defer delivery to all + destinations over a specific delivery transport, after only a + single delivery agent crash. The scheduler now throttles + deliveries to one destination, and allows other deliveries to + keep making progress. +- change to functioning mirror (http://cdn.postfix.johnriley.me/ + has been dead for a while although it is still listed upstream) +- make output of %setup less verbose by restoring -q option + +------------------------------------------------------------------- +Tue Mar 5 12:19:01 UTC 2024 - Peter Varkoly + +- %autosetup does not works with multiple -a. + https://github.com/rpm-software-management/rpm/issues/1204 + +------------------------------------------------------------------- +Thu Feb 29 14:40:38 UTC 2024 - Dominique Leuenberger + +- Use %autosetup macro. Allows to eliminate the usage of deprecated + %patchN. + +------------------------------------------------------------------- +Tue Jan 23 18:24:16 UTC 2024 - Arjen de Korte + +- update to 3.8.5 + * Security: this release improves support to defend against an email + spoofing attack (SMTP smuggling) on recipients at a Postfix server. + For background, see https://www.postfix.org/smtp-smuggling.html. + +------------------------------------------------------------------- +Sat Jan 6 22:41:09 UTC 2024 - chris@computersalat.de + +- rework fix for bsc#1192173: keep myhostname and mydestination + patched, but with upstream default to have them in correct place + when updated via config.postfix +- rework SMTP Smuggling defaults + * yes is now alias of 'normalize' + smtpd_forbid_bare_newline = normalize + * another new option is 'reject' wich should be used in connection + with + smtpd_forbid_bare_newline_reject_code = 521 +- rework patches + * postfix-bdb-main.cf.patch + * postfix-main.cf.patch +- rebase patches + * postfix-linux45.patch + * postfix-ssl-release-buffers.patch + * postfix-vda-v14-3.0.3.patch + * set-default-db-type.patch +- sync changes files + * add missing entries in postfix-bdb.changes + +------------------------------------------------------------------- +Thu Dec 28 07:57:23 UTC 2023 - Dirk Müller + +- update default configuration to enable the long-term fix for + bsc#1218304, bsc#1218314 CVE-2023-51764, SMTP smuggling attack: + * smtpd_forbid_bare_newline = yes + * smtpd_forbid_bare_newline_exclusions = $mynetworks + +------------------------------------------------------------------- +Fri Dec 22 17:57:57 UTC 2023 - Arjen de Korte + +- update to 3.8.4 (bsc#1218304, CVE-2023-51764): + * Security: this release adds support to defend + against an email spoofing attack (SMTP smuggling) on + recipients at a Postfix server. For background, see + https://www.postfix.org/smtp-smuggling.html + +------------------------------------------------------------------- +Fri Nov 3 14:55:20 UTC 2023 - Arjen de Korte + +- update to 3.8.3 + * Bugfix (defect introduced Postfix 2.5, date 20080104): the + Postfix SMTP server was waiting for a client command instead + of replying immediately, after a client certificate verification + error in TLS wrappermode. Reported by Andreas Kinzler. + * Usability: the Postfix SMTP server (finally) attempts to log + the SASL username after authentication failure. In Postfix + logging, this appends ", sasl_username=xxx" after the reason + for SASL authentication failure. The logging replaces an + unavailable reason with "(reason unavailable)", and replaces + an unavailable sasl_username with "(unavailable)". Based on + code by Jozsef Kadlecsik. + * Compatibility bugfix (defect introduced: Postfix 2.11, date + 20130405): in forward_path, the expression ${recipient_delimiter} + would expand to an empty string when a recipient address had + no recipient delimiter. The compatibility fix is to use a + configured recipient delimiter value instead. Reported by Tod + A. Sandman. + +------------------------------------------------------------------- +Mon Oct 23 07:43:31 UTC 2023 - Peter Varkoly + +- Syntax error in update_postmaps script (bsc#1216061) + +------------------------------------------------------------------- +Mon Sep 18 12:38:19 UTC 2023 - Peter Varkoly + +- postfix: config.postfix causes too tight permission on main.cf + (bsc#1215372) + +------------------------------------------------------------------- +Tue Aug 15 09:07:07 UTC 2023 - Peter Varkoly + +- CVE-2023-32182: postfix: config_postfix SUSE specific script + potentially bad /tmp file usage (bsc#1211196) + Use temp file created by mktemp + +------------------------------------------------------------------- +Tue Jun 6 18:37:03 UTC 2023 - Arjen de Korte + +- update to 3.8.1 + * Optional: harden a Postfix SMTP server against remote SMTP + clients that violate RFC 2920 (or 5321) command pipelining + constraints. With "smtpd_forbid_unauth_pipelining = yes", the + server disconnects a client immediately, after responding with + "554 5.5.0 Error: SMTP protocol synchronization" and after + logging "improper command pipelining" with the unexpected remote + SMTP client input. This feature is disabled by default in Postfix + 3.5-3.8 to avoid breaking home-grown utilities, but it is enabled + by default in Postfix 3.9. A similar feature is enabled by + default in the Exim SMTP server. + * Optional: some OS distributions crank up TLS security to 11, + and in doing so increase the number of plaintext email deliveries. + This introduces basic OpenSSL configuration file support that + may be used to override OS-level settings. + Details are in the postconf(5) manpage under tls_config_file + and tls_config_name. + * Bugfix (defect introduced: Postfix 1.0): the command "postconf + .. name=v1 .. name=v2 .." (multiple instances of the same + parameter name) created multiple main.cf name=value entries + with the same parameter name. It now logs a warning and skips + the earlier name(s) and value(s). Found during code maintenance. + * Bugfix (defect introduced: Postfix 3.3): the command "postconf + -M name1/type1='name2 type2 ...'" died with a segmentation + violation when the request matched multiple master.cf entries. + The master.cf file was not damaged. Problem reported by SATOH + Fumiyasu. + * Bugfix (defect introduced: Postfix 2.11): the command "postconf + -M name1/type1='name2 type2 ...'" could add a service definition + to master.cf that conflicted with an already existing service + definition. It now replaces all existing service definitions + that match the service pattern 'name1/type1' or the service + name and type in 'name2 type2 ...' with a single service + definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu. + * Bugfix (defect introduced: Postfix 3.8) the posttls-finger + command could access uninitialized memory when reconnecting. + This also fixes a malformed warning message when a destination + contains ":service" information. Reported by Thomas Korbar. + * Bugfix (defect introduced: Postfix 3.2): the MySQL client could + return "not found" instead of "error" (for example, resulting + in a 5XX SMTP status instead of 4XX) during the time that all + MySQL server connections were turned down after error. Found + during code maintenance. File: global/dict_mysql.c. This was + already fixed in Postfix 3.4-3.7. + +------------------------------------------------------------------- +Thu May 4 11:23:41 UTC 2023 - Dominique Leuenberger + +- Add _multibuild to define 2nd spec file as additional flavor. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Tue Apr 18 18:14:49 UTC 2023 - Arjen de Korte + +- update to 3.8.0 + * Support to look up DNS SRV records in the Postfix SMTP/LMTP + client, Based on code by Tomas Korbar (Red Hat). For example, + with "use_srv_lookup = submission" and "relayhost = + example.com:submission", the Postfix SMTP client will look up + DNS SRV records for _submission._tcp.example.com, and will relay + email through the hosts and ports that are specified with those + records. + * TLS obsolescence: Postfix now treats the "export" and "low" + cipher grade settings as "medium". The "export" and "low" grades + are no longer supported in OpenSSL 1.1.1, the minimum version + required in Postfix 3.6.0 and later. Also, Postfix default + settings now exclude deprecated or unused ciphers (SEED, IDEA, + 3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms + (DH, ECDH), and public key algorithm (DSS). + * Attack resistance: the Postfix SMTP server can now aggregate + smtpd_client_*_rate and smtpd_client_*_count statistics by + network block instead of by IP address, to raise the bar against + a memory exhaustion attack in the anvil(8) server; Postfix TLS + support unconditionally disables TLS renegotiation in the middle + of an SMTP connection, to avoid a CPU exhaustion attack. + * The PostgreSQL client encoding is now configurable with the + "encoding" Postfix configuration file attribute. The default + is "UTF8". Previously the encoding was hard-coded as "LATIN1", + which is not useful in the context of SMTP. + * The postconf command now warns for #comment in or after a Postfix + parameter value. Postfix programs do not support #comment after + other text, and treat that as input. +- rebase/refresh patches + * pointer_to_literals.patch + * postfix-linux45.patch + * postfix-master.cf.patch + * postfix-ssl-release-buffers.patch + * set-default-db-type.patch + +------------------------------------------------------------------- +Sat Feb 25 15:15:58 UTC 2023 - Otto Hollmann + +- update to 3.7.4 + * Workaround: with OpenSSL 3 and later always turn on + SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed + opportunities for TLS session reuse. This is safe because the SMTP protocol + implements application-level framing, and is therefore not affected by TLS + truncation attacks. + * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound + handles for digest implementations. In sufficiently hostile configurations, + Postfix could mistakenly believe that a digest algorithm is available, and + fail when it is not. A similar workaround may be needed for + EVP_get_cipherbyname(). + * Bugfix (bug introduced in Postfix 2.11): the checkok() macro in + tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate + the argument only if there was no prior error. + * Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation + violation when postscreen_dnsbl_threshold < 1. It should reject such input + with a fatal error instead. + * Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions. + * Portability: Linux 6 support. + * Added missing documentation that cidr:, pcre: and regexp: tables support + inline specification only in Postfix 3.7 and later. + * Rebased postfix-linux45.patch + +------------------------------------------------------------------- +Thu Feb 9 20:13:42 UTC 2023 - Peter Varkoly + +- SELinux: postfix denied to access /var/spool/postfix/pid/master.pid + (bsc#1207177) Apply proposed changes in postfix.service +- remove patch included into the source: + harden_postfix.service.patch + +------------------------------------------------------------------- +Wed Jan 25 13:30:52 UTC 2023 - Thorsten Kukuk + +- Disable NIS support on Factory (deprecated and will be removed) + +------------------------------------------------------------------- +Wed Jan 18 12:09:13 UTC 2023 - Hu + +- Fix SELinux labeling issue caused by /usr/sbin/config.postfix (bsc#1207227). + +------------------------------------------------------------------- +Mon Nov 14 15:05:42 UTC 2022 - Peter Varkoly + +- postfix default main.cf myhostname default causes conflict + (bsc#1192173) + Use the postfix build in defaults for myhostname and mydestination + +------------------------------------------------------------------- +Sun Oct 9 12:00:55 UTC 2022 - Michael Ströder + +- update to 3.7.3 + * Fixed a bug where some messages were not delivered after + "warning: Unexpected record type 'X'. (bsc#1213515) + * Workaround: in a TLS server disable Postfix's 1-element internal session + cache, to work around an OpenSSL 3.0 regression that broke TLS handshakes. + * Code health: the fix for milter_header_checks (3.7.1, 3.6.6, 3.5.16, 3.4.26) + introduced a missing msg_panic() argument (in code that never executes). + * Code health: Postfix 3.3.0 introduced an uninitialized verify_append() + request status in case of a null original recipient address. + * Postfix 3.5.0 introduced debug logging noise in map_search_create(). + +------------------------------------------------------------------- +Tue Sep 6 09:17:20 UTC 2022 - Ludwig Nussel + +- own /var/spool/mail (boo#1179574) + +------------------------------------------------------------------- +Thu Aug 4 19:09:34 UTC 2022 - chris@computersalat.de + +- use correct source signature file (gpg2) + +------------------------------------------------------------------- +Mon Jul 11 14:21:41 UTC 2022 - chris@computersalat.de + +- update to 3.7.2 + https://de.postfix.org/ftpmirror/official/postfix-3.7.2.RELEASE_NOTES +- rebase patches + * pointer_to_literals.patch + * postfix-linux45.patch + * postfix-main.cf.patch + * postfix-master.cf.patch + * postfix-no-md5.patch + * postfix-ssl-release-buffers.patch + * postfix-vda-v14-3.0.3.patch + * set-default-db-type.patch +- build against libpcre2 + +------------------------------------------------------------------- +Tue May 10 20:14:54 UTC 2022 - chris@computersalat.de + +- remove *.swp from postfix-SUSE.tar.gz + +------------------------------------------------------------------- +Tue May 3 20:16:49 UTC 2022 - chris@computersalat.de + +- fix config.postfix 'hash' leftover with relay_recipients +- update postfix-main.cf.patch about + * smtp_tls_security_level (obsoletes smtp_use_tls, smtp_enforce_tls) + * smtpd_tls_security_level (obsoletes smtpd_use_tls, smtpd_enforce_tls) +- rebase/refresh patches + * harden_postfix.service.patch + * postfix-avoid-infinit-loop-if-no-permission.patch + * postfix-master.cf.patch + * postfix-vda-v14-3.0.3.patch + * set-default-db-type.patch + +------------------------------------------------------------------- +Mon May 2 07:27:19 UTC 2022 - Dominique Leuenberger + +- Change ed requires to /usr/bin/ed: allow busybox-ed to be used + inside containers. + +------------------------------------------------------------------- +Mon Apr 25 13:59:17 UTC 2022 - Marcus Rueckert + +- add missing requires for config.postfix and the postfix + postinstall script: perl and ed + +------------------------------------------------------------------- +Mon Apr 18 19:59:01 UTC 2022 - Michael Ströder + +- update to 3.6.6 + * (problem introduced: Postfix 2.7) The milter_header_checks maps + are now opened before the cleanup(8) server enters the chroot + jail. + * In an internal client module, "host or service not found" was + a fatal error, causing the milter_default_action setting to be + ignored. It is now a non-fatal error, just like a failure to + connect. + * The proxy_read_maps default value was missing up to 27 parameter + names. The corresponding lookup tables were not automatically + authorized for use with the proxymap(8) service. The parameter + names were ending in _checks, _reply_footer, _reply_filter, + _command_filter, and _delivery_status_filter. + * (problem introduced: Postfix 3.0) With dynamic map loading + enabled, an attempt to create a map with "postmap regexp:path" + would result in a bogus error message "Is the postfix-regexp + package installed?" instead of "unsupported map type for this + operation". This happened with all non-dynamic map types (static, + cidr, etc.) that have no 'bulk create' support. + +------------------------------------------------------------------- +Mon Apr 4 09:01:56 UTC 2022 - Peter Varkoly + +- config.postfix fails to set smtp_tls_security_level + (bsc#1192314) + +------------------------------------------------------------------- +Tue Mar 29 10:12:29 UTC 2022 - Илья Индиго + +- Refreshed spec-file via spec-cleaner and manual optimizated. + * Added -p flag to all install commands. + * Removed -f flag from all ln commands. +- Changed file harden_postfix.service.patch (boo#1191988). + +------------------------------------------------------------------- +Fri Mar 18 20:29:34 UTC 2022 - Michael Ströder + +- update to 3.6.5 + * Glibc 2.34 implements closefrom(). This was causing a conflict + with Postfix's implementation for systems that have no closefrom() + implementation. + * Support for Berkeley DB version 18. +- removed obsolete postfix-3.6.2-glibc-234-build-fix.patch + +------------------------------------------------------------------- +Mon Mar 14 09:52:48 UTC 2022 - Peter Varkoly + +- Postfix on start don't run postalias /etc/postfix/aliases + (error open database /etc/postfix/aliases.lmdb). (bsc#1197041) + Apply proposed patch + +------------------------------------------------------------------- +Wed Feb 9 09:22:41 UTC 2022 - Peter Varkoly + +- config.postfix can't handle symlink'd /etc/resolv.cof + (bsc#1195019) + Adapt proposed change: using "cp -afL" by copying. + +------------------------------------------------------------------- +Tue Jan 18 23:32:41 UTC 2022 - Michael Ströder + +- Update to 3.6.4 + * Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient + entries in postconf output. This was caused by an incomplete + fix to send SMTP session transcripts to $bounce_notice_recipient. + * Bug introduced in Postfix 3.0: the proxymap daemon did not + automatically authorize proxied maps inside pipemap (example: + pipemap:{proxy:maptype:mapname, ...}) or inside unionmap. + * Bug introduced in Postfix 2.5: off-by-one error while writing + a string terminator. This code passed all memory corruption + tests, presumably because it wrote over an alignment padding + byte, or over an adjacent character byte that was never read. + * The proxymap daemon did not automatically authorize map features + added after Postfix 3.3, caused by missing *_maps parameter + names in the proxy_read_maps default value. Found during code + maintenance. + +------------------------------------------------------------------- +Mon Nov 8 10:26:56 UTC 2021 - Michael Ströder + +- Update to 3.6.3 + * (problem introduced in Postfix 2.4, released in 2007): queue + file corruption after a Milter (for example, MIMEDefang) made + a request to replace the message body with a copy of that message + body plus additional text (for example, a SpamAssassin report). + * (problem introduced in Postfix 2.10, released in 2012): The + postconf "-x" option could produce incorrect output, because + multiple functions were implicitly sharing a buffer for + intermediate results. Problem report by raf, root cause analysis + by Viktor Dukhovni. + * (problem introduced in Postfix 2.11, released in 2013): The + check_ccert_access feature worked as expected, but produced a + spurious warning when Postfix was built without SASL support. + Fix by Brad Barden. + * Fix for a compiler warning due to a missing 'const' qualifier + when compiling Postfix with OpenSSL 3. Depending on compiler + settings this could cause the build to fail. + * The known_tcp_ports settings had no effect. It also wasn't fully + implemented. Problem report by Peter. + * Fix for missing space between a hostname and warning text. + +------------------------------------------------------------------- +Fri Oct 22 09:45:40 UTC 2021 - Dirk Stoecker + +- Ensure postfix can write to home directory or server side + filtering wont work (sieve) + +------------------------------------------------------------------- +Fri Oct 22 08:46:19 UTC 2021 - Johannes Segitz + +- Ensure service can write to /etc/postfix + +------------------------------------------------------------------- +Thu Oct 21 15:39:55 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service (bsc#1181400). Added + harden_postfix.service.patch + +------------------------------------------------------------------- +Thu Oct 7 08:03:40 UTC 2021 - Peter Varkoly + +- config.postfix not updatet after lmdb switch + (bsc#1190945) + Adapt config.postfix + +------------------------------------------------------------------- +Thu Aug 26 13:59:42 UTC 2021 - Peter Varkoly + +- postfix master.cf: to include "submissions" service + (bsc#1189684) + Adapt master.cf patch + +------------------------------------------------------------------- +Tue Aug 24 09:55:42 UTC 2021 - Peter Varkoly + +- postfix fails with glibc 2.34 + Define HAS_CLOSEFROM + (bsc#1189101) + add patch + - postfix-3.6.2-glibc-234-build-fix.patch + +------------------------------------------------------------------- +Thu Aug 5 19:09:36 UTC 2021 - chris@computersalat.de + +- fix config.postfix (follow up of bsc#1188477) + +------------------------------------------------------------------- +Mon Jul 26 19:59:12 UTC 2021 - Peter Varkoly + +- Syntax error in config.postfix + (bsc#1188477) + +------------------------------------------------------------------- +Sun Jul 25 23:22:23 UTC 2021 - Michael Ströder + +- Update to 3.6.2 + * In Postfix 3.6, fixed a false "Result too large" (ERANGE) fatal + error in the compatibility_level parser, because there was no + 'errno = 0' statement before an strtol() call. + * (problem introduced in Postfix 3.3) "Null pointer read" error + in the cleanup daemon when "header_from_format = standard" (the + default as of Postfix 3.3), and email was submitted with + /usr/sbin/sendmail without From: header, and an all-space full + name was specified in 1) the password file, 2) with "sendmail + -F", or 3) with the NAME environment variable. Found by Renaud + Metrich. + * (problem introduced in Postfix 2.4) False "too many reverse + jump" warnings in the showq daemon, because loop detection code + was comparing memory addresses instead of queue file names. + Reported by Mehmet Avcioglu. + * (problem introduced in 1999) The Postfix SMTP server was sending + all session transcripts to the error_notice_recipient (default: + postmaster), instead of sending transcripts of bounced mail to + the bounce_notice_recipient (default: postmaster). Reported by + Hans van Zijst. + * The texthash: map implementation broke tls_server_sni_maps, + because it did not support multi-file inputs. Reported by + Christopher Gurnee, who also found an instance of the missing + code in the "postmap -F" source code. File: util/dict_thash.c. + +------------------------------------------------------------------- +Wed Jul 14 14:37:24 UTC 2021 - Peter Varkoly + +- spamd wants to start before mail-transfer-agent.target, but that target doesn't exist + (bsc#1066854) + +------------------------------------------------------------------- +Tue Jul 6 22:23:17 UTC 2021 - Christian Wittmer + +- postfix-SUSE + * rework sysconfig.postfix, add + - POSTFIX_WITH_DKIM + - POSTFIX_DKIM_CONN + * rework config.postfix for main.cf + - with_dkim +- update postfix-main.cf.patch + * add OpenDKIM settings + +------------------------------------------------------------------- +Wed Jun 23 22:28:52 UTC 2021 - Christian Wittmer + +- postfix-mysql + * add mysql_relay_recipient_maps.cf +- postfix-SUSE + * rework sysconfig.postfix, add + - POSTFIX_RELAY_RECIPIENTS + - POSTFIX_BACKUPMX + * add relay_recipients + * rework config.postfix for main.cf + - is_backupmx + - relay_recipient_maps + +------------------------------------------------------------------- +Fri Jun 18 17:11:05 UTC 2021 - Callum Farmer + +- Add now working CONFIG parameter to sysusers generator +- Remove unnecessary group line from postfix-vmail-user.conf + +------------------------------------------------------------------- +Mon Jun 14 15:46:54 UTC 2021 - Michael Ströder + +- Update to 3.6.1 + * Bugfix (introduced: Postfix 2.11): the command "postmap + lmdb:/file/name" (create LMDB database from textfile) handled + duplicate input keys ungracefully, discarding entries stored + up to and including the duplicate key, and causing a double + free() call with lmdb versions 0.9.17 and later. Reported by + Adi Prasaja; double free() root cause analysis by Howard Chu. + * Typo (introduced: Postfix 3.4): silent_discard should be + silent-discard in BDAT_README. + +------------------------------------------------------------------- +Sun Jun 6 12:51:35 UTC 2021 - Christian Wittmer + +- fix postfix-master.cf.patch + * set correct indentation (again) for options of + - submission (needs 3 spaces) + - smtps (needs 4 spaces) + to make config.postfix work nicely again + +------------------------------------------------------------------- +Wed Jun 2 00:26:36 UTC 2021 - Marcus Rueckert + +- Update to 3.6.0 + - Major changes - internal protocol identification + Internal protocols have changed. You need to "postfix stop" + before updating, or before backing out to an earlier release, + otherwise long-running daemons (pickup, qmgr, verify, tlsproxy, + postscreen) may fail to communicate with the rest of Postfix, + causing mail delivery delays until Postfix is restarted. + For more see /usr/share/doc/packages/postfix/RELEASE_NOTES +- refreshed patches to apply cleanly again: + fix-postfix-script.patch + ipv6_disabled.patch + pointer_to_literals.patch + postfix-linux45.patch + postfix-main.cf.patch + postfix-master.cf.patch + postfix-no-md5.patch + postfix-ssl-release-buffers.patch + postfix-vda-v14-3.0.3.patch + set-default-db-type.patch + +------------------------------------------------------------------- +Tue Jun 1 10:47:29 UTC 2021 - Peter Varkoly + +- (bsc#1186669) - postfix.service has "Requires=var-run.mount" + Remove bad requirements + +------------------------------------------------------------------- +Mon Apr 12 09:00:22 UTC 2021 - Michael Ströder + +- Update to 3.5.10 with security fixes: + * Missing null pointer checks (introduced in Postfix 3.4) after + an internal I/O error during the smtp(8) to tlsproxy(8) handshake. + Found by Coverity, reported by Jaroslav Skarvada. Based on a + fix by Viktor Dukhovni. + * Null pointer bug (introduced in Postfix 3.0) and memory leak + (introduced in Postfix 3.4) after an inline: table syntax error + in main.cf or master.cf. Found by Coverity, reported by Jaroslav + Skarvada. Based on a fix by Viktor Dukhovni. + * Incomplete null pointer check (introduced: Postfix 2.10) after + truncated HaProxy version 1 handshake message. Found by Coverity, + reported by Jaroslav Skarvada. Fix by Viktor Dukhovni. + * Missing null pointer check (introduced: Postfix alpha) after + null argv[0] value. + +------------------------------------------------------------------- +Wed Mar 10 15:12:11 UTC 2021 - Peter Varkoly + +- (bsc#1183305) - config.postfix uses db as suffix for postmaps + Depending on DEF_DB_TYPE uses lmdb or db + +------------------------------------------------------------------- +Fri Mar 5 13:22:42 UTC 2021 - Peter Varkoly + +- (bsc#1182833) - /usr/share/fillup-templates/sysconfig.postfix + still refers to /etc/services + Use getent to detect if smtps is already defined. + +------------------------------------------------------------------- +Fri Feb 5 17:51:49 UTC 2021 - Peter Varkoly + +- (bsc#1180473) [Build 20201230] postfix has invalid default config + (bsc#1181381) [Build 130.3] openQA test fails in mta, mutt - + postfix broken: "queue file write error" and "error: unsupported + dictionary type: hash" + Export DEF_DB_TYPE before starting the perl script. + +------------------------------------------------------------------- +Wed Jan 27 15:14:50 UTC 2021 - Peter Varkoly + +- bsc#1180473 - [Build 20201230] postfix has invalid default config + Fixing config.postfix and sysconfig.postfix + +------------------------------------------------------------------- +Mon Jan 25 10:28:26 UTC 2021 - Paolo Stivanin + +- Update to 3.5.9 + * improves the reporting of DNSSEC problems that may affect + DANE security + +------------------------------------------------------------------- +Thu Jan 7 12:26:08 UTC 2021 - Arjen de Korte + +- Only do the conversion from the hash/btree databases to lmdb when + the default database type changes from hash to lmdb and do not + stop and start the service (the old compiled databases can live + together with the new ones) + - convert-bdb-to-lmdb.sh +- Clean up the specfile + * Remove < 1330 conditional builds + * Use generated postfix-files instead of the obsolete one from + postfix-SUSE.tar.gz + * Use dynamicmaps.cf.d instead of modifying dynamicmaps.cf upon + (de)installation of optional mysql, pgsql and ldap subpackages + * Use default location for post-install, postfix-tls-script, + postfix-wrapper and postmulti-script + +------------------------------------------------------------------- +Mon Jan 4 12:17:03 UTC 2021 - Peter Varkoly + +- Set lmdb to be the default db. +- Convert btree tables to lmdb too. Stop postfix before converting from + bdb to lmdb +- This package is without bdb support. That's why convert must be done + without any suse release condition. + o remove patch postfix-no-btree.patch + o add set-default-db-type.patch + +------------------------------------------------------------------- +Fri Dec 25 20:32:04 UTC 2020 - Arjen de Korte + +- Set database type for address_verify_map and postscreen_cache_map + to lmdb (btree requires Berkeley DB) + o add postfix-no-btree.patch + +------------------------------------------------------------------- +Fri Dec 25 10:28:30 UTC 2020 - Arjen de Korte + +- Set default database type to lmdb and fix update_postmaps script + +------------------------------------------------------------------- +Thu Dec 24 14:09:32 UTC 2020 - Arjen de Korte + +- Use variable substition instead of sed to remove .db suffix and + substitute hash: for lmdb: in /etc/postfix/master.cf as well. + Check before substitution if there is something to do (to keep + rpmcheck happy). + +------------------------------------------------------------------- +Tue Dec 8 13:36:35 UTC 2020 - Peter Varkoly + +- bsc#1176650 L3: What is regularly triggering the "fillup" + command and changing modify-time of /etc/sysconfig/postfix? + o Remove miss placed fillup_only call from %verifyscript + +------------------------------------------------------------------- +Thu Nov 26 15:30:10 UTC 2020 - Peter Varkoly + +- Remove Berkeley DB dependency (JIRA#SLE-12191) + The pacakges postfix is build without Berkely DB support. + lmdb will be used instead of BDB. + The pacakges postfix-bdb is build with Berkely DB support. + o add patch for main.cf for postfix-bdb package + postfix-bdb-main.cf.patch + +------------------------------------------------------------------- +Sun Nov 8 20:59:23 UTC 2020 - Michael Ströder + +- Update to 3.5.8 + * The Postfix SMTP client inserted into message headers longer + than $line_length_limit (default: 2048), causing all subsequent header + content to become message body content. + * The postscreen daemon did not save a copy of the + postscreen_dnsbl_reply_map lookup result. This has no effect when the + recommended texthash: look table is used, but it could result in stale + data with other lookup tables. + * After deleting a recipient with a Milter, the Postfix recipient + duplicate filter was not updated; the filter suppressed requests + to add the recipient back. + * Memory leak: the static: maps did not free their casefolding buffer. + * With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a + TLS handshake, after processing an XCLIENT command. + * The smtp_sasl_mechanism_filter implementation ignored table lookup + errors, treating them as 'not found'. + * The code that looks for Delivered-To: headers ignored headers longer + than $line_length_limit (default: 2048). + +------------------------------------------------------------------- +Mon Aug 31 13:38:04 UTC 2020 - Michael Ströder + +- Update to 3.5.7 + * Fixed random certificate verification failures with + "smtp_tls_connection_reuse = yes", because tlsproxy(8) was using + the wrong global TLS context for connections that use DANE or + non-DANE trust anchors. + +------------------------------------------------------------------- +Tue Aug 25 13:54:40 UTC 2020 - Thorsten Kukuk + +- Move ldap into an own sub-package like all other databases +- Move manual pages to correct sub-package + +------------------------------------------------------------------- +Fri Aug 21 08:44:22 UTC 2020 - Thorsten Kukuk + +- Use sysusers.d to create system accounts +- Remove wrong %config for systemd directory content + +------------------------------------------------------------------- +Sun Aug 9 06:55:01 UTC 2020 - Arjen de Korte + +- Use the correct signature file for source verification +- Rename postfix-3.5.6.tar.gz.sig to postfix-3.5.6.tar.gz.asc (to + prevent confusion, as the signature file from upstream with .sig + extension is incompatible with the build service) + +------------------------------------------------------------------- +Sun Jul 26 21:22:39 UTC 2020 - Michael Ströder + +- Update to 3.5.6 with following fixes: + * Workaround for unexpected TLS interoperability problems when Postfix + runs on OS distributions with system-wide OpenSSL configurations. + * Memory leaks in the Postfix TLS library, the largest one + involving multiple kBytes per peer certificate. + +------------------------------------------------------------------- +Thu Jul 16 20:42:19 UTC 2020 - Arjen de Korte + +- Add source verification (add postfix.keyring) + +------------------------------------------------------------------- +Fri Jul 3 14:06:53 UTC 2020 - Thorsten Kukuk + +- Use systemd_ordering instead of systemd_require. +- Move /etc/postfix/system to /usr/lib/postfix/systemd [bsc#1173688] +- Drop /var/adm/SuSEconfig from %post, it does nothing. +- Rename postfix-SuSE to postfix-SUSE +- Delete postfix-SUSE/README.SuSE, company name spelled wrong, + completly outdated and not used. +- Delete postfix-SUSE/SPAMASSASSIN+POSTFIX.SuSE, company name + spelled wrong, outdated and not used. +- sysconfig.mail-postfix: Fix description of MAIL_CREATE_CONFIG, + SuSEconfig is gone since ages. +- update_chroot.systemd: Remove advice to run SuSEconfig. +- Remove rc.postfix, not used, outdated. +- mkpostfixcert: Remove advice to run SuSEconfig. + +------------------------------------------------------------------- +Mon Jun 29 18:44:13 UTC 2020 - Michael Ströder + +- Update to 3.5.4: + * The connection_reuse attribute in smtp_tls_policy_maps always + resulted in an "invalid attribute name" error. + * SMTP over TLS connection reuse always failed for Postfix SMTP + client configurations that specify explicit trust anchors (remote + SMTP server certificates or public keys). + * The Postfix SMTP client's DANE implementation would always send + an SNI option with the name in a destination's MX record, even + if the MX record pointed to a CNAME record. MX records that + point to CNAME records are not conformant with RFC5321, and so + are rare. + Based on the DANE survey of ~2 million hosts it was found that + with the corrected SMTP client behavior, sending SNI with the + CNAME-expanded name, the SMTP server would not send a different + certificate. This fix should therefore be safe. + +------------------------------------------------------------------- +Mon Jun 15 16:09:57 UTC 2020 - Michael Ströder + +- Update to 3.5.3: + * TLS handshake failure in the Postfix SMTP server during SNI + processing, after the server-side TLS engine sent a TLSv1.3 + HelloRetryRequest (HRR) to a remote SMTP client. + * The command "postfix tls deploy-server-cert" did not handle a + missing optional argument. This bug was introduced in Postfix + 3.1. + +------------------------------------------------------------------- +Sun May 17 19:57:57 UTC 2020 - Michael Ströder + +- Update to 3.5.2: + * A TLS error for a database client caused a false 'lost connection' + error for an SMTP over TLS session in the same Postfix process. + This bug was introduced with Postfix 2.2. + * The same bug existed in the tlsproxy(8) daemon, where a TLS + error for one TLS session could cause a false 'lost connection' + error for a concurrent TLS session in the same process. This + bug was introduced with Postfix 2.8. + * The Postfix build now disables DANE support on Linux systems + with libc-musl such as Alpine, because libc-musl provides no + indication whether DNS responses are authentic. This broke DANE + support without a clear explanation. + * Due to implementation changes in the ICU library, some Postfix + daemons reported file access errrors (U_FILE_ACCESS_ERROR) after + chroot(). This was fixed by initializing the ICU library before + making the chroot() call. + * Minor code changes to silence a compiler that special-cases + string literals. + * Segfault (null pointer) in the tlsproxy(8) client role when the + server role was disabled. This typically happened on systems + that do not receive mail, after configuring connection reuse + for outbound SMTP over TLS. + * The date portion of the maillog_file_rotate_suffix default value + used the minute (%M) instead of the month (%m). + +------------------------------------------------------------------- +Mon May 11 20:07:40 UTC 2020 - Arjen de Korte + +- boo#1106004 fix incorrect locations for files in postfix-files + +------------------------------------------------------------------- +Sun Apr 19 10:22:12 UTC 2020 - Michael Ströder + +- Dropped deprecated-RES_INSECURE1.patch to make DNSSEC-secured + lookups and DANE mail transport work again +- Update to 3.5.1: + * Support for the haproxy v2 protocol. The Postfix implementation + supports TCP over IPv4 and IPv6, as well as non-proxied + connections; the latter are typically used for heartbeat tests. + * Support to force-expire email messages. This introduces new + postsuper(1) command-line options to request expiration, and + additional information in mailq(1) or postqueue(1) output. + * The Postfix SMTP and LMTP client support a list of nexthop + destinations separated by comma or whitespace. These destinations + will be tried in the specified order. + * Incompatible changes: + * Logging: Postfix daemon processes now log the from= and to= + addresses in external (quoted) form in non-debug logging (info, + warning, etc.). This means that when an address localpart + contains spaces or other special characters, the localpart will + be quoted, for example: + from=<"name with spaces"@example.com> + Specify "info_log_address_format = internal" for backwards compatibility. + * Postfix now normalizes IP addresses received with XCLIENT, + XFORWARD, or with the HaProxy protocol, for consistency with + direct connections to Postfix. This may change the appearance + of logging, and the way that check_client_access will match + subnets of an IPv6 address. + +------------------------------------------------------------------- +Fri Mar 13 14:29:32 UTC 2020 - Michael Ströder + +- Update to 3.4.10: + * Bug (introduced: Postfix 2.3): Postfix Milter client state + was not properly reset after one Milter in a multi-Milter + configuration failed during MAIL FROM, resulting in a Postfix + Milter client panic during the next MAIL FROM command in the + same SMTP session. + +------------------------------------------------------------------- +Fri Feb 7 17:07:39 UTC 2020 - Peter Varkoly + +- bsc#1162891 server:mail/postfix: cond_slp bug on TW after + moving /etc/services to /usr/etc/services + +------------------------------------------------------------------- +Wed Feb 5 12:27:07 UTC 2020 - Peter Varkoly + +- bsc#1160413 postfix fails with -fno-common + +------------------------------------------------------------------- +Mon Feb 3 12:31:48 UTC 2020 - Michael Ströder + +- Update to 3.4.9: + * Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were + broken while adding support for negative DNS response caching + in postscreen. Postfix was inadvertently changed to call + res_query() instead of res_search(). + * Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro + overrides from a Milter application. Postfix now evaluates the + Milter macros for an SMTP CONNECT event after the Postfix-to-Milter + connection is negotiated. + * Bug (introduced: Postfix 3.0): sanitize (remote) server responses + before storing them in the verify database, to avoid Postfix + warnings about malformed UTF8. Found during code maintenance. + +------------------------------------------------------------------- +Wed Nov 27 19:55:30 UTC 2019 - Michael Ströder + +- Update to 3.4.8: + * Fix for an Exim interoperability problem when postscreen after-220 + checks are enabled. Bug introduced in Postfix 3.4: the code + that detected "PIPELINING after BDAT" looked at the wrong + variable. The warning now says "BDAT without valid RCPT", and + the error is no longer treated as a command PIPELINING error, + thus allowing mail to be delivered. Meanwhile, Exim has been + fixed to stop sending BDAT commands when postscreen rejects all + RCPT commands. + * Usability bug, introduced in Postfix 3.4: the parser for + key/certificate chain files rejected inputs that contain an EC + PARAMETERS object. While this is technically correct (the + documentation says what types are allowed) this is surprising + behavior because the legacy cert/key parameters will accept + such inputs. For now, the parser skips object types that it + does not know about for usability, and logs a warning because + ignoring inputs is not kosher. + * Bug introduced in Postfix 2.8: don't gratuitously enable all + after-220 tests when only one such test is enabled. This made + selective tests impossible with 'good' clients. This will be + fixed in older Postfix versions at some later time. + +------------------------------------------------------------------- +Tue Sep 24 07:59:04 UTC 2019 - Martin Liška + +- Backport deprecated-RES_INSECURE1.patch in order to fix + boo#1149705. + +------------------------------------------------------------------- +Sun Sep 22 16:45:39 UTC 2019 - Michael Ströder + +- Update to 3.4.7: + * Robustness: the tlsproxy(8) daemon could go into a loop, logging + a flood of error messages. Problem reported by Andreas Schulze + after enabling SMTP/TLS connection reuse. + * Workaround: OpenSSL changed an SSL_Shutdown() non-error result + value into an error result value, causing logfile noise. + * Configuration: the new 'TLS fast shutdown' parameter name was + implemented incorrectly. The documentation said + "tls_fast_shutdown_enable", but the code said "tls_fast_shutdown". + This was fixed by changing the code, because no-one is expected + to override the default. + * Performance: workaround for poor TCP loopback performance on + LINUX, where getsockopt(..., TCP_MAXSEG, ...) reports a bogus + TCP maximal segment size that is 1/2 to 1/3 of the real MSS. + To avoid client-side Nagle delays or server-side delayed ACKs + caused by multiple smaller-than-MSS writes, Postfix chooses a + VSTREAM buffer size that is a small multiple of the reported + bogus MSS. This workaround increases the multiplier from 2x to + 4x. + * Robustness: the Postfix Dovecot client could segfault (null + pointer read) or cause an SMTP server assertion to fail when + talking to a fake Dovecot server. The Postfix Dovecot client + now logs a proper error instead. + +------------------------------------------------------------------- +Thu Sep 19 06:20:48 UTC 2019 - Peter Varkoly + +- bsc#1120757 L3: File Permissions->Paranoid can cause a system hang + Break loop if postfix has no permission in spool directory. + - add postfix-avoid-infinit-loop-if-no-permission.patch + +------------------------------------------------------------------- +Fri Aug 9 14:50:12 UTC 2019 - chris@computersalat.de + +- fix for boo#1144946 + mydestination - missing default localhost + * update config.postfix + +------------------------------------------------------------------- +Fri Jul 26 08:26:07 UTC 2019 - Peter Varkoly + +- bsc#1142881 - mkpostfixcert from Postfix still uses md + +------------------------------------------------------------------- +Thu Jul 25 12:38:43 UTC 2019 - matthias.gerstner@suse.com + +- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by + firewalld, see [1]. + + [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html + +------------------------------------------------------------------- +Sun Jul 21 23:54:34 UTC 2019 - chris@computersalat.de + +- update example POSTFIX_BASIC_SPAM_PREVENTION: permit_mynetworks for + * POSTFIX_SMTPD_HELO_RESTRICTIONS + * POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS +- fix for: Can't connect to local MySQL server through socket + '/run/mysql/mysql.sock' + * update config.postfix + * update update_chroot.systemd + +------------------------------------------------------------------- +Wed Jul 3 08:43:58 UTC 2019 - Michael Ströder + +- Update to 3.4.6: + * Workaround for implementations that hang Postfix while shutting + down a TLS session, until Postfix times out. With + "tls_fast_shutdown_enable = yes" (the default), Postfix no + longer waits for the TLS peer to respond to a TLS 'close' + request. This is recommended with TLSv1.0 and later. + * Fixed a too-strict censoring filter that broke multiline Milter + responses for header/body events. Problem report by Andreas + Thienemann. + * The code to reset Postfix SMTP server command counts was not + called after a HaProxy handshake failure, causing stale numbers + to be reported. Problem report by Joseph Ward. + * postconf(5) documentation: tlsext_padding is not a tls_ssl_options + feature. + * smtp(8) documentation: updated the BUGS section text about + Postfix support to reuse open TLS connections. + * Portability: added "#undef sun" to util/unix_dgram_connect.c. + +------------------------------------------------------------------- +Wed Jun 26 13:52:30 UTC 2019 - Peter Varkoly + +- Ensure that postfix is member of all groups as before. + +------------------------------------------------------------------- +Wed Jun 12 14:30:34 UTC 2019 - Dominique Leuenberger + +- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to + shortcut the build queues by allowing usage of systemd-mini + +------------------------------------------------------------------- +Thu Jun 6 09:29:34 UTC 2019 - Tomáš Chvátal + +- Drop the omc config fate#301838: + * it is obsolete since SLE11 + +------------------------------------------------------------------- +Wed May 8 09:27:51 UTC 2019 - Peter Varkoly + +- bsc#1104543 config.postfix does not start tlsmgr in master.cf + when using POSTFIX_SMTP_TLS_CLIENT="must". Applyed the proposed + patch. + +------------------------------------------------------------------- +Sun Mar 31 09:08:58 UTC 2019 - Michael Ströder + +- Update to 3.4.5: + Bugfix (introduced: Postfix 3.0): LMTP connections over + UNIX-domain sockets were cached but not reused, due to a + cache lookup key mismatch. Therefore, idle cached connections + could exhaust LMTP server resources, resulting in two-second + pauses between email deliveries. This problem was investigated + by Juliana Rodrigueiro. File: smtp/smtp_connect.c. + +------------------------------------------------------------------- +Mon Mar 18 09:56:11 UTC 2019 - Peter Varkoly + +- Update to 3.4.4 + + o Incompatible changes + - The Postfix SMTP server announces CHUNKING (BDAT + command) by default. In the unlikely case that this breaks some + important remote SMTP client, disable the feature as follows: + + /etc/postfix/main.cf: + # The logging alternative: + smtpd_discard_ehlo_keywords = chunking + # The non-logging alternative: + smtpd_discard_ehlo_keywords = chunking, silent_discard + - This introduces a new master.cf service 'postlog' + with type 'unix-dgram' that is used by the new postlogd(8) daemon. + Before backing out to an older Postfix version, edit the master.cf + file and remove the postlog entry. + - Postfix 3.4 drops support for OpenSSL 1.0.1 + - To avoid performance loss under load, the + tlsproxy(8) daemon now requires a zero process limit in master.cf + (this setting is provided with the default master.cf file). By + default, a tlsproxy(8) process will retire after several hours. + - To set the tlsproxy process limit to zero: + postconf -F tlsproxy/unix/process_limit=0 + postfix reload + o Major changes + - Postfix SMTP server support for RFC 3030 CHUNKING + (the BDAT command) without BINARYMIME, in both smtpd(8) and + postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions, + and smtpd_proxy_filter. See BDAT_README for more. + - Support for logging to file or stdout, instead of using syslog. + - Logging to file solves a usability problem for MacOS, and + eliminates multiple problems with systemd-based systems. + - Logging to stdout is useful when Postfix runs in a container, as + it eliminates a syslogd dependency. + - Better handling of undocumented(!) Linux behavior + whether or not signals are delivered to a PID=1 process. + - Support for (key, list of filenames) in map source text. + Currently, this feature is used only by tls_server_sni_maps. + - Automatic retirement: dnsblog(8) and tlsproxy(8) process + will now voluntarily retire after after max_idle*max_use, or some + sane limit if either limit is disabled. Without this, a process + could stay busy for days or more. + - Postfix SMTP client support for multiple deliveries + per TLS-encrypted connection. This is primarily to improve mail + delivery performance for destinations that throttle clients when + they don't combine deliveries. + This feature is enabled with "smtp_tls_connection_reuse=yes" in + main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps. + It supports all Postfix TLS security levels including dane and + dane-only. + - SNI support in the Postfix SMTP server, the + Postfix SMTP client, and in the tlsproxy(8) daemon (both server and + client roles). See the postconf(5) documentation for the new + tls_server_sni_maps and smtp_tls_servername parameters. + - Support for files that contain multiple (key, certificate, trust chain) + instances. This was required to implement + server-side SNI table lookups, but it also eliminates the need for + separate cert/key files for RSA, DSA, Elliptic Curve, and so on. + - Support for smtpd_reject_footer_maps (as well as the postscreen + variant postscreen_reject_footer_maps) for more informative reject + messages. This is indexed with the Postfix SMTP server response + text, and overrides the footer specified with smtpd_reject_footer. + One will want to use a pcre: or regexp: map with this. + o Bugfixes + - Andreas Schulze discovered that reject_multi_recipient_bounce + was producing false rejects with BDAT commands. This problem + already existed with Postfix 2.2 smtpd_end_of_data_restrictons. + Postfix 3.4.4 fixes both. + +------------------------------------------------------------------- +Tue Mar 5 13:21:35 UTC 2019 - Jiri Slaby + +- postfix-linux45.patch: support also newer kernels -- pretend + we are still at kernel 3. Note that there are no conditionals for + LINUX3 or LINUX4. And LINUX5 was generated, but not tested in the + code which caused build failures. + +------------------------------------------------------------------- +Mon Mar 4 14:43:05 UTC 2019 - Marcus Rueckert + +- skip set -x and fix version update changes entry + +------------------------------------------------------------------- +Sat Mar 2 19:26:21 UTC 2019 - Michael Ströder + +- Update to 3.3.3 + * When the master daemon runs with PID=1 (init mode), it will now + reap child processes from non-Postfix code running in the same + container, instead of terminating with a panic. + * Bugfix (introduced: postfix-2.11): with posttls-finger, + connections to unix-domain servers always resulted in "Failed + to establish session" even after a connection was established. + Jaroslav Skarva. File: posttls-finger/posttls-finger.c. + * Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes, + table lookups could casefold the search string when searching + a lookup table that does not use fixed-string keys (regexp, + pcre, tcp, etc.). Historically, Postfix would not case-fold + the search string with such tables. File: util/dict_utf8.c. + +------------------------------------------------------------------- +Fri Mar 1 16:23:13 UTC 2019 - Reinhard Max + +- PostrgeSQL's pg_config is meant for linking server extensions, + use libpq's pkg-config instead, if available. + This is needed to fix build with PostgreSQL 11. + +------------------------------------------------------------------- +Thu Feb 7 18:22:14 UTC 2019 - chris@computersalat.de + +- rework config.postfix + * disable commenting of smtpd_sasl_path/smtpd_sasl_type + no need to comment, cause it is set to default anyway + and 'uncommenting' would place it at end of file then + which is not wanted + +------------------------------------------------------------------- +Sat Jan 26 19:28:02 UTC 2019 - chris@computersalat.de + +- rework postfix-main.cf.patch + * disable virtual_alias_domains cause (default: $virtual_alias_maps) +- rework config.postfix + * disable PCONF of virtual_alias_domains + virtual_alias_maps will be set anyway to the correct value + * extend virtual_alias_maps with + - mysql_virtual_alias_domain_maps.cf + - mysql_virtual_alias_domain_catchall_maps.cf +- rework postfix-mysql, added + * mysql_virtual_alias_domain_maps.cf + * mysql_virtual_alias_domain_catchall_maps.cf + needed for reject_unverified_recipient + +------------------------------------------------------------------- +Thu Dec 13 10:20:31 UTC 2018 - malte.kraus@suse.com + +- binary hardening: link with full RELRO + +------------------------------------------------------------------- +Sun Nov 25 10:18:07 UTC 2018 - Michael Ströder + +- Update to 3.3.2 + * Support for OpenSSL 1.1.1 and TLSv1.3. + * Bugfixes: + - smtpd_discard_ehlo_keywords could not disable "SMTPUTF8", because + some lookup table was using "EHLO_MASK_SMTPUTF8" instead. + - minor memory leak in DANE support when minting issuer certs. + - The Postfix build did not abort if the m4 command was not installed, + resulting in a broken postconf command. + +------------------------------------------------------------------- +Sat Nov 24 17:08:30 UTC 2018 - chris@computersalat.de + +- add POSTFIX_RELAY_DOMAINS + * more flexibility to add to relay_domains without breaking + config.postfix + * rework restriction examples in sysconf.postfix + based on postfix-buch.com (2. edtion by Hildebrandt, Koetter) +- disable weak cipher: RC4 + after check with https://ssl-tools.net/mailservers + +------------------------------------------------------------------- +Mon Oct 22 13:00:03 UTC 2018 - chris@computersalat.de + +- update config.postfix + * don't reject mail from authenticated users even if + reject_unknown_client_hostname would match, + add permit_sasl_authenticated to all restrictions + requires smtpd_delay_reject = yes +- update postfix-main.cf.patch + * recover removed setting smtpd_sasl_path and smtpd_sasl_type, + set to default value + config.postfix will not 'enable' (remove #) var, but place + modified (enabled) var at end of file, far away from place + where it should be +- rebase patches + * fix-postfix-script.patch + * postfix-vda-v14-3.0.3.patch + * postfix-linux45.patch + * postfix-master.cf.patch + * pointer_to_literals.patch + * postfix-no-md5.patch + +------------------------------------------------------------------- +Thu Oct 4 12:51:32 UTC 2018 - varkoly@suse.com + +- bsc#1092939 - Postfixes postconf gives a lot of LDAP related warnings + o add m4 as buildrequires, as proposed. + +------------------------------------------------------------------- +Mon Aug 27 09:38:29 UTC 2018 - tchvatal@suse.com + +- Add zlib-devel as buildrequires, previously included from + openssl-devel + +------------------------------------------------------------------- +Fri May 25 11:19:22 UTC 2018 - varkoly@suse.com + +- bsc#1087471 Unreleased Postfix update breaks SUSE Manager + o Removing setting smtpd_sasl_path and smtpd_sasl_type to empty + +------------------------------------------------------------------- +Mon May 21 16:31:57 UTC 2018 - michael@stroeder.com + +- Update to 3.3.1 + * Postfix did not support running as a PID=1 process, which + complicated Postfix deployment in containers. The "postfix + start-fg" command will now run the Postfix master daemon as a + PID=1 process if possible. Thanks for inputs from Andreas + Schulze, Eray Aslan, and Viktor Dukhovni. + * Segfault in the postconf(1) command after it could not open a + Postfix database configuration file due to a file permission + error (dereferencing a null pointer). Reported by Andreas + Hasenack, fixed by Viktor Dukhovni. + * The luser_relay feature became a black hole, when the luser_relay + parameter was set to a non-existent local address (i.e. mail + disappeared silently). Reported by J?rgen Thomsen. + * Missing error propagation in the tlsproxy(8) daemon could result + in a segfault after TLS handshake error (dereferencing a + 0xffff...ffff pointer). This daemon handles the TLS protocol + when a non-whitelisted client sends a STARTTLS command to + postscreen(8). + +------------------------------------------------------------------- +Wed May 9 09:02:12 UTC 2018 - lnussel@suse.de + +- remove pre-requirements on sysvinit(network) and sysvinit(syslog). + There seems to be no good reason for that other than blowing up + the dependencies (bsc#1092408). + +------------------------------------------------------------------- +Mon Apr 9 09:32:56 UTC 2018 - adam.majer@suse.de + +- bsc#1071807 postfix-SuSE/config.postfix: only reload postfix + if the actual service is running. This prevents spurious + and irrelevant error messages in system logs. + +------------------------------------------------------------------- +Thu Mar 22 14:20:20 UTC 2018 - varkoly@suse.com + +- bsc#1082514 autoyast: postfix gets not set myhostname properly - + set to localhost + +------------------------------------------------------------------- +Mon Mar 12 13:43:43 UTC 2018 - ilya@ilya.pp.ua + +- Refresh spec-file via spec-cleaner and manual optinizations. + * Add %license macro. + * Set license to IPL-1.0 OR EPL-2.0. +- Update to 3.3.0 + * http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.0.RELEASE_NOTES + * Dual license: in addition to the historical IBM Public License + 1.0, Postfix is now also distributed with the more recent Eclipse + Public License 2.0. Recipients can choose to take the software + under the license of their choice. Those who are more comfortable + with the IPL can continue with that license. + * The postconf command now warns about unknown parameter names + in a Postfix database configuration file. As with other unknown + parameter names, these warnings can help to find typos early. + * Container support: Postfix 3.3 will run in the foreground with + "postfix start-fg". This requires that Postfix multi-instance + support is disabled (the default). To collect Postfix syslog + information on the container's host, mount the host's /dev/log + socket into the container, for example with "docker run -v + /dev/log:/dev/log ...other options...", and specify a distinct + Postfix syslog_name setting in the container (for example with + "postconf syslog_name=the-name-here"). + * Milter support: applications can now send RET and ENVID parameters + in SMFIR_CHGFROM (change envelope sender) requests. + * Postfix-generated From: headers with 'full name' information + are now formatted as "From: name
" by default. Specify + "header_from_format = obsolete" to get the earlier form "From: + address (name)". + * Interoperability: when Postfix IPv6 and IPv4 support are both + enabled, the Postfix SMTP client will now relax MX preferences + and attempt to schedule similar numbers of IPv4 and IPv6 + addresses. This works around mail delivery problems when a + destination announces lots of primary MX addresses on IPv6, but + is reachable only over IPv4 (or vice versa). The new behavior + is controlled with the smtp_balance_mx_inet_protocols parameter. + * Compatibility safety net: with compatibility_level < 1, the + Postfix SMTP server now warns for mail that would be blocked + by the Postfix 2.10 smtpd_relay_restrictions feature, without + blocking that mail. There still is a steady trickle of sites + that upgrade from an earlier Postfix version. + +------------------------------------------------------------------- +Tue Feb 13 10:39:37 UTC 2018 - varkoly@suse.com + +- bsc#1065411 Package postfix should require package system-user-nobody +- bsc#1080772 postfix smtpd throttle getting "hello" if no sasl auth + was configured + +------------------------------------------------------------------- +Thu Dec 7 15:02:14 UTC 2017 - dimstar@opensuse.org + +- Fix usage of fillup_only:-y is not a valid option to this macro. + +------------------------------------------------------------------- +Thu Nov 23 13:43:17 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Wed Nov 8 13:32:28 CET 2017 - kukuk@suse.de + +- Don't mark postfix.service as config file, this is no config + file. +- Some of the Requires(pre) are needed for post-install and at + runtime, fix the requires. + +------------------------------------------------------------------- +Mon Oct 30 12:12:08 UTC 2017 - michael@stroeder.com + +- update to 3.2.4 + * DANE interoperability. Postfix builds with OpenSSL 1.0.0 or + 1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS + records associated with an intermediate CA certificate. Problem + report and initial fix by Erwan Legrand. + * Missing dynamicmaps support in the Postfix sendmail command. + This broke authorized_submit_users settings that use a + dynamically-loaded map type. Problem reported by Ulrich Zehl. + +------------------------------------------------------------------- +Fri Oct 20 12:27:12 UTC 2017 - varkoly@suse.com + +- bnc#1059512 L3: Postfix Problem + The applied changes breaks existing postfix configurations because + daemon_directory was not adapted to the new value. + + +------------------------------------------------------------------- +Sun Oct 15 22:47:29 UTC 2017 - chris@computersalat.de + +- fix build for SLE + * nothing provides libnsl-devel + * add bcond_with libnsl + +------------------------------------------------------------------- +Wed Oct 4 10:58:28 UTC 2017 - varkoly@suse.com + +- bnc#1059512 L3: Postfix Problem + To manage multiple Postfix instances on a single host requires + that daemon_directory and shlib_directory is different to + avoid use of the shared directories also as per-instance directories. + For this reason daemon_directory was set to /usr/lib/postfix/bin/. + shlib_directory stands /usr/lib/postfix/. + +------------------------------------------------------------------- +Thu Sep 28 08:44:41 UTC 2017 - varkoly@suse.com + +- bnc#1016491 postfix raported to log "warning: group or other writable:" + on each symlink in config. + * Add fix-postfix-script.patch + +------------------------------------------------------------------- +Mon Sep 25 16:25:05 UTC 2017 - michael@stroeder.com + +- update to 3.2.3 + * Extension propagation was broken with "recipient_delimiter = .". + This change reverts a change that was trying to be too clever. + * The postqueue command would abort with a panic message after it + experienced an output write error while listing the mail queue. + This change restores a write error check that was lost with the + Postfix 3.2 rewrite of the vbuf_print formatter. + * Restored sanity checks for dynamically-specified width and precision + in format strings (%*, %.*, and %*.*). These checks were lost with + the Postfix 3.2 rewrite of the vbuf_print formatter. + +------------------------------------------------------------------- +Thu Aug 17 08:56:15 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Jul 27 10:31:01 UTC 2017 - varkoly@suse.com + +- bnc#1045264 L3: postmap problem + * Applying proposed patch of leen.meyer@ziggo.nl in bnc#771811 + +------------------------------------------------------------------- +Fri Jun 16 17:45:55 UTC 2017 - michael@stroeder.com + +- update to 3.2.2 + * Security: Berkeley DB versions 2 and later try to read settings + from a file DB_CONFIG in the current directory. This undocumented + feature may introduce undisclosed vulnerabilities resulting in + privilege escalation with Postfix set-gid programs (postdrop, + postqueue) before they chdir to the Postfix queue directory, + and with the postmap and postalias commands depending on whether + the user's current directory is writable by other users. This + fix does not change Postfix behavior for Berkeley DB versions + < 3, but it does reduce postmap and postalias 'create' performance + with Berkeley DB versions 3.0 .. 4.6. + * The SMTP server receive_override_options were not restored at + the end of an SMTP session, after the options were modified by + an smtpd_milter_maps setting of "DISABLE". Milter support + remained disabled for the life time of the smtpd process. + * After the Postfix 3.2 address/domain table lookup overhaul, the + check_sender_access and check_recipient_access features ignored + a non-default parent_domain_matches_subdomains setting. + +------------------------------------------------------------------- +Wed Apr 19 20:36:03 UTC 2017 - chris@computersalat.de + +- revert changes of postfix-main.cf.patch from rev=261 + * config.postfix will not 'enable' (remove #) var, but place + modified (enabled) var at end of file, far away from place + where it should be + * keep vars enabled but empty + +------------------------------------------------------------------- +Thu Apr 13 09:18:45 UTC 2017 - werner@suse.de + +- Some cleanups + * Fix SUSE postfix-files to avoid chown errors (anyway this file + seems to be obsolete) + * Avoid installing shared libraries twice + * Refresh patch postfix-linux45.patch + +------------------------------------------------------------------- +Sat Apr 8 15:06:14 UTC 2017 - chris@computersalat.de + +- update postfix-master.cf.patch + * recover lost (with 3.2.0 update) submission, smtps sections + * merge with upstream update +- update config.postfix + * update master.cf generation for submission +- rebase patches against 3.2.0 + * pointer_to_literals.patch + * postfix-no-md5.patch + * postfix-ssl-release-buffers.patch + * postfix-vda-v14-3.0.3.patch + +------------------------------------------------------------------- +Mon Mar 20 18:01:36 CET 2017 - kukuk@suse.de + +- Require system group mail +- Use mail group name instead of GID + +------------------------------------------------------------------- +Mon Mar 6 21:27:38 UTC 2017 - mrueckert@suse.de + +- update to 3.2.0 + - [Feature 20170128] Postfix 3.2 fixes the handling of address + extensions with email addresses that contain spaces. For + example, the virtual_alias_maps, canonical_maps, and + smtp_generic_maps features now correctly propagate an address + extension from "aa bb+ext"@example.com to "cc + dd+ext"@other.example, instead of producing broken output. + - [Feature 20161008] "PASS" and "STRIP" actions in + header/body_checks. "STRIP" is similar to "IGNORE" but also + logs the action, and "PASS" disables header, body, and Milter + inspection for the remainder of the message content. + Contributed by Hobbit. + - [Feature 20160330] The collate.pl script by Viktor Dukhovni for + grouping Postfix logfile records into "sessions" based on queue + ID and process ID information. It's in the auxiliary/collate + directory of the Postfix source tree. + - [Feature 20160527] Postfix 3.2 cidr tables support if/endif and + negation (by prepending ! to a pattern), just like regexp and + pcre tables. The primarily purpose is to improve readability + of complex tables. See the cidr_table(5) manpage for syntax + details. + - [Incompat 20160925] In the Postfix MySQL database client, the + default option_group value has changed to "client", to enable + reading of "client" option group settings in the MySQL options + file. This fixes a "not found" problem with Postfix queries + that contain UTF8-encoded non-ASCII text. Specify an empty + option_group value (option_group =) to get backwards-compatible + behavior. + - [Feature 20161217] Stored-procedure support for MySQL + databases. Contributed by John Fawcett. See mysql_table(5) for + instructions. + - [Feature 20170128] The postmap command, and the inline: and + texthash: maps now support spaces in left-hand field of the + lookup table "source text". Use double quotes (") around a + left-hand field that contains spaces, and use backslash (\) to + protect embedded quotes in a left-hand field. There is no + change in the processing of the right-hand field. + - [Feature 20160611] The Postfix SMTP server local IP address and + port are available in the policy delegation protocol (attribute + names: server_address, server_port), in the Milter protocol + (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT + protocol (attribute names: DESTADDR, DESTPORT). + - [Feature 20161024] smtpd_milter_maps support for per-client + Milter configuration that overrides smtpd_milters, and that has + the same syntax. A lookup result of "DISABLE" turns off Milter + support. See MILTER_README.html for details. + - [Feature 20160611] The Postfix SMTP server local IP address and + port are available in the policy delegation protocol (attribute + names: server_address, server_port), in the Milter protocol + (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT + protocol (attribute names: DESTADDR, DESTPORT). + - [Incompat 20170129] The postqueue command no longer forces all + message arrival times to be reported in UTC. To get the old + behavior, set TZ=UTC in main.cf:import_environment (this + override is not recommended, as it affects all Postfix utities + and daemons). + - [Incompat 20161227] For safety reasons, the sendmail -C option + must specify an authorized directory: the default configuration + directory, a directory that is listed in the default main.cf + file with alternate_config_directories or + multi_instance_directories, or the command must be invoked with + root privileges (UID 0 and EUID 0). This mitigates a recurring + problem with the PHP mail() function. + - [Feature 20160625] The Postfix SMTP server now passes remote + client and local server network address and port information to + the Cyrus SASL library. Build with ``make makefiles + "CCARGS=$CCARGS -DNO_IP_CYRUS_SASL_AUTH"'' for backwards + compatibility. + - [Feature 20161103] Postfix 3.2 disables the 'transitional' + compatibility between the IDNA2003 and IDNA2008 standards for + internationalized domain names (domain names beyond the limits + of US-ASCII). + + This change makes Postfix behavior consistent with contemporary + web browsers. It affects the handling of some corner cases such + as German sz and Greek zeta. See + http://unicode.org/cldr/utility/idna.jsp for more examples. + + Specify "enable_idna2003_compatibility = yes" to restore + historical behavior (but keep in mind that the rest of the + world may not make that same choice). + - [Feature 20160828] Fixes for deprecated OpenSSL 1.1.0 API + features, so that Postfix will build without depending on + backwards-compatibility support. + + [Incompat 20161204] Postfix 3.2 removes tentative features that + were implemented before the DANE spec was finalized: + + - Support for certificate usage PKIX-EE(1), + + - The ability to disable digest agility (Postfix now behaves as + if "tls_dane_digest_agility = on"), and + + - The ability to disable support for "TLSA 2 [01] [12]" records + that specify the digest of a trust anchor (Postfix now + behaves as if "tls_dane_trust_anchor_digest_enable = yes). + - [Feature 20161217] Postfix 3.2 enables elliptic curve + negotiation with OpenSSL >= 1.0.2. This changes the default + smtpd_tls_eecdh_grade setting to "auto", and introduces a new + parameter tls_eecdh_auto_curves with the names of curves that + may be negotiated. + + The default tls_eecdh_auto_curves setting is determined at + compile time, and depends on the Postfix and OpenSSL versions. + At runtime, Postfix will skip curve names that aren't supported + by the OpenSSL library. + - [Feature 20160611] The Postfix SMTP server local IP address and + port are available in the policy delegation protocol (attribute + names: server_address, server_port), in the Milter protocol + (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT + protocol (attribute names: DESTADDR, DESTPORT). +- refresh postfix-master.cf.patch + +------------------------------------------------------------------- +Mon Mar 6 14:04:13 UTC 2017 - wr@rosenauer.org + +- make sure that system users can be created in %pre + +------------------------------------------------------------------- +Sat Feb 18 14:01:35 UTC 2017 - kukuk@suse.com + +- Fix requires: + - shadow is needed for postfix-mysql pre-install section + - insserv is not needed if systemd is used + +------------------------------------------------------------------- +Sat Jan 21 23:27:34 UTC 2017 - chris@computersalat.de + +- update postfix-mysql + * update mysql_*.cf files + * update postfix-mysql.sql (INNODB, utf8) +- update postfix-main.cf.patch + * uncomment smtpd_sasl_path, smtpd_sasl_type + can be changed via POSTFIX_SMTP_AUTH_SERVICE=(cyrus,dovecot) + * add option for smtp_tls_policy_maps (commented) +- update postfix-master.cf.patch + * fix indentation of submission, smtps options for correct + enabling via config.postfix +- update config.postfix + * fix sync of CA certificates + * fix master.cf generation for submission, smtps +- rebase postfix-vda-v14-3.0.3.patch + +------------------------------------------------------------------- +Wed Jan 11 14:07:35 UTC 2017 - varkoly@suse.com + +- FATE#322322 Update postfix to version 3.X + Merging changes with SLES12-SP2 + Removeved patches: add_missed_library.patch bnc#947707.diff dynamic_maps.patch postfix-db6.diff + postfix-opensslconfig.patch bnc#947519.diff dynamic_maps_pie.patch + postfix-post-install.patch + These are included in the new version of postfix +- Remove references to SuSEconfig.postfix from sysconfig docs. + (bsc#871575) +- bnc#947519 SuSEconfig.postfix should enforce umask 022 +- bnc#947707 mail generated by Amavis being prevented from being re-adressed by /etc/postfix/virtual +- bnc#972346 /usr/sbin/SuSEconfig.postfix is wrong +- postfix-linux45.patch: handle Linux 4.x and Linux 5.x (used by aarch64) + (bsc#940289) + +------------------------------------------------------------------- +Tue Jan 3 12:20:18 UTC 2017 - varkoly@suse.com + +- update to 3.1.4 + * The postscreen daemon did not merge the client test status information + for concurrent sessions from the same IP address. + * The Postfix SMTP server falsely rejected a sender address when validating + a sender address with "smtpd_reject_unlisted_recipient = yes" or with + "reject_unlisted_sender". Cause: the address validation code did not query sender_canonical_maps. + * The virtual delivery agent did not detect failure to skip to the end + of a mailbox file, so that mail would be delivered to the beginning of the file. + This could happen when a mailbox file was already larger than the virtual mailbox size limit. + * The postsuper logged an incorrect rename operation count after creating a missing directory. + * The Postfix SMTP server falsely rejected mail when a sender-dependent "error" + transport was configured. Cause: the SMTP server address validation code + was not updated when the sender_dependent_default_transport_maps feature + was introduced. + * The Postfix SMTP server falsely rejected an SMTPUTF8 sender address, when "smtpd_delay_reject = no". + * The "postfix tls deploy-server-cert" command used the wrong certificate + and key file. This was caused by a cut-and-paste error in the postfix-tls-script file. + +------------------------------------------------------------------- +Sat Nov 26 15:43:57 UTC 2016 - chris@computersalat.de + +- improve config.postfix + * improve SASL stuff + * add POSTFIX_SMTP_AUTH_SERVICE=(cyrus|dovecot) + +------------------------------------------------------------------- +Mon Nov 14 21:53:18 UTC 2016 - chris@computersalat.de + +- improve config.postfix + * improve with MySQL stuff + +------------------------------------------------------------------- +Mon Nov 7 13:35:38 UTC 2016 - chris@computersalat.de + +- update vda patch to latest available + * remove postfix-vda-v13-3.10.0.patch + * add postfix-vda-v14-3.0.3.patch +- rebase patches (and to be p0) + * pointer_to_literals.patch + * postfix-main.cf.patch + * postfix-master.cf.patch + * postfix-no-md5.patch + * postfix-ssl-release-buffers.patch +- add /etc/postfix/ssl as default DIR for SSL stuff + * cacerts -> ../../ssl/certs/ + * certs/ +- revert POSTFIX_SSL_PATH from '/etc/ssl' to '/etc/postfix/ssl' +- improve config.postfix + * revert smtpd_tls_CApath to POSTFIX_SSL_PATH/cacerts which is a + symlink to /etc/ssl/certs + Without reverting, 'gen_CA' would create files which would then be on + the previous defined 'sslpath(/etc/ssl)/certs' (smtpd_tls_CApath) + Cert reqs would be placed in 'sslpath(/etc/ssl)/certs/postfixreq.pem' + which is not a good idea. + * mkchroot: sync '/etc/postfix/ssl' to chroot + * improve PCONF for smtp{,d}_tls_{cert,key}_file, adding/removing from + main.cf, show warning if enabled and file is missing + +------------------------------------------------------------------- +Sun Oct 9 20:11:34 UTC 2016 - michael@stroeder.com + +- update to 3.1.3: + * The Postfix SMTP server did not reset a previous session's + failed/total command counts before rejecting a client that + exceeds request or concurrency rates. This resulted in incorrect + failed/total command counts being logged at the end of the + rejected session. + * The unionmap multi-table interface did not propagate table + lookup errors, resulting in false "user unknown" responses. + * The documentation was updated with a workaround for false "not + found" errors with MySQL map queries that contain UTF8-encoded + text. The workaround is to specify "option_group = client" in + Postfix MySQL configuration files. This will be the default + setting with Postfix 3.2 and later. + +------------------------------------------------------------------- +Sun Sep 4 15:33:27 UTC 2016 - michael@stroeder.com + +- update to 3.1.2: + * Changes to make Postfix build with OpenSSL 1.1.0. + * The makedefs script ignored readme_directory=pathname overrides. + Fix by Todd C. Olson. + * The tls_session_ticket_cipher documentation says that the default + cipher for TLS session tickets is aes-256-cbc, but the implemented + default was aes-128-cbc. Note that TLS session ticket keys are + rotated after 1/2 hour, to limit the impact of attacks on session + ticket keys. + +------------------------------------------------------------------- +Thu Jun 2 12:26:17 UTC 2016 - schwab@suse.de + +- postfix-post-install.patch: remove empty patch + +------------------------------------------------------------------- +Sun May 29 16:45:30 UTC 2016 - chris@computersalat.de + +- fix Changelog cause of Factory decline + +------------------------------------------------------------------- +Tue May 24 13:18:55 UTC 2016 - varkoly@suse.com + +- Fix typo in config.postfix + +------------------------------------------------------------------- +Tue May 24 04:29:41 UTC 2016 - varkoly@suse.com + +- bnc#981097 config.postfix creates broken main.cf for tls client configuration +- bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete +- update to 3.1.1: +- The new address_verify_pending_request_limit + parameter introduces a safety limit for the number of address + verification probes in the active queue. The default limit is 1/4 + of the active queue maximum size. The queue manager enforces the + limit by tempfailing probe messages that exceed the limit. This + design avoids dependencies on global counters that get out of sync + after a process or system crash. +- Machine-readable, JSON-formatted queue listing with "postqueue -j" + (no "mailq" equivalent). +- The milter_macro_defaults feature provides an optional list of macro + name=value pairs. These specify default values for Milter macros when + no value is available from the SMTP session context. +- Support to enforce a destination-independent delay between email + deliveries. The following example inserts 20 seconds of delay + between all deliveries with the SMTP transport, limiting the delivery + rate to at most three messages per minute. + smtp_transport_rate_delay = 20s +- Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes + that a "not found" result from a DNSBL server will be valid for one + hour. This may have been adequate five years ago when postscreen + was first implemented, but nowadays, that one hour can result in + missed opportunities to block new spambots. + To address this, postscreen now respects the TTL of DNSBL "not + found" replies, as well as the TTL of DNSWL replies (both "found" + and "not found"). The TTL for a "not found" reply is determined + according to RFC 2308 (the TTL of an SOA record in the reply). + + Support for DNSBL or DNSWL reply TTL values is controlled by two + configuration parameters: + + postscreen_dnsbl_min_ttl (default: 60 seconds). + postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour) + + The postscreen_dnsbl_ttl parameter is now obsolete, and has become + the default value for the new postscreen_dnsbl_max_ttl parameter. +- New "smtpd_client_auth_rate_limit" feature, to + enforce an optional rate limit on AUTH commands per SMTP client IP + address. Similar to other smtpd_client_*_rate_limit features, this + enforces a limit on the number of requests per $anvil_rate_time_unit. +- New SMTPD policy service attribute "policy_context", + with a corresponding "smtpd_policy_service_policy_context" configuration + parameter. Originally, this was implemented to share the same SMTPD + policy service endpoint among multiple check_policy_service clients. +- A new "postfix tls" command to quickly enable opportunistic TLS + in the Postfix SMTP client or server, and to manage SMTP server keys + and certificates, including certificate signing requests and + TLSA DNS records for DANE. + +------------------------------------------------------------------- +Tue Apr 19 07:59:32 UTC 2016 - opensuse@dstoecker.de + +- build with working support for SMTPUTF8 + +------------------------------------------------------------------- +Sun Mar 20 14:11:27 UTC 2016 - mrueckert@suse.de + +- fix build on sle11 by pointing _libexecdir to /usr/lib all the + time. + +------------------------------------------------------------------- +Sun Mar 20 13:46:56 UTC 2016 - mrueckert@suse.de + +- some distros did not pull pkgconfig indirectly. pull it directly. + +------------------------------------------------------------------- +Sun Mar 20 08:19:23 UTC 2016 - mrueckert@suse.de + +- fix building the dynamic maps: the old build had postgresql e.g. + with missing symbols. + - convert to AUXLIBS_* instead of plain AUXLIBS which is needed + for proper dynamic maps. + - reordered the CCARGS and AUXLIBS* lines to group by feature + - use pkgconfig or *_config tools where possible +- picked up signed char from fedora spec file +- enable lmdb support: new BR lmdb-devel, new subpackage + postfix-lmdb. +- don't delete vmail user/groups + +------------------------------------------------------------------- +Wed Mar 9 13:06:35 UTC 2016 - varkoly@suse.com + +- update to 3.1.0 +- Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, + lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. + Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch + could be removed. +- Adapting all the patches to postfix 3.1.0 +- remove obsolete patches + * add_missed_library.patch + * postfix-opensslconfig.patch +- update vda patch + * remove postfix-vda-v13-2.10.0.patch + * add postfix-vda-v13-3.10.0.patch +- The patch postfix-db6.diff is not more neccessary + +- Backwards-compatibility safety net. + With NEW Postfix installs, you MUST install a main.cf file with + the setting "compatibility_level = 2". See conf/main.cf for an + example. + + With UPGRADES of existing Postfix systems, you MUST NOT change the + main.cf compatibility_level setting, nor add this setting if it + does not exist. + + Several Postfix default settings have changed with Postfix 3.0. To + avoid massive frustration with existing Postfix installations, + Postfix 3.0 comes with a safety net that forces Postfix to keep + running with backwards-compatible main.cf and master.cf default + settings. This safety net depends on the main.cf compatibility_level + setting (default: 0). Details are in COMPATIBILITY_README. + +- Major changes - tls +* [Feature 20160207] A new "postfix tls" command to quickly enable + opportunistic TLS in the Postfix SMTP client or server, and to + manage SMTP server keys and certificates, including certificate + signing requests and TLSA DNS records for DANE. +* As of the middle of 2015, all supported Postfix releases no longer + nable "export" grade ciphers for opportunistic TLS, and no longer + use the deprecated SSLv2 and SSLv3 protocols for mandatory or + opportunistic TLS. +* [Incompat 20150719] The default Diffie-Hellman non-export prime was + updated from 1024 to 2048 bits, because SMTP clients are starting + to reject TLS handshakes with primes smaller than 2048 bits. +* [Feature 20160103] The Postfix SMTP client by default enables DANE + policies when an MX host has a (DNSSEC) secure TLSA DNS record, + even if the MX DNS record was obtained with insecure lookups. The + existence of a secure TLSA record implies that the host wants to + talk TLS and not plaintext. For details see the + smtp_tls_dane_insecure_mx_policy configuration parameter. + +- Major changes - default settings + [Incompat 20141009] The default settings have changed for relay_domains + (new: empty, old: $mydestination) and mynetworks_style (new: host, + old: subnet). However the backwards-compatibility safety net will + prevent these changes from taking effect, giving the system + administrator the option to make an old default setting permanent + in main.cf or to adopt the new default setting, before turning off + backwards compatibility. See COMPATIBILITY_README for details. + + [Incompat 20141001] A new backwards-compatibility safety net forces + Postfix to run with backwards-compatible main.cf and master.cf + default settings after an upgrade to a newer but incompatible Postfix + version. See COMPATIBILITY_README for details. + + While the backwards-compatible default settings are in effect, + Postfix logs what services or what email would be affected by the + incompatible change. Based on this the administrator can make some + backwards-compatibility settings permanent in main.cf or master.cf, + before turning off backwards compatibility. + +- Major changes - address verification safety + [Feature 20151227] The new address_verify_pending_request_limit + parameter introduces a safety limit for the number of address + verification probes in the active queue. The default limit is 1/4 + of the active queue maximum size. The queue manager enforces the + limit by tempfailing probe messages that exceed the limit. This + design avoids dependencies on global counters that get out of sync + after a process or system crash. + + Tempfailing verify requests is not as bad as one might think. The + Postfix verify cache proactively updates active addresses weeks + before they expire. The address_verify_pending_request_limit affects + only unknown addresses, and inactive addresses that have expired + from the address verify cache (by default, after 31 days). + +- Major changes - json support + [Feature 20151129] Machine-readable, JSON-formatted queue listing + with "postqueue -j" (no "mailq" equivalent). The output is a stream + of JSON objects, one per queue file. To simplify parsing, each + JSON object is formatted as one text line followed by one newline + character. See the postqueue(1) manpage for a detailed description + of the output format. + +- Major changes - milter support + [Feature 20150523] The milter_macro_defaults feature provides an + optional list of macro name=value pairs. These specify default + values for Milter macros when no value is available from the SMTP + session context. + + For example, with "milter_macro_defaults = auth_type=TLS", the + Postfix SMTP server will send an auth_type of "TLS" to a Milter, + unless the remote client authenticates with SASL. + + This feature was originally implemented for a submission service + that may authenticate clients with a TLS certificate, without having + to make changes to the code that implements TLS support. + +- Major changes - output rate control + + [Feature 20150710] Destination-independent delivery rate delay + + Support to enforce a destination-independent delay between email + deliveries. The following example inserts 20 seconds of delay + between all deliveries with the SMTP transport, limiting the delivery + rate to at most three messages per minute. + + /etc/postfix/main.cf: + smtp_transport_rate_delay = 20s + + For details, see the description of default_transport_rate_delay + and transport_transport_rate_delay in the postconf(5) manpage. + +- Major changes - postscreen dnsbl + [Feature 20150710] postscreen support for the TTL of DNSBL and DNSWL + lookup results + + Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes + that a "not found" result from a DNSBL server will be valid for one + hour. This may have been adequate five years ago when postscreen + was first implemented, but nowadays, that one hour can result in + missed opportunities to block new spambots. + + To address this, postscreen now respects the TTL of DNSBL "not + found" replies, as well as the TTL of DNSWL replies (both "found" + and "not found"). The TTL for a "not found" reply is determined + according to RFC 2308 (the TTL of an SOA record in the reply). + + Support for DNSBL or DNSWL reply TTL values is controlled by two + configuration parameters: + + postscreen_dnsbl_min_ttl (default: 60 seconds). + + This parameter specifies a minimum for the amount of time that + a DNSBL or DNSWL result will be cached in the postscreen_cache_map. + This prevents an excessive number of postscreen cache updates + when a DNSBL or DNSWL server specifies a very small reply TTL. + + postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour) + + This parameter specifies a maximum for the amount of time that + a DNSBL or DNSWL result will be cached in the postscreen_cache_map. + This prevents cache pollution when a DNSBL or DNSWL server + specifies a very large reply TTL. + + The postscreen_dnsbl_ttl parameter is now obsolete, and has become + the default value for the new postscreen_dnsbl_max_ttl parameter. + +- Major changes - sasl auth safety + [Feature 20151031] New "smtpd_client_auth_rate_limit" feature, to + enforce an optional rate limit on AUTH commands per SMTP client IP + address. Similar to other smtpd_client_*_rate_limit features, this + enforces a limit on the number of requests per $anvil_rate_time_unit. + +- Major changes - smtpd policy + [Feature 20150913] New SMTPD policy service attribute "policy_context", + with a corresponding "smtpd_policy_service_policy_context" configuration + parameter. Originally, this was implemented to share the same SMTPD + policy service endpoint among multiple check_policy_service clients. + +------------------------------------------------------------------- +Wed Dec 9 14:05:22 UTC 2015 - varkoly@suse.com + +- bnc#958329 postfix fails to start when openslp is not installed + +------------------------------------------------------------------- +Mon Oct 12 20:49:27 UTC 2015 - michael@stroeder.com + +- upstream update postfix 2.11.7: + * The Postfix Milter client aborted with a panic while adding a + message header, after adding a short message header with the + header_checks PREPEND action. Fixed by invoking the header + output function while PREPENDing a message header. + * False alarms while scanning the Postfix queue. Fixed by resetting + errno before calling readdir(). This defect was introduced + 19970309. + * The postmulti command produced an incorrect error message. + * The postmulti command now refuses to create a new MTA instance + when the template main.cf or master.cf file are missing. This + is a common problem on Debian-like systems. + * Turning on Postfix SMTP server HAProxy support broke TLS + wrappermode. Fixed by temporarily using a 1-byte VSTREAM buffer + to read the HAProxy connection hand-off information. + * The xtext_unquote() function did not propagate error reports + from xtext_unquote_append(), causing the decoder to return + partial output, instead of rejecting malformed input. The Postfix + SMTP server uses this function to parse input for the ENVID and + ORCPT parameters, and for XFORWARD and XCLIENT command parameters. + +------------------------------------------------------------------- +Wed Aug 12 10:51:51 UTC 2015 - jkeil@suse.de + +- boo#934060: Remove quirky hostname logic from config.postfix + * /etc/hostname doesn't contain anything useful + * linux.local is no good either + * postfix will use `hostname`.localdomain as fallback + +------------------------------------------------------------------- +Tue Aug 4 09:09:04 UTC 2015 - meissner@suse.com + +- postfix-no-md5.patch: replace fingerprint defaults by sha1. bsc#928885 + +------------------------------------------------------------------- +Tue Aug 4 09:07:25 UTC 2015 - meissner@suse.com + +- %verifyscript is a new section, move it out of the %ifdef + so the fillups are run afterwards. + +------------------------------------------------------------------- +Wed Jul 22 16:44:44 UTC 2015 - michael@stroeder.com + +- upstream update postfix 2.11.6: + Default settings have been updated so that they no longer enable + export-grade ciphers, and no longer enable the SSLv2 and SSLv3 + protocols. +- removed postfix-2.11.5_linux4.patch because it's obsolete +- Bugfix (introduced: Postfix 2.11): with connection caching + enabled (the default), recipients could be given to the wrong + mail server. (bsc#944722) + +------------------------------------------------------------------- +Mon Jun 1 22:25:51 UTC 2015 - crrodriguez@opensuse.org + +- postfix-SuSE.tar.gz/postfix.service: None of + nss-lookup.target network.target local-fs.target time-sync.target + should be Wanted or Required except by the services + the implement the relevant functionality i.e network.target + is wanted/required by networkmanager, wicked, + systemd-network. other software must be ordered After them, + see systemd.special(7) + +------------------------------------------------------------------- +Sun May 17 18:41:52 UTC 2015 - mpluskal@suse.com + +- Fix library symlink generation (boo#928662) + +------------------------------------------------------------------- +Tue Apr 21 09:55:44 UTC 2015 - mrueckert@suse.de + +- added postfix-2.11.5_linux4.patch: + Allow building on kernel 4. Patch taken from: + https://groups.google.com/forum/#!topic/mailing.postfix.users/fufS22sMGWY + +------------------------------------------------------------------- +Sun Apr 19 23:03:25 UTC 2015 - mrueckert@suse.de + +- update to postfix 2.11.5 + - Bugfix (introduced: Postfix 2.6): + sender_dependent_relayhost_maps ignored the relayhost setting + in the case of a DUNNO lookup result. It would use the + recipient domain instead. Viktor Dukhovni. Wietse took the + pieces of code that enforce the precedence of a + sender-dependent relayhost, the global relayhost, and the + recipient domain, and put that code together in once place so + that it is easier to maintain. File: + trivial-rewrite/resolve.c. + - Bitrot: prepare for future changes in OpenSSL API. Viktor + Dukhovni. File: tls_dane.c. + - Incompatibility: specifying "make makefiles" with "CC=command" + will no longer override the default WARN setting. + +------------------------------------------------------------------- +Mon Feb 9 18:01:38 UTC 2015 - michael@stroeder.com + +- upstream update postfix 2.11.4: + +Postfix 2.11.4 only: + +* Fix a core dump when smtp_policy_maps specifies an invalid TLS + level. + +* Fix a missing " in \%s\", in postconf(1) fatal error messages, + which violated the C language spec. Reported by Iain Hibbert. + +All supported releases: + +* Stop excessive recursion in the cleanup server while recovering + from a virtual alias expansion loop. Problem found at Two Sigma. + +* Stop exponential memory allocation with virtual alias expansion + loops. This came to light after fixing the previous problem. + +------------------------------------------------------------------- +Sun Feb 8 13:08:36 UTC 2015 - varkoly@suse.com + +- correct pf_daemon_directory in spec. This must be /usr/lib/ + +------------------------------------------------------------------- +Thu Jan 22 09:36:09 UTC 2015 - varkoly@suse.com + +- bnc#914086 syntax error in config.postfix +- Adapt config.postfix to be able to run on SLE11 too. + +------------------------------------------------------------------- +Mon Jan 19 22:15:30 UTC 2015 - mpluskal@suse.com + +- Don't install sysvinit script when systemd is used +- Make explicit PreReq dependencies conditional only for older + systems +- Don't try to set explicit attributes to symlinks +- Cleanup spec file vith spec-cleaner + +------------------------------------------------------------------- +Tue Jan 13 07:04:52 UTC 2015 - varkoly@suse.com + +- bnc#912594 config.postfix creates config based on old options + +------------------------------------------------------------------- +Tue Jan 6 14:26:51 UTC 2015 - varkoly@suse.com + +- bnc#911806 config.postfix does not set up correct saslauthd socket directory for chroot +- bnc#910265 config.postfix does not upgrade the chroot +- bnc#908003 wrong access rights on /usr/sbin/postdrop causes + permission denied when trying to send a mail as non root user +- bnc#729154 wrong permissions for some postfix components + +------------------------------------------------------------------- +Fri Nov 21 14:49:19 UTC 2014 - tchvatal@suse.com + +- Remove keyring and things as it is md5 based one no longer + accepted by gpg 2.1 + +------------------------------------------------------------------- +Fri Nov 14 09:19:00 UTC 2014 - dimstar@opensuse.org + +- No longer perform gpg validation; osc source_validator does it + implicit: + + Drop gpg-offline BuildRequires. + + No longer execute gpg_verify. + +------------------------------------------------------------------- +Mon Oct 27 18:22:02 UTC 2014 - dmueller@suse.com + +- restore previously lost fix: + Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de + - Ignore errors in %pre/%post. + +------------------------------------------------------------------- +Mon Oct 20 07:52:39 UTC 2014 - michael@stroeder.com + +- postfix 2.11.3: + + * Fix for configurations that prepend message headers with Postfix + access maps, policy servers or Milter applications. Postfix now + hides its own Received: header from Milters and exposes prepended + headers to Milters, regardless of the mechanism used to prepend + a header. This fix reverts a partial solution that was released + on October 13, 2014, and replaces it with a complete solution. + * Portability fix for MacOS X 10.7.x (Darwin 11.x) build procedure. + +- postfix 2.11.2: + + * Fix for DMARC implementations based on SPF policy plus DKIM + Milter. The PREPEND access/policy action added headers ABOVE + Postfix's own Received: header, exposing Postfix's own Received: + header to Milters (protocol violation) and hiding the PREPENDed + header from Milters. PREPENDed headers are now added BELOW + Postfix's own Received: header and remain visible to Milters. + * The Postfix SMTP server logged an incorrect client name in + reject messages for check_reverse_client_hostname_access and + check_reverse_client_hostname_{mx,ns}_access. They replied with + the verified client name, instead of the name that was rejected. + * The qmqpd daemon crashed with null pointer bug when logging a + lost connection while not in a mail transaction. + +------------------------------------------------------------------- +Sun Sep 14 16:50:57 UTC 2014 - andreas.stieger@gmx.de + +- switch from md5 based signature to one using the SHA-512 digest + algorithm supplied by maintainer on ML to pass source_validator + +------------------------------------------------------------------- +Sat Sep 13 21:44:41 UTC 2014 - andreas.stieger@gmx.de + +- postfix 2.11.1: + * With connection caching enabled (the default), recipients could + be given to the wrong mail server. + * Enforce TLS when TLSA records exist, but all are unusable. + * Don't leak memory when TLSA records exist, but all are unusable. + * Prepend "-I. -I../../include" to the compiler command-line + options, to avoid name clashes with non-Postfix header files. + * documentation fixes + * logging fixes + +------------------------------------------------------------------- +Fri Aug 29 15:40:00 UTC 2014 - rusjako@rus.uni-stuttgart.de + +- fix dynamic_maps patch to enable memcache support, which does not + need any libraries + +------------------------------------------------------------------- +Thu Jul 31 12:44:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Fri Jun 27 23:16:21 UTC 2014 - chris@computersalat.de + +- fix typo in postfix-SuSE/update_chroot.systemd +- fix config.postfix + * 'insserv amavis' -> 'chkconfig amavis on' +- rework main.cf patch + * fix virtual stuff + * add some dovecot stuff +- rework master.cf patch + * add some dovecot stuff + +------------------------------------------------------------------- +Mon Jun 23 21:41:23 UTC 2014 - jamesp@vicidial.com + +- The included postfix-mysql.tar.bz2 was using a MySQL 4.1 style of + table engine specification. Modified so that the sql uses + 'ENGINE=' instead of 'TYPE=' for creating tables. + +------------------------------------------------------------------- +Mon Jun 23 15:17:52 UTC 2014 - varkoly@suse.com + +- bnc#816769 - config.postfix issues warnings about missing master.cf + +------------------------------------------------------------------- +Tue Jun 10 13:34:03 UTC 2014 - varkoly@suse.com + +- bnc#882033 - Package postfix has changed files according to rpm +- bnc#855688 - possible systemd bug: postfix & cifs dependency confict + +------------------------------------------------------------------- +Mon Jun 9 12:17:35 UTC 2014 - varkoly@suse.com + +- bnc#863350 - SuSEconfig.postfix complains about modified /etc/postfix/main.cf after updating postfix + +------------------------------------------------------------------- +Mon May 26 17:21:54 UTC 2014 - chris@computersalat.de + +- replace vda patch: + * add postfix-vda-v13-2.10.0.patch + * remove postfix-vda-v11-2.9.6.patch +- rebase patches +- config.postfix + * add master.cf support for submission (587) + * rework master.cf support for smtps + +------------------------------------------------------------------- +Wed Feb 12 15:10:27 UTC 2014 - varkoly@suse.com + +- bnc#862662 - Unable to configure postfix SMTP with forced TLS using YaST2 + +- Update to 2.11.0 + * TLS + o Support for PKI-less TLS server certificate verification, where + the CA public key or the server certificate is identified via DNSSEC lookup + * LMDB database support + * master + o The master_service_disable parameter value syntax has changed: + use "service/type" instead of "service.type". + * postconf: + o Support for advanced master.cf query and update operations. + This was implemented primarily to support automated system management tools. + o The postconf command produces more warnings + * relay safety + New smtpd_relay_restrictions parameter built-in default settings: + smtpd_relay_restrictions = + permit_mynetworks + permit_sasl_authenticated + defer_unauth_destination + * postscreen whitelisting + Allow a remote SMTP client to skip postscreen(8) tests based on + its postscreen_dnsbl_sites score. + +------------------------------------------------------------------- +Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de + +- Ignore errors in %pre/%post. + +------------------------------------------------------------------- +Thu Oct 3 02:47:54 UTC 2013 - crrodriguez@opensuse.org + +- two improvements for 13.1 and factory +* postfix-opensslconfig.patch call openSSL_config + so postfix respects the system's openssl configuration +* postfix-SuSE/postfix.service since a few months there + is no mail-transfer-agent.target, units must be ordered + after a list of smtpd implementations instead. + +------------------------------------------------------------------- +Fri Sep 20 04:48:08 UTC 2013 - varkoly@suse.com + +- Proc is not needed in chroot anymore + +------------------------------------------------------------------- +Tue Jul 30 14:34:01 UTC 2013 - schwab@suse.de + +- postfix-main.cf.patch: remove duplicate entry for inet_protocols + +------------------------------------------------------------------- +Mon Jun 17 10:50:08 UTC 2013 - chris@computersalat.de + +- fix for warning + * unused parameter: virtual_create_maildirsize=yes + * unused parameter: virtual_mailbox_extended=yes + * rework main.cf.patch +- fix rcpostfix for sysvinit systems + * /etc/postfix/system/update_postmaps: No such file or directory +- rebase patches + * vda-v11-2.9.5 -> vda-v11-2.9.6 +- fix file postfix-SuSE.tar.gz + * made a tar.gz + +------------------------------------------------------------------- +Sun Jun 16 02:12:07 UTC 2013 - jengelh@inai.de + +- postfix.spec forces the use of SSL and SASL libraries, + so make sure the BuildRequires are there + +------------------------------------------------------------------- +Fri Jun 14 01:33:52 UTC 2013 - jengelh@inai.de + +- Add postfix-db6.diff to fix compile abort with libdb-6.0 + +------------------------------------------------------------------- +Mon Apr 22 11:51:37 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/SourceUrls +- Add GPG verification + +------------------------------------------------------------------- +Sat Apr 20 05:46:00 UTC 2013 - crrodriguez@opensuse.org + +- postfix-SuSE/postfix.service do not Require or + order after syslog.target as it no longer exists + postfix will fail to start in the next systemd version. + +------------------------------------------------------------------- +Sat Feb 23 09:33:08 UTC 2013 - rmilasan@suse.com + +- Install postfix.service accordingly (/usr/lib/systemd for 12.3 + and up or /lib/systemd for older versions). + +------------------------------------------------------------------- +Wed Feb 6 19:56:57 UTC 2013 - varkoly@suse.com + +- update to 2,9.6 + Bugfix: the local(8) delivery agent dereferenced a null pointer + while delivering to null command (for example, "|" in a .forward file). + Bugfix: memory leak in program initialization. tls/tls_misc.c. + Bugfix: he undocumented OpenSSL X509_pubkey_digest() function is + unsuitable for computing certificate PUBLIC KEY fingerprints. + Postfix now provides a correct procedure that accounts for + the algorithm and parameters in addition to the key data. Specify + "tls_legacy_public_key_fingerprints = yes" if you need backwards compatibility. + +------------------------------------------------------------------- +Thu Jan 17 22:01:16 UTC 2013 - varkoly@suse.com + +- bnc#796162 - script to assign path elements not working in postfix install Build-0284(iso) + +------------------------------------------------------------------- +Thu Jan 10 18:23:56 UTC 2013 - chris@computersalat.de + +- rebase patches + * vda-v10-2.8.12 -> vda-v11-2.9.5 (and to be a p0) + * main, master, post-instal, ssl-release-buffers (remove version) + * dynamic_maps, dynamic_maps_pie, pointer_to_literals + +------------------------------------------------------------------- +Thu Jan 10 14:45:59 UTC 2013 - varkoly@suse.com + +- update to 2,9.5 + * tls support: + Support to turn off the TLSv1.1 and TLSv1.2 protocols: + To temporarily turn off problematic protocols globally: + /etc/postfix/main.cf: + smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 + smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 + However, it may be better to temporarily turn off problematic + protocols for broken sites only: + /etc/postfix/main.cf: + smtp_tls_policy_maps = hash:/etc/postfix/tls_policy + /etc/postfix/tls_policy: + example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2 + * 20111012 To simplify integration with third-party + applications, the Postfix sendmail command now always transforms + all input lines ending in into UNIX format (lines ending + in ). Specify "sendmail_fix_line_endings = strict" to restore + historical Postfix behavior (i.e. convert all input lines ending + in only if the first line ends in ). + * 20120114 Logfile-based alerting systems may need to be + updated to look for "error" messages in addition to "fatal" messages. + Specify "daemon_table_open_error_is_fatal = yes" to get the historical + behavior (immediate termination with "fatal" message). + * enable_long_queue_ids Postfix 2.9 introduces support for non-repeating queue IDs (also + used as queue file names). These names are encoded in a mix of upper + case, lower case and decimal digit characters. Long queue IDs are + disabled by default to avoid breaking tools that parse logfiles and + that expect queue IDs with the smaller [A-F0-9] character set. + * 20111209 memcache lookup and update support. This provides + a way to share postscreen(8) or verify(8) caches between Postfix + instances. See MEMCACHE_README and memcache_table(5) for details + and limitations. + * 20111218 To support external SASL authentication, e.g., + in an NGINX proxy daemon, the Postfix SMTP server now always checks + the smtpd_sender_login_maps table, even without having + "smtpd_sasl_auth_enable = yes" in main.cf. + * ipv6 + o The default inet_protocols value is now "all" instead of "ipv4", + meaning use both IPv4 and IPv6. + o The default smtp_address_preference value is now "any" instead + of "ipv6", meaning choose randomly between IPv6 and IPv4. With + this the Postfix SMTP client will have more success delivering + mail to sites that have problematic IPv6 configurations. + +------------------------------------------------------------------- +Sat Dec 15 16:33:24 UTC 2012 - chris@computersalat.de + +- update to 2.8.13 + * 20121029 + Workaround: strip datalink suffix from IPv6 addresses + returned by the system getaddrinfo() routine. Such suffixes + mess up the default mynetworks value, host name/address + verification and possibly more. This change obsoletes the + 20101108 change that removes datalink suffixes in the SMTP + and QMQP servers, but we leave that code alone. File: + util/myaddrinfo.c. + * 20121013 + Cleanup: to compute the LDAP connection cache lookup key, + join the numeric fields with null, just like string fields. + Viktor Dukhovni. File: global/dict_ldap.c. + * 20121010 + Bugfix (introduced: Postfix 2.5): memory leak in program + initialization. Reported by Coverity. File: tls/tls_misc.c. + Bugfix (introduced: Postfix 2.3): memory leak in the unused + oqmgr program. Reported by Coverity. File: oqmgr/qmgr_message.c. + * 20121003 + Bugfix: the postscreen_access_list feature was case-sensitive + in the first character of permit, reject, etc. Reported by + Feancis Picabia. File: global/server_acl.c. +- rebase dynamic_maps_pie patch +- rpmlint + * invalid-suse-version-check 1140 + * obsolete-suse-version-check 920 (changes file) + +------------------------------------------------------------------- +Fri Dec 14 06:03:42 UTC 2012 - varkoly@suse.com + +- bnc#790141 - Command SuSEconfig.postfix reports ERROR - + "can not find /lib/YaST/SuSEconfig.functions!!" + +------------------------------------------------------------------- +Thu Nov 8 11:33:33 UTC 2012 - varkoly@suse.com + +- bnc#782048 - postfix uses /sbin/conf.d +- bnc#784659 - remove SuSEconfig calls from yast2-mail + +------------------------------------------------------------------- +Fri Aug 10 18:56:59 UTC 2012 - chris@computersalat.de + +- update to 2.8.12 + * 20120730 + Bugfix (introduced: 20000314): AUTH is not allowed after + MAIL. Timo Sirainen. File: smtpd/smtpd_sasl_proto.c. + * 20120702 + Bugfix (introduced: 19990127): the BIFF client leaked an + unprivileged UDP socket. Fix by Jaroslav Skarvada. File: + local/biff_notify.c. + * 20120621 + Bugfix (introduced: Postfix 2.8): the unused "pass" trigger + client could close the wrong file descriptors. File: + util/unix_pass_trigger.c. +- fix for bnc#771303 + * add 'version = 3' to ldap_aliases.cf +- rebase patches + * main, master, post-install: 2.8.3 -> 2.8.12 + * ssl-release-buffers: 2.8.5 -> 2.8.12 + * vda-v10: 2.8.9 -> 2.8.12 + * dynamic_maps, dynamic_maps_pie, ipv6_disabled, pointer_to_literals +- fix changes file + +------------------------------------------------------------------- +Thu Jul 19 06:52:18 UTC 2012 - varkoly@suse.com + +- bnc#771811 - postfix update does not regenerate the maps + +------------------------------------------------------------------- +Mon Jun 11 09:51:22 UTC 2012 - varkoly@suse.com + +- update to 2.8.11 + * 20120520 + - Bugfix (introduced Postfix 2.4): the event_drain() function + was comparing bitmasks incorrectly causing the program to + always wait for the full time limit. This error affected + the unused postkick command, but only after s/fifo/unix/ + in master.cf. File: util/events.c. + - Cleanup: laptop users have always been able to avoid + unnecessary disk spin-up by doing s/fifo/unix/ in master.cf + (this is currently not supported on Solaris systems). + However, to make this work reliably, the "postqueue -f" + command must wait until its requests have reached the pickup + and qmgr servers before closing the UNIX-domain request + sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in. + +------------------------------------------------------------------- +Wed May 9 10:07:10 UTC 2012 - varkoly@suse.com + +- bnc#753910 - {name} instead of %{name} in postfix .spec +- bnc#756452 - VUL-1: postfix: VRFY allows enumerating users + +------------------------------------------------------------------- +Thu May 3 16:47:11 UTC 2012 - chris@computersalat.de + +- update to 2.8.10 + * 20120401 + Bitrot: shut up useless warnings about Cyrus SASL call-back + function pointer type mis-matches. Files: xsasl/xsasl_cyrus.h, + xsasl/xsasl_cyrus_server.c, xsasl/xsasl_client.c. + * 20120422 + Bit-rot: OpenSSL 1.0.1 introduces new protocols. Update the + known TLS protocol list so that protocols can be turned off + selectively to work around implementation bugs. Based on + a patch by Victor Duchovni. Files: proto/TLS_README.html, + proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c, + tls/tls_server.c. +- update to 2.8.9 + * 20120217 + Cleanup: missing #include statement for bugfix code added + 20111226. File: local/unknown.c. + * 20120214 + Bugfix (introduced: Postfix 2.4): extraneous null assignment + caused core dump when postlog emitted the "usage" message. + Reported by Kant (fnord.hammer). File: postlog/postlog.c. + * 20120202 + Bugfix (introduced: Postfix 2.3): the "change header" milter + request could replace the wrong header. A long header name + could match a shorter one, because a length check was done + on the wrong string. Reported by Vladimir Vassiliev. File: + cleanup/cleanup_milter.c. +- use latest VDA patch (2.8.9) + +------------------------------------------------------------------- +Thu Apr 12 08:15:06 UTC 2012 - varkoly@suse.com + +- bnc#756450 - postfix: remove version from banner + +------------------------------------------------------------------- +Mon Apr 9 16:13:28 UTC 2012 - bruno@ioda-net.ch + +- add port 587 smtp-auth submission to postfix-fw bnc#756289 + +------------------------------------------------------------------- +Mon Apr 2 22:09:00 CEST 2012 - dmueller@suse.de + +- set exit code explicitely in cond_slp, systemd checks for it + +------------------------------------------------------------------- +Tue Mar 13 13:35:13 UTC 2012 - varkoly@suse.com + +- Documentation for bnc#751994 - SuSEconfig module postfix does not exist + +------------------------------------------------------------------- +Wed Mar 7 06:31:05 UTC 2012 - varkoly@suse.com + +- rcpostfix now updates the aliases too + +------------------------------------------------------------------- +Mon Feb 27 16:35:56 UTC 2012 - chris@computersalat.de + +- update to 2.8.8 + Bugfixes: + tlsproxy(8) stored TLS sessions with a serverID of + "tlsproxy" instead of "smtpd", wasting an opportunity for + session reuse. File: tlsproxy/tlsproxy.c. + missing lookup table entry and terminator, causing + proxymap server segfault when postscreen(8) or verify(8) + attempted to access their cache via the proxymap server. + This could never have worked anyway, because the Postfix + 2.8 proxymap protocol does not support cache cleanup. File + util/dict.c. + the Postfix client sqlite + quoting routine returned the unquoted result instead of the + quoted text. The opportunities for misuse are limited, + because Postfix sqlite files are usually owned by root, and + Postfix daemons usually run with non-root privileges so + they can't corrupt the database. Problem reported by Rob + McGee (rob0). File: global/dict_sqlite.c. + the trace service did not + distinguish between notifications for a non-bounce or a + bounce message. This code pre-dates DSN support and should + have been updated when it was re-purposed to handle DSN + SUCCESS notifications. Problem reported by Sabahattin + Gucukoglu. File: bounce/bounce_trace_service.c. +- use latest VDA patch (2.8.5) + +------------------------------------------------------------------- +Wed Jan 25 15:12:38 UTC 2012 - varkoly@suse.com + +- bnc#743369 - yast2 mail module does not open the firewall +- Set MD5DIR in SuSEconfig.postfix to avoid warnings + +------------------------------------------------------------------- +Tue Jan 17 11:14:30 UTC 2012 - varkoly@suse.com + +- bnc738693 - upgrade from 11.4 enables mysql service for systemd + +------------------------------------------------------------------- +Thu Jan 12 12:18:17 UTC 2012 - varkoly@suse.com + +- Add postmap rebuild script to systemv init script too + +------------------------------------------------------------------- +Wed Jan 11 14:21:21 UTC 2012 - varkoly@suse.com + +- bnc#738900 - cyrus-imapd not receiving mail from postfix + +------------------------------------------------------------------- +Tue Dec 13 14:50:45 UTC 2011 - varkoly@suse.com + +- Move the post map rebuild script into the start script + +------------------------------------------------------------------- +Tue Dec 6 11:04:12 UTC 2011 - varkoly@suse.com + +- Fix the last change in %post + +------------------------------------------------------------------- +Fri Dec 2 06:44:28 UTC 2011 - varkoly@suse.com + +- bnc#728308 - warning output after update the postfix package + +------------------------------------------------------------------- +Wed Nov 9 20:05:38 UTC 2011 - varkoly@suse.com + +- update to 2.8.7 + Bugfixes: + smtpd(8) did not sanitize newline characters in cleanup(8) + REJECT messages, causing them to be sent out via SMTP as bare newline characters. + smtpd(8) sent multi-line responses from a before-queue content filter as text with + bare instead of . + Workaround: postscreen sent non-compliant SMTP responses (220- followed by 421) + when it could not give a connection to a real smtpd process, causing some + remote SMTP clients to bounce mail. + +------------------------------------------------------------------- +Thu Nov 3 15:56:23 UTC 2011 - varkoly@suse.com + +- Use the systemd macros in the spec file + +------------------------------------------------------------------- +Fri Oct 14 16:43:02 CEST 2011 - mhrusecky@suse.cz + +- only fix files that exists in %post + +------------------------------------------------------------------- +Sun Oct 9 04:30:54 UTC 2011 - crrodriguez@opensuse.org + + - Use SSL_MODE_RELEASE_BUFFERS if available, see + SSL_CTX_set_mode man page and + http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html + for the full details. + +------------------------------------------------------------------- +Tue Sep 6 14:49:47 UTC 2011 - chris@computersalat.de + +- update to 2.8.5 + * Bugfix: allow for Milters that send an SMTP server reply + without RFC 3463 enhanced status code. Reported by Vladimir + Vassiliev. File: milter/milter8.c. + +------------------------------------------------------------------- +Mon Aug 22 09:31:02 UTC 2011 - varkoly@novell.com + +- bnc#684304 - server:mail/postfix: Bugs in SuSEconfig chroot setup script +- Aplly SASL_SOCKET_DIR patch + +------------------------------------------------------------------- +Thu Aug 18 09:32:04 UTC 2011 - varkoly@novell.com + +- Move SuSEconfig.postfix into /usr/sbin/ + (FATE#311272: Do not rewrite postfix.cf via SuSEconfig) + SuSEconfig.postfix will be executed only once after installation + automaticaly. Afterwards only you can start it manually or via + yast2 mail module. + +------------------------------------------------------------------- +Fri Aug 12 16:40:40 UTC 2011 - werner@suse.de + +- Just the first strep forward to systemd, please test out + /etc/postfix/system/update_chroot + /etc/postfix/system/wait_qmgr + /etc/postfix/system/cond_slp + and + /lib/systemd/system/postfix.service + and also fill out the missing description. + +------------------------------------------------------------------- +Tue Aug 9 11:03:55 UTC 2011 - chris@computersalat.de + +- rework SuSE patch + * add missing SASL stuff in rc.postfix + +------------------------------------------------------------------- +Mon Jul 25 09:08:14 UTC 2011 - chris@computersalat.de + +- when chrooted and using SASL + o mount -o bind SASL_SOCKET_DIR into postfix CHROOT + +------------------------------------------------------------------- +Mon Jul 11 17:22:19 UTC 2011 - chris@computersalat.de + +- update to 2.8.4 + o Linux kernel version 3 support. + for more info see ChangeLog + +------------------------------------------------------------------- +Wed Jul 6 13:11:07 UTC 2011 - varkoly@novell.com + +- bnc#686436 - postfix bounces messages with improper use of 8-bit data in message body +- Apply patch + +------------------------------------------------------------------- +Fri Jul 1 12:35:59 UTC 2011 - chris@computersalat.de + +- rework master.cf patch + o fix receive_override_options line +- rework SuSE patch + o sysconfig: remove POSTFIX_WITH_POP_BEFORE_SMTP + o SuSEconfig: fix receive_override_options line + +------------------------------------------------------------------- +Thu Jun 30 20:15:40 UTC 2011 - chris@computersalat.de + +- replace vda patch + o 2.8.1 -> 2.8.3 +- fix files doc + o remove 'doc auxiliary' + instead cp to pf_docdir + +------------------------------------------------------------------- +Sat May 28 04:22:22 UTC 2011 - varkoly@novell.com + +- fix spec for building on all repos + +------------------------------------------------------------------- +Tue May 24 10:24:51 UTC 2011 - varkoly@novell.com + +- bnc#679187 - suseconfig/postfix: missing dependency + +------------------------------------------------------------------- +Tue May 17 22:31:46 UTC 2011 - chris@computersalat.de + +- fix master.cf + o fix missing + - amavis unix - - n - 4 smtp + - localhost:10025 inet n - n - - smtpd + o add master.cf patch +- rework patches + o main.cf (add two missing sasl vars) + o postfix-SuSE (SuSEconfig, cleanup those vars,...) + +------------------------------------------------------------------- +Sun May 15 14:16:03 UTC 2011 - chris@computersalat.de + +- rework TLS stuff + o reworked main.cf patch + o added postfix-SuSE patch + o added post-install patch + Editing /etc/postfix/master.cf, adding missing entry for tlsmgr service + add only if it really does not exist +- removed Author from description +- updated vda patch + o vda-2.7.1 > vda-v10-2.8.1 +- fix build for SLE_10 + o no fdupes ;) + +------------------------------------------------------------------- +Wed May 11 08:23:56 UTC 2011 - varkoly@novell.com + +- remove document paths from postfix-files to avoid error messages + when postfix-doc is not installed + +------------------------------------------------------------------- +Tue May 10 09:20:23 UTC 2011 - varkoly@novell.com + +- update to 2.8.3 - VUL-0: postfix memory corruption + +------------------------------------------------------------------- +Sun Apr 10 07:00:18 UTC 2011 - varkoly@novell.com + +- bnc#641271 - postfix-2.7.1: init script cannot properly stop + multi-instance configurations + +------------------------------------------------------------------- +Wed Mar 30 21:21:16 UTC 2011 - varkoly@novell.com + +- update to 2.8.2 + * DNSBL/DNSWL: + o Support for address patterns in DNS blacklist and whitelist lookup results. + o The Postfix SMTP server now supports DNS-based whitelisting with several safety features + * Support for read-only sqlite database access. + * Alias expansion: + o Postfix now reports a temporary delivery error when the result + of virtual alias expansion would exceed the virtual_alias_recursion_limit + or virtual_alias_expansion_limit. + o To avoid repeated delivery to mailing lists with pathological + nested alias configurations, the local(8) delivery agent now keeps + the owner-alias attribute of a parent alias, when delivering mail + to a child alias that does not have its own owner alias. + * The Postfix SMTP client no longer appends the local domain when + looking up a DNS name without ".". + * The SMTP server now supports contact information that is appended + to "reject" responses: smtpd_reject_footer + * Postfix by default no longer adds a "To: undisclosed-recipients:;" + header when no recipient specified in the message header. + * tls support: + o The Postfix SMTP server now always re-computes the SASL mechanism + list after successful completion of the STARTTLS command. + o The smtpd_starttls_timeout default value is now stress-dependent. + o Postfix no longer appends the system-supplied default CA certificates + to the lists specified with *_tls_CAfile or with *_tls_CApath. + * New feature: Prototype postscreen(8) server that runs a number + of time-consuming checks in parallel for all incoming SMTP connections, + before clients are allowed to talk to a real Postfix SMTP server. + It detects clients that start talking too soon, or clients that appear + on DNS blocklists, or clients that hang up without sending any command. + +------------------------------------------------------------------- +Thu Feb 10 11:43:28 UTC 2011 - varkoly@novell.com + +- bnc#667299 - Postfix LICENSE not marked as documentation + +------------------------------------------------------------------- +Mon Jan 17 09:56:32 UTC 2011 - chris@computersalat.de + +- add some min LDAP support for virtual LDAP-users + o sysconfig "WITH_LDAP" + o add ldap_aliases.cf + o SuSEconfig.postfix + virtual_alias_maps = ... ldap:/etc/postfix/ldap_aliases.cf + +------------------------------------------------------------------- +Tue Jan 4 12:14:06 UTC 2011 - chris@computersalat.de + +- update to 2.7.2 + * Bugfix (introduced Postfix 2.2): Postfix no longer appends + the system default CA certificates to the lists specified + with *_tls_CAfile or with *_tls_CApath. This prevents + third-party certificates from getting mail relay permission + with the permit_tls_all_clientcerts feature. Unfortunately + this may cause compatibility problems with configurations + that rely on certificate verification for other purposes. + To get the old behavior, specify "tls_append_default_CA = + yes". Files: tls/tls_certkey.c, tls/tls_misc.c, + global/mail_params.h. proto/postconf.proto, mantools/postlink. + * Compatibility with Postfix < 2.3: fix 20061207 was incomplete + (undoing the change to bounce instead of defer after + pipe-to-command delivery fails with a signal). Fix by Thomas + Arnett. File: global/pipe_command.c. + * Bugfix: the milter_header_checks parser provided only the + actions that change the message flow (reject, filter, + discard, redirect) but disabled the non-flow actions (warn, + replace, prepend, ignore, dunno, ok). File: + cleanup/cleanup_milter.c. + * Performance: fix for poor smtpd_proxy_filter TCP performance + over loopback (127.0.0.1) connections. Problem reported by + Mark Martinec. Files: smtpd/smtpd_proxy.c. + * Cleanup: don't apply reject_rhsbl_helo to non-domain forms + such as network addresses. This would cause false positives + with dbl.spamhaus.org. File: smtpd/smtpd_check.c. + * Bugfix: the "421" reply after Milter error was overruled + by Postfix 1.1 code that replied with "503" for RFC 2821 + compliance. We now make an exception for "final" replies, + as permitted by RFC. Solution by Victor Duchovni. File: + smtpd/smtpd.c. + +------------------------------------------------------------------- +Sat Dec 11 19:50:25 UTC 2010 - chris@computersalat.de + +- update vda patch + o remove 2.6.1-vda-ng.patch + o remove 2.6.1-vda-ng-64bit.patch + o add vda-2.7.1.patch +- rework main.cf.patch + o remove 2.2.9-main.cf.patch + o add 2.7.1-main.cf.patch + +------------------------------------------------------------------- +Tue Dec 7 22:02:56 UTC 2010 - coolo@novell.com + +- prereq init scripts network and syslog + +------------------------------------------------------------------- +Thu Aug 12 18:57:14 UTC 2010 - varkoly@novell.com + +- Remove obsolate postscripts +- bnc#625657 - SuSEconfig.postfix and smtp_use_tls +- bnc#622873 - postfix doesn't start if ipv6 is disabled + +------------------------------------------------------------------- +Tue Jul 6 15:04:30 UTC 2010 - chris@computersalat.de + +- reworked bnc#606251 stuff (not checked in to Factory) + o used my_print_defaults command for parsing of /etc/my.cnf + o using quotation marks: "$PF_CHROOT" + o added sysconfig option POSTFIX_MYSQL_CONN=(socket,tcp) + +------------------------------------------------------------------- +Wed Jun 16 23:39:09 UTC 2010 - chris@computersalat.de + +- bnc#606251 - postfix chrooted mysql.sock lost on mysql restart + o Now MYSQL_SOCK_DIR is mounted with '-o bind' to postfix CHROOT + +------------------------------------------------------------------- +Thu Jun 10 10:55:54 UTC 2010 - varkoly@novell.com + +- update to 2.7.1 + * Bugfix (introduced Postfix 2.6) in the XFORWARD implementation, + which sends remote SMTP client attributes through SMTP-based content filters. + The Postfix SMTP client did not skip "unknown" SMTP client attributes, + causing a syntax error when sending an "unknown" client PORT attribute. + * Robustness: skip LDAP queries with non-ASCII search strings, instead of failing with a database lookup error. + * Safety: Postfix processes now log a warning when a matchlist has + a #comment at the end of a line (for example mynetworks or relay_domains). + * Portability: OpenSSL 1.0.0 changes the priority of anonymous cyphers. + * Portability: Berkeley DB 5.x is now supported. + +------------------------------------------------------------------- +Thu May 20 17:08:26 UTC 2010 - chris@computersalat.de + +- fix obviously lost POSTFIX_MYHOSTNAME in SuSEconfig.postfix + +------------------------------------------------------------------- +Wed Apr 7 12:39:16 UTC 2010 - varkoly@novell.com + +- New file check_mail_queue. This script checks if there are some + mails in the queue and starts postfix if necessary. After delivering + the mails postfix will be stoped. + +------------------------------------------------------------------- +Thu Apr 1 10:28:09 UTC 2010 - varkoly@novell.com + +- bnc#559145 - Changed Domain name not reflected when sending mail + First /var/run/dhcp-hostname will be evaluated +- Now POSTFIX_SMTP_TLS_CLIENT is ternary : no yes must + +------------------------------------------------------------------- +Sun Feb 28 18:38:18 UTC 2010 - varkoly@novell.com +- update to 2.7.0 + * performance + - Periodic cache cleanup for the verify(8) cache database. + - Improved before-queue filter performance. + * sender reputation + - The FILTER action in access maps or header/body_checks now supports sender + reputation schemes that dynamically choose the SMTP source IP address. + * address verification + - The verify(8) service now uses a persistent cache by default. + * content filter + - The meaning of an empty filter next-hop destination has changed. + - The FILTER action in access maps or header/body_checks now supports sender + reputation schemes that dynamically choose the SMTP source IP address. + * milter + - Support for header checks on Milter-generated message headers. + Please read /usr/share/doc/packages/postfix/RELEASE_NOTES for details. +------------------------------------------------------------------- +Thu Feb 11 15:16:13 UTC 2010 - coolo@novell.com + +- revert the change to PreReq openldap-devel, this increases the + default installation several MBs + +------------------------------------------------------------------- +Tue Feb 2 15:45:26 UTC 2010 - varkoly@novell.com + +- bnc#567569 - Postfix: move ldap support to a separate package +- bnc#557239 - postfix delivers mail to user's home instead of /var/spool/mail + +------------------------------------------------------------------- +Tue Jan 5 23:28:12 UTC 2010 - chris@computersalat.de + +- rpmlint fixes + o init-script-undefined-dependency $network-remotefs +- fix for SuSEconfig.postfix + o if use_amavis eq "yes" + then content_filter "amavis:[127.0.0.1]:10024]" is defined, + so removed "-o content_filter=smtp:[127.0.0.1]:10024" for smtp +- s#ldconfig#/sbin/ldconfig# + +------------------------------------------------------------------- +Tue Dec 22 16:15:00 CEST 2009 - freespacer@gmx.de + +- Add support for dovecot as MDA to SuSEconfig. + +------------------------------------------------------------------- +Wed Dec 16 10:45:14 CET 2009 - jengelh@medozas.de + +- Package documentation as noarch + +------------------------------------------------------------------- +Tue Dec 10 13:15:15 CET 2009 - varkoly@suse.de + +- Remove postfixs update script. This does not work now. + +------------------------------------------------------------------- +Tue Dec 8 19:15:15 CET 2009 - varkoly@suse.de + +- Fix the %post section add missed %{fillup_only -an mail} + +------------------------------------------------------------------- +Mon Nov 16 17:14:39 CET 2009 - varkoly@suse.de + +- bnc#555814 – VUL-0: SMTPD_LISTEN_REMOTE="yes" by default +- bnc#555732 - Invalid $(hostname -i) usage SuSEconfig.postfix +- bnc#547928 – Postfix does not start during boot process +- Avoid append relay multiple times in POSTFIX_MAP_LIST + +------------------------------------------------------------------- +Mon Oct 26 14:36:55 CET 2009 - varkoly@suse.de + +- bnc#549612 – SuSEconfig.postfix + +------------------------------------------------------------------- +Mon Sep 28 09:22:54 CEST 2009 - varkoly@suse.de + +- bnc#540538 – postfix-2.6.1-10.1 installs new files in /etc/postfix and does not generate .db +- bnc#519438 - Postfix: Running chrooted lets qmgr loosing his syslog-socket +- remove obsolate version tests from SuSEconfig.postfix + +------------------------------------------------------------------- +Mon Sep 28 08:24:43 CEST 2009 - varkoly@suse.de + +- bnc#525825 - when using cyrus in a chroot environment Suseconfig does not + create socket /var/lib/imap/socket/lmtp + +------------------------------------------------------------------- +Mon Sep 14 11:34:41 UTC 2009 - chris@computersalat.de + +- spec + o fdupes if >= 1100 + +------------------------------------------------------------------- +Thu Sep 10 21:22:46 CEST 2009 - chris@computersalat.de + +- update to 2.6.1 + o merge home:varkoly:Factory and o:F +- spec mods + o use of getent +- rpmlint + o remove unneeded dists from examples/chroot-setup/ + o postin-without-ldconfig + o files-duplicate /usr/share/doc/packages/postfix-doc/html/ + o files-duplicate /usr/share/man/man? + +------------------------------------------------------------------- +Mon Apr 13 18:21:14 UTC 2009 - chris@computersalat.de + +- added VDA patch + o Mailbox / Maildir size limit, known also as "soft quota", + to avoid user take all you disk space + o Customizable "limit" message when the soft quota limit is reached. + NOTE: message is sent to senders, but NOT to the owner of the mailbox. + o Limit only 'INBOX', because some people use IMAP and don't want + the same limit in IMAP folder that are differents from INBOX. + o Support for 'Courier' style Maildir, usefull for people that + use courier as pop3/imap server and to get fast soft quota summary. + Note that it is also compatible with qmail maildir per default. + o Supports for Courier 'maildirsize' file in Maildir folder that + is used to read quotas quickly. Note that this option is not + actived per default and can be dangerous on some NFS client + implementation + (like for example Solaris that cache some filesystem operations). + o Customisable suffix for Maildir support, when share same external + dict between postfix and pop3/imap server sometime "Maildir/" suffix + is needed to avoid extra database handling (eg LDAP, MySQL...). +- some improvements of SuSEconfig.postfix + o POSTFIX_LISTEN: Comma separated list of IP's + o POSTFIX_INET_PROTO: ipv4, ipv6, all + o POSTFIX_MYHOSTNAME: define SMTPs FQHOSTNAME + o POSTFIX_WITH_MYSQL: when using MySQL as backend + o POSTFIX_BASIC_SPAM_PREVENTION: "custom" + you can now define your own rules + - POSTFIX_SMTPD_CLIENT_RESTRICTIONS + - POSTFIX_SMTPD_HELO_RESTRICTIONS + - POSTFIX_SMTPD_SENDER_RESTRICTIONS + - POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS +- added helo_access for helo checks +- added relay for relaying domain +- added MySQL stuff when using MySQL as backend (virtuser) + o you should consider postfixAdmin as mgmnt interface + o when runninng postfix chrooted: + you have to run SUSEconfig each time when you have restarted MySQL + because of linking mysql.sock + +------------------------------------------------------------------- +Sun Mar 29 15:18:52 CEST 2009 - varkoly@suse.de + +- bnc#439287 - not all POSTFIX_ADD_* values are properly handled + by SuSEconfig.postfix +- bnc#483208 - Postfix configuration trashed after update +- bnc#488268 - SuSEconfig.postfix chroot setup misses /etc/ssl/certs + +------------------------------------------------------------------- +Mon Jan 12 11:12:16 CET 2009 - varkoly@suse.de + +- bnc#465165 - postfix src package + +------------------------------------------------------------------- +Fri Jan 9 17:43:53 CET 2009 - varkoly@suse.de + +- bnc#464869 - SuSEconfig.postfix causes DNS lookup +- bnc#460442 - amavisd-new and Postfix need fqdn-hostname in "uname -n" + +------------------------------------------------------------------- +Mon Jan 5 13:54:11 CET 2009 - varkoly@suse.de + +- update to 2.5.6 + - The SMTP server did not ask for a client certificate + with "smtpd_tls_req_ccert = yes". Reported by Rob Foehl. + + - Avoid reduced TCP performance when reusing an SMTP connection + with a larger than 4096-byte TCP MSS value. In practice, this + could happen only with loopback (localhost) connections. + +------------------------------------------------------------------- +Sun Nov 16 12:16:03 CET 2008 - varkoly@suse.de + +- (bnc#442456) - chrooted postfix and saslauthd + +------------------------------------------------------------------- +Tue Nov 4 15:24:41 CET 2008 - ro@suse.de + +- fix build + +------------------------------------------------------------------- +Tue Nov 4 15:15:03 CET 2008 - varkoly@suse.de + +- upgrade must not be executed during installation + +------------------------------------------------------------------- +Tue Oct 14 11:16:21 CEST 2008 - varkoly@suse.de + +- (bnc#403976) - permissions on /var/lib/postfix changed +- (bnc#433916) - postfix should be splitted into postfix and postfix-doc + +------------------------------------------------------------------- +Thu Sep 11 14:34:22 CEST 2008 - varkoly@suse.de + +- (bnc#415216) - Postfix RPM Install Displays Multiple Warnings +- clean up spec file + +------------------------------------------------------------------- +Tue Sep 9 09:57:35 CEST 2008 - varkoly@suse.de + +- Update to Version 2.5 patchlevel 5 + * Bugfix (introduced Postfix 2.4): epoll file descriptor leak. + With Postfix >= 2.4 on Linux >= 2.6, Postfix has an epoll + file descriptor leak when it executes non-Postfix commands + in, for example, user-controlled $HOME/.forward files. + * Security: some systems have changed their link() semantics, + and will hardlink a symlink, contrary to POSIX and XPG4. + Sebastian Krahmer, SuSE. File: util/safe_open.c. + + The solution introduces the following incompatible change: + when the target of mail delivery is a symlink, the parent + directory of that symlink must now be writable by root only + (in addition to the already existing requirement that the + symlink itself is owned by root). This change will break + legitimate configurations that deliver mail to a symbolic + link in a directory with less restrictive permissions. + * Bugfix: dangling pointer in vstring_sprintf_prepend(). + File: util/vstring.c. + +------------------------------------------------------------------- +Mon Aug 25 18:45:03 CEST 2008 - mt@suse.de + +- init script: copy LSB *-Start tags to *-Stop +- spec file: removed obsolete rc.config update hooks + +------------------------------------------------------------------- +Wed Aug 6 13:33:01 CEST 2008 - varkoly@suse.de + +- (bnc#414959) postfix doesn't have any "Name: " tag in firewall definition +- (bnc#405900) SuSEconfig.postfix changes owner and permissions of + /tmp if smtpd_tls_CApath is not set + +- Update to Version 2.5 patchlevel 3 + * Cleanup of code + * defer delivery when a mailbox file is not owned by the recipient. + Requested by Sebastian Krahmer, SuSE. + Specify "strict_mailbox_ownership=no" to ignore ownership discrepancies. + * Bugfix: null-terminate CN comment string after sanitization. + * Bugfix (introduced Postfix 2.0): after "warn_if_reject + reject_unlisted_recipient/sender", the SMTP server mistakenly + remembered that recipient/sender validation was already done. + +------------------------------------------------------------------- +Wed Jul 9 15:07:46 CEST 2008 - varkoly@suse.de + +- (fate#305005) Enable SMTPS in postfix ootb + +------------------------------------------------------------------- +Tue Jun 17 12:27:10 CEST 2008 - varkoly@suse.de + +- (bnc#396985) sending of NUL character disallowed by RFC2822 +- (bnc#397127) without relay is silent about undeliverable mails + +------------------------------------------------------------------- +Tue May 13 18:17:09 CEST 2008 - varkoly@suse.de + +- (bnc#389670) - postfix generates invalid config + +------------------------------------------------------------------- +Tue Apr 1 16:17:31 CEST 2008 - mkoenig@suse.de + +- remove dir /usr/share/omc/svcinfo.d as it is provided now + by filesystem + +------------------------------------------------------------------- +Tue Feb 26 09:59:43 CET 2008 - varkoly@suse.de + +- Update to Version 2.5 patchlevel 1 + Changes: The Postfix 2.5 "postfix upgrade-configuration" command + now works even with Postfix 2.4 or earlier versions of the + postfix command. When installing Postfix 2.5.0 without upgrading + from an existing master.cf file, the new master.cf file had an + incorrect process limit for the proxywrite service. This service + is used only by the obscure "smtp_sasl_auth_cache_name" and + "lmtp_sasl_auth_cache_name" configuration parameters. Someone + needed multi-line support for header/body Milter replies. The + LDAP client's TLS support was broken in several ways. + +------------------------------------------------------------------- +Wed Feb 13 14:58:52 CET 2008 - varkoly@suse.de + +- #360572 - postfix %post script leaves lots of backup files in /etc/postfix/ + +------------------------------------------------------------------- +Wed Jan 30 12:20:53 CET 2008 - varkoly@suse.de + +- Update to Version 2.5 patchlevel 0 + + Major changes - critical + ------------------------ + + [Incompat 20071224] The protocol to send Milter information from + smtpd(8) to cleanup(8) processes was cleaned up. If you use the + Milter feature, and upgrade a live Postfix system, you may see an + "unexpected record type" warning from a cleanup(8) server process. + To prevent this, execute the command "postfix reload". The + incompatibility affects only systems that use the Milter feature. + It does not cause loss of mail, just a minor delay until the remote + SMTP client retries. + + [Incompat 20071212] The allow_min_user feature now applies to both + sender and recipient addresses in SMTP commands. With earlier Postfix + versions, only recipients were subject to the allow_min_user feature, + and the restriction took effect at mail delivery time, causing mail + to be bounced later instead of being rejected immediately. + + [Incompat 20071206] The "make install" and "make upgrade" procedures + now create a Postfix-owned directory for Postfix-writable data files + such as caches and random numbers. The location is specified with + the "data_directory" parameter (default: "/var/lib/postfix"), and + the ownership is specified with the "mail_owner" parameter. + + [Incompat 20071206] The tlsmgr(8) and verify(8) servers no longer + use root privileges when opening the address_verify_map, + *_tls_session_cache_database, and tls_random_exchange_name cache + files. This avoids a potential security loophole where the ownership + of a file (or directory) does not match the trust level of the + content of that file (or directory). + + [Incompat 20071206] The tlsmgr(8) and verify(8) cache files should + now be stored as Postfix-owned files under the Postfix-owned + data_directory. As a migration aid, attempts to open these files + under a non-Postfix directory are redirected to the Postfix-owned + data_directory, and a warning is logged. + + This is an example of the warning messages: + + Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: request + to update file /etc/postfix/prng_exch in non-postfix directory + /etc/postfix + + Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: redirecting + the request to postfix-owned data_directory /var/lib/postfix + + If you wish to continue using a pre-existing tls_random_exchange_name + or address_verify_map file, move it to the Postfix-owned data_directory + and change ownership from root to Postfix (that is, change ownership + to the account specified with the mail_owner configuration parameter). + + [Feature 20071205] The "make install" and "make upgrade" procedures + now create a Postfix-owned directory for Postfix-writable data files + such as caches and random numbers. The location is specified with + the "data_directory" parameter (default: "/var/lib/postfix"), and + the ownership is specified with the "mail_owner" parameter. + + [Incompat 20071203] The "make upgrade" procedure adds a new service + "proxywrite" to the master.cf file, for read/write lookup table + access. If you copy your old configuration file over the updated + one, you may see warnings in the maillog file like this: + + connect #xx to subsystem private/proxywrite: No such file or directory + + To recover, run "postfix upgrade-configuration" again. + + [Incompat 20070613] The pipe(8) delivery agent no longer allows + delivery with the same group ID as the main.cf postdrop group. + + Major changes - malware defense + ------------------------------- + + [Feature 20080107] New "pass" service type in master.cf. Written + years ago, this allows future front-end daemons to accept all + connections from the network, and to hand over connections from + well-behaved clients to Postfix. Since this feature uses file + descriptor passing, it imposes no overhead once a connection is + handed over to Postfix. See master(5) for a few details. + + [Feature 20070911] Stress-adaptive behavior. When a "public" network + service runs into an "all processes are busy" condition, the master(8) + daemon logs a warning, restarts the service, and runs it with "-o + stress=yes" on the command line (under normal conditions it runs + the service with "-o stress=" on the command line). This can be + used to make main.cf parameter settings stress dependent, for + example: + + /etc/postfix/main.cf: + smtpd_timeout = ${stress?10}${stress:300} + smtpd_hard_error_limit = ${stress?1}${stress:20} + + Translation: under conditions of stress, use an smtpd_timeout value + of 10 seconds instead of 300, and use smtpd_hard_error_limit of 1 + instead of 20. The syntax is explained in the postconf(5) manpage. + + The STRESS_README file gives examples of how to mitigate flooding + problems. + + Major changes - tls support + --------------------------- + + [Incompat 20080109] TLS logging output has changed to make it more + useful. Existing logfile parser regular expressions may need + adjustment. + + - More log entries include the "hostnamename[ipaddress]" of the + remote SMTP peer. + + - Certificate trust chain error reports show only the first + error certificate (closest to the trust chain root), and the + reporting is more human-readable for the most likely errors. + + - After the completion of the TLS handshake, the session is logged + with TLS loglevel >= 1 as either "Untrusted", "Trusted" or + "Verified" (SMTP client only). + - "Untrusted" means that the certificate trust chain is invalid, + or that the root CA is not trusted. + - "Trusted" means that the certificate trust chain is valid, and + that the root CA is trusted. + - "Verified" means that the certificate meets the SMTP client's + matching criteria for the destination: + - In the case of a destination name match, "Verified" also + implies "Trusted". + - In the case of a fingerprint match, CA trust is not applicable. + + - The logging of protocol states with TLS loglevel >= 2 no longer + reports bogus error conditions when OpenSSL asks Postfix to refill + (or flush) network I/O buffers. This loglevel is for debugging + only; use 0 or 1 in production configurations. + + [Feature 20080109] The Postfix SMTP client has a new "fingerprint" + security level. This avoids dependencies on CAs, and relies entirely + on bi-lateral exchange of public keys (really self-signed or private + CA signed X.509 public key certificates). Scalability is clearly + limited. For details, see the fingerprint discussion in TLS_README. + + [Feature 20080109] The Postfix SMTP server can now use SHA1 instead + of MD5 to compute remote SMTP client certificate fingerprints. For + backwards compatibility, the default algorithm is MD5. For details, + see the "smtpd_tls_fingerprint_digest" parameter in the postconf(5) + manual. + + [Feature 20080109] The maximum certificate trust chain depth + (verifydepth) is finally implemented in the Postfix TLS library. + Previously, the parameter had no effect. The default depth was + changed to 9 (the OpenSSL default) for backwards compatibility. + + If you have explicity limited the verification depth in main.cf, + check that the configured limit meets your needs. See the + "lmtp_tls_scert_verifydepth", "smtp_tls_scert_verifydepth" and + "smtpd_tls_ccert_verifydepth" parameters in the postconf(5) manual. + + [Feature 20080109] The selection of SSL/TLS protocols for mandatory + TLS can now use exclusion rather than inclusion. Either form is + acceptable; see the "lmtp_tls_mandatory_protocols", + "smtp_tls_mandatory_protocols" and "smtpd_tls_mandatory_protocols" + parameters in the postconf(5) manual. + + Major changes - scheduler + ------------------------- + + [Feature 20071130] Revised queue manager with separate mechanisms + for per-destination concurrency control and for dead destination + detection. The concurrency control supports less-than-1 feedback + to allow for more gradual concurrency adjustments, and uses hysteresis + to avoid rapid oscillations. A destination is declared "dead" after + a configurable number of pseudo-cohorts(*) reports connection or + handshake failure. + + (*) A pseudo-cohort is a number of delivery requests equal to a + destination's delivery concurrency. + + The drawbacks of the old +/-1 feedback scheduler are a) overshoot + due to exponential delivery concurrency growth with each pseudo-cohort(*) + (5-10-20...); b) throttling down to zero concurrency after a single + pseudo-cohort(*) failure. The latter was especially an issue with + low-concurrency channels where a single failure could be sufficient + to mark a destination as "dead", and suspend further deliveries. + + New configuration parameters: destination_concurrency_feedback_debug, + default_destination_concurrency_positive_feedback, + default_destination_concurrency_negative_feedback, + default_destination_concurrency_failed_cohort_limit, as well as + transport-specific versions of the same. + + The default parameter settings are backwards compatible with older + Postfix versions. This may change after better defaults are field + tested. + + The updated SCHEDULER_README document describes the theory behind + the new concurrency scheduler, as well as Patrik Rak's preemptive + job scheduler. See postconf(5) for more extensive descriptions of + the configuration parameters. + + Major changes - small/home office + --------------------------------- + + [Feature 20080115] Preliminary SOHO_README document that combines + bits and pieces from other document in one place, so that it is + easier to find. This document describes the "mail sending" side + only. + + [Feature 20071202] Output rate control in the queue manager. For + example, specify "smtp_destination_rate_delay = 5m", to pause five + minutes between message deliveries. More information in the postconf(5) + manual under "default_destination_rate_delay". + + Major changes - smtp client + --------------------------- + + [Incompat 20080114] The Postfix SMTP client now by default defers + mail after a remote SMTP server rejects a SASL authentication + attempt. Specify "smtp_sasl_auth_soft_bounce = no" for the old + behavior. + + [Feature 20080114] The Postfix SMTP client can now avoid making + repeated SASL login failures with the same server, username and + password. To enable this safety feature, specify for example + "smtp_sasl_auth_cache_name = proxy:btree:/var/lib/postfix/sasl_auth_cache" + (access through the proxy service is required). Instead of trying + to SASL authenticate, the Postfix SMTP client defers or bounces + mail as controlled with the new smtp_sasl_auth_soft_bounce configuration + parameter. + + [Feature 20071111] Header/body checks are now available in the SMTP + client, after the implementation was moved from the cleanup server + to a library module. The SMTP client provides only actions that + don't change the message delivery time or destination: warn, replace, + prepend, ignore, dunno, ok. + + [Incompat 20070614] By default, the Postfix Cyrus SASL client no + longer sends a SASL authoriZation ID (authzid); it sends only the + SASL authentiCation ID (authcid) plus the authcid's password. Specify + "send_cyrus_sasl_authzid = yes" to get the old behavior. + + Major changes - smtp server + --------------------------- + + [Feature 20070724] Not really major. New support for RFC 3848 + (Received: headers with ESMTPS, ESMTPA, or ESMTPSA); updated SASL + support according to RFC 4954, resulting in small changes to SMTP + reply codes and (DSN) enhanced status codes. + + Major changes - milter + ---------------------- + + [Incompat 20071224] The protocol to send Milter information from + smtpd(8) to cleanup(8) processes was cleaned up. If you use the + Milter feature, and upgrade a live Postfix system, you may see an + "unexpected record type" warning from a cleanup(8) server process. + To prevent this, execute the command "postfix reload". The + incompatibility affects only systems that use the Milter feature. + It does not cause loss of mail, just a minor delay until the remote + SMTP client retries. + + [Feature 20071221] Support for most of the Sendmail 8.14 Milter + protocol features. + + To enable the new features specify "milter_protocol = 6" and link + the filter application with a libmilter library from Sendmail 8.14 + or later. + + Sendmail 8.14 Milter features supported at this time: + + - NR_CONN, NR_HELO, NR_MAIL, NR_RCPT, NR_DATA, NR_UNKN, NR_HDR, + NR_EOH, NR_BODY: The filter can tell Postfix that it won't reply + to some of the SMTP events that Postfix sends. This makes the + protocol less chatty and improves performance. + + - SKIP: The filter can tell Postfix to skip sending the rest of + the message body, which also improves performance. + + - HDR_LEADSPC: The filter can request that Postfix does not delete + the first space character between header name and header value + when sending a header to the filter, and that Postfix does not + insert a space character between header name and header value + when receiving a header from the filter. This fixes a limitation + in the old Milter protocol that can break DKIM and DK signatures. + + - SETSYMLIST: The filter can override one or more of the main.cf + milter_xxx_macros parameter settings. + + Sendmail 8.14 Milter features not supported at this time: + + - RCPT_REJ: report rejected recipients to the mail filter. + + - CHGFROM: replace sender, with optional ESMTP command parameters. + + - ADDRCPT_PAR: add recipient, with optional ESMTP command parameters. + + It is unclear when (if ever) the missing features will be implemented. + SMFIP_RCPT_REJ requires invasive changes in the SMTP server recipient + processing and error handling. SMFIR_CHGFROM and SMFIR_ADDRCPT_PAR + require ESMTP command-line parsing in the cleanup server. Unfortunately, + Sendmail's documentation does not specify what ESMTP options are + supported, but only discusses examples of things that don't work. + + Major changes - address verification + ------------------------------------ + + [Incompat 20070514] The default sender address for address verification + probes was changed from "postmaster" to "double-bounce", so that + the Postfix SMTP server no longer causes surprising behavior by + excluding "postmaster" from SMTP server access controls. + + Major changes - ldap + -------------------- + + [Incompat 20071216] Due to an incompatible API change between + OpenLDAP 2.0.11 and 2.0.12, an LDAP client compiled for OpenLDAP + version <= 2.0.11 will refuse to work with an OpenLDAP library + version >= 2.0.12 and vice versa. + + Major changes - logging + ----------------------- + + [Incompat 20080109] TLS logging output has changed to make it more + useful. Existing logfile parser regular expressions may need + adjustment. + + - More log entries include the "hostnamename[ipaddress]" of the + remote SMTP peer. + + - Certificate trust chain error reports show only the first + error certificate (closest to the trust chain root), and the + reporting is more human-readable for the most likely errors. + + - After the completion of the TLS handshake, the session is logged + with TLS loglevel >= 1 as either "Untrusted", "Trusted" or + "Verified" (SMTP client only). + - "Untrusted" means that the certificate trust chain is invalid, + or that the root CA is not trusted. + - "Trusted" means that the certificate trust chain is valid, and + that the root CA is trusted. + - "Verified" means that the certificate meets the SMTP client's + matching criteria for the destination: + - In the case of a destination name match, "Verified" also + implies "Trusted". + - In the case of a fingerprint match, CA trust is not applicable. + + - The logging of protocol states with TLS loglevel >= 2 no longer + reports bogus error conditions when OpenSSL asks Postfix to refill + (or flush) network I/O buffers. This loglevel is for debugging + only; use 0 or 1 in production configurations. + + [Incompat 20071216] The SMTP "transcript of session" email now + includes the remote SMTP server TCP port number. + + Major changes - loop detection + ------------------------------ + + [Incompat 20070422] [Incompat 20070422] When the pipe(8) delivery + agent is configured to create the optional Delivered-To: header, + it now first checks if that same header is already present in the + message. If so, the message is returned as undeliverable. This test + should have been included with Postfix 2.0 when Delivered-To: support + was added to the pipe(8) delivery agent. + +------------------------------------------------------------------- +Tue Jan 8 10:00:12 CET 2008 - varkoly@suse.de + +- Remove previous fix + +------------------------------------------------------------------- +Sun Dec 30 19:58:02 CET 2007 - varkoly@suse.de + +- #301335 - [SuSEconfig]: Postfix module uses stderr + +------------------------------------------------------------------- +Tue Dec 4 09:02:19 CET 2007 - varkoly@suse.de + +- Update to Version 2.4 patchlevel 6 + Bugfix (introduced Postfix 2.2.11): TLS client certificate + with unparsable canonical name caused the SMTP server's + policy client to allocate zero-length memory, triggering + an assertion that it shouldn't do such things. File: + smtpd/smtpd_check.c. + + Bugfix (introduced Postfix 2.4) missing initialization of + event mask in the event_mask_drain() routine (used by the + obsolete postkick(1) command). Found by Coverity. File: + util/events.c. + + Workaround: the flush daemon forces an access time update + for the per-destination logfile, to prevent an excessive + rate of delivery attempts when the queue file system is + mounted with "noatime". File: flush/flush.c. + +- #330276 – /sbin/conf.d/SuSEconfig.postfix could copy certs into smtpd_tls_CApath + +------------------------------------------------------------------- +Mon Oct 22 17:38:19 CEST 2007 - sbrabec@suse.cz + +- Use correct SuSEfirewall2 rule directory. + +------------------------------------------------------------------- +Wed Oct 17 11:52:01 CEST 2007 - varkoly@suse.de + +- #333629 - saslauthd typo in SuSEconfig.postfix + +------------------------------------------------------------------- +Mon Oct 8 12:37:39 CEST 2007 - varkoly@suse.de + +- #331044 - Postfix uses receive_override_options in main.cf + +------------------------------------------------------------------- +Sun Sep 9 17:42:27 CEST 2007 - varkoly@suse.de + +- fix the last fix + +------------------------------------------------------------------- +Tue Sep 4 00:38:58 CEST 2007 - cthiel@suse.de + +- fix the last fix + +------------------------------------------------------------------- +Mon Sep 3 12:37:43 CEST 2007 - varkoly@suse.de + +- Fixing bug: #297622 - SMTPD_LISTEN_REMOTE has no effect + +------------------------------------------------------------------- +Mon Aug 6 00:26:31 CEST 2007 - mrueckert@suse.de + +- Update to Version 2.4 patchlevel 5 + Bugfix: the loopback TCP performance workaround was ineffective + due to a wetware bit-flip during code cleanup. File: + util/vstream_tweak.c. + + (patch level 4) + Bugfix: the Milter client assumed that a Milter application + does not modify the message header or envelope, after that + same Milter application has modified the message body of + that same email message. This is not a problem with updates + by different Milter applications. Problem was triggered + by Jose-Marcio Martins da Cruz. Also simplified the handling + of queue file update errors. File: milter/milter8.c. + + Workaround: some non-Cyrus SASL SMTP servers require SASL + login without authzid (authoriZation ID), i.e. the client + must send only the authcid (authentiCation ID) + the authcid's + password. In this case the server is supposed to derive + the authzid from the authcid. This works as expected when + authenticating to a Cyrus SASL SMTP server. To get the old + behavior specify "send_cyrus_sasl_authzid = yes", in which + case Postfix sends the (authzid, authcid, password), with + the authzid equal to the authcid. File: xsasl/xsasl_cyrus_client.c. + + Portability: /dev/poll support for Solaris chroot jail setup + scripts. Files: examples/chroot-setup/Solaris8, + examples/chroot-setup/Solaris10. + + Cleanup: Milter client error handling, so that the (Postfix + SMTP server's Milter client) does not get out of sync with + Milter applications after the (cleanup server's Milter + client) encounters some non-recoverable problem. Files: + milter/milter8.c, smtpd/smtpd.c. + + Performance: workaround for poor TCP performance on loopback + (127.0.0.1) connections. Problem reported by Mark Martinec. + Files: util/vstream_tweak.c, milter/milter8.c, smtp/smtp_connect.c, + smtpstone/*source.c. + + Bugfix: when a milter replied with ACCEPT at or before the + first RCPT command, the cleanup server would apply the + non_smtpd_milters setting as if the message was a local + submission. Problem reported by Jukka Salmi. Also, the + cleanup server would get out of sync with the milter when + a milter replied with ACCEPT at the DATA command. Files: + cleanup/cleanup_envelope.c, smtpd/smtpd.c, milter/milters.c. +- rediffed patches + +------------------------------------------------------------------- +Tue Jul 31 18:21:11 CEST 2007 - varkoly@suse.de + +- Update to Version 2.4 patchlevel 3 + (patch level 1) + Bugfix (introduced Postfix 2.3): segfault with HOLD action + in access/header_checks/body_checks on 64-bit platforms. + File: cleanup/cleanup_api.c. + + Portability (introduced 20070325): the fix for hardlinks + and symlinks in postfix-install forgot to work around shells + where "IFS=/ command" makes the IFS setting permanent. This + is allowed by some broken standard, and affects Solaris. + File: postfix-install. + + Portability (introduced 20070212): the workaround for + non-existent library bugs with descriptors >= FD_SETSIZE + broke with "fcntl F_DUPFD: Invalid argument" on 64-bit + Solaris. Files: master/multi_server.c, *qmgr/qmgr_transport.c. + + Cleanup: on (Linux) platforms that cripple signal handlers + with deadlock, "postfix stop" now forcefully stops all the + processes in the master's process group, not just the master + process alone. File: conf/postfix-script. + + (patch level 2) + Bugfix: don't falsely report "lost connection from + localhost[127.0.0.1]" when Postfix is being portscanned. + Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c. + + Robustness: recommend a "0" process limit for policy servers + to avoid "connection refused" problems when the smtpd process + limit exceeds the default process limit. File: + proto/SMTPD_POLICY_README.html. + + Safety: when IPv6 (or IPv4) is turned off, don't treat an + IPv6 (or IPv4) connection from e.g. inetd as if it comes + from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c, + qmqpd/qmqpd_peer.c. + + Bugfix: Content-Transfer-Encoding: attribute values are + case insensitive. File: src/cleanup/cleanup_message.c. + + Bugfix: mailbox_transport(_maps) and fallback_transport(_maps) + were broken when used with the error(8) or discard(8) + transports. Cause: insufficient documentation. Files: + error/error.c, discard/discard.c. + + Bugfix (problem introduced Postfix 2.3): when DSN support + was introduced it broke "agressive" recipient duplicate + elimination with "enable_original_recipient = no". File: + cleanup/cleanup_out_recipient.c. + + Bugfix (introduced Postfix 2.3): the sendmail/postdrop + commands would hang when trying to submit a message larger + than the per-message size limit. File: postdrop/postdrop.c. + + Sabotage the saboteur who insists on breaking Postfix by + adding gethostbyname() calls that cause maildir delivery + to fail when the machine name is not found in /etc/hosts, + or that cause Postfix processes to hang when the network + is down. + + (patch level 3) + Portability: Victor helpfully pointed out that change + 20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c, + qmqpd/qmqpd_peer.c. + +------------------------------------------------------------------- +Thu Jun 21 08:30:45 CEST 2007 - varkoly@suse.de + +- Bug 285553 amavisd inconsistency + +------------------------------------------------------------------- +Tue Jun 19 18:55:43 CEST 2007 - dmueller@suse.de + +- provide smtp meta-service as well + +------------------------------------------------------------------- +Mon Jun 11 21:32:53 CEST 2007 - lrupp@suse.de + +- don't PreRequire /sbin/ip: removed call in SuSEconfig.postfix + +------------------------------------------------------------------- +Thu May 3 12:09:13 CEST 2007 - varkoly@suse.de + +- dynamic_maps.patch: readded the chunk for dict_tcp and dict_pcre +- replaced prereq for postfix with a prereq on + %{name} = %{version} +- updated to postfix 2.4, patchlevel 0 + Major changes - safety + * As a safety measure, Postfix now by default creates mailbox dotlock + files on all systems. This prevents problems with GNU POP3D which + subverts kernel locking by creating a new mailbox file and deleting + the old one + + Major changes - Milter support + * The support for Milter header modification + requests was revised. With minimal change in the on-disk representation, + the code was greatly simplified, and regression tests were updated + to ensure that old errors were not re-introduced. The queue file + format is entirely backwards compatible with Postfix 2.3. + + * Support for Milter requests to replace the message + body. Postfix now implements all the header/body modification + requests that are available with Sendmail 8.13. + + * A new field is added to the queue file "size" + record that specifies the message content length. Postfix 2.3 and + older Postfix 2.4 snapshots will ignore this field, and will report + the message size as it was before the body was replaced. + + Major changes - TLS support + * The check_smtpd_policy client sends TLS certificate + attributes (client ccert_subject, ccert_issuer) only after successful + client certificate verification. The reason is that the certification + verification status itself is not available in the policy request. + + * The check_smtpd_policy client sends TLS certificate + fingerprint information even when the certificate itself was not + verified. + + * The remote SMTP client TLS certificate fingerprint + can be used for access control even when the certificate itself was + not verified. + + * The format of SMTP server TLS session cache + lookup keys has changed. The lookup key now includes the master.cf + service name. + + Major changes - performance + * Better support for systems that run thousands + of Postfix processes. Postfix now supports FreeBSD kqueue(2), + Solaris poll(7d) and Linux epoll(4) as more scalable alternatives + to the traditional select(2) system call, and uses poll(2) when + examining a single file descriptor for readability or writability. + These features are supported on sufficiently recent versions of + FreeBSD, NetBSD, OpenBSD, Solaris and Linux; support for other + systems will be added as evidence becomes available that usable + implementations exist. + + Major changes - delivery status notifications + * Small changes were made to the default bounce + message templates, to prevent HTML-aware software from hiding or + removing the text "", and producing misleading text. + + * Postfix no longer announces its name in delivery + status notifications. Users believe that Wietse provides a free + help desk service that solves all their email problems. + + Major changes - ETRN support + * More precise queue flushing with the ETRN, + "postqueue -s site", and "sendmail -qRsite" commands, after + minimization of race conditions. New per-queue-file flushing with + "postqueue -i queueid" and "sendmail -qIqueueid". + + Major changes - small office/home office support + * Postfix no longer requires a domain name. It + uses "localdomain" as the default Internet domain name when no + domain is specified via main.cf or via the machine's hostname. + + Major changes - SMTP access control + * The check_smtpd_policy client sends TLS certificate + attributes (client ccert_subject, ccert_issuer) only after successful + client certificate verification. The reason is that the certification + verification status itself is not available in the policy request. + + * The check_smtpd_policy client sends TLS certificate + fingerprint information even when the certificate itself was not + verified. + + * The remote SMTP client TLS certificate fingerprint can be used for + access control even when the certificate itself was not verified. + + * The Postfix installation procedure no longer + updates main.cf with "unknown_local_recipient_reject_code = 450". + Four years after the introduction of mandatory recipient validation, + this transitional tool is no longer neeed. + +------------------------------------------------------------------- +Thu Mar 29 14:33:03 CEST 2007 - rguenther@suse.de + +- Add pwdutils BuildRequires to allow postinst script to succeed. +- Add /usr/share/omc directory. + +------------------------------------------------------------------- +Mon Feb 26 10:32:36 CET 2007 - varkoly@suse.de + +- #247351 - postfix - Ports for SuSEfirewall added via packages + +- Move postfix.xml into the postfix-SuSE tarball + +- #228479 - Postfix is configured for inet_protocols=all if + selecting ipv4 only support during installation. + Now we set both inet_protocols and inet_interfaces to all. + This means the available interfaces and protocols will be used. + To avoid bogus warnings inet_proto.c was patched. + +- #251598 - postfix use pointers for literals + +------------------------------------------------------------------- +Mon Jan 15 13:14:07 CET 2007 - varkoly@suse.de + +- #144104 - postfix does not start + +- Implementing Fate #301840: Postfix XML Service Description Document + +- Enhancing /etc/sysconfig/postfix descripton to avoid problems + like Bug 228678 - Problems with setting up chroot environment if + /var/spool is not on same filesystem as /var + +------------------------------------------------------------------- +Wed Nov 22 03:03:18 CET 2006 - mrueckert@suse.de + +- moved the dict handling into a preun script instead of postun + and do not remove the dict entry on upgrade (#223176) +- removed duplicates in the filelists. + +------------------------------------------------------------------- +Fri Nov 10 11:43:00 CET 2006 - varkoly@suse.de + +- #218229 - Postfix SuSEconfig script increases the max_proc line each run in master.cf + +------------------------------------------------------------------- +Sat Oct 28 11:41:50 CEST 2006 - varkoly@suse.de + +- #206414 - /usr/lib/sasl2/smtpd.conf misplaced + +------------------------------------------------------------------- +Tue Oct 24 22:32:45 CEST 2006 - varkoly@suse.de + +- #202119 – SuSEconfig script for Postfix incomplete +- #202162 – Postfix 2.3.2 slightly incorrect, Cyrus SASL unavailable +- #203174 – /sbin/conf.d/SuSEconfig.postfix should configure a TLS session cache for postfix 2.2 +- #203575 – postfix-2.2.9-10 chokes without scache +- #213589 - No development package/headers for postfix + +------------------------------------------------------------------- +Wed Aug 16 01:24:20 CEST 2006 - ro@suse.de + +- also add libpostfix-milter.so* + +------------------------------------------------------------------- +Mon Aug 14 12:34:37 CEST 2006 - varkoly@suse.de + +- updated to postfix 2.3, patchlevel 2 +- Major changes + - Name server replies that contain a malformed hostname are now flagged + as permanent errors instead of transient errors. + - DSN support as described in RFC 3461 .. RFC 3464. + - The SMTP client now implements the LMTP protocol. + - Milter (mail filter) application support, compatible with Sendmail + version 8.13.6 and earlier. +- Major changes - SASL authentication + - Plug-in support for SASL authentication in the SMTP server and in the + SMTP/LMTP client. + - The Postfix-with-Cyrus-SASL build procedure has changed. + - Support for sender-dependent ISP accounts. +- Major changes - SMTP client + - The SMTP client now implements the LMTP protocol. + - This version addresses a performance stability problem with remote + SMTP servers. +- Major changes - SMTP server + - The Postfix SMTP server now refuses to receive mail from the network + if it isn't running with postfix mail_owner privileges. + - Optional suppression of remote SMTP client hostname lookup and hostname + verification. + - SMTPD Access control based on the existence of an address->name mapping +- Major changes - TLS + - New concept: TLS security levels ("none", "may", "encrypt", "verify" + or "secure") in the Postfix SMTP client. + - Both the Postfix SMTP client and server can be configured without a + client or server certificate. +- See + /usr/share/doc/packages/postfix/RELEASE_NOTES + /usr/share/doc/packages/postfix/TLS_CHANGES + /usr/share/doc/packages/postfix/README_FILES/SASL_README + for detailed informations. + +------------------------------------------------------------------- +Wed Aug 2 16:18:30 CEST 2006 - varkoly@suse.de + +- Only %{conf_backup_dir} is contained by the package not /var/adm/backup + +------------------------------------------------------------------- +Mon Jul 10 16:21:31 CEST 2006 - varkoly@suse.de + +- Bugfix: #190639 Default number of processes for postfix +- Bugfix: #190270 postfix-postgresql + +------------------------------------------------------------------- +Fri Jun 2 19:58:38 CEST 2006 - varkoly@suse.de + +- Bugfix: #98188 - SuSE.tar.gz filename collision in cyrus/postfix SRPMs + +------------------------------------------------------------------- +Mon Apr 24 17:14:40 CEST 2006 - varkoly@suse.de + +- Bugfix: #165786 - yast2-mail modul uses obsolate postfix attributes + +------------------------------------------------------------------- +Mon Mar 20 10:21:55 CET 2006 - varkoly@suse.de + +- updated to postfix 2.2, patchlevel 9. +- Reasons: + Bugfix: the LMTP client would reuse a session after negative + reply to the RSET command (which may happen when client and + server somehow get out of sync). + Bugfix: race condition in the connection caching protocol, + causing the SMTP delivery agent to hang after delivering + mail, while trying to save a connection. + Bugfix: the best_mx_transport, mailbox_transport and + fallback_transport features did not write a per-recipient + defer logfile record when the target delivery agent was + broken. + Bugfix: an EHLO I/O error after STARTTLS would be reported + as a STARTTLS I/O error. + Bugfix: the *SQL, proxy and LDAP maps were not defined in + user-land commands such as postqueue. + Bugfix: the anvil server would terminate after "max_idle" + seconds, even when this was less than the anvil_rate_time_unit + interval. + Portability: 64-bit support for LINUX chroot script by Keith + Owens. + Safety: new "smtp_cname_overrides_servername" parameter. + + Bugfix: mailbox_command_maps was not subject to $name + expansion. + Bugfix: don't ignore the per-site policy when SSL library + initialization fails. + Bugfix: a TLS per-site MUST_NOPEERMATCH policy could not + override a stronger main.cf policy, while a per-site NONE + policy could. + Bugfix: a combined TLS per-site (host, recipient) policy + of (NONE, MAY) changed a global MUST policy into NONE, and + a global MUST_NOPEERMATCH into MAY. The result is now NONE. + Problem found by exhaustive simulation. + Bugfix: an empty remote_header_rewrite_domain value caused + trivial-rewrite to dereference a null pointer, but only in + regression tests, not in production. Postfix rewrites + addresses in the remote rewriting context only when the + remote_header_rewrite_domain parameter value is non-empty. + Workaround: a malformed domain name lookup result (such as + null MX record) is now treated as a hard error, so that + Postfix will no longer repeatedly try to deliver mail until + the message expires in the queue. However, this will not + reject mail with reject_unknown_sender/recipient_domain. + That would require too much change for a stable release. + +------------------------------------------------------------------- +Fri Jan 27 02:19:42 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Tue Jan 24 09:11:46 CET 2006 - varkoly@suse.de + +- Fixing the spec-file +- Bugfix: ID#143682 - Spurious (obsoleted?) configuration variable in postfix's main.cf + +------------------------------------------------------------------- +Mon Jan 23 13:00:13 CET 2006 - varkoly@suse.de + +- Bugfix: ID#140173 postfix allows relaying on the whole subnet +- Bugfix: ID#144091 postfix doesn't start with the latest kernel + +------------------------------------------------------------------- +Fri Jan 20 11:56:24 CET 2006 - varkoly@suse.de + +- Bugfix: ID#144091 +- Postfix makes an entry in slp servre for smtp & smtps + +------------------------------------------------------------------- +Mon Jan 16 14:49:29 CET 2006 - varkoly@suse.de + +- removing openldap from "neededforbuild" + +------------------------------------------------------------------- +Wed Nov 30 11:11:16 CET 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 6 + +------------------------------------------------------------------- +Tue Oct 11 15:03:56 CEST 2005 - choeger@suse.de + +- added patch ldap_api_changes.patch: openldap2.3 enforces to use + "The C LDAP Application Program Interface" + +------------------------------------------------------------------- +Mon Aug 15 13:55:32 CEST 2005 - choeger@suse.de + +- Bugfix Bugzilla ID#104663 - consistent use of variables in postfix + init-script +- Bugfix Bugzilla ID#104568 - SuSEconfig.postfix doesnt set $PATH properly to + find all binaries. + +------------------------------------------------------------------- +Fri Aug 12 10:25:09 CEST 2005 - mmj@suse.de + +- Package the /usr/lib/sendmail -> /usr/sbin/sendmail link [#102947] + +------------------------------------------------------------------- +Tue Jul 26 11:05:29 CEST 2005 - choeger@suse.de + +- Bugfix Bugzilla ID#93884 - package postfix uses -fsigned-char + Remove -fsigned-char option for ppc and s390 archs + +------------------------------------------------------------------- +Mon Jul 25 11:52:18 CEST 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 5: + - Portability: the connection caching code broke on LP64 + systems (inherited from Stevens Network Programming). + Files: util/unix_send_fd.c, util/unix_recv_fd.c. This code + is back-ported from the Postfix 2.3 snapshot release. + - Robustness: the SMTP client now disables connection caching + when it is unable to communicate with the scache(8) server, + instead of looping forever and not delivering mail. File: + global/scache_clnt.c. This code is back-ported from the + Postfix 2.3 snapshot release. + - Portability: after sending a socket, the scache(8) server + now waits for an ACK from the connection cache client before + closing the socket that it just sent. Files: scache/scache.c, + global/scache_clnt.c. This code is back-ported from the + Postfix 2.3 snapshot release. + - Portability: on LP64 systems, integer expressions are int, + but sizeof() and pointer difference expressions are larger. + Point fixes for a few discrepancies with variadic functions + that expect int (the permanent fix is to change the receiving + modules, but that results in too much change, and is not + allowed in the stable release). Files: tls/tls_scache.c, + util/clean_env.c, util/vstring.h, smtpstone/qmqp-source.c. + +------------------------------------------------------------------- +Mon Jul 18 15:49:16 CEST 2005 - choeger@suse.de + +- force to set strict_8bitmime to "no" when POSTFIX_MDA != cyrus, + because once it is set to "yes", nobody sets it back. +- only install /etc/pam.d/smtp if suse_version > 920 +- use Prereq instead of Requires for mysql and postgresql subpackages + +------------------------------------------------------------------- +Wed Jul 13 16:59:14 CEST 2005 - choeger@suse.de + +- added /etc/pam.d/smtp configuration file + +------------------------------------------------------------------- +Thu Jul 7 16:44:05 CEST 2005 - choeger@suse.de + +- Fixed build on x86_64: use -fPIC for libraries and -fPIE for the + rest + +------------------------------------------------------------------- +Tue Jul 5 17:57:48 CEST 2005 - choeger@suse.de + +- applied dynamic maps patch of LaMont Jones at debian +- Fix to SuSEconfig.postfix: only touch tlsmgr line in master.cf, + if it is the new one using unix socket instead of fifo + +------------------------------------------------------------------- +Thu Jun 30 17:52:10 CEST 2005 - uli@suse.de + +- build with -fPIE (not -fpie) to avoid GOT overflow on s390x + +------------------------------------------------------------------- +Thu Jun 23 10:22:18 CEST 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 4 + +------------------------------------------------------------------- +Fri Jun 17 17:06:39 CEST 2005 - choeger@suse.de + +- fixed build using -pie/-fpie (hopefully) + +------------------------------------------------------------------- +Fri Jun 17 11:04:03 CEST 2005 - choeger@suse.de + +- Build using -pie + +------------------------------------------------------------------- +Fri May 13 18:24:50 CEST 2005 - choeger@suse.de + +- set strict_8bitmime parameter to yes when using cyrus mailbox + delivery + +------------------------------------------------------------------- +Wed May 4 15:54:33 CEST 2005 - choeger@suse.de + +- Bugfix ID#66325 - postfix: permissions + also ship a postfix.paranoid file with the package with all suid and sgid + bits disabled + +------------------------------------------------------------------- +Tue May 3 16:29:04 CEST 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 3 +- Bugfix ID#75717 - postfix init scripts reports success allthough postfix is + not running: + use checkproc again instead of "master -t", as "master -t" seems to be broken + +------------------------------------------------------------------- +Thu Apr 21 17:42:04 CEST 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 2 +- Bugfix ID#74712, problems with read-only mounting of $chroot/proc: + don't mount /var/spool/postfix/proc ro as that results in /proc also mounted + ro. +- Bugfix ID#74709, postfix configuration and USE_IPV6 in + sysconfig/network/config + +------------------------------------------------------------------- +Tue Mar 15 17:46:44 CET 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 1 + Postfix 2.2.1 solves four portability problems that surfaced in + the week since the 2.2.0 release, one harmless bug in the TLS + session cache cleaning code, and cleans up minor documentation + problems. + +------------------------------------------------------------------- +Thu Mar 10 10:18:45 CET 2005 - choeger@suse.de + +- 2.2.0 is out + +------------------------------------------------------------------- +Mon Mar 7 14:15:08 CET 2005 - choeger@suse.de + +- update to RC2 + +------------------------------------------------------------------- +Wed Mar 2 15:01:33 CET 2005 - choeger@suse.de + +- make it compile with gcc4 + +------------------------------------------------------------------- +Mon Feb 28 18:03:36 CET 2005 - choeger@suse.de + +- RC1 of 2.2 is out + +------------------------------------------------------------------- +Fri Feb 18 16:34:07 CET 2005 - choeger@suse.de + +- use "usr/sbin/postfix upgrade-configuration" now instead of + "etc/postfix/post-install upgrade-package" + +------------------------------------------------------------------- +Thu Feb 17 19:28:22 CET 2005 - choeger@suse.de + +- removed some @ chars (don't know how they slipped in) + +------------------------------------------------------------------- +Thu Feb 17 13:42:18 CET 2005 - choeger@suse.de + +- update to current pre 2.2 snapshot (2.2-20050216) + 2.2 release could happen next week + +------------------------------------------------------------------- +Thu Feb 10 09:08:18 CET 2005 - choeger@suse.de + +- added patch needed for the Kolab project (this patch is part of the upcoming + postfix 2-2 release), see + http://wiki.kolab.org/index.php/Kolab-major-app-patches + +------------------------------------------------------------------- +Thu Feb 3 10:00:38 CET 2005 - choeger@suse.de + +- s/X-UnitedLinux-Should-Start/Should-Start/ + +------------------------------------------------------------------- +Wed Feb 2 16:44:34 CET 2005 - choeger@suse.de + +- added long_header.patch + long lines piped into postfix sendmail can lead to errors. + +------------------------------------------------------------------- +Wed Feb 2 08:52:19 CET 2005 - choeger@suse.de + +- Bugfix ID#49307: faster postfix startup: don't use hashed directories if + possible: + - added patch empty_hash_queue_names.patch to be able to modify + hash_queue_names parameter. + - added check to %post to change hash_queue_names in case of + /var/spool/postfix residing on a reiserfs partition when doing + a fresh installation +- Bugfix ID#50386 - postfix must prereq /sbin/ip (iproute2) + +------------------------------------------------------------------- +Fri Jan 28 16:29:05 CET 2005 - choeger@suse.de + +- updated tls+ipv6 patchkit to v1.26 + - Bugfix: Incomplete error checking in getaddrinfo() could cause lmtpd to + crash with debug_peer_list defined. Carsten Hoeger, SuSE. File: + util/match_ops.c + - Linux workaround: When mynetworks isn't set, a chrooted process could not + read the IPv6 address information from /proc. We now invoke own_inet_addr() + before chrooting, while processing main.cf. [backported from 2.2-nonprod + snapshot] File: global/mail_params.c + - Safety: when IPv6 netmask can't be determined, mynetworks is not set and + mynetworks_style = subnet, assume /128 (host only). Until now, Tru64Unix + assumed /64 (good for real subnets, but not safe for tunnel ranges etc.). + File: util/inet_addr_local.c + +------------------------------------------------------------------- +Sat Jan 15 20:48:48 CET 2005 - schwab@suse.de + +- Use : in permissions file. + +------------------------------------------------------------------- +Thu Jan 13 16:16:41 CET 2005 - choeger@suse.de + +- Two fixes to ipv6-patch related bugs: + - Bugfix Bugzilla ID#49435 - VUL-0: Postfix, permit_mx_backup, IPv6, chroot + --> Open Relay! + - Bugfix Bugzilla ID#49695 - SEGV while lmtp delivery +- mount /proc into chroot jail to be able to access /proc/net/if_inet6 + +------------------------------------------------------------------- +Wed Nov 24 14:46:16 CET 2004 - schwab@suse.de + +- Put options first in find command line. + +------------------------------------------------------------------- +Tue Nov 9 09:20:27 CET 2004 - choeger@suse.de + +- setting LC_ALL=POSIX in SuSEconfig.postfix + +------------------------------------------------------------------- +Wed Sep 29 18:14:13 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#46462, postfix should switch biff off + +------------------------------------------------------------------- +Tue Sep 21 12:48:02 CEST 2004 - choeger@suse.de + +- updated to postfix 2.1, patchlevel 5 + (several small bugfixes) +- updated tls+ipv6 patchkit (there have been some small bugs) +- use v4 address 127.0.0.1 as amavisd-new local contact address + as amavisd is not listening on any v6 address + +------------------------------------------------------------------- +Mon Sep 20 09:51:25 CEST 2004 - choeger@suse.de + +- also chmod the .db file resulting of a postmap (related to + bugfix ID#39045 + +------------------------------------------------------------------- +Thu Sep 16 13:57:32 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#39045 - tls_per_site table updates in SuSEconfig.postfix + introduced POSTFIX_MAP_LIST in /etc/sysconfig/postfix where additional + maps maintained by SuSEconfig.postfix can be added + +------------------------------------------------------------------- +Thu Sep 16 10:34:58 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#45252 - rpm calls SuSEconfig.permissions which calls rpm + -> 3 minute timeout + Also don't call rpm from SuSEconfig.postfix +- Speedup: set timestamp of $TMPDIR/main.cf into the past to workaround + postconf safety which is not neccessary, because we do not touch the main.cf, + the postfix daemons are using. + +------------------------------------------------------------------- +Mon Sep 13 11:57:15 CEST 2004 - choeger@suse.de + +- added $time to Required-Start in init-script + +------------------------------------------------------------------- +Thu Aug 26 14:15:31 CEST 2004 - choeger@suse.de + +- do not filter locally delivered mail when USE_AMAVIS=yes + (don't set content_filter=vscan in main.cf) +- removed obsolete vscan service definition from master.cf + +------------------------------------------------------------------- +Fri Aug 20 12:47:52 CEST 2004 - choeger@suse.de + +- use "$MASTER_BIN -t" to check whether postfix is already running + in start section of init-script. That's more reliable then checkproc. + +------------------------------------------------------------------- +Wed Jul 14 17:48:29 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#42995 - SuSEconfig.postfix should ignore + .swp and other files in /etc/aliases.d + +------------------------------------------------------------------- +Tue Jul 13 16:22:02 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#42281, openssl ca segfaults: + added missing [ policy_anything ] configuration + options to openssl.cnf + +------------------------------------------------------------------- +Mon Jul 12 14:58:58 CEST 2004 - choeger@suse.de + +- updated to postfix 2.1, patchlevel 4 +- updated tls+ipv6 patchkit to v1.25 +- new feature POSTFIX_REGISTER_SLP in /etc/sysconfig/postfix + to be able to totally disable slptool from being started + +------------------------------------------------------------------- +Tue May 25 12:42:45 CEST 2004 - choeger@suse.de + +- updated tls+ipv6 patchkit to v1.24: + - Bugfix: Prefixlen non-null host portion validation (in CIDR maps for + example) yielded incorrect results sometimes because signed arithmetic was + used instad of unsigned. + - Patch correction: The TLS+IPv6 patch for Postfix 2.1.0 missed the master.cf + update (used for new installattions). Added it back. +- as tls and ipv6 patches have not been completely ported to postfix 2.1 + new documentation system, especially the new postconf(5) manpage is + missing the complete ipv6 and tls related configuration parameters, + readded the sample-* files from ipv6+tls to %doc/samples + +------------------------------------------------------------------- +Tue May 4 11:24:20 CEST 2004 - choeger@suse.de + +- update to postfix 2.1, patchlevel 1: + - Patch 01 fixes a signal 11 problem in the check_policy_service + feature when SASL support is compiled in but turned off in the + SMTP server (smtpd_sasl_auth_enable = no). + +------------------------------------------------------------------- +Wed Apr 28 10:46:55 CEST 2004 - choeger@suse.de + +- added now officially released tls patchkit 0.8.18-2.1.0-0.9.7d to + the source package for the user to be able to build a non-ipv6 + postfix package + +------------------------------------------------------------------- +Mon Apr 26 17:46:01 CEST 2004 - choeger@suse.de + +- official tls+ipv6 v1.23 patchkit released: + - Patch fixes: Several code fixes to make the patch compile and work + correctly when compiled without IPv6 support. + - Bugfix (Solaris only?): address family length was not updated + which could cause client hostname validation errors. File: + smtpd/smtpd_peer.c + - Portability: added support for Darwin 7.3+. This may need some + further testing. + - Cleanup: Restructure and redocument interface address retrieval + functions. (This reduced the number of preprocessor statements + from 99 to 93 ;) File: util/inet_addr_local.c + - Cleanup: make several explicit casts to have compilers shut their + pie holes about uninteresting things. + +------------------------------------------------------------------- +Fri Apr 23 11:22:35 CEST 2004 - choeger@suse.de + +- update to final postfix v2.1 + +------------------------------------------------------------------- +Wed Apr 21 17:35:26 CEST 2004 - choeger@suse.de + +- Bugfix: changed {main,master}.cf backup path in specfile, but not in + SuSEconfig script + +------------------------------------------------------------------- +Wed Apr 21 11:55:43 CEST 2004 - choeger@suse.de + +- update to postfix 2.1 RC5 + +------------------------------------------------------------------- +Mon Apr 19 14:23:19 CEST 2004 - choeger@suse.de + +- update to current postfix 2.1 release candidate (RC4) + +------------------------------------------------------------------- +Wed Apr 7 13:09:09 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#38569, exit SuSEconfig.postfix if + mktemp fails + +------------------------------------------------------------------- +Tue Mar 30 11:13:38 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#37409 + the saslauthd socket is not copied to chroot jail due to + a wrong test in SuSEconfig.postfix (used -L instead of -S) + +------------------------------------------------------------------- +Mon Mar 29 20:03:16 CEST 2004 - choeger@suse.de + +- only add ::1 to inet_interfaces when SMTPD_LISTEN_REMOTE=no + AND ipv6 is enabled + +------------------------------------------------------------------- +Mon Mar 29 11:03:56 CEST 2004 - choeger@suse.de + +- Bugfix Bug ID#37293, SuSEConfig complains POSTFIX_ADD_* parameters are + unknown (in turkish locale settings) + added LC_CTYPE=POSIX to SuSEconfig.postfix + +------------------------------------------------------------------- +Thu Mar 25 10:54:26 CET 2004 - choeger@suse.de + +- updated to tls+ipv6 version 1.22 (related to Bugzilla ID#35884) + - Feature: Support "inet_interfaces = IPv4:all" and "inet_interfaces = + IPv6:all", to restrict postfix to use either IPv4-only or IPv6-only. A more + complete implementation will be part of a future patch. (Slightly modified) + patch by Michal Ludvig, SuSE. Files: util/interfaces_to_af.[ch], + util/inet_addr_local.c, global/own_inet_addr.c, + global/wildcard_inet_addr.[ch], master/master_ent.ch + - Bugfix: In Postfix snapshots, a #define was misplaced with the effect that + IPv6 subnets were not included in auto- generated $mynetworks (i.e., + mynetworks not defined in main.cf, when also mynetworks_style=subnet) on + Linux 2.x systems. File: utils/sys_defs.h +- now adding ::1 to inet_interfaces when SMTPD_LISTEN_REMOTE=no + (related to Bugzilla ID#35884) +- enabled ipv6 again + +------------------------------------------------------------------- +Thu Mar 18 12:37:44 CET 2004 - choeger@suse.de + +- updated to most recent snapshot version 2.0.19-20040312: + Patch 19 fixes two low-priority problems: + + - When mail is submitted at a high rate with the Postfix sendmail + command, the pickup daemon is keps busy long enough that it it + terminated by the watchdog timer (a feature that prevents Postfix + from locking up permanently). + + - Malformed addresses in SMTP commands could result in table looks + with zero-length search strings, causing trouble with NIS lookups. + +------------------------------------------------------------------- +Wed Mar 17 16:51:00 CET 2004 - choeger@suse.de + +- disable IPv6 patch as it introduces problems for people + who do not use IPv6, see Bugzilla ID#35884, + "ipv6 mynetworks don't work" + +------------------------------------------------------------------- +Mon Mar 8 15:58:35 CET 2004 - choeger@suse.de + +- be a nice packager and strictly follow + http://www.porcupine.org/postfix-mirror/newdoc/PACKAGE_README.html + (added setgid_group=... to post-install upgrade-package) + +------------------------------------------------------------------- +Fri Feb 27 11:37:56 CET 2004 - choeger@suse.de + +- update to most recent version 2.0.18-20040209 + +------------------------------------------------------------------- +Mon Feb 23 15:25:20 CET 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#34817, SuSEconfig.postfix doesn't specify direct path to + "postconf" and generates errors if run via sudo by a non-root user. + +------------------------------------------------------------------- +Fri Feb 6 13:15:49 CET 2004 - choeger@suse.de + +- update to postfix 2.0.18-20040205 +- enabled tls+ipv6 patch as it is now available for latest + pre 2.1 snapshot + +------------------------------------------------------------------- +Mon Feb 2 13:22:54 CET 2004 - choeger@suse.de + +- finally, the official TLS patchkit of Lutz hit the ground + +------------------------------------------------------------------- +Mon Feb 2 11:02:16 CET 2004 - choeger@suse.de + +- additional fix for the TLS extensions patch + should also fix Bugzilla ID#34218 + +------------------------------------------------------------------- +Fri Jan 23 12:15:00 CET 2004 - choeger@suse.de + +- fixed the smtp segfault + +------------------------------------------------------------------- +Thu Jan 22 21:37:51 CET 2004 - choeger@suse.de + +- updated to postfix 2.0.18-20040122 +- added new feature for specfile usetls to en/dis-able TLS + support +- temporary removed TLS support (self adapted patch to most recent + postfix snapshot version) as it currently results in smtp segfaulting + +------------------------------------------------------------------- +Thu Jan 22 13:53:44 CET 2004 - choeger@suse.de + +- update to recent postfix snapshot version 2.0.17-20040120 + which will become the next official release 2.1 around + next week according to Wietse Venema. +- added possibility to compile using the combined IPV6/TLS patch + which can be downloaded from http://www.ipnet6.org/postfix/ + just set useipv6 to 1 at the top of the specfile. + +------------------------------------------------------------------- +Thu Jan 22 01:45:58 CET 2004 - ro@suse.de + +- remove call to ldap_enable_cache + (function has been removed from openldap and was already + obsolete before (warning was issued back then)) + +------------------------------------------------------------------- +Wed Jan 14 16:38:06 CET 2004 - choeger@suse.de + +- added openslp register/derigister calls to postfix init-script + +------------------------------------------------------------------- +Mon Jan 12 15:50:35 CET 2004 - choeger@suse.de + +- add postfix user to group mail in case of POSTFIX_MDA==cyrus + to let postfix lmtp access /var/lib/imap/socket/lmtp + +------------------------------------------------------------------- +Thu Jan 8 16:00:30 CET 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#33421, SMTP-Auth and relaying + added permit_sasl_authenticated also to smtpd_recipient_restrictions + in SuSEconfig.postfix + +------------------------------------------------------------------- +Mon Dec 1 14:51:06 CET 2003 - choeger@suse.de + +- always create temp files and always remove them later on + +------------------------------------------------------------------- +Mon Nov 17 12:51:09 CET 2003 - choeger@suse.de + +- some .spec improvements + +------------------------------------------------------------------- +Thu Oct 30 12:13:51 CET 2003 - mmj@suse.de + +- Run SuSEconfig after install + +------------------------------------------------------------------- +Wed Oct 29 20:23:44 CET 2003 - mmj@suse.de + +- Don't build as root +- Be nice and clean up after ourselves + +------------------------------------------------------------------- +Tue Oct 14 15:47:52 CEST 2003 - choeger@suse.de + +- update to postfix v2.0.16 +- update to tls extensions v0.8.16 +- Fix for Bugzilla ID#32114, fixed some if condition syntaxes + +------------------------------------------------------------------- +Tue Sep 16 10:29:25 CEST 2003 - choeger@suse.de + +- fixed example for POSTFIX_RELAYHOST, Bug ID#30756 + +------------------------------------------------------------------- +Mon Sep 8 09:49:49 CEST 2003 - choeger@suse.de + +- updated some sysconfig descriptions +- removed relays.osirosoft.com from the examples, Bug ID#30215 + +------------------------------------------------------------------- +Thu Sep 4 15:40:25 CEST 2003 - kukuk@suse.de + +- Fix next useradd call + +------------------------------------------------------------------- +Wed Sep 3 11:31:54 CEST 2003 - choeger@suse.de + +- conf/postfix-files as input for /etc/permissions.d/postfix (Bug ID#29915) +- generate better amavisd-new master.cf line: + limit maxproc to 2 and use brackets around localhost + (Bug ID#29917) + +------------------------------------------------------------------- +Mon Sep 1 13:08:33 CEST 2003 - choeger@suse.de + +- use conf/postfix-files as input for directories and permissions + for files/directories in/below $queue_directory and $command_directory +- use /var/lib/imap/socket/lmtp as lmtp socket in SuSEconfig.postfix + and change access modes of /var/lib/imap and /var/lib/imap/socket + to let postfix lmtp access the unix socket + +------------------------------------------------------------------- +Fri Aug 29 11:43:53 CEST 2003 - kukuk@suse.de + +- Create postfix user as system account [Bug #29611] + +------------------------------------------------------------------- +Fri Aug 29 08:48:52 CEST 2003 - kukuk@suse.de + +- Adjust sendmail permissions +- Create /var/spool/postfix/public with permissions postfix is + using + +------------------------------------------------------------------- +Fri Aug 29 00:27:03 CEST 2003 - mmj@suse.de + +- Add sendmail to /etc/sysconfig/mail + +------------------------------------------------------------------- +Thu Aug 14 18:41:19 CEST 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 14 +- Bugfix Bugzilla ID#28921: + missing activation metadata in sysconfig template + +------------------------------------------------------------------- +Wed Jul 30 11:48:21 CEST 2003 - choeger@suse.de + +- new macros for stop/restart of services on rpm update/removal + +------------------------------------------------------------------- +Mon Jul 21 13:33:53 CEST 2003 - choeger@suse.de + +- chown user:group instead of user.group + +------------------------------------------------------------------- +Fri Jul 11 11:23:05 CEST 2003 - choeger@suse.de + +- update to tls extensions 0.8.15-2.0.13-0.9.7b + +------------------------------------------------------------------- +Tue Jul 1 15:44:05 CEST 2003 - choeger@suse.de + +- updated SuSEconfig to use amavisd-new instead of amavis[d]-postfix + +------------------------------------------------------------------- +Mon Jun 30 17:43:20 CEST 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 13 +- After "postfix reload", the master daemon now warns when the + inet_interfaces parameter setting has changed, and ignores the + change, instead of passing incorrect information to the smtp + server. +- After the postdrop command change with Postfix 2.0.11, the postcat + command no longer recognized "maildrop" queue files as valid. +- Mail could bounce when two messages were delivered simultaneously + to a non-existent mailbox file. The safe_open() code that prevents + race condition exploits will now try a little harder when it + actually encounters a race condition. +- update to tls extensions 0.8.14-2.0.12-0.9.7b + +------------------------------------------------------------------- +Thu Jun 12 13:27:48 CEST 2003 - choeger@suse.de + +- also change path to smtpd.conf in sysconfig template parameter + description dependent on what %{_lib} is set to. + +------------------------------------------------------------------- +Thu Jun 12 09:51:33 CEST 2003 - choeger@suse.de + +- update to postfix 2.0, patchlevel 12 + +------------------------------------------------------------------- +Wed Jun 11 17:55:21 CEST 2003 - choeger@suse.de + +- mkdir -p $RPM_BUILD_ROOT/%{_libdir}/sasl2 instead of + $RPM_BUILD_ROOT/usr/lib/sasl2 + and we also can build on 64bit archs + +------------------------------------------------------------------- +Wed Jun 11 14:25:29 CEST 2003 - choeger@suse.de + +- package /usr/lib/sasl2/smtpd.conf using %{_libdir}/sasl2/smtpd.conf +- added /etc/postfix to filelist + +------------------------------------------------------------------- +Wed Jun 11 09:11:11 CEST 2003 - choeger@suse.de + +- update to postfix 2.0, patchlevel 11 +- update to tls extensions 0.8.13-2.0.10-0.9.7b + +------------------------------------------------------------------- +Fri May 23 14:33:01 CEST 2003 - choeger@suse.de + +- updated SuSE/master.cf toplevel comments + +------------------------------------------------------------------- +Fri May 23 14:19:43 CEST 2003 - choeger@suse.de + +- update to postfix 2.0, patchlevel 10 + +------------------------------------------------------------------- +Mon May 19 12:42:36 CEST 2003 - choeger@suse.de + +- remove installed (but unpackaged) file /etc/postfix/aliases + +------------------------------------------------------------------- +Mon May 19 10:12:52 CEST 2003 - choeger@suse.de + +- path to ca, certificate and key is relative to $POSTFIX_SSL_PATH, + added $POSTFIX_SSL_PATH/ to the relevant parts of SuSEconfig.postfix + +------------------------------------------------------------------- +Wed May 14 11:29:48 CEST 2003 - choeger@suse.de + +- correctly handle new POSTFIX_SMTP_TLS_CLIENT parameter in + SuSEconfig.postfix (activate/deactivate master.cf entries) + +------------------------------------------------------------------- +Wed May 14 11:05:36 CEST 2003 - choeger@suse.de + +- added libxcrypt to chroot jail, Bugzilla ID#25766 + +------------------------------------------------------------------- +Tue May 13 20:40:00 CEST 2003 - choeger@suse.de + +- added TLS_CLIENT support, Bugzilla ID#26647 + +------------------------------------------------------------------- +Wed Apr 23 13:43:02 CEST 2003 - choeger@suse.de + +- update to postfix 2.0, patchlevel 9 + +------------------------------------------------------------------- +Tue Apr 15 10:27:13 CEST 2003 - ro@suse.de + +- fixed neededforbuild + +------------------------------------------------------------------- +Mon Apr 7 12:58:01 CEST 2003 - choeger@suse.de + +- update to postfix 2.0, patchlevel 7 +- update to tls extensions 0.8.13-2.0.6-0.9.7a +- Bugfix Bugzilla ID#25905, do not restrict mailbox size per default + +------------------------------------------------------------------- +Sat Mar 8 15:56:26 CET 2003 - choeger@suse.de + +- use checkproc to check if there really is a postfix master + process running when there's a pid file lying around. + (Bugzilla ID#24910) + +------------------------------------------------------------------- +Thu Mar 6 11:02:12 CET 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 06 +- Postfix now truncates non-address information in message address + headers (comments, etc.) to 250 characters per address. This should + rarely present a problem. Reportedly, junk mail from poorly written + software can trigger the protection, but that is no great loss. +- Some little fixes to documentation. + +------------------------------------------------------------------- +Tue Mar 4 10:29:31 CET 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 05 +- The SMTP server's hard and soft error limits were off by one. + With "smtpd_hard_error_limit = 1", Postfix will now disconnect + after the first error, instead of the second one. +- The proxymap server could deadlock when the mydestination parameter + setting included a proxymapped lookup table. +- Some little fixes to documentation. + +------------------------------------------------------------------- +Sat Mar 1 16:41:10 CET 2003 - choeger@suse.de + +- when updating postfix, check whether post-install changed + main/master.cf and update md5sums to not confuse SuSEconfig +- when installing postfix on a fresh system, create md5sums + in %post to be able to let check_md5_and_move() detect + changes that a user might have done without running SuSEconfig + before. + +------------------------------------------------------------------- +Thu Feb 27 19:01:32 CET 2003 - choeger@suse.de + +- no longer remove md5sums of main.cf and master.cf during + postinstall, as SuSEconfig then no longer knows, whether + main.cf/master.cf had been modified by the user. + Disadvantage: as postfix permanently needs basic changes + to both main and master.cf, SuSEconfig.postfix will frequently + generate .SuSEconfig files although the user did not change anything + Bugzilla ID#24432 + +------------------------------------------------------------------- +Fri Feb 21 10:04:48 CET 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 04 + - The format of maildir filenames is synchronized with the present + version of the maildir definition document. This format was already + adopted by the 20030126 snapshot release. + - The time limit on delivery to external commands was not enforced. + This was broken probably some time before the first public Postfix + release. + - Duplicate elimination after virtual alias expansion works again. + This was broken with the introduction of the original recipient + attribute. + - The local pickup daemon dropped incomplete records from local + submissions. This was broken somewhere in the middle of 2002. + +------------------------------------------------------------------- +Sat Feb 15 14:59:54 CET 2003 - choeger@suse.de + +- Bugfix Bugzilla ID#23675: new service proxymap will not be + appended during update + +------------------------------------------------------------------- +Mon Feb 10 16:25:39 CET 2003 - choeger@suse.de + +- also check whether amavisd-postfix is installed and set up + filter section in master.cf + +------------------------------------------------------------------- +Thu Jan 30 11:43:03 CET 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 03 + - Postfix 2.0 broke relocated table lookup results with mail not + rejected at the SMTP port, causing "User has moved to" text to be + deleted. + - A widely used maildir filename generating algorithm was broken. + This affects all Postfix versions with maildir support. Instead of + TIME.PID_COUNT.HOST Postfix now uses TIME.DEVICE_INODE.HOST. + - Postfix 2.0 gave incorrect FILTER_README instructions for sites + that wish to disable virtual alias mapping before the content + filter. +- postfix-lib64.patch code now integrated in postfix + +------------------------------------------------------------------- +Fri Jan 24 11:52:17 CET 2003 - choeger@suse.de + +- changed SuSEconfig.postfix and smtpd.conf to use sasl2 + +------------------------------------------------------------------- +Thu Jan 23 13:07:17 CET 2003 - choeger@suse.de + +- forgot to add tlsmgr to master.cf + +------------------------------------------------------------------- +Thu Jan 23 11:43:24 CET 2003 - choeger@suse.de + +- Hmmm, just noticed, that suddenly 2.0.0.x became 2.0.x + must have missed something... +- updated SuSE/master.cf (new proxymap service) + +------------------------------------------------------------------- +Thu Jan 16 10:21:27 CET 2003 - choeger@suse.de + +- added POSTFIX_ADD_MESSAGE_SIZE_LIMIT as example to sysconfig.postfix + (Bugzilla ID#22907) + +------------------------------------------------------------------- +Tue Jan 14 12:51:56 CET 2003 - choeger@suse.de + +- build using sasl2 + +------------------------------------------------------------------- +Fri Jan 10 13:24:43 CET 2003 - choeger@suse.de + +- update to postfix v2 (version 2.0.0.2) + +------------------------------------------------------------------- +Wed Dec 11 11:44:51 CET 2002 - choeger@suse.de + +- added sysconfig metadata to sysconfig templates +- updated to new tls extensions + +------------------------------------------------------------------- +Fri Nov 29 13:16:42 CET 2002 - choeger@suse.de + +- Bugfix Bugzilla ID#21865: don't copy directories into + directories when updating chroot jail in cpifnewer() +- Update to version 1.11, pl12 + +------------------------------------------------------------------- +Tue Nov 19 14:29:36 CET 2002 - choeger@suse.de + +- new SuSEconfig.postfix features: + . SMTP-AUTH server + . SMTP-AUTH client + . TLS Server + +------------------------------------------------------------------- +Tue Nov 5 15:08:43 CET 2002 - choeger@suse.de + +- quote args of tr command + +------------------------------------------------------------------- +Mon Nov 4 13:52:51 CET 2002 - choeger@suse.de + +- new feature: POSTFIX_ADD_* command in sysconfig/postfix to + be able to add any regular postfix command via SuSEconfig +- Bugfix Bugzilla ID#21120 added POSTFIX_ADD_MAILBOX_SIZE_LIMIT + as example with value 0 (unlimited) +- added a header to main.cf explaining that many postfix + parameters have been added to the end of main.cf + +------------------------------------------------------------------- +Tue Oct 15 11:27:46 CEST 2002 - choeger@suse.de + +- Bugfix for Bugzilla ID#20754 + missed some parameters when restoring main.cf or master.cf + from scratch + +------------------------------------------------------------------- +Wed Oct 9 20:34:03 CEST 2002 - choeger@suse.de + +- NULLCLIENT did not work because SuSEconfig searches for the wrong + keyword + +------------------------------------------------------------------- +Mon Oct 7 17:47:56 CEST 2002 - choeger@suse.de + +- Bugfix related to Bugzilla IDs 20506, 18298, 19294: + masquerade_classes should not be extended by envelope_recipient + +------------------------------------------------------------------- +Fri Sep 6 17:04:57 CEST 2002 - choeger@suse.de + +- added ypbind to X-UnitedLinux-Should-Start in init-script + +------------------------------------------------------------------- +Wed Aug 28 11:37:38 CEST 2002 - choeger@suse.de + +- added restoration mechanism to restore master.cf and/or main.cf + if they got deleted by (intention or) accident to SuSEconfig.postfix +- added ldap to X-UnitedLinux-Should-Start + +------------------------------------------------------------------- +Mon Aug 26 11:11:26 CEST 2002 - choeger@suse.de + +- Bugfix Bugzilla ID#18298: when setting FROM_HEADER, also unqualified + envelope recipients should be qualified to FROM_HEADER, not to + myorigin, added envelope_recipient to masquerade_classes +- Bugfix Bugzilla ID#18297: %post touches main.cf and master.cf so it + may happen, that an update leaves .SuSEconfig files. + Remove /var/adm/SuSEconfig/md5/etc/postfix/main.cf and master.cf + in %post +- Bugfix Bugzilla ID#18301: sendmail and postfix have different + opinions on the usage of NULLCLIENT. Moved NULLCLIENT to + sysconfig.postfix.POSTFIX_NULLCLIENT +- added exim to Conflicts + +------------------------------------------------------------------- +Thu Aug 22 09:47:51 CEST 2002 - choeger@suse.de + +- wait for qmgr in the background for a maximum of 60 seconds + +------------------------------------------------------------------- +Wed Aug 21 17:07:39 CEST 2002 - choeger@suse.de + +- Bugfix for init-script: + wait for qmgr to be ready before calling postfix flush + +------------------------------------------------------------------- +Wed Aug 14 15:59:04 CEST 2002 - choeger@suse.de + +- added accidently removed line in master.cf for amavis, + Bugzilla ID#17732 + +------------------------------------------------------------------- +Tue Aug 13 10:08:47 CEST 2002 - choeger@suse.de + +- exclude .rpmsave and .rpmorig from /etc/aliases.d expansion + +------------------------------------------------------------------- +Wed Aug 7 11:55:55 CEST 2002 - choeger@suse.de + +- added netcfg to Prereq (/etc/aliases) + +------------------------------------------------------------------- +Tue Aug 6 11:28:56 CEST 2002 - choeger@suse.de + +- added pcre openldap2-client to prereq (Bugzilla ID#17447) + +------------------------------------------------------------------- +Mon Aug 5 16:38:49 CEST 2002 - choeger@suse.de + +- completed Prereq + +------------------------------------------------------------------- +Fri Jul 19 16:49:57 CEST 2002 - choeger@suse.de + +- Bugfix for the handling of POSTFIX_MASQUERADE_DOMAIN + and FROM_HEADER +- removed main.cf from SuSE.tar.gz +- added X-UnitedLinux-Should-Start: cyrus to init-script + +------------------------------------------------------------------- +Thu Jul 18 13:57:44 CEST 2002 - choeger@suse.de + +- set local as default MDA again + reason: postfix does not execute any external programs like procmail + with uid 0, so root mails will go to /var/mail/nobody, which + will confuse people +- remove setting of SUSE_RELEASE version in the (E)SMTP banner + +------------------------------------------------------------------- +Fri Jul 12 11:08:03 CEST 2002 - choeger@suse.de + +- removed /etc/aliases from filelist, it's now in netcfg + +------------------------------------------------------------------- +Thu Jul 11 14:16:25 CEST 2002 - choeger@suse.de + +- removed 'q' flag from vscan transport definition, because + current amavis versions have a rfc2821_mailbox_addr function +- remove old aliases.db files in %post +- do not use unset in %post + +------------------------------------------------------------------- +Mon Jul 8 15:14:00 CEST 2002 - choeger@suse.de + +- make procmail the default MDA + +------------------------------------------------------------------- +Fri Jul 5 17:11:03 CEST 2002 - choeger@suse.de + +- use %{_lib} macro to detect platforms with lib64 + directories + +------------------------------------------------------------------- +Fri Jul 5 16:34:38 CEST 2002 - choeger@suse.de + +- make chroot jail function lib64 aware + +------------------------------------------------------------------- +Thu Jul 4 13:53:40 CEST 2002 - uli@suse.de + +- fixed libnsl detection on lib64 systems + +------------------------------------------------------------------- +Thu Jul 4 10:34:26 CEST 2002 - choeger@suse.de + +- ldap_url_search_st is no longer available in OpenLDAP v2.1 + added a patch, that uses ldap_url_parse +- added new feature POSTFIX_MDA, Bugzilla ID#16720 + +------------------------------------------------------------------- +Fri Jun 7 13:34:09 CEST 2002 - choeger@suse.de + +- changed POSTFIX_BASIC_SPAM_PREVENTION. It can now be set to + either off(default), medium or hard +- cleaned up SuSEconfig.postfix +- prepared for /etc/aliases.d + +------------------------------------------------------------------- +Wed Jun 5 18:09:16 CEST 2002 - choeger@suse.de + +- new FEATURES: POSTFIX_RBL_HOSTS, POSTFIX_BASIC_SPAM_PREVENTION, + Bugzilla ID#16383 +- moved sample-*.cf files to %{_docdir}/postfix/samples + +------------------------------------------------------------------- +Wed Jun 5 11:14:29 CEST 2002 - choeger@suse.de + +- update to patchlevel 11, version 1.1.11 +- new FEATURE: POSTFIX_UPDATE_MAPS + +------------------------------------------------------------------- +Fri May 24 13:39:05 CEST 2002 - choeger@suse.de + +- update to patchlevel 10, version 1.1.10 +- create required users and groups in %pre install + +------------------------------------------------------------------- +Thu Apr 25 16:55:58 CEST 2002 - choeger@suse.de + +- removed provides of my own packagename... + +------------------------------------------------------------------- +Fri Apr 19 13:25:32 CEST 2002 - choeger@suse.de + +- Bugfix for README.SuSE: POSTFIX_CREATECF is now + MAIL_CREATE_CONFIG + +------------------------------------------------------------------- +Thu Apr 4 11:36:52 CEST 2002 - choeger@suse.de + +- update to patchlevel 7, version 1.1.7 +- introduced new feature POSTFIX_LAPTOP + +------------------------------------------------------------------- +Tue Mar 26 15:21:18 CET 2002 - choeger@suse.de + +- update to patchlevel 5, version 1.1.5 + +------------------------------------------------------------------- +Tue Mar 12 15:28:24 CET 2002 - choeger@suse.de + +- Bugfix: don't check whether POSTFIX_MASQUERADE_DOMAIN is empty + or not, because else we won't be able to clear it. + +------------------------------------------------------------------- +Thu Feb 28 10:21:36 CET 2002 - choeger@suse.de + +- added flags=q to amavis transport definition (link@suse.de): + [...] + If your postfix is older than snapshot 20010610, leave out the + "flags=q" part. However, amavis will not function properly with + envelope adresses that contain whitespace in the local-part. + This is quite rare, but has been observed a few times. + [...] + +------------------------------------------------------------------- +Mon Feb 25 13:58:05 CET 2002 - choeger@suse.de + +- update to version 1.1.4 (1.1, patchlevel 4) + Bugfix (excerpt from HISTORY): + .................................................................. + off-by-one error, causing a null byte to be + written outside dynamically allocated memory in + the queue manager with addresses of exactly 100 + bytes long, resulting in SIGSEGV on systems with + an "exact fit" malloc routine. + .................................................................. +- added new option SMTPD_LISTEN_REMOTE to /etc/sysconfig/mail + which has been introduced by the SuSE dist-team (excerpt): + .................................................................. + sendmail does have an option to listen only on the local port, + this should be the default. + A flag "SMTPD_LISTEN_REMOTE" in /etc/sysconfig/mail will be used + to decide if port 25 should be opened externally. + The sendmail package will send a mail to root explaining this + fact. sendmail updates will copy the value of START_SMTPD to this + new flag. + .................................................................. + As this is a totally different behaviour compared to old releases, + SMTPD_LISTEN_REMOTE will be set to "yes", if POSTFIX_CREATECF + (now MAIL_CREATE_CONFIG) had been set to "yes" before the update. + +------------------------------------------------------------------- +Thu Feb 21 12:39:55 CET 2002 - choeger@suse.de + +- fillup workaround + +------------------------------------------------------------------- +Thu Feb 21 11:23:52 CET 2002 - choeger@suse.de + +- hostname handling is still annoying + added some piece of code to SuSEconfig.postfix to + get a valid hostname + +------------------------------------------------------------------- +Mon Feb 18 16:03:40 CET 2002 - choeger@suse.de + +- %postinst cleanup: + . use rename_sysconfig_variable macro + . use remove_and_set macro + instead of directly calling fillup + +------------------------------------------------------------------- +Wed Feb 13 17:27:37 CET 2002 - choeger@suse.de + +- FQHOSTNAME has been removed from /etc/sysconfig/network/config + and is now set in /etc/HOSTNAME, which wasn't FQ in the past. + *Please, don't change it again* +- if POSTFIX_LOCALDOMAINS is set, do not append + "$myhostname, localhost.$mydomain" anymore + +------------------------------------------------------------------- +Tue Feb 12 16:31:14 CET 2002 - choeger@suse.de + +- Also take care of the localhost:10025 mailer definition when + setting up chroot options + +------------------------------------------------------------------- +Mon Feb 11 09:27:47 CET 2002 - choeger@suse.de + +- Do not set myorigin to FROM_HEADER + +------------------------------------------------------------------- +Thu Feb 7 10:10:55 CET 2002 - choeger@suse.de + +- Bugfix(SuSEconfig.postfix): typo in path to /etc/sysconfig/amavis + +------------------------------------------------------------------- +Mon Feb 4 11:25:51 CET 2002 - choeger@suse.de + +- SuSEconfig.postfix enhancement: get hostname from hostname -f + Bugfix: get FQHOSTNAME from /etc/sysconfig/network/config +- added -y to fillup_and_insserv to create startlinks + after installation +- changed company name to SuSE Linux AG in copyright headers + +------------------------------------------------------------------- +Mon Feb 4 09:44:45 CET 2002 - choeger@suse.de + +- update to postfix 1.1.3 and tls extensions 0.8.3 + minor bugfixes + http://groups.yahoo.com/group/postfix-users/message/52953 + +------------------------------------------------------------------- +Fri Feb 1 20:37:27 CET 2002 - choeger@suse.de + +- Bugfix: Forgot to assign a name to TMPDIR in SuSEconfig.postfix + +------------------------------------------------------------------- +Fri Feb 1 11:43:17 CET 2002 - choeger@suse.de + +- added resolve_local_panic.patch + http://groups.yahoo.com/group/postfix-users/message/52746 + +------------------------------------------------------------------- +Wed Jan 30 15:44:10 CET 2002 - choeger@suse.de + +- update of tls extensions to 0.8.2 + +------------------------------------------------------------------- +Mon Jan 28 15:00:07 CET 2002 - choeger@suse.de + +- update to version 1.1.2 +- sysconfig.mail changes + +------------------------------------------------------------------- +Tue Jan 22 12:08:43 CET 2002 - choeger@suse.de + +- renamed cleanup.fillup to sysconfig.postfix.cleanup +- added postqueue patch, see + http://groups.yahoo.com/group/postfix-users/message/51611 + for more details + +------------------------------------------------------------------- +Mon Jan 21 14:56:39 CET 2002 - choeger@suse.de + +- update to official release version 1.1.0 +- moved some stuff to /etc/sysconfig/mail +- cleaned up /etc/rc.config access +- added some safety checks to SuSEconfig.postfix + +------------------------------------------------------------------- +Wed Jan 16 16:58:53 CET 2002 - choeger@suse.de + +- update to version 20020115 (release candidate for Postfix + official release version 1.1) + +------------------------------------------------------------------- +Tue Jan 15 16:20:13 CET 2002 - choeger@suse.de + +- some improvements to SuSEconfig.postfix + +------------------------------------------------------------------- +Fri Jan 11 17:52:25 CET 2002 - choeger@suse.de + +- updated to version 20020107 +- added postinstall section to update from previous versions + of postfix + +------------------------------------------------------------------- +Tue Jan 8 20:11:07 CET 2002 - egmont@suselinux.hu + +- Changed /sbin/init.d to /etc/init.d in init script comment + +------------------------------------------------------------------- +Mon Jan 7 15:01:16 CET 2002 - choeger@suse.de + +- added sender_canonical_maps to SuSEconfig.postfix to let + the new YaST2 module setup this map similar to sendmails + genericstable + +------------------------------------------------------------------- +Thu Jan 3 13:51:45 CET 2002 - kukuk@suse.de + +- SuSEconfig.postfix shell script is no config file [Bug #12712] + +------------------------------------------------------------------- +Wed Dec 19 15:26:20 CET 2001 - choeger@suse.de + +- Made initscript more LSB compliant (status codes) +- Bugfix for Bugzilla ID#12672 (improve explanation + of POSTFIX_LOCALDOMAINS) +- robustness enhancement for SuSEconfig.postfix + +------------------------------------------------------------------- +Fri Dec 14 15:42:31 CET 2001 - choeger@suse.de + +- typo in specfile (master.cf installed as main.cf) + +------------------------------------------------------------------- +Thu Dec 13 11:25:44 CET 2001 - choeger@suse.de + +- update to version 20011210 +- some changes to SuSEconfig.postfix: + . added POSTFIX_UPDATE_CHROOT_JAIL variable, see README.SuSE + . some cleanups for chroot jail + . little bugfixes + +------------------------------------------------------------------- +Thu Dec 13 01:16:57 CET 2001 - ro@suse.de + +- moved rc.config.d -> sysconfig + +------------------------------------------------------------------- +Wed Nov 28 18:36:10 CET 2001 - choeger@suse.de + +- update to version 20011127 +- some changes to SuSEconfig.postfix: + . added more robustness (Jehova) + . do not chown -R postfix to /var/spool/postfix + . query for package cyrus-sasl instead of sasl + +------------------------------------------------------------------- +Tue Nov 20 16:13:00 CET 2001 - choeger@suse.de + +- update to version 20011115 + Bugfix for a memory exhaustion bug in smtpd + see http://groups.yahoo.com/group/postfix-users/message/46597 +- remove START_ variable + +------------------------------------------------------------------- +Fri Nov 9 14:54:24 CET 2001 - choeger@suse.de + +- some changes to specfile (thanks to Simon J Mudd from whom + I copied some code) + +------------------------------------------------------------------- +Tue Nov 6 15:19:18 CET 2001 - choeger@suse.de + +- fix some SuSEconfig.postfix bugs: + . master.cf chroot column can also contain '-' + . don't do anything if POSTFIX_CREATECF != yes + +------------------------------------------------------------------- +Fri Oct 26 13:11:17 CEST 2001 - choeger@suse.de + +- update to most recent snapshot version 20011008 + +------------------------------------------------------------------- +Thu Oct 25 14:36:47 CEST 2001 - choeger@suse.de + +- update to pl05 + +------------------------------------------------------------------- +Fri Oct 19 12:53:44 CEST 2001 - choeger@suse.de + +- Bugfix, Bugzilla ID#11914 + +------------------------------------------------------------------- +Wed Sep 26 09:33:34 CEST 2001 - choeger@suse.de + +- ALWAYS create master.cf, even is POSTFIX_CREATECF is set + to no, because else chroot mode may not work, Bugzilla ID#11359 + +------------------------------------------------------------------- +Thu Sep 13 14:34:06 CEST 2001 - choeger@suse.de + +- removed an obsolete echo in start section of init-script + +------------------------------------------------------------------- +Thu Sep 6 13:48:29 CEST 2001 - choeger@suse.de + +- Bugfix in init-script: redirect output of postfix start + to dev/null and do not use startproc to start postfix + +------------------------------------------------------------------- +Tue Sep 4 18:09:43 CEST 2001 - choeger@suse.de + +- update to tls-extensions v0.7.9 + see http://groups.yahoo.com/group/postfix-users/message/41094 + for details + +------------------------------------------------------------------- +Fri Aug 31 13:54:02 CEST 2001 - choeger@suse.de + +- update of tls-extensions to 0.7.8 +- update of postfix to pl04 +- Bugfix: - check if postfix spool is set up before starting postfix + - start postfix with postfix start, because postfix-script + wouldn't be executed, else. + +------------------------------------------------------------------- +Tue Jul 10 14:34:17 CEST 2001 - choeger@suse.de + +- update of tls-extensions to 0.7.3 + +------------------------------------------------------------------- +Thu Jun 28 13:06:47 CEST 2001 - choeger@suse.de + +- bugfix: remove libs from chroot jail, that are no longer + valid, Bugzilla ID#9133 +- bugfix: init script was not LSB compliant, Bugzilla ID#9063 + +------------------------------------------------------------------- +Fri Jun 15 09:44:49 CEST 2001 - choeger@suse.de + +- added cyrus to require start in init-script +- "bugfix": bootstrap problem cyrus-imapd <-> postfix: + cyrus-imapd must run before postfix, but fails to create + lmtp socket, because /var/spool/postfix/public directory + isn't present. FIX: add it to filelist + +------------------------------------------------------------------- +Wed Jun 13 15:08:33 CEST 2001 - choeger@suse.de + +- install postrop with special SGID modes + +------------------------------------------------------------------- +Tue Jun 12 13:29:36 CEST 2001 - choeger@suse.de + +- improved SuSEconfig.postfix + - better main.cf handling + - new feature: chroot or not chroot + +------------------------------------------------------------------- +Mon May 28 09:36:49 CEST 2001 - choeger@suse.de + +- major bugfix: memory leak in the LDAP client module +- minor bugfixes + +------------------------------------------------------------------- +Wed May 9 20:15:27 CEST 2001 - mfabian@suse.de + +- bzip2 sources + +------------------------------------------------------------------- +Wed May 2 09:44:29 CEST 2001 - choeger@suse.de + +- updated to pl02, bugfixrelease + +------------------------------------------------------------------- +Mon Apr 30 11:41:35 CEST 2001 - choeger@suse.de + +- Bugfix for SuSEconfig.postfix: + Handling of TIMEZONE variable if set to unappropriate or no + value +- Improvement: Warnings are printed out in bold + +------------------------------------------------------------------- +Tue Apr 17 16:28:41 CEST 2001 - kukuk@suse.de + +- Don't use a RPM macro for version number + +------------------------------------------------------------------- +Fri Mar 30 10:08:15 CEST 2001 - choeger@suse.de + +- update to pl01, bugfixrelease + +------------------------------------------------------------------- +Tue Mar 27 13:16:45 CEST 2001 - choeger@suse.de + +- added libcrack to chroot jail, because + it is needed by pam_pwcheck + +------------------------------------------------------------------- +Thu Mar 15 01:08:35 CET 2001 - ro@suse.de + +- fixed neededforbuild for openldap + +------------------------------------------------------------------- +Mon Mar 5 11:49:48 CET 2001 - choeger@suse.de + +- first non-beta of the next postfix generation +- v20010228 + +------------------------------------------------------------------- +Tue Feb 27 11:22:24 CET 2001 - ro@suse.de + +- added cyrus-sasl-devel to neededforbuild + +------------------------------------------------------------------- +Tue Feb 27 09:51:56 CET 2001 - choeger@suse.de + +- new version, 20010225 +- removed notification message + +------------------------------------------------------------------- +Tue Feb 20 14:16:30 CET 2001 - choeger@suse.de + +- bugfix: wrong permissions for maildrop directory + +------------------------------------------------------------------- +Wed Jan 31 10:53:04 CET 2001 - choeger@suse.de + +- update to version 20010128 +- now linked against ldaplib2 + +------------------------------------------------------------------- +Fri Jan 5 14:25:11 CET 2001 - choeger@suse.de + +- bugfix: maildrop must be owned by postfix.root + +------------------------------------------------------------------- +Mon Dec 18 14:47:53 CET 2000 - choeger@suse.de + +- update to version 20001212 +- bugfix: insserv +- bugfix: missed openssl in neededforbuilt +- renamed to postfix, because a non-crypto version + is no longer needed + +------------------------------------------------------------------- +Wed Dec 13 15:52:43 CET 2000 - choeger@suse.de + +- Bugfix: postfix-script was not executable + +------------------------------------------------------------------- +Tue Dec 12 15:13:40 CET 2000 - choeger@suse.de + +- Bugfixes: + Provides in initscript + Use /bin/bash in SuSEconfig.postfix +- Update to version 20001210 + +------------------------------------------------------------------- +Thu Nov 30 08:35:09 CET 2000 - ro@suse.de + +- startscript sbin -> etc + +------------------------------------------------------------------- +Thu Nov 23 09:55:37 CET 2000 - choeger@suse.de + +- new version +- fix for neededforbuild +- fix for master.cf + +------------------------------------------------------------------- +Wed Nov 22 13:06:54 CET 2000 - choeger@suse.de + +- adopted to new init scheme + +------------------------------------------------------------------- +Wed Nov 15 16:13:12 CET 2000 - choeger@suse.de + +- fixed neededforbuild + +------------------------------------------------------------------- +Tue Nov 14 15:19:40 CET 2000 - choeger@suse.de + +- update to version 20001030 + +------------------------------------------------------------------- +Thu Nov 9 17:14:48 CET 2000 - choeger@suse.de + +- long packagename +- added rpm buildroot + +------------------------------------------------------------------- +Wed Nov 8 15:59:41 CET 2000 - uli@suse.de + +- fixed neededforbuild + +------------------------------------------------------------------- +Fri Nov 3 18:12:57 CET 2000 - bk@suse.de + +- src/util/dict_ldap.c:dict_ldap_lookup(): fix missing **-termination. + +------------------------------------------------------------------- +Tue Oct 24 17:28:06 CEST 2000 - fober@suse.de + +- s390,ppc: added -fsigned-char compiler option, to fix obscure segfaults. + (code is not signed/unsigned-char-clean) + +------------------------------------------------------------------- +Thu Oct 12 18:24:54 CEST 2000 - choeger@suse.de + +- yet another SuSEconfig.postfix bug (incorrect link) + +------------------------------------------------------------------- +Wed Oct 11 16:47:35 CEST 2000 - choeger@suse.de + +- bugfix for SuSEconfig.postfix + +------------------------------------------------------------------- +Mon Oct 9 13:54:13 CEST 2000 - choeger@suse.de + +- bugfix: missed to install new flush service + +------------------------------------------------------------------- +Mon Oct 9 11:48:39 CEST 2000 - choeger@suse.de + +- inititial revision of pfixtls diff --git a/postfix-bdb.spec b/postfix-bdb.spec new file mode 100644 index 0000000..26ced5a --- /dev/null +++ b/postfix-bdb.spec @@ -0,0 +1,583 @@ +# +# spec file for package postfix-bdb +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define pf_docdir %{_docdir}/postfix-doc +%define pf_config_directory %{_sysconfdir}/postfix +%define pf_daemon_directory %{_prefix}/lib/postfix/bin/ +%define _libexecdir %{_prefix}/lib +%define pf_shlib_directory %{_prefix}/lib/postfix +%define pf_command_directory %{_sbindir} +%define pf_queue_directory var/spool/postfix +%define pf_sendmail_path %{_sbindir}/sendmail +%define pf_newaliases_path %{_bindir}/newaliases +%define pf_mailq_path %{_bindir}/mailq +%define pf_setgid_group maildrop +%define pf_readme_directory %{_docdir}/postfix-doc/README_FILES +%define pf_html_directory %{_docdir}/postfix-doc/html +%define pf_sample_directory %{_docdir}/postfix-doc/samples +%define pf_data_directory %{_localstatedir}/lib/postfix +%if 0%{?suse_version} < 1330 +%define pf_uid 51 +%define pf_gid 51 +%define maildrop_gid 59 +%define vmusr vmail +%define vmgid 303 +%define vmid 303 +%define vmdir /srv/maildirs +%endif +%define mail_group mail +%define conf_backup_dir %{_localstatedir}/adm/backup/postfix +%define unitdir %{_prefix}/lib/systemd +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir %{_localstatedir}/adm/fillup-templates +%endif +%if 0%{?suse_version} >= 1320 || ( 0%{?suse_version} == 1315 && 0%{?is_opensuse} ) +%bcond_without lmdb +%else +%bcond_with lmdb +%endif +%if 0%{?suse_version} >= 1320 && 0%{?suse_version} < 1599 +%bcond_without libnsl +%else +%bcond_with libnsl +%endif +%bcond_without ldap +Name: postfix-bdb +Version: 3.9.0 +Release: 0 +Summary: A fast, secure, and flexible mailer +License: EPL-2.0 OR IPL-1.0 +Group: Productivity/Networking/Email/Servers +URL: http://www.postfix.org +Source0: https://de.postfix.org/ftpmirror/official/postfix-%{version}.tar.gz +Source1: https://de.postfix.org/ftpmirror/official/postfix-%{version}.tar.gz.gpg2#/postfix-%{version}.tar.gz.asc +Source2: postfix-SUSE.tar.gz +Source3: postfix-mysql.tar.bz2 +#Source4: http://cdn.postfix.johnriley.me/mirrors/postfix-release/wietse.pgp#/postfix.keyring +Source4: postfix.keyring +Source10: postfix-rpmlintrc +Source11: check_mail_queue +Source12: postfix-user.conf +Source13: postfix-vmail-user.conf +Patch1: postfix-no-md5.patch +Patch2: pointer_to_literals.patch +Patch3: ipv6_disabled.patch +Patch4: postfix-bdb-main.cf.patch +Patch5: postfix-master.cf.patch +Patch6: postfix-linux45.patch +Patch7: postfix-ssl-release-buffers.patch +Patch8: postfix-vda-v14-3.0.3.patch +Patch9: fix-postfix-script.patch +Patch10: postfix-avoid-infinit-loop-if-no-permission.patch +BuildRequires: ca-certificates +BuildRequires: cyrus-sasl-devel +BuildRequires: db-devel +BuildRequires: diffutils +BuildRequires: fdupes +BuildRequires: libicu-devel +BuildRequires: libopenssl-devel >= 1.1.1 +BuildRequires: m4 +BuildRequires: mysql-devel +%if %{with ldap} +BuildRequires: openldap2-devel +%endif +BuildRequires: pcre2-devel +BuildRequires: pkgconfig +BuildRequires: postgresql-devel +BuildRequires: shadow +BuildRequires: zlib-devel +BuildRequires: pkgconfig(systemd) +Requires: iproute2 +Requires(post): permissions +Requires(pre): %fillup_prereq +Requires(pre): permissions +Conflicts: exim +Conflicts: postfix +Conflicts: sendmail +Provides: smtp_daemon +%{?systemd_ordering} +%if %{with lmdb} +BuildRequires: lmdb-devel +%endif +%if %{with libnsl} +BuildRequires: libnsl-devel +%endif +%if 0%{?suse_version} >= 1330 +BuildRequires: sysuser-tools +Requires(pre): user(nobody) +Requires(pre): group(%{mail_group}) +%sysusers_requires +%else +Requires(pre): shadow +%endif +# /usr/lib/postfix/bin//postfix-script: line 400: cmp: command not found +Requires: /usr/bin/cmp +# /usr/lib/postfix/bin//post-install: line 667: ed: command not found +Requires(pre): ed +Requires(preun): ed +Requires(post): ed +Requires(postun): ed +# /usr/sbin/config.postfix needs perl +Requires(pre): perl +Requires(preun): perl +Requires(post): perl +Requires(postun): perl + +%description +Postfix aims to be an alternative to the widely-used sendmail program with bdb support + +%if %{with lmdb} +%package lmdb +Summary: Postfix plugin to support LMDB maps +Group: Productivity/Networking/Email/Servers +Requires(pre): postfix-bdb = %{version} +Conflicts: postfix +Provides: postfix-lmdb = %{version}-%{release} +Obsoletes: postfix-lmdb < %{version}-%{release} +Conflicts: postfix-lmdb < %{version}-%{release} + +%description lmdb +Postfix plugin to support LMDB maps. This library will be loaded +by starting postfix if you'll access a postmap which is stored in +lmdb. +%endif + +%prep +%setup -q -n postfix-%{version} -a 2 -a 3 +%autopatch -p0 + +# --------------------------------------------------------------------------- + +%build +unset AUXLIBS AUXLIBS_LDAP AUXLIBS_PCRE AUXLIBS_MYSQL AUXLIBS_PGSQL AUXLIBS_SQLITE AUXLIBS_CDB + +export CCARGS="${CCARGS} %{optflags} -fcommon -Wno-comments -Wno-missing-braces -fPIC" +%ifarch s390 s390x ppc +export CCARGS="${CCARGS} -fsigned-char" +%endif +# +if pkg-config openssl ; then + export CCARGS="${CCARGS} -DUSE_TLS $(pkg-config --cflags openssl)" + export AUXLIBS="$AUXLIBS $(pkg-config --libs openssl)" +else + export CCARGS="${CCARGS} -DUSE_TLS" + export AUXLIBS="${AUXLIBS} -lssl -lcrypto" +fi +# +%if %{without libnsl} +export CCARGS="${CCARGS} -DNO_NIS" +%endif +# +%if %{with ldap} +export CCARGS="${CCARGS} -DHAS_LDAP -DLDAP_DEPRECATED=1 -DUSE_LDAP_SASL" +export AUXLIBS_LDAP="-lldap -llber" +%endif +# +export CCARGS="${CCARGS} -DHAS_PCRE=2" +export AUXLIBS_PCRE="-lpcre2-8" +# +export CCARGS="${CCARGS} -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I%{_includedir}/sasl" +if pkg-config libsasl2 ; then + export AUXLIBS="$AUXLIBS $(pkg-config --libs libsasl2)" +else + export AUXLIBS="$AUXLIBS -lsasl2" +fi +# +export CCARGS="${CCARGS} -DHAS_MYSQL $(mysql_config --cflags)" +export AUXLIBS_MYSQL="$(mysql_config --libs)" +# +if pkg-config --exists libpq ; then + export CCARGS="${CCARGS} -DHAS_PGSQL $(pkg-config libpq --cflags)" + export AUXLIBS_PGSQL="$(pkg-config libpq --libs)" +else + export CCARGS="${CCARGS} -DHAS_PGSQL -I$(pg_config --includedir)" + export AUXLIBS_PGSQL="-lpq" +fi +# +%if %{with lmdb} +export CCARGS="${CCARGS} -DHAS_LMDB -I/usr/local/include" \ +export AUXLIBS_LMDB="-llmdb" +%endif +# +# TODO +#export AUXLIBS_SQLITE +#export AUXLIBS_CDB +#export AUXLIBS_SDBM + +export PIE=-pie +# using SHLIB_RPATH to specify unrelated linker flags, because LDFLAGS is +# ignored +make makefiles pie=yes shared=yes dynamicmaps=yes \ + shlib_directory=%{_prefix}/lib/postfix \ + meta_directory=%{_prefix}/lib/postfix \ + config_directory=%{pf_config_directory} \ + daemon_directory=%{pf_daemon_directory} \ + command_directory=%{pf_command_directory} \ + queue_directory=/%{pf_queue_directory} \ + sendmail_path=%{pf_sendmail_path} \ + newaliases_path=%{pf_newaliases_path} \ + mailq_path=%{pf_mailq_path} \ + manpage_directory=%{_mandir} \ + setgid_group=%{pf_setgid_group} \ + readme_directory=%{pf_readme_directory} \ + data_directory=%{pf_data_directory} \ + SHLIB_RPATH="-Wl,-rpath,%{pf_shlib_directory} -Wl,-z,relro,-z,now" +make %{?_smp_mflags} +%if 0%{?suse_version} >= 1330 +# Create postfix user +%sysusers_generate_pre %{SOURCE12} postfix postfix-user.conf +%sysusers_generate_pre %{SOURCE13} vmail postfix-vmail-user.conf +%endif +# --------------------------------------------------------------------------- + +%install +mkdir -p %{buildroot}/%{_libdir} +mkdir -p %{buildroot}%{_sysconfdir}/postfix +cp conf/* %{buildroot}%{_sysconfdir}/postfix +# create our default postfix ssl DIR (/etc/postfix/ssl) +mkdir -p %{buildroot}%{_sysconfdir}/postfix/ssl/certs +# link cacerts to /etc/ssl/certs +ln -sf ../../ssl/certs %{buildroot}%{_sysconfdir}/postfix/ssl/cacerts +cp lib/libpostfix-* %{buildroot}/%{_libdir} +export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:%{buildroot}/%{_libdir} +sh postfix-install -non-interactive \ + install_root=%{buildroot} \ + config_directory=%{pf_config_directory} \ + daemon_directory=%{pf_daemon_directory} \ + command_directory=%{pf_command_directory} \ + queue_directory=/%{pf_queue_directory} \ + sendmail_path=%{pf_sendmail_path} \ + newaliases_path=%{pf_newaliases_path} \ + mailq_path=%{pf_mailq_path} \ + manpage_directory=%{_mandir} \ + setgid_group=%{pf_setgid_group} \ + readme_directory=%{pf_readme_directory} \ + data_directory=%{pf_data_directory} +ln -sf ../sbin/sendmail %{buildroot}%{_libexecdir}/sendmail +for i in qmqp-source smtp-sink smtp-source; do + install -m 755 bin/$i %{buildroot}%{_sbindir}/$i +done +mkdir -p %{buildroot}/sbin/conf.d +mkdir -p %{buildroot}%{_sysconfdir}/permissions.d +mkdir -p %{buildroot}/%{_libdir}/sasl2 +mkdir -p %{buildroot}%{_sbindir} +mkdir -p %{buildroot}/%{conf_backup_dir} +mkdir -p %{buildroot}/%{pf_sample_directory} +mkdir -p %{buildroot}/%{pf_html_directory} +mkdir -p %{buildroot}%{_includedir}/postfix +mkdir -p %{buildroot}%{_sysconfdir}/pam.d +mkdir -p %{buildroot}/var/spool/mail +ln -s spool/mail %{buildroot}/var/mail +install -m 644 postfix-SUSE/smtp %{buildroot}%{_sysconfdir}/pam.d/smtp +mkdir -p %{buildroot}%{_fillupdir} +sed -e 's;@lib@;%{_lib};g' postfix-SUSE/sysconfig.postfix > %{buildroot}%{_fillupdir}/sysconfig.postfix +install -m 644 postfix-SUSE/sysconfig.mail-postfix %{buildroot}%{_fillupdir}/sysconfig.mail-postfix +sed -e 's;@lib@;%{_lib};g' \ + -e 's;@conf_backup_dir@;%{conf_backup_dir};' \ + -e 's;@daemon_directory@;%{pf_daemon_directory};' \ + -e 's;@readme_directory@;%{pf_readme_directory};' \ + -e 's;@html_directory@;%{pf_html_directory};' \ + -e 's;@sendmail_path@;%{pf_sendmail_path};' \ + -e 's;@setgid_group@;%{pf_setgid_group};' \ + -e 's;@manpage_directory@;%{_mandir};' \ + -e 's;@newaliases_path@;%{pf_newaliases_path};' \ + -e 's;@sample_directory@;%{pf_sample_directory};' \ + -e 's;@mailq_path@;%{pf_mailq_path};' postfix-SUSE/config.postfix > %{buildroot}%{_sbindir}/config.postfix +chmod 755 %{buildroot}%{_sbindir}/config.postfix +install -m 644 postfix-SUSE/dynamicmaps.cf %{buildroot}%{_sysconfdir}/postfix/dynamicmaps.cf +install -m 644 postfix-SUSE/ldap_aliases.cf %{buildroot}%{_sysconfdir}/postfix/ldap_aliases.cf +install -m 644 postfix-SUSE/helo_access %{buildroot}%{_sysconfdir}/postfix/helo_access +install -m 644 postfix-SUSE/permissions %{buildroot}%{_sysconfdir}/permissions.d/postfix +install -m 644 postfix-SUSE/sender_canonical %{buildroot}%{_sysconfdir}/postfix/sender_canonical +install -m 644 postfix-SUSE/relay %{buildroot}%{_sysconfdir}/postfix/relay +install -m 644 postfix-SUSE/relay_ccerts %{buildroot}%{_sysconfdir}/postfix/relay_ccerts +install -m 600 postfix-SUSE/sasl_passwd %{buildroot}%{_sysconfdir}/postfix/sasl_passwd +mkdir -p %{buildroot}%{_sysconfdir}/sasl2 +install -m 600 postfix-SUSE/smtpd.conf %{buildroot}%{_sysconfdir}/sasl2/smtpd.conf +install -m 644 postfix-SUSE/openssl_postfix.conf.in %{buildroot}%{_sysconfdir}/postfix/openssl_postfix.conf.in +install -m 755 postfix-SUSE/mkpostfixcert %{buildroot}%{_sbindir}/mkpostfixcert +{ +cat< %{buildroot}%{_sysconfdir}/postfix/main.cf +%{buildroot}%{_sbindir}/postconf -c %{buildroot}%{_sysconfdir}/postfix \ + -e "manpage_directory = %{_mandir}" \ + "setgid_group = %{pf_setgid_group}" \ + "mailq_path = %{pf_mailq_path}" \ + "newaliases_path = %{pf_newaliases_path}" \ + "sendmail_path = %{pf_sendmail_path}" \ + "readme_directory = %{pf_readme_directory}" \ + "html_directory = %{pf_html_directory}" \ + "sample_directory = %{pf_sample_directory}" \ + "daemon_directory = %{pf_daemon_directory}" \ + "smtpd_helo_required = yes" \ + "smtpd_delay_reject = yes" \ + "disable_vrfy_command = yes" \ + 'smtpd_banner = $myhostname ESMTP' +#Set Permissions +install -m 644 postfix-SUSE/postfix-files %{buildroot}%{pf_shlib_directory}/postfix-files +# create paranoid permissions file +printf '%%-38s %%-18s %%s\n' %{_sbindir}/postdrop "root.%{pf_setgid_group}" "0755" >> %{buildroot}%{_sysconfdir}/permissions.d/postfix.paranoid +printf '%%-38s %%-18s %%s\n' %{_sbindir}/postqueue "root.%{pf_setgid_group}" "0755" >> %{buildroot}%{_sysconfdir}/permissions.d/postfix.paranoid +install -m 644 include/*.h %{buildroot}%{_includedir}/postfix/ +# some rpmlint stuff +# remove unneeded examples/chroot-setup +for example in AIX42 BSDI* F* HPUX* IRIX* NETBSD1 NEXTSTEP3 OPENSTEP4 OSF1 Solaris*; do + rm examples/chroot-setup/${example} +done +cp -a examples/* %{buildroot}%{pf_sample_directory} +cp -a html/* %{buildroot}%{pf_html_directory} +cp -a auxiliary %{buildroot}%{pf_docdir} +rm %{buildroot}%{pf_docdir}/README_FILES/INSTALL +rm -r %{buildroot}%{pf_docdir}/auxiliary/qshape +install -p auxiliary/qshape/qshape.pl %{buildroot}%{_sbindir}/qshape +mantools/srctoman - auxiliary/qshape/qshape.pl > %{buildroot}%{_mandir}/man1/qshape.1 +# Fix build for Leap 42.3. +rm -f %{buildroot}%{_sysconfdir}/postfix/*.orig +mkdir -p %{buildroot}%{_unitdir} +mkdir -p %{buildroot}%{pf_shlib_directory}/systemd +install -m 0644 postfix-SUSE/postfix.service %{buildroot}%{_unitdir}/postfix.service +install -m 0755 postfix-SUSE/config_postfix.systemd %{buildroot}%{pf_shlib_directory}/systemd/config_postfix +install -m 0755 postfix-SUSE/update_chroot.systemd %{buildroot}%{pf_shlib_directory}/systemd/update_chroot +install -m 0755 postfix-SUSE/update_postmaps.systemd %{buildroot}%{pf_shlib_directory}/systemd/update_postmaps +install -m 0755 postfix-SUSE/wait_qmgr.systemd %{buildroot}%{pf_shlib_directory}/systemd/wait_qmgr +install -m 0755 postfix-SUSE/cond_slp.systemd %{buildroot}%{pf_shlib_directory}/systemd/cond_slp +%if 0%{?suse_version} < 1599 +ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rcpostfix +%endif +%fdupes %{buildroot}%{pf_docdir} +%fdupes %{buildroot}%{_mandir} +for path in %{buildroot}%{pf_shlib_directory}/libpostfix-*.so +do + test -e "$path" || continue + name=${path##*/} + cmp "$path" %{buildroot}%{_libdir}/$name || continue + rm -vf $path + ln -sf %{_libdir}/$name $path +done +# --------------------------------------------------------------------------- +install -m 755 %{SOURCE11} %{buildroot}%{_sbindir}/ +%if 0%{?suse_version} >= 1330 +mkdir -p %{buildroot}%{_sysusersdir} +install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/ +install -m 644 %{SOURCE13} %{buildroot}%{_sysusersdir}/ +%endif + +#Clean up for postfix-bdb +rm -rf %{buildroot}/etc/postfix/ldap_aliases.cf +rm -rf %{buildroot}/usr/lib/debug/usr/lib/postfix/postfix-ldap.so-3.5.8-2.11.1.x86_64.debug +rm -rf %{buildroot}/usr/lib/debug/usr/lib/postfix/postfix-mysql.so-3.5.8-2.11.1.x86_64.debug +rm -rf %{buildroot}/usr/lib/debug/usr/lib/postfix/postfix-pgsql.so-3.5.8-2.11.1.x86_64.debug +rm -rf %{buildroot}/usr/lib/postfix/postfix-ldap.so +rm -rf %{buildroot}/usr/lib/postfix/postfix-mysql.so +rm -rf %{buildroot}/usr/lib/postfix/postfix-pgsql.so +rm -rf %{buildroot}/usr/lib/sysusers.d/postfix-vmail-user.conf +rm -rf %{buildroot}/usr/share/doc/packages/postfix-doc/ +rm -rf %{buildroot}/%{_includedir}/postfix/ + +%if 0%{?suse_version} >= 1330 +%pre -f postfix.pre +%else + +%pre +getent group postfix >/dev/null || groupadd -g %{pf_gid} -o -r postfix +getent group maildrop >/dev/null || groupadd -g %{maildrop_gid} -o -r maildrop +getent passwd postfix >/dev/null || useradd -r -o -g postfix -u %{pf_uid} -s /bin/false -c "Postfix Daemon" -d /%{pf_queue_directory} postfix +usermod -a -G %{maildrop_gid},%{mail_group} postfix +%endif + +%service_add_pre postfix.service + +VERSIONTEST=$(test -x usr/sbin/postconf && usr/sbin/postconf proxy_read_maps 2>/dev/null || :) +if [ -z "$VERSIONTEST" -a -f %{pf_queue_directory}/pid/master.pid ]; then + if checkproc -p %{pf_queue_directory}/pid/master.pid usr/lib/postfix/master; then + echo "postfix is still running. You have to stop postfix in order to" + echo "install a newer version." + exit 1 + fi +fi +# --------------------------------------------------------------------------- + +%preun +%stop_on_removal postfix +%service_del_preun postfix.service +# --------------------------------------------------------------------------- + +%post +# We never have to run suseconfig for postfix after installation +# We only start postfix own upgrade-configuration by update +if [ ${1:-0} -gt 1 ]; then + touch %{_localstatedir}/adm/postfix.configured + echo "Executing upgrade-configuration." + %{_sbindir}/postfix set-permissions upgrade-configuration setgid_group=%{pf_setgid_group} || : + if [ "$(%{_sbindir}/postconf -h daemon_directory)" != "%{pf_daemon_directory}" ]; then + %{_sbindir}/postconf daemon_directory=%{pf_daemon_directory} + fi +fi + +%service_add_post postfix.service + +%set_permissions %{_sbindir}/postdrop +%set_permissions %{_sbindir}/postlog +%set_permissions %{_sbindir}/postqueue +%set_permissions %{_sysconfdir}/postfix/sasl_passwd +%set_permissions %{_sbindir}/sendmail + +%{fillup_only postfix} +%{fillup_only -an mail} +/sbin/ldconfig + +%verifyscript +%verify_permissions -e %{_sbindir}/postdrop +%verify_permissions -e %{_sbindir}/postlog +%verify_permissions -e %{_sbindir}/postqueue +%verify_permissions -e %{_sysconfdir}/postfix/sasl_passwd +%verify_permissions -e %{_sbindir}/sendmail + +%postun +%service_del_postun postfix.service +/sbin/ldconfig + +# --------------------------------------------------------------------------- + +%files +%license LICENSE TLS_LICENSE +%doc RELEASE_NOTES +%config %{_sysconfdir}/pam.d/* +%{_fillupdir}/sysconfig.postfix +%{_fillupdir}/sysconfig.mail-postfix +%{_sbindir}/config.postfix +%dir %{_sysconfdir}/postfix +%config %{_sysconfdir}/postfix/main.cf.default +%config(noreplace) %{_sysconfdir}/postfix/[^mysql]*[^mysql] +%config(noreplace) %{_sysconfdir}/postfix/access +%config(noreplace) %{_sysconfdir}/postfix/aliases +%config(noreplace) %{_sysconfdir}/postfix/canonical +%config(noreplace) %{_sysconfdir}/postfix/header_checks +%config(noreplace) %{_sysconfdir}/postfix/helo_access +%config(noreplace) %{_sysconfdir}/postfix/main.cf +%config(noreplace) %{_sysconfdir}/postfix/master.cf +%attr(0750,root,root) %config %{_sysconfdir}/postfix/post-install +%attr(0750,root,root) %config %{_sysconfdir}/postfix/postfix-tls-script +%attr(0750,root,root) %config %{_sysconfdir}/postfix/postfix-wrapper +%attr(0750,root,root) %config %{_sysconfdir}/postfix/postmulti-script +%config(noreplace) %{_sysconfdir}/postfix/postfix-files +%config(noreplace) %{_sysconfdir}/postfix/relay +%config(noreplace) %{_sysconfdir}/postfix/relay_ccerts +%config(noreplace) %{_sysconfdir}/postfix/sasl_passwd +%config(noreplace) %{_sysconfdir}/postfix/sender_canonical +%config(noreplace) %{_sysconfdir}/postfix/virtual + +%dir %{_sysconfdir}/sasl2 +%config(noreplace) %{_sysconfdir}/sasl2/smtpd.conf +%config %{_sysconfdir}/postfix/LICENSE +%config %{_sysconfdir}/postfix/TLS_LICENSE +%config %{_sysconfdir}/permissions.d/postfix +%config %{_sysconfdir}/permissions.d/postfix.paranoid +%attr(0644, root, root) %config %{_sysconfdir}/postfix/makedefs.out +%{pf_shlib_directory}/postfix-files +# create our default postfix ssl DIR (/etc/postfix/ssl) +%dir %{_sysconfdir}/postfix/ssl +%dir %{_sysconfdir}/postfix/ssl/certs +%{_sysconfdir}/postfix/ssl/cacerts +%dir %{pf_shlib_directory}/systemd +%attr(0755,root,root) %{pf_shlib_directory}/systemd/* +%{_unitdir}/postfix.service +%verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postdrop +%verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postlog +%verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postqueue +%{_bindir}/mailq +%{_bindir}/newaliases +%attr(0755,root,root) %{_sbindir}/sendmail +%attr(0755,root,root) %{_sbindir}/postalias +%attr(0755,root,root) %{_sbindir}/postcat +%attr(0755,root,root) %{_sbindir}/postconf +%attr(0755,root,root) %{_sbindir}/postfix +%attr(0755,root,root) %{_sbindir}/postkick +%attr(0755,root,root) %{_sbindir}/postlock +%attr(0755,root,root) %{_sbindir}/postmap +%attr(0755,root,root) %{_sbindir}/postmulti +%attr(0755,root,root) %{_sbindir}/postsuper +%attr(0755,root,root) %{_sbindir}/qshape +%attr(0755,root,root) %{_sbindir}/qmqp-source +%attr(0755,root,root) %{_sbindir}/smtp-sink +%attr(0755,root,root) %{_sbindir}/smtp-source +%attr(0755,root,root) %{_sbindir}/mkpostfixcert +%attr(0755,root,root) %{_sbindir}/check_mail_queue +%attr(0755,root,root) %{_sbindir}/config.postfix +%if 0%{?suse_version} < 1599 +%{_sbindir}/rcpostfix +%endif +%{_libdir}/lib* +%{_libexecdir}/sendmail +%dir %{pf_shlib_directory} +%{pf_shlib_directory}/*[^.so] +%{pf_shlib_directory}/postfix-pcre.so +%{pf_shlib_directory}/libpostfix-dns.so +%{pf_shlib_directory}/libpostfix-global.so +%{pf_shlib_directory}/libpostfix-master.so +%{pf_shlib_directory}/libpostfix-tls.so +%{pf_shlib_directory}/libpostfix-util.so +%{pf_shlib_directory}/main.cf.proto +%{pf_shlib_directory}/master.cf.proto + +%{conf_backup_dir} +%dir %attr(0700,postfix,root) %{pf_data_directory} +%exclude %{_mandir}/man5/ldap_table.5* +%exclude %{_mandir}/man5/lmdb_table.5* +%exclude %{_mandir}/man5/mysql_table.5* +%exclude %{_mandir}/man5/pgsql_table.5* +%{_mandir}/man?/*%{?ext_man} +%dir %attr(0755,root,root) /%{pf_queue_directory} +%dir %attr(0755,root,root) /%{pf_queue_directory}/pid +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/active +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/bounce +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/corrupt +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/defer +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/deferred +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/flush +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/hold +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/incoming +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/private +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/saved +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/trace +%dir %attr(0730,postfix,maildrop) /%{pf_queue_directory}/maildrop +%dir %attr(0710,postfix,maildrop) /%{pf_queue_directory}/public +%if 0%{?suse_version} >= 1330 +%{_sysusersdir}/postfix-user.conf +%endif +%dir %attr(1777,root,root) /var/spool/mail +/var/mail + +%if %{with lmdb} +%files lmdb +%{pf_shlib_directory}/postfix-lmdb.so +%{_mandir}/man5/lmdb_table.5%{?ext_man} +%endif + +%changelog diff --git a/postfix-linux45.patch b/postfix-linux45.patch new file mode 100644 index 0000000..1787eac --- /dev/null +++ b/postfix-linux45.patch @@ -0,0 +1,19 @@ +--- + makedefs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: makedefs +=================================================================== +--- makedefs.orig ++++ makedefs +@@ -631,8 +631,8 @@ EOF + : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} + : ${PLUGIN_LD="${CC-gcc} -shared"} + ;; +- Linux.[3456].*) +- SYSTYPE=LINUX$RELEASE_MAJOR ++ Linux.[3-9].*|Linux.[1-9][0-9].*) ++ SYSTYPE=LINUX3 + case "$CCARGS" in + *-DNO_DB*) ;; + *-DHAS_DB*) ;; diff --git a/postfix-main.cf.patch b/postfix-main.cf.patch new file mode 100644 index 0000000..ce30c23 --- /dev/null +++ b/postfix-main.cf.patch @@ -0,0 +1,218 @@ +Index: conf/main.cf +=================================================================== +--- conf/main.cf.orig ++++ conf/main.cf +@@ -285,7 +285,7 @@ unknown_local_recipient_reject_code = 55 + # + #mynetworks = 168.100.3.0/28, 127.0.0.0/8 + #mynetworks = $config_directory/mynetworks +-#mynetworks = hash:/etc/postfix/network_table ++#mynetworks = lmdb:/etc/postfix/network_table + + # The relay_domains parameter restricts what destinations this system will + # relay mail to. See the smtpd_relay_restrictions and +@@ -352,7 +352,7 @@ unknown_local_recipient_reject_code = 55 + # In the left-hand side, specify an @domain.tld wild-card, or specify + # a user@domain.tld address. + # +-#relay_recipient_maps = hash:/etc/postfix/relay_recipients ++#relay_recipient_maps = lmdb:/etc/postfix/relay_recipients + + # INPUT RATE CONTROL + # +@@ -407,8 +407,8 @@ unknown_local_recipient_reject_code = 55 + # "postfix reload" to eliminate the delay. + # + #alias_maps = dbm:/etc/aliases +-#alias_maps = hash:/etc/aliases +-#alias_maps = hash:/etc/aliases, nis:mail.aliases ++#alias_maps = lmdb:/etc/aliases ++#alias_maps = lmdb:/etc/aliases, nis:mail.aliases + #alias_maps = netinfo:/aliases + + # The alias_database parameter specifies the alias database(s) that +@@ -418,8 +418,8 @@ unknown_local_recipient_reject_code = 55 + # + #alias_database = dbm:/etc/aliases + #alias_database = dbm:/etc/mail/aliases +-#alias_database = hash:/etc/aliases +-#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases ++#alias_database = lmdb:/etc/aliases ++#alias_database = lmdb:/etc/aliases, lmdb:/opt/majordomo/aliases + + # ADDRESS EXTENSIONS (e.g., user+foo) + # +@@ -576,6 +576,7 @@ unknown_local_recipient_reject_code = 55 + # + #smtpd_banner = $myhostname ESMTP $mail_name + #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) ++smtpd_banner = $myhostname ESMTP + + # PARALLEL DELIVERY TO THE SAME DESTINATION + # +@@ -682,4 +683,165 @@ sample_directory = + # readme_directory: The location of the Postfix README files. + # + readme_directory = ++ ++############################################################ ++# ++# before changing values manually consider editing ++# /etc/sysconfig/postfix ++# and run ++# config.postfix ++# ++# if you miss a feature of config.postfix then just send a ++# mail to chris@computersalat.de ++# patches for new feature(s) are also welcome :) ++# ++############################################################ ++ ++biff = no ++content_filter = ++delay_warning_time = 0h ++smtp_dns_support_level = enabled ++disable_mime_output_conversion = no ++disable_vrfy_command = yes ++inet_interfaces = all + inet_protocols = ipv4 ++masquerade_classes = envelope_sender, header_sender, header_recipient ++masquerade_domains = ++masquerade_exceptions = ++mydestination = $myhostname, localhost.$mydomain, localhost ++myhostname = ++mynetworks_style = subnet ++relayhost = ++ ++alias_maps = ++canonical_maps = ++relocated_maps = ++sender_canonical_maps = ++transport_maps = ++mail_spool_directory = /var/mail ++message_strip_characters = ++defer_transports = ++mailbox_command = ++mailbox_transport = ++mailbox_size_limit = 0 ++message_size_limit = 0 ++strict_8bitmime = no ++strict_rfc821_envelopes = no ++smtpd_delay_reject = yes ++smtpd_helo_required = no ++ ++smtpd_client_restrictions = ++ ++smtpd_helo_restrictions = ++ ++smtpd_sender_restrictions = ++ ++smtpd_recipient_restrictions = ++ ++ ++###################################################################### ++# SMTP Smuggling (CVE-2023-51764) ++# no: allows SMTP smuggling ++# yes / normalize : ++# but allow local clients with non-standard SMTP implementations ++# such as netcat, fax machines, or load balancer health checks. ++# reject: ++# rejects a command or message that contains a bare newline ++###################################################################### ++smtpd_forbid_bare_newline = normalize ++smtpd_forbid_bare_newline_exclusions = $mynetworks ++#smtpd_forbid_bare_newline_reject_code = 521 ++ ++############################################################ ++# SASL stuff ++############################################################ ++smtp_sasl_auth_enable = no ++smtp_sasl_security_options = ++smtp_sasl_password_maps = ++smtpd_sasl_auth_enable = no ++# cyrus : smtpd_sasl_type = cyrus ++# smtpd_sasl_path = smtpd ++# dovecot : smtpd_sasl_type = dovecot ++# smtpd_sasl_path = private/auth ++smtpd_sasl_type = cyrus ++smtpd_sasl_path = smtpd ++############################################################ ++# TLS stuff ++############################################################ ++#tls_append_default_CA = no ++relay_clientcerts = ++#tls_random_source = dev:/dev/urandom ++ ++smtp_use_tls = no ++#smtp_tls_loglevel = 0 ++smtp_enforce_tls = no ++smtp_tls_security_level = ++smtp_tls_CAfile = ++smtp_tls_CApath = ++smtp_tls_cert_file = ++smtp_tls_key_file = ++#smtp_tls_policy_maps = lmdb:/etc/postfix/tls_policy ++#smtp_tls_session_cache_timeout = 3600s ++smtp_tls_session_cache_database = ++ ++smtpd_use_tls = no ++#smtpd_tls_loglevel = 0 ++smtpd_enforce_tls = no ++smtpd_tls_security_level = ++smtpd_tls_CAfile = ++smtpd_tls_CApath = ++smtpd_tls_cert_file = ++smtpd_tls_key_file = ++smtpd_tls_ask_ccert = no ++smtpd_tls_exclude_ciphers = RC4 ++smtpd_tls_received_header = no ++############################################################ ++# OpenDKIM ++############################################################ ++#smtpd_milters = unix:/run/opendkim/opendkim.sock ++#non_smtpd_milters = $smtpd_milters ++#milter_default_action = accept ++#milter_protocol = 2 ++############################################################ ++# Start MySQL from postfixwiki.org ++############################################################ ++relay_domains = $mydestination, lmdb:/etc/postfix/relay ++#relay_recipient_maps = lmdb:/etc/postfix/relay_recipients ++#virtual_alias_domains = ++#virtual_alias_maps = lmdb:/etc/postfix/virtual ++#virtual_uid_maps = static:303 ++#virtual_gid_maps = static:303 ++#virtual_minimum_uid = 303 ++#virtual_mailbox_base = /srv/maildirs ++#virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf ++#virtual_mailbox_limit = 0 ++#virtual_mailbox_limit_inbox = no ++#virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf ++## For dovecot LMTP replace 'virtual' with 'lmtp:unix:private/dovecot-lmtp' ++#virtual_transport = virtual ++## Additional for quota support ++#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf ++#virtual_mailbox_limit_override = yes ++### Needs Maildir++ compatible IMAP servers, like Courier-IMAP ++#virtual_maildir_filter = yes ++#virtual_maildir_filter_maps = lmdb:/etc/postfix/vfilter ++#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later. ++#virtual_maildir_limit_message_maps = lmdb:/etc/postfix/vmsg ++#virtual_overquota_bounce = yes ++#virtual_trash_count = yes ++#virtual_trash_name = ".Trash" ++############################################################ ++# End MySQL from postfixwiki.org ++############################################################ ++# Rewrite reject codes ++############################################################ ++#unknown_address_reject_code = 550 ++#unknown_client_reject_code = 550 ++#unknown_hostname_reject_code = 550 ++#unverified_recipient_reject_code = 550 ++#unverified_sender_reject_code = 550 ++#soft_bounce = yes ++############################################################ ++#debug_peer_list = example.com ++#debug_peer_level = 3 ++ diff --git a/postfix-master.cf.patch b/postfix-master.cf.patch new file mode 100644 index 0000000..d69a20e --- /dev/null +++ b/postfix-master.cf.patch @@ -0,0 +1,129 @@ +Index: conf/master.cf +=================================================================== +--- conf/master.cf.orig ++++ conf/master.cf +@@ -10,6 +10,11 @@ + # (yes) (yes) (no) (never) (100) + # ========================================================================== + smtp inet n - n - - smtpd ++#amavis unix - - n - 4 smtp ++# -o smtp_data_done_timeout=1200 ++# -o smtp_send_xforward_command=yes ++# -o smtp_dns_support_level=disabled ++# -o max_use=20 + #smtp inet n - n - 1 postscreen + #smtpd pass - - n - - smtpd + #dnsblog unix - - n - 0 dnsblog +@@ -17,40 +22,42 @@ smtp inet n - n + # Choose one: enable submission for loopback clients only, or for any client. + #127.0.0.1:submission inet n - n - - smtpd + #submission inet n - n - - smtpd +-# -o syslog_name=postfix/submission +-# -o smtpd_tls_security_level=encrypt +-# -o smtpd_sasl_auth_enable=yes +-# -o smtpd_tls_auth_only=yes +-# -o local_header_rewrite_clients=static:all +-# -o smtpd_reject_unlisted_recipient=no ++# -o syslog_name=postfix/submission ++# -o smtpd_tls_security_level=encrypt ++# -o content_filter=smtp:[127.0.0.1]:10024 ++# -o smtpd_sasl_auth_enable=yes ++# -o smtpd_tls_auth_only=yes ++# -o local_header_rewrite_clients=static:all ++# -o smtpd_reject_unlisted_recipient=no + # Instead of specifying complex smtpd__restrictions here, + # specify "smtpd__restrictions=$mua__restrictions" + # here, and specify mua__restrictions in main.cf (where + # "" is "client", "helo", "sender", "relay", or "recipient"). +-# -o smtpd_client_restrictions= +-# -o smtpd_helo_restrictions= +-# -o smtpd_sender_restrictions= +-# -o smtpd_relay_restrictions= +-# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject +-# -o milter_macro_daemon_name=ORIGINATING ++# -o smtpd_client_restrictions=$mua_client_restrictions ++# -o smtpd_helo_restrictions=$mua_helo_restrictions ++# -o smtpd_sender_restrictions=$mua_sender_restrictions ++# -o smtpd_recipient_restrictions= ++# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject ++# -o milter_macro_daemon_name=ORIGINATING + # Choose one: enable submissions for loopback clients only, or for any client. + #127.0.0.1:submissions inet n - n - - smtpd + #submissions inet n - n - - smtpd +-# -o syslog_name=postfix/submissions +-# -o smtpd_tls_wrappermode=yes +-# -o smtpd_sasl_auth_enable=yes +-# -o local_header_rewrite_clients=static:all +-# -o smtpd_reject_unlisted_recipient=no ++# -o syslog_name=postfix/submissions ++# -o smtpd_tls_wrappermode=yes ++# -o content_filter=smtp:[127.0.0.1]:10024 ++# -o smtpd_sasl_auth_enable=yes ++# -o local_header_rewrite_clients=static:all ++# -o smtpd_reject_unlisted_recipient=no + # Instead of specifying complex smtpd__restrictions here, + # specify "smtpd__restrictions=$mua__restrictions" + # here, and specify mua__restrictions in main.cf (where + # "" is "client", "helo", "sender", "relay", or "recipient"). +-# -o smtpd_client_restrictions= +-# -o smtpd_helo_restrictions= +-# -o smtpd_sender_restrictions= +-# -o smtpd_relay_restrictions= +-# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject +-# -o milter_macro_daemon_name=ORIGINATING ++# -o smtpd_client_restrictions=$mua_client_restrictions ++# -o smtpd_helo_restrictions=$mua_helo_restrictions ++# -o smtpd_sender_restrictions=$mua_sender_restrictions ++# -o smtpd_recipient_restrictions= ++# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject ++# -o milter_macro_daemon_name=ORIGINATING + #628 inet n - n - - qmqpd + pickup unix n - n 60 1 pickup + cleanup unix n - n - 0 cleanup +@@ -79,6 +86,26 @@ lmtp unix - - n + anvil unix - - n - 1 anvil + scache unix - - n - 1 scache + postlog unix-dgram n - n - 1 postlogd ++#localhost:10025 inet n - n - - smtpd ++# -o content_filter= ++# -o smtpd_delay_reject=no ++# -o smtpd_client_restrictions=permit_mynetworks,reject ++# -o smtpd_helo_restrictions= ++# -o smtpd_sender_restrictions= ++# -o smtpd_recipient_restrictions=permit_mynetworks,reject ++# -o smtpd_data_restrictions=reject_unauth_pipelining ++# -o smtpd_end_of_data_restrictions= ++# -o smtpd_restriction_classes= ++# -o mynetworks=127.0.0.0/8 ++# -o smtpd_error_sleep_time=0 ++# -o smtpd_soft_error_limit=1001 ++# -o smtpd_hard_error_limit=1000 ++# -o smtpd_client_connection_count_limit=0 ++# -o smtpd_client_connection_rate_limit=0 ++# -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_address_mappings ++# -o local_header_rewrite_clients= ++# -o local_recipient_maps= ++# -o relay_recipient_maps= + # + # ==================================================================== + # Interfaces to non-Postfix software. Be sure to examine the manual +@@ -112,7 +139,7 @@ postlog unix-dgram n - n + # Also specify in main.cf: cyrus_destination_recipient_limit=1 + # + #cyrus unix - n n - - pipe +-# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} ++# flags=DRX user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} + # + # ==================================================================== + # +@@ -145,3 +172,10 @@ postlog unix-dgram n - n + #mailman unix - n n - - pipe + # flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py + # ${nexthop} ${user} ++# ++#procmail unix - n n - - pipe ++# flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient} ++# ++#dovecot unix - n n - - pipe ++# flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient} ++# diff --git a/postfix-mysql.tar.bz2 b/postfix-mysql.tar.bz2 new file mode 100644 index 0000000..d4b7a7d --- /dev/null +++ b/postfix-mysql.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3be757b4857bb888c6cf56b464147d451e1188c665f844582281f29b9ba2a914 +size 3274 diff --git a/postfix-no-md5.patch b/postfix-no-md5.patch new file mode 100644 index 0000000..c36ca1c --- /dev/null +++ b/postfix-no-md5.patch @@ -0,0 +1,26 @@ +Index: src/global/mail_params.h +=================================================================== +--- src/global/mail_params.h.orig ++++ src/global/mail_params.h +@@ -1391,7 +1391,7 @@ extern char *var_smtpd_tls_mand_excl; + + #define VAR_SMTPD_TLS_FPT_DGST "smtpd_tls_fingerprint_digest" + #define DEF_SMTPD_TLS_FPT_DGST "${{$compatibility_level} ++ Tomas Macek ++ Lucca Longinotti ++ ++See VDA patch official website http://vda.sf.net for instructions ++howto patch the Postfix's sourcetree and configure the options ++provided by this patch. ++ ++ Cristian Sava *** port to postfix-3.0.3 ++ ++ +Index: src/global/mail_params.h +=================================================================== +--- src/global/mail_params.h.orig ++++ src/global/mail_params.h +@@ -2661,6 +2661,54 @@ extern char *var_virt_uid_maps; + #define DEF_VIRT_GID_MAPS "" + extern char *var_virt_gid_maps; + ++#define VAR_VIRT_MAILBOX_LIMIT_MAPS "virtual_mailbox_limit_maps" ++#define DEF_VIRT_MAILBOX_LIMIT_MAPS "" ++extern char *var_virt_mailbox_limit_maps; ++ ++#define VAR_VIRT_MAILBOX_LIMIT_INBOX "virtual_mailbox_limit_inbox" ++#define DEF_VIRT_MAILBOX_LIMIT_INBOX 0 ++extern bool var_virt_mailbox_limit_inbox; ++ ++#define VAR_VIRT_MAILBOX_LIMIT_OVERRIDE "virtual_mailbox_limit_override" ++#define DEF_VIRT_MAILBOX_LIMIT_OVERRIDE 0 ++extern bool var_virt_mailbox_limit_override; ++ ++#define VAR_VIRT_MAILDIR_EXTENDED "virtual_maildir_extended" ++#define DEF_VIRT_MAILDIR_EXTENDED 0 ++extern bool var_virt_maildir_extended; ++ ++#define VAR_VIRT_OVERQUOTA_BOUNCE "virtual_overquota_bounce" ++#define DEF_VIRT_OVERQUOTA_BOUNCE 0 ++extern bool var_virt_overquota_bounce; ++ ++#define VAR_VIRT_MAILDIR_LIMIT_MESSAGE "virtual_maildir_limit_message" ++#define DEF_VIRT_MAILDIR_LIMIT_MESSAGE "Sorry, the user's maildir has overdrawn his diskspace quota, please try again later." ++extern char *var_virt_maildir_limit_message; ++ ++#define VAR_VIRT_MAILDIR_LIMIT_MESSAGE_MAPS "virtual_maildir_limit_message_maps" ++#define DEF_VIRT_MAILDIR_LIMIT_MESSAGE_MAPS "" ++extern char *var_virt_maildir_limit_message_maps; ++ ++#define VAR_VIRT_MAILDIR_SUFFIX "virtual_maildir_suffix" ++#define DEF_VIRT_MAILDIR_SUFFIX "" ++extern char *var_virt_maildir_suffix; ++ ++#define VAR_VIRT_TRASH_COUNT "virtual_trash_count" ++#define DEF_VIRT_TRASH_COUNT 0 ++extern bool var_virt_trash_count; ++ ++#define VAR_VIRT_TRASH_NAME "virtual_trash_name" ++#define DEF_VIRT_TRASH_NAME ".Trash" ++extern char *var_virt_trash_name; ++ ++#define VAR_VIRT_MAILDIR_FILTER "virtual_maildir_filter" ++#define DEF_VIRT_MAILDIR_FILTER 0 ++extern bool var_virt_maildir_filter; ++ ++#define VAR_VIRT_MAILDIR_FILTER_MAPS "virtual_maildir_filter_maps" ++#define DEF_VIRT_MAILDIR_FILTER_MAPS "" ++extern char *var_virt_maildir_filter_maps; ++ + #define VAR_VIRT_MINUID "virtual_minimum_uid" + #define DEF_VIRT_MINUID 100 + extern int var_virt_minimum_uid; +Index: src/util/file_limit.c +=================================================================== +--- src/util/file_limit.c.orig ++++ src/util/file_limit.c +@@ -85,7 +85,11 @@ void set_file_limit(off_t limit) + #else + struct rlimit rlim; + +- rlim.rlim_cur = rlim.rlim_max = limit; ++ /* rlim_max can only be changed by root. */ ++ if (getrlimit(RLIMIT_FSIZE, &rlim) < 0) ++ msg_fatal("getrlimit: %m"); ++ rlim.rlim_cur = limit; ++ + if (setrlimit(RLIMIT_FSIZE, &rlim) < 0) + msg_fatal("setrlimit: %m"); + #ifdef SIGXFSZ +Index: src/virtual/mailbox.c +=================================================================== +--- src/virtual/mailbox.c.orig ++++ src/virtual/mailbox.c +@@ -57,6 +57,7 @@ + #include + #include + #include ++#include + + /* Global library. */ + +@@ -75,6 +76,70 @@ + #define YES 1 + #define NO 0 + ++/* change_mailbox_limit - change limit for mailbox file */ ++static int change_mailbox_limit(LOCAL_STATE state, USER_ATTR usr_attr) ++{ ++ char *myname = "change_mailbox_limit"; ++ const char *limit_res; ++ long n = 0; ++ int status = NO; ++ ++ /* ++ * Look up the virtual mailbox limit size for this user. ++ * Fall back to virtual_mailbox_limit in case lookup failed. ++ * If virtual mailbox limit size is negative, fall back to virtual_mailbox_limit. ++ * If it's 0, set the mailbox limit to 0, which means unlimited. ++ * If it's more than 0 (positive int), check if the value is smaller than the maximum message size, ++ * if it is and the virtual mailbox limit can't be overridden, fall back to virtual_mailbox_limit and ++ * warn the user, else use the value directly as the mailbox limit. ++ */ ++ if (*var_virt_mailbox_limit_maps != 0 && (limit_res = mail_addr_find(virtual_mailbox_limit_maps, state.msg_attr.user, (char **) NULL)) != 0) { ++ n = atol(limit_res); ++ if (n > 0) { ++ if ((n < var_message_limit) && (!var_virt_mailbox_limit_override)) { ++ set_file_limit(var_virt_mailbox_limit); ++ status = NO; ++ ++ msg_warn("%s: recipient %s - virtual mailbox limit is " ++ "smaller than %s in %s - falling back to %s", ++ myname, ++ state.msg_attr.user, ++ VAR_MESSAGE_LIMIT, ++ virtual_mailbox_limit_maps->title, ++ VAR_VIRT_MAILBOX_LIMIT); ++ } ++ else { ++ set_file_limit((off_t) n); ++ status = YES; ++ ++ if (msg_verbose) ++ msg_info("%s: set virtual mailbox limit size for %s to %ld", ++ myname, usr_attr.mailbox, n); ++ } ++ } ++ else if (n == 0) { ++ set_file_limit(OFF_T_MAX); ++ status = YES; ++ ++ if (msg_verbose) ++ msg_info("%s: set virtual mailbox limit size for %s to %ld", ++ myname, usr_attr.mailbox, OFF_T_MAX); ++ } ++ else { ++ /* Invalid limit size (negative). Use default virtual_mailbox_limit. */ ++ set_file_limit(var_virt_mailbox_limit); ++ status = NO; ++ } ++ } ++ else { ++ /* There is no limit in the maps. Use default virtual_mailbox_limit. */ ++ set_file_limit(var_virt_mailbox_limit); ++ status = NO; ++ } ++ ++ return(status); ++} ++ + /* deliver_mailbox_file - deliver to recipient mailbox */ + + static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr) +@@ -219,62 +284,72 @@ int deliver_mailbox(LOCAL_STATE stat + * Look up the mailbox owner rights. Defer in case of trouble. + */ + uid_res = mail_addr_find(virtual_uid_maps, state.msg_attr.user, +- IGNORE_EXTENSION); +- if (uid_res == 0) { +- msg_warn("recipient %s: not found in %s", +- state.msg_attr.user, virtual_uid_maps->title); +- dsb_simple(why, "4.3.5", "mail system configuration error"); +- *statusp = defer_append(BOUNCE_FLAGS(state.request), +- BOUNCE_ATTR(state.msg_attr)); +- RETURN(YES); ++ IGNORE_EXTENSION); ++ ++ if ((uid_res = mail_addr_find(virtual_uid_maps, state.msg_attr.user, (char **) 0)) == 0) { ++ if ((uid_res = maps_find(virtual_uid_maps, strchr(state.msg_attr.user, '@'), DICT_FLAG_FIXED)) == 0) { ++ msg_warn("recipient %s: not found in %s", state.msg_attr.user, virtual_uid_maps->title); ++ dsb_simple(why, "4.3.5", "mail system configuration error"); ++ *statusp = defer_append(BOUNCE_FLAGS(state.request), BOUNCE_ATTR(state.msg_attr)); ++ RETURN(YES); ++ } + } ++ + if ((n = atol(uid_res)) < var_virt_minimum_uid) { +- msg_warn("recipient %s: bad uid %s in %s", +- state.msg_attr.user, uid_res, virtual_uid_maps->title); +- dsb_simple(why, "4.3.5", "mail system configuration error"); +- *statusp = defer_append(BOUNCE_FLAGS(state.request), +- BOUNCE_ATTR(state.msg_attr)); +- RETURN(YES); ++ msg_warn("recipient %s: bad uid %s in %s", state.msg_attr.user, uid_res, virtual_uid_maps->title); ++ dsb_simple(why, "4.3.5", "mail system configuration error"); ++ *statusp = defer_append(BOUNCE_FLAGS(state.request), BOUNCE_ATTR(state.msg_attr)); ++ RETURN(YES); + } ++ + usr_attr.uid = (uid_t) n; + + /* + * Look up the mailbox group rights. Defer in case of trouble. + */ + gid_res = mail_addr_find(virtual_gid_maps, state.msg_attr.user, +- IGNORE_EXTENSION); +- if (gid_res == 0) { +- msg_warn("recipient %s: not found in %s", +- state.msg_attr.user, virtual_gid_maps->title); +- dsb_simple(why, "4.3.5", "mail system configuration error"); +- *statusp = defer_append(BOUNCE_FLAGS(state.request), +- BOUNCE_ATTR(state.msg_attr)); +- RETURN(YES); ++ IGNORE_EXTENSION); ++ ++ if ((gid_res = mail_addr_find(virtual_gid_maps, state.msg_attr.user, (char **) 0)) == 0) { ++ if ((gid_res = maps_find(virtual_gid_maps, strchr(state.msg_attr.user, '@'), DICT_FLAG_FIXED)) == 0) { ++ msg_warn("recipient %s: not found in %s", state.msg_attr.user, virtual_gid_maps->title); ++ dsb_simple(why, "4.3.5", "mail system configuration error"); ++ *statusp = defer_append(BOUNCE_FLAGS(state.request), BOUNCE_ATTR(state.msg_attr)); ++ RETURN(YES); ++ } + } ++ + if ((n = atol(gid_res)) <= 0) { +- msg_warn("recipient %s: bad gid %s in %s", +- state.msg_attr.user, gid_res, virtual_gid_maps->title); +- dsb_simple(why, "4.3.5", "mail system configuration error"); +- *statusp = defer_append(BOUNCE_FLAGS(state.request), +- BOUNCE_ATTR(state.msg_attr)); +- RETURN(YES); ++ msg_warn("recipient %s: bad gid %s in %s", state.msg_attr.user, gid_res, virtual_gid_maps->title); ++ dsb_simple(why, "4.3.5", "mail system configuration error"); ++ *statusp = defer_append(BOUNCE_FLAGS(state.request), BOUNCE_ATTR(state.msg_attr)); ++ RETURN(YES); + } ++ + usr_attr.gid = (gid_t) n; + + if (msg_verbose) +- msg_info("%s[%d]: set user_attr: %s, uid = %u, gid = %u", +- myname, state.level, usr_attr.mailbox, +- (unsigned) usr_attr.uid, (unsigned) usr_attr.gid); ++ msg_info("%s[%d]: set user_attr: %s, uid = %u, gid = %u", ++ myname, state.level, usr_attr.mailbox, ++ (unsigned) usr_attr.uid, (unsigned) usr_attr.gid); + + /* + * Deliver to mailbox or to maildir. + */ + #define LAST_CHAR(s) (s[strlen(s) - 1]) + +- if (LAST_CHAR(usr_attr.mailbox) == '/') +- *statusp = deliver_maildir(state, usr_attr); +- else +- *statusp = deliver_mailbox_file(state, usr_attr); ++ if (LAST_CHAR(usr_attr.mailbox) == '/') { ++ *statusp = deliver_maildir(state, usr_attr); ++ } ++ else { ++ int changed_limit; ++ ++ changed_limit = change_mailbox_limit(state, usr_attr); ++ *statusp = deliver_mailbox_file(state, usr_attr); ++ ++ if (changed_limit) ++ set_file_limit(var_virt_mailbox_limit); ++ } + + /* + * Cleanup. +Index: src/virtual/maildir.c +=================================================================== +--- src/virtual/maildir.c.orig ++++ src/virtual/maildir.c +@@ -64,28 +64,420 @@ + #include + #include + ++/* Patch library. */ ++ ++#include /* opendir(3), stat(2) */ ++#include /* stat(2) */ ++#include /* opendir(3) */ ++#include /* stat(2) */ ++#include /* atol(3) */ ++#include /* strrchr(3) */ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ + /* Application-specific. */ + + #include "virtual.h" + +-/* deliver_maildir - delivery to maildir-style mailbox */ ++/* Maildirsize maximal size. */ ++ ++#define SIZEFILE_MAX 5120 ++ ++/* ++ * Chris Stratford ++ * Read the maildirsize file to get quota info. ++ * ++ * Arguments: ++ * dirname: the maildir ++ * countptr: number of messages ++ * ++ * Returns the size of all mails as read from maildirsize, ++ * zero if it couldn't read the file. ++ */ ++static long read_maildirsize(char *filename, long *sumptr, long *countptr) ++{ ++ char *myname = "read_maildirsize"; ++ struct stat statbuf; ++ VSTREAM *sizefile; ++ char *p; ++ int len, first; ++ long sum = 0, count = 0, ret_value = -1; ++ ++ if (msg_verbose) ++ msg_info("%s: we will use sizefile = '%s'", myname, filename); ++ ++ sizefile = vstream_fopen(filename, O_RDONLY, 0); ++ if (!sizefile) { ++ if (msg_verbose) ++ msg_info("%s: cannot open %s: %m (maybe file does not exist)", myname, filename); ++ ++ return -1; ++ } else if (stat(filename, &statbuf) < 0 || statbuf.st_size > SIZEFILE_MAX) { ++ if (sizefile) { ++ vstream_fclose(sizefile); ++ unlink(filename); ++ } ++ ++ if (msg_verbose) ++ msg_info("%s: stat() returned < 0 or filesize > SIZEFILE_MAX (filename = %s, filesize = %ld)", myname, filename, statbuf.st_size); ++ ++ return -1; ++ } ++ ++ VSTRING *sizebuf = vstring_alloc(SIZEFILE_MAX); ++ len = vstream_fread(sizefile, STR(sizebuf), SIZEFILE_MAX); ++ ++ p = STR(sizebuf); ++ *(p + len) = '\0'; ++ first = 1; ++ ++ while (*p) { ++ long n = 0, c = 0; ++ char *q = p; ++ ++ while (*p) { ++ if (*p++ == '\n') { ++ p[-1] = 0; ++ break; ++ } ++ } ++ ++ if (first) { ++ first = 0; ++ continue; ++ } ++ ++ if (sscanf(q, "%ld %ld", &n, &c) == 2) { ++ sum += n; ++ count += c; ++ /* if (msg_verbose) ++ msg_info("%s: we read line '%s', totals: sum = %ld, count = %ld", myname, q, sum, count); */ ++ } ++ else { ++ vstream_fclose(sizefile); ++ unlink(filename); ++ msg_warn("%s: invalid line '%s' found in %s, removing maildirsize file", myname, q, filename); ++ vstring_free(sizebuf); ++ ++ return -1; ++ } ++ } ++ ++ *countptr = count; ++ *sumptr = sum; ++ ++ if (sum < 0 || count < 0 || (sum == 0 && count != 0) || (sum != 0 && count == 0)) { ++ if (msg_verbose) { ++ msg_info("%s: we will return -1 and unlink %s, because file count or sum is <= 0 (sum = %ld, count = %ld)", myname, filename, sum, count); ++ } ++ ++ unlink(filename); ++ ret_value = -1; ++ } else { ++ if (msg_verbose) ++ msg_info("%s: we will return Maildir size = %ld, count = %ld", myname, *sumptr, *countptr); ++ ++ ret_value = sum; ++ } + +-int deliver_maildir(LOCAL_STATE state, USER_ATTR usr_attr) ++ vstream_fclose(sizefile); ++ vstring_free(sizebuf); ++ ++ return ret_value; ++} ++ ++/* ++ * Gives the size of the file according to the Maildir++ extension ++ * present in the filename (code taken from courier-imap). ++ * ++ * Arguments: ++ * n: filename ++ * ++ * Returns the size given in ",S=" in the filename, ++ * zero if it cannot find ",S=" in the filename. ++ */ ++static long maildir_parsequota(const char *n) ++{ ++ const char *o; ++ int yes = 0; ++ ++ if ((o = strrchr(n, '/')) == 0) ++ o = n; ++ ++ for (; *o; o++) { ++ if (*o == ':') ++ break; ++ } ++ ++ for (; o >= n; --o) { ++ if (*o == '/') ++ break; ++ ++ if (*o == ',' && o[1] == 'S' && o[2] == '=') { ++ yes = 1; ++ o += 3; ++ break; ++ } ++ } ++ ++ if (yes) { ++ long s = 0; ++ ++ while (*o >= '0' && *o <= '9') ++ s = s*10 + (*o++ - '0'); ++ ++ return s; ++ } ++ ++ return 0; ++} ++ ++/* ++ * Computes quota usage for a directory (taken from exim). ++ * ++ * This function is called to determine the exact quota usage of a virtual ++ * maildir box. To achieve maximum possible speed while doing this, it takes ++ * advantage of the maildirsize file and the Maildir++ extensions to filenames, ++ * when applicable and configured to be used. In all other cases it simply ++ * stats all the files as needed to get the size information. ++ * ++ * Arguments: ++ * dirname: the name of the directory ++ * countptr: where to add the file count (because this function recurses) ++ * ++ * Returns the sum of the sizes of all measurable files, ++ * zero if the directory could not be opened. ++ */ ++static long check_dir_size(char *dirname, long *countptr) ++{ ++ char *myname = "check_dir_size"; ++ DIR *dir; ++ long sum = 0; ++ struct dirent *ent; ++ struct stat statbuf; ++ ++ dir = opendir(dirname); ++ if (dir == NULL) { ++ if (make_dirs(dirname, 0700) == 0) { /* Try to create the dirs. */ ++ dir = opendir(dirname); /* Reopen the dir. */ ++ if (dir == NULL) { ++ msg_warn("%s: cannot reopen directory: %s", myname, dirname); ++ return 0; ++ } ++ } ++ else { ++ msg_warn("%s: cannot open directory: %s", myname, dirname); ++ return 0; ++ } ++ } ++ ++ while ((ent = readdir(dir)) != NULL) { ++ char *name = ent->d_name; ++ long tmpsum = 0; ++ VSTRING *buffer; ++ ++ /* do not count dot a double-dot dirs */ ++ if (strcmp(name, ".") == 0 || strcmp(name, "..") == 0) ++ continue; ++ /* do not count if this is the trash subdir and if we should NOT count it */ ++ else if (var_virt_trash_count == 0 && strcmp(name, var_virt_trash_name) == 0) ++ continue; ++ ++ /* ++ * Here comes the real logic behind this function. ++ * Optimized to be the most efficient possible, ++ * depending on the settings given. ++ * See above for a more detailed description. ++ */ ++ if (var_virt_mailbox_limit_inbox) { ++ if (var_virt_maildir_extended && (tmpsum = maildir_parsequota(name))) { ++ sum += tmpsum; ++ (*countptr)++; ++ } ++ else { ++ buffer = vstring_alloc(1024); ++ vstring_sprintf(buffer, "%s/%s", dirname, name); ++ ++ if (stat(STR(buffer), &statbuf) < 0) { ++ vstring_free(buffer); ++ continue; ++ } ++ if ((statbuf.st_mode & S_IFREG) != 0) { ++ sum += (long) statbuf.st_size; ++ (*countptr)++; ++ } ++ ++ vstring_free(buffer); ++ } ++ } ++ else { ++ buffer = vstring_alloc(1024); ++ vstring_sprintf(buffer, "%s/%s", dirname, name); ++ ++ if (stat(STR(buffer), &statbuf) < 0) { ++ vstring_free(buffer); ++ continue; ++ } ++ if ((statbuf.st_mode & S_IFREG) != 0) { ++ if (strcmp(dirname + strlen(dirname) - 3, "new") == 0 || strcmp(dirname + strlen(dirname) - 3, "cur") == 0 || strcmp(dirname + strlen(dirname) - 3, "tmp") == 0) { ++ sum += (long) statbuf.st_size; ++ (*countptr)++; ++ } ++ } ++ else if ((statbuf.st_mode & S_IFDIR) != 0) { ++ sum += check_dir_size(STR(buffer), countptr); ++ } ++ ++ vstring_free(buffer); ++ } ++ } ++ closedir(dir); ++ ++ if (msg_verbose) ++ msg_info("%s: full scan done: dir=%s sum=%ld count=%ld", myname, dirname, sum, *countptr); ++ ++ return sum; ++} ++ ++/* Cut all occurrences of pattern from string. */ ++static char *strcut(char *str, const char *pat) ++{ ++ char *ptr, *loc, *ret; ++ ret = str; ++ loc = str; ++ ++ /* No match, return original string. */ ++ if (!strstr(loc, pat)) ++ return(str); ++ ++ while (*loc && (ptr = strstr(loc, pat))) { ++ while (loc < ptr) ++ *str++ = *loc++; ++ loc += strlen(pat); ++ } ++ ++ while (*loc) ++ *str++ = *loc++; ++ ++ *str = 0; ++ ++ return(ret); ++} ++ ++/* Check if maildirfilter file is up-to-date compared to SQL, (re)write it if not. */ ++static long sql2file(char *filename, char *user) ++{ ++ char *myname = "sql2file"; ++ char *filter_sqlres; ++ char filter_fileres[128]; ++ long sqlmtime = 0, filemtime = 0, retval = 0; ++ int filterfile, size_sqlres, i; ++ struct stat statbuf; ++ ++ if (*var_virt_maildir_filter_maps != 0) { ++ filter_sqlres = (char *) mymalloc(16000); ++ filter_sqlres = (char *) mail_addr_find(virtual_maildir_filter_maps, user, (char **) 0); ++ ++ if (filter_sqlres) { ++ strcut(filter_sqlres, "\r"); ++ if (filter_sqlres[0] == '#' && filter_sqlres[1] == ' ' && filter_sqlres[2] == 'M') { ++ size_sqlres = strlen(filter_sqlres); ++ ++ for (i = 4; i <= size_sqlres; i++) { ++ if(filter_sqlres[i] == '/' && filter_sqlres[i+1] == '^') { ++ filter_sqlres[i-1] = '\n'; ++ } ++ } ++ ++ filter_sqlres[(size_sqlres+1)] = '\0'; ++ ++ sqlmtime = atol(filter_sqlres+3); ++ retval = sqlmtime; ++ ++ filterfile = open(filename, O_RDONLY, 0); ++ if (filterfile) { ++ read(filterfile, (void *) filter_fileres, 127); ++ close(filterfile); ++ ++ filemtime = atol(filter_fileres+3); ++ } ++ ++ if (msg_verbose) ++ msg_info("%s: filter data: sql_size=%li sql_mtime=%ld file_mtime=%ld", myname, strlen(filter_sqlres), sqlmtime, filemtime); ++ } ++ if (sqlmtime != filemtime && sqlmtime != 0) { ++ if ((filterfile = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0640))) { ++ if (msg_verbose) ++ msg_info("%s: updating filter file: %s", myname, filename); ++ write(filterfile, filter_sqlres, strlen(filter_sqlres)); ++ close(filterfile); ++ } ++ else { ++ msg_warn("%s: can't create filter file: %s", myname, filename); ++ retval = 0; ++ } ++ } ++ } ++ } ++ else { ++ if (stat(filename, &statbuf) == 0) ++ retval = (long) statbuf.st_mtime; ++ if (msg_verbose) ++ msg_info("%s: processing filter file: file_mtime=%ld", myname, retval); ++ } ++ ++ return retval; ++} ++ ++/* deliver_maildir - delivery to maildir-style mailbox */ ++int deliver_maildir(LOCAL_STATE state, USER_ATTR usr_attr) + { + const char *myname = "deliver_maildir"; +- char *newdir; +- char *tmpdir; +- char *curdir; +- char *tmpfile; +- char *newfile; ++ char *newdir; ++ char *tmpdir; ++ char *curdir; ++ char *newfile; ++ char *tmpfile; + DSN_BUF *why = state.msg_attr.why; + VSTRING *buf; + VSTREAM *dst; +- int mail_copy_status; +- int deliver_status; +- int copy_flags; +- struct stat st; +- struct timeval starttime; ++ int mail_copy_status; ++ int deliver_status; ++ int copy_flags; ++ struct stat st; ++ struct timeval starttime; ++ ++ /* Maildir Quota. */ ++ const char *limit_res; /* Limit from map. */ ++ char *sizefilename = (char *) 0; /* Maildirsize file name. */ ++ VSTRING *filequota; /* Quota setting from the maildirsize file. */ ++ VSTREAM *sizefile; /* Maildirsize file handle. */ ++ long n = 0; /* Limit in long integer format. */ ++ long saved_count = 0; /* The total number of files. */ ++ long saved_size = 0; /* The total quota of all files. */ ++ struct stat mail_stat; /* To check the size of the mail to be written. */ ++ struct stat sizefile_stat; /* To check the size of the maildirsize file. */ ++ time_t tm; /* To check the age of the maildirsize file. */ ++ ++ /* Maildir Filters. */ ++ const char *value, *cmd_text; /* Filter values. */ ++ char *filtername; ++ char *header; ++ char *bkpnewfile; ++ char *mdffilename = (char *) 0; /* Maildirfolder file name. */ ++ VSTRING *fltstr; ++ VSTREAM *tmpfilter; ++ VSTREAM *mdffile; /* Maildirfolder file handle. */ ++ DICT *FILTERS; ++ long sqlmtime; /* Latest modification time from sql2file(). */ ++ int cmd_len; ++ int read_mds = -1; /* read_maildirsize() returned value */ ++ struct stat mdffile_stat; /* To check if the maildirfolder file exists. */ + + GETTIMEOFDAY(&starttime); + +@@ -94,15 +486,14 @@ int deliver_maildir(LOCAL_STATE stat + */ + state.level++; + if (msg_verbose) +- MSG_LOG_STATE(myname, state); ++ MSG_LOG_STATE(myname, state); + + /* + * Don't deliver trace-only requests. + */ + if (DEL_REQ_TRACE_ONLY(state.request->flags)) { +- dsb_simple(why, "2.0.0", "delivers to maildir"); +- return (sent(BOUNCE_FLAGS(state.request), +- SENT_ATTR(state.msg_attr))); ++ dsb_simple(why, "2.0.0", "delivers to maildir"); ++ return (sent(BOUNCE_FLAGS(state.request), SENT_ATTR(state.msg_attr))); + } + + /* +@@ -110,17 +501,115 @@ int deliver_maildir(LOCAL_STATE stat + * attribute to reflect the final recipient. + */ + if (vstream_fseek(state.msg_attr.fp, state.msg_attr.offset, SEEK_SET) < 0) +- msg_fatal("seek message file %s: %m", VSTREAM_PATH(state.msg_attr.fp)); ++ msg_fatal("seek message file %s: %m", VSTREAM_PATH(state.msg_attr.fp)); + state.msg_attr.delivered = state.msg_attr.rcpt.address; + mail_copy_status = MAIL_COPY_STAT_WRITE; + buf = vstring_alloc(100); + +- copy_flags = MAIL_COPY_TOFILE | MAIL_COPY_RETURN_PATH +- | MAIL_COPY_DELIVERED | MAIL_COPY_ORIG_RCPT; ++ copy_flags = MAIL_COPY_TOFILE | MAIL_COPY_RETURN_PATH | MAIL_COPY_DELIVERED | MAIL_COPY_ORIG_RCPT; + +- newdir = concatenate(usr_attr.mailbox, "new/", (char *) 0); +- tmpdir = concatenate(usr_attr.mailbox, "tmp/", (char *) 0); +- curdir = concatenate(usr_attr.mailbox, "cur/", (char *) 0); ++ /* ++ * Concatenate the maildir suffix (if set). ++ */ ++ if (*var_virt_maildir_suffix == 0) { ++ newdir = concatenate(usr_attr.mailbox, "new/", (char *) 0); ++ tmpdir = concatenate(usr_attr.mailbox, "tmp/", (char *) 0); ++ curdir = concatenate(usr_attr.mailbox, "cur/", (char *) 0); ++ } ++ else { ++ newdir = concatenate(usr_attr.mailbox, var_virt_maildir_suffix, (char *) 0); ++ tmpdir = concatenate(usr_attr.mailbox, var_virt_maildir_suffix, (char *) 0); ++ curdir = concatenate(usr_attr.mailbox, var_virt_maildir_suffix, (char *) 0); ++ newdir = concatenate(newdir, "new/", (char *) 0); ++ tmpdir = concatenate(tmpdir, "tmp/", (char *) 0); ++ curdir = concatenate(curdir, "cur/", (char *) 0); ++ } ++ ++ /* get the sizefilename, no matter if we use var_virt_maildir_extended */ ++ if (*var_virt_maildir_suffix == 0) { ++ sizefilename = concatenate(usr_attr.mailbox, "maildirsize", (char *) 0); ++ } else { ++ sizefilename = concatenate(usr_attr.mailbox, var_virt_maildir_suffix, (char *) 0); ++ sizefilename = concatenate(sizefilename, "maildirsize", (char *) 0); ++ } ++ ++ /* ++ * Look up the virtual maildir limit size for this user. ++ * Fall back to virtual_mailbox_limit in case lookup failed. ++ * If virtual maildir limit size is negative, fall back to virtual_mailbox_limit. ++ * If it's 0, set the mailbox limit to 0, which means unlimited. ++ * If it's more than 0 (positive int), check if the value is smaller than the maximum message size, ++ * if it is and the virtual maildir limit can't be overridden, fall back to virtual_mailbox_limit and ++ * warn the user, else use the value directly as the maildir limit. ++ */ ++ if (*var_virt_mailbox_limit_maps != 0 && (limit_res = mail_addr_find(virtual_mailbox_limit_maps, state.msg_attr.user, (char **) NULL)) != 0) { ++ n = atol(limit_res); ++ if (n > 0) { ++ if ((n < var_message_limit) && (!var_virt_mailbox_limit_override)) { ++ n = var_virt_mailbox_limit; ++ ++ msg_warn("%s: recipient %s - virtual maildir limit is smaller than %s in %s - falling back to %s", ++ myname, state.msg_attr.user, VAR_MESSAGE_LIMIT, virtual_mailbox_limit_maps->title, ++ VAR_VIRT_MAILBOX_LIMIT); ++ } ++ else { ++ if (msg_verbose) ++ msg_info("%s: set virtual maildir limit size for %s to %ld", ++ myname, usr_attr.mailbox, n); ++ } ++ } ++ else if (n == 0) { ++ if (msg_verbose) ++ msg_info("%s: set virtual maildir limit size for %s to %ld", ++ myname, usr_attr.mailbox, n); ++ } ++ else { ++ if (msg_verbose) ++ msg_info("%s: quota is negative (%ld), using default virtual_mailbox_limit (%ld)", ++ myname, n, var_virt_mailbox_limit); ++ /* Invalid limit size (negative). Use default virtual_mailbox_limit. */ ++ n = var_virt_mailbox_limit; ++ } ++ } ++ else { ++ if (msg_verbose) ++ msg_info("%s: no limit found in the maps, using default virtual_mailbox_limit (%ld)", ++ myname, var_virt_mailbox_limit); ++ /* There is no limit in the maps. Use default virtual_mailbox_limit. */ ++ n = var_virt_mailbox_limit; ++ } ++ ++ /* If there should is a quota on maildir generaly, check it before delivering the mail */ ++ if (n != 0) { ++ set_eugid(usr_attr.uid, usr_attr.gid); ++ /* try to read the quota from maildirsize file. Returned values by read_maildirsize: ++ x < 0 = something failed ++ x >= 0 = reading successfully finished - sum si returned, so sum size of Maildir was 0 or more */ ++ if (!var_virt_mailbox_limit_inbox && var_virt_maildir_extended && (read_mds = read_maildirsize(sizefilename, &saved_size, &saved_count)) >= 0) { ++ if (msg_verbose) ++ msg_info("%s: maildirsize used=%s sum=%ld count=%ld", myname, sizefilename, saved_size, saved_count); ++ } else { ++ if (msg_verbose) ++ msg_info("%s: We will recount the quota (var_virt_mailbox_limit = %ld, var_virt_maildir_extended = %d, read_maildirsize = %d)", ++ myname, var_virt_mailbox_limit, var_virt_maildir_extended, read_mds); ++ ++ /* sanity */ ++ saved_size = 0; ++ saved_count = 0; ++ ++ if (var_virt_mailbox_limit_inbox) { ++ /* Check Inbox only (new, cur and tmp dirs). */ ++ saved_size = check_dir_size(newdir, &saved_count); ++ saved_size += check_dir_size(curdir, &saved_count); ++ saved_size += check_dir_size(tmpdir, &saved_count); ++ } else { ++ /* Check all boxes. */ ++ saved_size = check_dir_size(usr_attr.mailbox, &saved_count); ++ } ++ ++ set_eugid(var_owner_uid, var_owner_gid); ++ } ++ } + + /* + * Create and write the file as the recipient, so that file quota work. +@@ -175,46 +664,288 @@ int deliver_maildir(LOCAL_STATE stat + * [...] + */ + set_eugid(usr_attr.uid, usr_attr.gid); +- vstring_sprintf(buf, "%lu.P%d.%s", +- (unsigned long) starttime.tv_sec, var_pid, get_hostname()); ++ vstring_sprintf(buf, "%lu.P%d.%s", (unsigned long) starttime.tv_sec, var_pid, get_hostname()); + tmpfile = concatenate(tmpdir, STR(buf), (char *) 0); + newfile = 0; ++ bkpnewfile = 0; + if ((dst = vstream_fopen(tmpfile, O_WRONLY | O_CREAT | O_EXCL, 0600)) == 0 +- && (errno != ENOENT +- || make_dirs(tmpdir, 0700) < 0 +- || (dst = vstream_fopen(tmpfile, O_WRONLY | O_CREAT | O_EXCL, 0600)) == 0)) { +- dsb_simple(why, mbox_dsn(errno, "4.2.0"), +- "create maildir file %s: %m", tmpfile); +- } else if (fstat(vstream_fileno(dst), &st) < 0) { +- +- /* +- * Coverity 200604: file descriptor leak in code that never executes. +- * Code replaced by msg_fatal(), as it is not worthwhile to continue +- * after an impossible error condition. +- */ +- msg_fatal("fstat %s: %m", tmpfile); +- } else { +- vstring_sprintf(buf, "%lu.V%lxI%lxM%lu.%s", +- (unsigned long) starttime.tv_sec, +- (unsigned long) st.st_dev, +- (unsigned long) st.st_ino, +- (unsigned long) starttime.tv_usec, +- get_hostname()); +- newfile = concatenate(newdir, STR(buf), (char *) 0); +- if ((mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), +- dst, copy_flags, "\n", +- why)) == 0) { +- if (sane_link(tmpfile, newfile) < 0 +- && (errno != ENOENT +- || (make_dirs(curdir, 0700), make_dirs(newdir, 0700)) < 0 +- || sane_link(tmpfile, newfile) < 0)) { +- dsb_simple(why, mbox_dsn(errno, "4.2.0"), +- "create maildir file %s: %m", newfile); +- mail_copy_status = MAIL_COPY_STAT_WRITE; +- } +- } +- if (unlink(tmpfile) < 0) +- msg_warn("remove %s: %m", tmpfile); ++ && (errno != ENOENT ++ || make_dirs(tmpdir, 0700) < 0 ++ || (dst = vstream_fopen(tmpfile, O_WRONLY | O_CREAT | O_EXCL, 0600)) == 0)) { ++ dsb_simple(why, mbox_dsn(errno, "4.2.0"), "create maildir file %s: %m", tmpfile); ++ } ++ else if (fstat(vstream_fileno(dst), &st) < 0) { ++ /* ++ * Coverity 200604: file descriptor leak in code that never executes. ++ * Code replaced by msg_fatal(), as it is not worthwhile to continue ++ * after an impossible error condition. ++ */ ++ msg_fatal("fstat %s: %m", tmpfile); ++ } ++ else { ++ vstring_sprintf(buf, "%lu.V%lxI%lxM%lu.%s", ++ (unsigned long) starttime.tv_sec, ++ (unsigned long) st.st_dev, ++ (unsigned long) st.st_ino, ++ (unsigned long) starttime.tv_usec, ++ get_hostname()); ++ newfile = concatenate(newdir, STR(buf), (char *) 0); ++ bkpnewfile = concatenate(STR(buf), (char *) 0); /* Will need it later, if we MOVE to other folders. */ ++ ++ if ((mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), dst, copy_flags, "\n", why)) == 0) { ++ /* ++ * Add a ",S=" to the newly written file according to the ++ * Maildir++ specifications: http://www.inter7.com/courierimap/README.maildirquota.html ++ * This needs a stat(2) of the tempfile and modification of the ++ * name of the file. ++ */ ++ if (stat(tmpfile, &mail_stat) == 0) { ++ if (n != 0) { ++ saved_size += (long) mail_stat.st_size; ++ saved_count++; ++ } ++ if (var_virt_maildir_extended) { ++ /* Append the size of the file to newfile. */ ++ vstring_sprintf(buf, ",S=%ld", (long) mail_stat.st_size); ++ newfile = concatenate(newfile, STR(buf), (char *) 0); ++ bkpnewfile = concatenate(bkpnewfile, STR(buf), (char *) 0); ++ } ++ } ++ ++ /* ++ * Now we have the maildir size in saved_size, compare it to the max ++ * quota value and eventually issue a message that we've overdrawn it. ++ */ ++ if (saved_size > n) { ++ mail_copy_status = MAIL_COPY_STAT_WRITE; ++ if (((long) mail_stat.st_size > n) || (var_virt_overquota_bounce)) ++ errno = EFBIG; ++ else ++ errno = EDQUOT; ++ } ++ else { ++ /* Maildirfilter code by rk@demiurg.net. */ ++ if (var_virt_maildir_filter) { ++ if (msg_verbose) ++ msg_info("%s: loading DICT filters", myname); ++ ++#define STREQUAL(x,y,l) (strncasecmp((x), (y), (l)) == 0 && (y)[l] == 0) ++#define MAIL_COPY_STAT_REJECT (1<<3) ++#define MAIL_COPY_STAT_DISCARD (1<<4) ++ ++ /* Read filters. */ ++ filtername = concatenate("regexp:", usr_attr.mailbox, "maildirfilter", (char *) 0); ++ sqlmtime = sql2file(strchr(filtername, '/'), state.msg_attr.user); ++ ++ /* Check if this filter is already registered as dictionary. */ ++ if (msg_verbose) ++ msg_info("%s: checking DICT filters for %s", myname, filtername); ++ ++ if ((FILTERS = dict_handle(filtername))) { ++ if (msg_verbose) ++ msg_info("%s: DICT filter found", myname); ++ ++ /* ++ * If we have mtime in our DICT structure, check it against sqlmtime ++ * and reload the filters if they differ. ++ */ ++ if (FILTERS->mtime > 0 && sqlmtime > 0 && FILTERS->mtime != sqlmtime) { ++ if (msg_verbose) ++ msg_info("%s: reloading DICT filters (dict_mtime=%ld != sql_mtime=%ld)", ++ myname, FILTERS->mtime, sqlmtime); ++ ++ dict_unregister(filtername); ++ FILTERS = dict_open(filtername, O_RDONLY, DICT_FLAG_LOCK); ++ dict_register(filtername, FILTERS); ++ FILTERS->mtime = sqlmtime; ++ } ++ } ++ else { ++ if (sqlmtime > 0) { ++ /* Registering filter as new dictionary. */ ++ if (msg_verbose) ++ msg_info("%s: loading DICT filters from %s (mtime=%ld)", ++ myname, filtername, sqlmtime); ++ ++ FILTERS = dict_open(filtername, O_RDONLY, DICT_FLAG_LOCK); ++ dict_register(filtername, FILTERS); ++ FILTERS->mtime = sqlmtime; ++ } ++ } ++ ++ if (FILTERS && (tmpfilter = vstream_fopen(tmpfile, O_RDONLY, 0))) { ++ fltstr = vstring_alloc(1024); ++ header = (char *) malloc(8192); /* !!!INSECURE!!! See 7168-hack below. */ ++ header[0] = 0; ++ vstring_get_nonl_bound(fltstr, tmpfilter, 1023); ++ header = concatenate(header, STR(fltstr), (char *) 0); ++ ++ while(!vstream_feof(tmpfilter) && fltstr->vbuf.data[0] && strlen(header) < 7168 ) { ++ vstring_get_nonl_bound(fltstr, tmpfilter, 1023); ++ /* Glue multiline headers, replacing leading TAB with space. */ ++ if (msg_verbose) ++ msg_info("%s: fltstr value: %s", myname, STR(fltstr)); ++ ++ if (fltstr->vbuf.data[0] == ' ' || fltstr->vbuf.data[0] == '\t' ) { ++ if (fltstr->vbuf.data[0] == '\t') ++ fltstr->vbuf.data[0] = ' '; ++ header = concatenate(header, STR(fltstr), (char *) 0); ++ } ++ else { ++ header = concatenate(header, "\n", STR(fltstr), (char *) 0); ++ } ++ } ++ ++ if (msg_verbose) ++ msg_info("%s: checking filter CMD for %s", myname, filtername); ++ ++ /* Check whole header part with regexp maps. */ ++ if ((value = dict_get(FILTERS, lowercase(header))) != 0) { ++ if (msg_verbose) ++ msg_info("%s: preparing filter CMD", myname); ++ ++ cmd_text = value + strcspn(value, " \t"); ++ cmd_len = cmd_text - value; ++ while (*cmd_text && ISSPACE(*cmd_text)) ++ cmd_text++; ++ ++ if (msg_verbose) ++ msg_info("%s: executing filter CMD", myname); ++ ++ if (STREQUAL(value, "REJECT", cmd_len)) { ++ if (msg_verbose) ++ msg_info("%s: executing filter CMD REJECT", myname); ++ ++ mail_copy_status = MAIL_COPY_STAT_REJECT; ++ vstring_sprintf(why->reason, "%s", cmd_text); ++ dsb_simple(why, "5.0.0", "User filter - REJECT"); ++ } ++ ++ if (STREQUAL(value, "DISCARD", cmd_len)) { ++ if (msg_verbose) ++ msg_info("%s: executing filter CMD DISCARD", myname); ++ ++ mail_copy_status = MAIL_COPY_STAT_DISCARD; ++ vstring_sprintf(why->reason, "%s", cmd_text); ++ dsb_simple(why, "5.0.0", "User filter - DISCARD"); ++ } ++ ++ if (var_virt_maildir_extended) { ++ if (STREQUAL(value, "MOVE", cmd_len)) { ++ if (msg_verbose) ++ msg_info("%s: executing filter CMD MOVE", myname); ++ ++ strcut((char *) cmd_text, " "); ++ strcut((char *) cmd_text, "\t"); ++ strcut((char *) cmd_text, "/"); ++ strcut((char *) cmd_text, ".."); ++ ++ if (*var_virt_maildir_suffix == 0) { ++ newfile = concatenate(usr_attr.mailbox, (char *) 0); ++ } ++ else { ++ newfile = concatenate(usr_attr.mailbox, var_virt_maildir_suffix, (char *) 0); ++ } ++ ++ if (cmd_text[0] != '.') { ++ newfile = concatenate(newfile, ".", (char *) 0); ++ } ++ newdir = concatenate(newfile, cmd_text, "/", "new/", (char *) 0); ++ tmpdir = concatenate(newfile, cmd_text, "/", "tmp/", (char *) 0); ++ curdir = concatenate(newfile, cmd_text, "/", "cur/", (char *) 0); ++ mdffilename = concatenate(newfile, cmd_text, "/", "maildirfolder", (char *) 0); ++ newfile = concatenate(newfile, cmd_text, "/", "new/", bkpnewfile, (char *) 0); ++ } ++ } ++ ++ if (STREQUAL(value, "LOG", cmd_len) || STREQUAL(value, "WARN", cmd_len)) { ++ msg_warn("%s: header check warning: %s", myname, cmd_text); ++ } ++ ++ if (STREQUAL(value, "INFO", cmd_len)) { ++ msg_info("%s: header check info: %s", myname, cmd_text); ++ } ++ ++ if (msg_verbose) ++ msg_info("%s: exiting filter CMD", myname); ++ } /* End-Of-Check */ ++ ++ myfree(header); ++ vstring_free(fltstr); ++ vstream_fclose(tmpfilter); ++ } ++ ++ myfree(filtername); ++ } /* End-Of-Maildirfilter */ ++ ++ /* Deliver to curdir. */ ++ if (mail_copy_status == 0) { ++ if (sane_link(tmpfile, newfile) < 0 ++ && (errno != ENOENT ++ || (make_dirs(curdir, 0700), make_dirs(newdir, 0700), make_dirs(tmpdir, 0700)) < 0 ++ || sane_link(tmpfile, newfile) < 0)) { ++ dsb_simple(why, mbox_dsn(errno, "4.2.0"), "create maildir file %s: %m", newfile); ++ mail_copy_status = MAIL_COPY_STAT_WRITE; ++ } ++ ++ if (var_virt_maildir_extended) { ++ time(&tm); ++ ++ /* Check if the quota in the file is the same as the current one, if not, delete the file. */ ++ sizefile = vstream_fopen(sizefilename, O_RDONLY, 0); ++ if (sizefile) { ++ filequota = vstring_alloc(128); ++ vstring_get_null_bound(filequota, sizefile, 127); ++ vstream_fclose(sizefile); ++ if (atol(vstring_export(filequota)) != n) ++ unlink(sizefilename); ++ } ++ ++ /* Open maildirsize file to append this transaction. */ ++ sizefile = vstream_fopen(sizefilename, O_WRONLY | O_APPEND, 0640); ++ ++ /* If the open fails (maildirsize doesn't exist), or it's too large, or too old, overwrite it. */ ++ if(!sizefile || (stat(sizefilename, &sizefile_stat) < 0) || (sizefile_stat.st_size > SIZEFILE_MAX) || (sizefile_stat.st_mtime + 15*60 < tm)) { ++ /* If the file exists, sizefile has been opened above, so close it first. */ ++ if (sizefile) { ++ vstream_fclose(sizefile); ++ sizefile = vstream_fopen(sizefilename, O_WRONLY | O_TRUNC, 0640); ++ } ++ else { ++ sizefile = vstream_fopen(sizefilename, O_WRONLY | O_CREAT, 0640); ++ } ++ ++ /* If the creation worked, write to the file, otherwise just give up. */ ++ if (sizefile) { ++ vstream_fprintf(sizefile, "%ldS\n%ld %ld\n", n, saved_size, saved_count); ++ vstream_fclose(sizefile); ++ } ++ } ++ else { ++ /* We opened maildirsize, so let's just append this transaction and close it. */ ++ vstream_fprintf(sizefile, "%ld 1\n", (long) mail_stat.st_size); ++ vstream_fclose(sizefile); ++ } ++ ++ /* ++ * 1) mdffilename != 0, so the maildirfilter code went through the MOVE to subfolder rule. ++ * 2) stat() failed, maybe the file does not exist? Try to create it. ++ */ ++ if (mdffilename && (stat(mdffilename, &mdffile_stat) < 0)) { ++ mdffile = vstream_fopen(mdffilename, O_WRONLY | O_CREAT, 0600); ++ if (mdffile) { ++ vstream_fclose(mdffile); ++ } ++ else { ++ msg_warn("Cannot create maildirfolder file '%s': %s", mdffilename, strerror(errno)); ++ } ++ } ++ } ++ } ++ } ++ } ++ if (unlink(tmpfile) < 0) ++ msg_warn("remove %s: %m", tmpfile); + } + set_eugid(var_owner_uid, var_owner_gid); + +@@ -224,31 +955,64 @@ int deliver_maildir(LOCAL_STATE stat + * location possibly under user control. + */ + if (mail_copy_status & MAIL_COPY_STAT_CORRUPT) { +- deliver_status = DEL_STAT_DEFER; +- } else if (mail_copy_status != 0) { +- if (errno == EACCES) { +- msg_warn("maildir access problem for UID/GID=%lu/%lu: %s", +- (long) usr_attr.uid, (long) usr_attr.gid, +- STR(why->reason)); +- msg_warn("perhaps you need to create the maildirs in advance"); +- } +- vstring_sprintf_prepend(why->reason, "maildir delivery failed: "); +- deliver_status = +- (STR(why->status)[0] == '4' ? +- defer_append : bounce_append) +- (BOUNCE_FLAGS(state.request), +- BOUNCE_ATTR(state.msg_attr)); +- } else { +- dsb_simple(why, "2.0.0", "delivered to maildir"); +- deliver_status = sent(BOUNCE_FLAGS(state.request), +- SENT_ATTR(state.msg_attr)); ++ deliver_status = DEL_STAT_DEFER; ++ } ++ else if (mail_copy_status != 0) { ++ if (errno == EACCES) { ++ msg_warn("maildir access problem for UID/GID=%lu/%lu: %s", ++ (long) usr_attr.uid, (long) usr_attr.gid, STR(why->reason)); ++ msg_warn("perhaps you need to create the maildirs in advance"); ++ } ++ ++ /* Support per-recipient bounce messages. */ ++ const char *limit_message; ++ int errnored = errno; /* Seems like mail_addr_find resets errno ... */ ++ ++ if (*var_virt_maildir_limit_message_maps != 0 && (limit_message = mail_addr_find(virtual_maildir_limit_message_maps, state.msg_attr.user, (char **) NULL)) != 0) { ++ errno = errnored; ++ if (errno == EFBIG) { ++ dsb_simple(why, "5.2.2", limit_message, NULL); ++ } ++ if (errno == EDQUOT) { ++ dsb_simple(why, "4.2.2", limit_message, NULL); ++ } ++ } ++ else { ++ errno = errnored; ++ if (errno == EFBIG) { ++ dsb_simple(why, "5.2.2", var_virt_maildir_limit_message, NULL); ++ } ++ if (errno == EDQUOT) { ++ dsb_simple(why, "4.2.2", var_virt_maildir_limit_message, NULL); ++ } ++ } ++ ++ vstring_sprintf_prepend(why->reason, "maildir delivery failed: "); ++ deliver_status = ++ (STR(why->status)[0] == '4' ? defer_append : bounce_append) ++ (BOUNCE_FLAGS(state.request), BOUNCE_ATTR(state.msg_attr)); ++ } ++ else { ++ dsb_simple(why, "2.0.0", "delivered to maildir"); ++ deliver_status = sent(BOUNCE_FLAGS(state.request), SENT_ATTR(state.msg_attr)); + } ++ + vstring_free(buf); ++ + myfree(newdir); + myfree(tmpdir); + myfree(curdir); ++ ++ if (sizefilename) ++ myfree(sizefilename); ++ if (mdffilename) ++ myfree(mdffilename); ++ + myfree(tmpfile); + if (newfile) +- myfree(newfile); ++ myfree(newfile); ++ if (bkpnewfile) ++ myfree(bkpnewfile); ++ + return (deliver_status); + } +Index: src/virtual/virtual.c +=================================================================== +--- src/virtual/virtual.c.orig ++++ src/virtual/virtual.c +@@ -364,12 +364,28 @@ char *var_mail_spool_dir; /* XXX depe + bool var_strict_mbox_owner; + char *var_virt_dsn_filter; + ++char *var_virt_mailbox_limit_maps; ++bool var_virt_mailbox_limit_inbox; ++bool var_virt_mailbox_limit_override; ++bool var_virt_maildir_extended; ++bool var_virt_overquota_bounce; ++char *var_virt_maildir_limit_message; ++char *var_virt_maildir_limit_message_maps; ++char *var_virt_maildir_suffix; ++bool var_virt_trash_count; ++char *var_virt_trash_name; ++bool var_virt_maildir_filter; ++char *var_virt_maildir_filter_maps; ++ + /* + * Mappings. + */ + MAPS *virtual_mailbox_maps; + MAPS *virtual_uid_maps; + MAPS *virtual_gid_maps; ++MAPS *virtual_mailbox_limit_maps; ++MAPS *virtual_maildir_limit_message_maps; ++MAPS *virtual_maildir_filter_maps; + + /* + * Bit masks. +@@ -479,18 +495,27 @@ static void post_init(char *unused_name, + */ + virtual_mailbox_maps = + maps_create(VAR_VIRT_MAILBOX_MAPS, var_virt_mailbox_maps, +- DICT_FLAG_LOCK | DICT_FLAG_PARANOID +- | DICT_FLAG_UTF8_REQUEST); ++ DICT_FLAG_LOCK); + + virtual_uid_maps = + maps_create(VAR_VIRT_UID_MAPS, var_virt_uid_maps, +- DICT_FLAG_LOCK | DICT_FLAG_PARANOID +- | DICT_FLAG_UTF8_REQUEST); ++ DICT_FLAG_LOCK); + + virtual_gid_maps = + maps_create(VAR_VIRT_GID_MAPS, var_virt_gid_maps, +- DICT_FLAG_LOCK | DICT_FLAG_PARANOID +- | DICT_FLAG_UTF8_REQUEST); ++ DICT_FLAG_LOCK); ++ ++ virtual_mailbox_limit_maps = ++ maps_create(VAR_VIRT_MAILBOX_LIMIT_MAPS, var_virt_mailbox_limit_maps, ++ DICT_FLAG_LOCK); ++ ++ virtual_maildir_limit_message_maps = ++ maps_create(VAR_VIRT_MAILDIR_LIMIT_MESSAGE_MAPS, var_virt_maildir_limit_message_maps, ++ DICT_FLAG_LOCK); ++ ++ virtual_maildir_filter_maps = ++ maps_create(VAR_VIRT_MAILDIR_FILTER_MAPS, var_virt_maildir_filter_maps, ++ DICT_FLAG_LOCK); + + virtual_mbox_lock_mask = mbox_lock_mask(var_virt_mailbox_lock); + } +@@ -545,11 +570,23 @@ int main(int argc, char **argv) + VAR_VIRT_GID_MAPS, DEF_VIRT_GID_MAPS, &var_virt_gid_maps, 0, 0, + VAR_VIRT_MAILBOX_BASE, DEF_VIRT_MAILBOX_BASE, &var_virt_mailbox_base, 1, 0, + VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0, ++ VAR_VIRT_MAILBOX_LIMIT_MAPS, DEF_VIRT_MAILBOX_LIMIT_MAPS, &var_virt_mailbox_limit_maps, 0, 0, ++ VAR_VIRT_MAILDIR_LIMIT_MESSAGE, DEF_VIRT_MAILDIR_LIMIT_MESSAGE, &var_virt_maildir_limit_message, 1, 0, ++ VAR_VIRT_MAILDIR_LIMIT_MESSAGE_MAPS, DEF_VIRT_MAILDIR_LIMIT_MESSAGE_MAPS, &var_virt_maildir_limit_message_maps, 0, 0, ++ VAR_VIRT_MAILDIR_SUFFIX, DEF_VIRT_MAILDIR_SUFFIX, &var_virt_maildir_suffix, 0, 0, ++ VAR_VIRT_TRASH_NAME, DEF_VIRT_TRASH_NAME, &var_virt_trash_name, 0, 0, ++ VAR_VIRT_MAILDIR_FILTER_MAPS, DEF_VIRT_MAILDIR_FILTER_MAPS, &var_virt_maildir_filter_maps, 0, 0, + VAR_VIRT_DSN_FILTER, DEF_VIRT_DSN_FILTER, &var_virt_dsn_filter, 0, 0, + 0, + }; + static const CONFIG_BOOL_TABLE bool_table[] = { + VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner, ++ VAR_VIRT_MAILBOX_LIMIT_INBOX, DEF_VIRT_MAILBOX_LIMIT_INBOX, &var_virt_mailbox_limit_inbox, ++ VAR_VIRT_MAILBOX_LIMIT_OVERRIDE, DEF_VIRT_MAILBOX_LIMIT_OVERRIDE, &var_virt_mailbox_limit_override, ++ VAR_VIRT_MAILDIR_EXTENDED, DEF_VIRT_MAILDIR_EXTENDED, &var_virt_maildir_extended, ++ VAR_VIRT_OVERQUOTA_BOUNCE, DEF_VIRT_OVERQUOTA_BOUNCE, &var_virt_overquota_bounce, ++ VAR_VIRT_TRASH_COUNT, DEF_VIRT_TRASH_COUNT, &var_virt_trash_count, ++ VAR_VIRT_MAILDIR_FILTER, DEF_VIRT_MAILDIR_FILTER, &var_virt_maildir_filter, + 0, + }; + +@@ -566,6 +603,7 @@ int main(int argc, char **argv) + CA_MAIL_SERVER_PRE_INIT(pre_init), + CA_MAIL_SERVER_POST_INIT(post_init), + CA_MAIL_SERVER_PRE_ACCEPT(pre_accept), ++ CA_MAIL_SERVER_BOOL_TABLE(bool_table), + CA_MAIL_SERVER_PRIVILEGED, + CA_MAIL_SERVER_BOUNCE_INIT(VAR_VIRT_DSN_FILTER, + &var_virt_dsn_filter), +Index: src/virtual/virtual.h +=================================================================== +--- src/virtual/virtual.h.orig ++++ src/virtual/virtual.h +@@ -34,6 +34,9 @@ + extern MAPS *virtual_mailbox_maps; + extern MAPS *virtual_uid_maps; + extern MAPS *virtual_gid_maps; ++extern MAPS *virtual_mailbox_limit_maps; ++extern MAPS *virtual_maildir_limit_message_maps; ++extern MAPS *virtual_maildir_filter_maps; + + /* + * User attributes: these control the privileges for delivery to external diff --git a/postfix-vmail-user.conf b/postfix-vmail-user.conf new file mode 100644 index 0000000..c59549d --- /dev/null +++ b/postfix-vmail-user.conf @@ -0,0 +1,2 @@ +# Type Name ID GECOS [HOME] +u vmail - "Virtual Mail User" /srv/maildirs diff --git a/postfix.changes b/postfix.changes new file mode 100644 index 0000000..8ccf3a4 --- /dev/null +++ b/postfix.changes @@ -0,0 +1,5921 @@ +------------------------------------------------------------------- +Fri Aug 9 08:48:07 UTC 2024 - Thorsten Kukuk + +- Remove rcpostfix symlink [jsc#PED-266] + +------------------------------------------------------------------- +Wed Aug 7 06:34:05 UTC 2024 - Thorsten Kukuk + +- postfix-script requires cmp + +------------------------------------------------------------------- +Thu Aug 1 08:36:10 UTC 2024 - Peter Varkoly + +- postfix gives warnings about deprecated parameters (bsc#1225397) + +------------------------------------------------------------------- +Tue Jun 18 18:15:47 UTC 2024 - chris@computersalat.de + +- fix for Invalid cross-device link + * failed to create hard link 'etc/localtime' => '/usr/share/zoneinfo/Etc/UTC' + +------------------------------------------------------------------- +Tue Jun 11 11:57:53 UTC 2024 - Adam Majer + +- Set built-in path values to suse values (bsc#1215689) + +------------------------------------------------------------------- +Mon May 20 20:45:06 UTC 2024 - chris@computersalat.de + +- Update update_chroot.systemd + * Add missing checks for DKIM (openDKIM) +- keep spec and changes files in sync + +------------------------------------------------------------------- +Fri May 17 11:42:53 UTC 2024 - Peter Varkoly + +- config.postfix needs updating (bsc#1224207) + * chkconfig -> systemctl + * Link Cyrus lmtp only if this exsists + * /usr/lib64/sasl2 does not need to exist + * Fetch timezone via readlink from /etc/localtime + +------------------------------------------------------------------- +Fri Apr 5 01:44:30 UTC 2024 - Georg Pfuetzenreuter + +- Move qshape(1) out of -doc, install it as a binary with the main package + +------------------------------------------------------------------- +Thu Mar 7 18:42:30 UTC 2024 - Arjen de Korte + +- update to 3.9.0 + * As described in DEPRECATION_README, the SMTP server features + "permit_naked_ip_address", "check_relay_domains", and + "reject_maps_rbl" have been removed, after they have been logging + a warning for some 20 years. These features now log a warning + and return a "server configuration error" response. + * The MySQL client no longer supports MySQL versions < 4.0. MySQL + version 4.0 was released in 2003. + * As covered in DEPRECATION_README, the configuration parameter + "disable_dns_lookup" and about a dozen TLS-related parameters + are now officially obsolete. These parameters still work, but + the postconf command logs warnings that they will be removed + from Postfix. + * As covered in DEPRECATION_README, "permit_mx_backup" logs a + warning that it will be removed from Postfix. + * In message headers, Postfix now formats numerical days as + two-digit days, i.e. days 1-9 have a leading zero instead of a + leading space. This change was made because the RFC 5322 date + and time specification recommends (i.e. SHOULD) that a single + space be used in each place that folding white space appears. + This change avoids a breaking change in the length of a date + string. + * The MySQL client default characterset is now configurable with + the "charset" configuration file attribute. The default is + "utf8mb4", consistent with the MySQL 8.0 built-in default, but + different from earlier MySQL versions where the built-in default + was "latin1". + * Support to query MongoDB databases, contributed by Hamid Maadani, + based on earlier code by Stephan Ferraro. See MONGODB_README + and mongodb_table(5) + * The RFC 3461 envelope ID is now exported in the local(8) delivery + agent with the ENVID environment variable, and in the pipe(8) + delivery agent with the ${envid} command-line attribute. + * Configurable idle and retry timer settings in the mysql: and + pgsql: clients. A shorter than default retry timer can sped up + the recovery after error, when Postfix is configured with only + one server in the "hosts" attribute. After the code was frozen + for release, we have learned that Postfix can recover faster + from some errors when the single server is specified multiple + times in the "hosts" attribute. + * Optional Postfix TLS support to request an RFC7250 raw public + key instead of an X.509 public-key certificate. The configuration + settings for raw key public support will be ignored when there + is no raw public key support in the local TLS implementation + (i.e. Postfix with OpenSSL versions before 3.2). See RELEASE_NOTES + for more information. + * Preliminary support for OpenSSL configuration files, primarily + OpenSSL 1.1.1b and later. This introduces two new parameters + "tls_config_file" and "tls_config_name", which can be used to + limit collateral damage from OS distributions that crank up + security to 11, increasing the number of plaintext email + deliveries. Details are in the postconf(5) manpage under + "tls_config_file" and "tls_config_name". + * With "smtpd_forbid_unauth_pipelining = yes" (the default), + Postfix defends against multiple "blind" SMTP attacks. This + feature was back-ported to older stable releases but disabled + by default. + * With "smtpd_forbid_bare_newline = normalize" (the default) + Postfix defends against SMTP smuggling attacks. See RELEASE_NOTES + for details. This feature was back-ported to older stable + releases but disabled by default. + * Prevent outbound SMTP smuggling, where an attacker uses Postfix + to send email containing a non-standard End-of-DATA sequence, + to exploit inbound SMTP smuggling at a vulnerable remote SMTP + server. With "cleanup_replace_stray_cr_lf = yes" (the default), + the cleanup daemon replaces each stray or character + in message content with a space character. This feature was + back-ported to older stable releases with identical functionality. + * The Postfix DNS client now limits the total size of DNS lookup + results to 100 records; it drops the excess records, and logs + a warning. This limit is 20x larger than the number of server + addresses that the Postfix SMTP client is willing to consider + when delivering mail, and is far below the number of records + that could cause a tail recursion crash in dns_rr_append() as + reported by Toshifumi Sakaguchi. This also introduces a similar + limit on the number of DNS requests that a check_*_*_access + restriction can make. All this was back-ported to older stable + releases with identical functionality. +- refreshed patch: + % postfix-no-md5.patch +- change obsoleted "disable_dns_lookups" to "smtp_dns_support_level" + % postfix-SUSE.tar.gz + % postfix-main.cf.patch + % postfix-master.cf.patch + +------------------------------------------------------------------- +Tue Mar 5 16:46:16 UTC 2024 - Arjen de Korte + +- update to 3.8.6 + * Bugfix (defect introduced: Postfix 2.3, date 20051222): the + Dovecot auth client did not reset the 'reason' from a previous + Dovecot auth service response, before parsing the next Dovecot + auth server response in the same SMTP session, resulting in a + nonsensical "authentication failed" warning message. Reported + by Stephan Bosch. + * Bugfix (defect introduced: Postfix 3.1, date: 20151128): + "postqueue -j" produced broken JSON when escaping a control + character as \uXXXX. Found during code maintenance. + * Cleanup: this fixes posttls-finger certificate match expectations + for all TLS security levels, including warnings for levels that + don't implement certificate matching. By Viktor Dukhovni. + * Bugfix (defect introduced: Postfix 2.3): after prepending a + header at the top of a message (with an access(5), header_checks(5) + or Milter action), the Postfix Milter "delete header" or "update + header" action was skipping the prepended header, instead of + skipping the Postfix-generated Received: header. Problem report + by Carlos Velasco. + * Workaround: tlsmgr logfile spam. Reportedly, some OS lies under + load: it says that a socket is readable, then it says that the + socket has unread data, and then it says that read returns EOF, + causing Postfix to spam the log with a warning message. + * Bugfix (defect introduced: Postfix 3.4): the SMTP server's BDAT + command handler could be tricked to read $message_size_limit + bytes into memory. Found during code maintenance. + * Safety: limit the total size of DNS lookup results to 100 + records; drop the excess records, and log a warning. This limit + is 20x larger than the number of server addresses that the + Postfix SMTP client is willing to consider when delivering mail, + and is far below the number of records that could cause a tail + recursion crash in dns_rr_append() as reported by Toshifumi + Sakaguchi. This fix also limits the number of DNS requests that + a check_*_*_access restriction can make. + * Performance, related to the previous problem: eliminate worst-case + behavior where the queue manager could defer delivery to all + destinations over a specific delivery transport, after only a + single delivery agent crash. The scheduler now throttles + deliveries to one destination, and allows other deliveries to + keep making progress. +- change to functioning mirror (http://cdn.postfix.johnriley.me/ + has been dead for a while although it is still listed upstream) +- make output of %setup less verbose by restoring -q option + +------------------------------------------------------------------- +Tue Mar 5 12:19:01 UTC 2024 - Peter Varkoly + +- %autosetup does not works with multiple -a. + https://github.com/rpm-software-management/rpm/issues/1204 + +------------------------------------------------------------------- +Thu Feb 29 14:40:38 UTC 2024 - Dominique Leuenberger + +- Use %autosetup macro. Allows to eliminate the usage of deprecated + %patchN. + +------------------------------------------------------------------- +Tue Jan 23 18:24:16 UTC 2024 - Arjen de Korte + +- update to 3.8.5 + * Security: this release improves support to defend against an email + spoofing attack (SMTP smuggling) on recipients at a Postfix server. + For background, see https://www.postfix.org/smtp-smuggling.html. + +------------------------------------------------------------------- +Sat Jan 6 22:41:09 UTC 2024 - chris@computersalat.de + +- rework fix for bsc#1192173: keep myhostname and mydestination + patched, but with upstream default to have them in correct place + when updated via config.postfix +- rework SMTP Smuggling defaults + * yes is now alias of 'normalize' + smtpd_forbid_bare_newline = normalize + * another new option is 'reject' wich should be used in connection + with + smtpd_forbid_bare_newline_reject_code = 521 +- rework patches + * postfix-bdb-main.cf.patch + * postfix-main.cf.patch +- rebase patches + * postfix-linux45.patch + * postfix-ssl-release-buffers.patch + * postfix-vda-v14-3.0.3.patch + * set-default-db-type.patch +- sync changes files + * add missing entries in postfix-bdb.changes + +------------------------------------------------------------------- +Thu Dec 28 07:57:23 UTC 2023 - Dirk Müller + +- update default configuration to enable the long-term fix for + bsc#1218304, bsc#1218314 CVE-2023-51764, SMTP smuggling attack: + * smtpd_forbid_bare_newline = yes + * smtpd_forbid_bare_newline_exclusions = $mynetworks + +------------------------------------------------------------------- +Fri Dec 22 17:57:57 UTC 2023 - Arjen de Korte + +- update to 3.8.4 (bsc#1218304, CVE-2023-51764): + * Security: this release adds support to defend + against an email spoofing attack (SMTP smuggling) on + recipients at a Postfix server. For background, see + https://www.postfix.org/smtp-smuggling.html + +------------------------------------------------------------------- +Fri Nov 3 14:55:20 UTC 2023 - Arjen de Korte + +- update to 3.8.3 + * Bugfix (defect introduced Postfix 2.5, date 20080104): the + Postfix SMTP server was waiting for a client command instead + of replying immediately, after a client certificate verification + error in TLS wrappermode. Reported by Andreas Kinzler. + * Usability: the Postfix SMTP server (finally) attempts to log + the SASL username after authentication failure. In Postfix + logging, this appends ", sasl_username=xxx" after the reason + for SASL authentication failure. The logging replaces an + unavailable reason with "(reason unavailable)", and replaces + an unavailable sasl_username with "(unavailable)". Based on + code by Jozsef Kadlecsik. + * Compatibility bugfix (defect introduced: Postfix 2.11, date + 20130405): in forward_path, the expression ${recipient_delimiter} + would expand to an empty string when a recipient address had + no recipient delimiter. The compatibility fix is to use a + configured recipient delimiter value instead. Reported by Tod + A. Sandman. + +------------------------------------------------------------------- +Mon Oct 23 07:43:31 UTC 2023 - Peter Varkoly + +- Syntax error in update_postmaps script (bsc#1216061) + +------------------------------------------------------------------- +Mon Sep 18 12:38:19 UTC 2023 - Peter Varkoly + +- postfix: config.postfix causes too tight permission on main.cf + (bsc#1215372) + +------------------------------------------------------------------- +Tue Aug 15 09:07:07 UTC 2023 - Peter Varkoly + +- CVE-2023-32182: postfix: config_postfix SUSE specific script + potentially bad /tmp file usage (bsc#1211196) + Use temp file created by mktemp + +------------------------------------------------------------------- +Tue Jun 6 18:37:03 UTC 2023 - Arjen de Korte + +- update to 3.8.1 + * Optional: harden a Postfix SMTP server against remote SMTP + clients that violate RFC 2920 (or 5321) command pipelining + constraints. With "smtpd_forbid_unauth_pipelining = yes", the + server disconnects a client immediately, after responding with + "554 5.5.0 Error: SMTP protocol synchronization" and after + logging "improper command pipelining" with the unexpected remote + SMTP client input. This feature is disabled by default in Postfix + 3.5-3.8 to avoid breaking home-grown utilities, but it is enabled + by default in Postfix 3.9. A similar feature is enabled by + default in the Exim SMTP server. + * Optional: some OS distributions crank up TLS security to 11, + and in doing so increase the number of plaintext email deliveries. + This introduces basic OpenSSL configuration file support that + may be used to override OS-level settings. + Details are in the postconf(5) manpage under tls_config_file + and tls_config_name. + * Bugfix (defect introduced: Postfix 1.0): the command "postconf + .. name=v1 .. name=v2 .." (multiple instances of the same + parameter name) created multiple main.cf name=value entries + with the same parameter name. It now logs a warning and skips + the earlier name(s) and value(s). Found during code maintenance. + * Bugfix (defect introduced: Postfix 3.3): the command "postconf + -M name1/type1='name2 type2 ...'" died with a segmentation + violation when the request matched multiple master.cf entries. + The master.cf file was not damaged. Problem reported by SATOH + Fumiyasu. + * Bugfix (defect introduced: Postfix 2.11): the command "postconf + -M name1/type1='name2 type2 ...'" could add a service definition + to master.cf that conflicted with an already existing service + definition. It now replaces all existing service definitions + that match the service pattern 'name1/type1' or the service + name and type in 'name2 type2 ...' with a single service + definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu. + * Bugfix (defect introduced: Postfix 3.8) the posttls-finger + command could access uninitialized memory when reconnecting. + This also fixes a malformed warning message when a destination + contains ":service" information. Reported by Thomas Korbar. + * Bugfix (defect introduced: Postfix 3.2): the MySQL client could + return "not found" instead of "error" (for example, resulting + in a 5XX SMTP status instead of 4XX) during the time that all + MySQL server connections were turned down after error. Found + during code maintenance. File: global/dict_mysql.c. This was + already fixed in Postfix 3.4-3.7. + +------------------------------------------------------------------- +Thu May 4 11:23:41 UTC 2023 - Dominique Leuenberger + +- Add _multibuild to define 2nd spec file as additional flavor. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Tue Apr 18 18:14:49 UTC 2023 - Arjen de Korte + +- update to 3.8.0 + * Support to look up DNS SRV records in the Postfix SMTP/LMTP + client, Based on code by Tomas Korbar (Red Hat). For example, + with "use_srv_lookup = submission" and "relayhost = + example.com:submission", the Postfix SMTP client will look up + DNS SRV records for _submission._tcp.example.com, and will relay + email through the hosts and ports that are specified with those + records. + * TLS obsolescence: Postfix now treats the "export" and "low" + cipher grade settings as "medium". The "export" and "low" grades + are no longer supported in OpenSSL 1.1.1, the minimum version + required in Postfix 3.6.0 and later. Also, Postfix default + settings now exclude deprecated or unused ciphers (SEED, IDEA, + 3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms + (DH, ECDH), and public key algorithm (DSS). + * Attack resistance: the Postfix SMTP server can now aggregate + smtpd_client_*_rate and smtpd_client_*_count statistics by + network block instead of by IP address, to raise the bar against + a memory exhaustion attack in the anvil(8) server; Postfix TLS + support unconditionally disables TLS renegotiation in the middle + of an SMTP connection, to avoid a CPU exhaustion attack. + * The PostgreSQL client encoding is now configurable with the + "encoding" Postfix configuration file attribute. The default + is "UTF8". Previously the encoding was hard-coded as "LATIN1", + which is not useful in the context of SMTP. + * The postconf command now warns for #comment in or after a Postfix + parameter value. Postfix programs do not support #comment after + other text, and treat that as input. +- rebase/refresh patches + * pointer_to_literals.patch + * postfix-linux45.patch + * postfix-master.cf.patch + * postfix-ssl-release-buffers.patch + * set-default-db-type.patch + +------------------------------------------------------------------- +Sat Feb 25 15:15:58 UTC 2023 - Otto Hollmann + +- update to 3.7.4 + * Workaround: with OpenSSL 3 and later always turn on + SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed + opportunities for TLS session reuse. This is safe because the SMTP protocol + implements application-level framing, and is therefore not affected by TLS + truncation attacks. + * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound + handles for digest implementations. In sufficiently hostile configurations, + Postfix could mistakenly believe that a digest algorithm is available, and + fail when it is not. A similar workaround may be needed for + EVP_get_cipherbyname(). + * Bugfix (bug introduced in Postfix 2.11): the checkok() macro in + tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate + the argument only if there was no prior error. + * Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation + violation when postscreen_dnsbl_threshold < 1. It should reject such input + with a fatal error instead. + * Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions. + * Portability: Linux 6 support. + * Added missing documentation that cidr:, pcre: and regexp: tables support + inline specification only in Postfix 3.7 and later. + * Rebased postfix-linux45.patch + +------------------------------------------------------------------- +Thu Feb 9 20:13:42 UTC 2023 - Peter Varkoly + +- SELinux: postfix denied to access /var/spool/postfix/pid/master.pid + (bsc#1207177) Apply proposed changes in postfix.service +- remove patch included into the source: + harden_postfix.service.patch + +------------------------------------------------------------------- +Wed Jan 25 13:30:52 UTC 2023 - Thorsten Kukuk + +- Disable NIS support on Factory (deprecated and will be removed) + +------------------------------------------------------------------- +Wed Jan 18 12:09:13 UTC 2023 - Hu + +- Fix SELinux labeling issue caused by /usr/sbin/config.postfix (bsc#1207227). + +------------------------------------------------------------------- +Mon Nov 14 15:05:42 UTC 2022 - Peter Varkoly + +- postfix default main.cf myhostname default causes conflict + (bsc#1192173) + Use the postfix build in defaults for myhostname and mydestination + +------------------------------------------------------------------- +Sun Oct 9 12:00:55 UTC 2022 - Michael Ströder + +- update to 3.7.3 + * Fixed a bug where some messages were not delivered after + "warning: Unexpected record type 'X'. (bsc#1213515) + * Workaround: in a TLS server disable Postfix's 1-element internal session + cache, to work around an OpenSSL 3.0 regression that broke TLS handshakes. + * Code health: the fix for milter_header_checks (3.7.1, 3.6.6, 3.5.16, 3.4.26) + introduced a missing msg_panic() argument (in code that never executes). + * Code health: Postfix 3.3.0 introduced an uninitialized verify_append() + request status in case of a null original recipient address. + * Postfix 3.5.0 introduced debug logging noise in map_search_create(). + +------------------------------------------------------------------- +Tue Sep 6 09:17:20 UTC 2022 - Ludwig Nussel + +- own /var/spool/mail (boo#1179574) + +------------------------------------------------------------------- +Thu Aug 4 19:09:34 UTC 2022 - chris@computersalat.de + +- use correct source signature file (gpg2) + +------------------------------------------------------------------- +Mon Jul 11 14:21:41 UTC 2022 - chris@computersalat.de + +- update to 3.7.2 + https://de.postfix.org/ftpmirror/official/postfix-3.7.2.RELEASE_NOTES +- rebase patches + * pointer_to_literals.patch + * postfix-linux45.patch + * postfix-main.cf.patch + * postfix-master.cf.patch + * postfix-no-md5.patch + * postfix-ssl-release-buffers.patch + * postfix-vda-v14-3.0.3.patch + * set-default-db-type.patch +- build against libpcre2 + +------------------------------------------------------------------- +Tue May 10 20:14:54 UTC 2022 - chris@computersalat.de + +- remove *.swp from postfix-SUSE.tar.gz + +------------------------------------------------------------------- +Tue May 3 20:16:49 UTC 2022 - chris@computersalat.de + +- fix config.postfix 'hash' leftover with relay_recipients +- update postfix-main.cf.patch about + * smtp_tls_security_level (obsoletes smtp_use_tls, smtp_enforce_tls) + * smtpd_tls_security_level (obsoletes smtpd_use_tls, smtpd_enforce_tls) +- rebase/refresh patches + * harden_postfix.service.patch + * postfix-avoid-infinit-loop-if-no-permission.patch + * postfix-master.cf.patch + * postfix-vda-v14-3.0.3.patch + * set-default-db-type.patch + +------------------------------------------------------------------- +Mon May 2 07:27:19 UTC 2022 - Dominique Leuenberger + +- Change ed requires to /usr/bin/ed: allow busybox-ed to be used + inside containers. + +------------------------------------------------------------------- +Mon Apr 25 13:59:17 UTC 2022 - Marcus Rueckert + +- add missing requires for config.postfix and the postfix + postinstall script: perl and ed + +------------------------------------------------------------------- +Mon Apr 18 19:59:01 UTC 2022 - Michael Ströder + +- update to 3.6.6 + * (problem introduced: Postfix 2.7) The milter_header_checks maps + are now opened before the cleanup(8) server enters the chroot + jail. + * In an internal client module, "host or service not found" was + a fatal error, causing the milter_default_action setting to be + ignored. It is now a non-fatal error, just like a failure to + connect. + * The proxy_read_maps default value was missing up to 27 parameter + names. The corresponding lookup tables were not automatically + authorized for use with the proxymap(8) service. The parameter + names were ending in _checks, _reply_footer, _reply_filter, + _command_filter, and _delivery_status_filter. + * (problem introduced: Postfix 3.0) With dynamic map loading + enabled, an attempt to create a map with "postmap regexp:path" + would result in a bogus error message "Is the postfix-regexp + package installed?" instead of "unsupported map type for this + operation". This happened with all non-dynamic map types (static, + cidr, etc.) that have no 'bulk create' support. + +------------------------------------------------------------------- +Mon Apr 4 09:01:56 UTC 2022 - Peter Varkoly + +- config.postfix fails to set smtp_tls_security_level + (bsc#1192314) + +------------------------------------------------------------------- +Tue Mar 29 10:12:29 UTC 2022 - Илья Индиго + +- Refreshed spec-file via spec-cleaner and manual optimizated. + * Added -p flag to all install commands. + * Removed -f flag from all ln commands. +- Changed file harden_postfix.service.patch (boo#1191988). + +------------------------------------------------------------------- +Fri Mar 18 20:29:34 UTC 2022 - Michael Ströder + +- update to 3.6.5 + * Glibc 2.34 implements closefrom(). This was causing a conflict + with Postfix's implementation for systems that have no closefrom() + implementation. + * Support for Berkeley DB version 18. +- removed obsolete postfix-3.6.2-glibc-234-build-fix.patch + +------------------------------------------------------------------- +Mon Mar 14 09:52:48 UTC 2022 - Peter Varkoly + +- Postfix on start don't run postalias /etc/postfix/aliases + (error open database /etc/postfix/aliases.lmdb). (bsc#1197041) + Apply proposed patch + +------------------------------------------------------------------- +Wed Feb 9 09:22:41 UTC 2022 - Peter Varkoly + +- config.postfix can't handle symlink'd /etc/resolv.cof + (bsc#1195019) + Adapt proposed change: using "cp -afL" by copying. + +------------------------------------------------------------------- +Tue Jan 18 23:32:41 UTC 2022 - Michael Ströder + +- Update to 3.6.4 + * Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient + entries in postconf output. This was caused by an incomplete + fix to send SMTP session transcripts to $bounce_notice_recipient. + * Bug introduced in Postfix 3.0: the proxymap daemon did not + automatically authorize proxied maps inside pipemap (example: + pipemap:{proxy:maptype:mapname, ...}) or inside unionmap. + * Bug introduced in Postfix 2.5: off-by-one error while writing + a string terminator. This code passed all memory corruption + tests, presumably because it wrote over an alignment padding + byte, or over an adjacent character byte that was never read. + * The proxymap daemon did not automatically authorize map features + added after Postfix 3.3, caused by missing *_maps parameter + names in the proxy_read_maps default value. Found during code + maintenance. + +------------------------------------------------------------------- +Mon Nov 8 10:26:56 UTC 2021 - Michael Ströder + +- Update to 3.6.3 + * (problem introduced in Postfix 2.4, released in 2007): queue + file corruption after a Milter (for example, MIMEDefang) made + a request to replace the message body with a copy of that message + body plus additional text (for example, a SpamAssassin report). + * (problem introduced in Postfix 2.10, released in 2012): The + postconf "-x" option could produce incorrect output, because + multiple functions were implicitly sharing a buffer for + intermediate results. Problem report by raf, root cause analysis + by Viktor Dukhovni. + * (problem introduced in Postfix 2.11, released in 2013): The + check_ccert_access feature worked as expected, but produced a + spurious warning when Postfix was built without SASL support. + Fix by Brad Barden. + * Fix for a compiler warning due to a missing 'const' qualifier + when compiling Postfix with OpenSSL 3. Depending on compiler + settings this could cause the build to fail. + * The known_tcp_ports settings had no effect. It also wasn't fully + implemented. Problem report by Peter. + * Fix for missing space between a hostname and warning text. + +------------------------------------------------------------------- +Fri Oct 22 09:45:40 UTC 2021 - Dirk Stoecker + +- Ensure postfix can write to home directory or server side + filtering wont work (sieve) + +------------------------------------------------------------------- +Fri Oct 22 08:46:19 UTC 2021 - Johannes Segitz + +- Ensure service can write to /etc/postfix + +------------------------------------------------------------------- +Thu Oct 21 15:39:55 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service (bsc#1181400). Added + harden_postfix.service.patch + +------------------------------------------------------------------- +Thu Oct 7 08:03:40 UTC 2021 - Peter Varkoly + +- config.postfix not updatet after lmdb switch + (bsc#1190945) + Adapt config.postfix + +------------------------------------------------------------------- +Thu Aug 26 13:59:42 UTC 2021 - Peter Varkoly + +- postfix master.cf: to include "submissions" service + (bsc#1189684) + Adapt master.cf patch + +------------------------------------------------------------------- +Tue Aug 24 09:55:42 UTC 2021 - Peter Varkoly + +- postfix fails with glibc 2.34 + Define HAS_CLOSEFROM + (bsc#1189101) + add patch + - postfix-3.6.2-glibc-234-build-fix.patch + +------------------------------------------------------------------- +Thu Aug 5 19:09:36 UTC 2021 - chris@computersalat.de + +- fix config.postfix (follow up of bsc#1188477) + +------------------------------------------------------------------- +Mon Jul 26 19:59:12 UTC 2021 - Peter Varkoly + +- Syntax error in config.postfix + (bsc#1188477) + +------------------------------------------------------------------- +Sun Jul 25 23:22:23 UTC 2021 - Michael Ströder + +- Update to 3.6.2 + * In Postfix 3.6, fixed a false "Result too large" (ERANGE) fatal + error in the compatibility_level parser, because there was no + 'errno = 0' statement before an strtol() call. + * (problem introduced in Postfix 3.3) "Null pointer read" error + in the cleanup daemon when "header_from_format = standard" (the + default as of Postfix 3.3), and email was submitted with + /usr/sbin/sendmail without From: header, and an all-space full + name was specified in 1) the password file, 2) with "sendmail + -F", or 3) with the NAME environment variable. Found by Renaud + Metrich. + * (problem introduced in Postfix 2.4) False "too many reverse + jump" warnings in the showq daemon, because loop detection code + was comparing memory addresses instead of queue file names. + Reported by Mehmet Avcioglu. + * (problem introduced in 1999) The Postfix SMTP server was sending + all session transcripts to the error_notice_recipient (default: + postmaster), instead of sending transcripts of bounced mail to + the bounce_notice_recipient (default: postmaster). Reported by + Hans van Zijst. + * The texthash: map implementation broke tls_server_sni_maps, + because it did not support multi-file inputs. Reported by + Christopher Gurnee, who also found an instance of the missing + code in the "postmap -F" source code. File: util/dict_thash.c. + +------------------------------------------------------------------- +Wed Jul 14 14:37:24 UTC 2021 - Peter Varkoly + +- spamd wants to start before mail-transfer-agent.target, but that target doesn't exist + (bsc#1066854) + +------------------------------------------------------------------- +Tue Jul 6 22:23:17 UTC 2021 - Christian Wittmer + +- postfix-SUSE + * rework sysconfig.postfix, add + - POSTFIX_WITH_DKIM + - POSTFIX_DKIM_CONN + * rework config.postfix for main.cf + - with_dkim +- update postfix-main.cf.patch + * add OpenDKIM settings + +------------------------------------------------------------------- +Wed Jun 23 22:28:52 UTC 2021 - Christian Wittmer + +- postfix-mysql + * add mysql_relay_recipient_maps.cf +- postfix-SUSE + * rework sysconfig.postfix, add + - POSTFIX_RELAY_RECIPIENTS + - POSTFIX_BACKUPMX + * add relay_recipients + * rework config.postfix for main.cf + - is_backupmx + - relay_recipient_maps + +------------------------------------------------------------------- +Fri Jun 18 17:11:05 UTC 2021 - Callum Farmer + +- Add now working CONFIG parameter to sysusers generator +- Remove unnecessary group line from postfix-vmail-user.conf + +------------------------------------------------------------------- +Mon Jun 14 15:46:54 UTC 2021 - Michael Ströder + +- Update to 3.6.1 + * Bugfix (introduced: Postfix 2.11): the command "postmap + lmdb:/file/name" (create LMDB database from textfile) handled + duplicate input keys ungracefully, discarding entries stored + up to and including the duplicate key, and causing a double + free() call with lmdb versions 0.9.17 and later. Reported by + Adi Prasaja; double free() root cause analysis by Howard Chu. + * Typo (introduced: Postfix 3.4): silent_discard should be + silent-discard in BDAT_README. + +------------------------------------------------------------------- +Sun Jun 6 12:51:35 UTC 2021 - Christian Wittmer + +- fix postfix-master.cf.patch + * set correct indentation (again) for options of + - submission (needs 3 spaces) + - smtps (needs 4 spaces) + to make config.postfix work nicely again + +------------------------------------------------------------------- +Wed Jun 2 00:26:36 UTC 2021 - Marcus Rueckert + +- Update to 3.6.0 + - Major changes - internal protocol identification + Internal protocols have changed. You need to "postfix stop" + before updating, or before backing out to an earlier release, + otherwise long-running daemons (pickup, qmgr, verify, tlsproxy, + postscreen) may fail to communicate with the rest of Postfix, + causing mail delivery delays until Postfix is restarted. + For more see /usr/share/doc/packages/postfix/RELEASE_NOTES +- refreshed patches to apply cleanly again: + fix-postfix-script.patch + ipv6_disabled.patch + pointer_to_literals.patch + postfix-linux45.patch + postfix-main.cf.patch + postfix-master.cf.patch + postfix-no-md5.patch + postfix-ssl-release-buffers.patch + postfix-vda-v14-3.0.3.patch + set-default-db-type.patch + +------------------------------------------------------------------- +Tue Jun 1 10:47:29 UTC 2021 - Peter Varkoly + +- (bsc#1186669) - postfix.service has "Requires=var-run.mount" + Remove bad requirements + +------------------------------------------------------------------- +Mon Apr 12 09:00:22 UTC 2021 - Michael Ströder + +- Update to 3.5.10 with security fixes: + * Missing null pointer checks (introduced in Postfix 3.4) after + an internal I/O error during the smtp(8) to tlsproxy(8) handshake. + Found by Coverity, reported by Jaroslav Skarvada. Based on a + fix by Viktor Dukhovni. + * Null pointer bug (introduced in Postfix 3.0) and memory leak + (introduced in Postfix 3.4) after an inline: table syntax error + in main.cf or master.cf. Found by Coverity, reported by Jaroslav + Skarvada. Based on a fix by Viktor Dukhovni. + * Incomplete null pointer check (introduced: Postfix 2.10) after + truncated HaProxy version 1 handshake message. Found by Coverity, + reported by Jaroslav Skarvada. Fix by Viktor Dukhovni. + * Missing null pointer check (introduced: Postfix alpha) after + null argv[0] value. + +------------------------------------------------------------------- +Wed Mar 10 15:12:11 UTC 2021 - Peter Varkoly + +- (bsc#1183305) - config.postfix uses db as suffix for postmaps + Depending on DEF_DB_TYPE uses lmdb or db + +------------------------------------------------------------------- +Fri Mar 5 13:22:42 UTC 2021 - Peter Varkoly + +- (bsc#1182833) - /usr/share/fillup-templates/sysconfig.postfix + still refers to /etc/services + Use getent to detect if smtps is already defined. + +------------------------------------------------------------------- +Fri Feb 5 17:51:49 UTC 2021 - Peter Varkoly + +- (bsc#1180473) [Build 20201230] postfix has invalid default config + (bsc#1181381) [Build 130.3] openQA test fails in mta, mutt - + postfix broken: "queue file write error" and "error: unsupported + dictionary type: hash" + Export DEF_DB_TYPE before starting the perl script. + +------------------------------------------------------------------- +Wed Jan 27 15:14:50 UTC 2021 - Peter Varkoly + +- bsc#1180473 - [Build 20201230] postfix has invalid default config + Fixing config.postfix and sysconfig.postfix + +------------------------------------------------------------------- +Mon Jan 25 10:28:26 UTC 2021 - Paolo Stivanin + +- Update to 3.5.9 + * improves the reporting of DNSSEC problems that may affect + DANE security + +------------------------------------------------------------------- +Thu Jan 7 12:26:08 UTC 2021 - Arjen de Korte + +- Only do the conversion from the hash/btree databases to lmdb when + the default database type changes from hash to lmdb and do not + stop and start the service (the old compiled databases can live + together with the new ones) + - convert-bdb-to-lmdb.sh +- Clean up the specfile + * Remove < 1330 conditional builds + * Use generated postfix-files instead of the obsolete one from + postfix-SUSE.tar.gz + * Use dynamicmaps.cf.d instead of modifying dynamicmaps.cf upon + (de)installation of optional mysql, pgsql and ldap subpackages + * Use default location for post-install, postfix-tls-script, + postfix-wrapper and postmulti-script + +------------------------------------------------------------------- +Mon Jan 4 12:17:03 UTC 2021 - Peter Varkoly + +- Set lmdb to be the default db. +- Convert btree tables to lmdb too. Stop postfix before converting from + bdb to lmdb +- This package is without bdb support. That's why convert must be done + without any suse release condition. + o remove patch postfix-no-btree.patch + o add set-default-db-type.patch + +------------------------------------------------------------------- +Fri Dec 25 20:32:04 UTC 2020 - Arjen de Korte + +- Set database type for address_verify_map and postscreen_cache_map + to lmdb (btree requires Berkeley DB) + o add postfix-no-btree.patch + +------------------------------------------------------------------- +Fri Dec 25 10:28:30 UTC 2020 - Arjen de Korte + +- Set default database type to lmdb and fix update_postmaps script + +------------------------------------------------------------------- +Thu Dec 24 14:09:32 UTC 2020 - Arjen de Korte + +- Use variable substition instead of sed to remove .db suffix and + substitute hash: for lmdb: in /etc/postfix/master.cf as well. + Check before substitution if there is something to do (to keep + rpmcheck happy). + +------------------------------------------------------------------- +Tue Dec 8 13:36:35 UTC 2020 - Peter Varkoly + +- bsc#1176650 L3: What is regularly triggering the "fillup" + command and changing modify-time of /etc/sysconfig/postfix? + o Remove miss placed fillup_only call from %verifyscript + +------------------------------------------------------------------- +Thu Nov 26 15:30:10 UTC 2020 - Peter Varkoly + +- Remove Berkeley DB dependency (JIRA#SLE-12191) + The pacakges postfix is build without Berkely DB support. + lmdb will be used instead of BDB. + The pacakges postfix-bdb is build with Berkely DB support. + o add patch for main.cf for postfix-bdb package + postfix-bdb-main.cf.patch + +------------------------------------------------------------------- +Sun Nov 8 20:59:23 UTC 2020 - Michael Ströder + +- Update to 3.5.8 + * The Postfix SMTP client inserted into message headers longer + than $line_length_limit (default: 2048), causing all subsequent header + content to become message body content. + * The postscreen daemon did not save a copy of the + postscreen_dnsbl_reply_map lookup result. This has no effect when the + recommended texthash: look table is used, but it could result in stale + data with other lookup tables. + * After deleting a recipient with a Milter, the Postfix recipient + duplicate filter was not updated; the filter suppressed requests + to add the recipient back. + * Memory leak: the static: maps did not free their casefolding buffer. + * With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a + TLS handshake, after processing an XCLIENT command. + * The smtp_sasl_mechanism_filter implementation ignored table lookup + errors, treating them as 'not found'. + * The code that looks for Delivered-To: headers ignored headers longer + than $line_length_limit (default: 2048). + +------------------------------------------------------------------- +Mon Aug 31 13:38:04 UTC 2020 - Michael Ströder + +- Update to 3.5.7 + * Fixed random certificate verification failures with + "smtp_tls_connection_reuse = yes", because tlsproxy(8) was using + the wrong global TLS context for connections that use DANE or + non-DANE trust anchors. + +------------------------------------------------------------------- +Tue Aug 25 13:54:40 UTC 2020 - Thorsten Kukuk + +- Move ldap into an own sub-package like all other databases +- Move manual pages to correct sub-package + +------------------------------------------------------------------- +Fri Aug 21 08:44:22 UTC 2020 - Thorsten Kukuk + +- Use sysusers.d to create system accounts +- Remove wrong %config for systemd directory content + +------------------------------------------------------------------- +Sun Aug 9 06:55:01 UTC 2020 - Arjen de Korte + +- Use the correct signature file for source verification +- Rename postfix-3.5.6.tar.gz.sig to postfix-3.5.6.tar.gz.asc (to + prevent confusion, as the signature file from upstream with .sig + extension is incompatible with the build service) + +------------------------------------------------------------------- +Sun Jul 26 21:22:39 UTC 2020 - Michael Ströder + +- Update to 3.5.6 with following fixes: + * Workaround for unexpected TLS interoperability problems when Postfix + runs on OS distributions with system-wide OpenSSL configurations. + * Memory leaks in the Postfix TLS library, the largest one + involving multiple kBytes per peer certificate. + +------------------------------------------------------------------- +Thu Jul 16 20:42:19 UTC 2020 - Arjen de Korte + +- Add source verification (add postfix.keyring) + +------------------------------------------------------------------- +Fri Jul 3 14:06:53 UTC 2020 - Thorsten Kukuk + +- Use systemd_ordering instead of systemd_require. +- Move /etc/postfix/system to /usr/lib/postfix/systemd [bsc#1173688] +- Drop /var/adm/SuSEconfig from %post, it does nothing. +- Rename postfix-SuSE to postfix-SUSE +- Delete postfix-SUSE/README.SuSE, company name spelled wrong, + completly outdated and not used. +- Delete postfix-SUSE/SPAMASSASSIN+POSTFIX.SuSE, company name + spelled wrong, outdated and not used. +- sysconfig.mail-postfix: Fix description of MAIL_CREATE_CONFIG, + SuSEconfig is gone since ages. +- update_chroot.systemd: Remove advice to run SuSEconfig. +- Remove rc.postfix, not used, outdated. +- mkpostfixcert: Remove advice to run SuSEconfig. + +------------------------------------------------------------------- +Mon Jun 29 18:44:13 UTC 2020 - Michael Ströder + +- Update to 3.5.4: + * The connection_reuse attribute in smtp_tls_policy_maps always + resulted in an "invalid attribute name" error. + * SMTP over TLS connection reuse always failed for Postfix SMTP + client configurations that specify explicit trust anchors (remote + SMTP server certificates or public keys). + * The Postfix SMTP client's DANE implementation would always send + an SNI option with the name in a destination's MX record, even + if the MX record pointed to a CNAME record. MX records that + point to CNAME records are not conformant with RFC5321, and so + are rare. + Based on the DANE survey of ~2 million hosts it was found that + with the corrected SMTP client behavior, sending SNI with the + CNAME-expanded name, the SMTP server would not send a different + certificate. This fix should therefore be safe. + +------------------------------------------------------------------- +Mon Jun 15 16:09:57 UTC 2020 - Michael Ströder + +- Update to 3.5.3: + * TLS handshake failure in the Postfix SMTP server during SNI + processing, after the server-side TLS engine sent a TLSv1.3 + HelloRetryRequest (HRR) to a remote SMTP client. + * The command "postfix tls deploy-server-cert" did not handle a + missing optional argument. This bug was introduced in Postfix + 3.1. + +------------------------------------------------------------------- +Sun May 17 19:57:57 UTC 2020 - Michael Ströder + +- Update to 3.5.2: + * A TLS error for a database client caused a false 'lost connection' + error for an SMTP over TLS session in the same Postfix process. + This bug was introduced with Postfix 2.2. + * The same bug existed in the tlsproxy(8) daemon, where a TLS + error for one TLS session could cause a false 'lost connection' + error for a concurrent TLS session in the same process. This + bug was introduced with Postfix 2.8. + * The Postfix build now disables DANE support on Linux systems + with libc-musl such as Alpine, because libc-musl provides no + indication whether DNS responses are authentic. This broke DANE + support without a clear explanation. + * Due to implementation changes in the ICU library, some Postfix + daemons reported file access errrors (U_FILE_ACCESS_ERROR) after + chroot(). This was fixed by initializing the ICU library before + making the chroot() call. + * Minor code changes to silence a compiler that special-cases + string literals. + * Segfault (null pointer) in the tlsproxy(8) client role when the + server role was disabled. This typically happened on systems + that do not receive mail, after configuring connection reuse + for outbound SMTP over TLS. + * The date portion of the maillog_file_rotate_suffix default value + used the minute (%M) instead of the month (%m). + +------------------------------------------------------------------- +Mon May 11 20:07:40 UTC 2020 - Arjen de Korte + +- boo#1106004 fix incorrect locations for files in postfix-files + +------------------------------------------------------------------- +Sun Apr 19 10:22:12 UTC 2020 - Michael Ströder + +- Dropped deprecated-RES_INSECURE1.patch to make DNSSEC-secured + lookups and DANE mail transport work again +- Update to 3.5.1: + * Support for the haproxy v2 protocol. The Postfix implementation + supports TCP over IPv4 and IPv6, as well as non-proxied + connections; the latter are typically used for heartbeat tests. + * Support to force-expire email messages. This introduces new + postsuper(1) command-line options to request expiration, and + additional information in mailq(1) or postqueue(1) output. + * The Postfix SMTP and LMTP client support a list of nexthop + destinations separated by comma or whitespace. These destinations + will be tried in the specified order. + * Incompatible changes: + * Logging: Postfix daemon processes now log the from= and to= + addresses in external (quoted) form in non-debug logging (info, + warning, etc.). This means that when an address localpart + contains spaces or other special characters, the localpart will + be quoted, for example: + from=<"name with spaces"@example.com> + Specify "info_log_address_format = internal" for backwards compatibility. + * Postfix now normalizes IP addresses received with XCLIENT, + XFORWARD, or with the HaProxy protocol, for consistency with + direct connections to Postfix. This may change the appearance + of logging, and the way that check_client_access will match + subnets of an IPv6 address. + +------------------------------------------------------------------- +Fri Mar 13 14:29:32 UTC 2020 - Michael Ströder + +- Update to 3.4.10: + * Bug (introduced: Postfix 2.3): Postfix Milter client state + was not properly reset after one Milter in a multi-Milter + configuration failed during MAIL FROM, resulting in a Postfix + Milter client panic during the next MAIL FROM command in the + same SMTP session. + +------------------------------------------------------------------- +Fri Feb 7 17:07:39 UTC 2020 - Peter Varkoly + +- bsc#1162891 server:mail/postfix: cond_slp bug on TW after + moving /etc/services to /usr/etc/services + +------------------------------------------------------------------- +Wed Feb 5 12:27:07 UTC 2020 - Peter Varkoly + +- bsc#1160413 postfix fails with -fno-common + +------------------------------------------------------------------- +Mon Feb 3 12:31:48 UTC 2020 - Michael Ströder + +- Update to 3.4.9: + * Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were + broken while adding support for negative DNS response caching + in postscreen. Postfix was inadvertently changed to call + res_query() instead of res_search(). + * Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro + overrides from a Milter application. Postfix now evaluates the + Milter macros for an SMTP CONNECT event after the Postfix-to-Milter + connection is negotiated. + * Bug (introduced: Postfix 3.0): sanitize (remote) server responses + before storing them in the verify database, to avoid Postfix + warnings about malformed UTF8. Found during code maintenance. + +------------------------------------------------------------------- +Wed Nov 27 19:55:30 UTC 2019 - Michael Ströder + +- Update to 3.4.8: + * Fix for an Exim interoperability problem when postscreen after-220 + checks are enabled. Bug introduced in Postfix 3.4: the code + that detected "PIPELINING after BDAT" looked at the wrong + variable. The warning now says "BDAT without valid RCPT", and + the error is no longer treated as a command PIPELINING error, + thus allowing mail to be delivered. Meanwhile, Exim has been + fixed to stop sending BDAT commands when postscreen rejects all + RCPT commands. + * Usability bug, introduced in Postfix 3.4: the parser for + key/certificate chain files rejected inputs that contain an EC + PARAMETERS object. While this is technically correct (the + documentation says what types are allowed) this is surprising + behavior because the legacy cert/key parameters will accept + such inputs. For now, the parser skips object types that it + does not know about for usability, and logs a warning because + ignoring inputs is not kosher. + * Bug introduced in Postfix 2.8: don't gratuitously enable all + after-220 tests when only one such test is enabled. This made + selective tests impossible with 'good' clients. This will be + fixed in older Postfix versions at some later time. + +------------------------------------------------------------------- +Tue Sep 24 07:59:04 UTC 2019 - Martin Liška + +- Backport deprecated-RES_INSECURE1.patch in order to fix + boo#1149705. + +------------------------------------------------------------------- +Sun Sep 22 16:45:39 UTC 2019 - Michael Ströder + +- Update to 3.4.7: + * Robustness: the tlsproxy(8) daemon could go into a loop, logging + a flood of error messages. Problem reported by Andreas Schulze + after enabling SMTP/TLS connection reuse. + * Workaround: OpenSSL changed an SSL_Shutdown() non-error result + value into an error result value, causing logfile noise. + * Configuration: the new 'TLS fast shutdown' parameter name was + implemented incorrectly. The documentation said + "tls_fast_shutdown_enable", but the code said "tls_fast_shutdown". + This was fixed by changing the code, because no-one is expected + to override the default. + * Performance: workaround for poor TCP loopback performance on + LINUX, where getsockopt(..., TCP_MAXSEG, ...) reports a bogus + TCP maximal segment size that is 1/2 to 1/3 of the real MSS. + To avoid client-side Nagle delays or server-side delayed ACKs + caused by multiple smaller-than-MSS writes, Postfix chooses a + VSTREAM buffer size that is a small multiple of the reported + bogus MSS. This workaround increases the multiplier from 2x to + 4x. + * Robustness: the Postfix Dovecot client could segfault (null + pointer read) or cause an SMTP server assertion to fail when + talking to a fake Dovecot server. The Postfix Dovecot client + now logs a proper error instead. + +------------------------------------------------------------------- +Thu Sep 19 06:20:48 UTC 2019 - Peter Varkoly + +- bsc#1120757 L3: File Permissions->Paranoid can cause a system hang + Break loop if postfix has no permission in spool directory. + - add postfix-avoid-infinit-loop-if-no-permission.patch + +------------------------------------------------------------------- +Fri Aug 9 14:50:12 UTC 2019 - chris@computersalat.de + +- fix for boo#1144946 + mydestination - missing default localhost + * update config.postfix + +------------------------------------------------------------------- +Fri Jul 26 08:26:07 UTC 2019 - Peter Varkoly + +- bsc#1142881 - mkpostfixcert from Postfix still uses md + +------------------------------------------------------------------- +Thu Jul 25 12:38:43 UTC 2019 - matthias.gerstner@suse.com + +- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by + firewalld, see [1]. + + [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html + +------------------------------------------------------------------- +Sun Jul 21 23:54:34 UTC 2019 - chris@computersalat.de + +- update example POSTFIX_BASIC_SPAM_PREVENTION: permit_mynetworks for + * POSTFIX_SMTPD_HELO_RESTRICTIONS + * POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS +- fix for: Can't connect to local MySQL server through socket + '/run/mysql/mysql.sock' + * update config.postfix + * update update_chroot.systemd + +------------------------------------------------------------------- +Wed Jul 3 08:43:58 UTC 2019 - Michael Ströder + +- Update to 3.4.6: + * Workaround for implementations that hang Postfix while shutting + down a TLS session, until Postfix times out. With + "tls_fast_shutdown_enable = yes" (the default), Postfix no + longer waits for the TLS peer to respond to a TLS 'close' + request. This is recommended with TLSv1.0 and later. + * Fixed a too-strict censoring filter that broke multiline Milter + responses for header/body events. Problem report by Andreas + Thienemann. + * The code to reset Postfix SMTP server command counts was not + called after a HaProxy handshake failure, causing stale numbers + to be reported. Problem report by Joseph Ward. + * postconf(5) documentation: tlsext_padding is not a tls_ssl_options + feature. + * smtp(8) documentation: updated the BUGS section text about + Postfix support to reuse open TLS connections. + * Portability: added "#undef sun" to util/unix_dgram_connect.c. + +------------------------------------------------------------------- +Wed Jun 26 13:52:30 UTC 2019 - Peter Varkoly + +- Ensure that postfix is member of all groups as before. + +------------------------------------------------------------------- +Wed Jun 12 14:30:34 UTC 2019 - Dominique Leuenberger + +- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to + shortcut the build queues by allowing usage of systemd-mini + +------------------------------------------------------------------- +Thu Jun 6 09:29:34 UTC 2019 - Tomáš Chvátal + +- Drop the omc config fate#301838: + * it is obsolete since SLE11 + +------------------------------------------------------------------- +Wed May 8 09:27:51 UTC 2019 - Peter Varkoly + +- bsc#1104543 config.postfix does not start tlsmgr in master.cf + when using POSTFIX_SMTP_TLS_CLIENT="must". Applyed the proposed + patch. + +------------------------------------------------------------------- +Sun Mar 31 09:08:58 UTC 2019 - Michael Ströder + +- Update to 3.4.5: + Bugfix (introduced: Postfix 3.0): LMTP connections over + UNIX-domain sockets were cached but not reused, due to a + cache lookup key mismatch. Therefore, idle cached connections + could exhaust LMTP server resources, resulting in two-second + pauses between email deliveries. This problem was investigated + by Juliana Rodrigueiro. File: smtp/smtp_connect.c. + +------------------------------------------------------------------- +Mon Mar 18 09:56:11 UTC 2019 - Peter Varkoly + +- Update to 3.4.4 + + o Incompatible changes + - The Postfix SMTP server announces CHUNKING (BDAT + command) by default. In the unlikely case that this breaks some + important remote SMTP client, disable the feature as follows: + + /etc/postfix/main.cf: + # The logging alternative: + smtpd_discard_ehlo_keywords = chunking + # The non-logging alternative: + smtpd_discard_ehlo_keywords = chunking, silent_discard + - This introduces a new master.cf service 'postlog' + with type 'unix-dgram' that is used by the new postlogd(8) daemon. + Before backing out to an older Postfix version, edit the master.cf + file and remove the postlog entry. + - Postfix 3.4 drops support for OpenSSL 1.0.1 + - To avoid performance loss under load, the + tlsproxy(8) daemon now requires a zero process limit in master.cf + (this setting is provided with the default master.cf file). By + default, a tlsproxy(8) process will retire after several hours. + - To set the tlsproxy process limit to zero: + postconf -F tlsproxy/unix/process_limit=0 + postfix reload + o Major changes + - Postfix SMTP server support for RFC 3030 CHUNKING + (the BDAT command) without BINARYMIME, in both smtpd(8) and + postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions, + and smtpd_proxy_filter. See BDAT_README for more. + - Support for logging to file or stdout, instead of using syslog. + - Logging to file solves a usability problem for MacOS, and + eliminates multiple problems with systemd-based systems. + - Logging to stdout is useful when Postfix runs in a container, as + it eliminates a syslogd dependency. + - Better handling of undocumented(!) Linux behavior + whether or not signals are delivered to a PID=1 process. + - Support for (key, list of filenames) in map source text. + Currently, this feature is used only by tls_server_sni_maps. + - Automatic retirement: dnsblog(8) and tlsproxy(8) process + will now voluntarily retire after after max_idle*max_use, or some + sane limit if either limit is disabled. Without this, a process + could stay busy for days or more. + - Postfix SMTP client support for multiple deliveries + per TLS-encrypted connection. This is primarily to improve mail + delivery performance for destinations that throttle clients when + they don't combine deliveries. + This feature is enabled with "smtp_tls_connection_reuse=yes" in + main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps. + It supports all Postfix TLS security levels including dane and + dane-only. + - SNI support in the Postfix SMTP server, the + Postfix SMTP client, and in the tlsproxy(8) daemon (both server and + client roles). See the postconf(5) documentation for the new + tls_server_sni_maps and smtp_tls_servername parameters. + - Support for files that contain multiple (key, certificate, trust chain) + instances. This was required to implement + server-side SNI table lookups, but it also eliminates the need for + separate cert/key files for RSA, DSA, Elliptic Curve, and so on. + - Support for smtpd_reject_footer_maps (as well as the postscreen + variant postscreen_reject_footer_maps) for more informative reject + messages. This is indexed with the Postfix SMTP server response + text, and overrides the footer specified with smtpd_reject_footer. + One will want to use a pcre: or regexp: map with this. + o Bugfixes + - Andreas Schulze discovered that reject_multi_recipient_bounce + was producing false rejects with BDAT commands. This problem + already existed with Postfix 2.2 smtpd_end_of_data_restrictons. + Postfix 3.4.4 fixes both. + +------------------------------------------------------------------- +Tue Mar 5 13:21:35 UTC 2019 - Jiri Slaby + +- postfix-linux45.patch: support also newer kernels -- pretend + we are still at kernel 3. Note that there are no conditionals for + LINUX3 or LINUX4. And LINUX5 was generated, but not tested in the + code which caused build failures. + +------------------------------------------------------------------- +Mon Mar 4 14:43:05 UTC 2019 - Marcus Rueckert + +- skip set -x and fix version update changes entry + +------------------------------------------------------------------- +Sat Mar 2 19:26:21 UTC 2019 - Michael Ströder + +- Update to 3.3.3 + * When the master daemon runs with PID=1 (init mode), it will now + reap child processes from non-Postfix code running in the same + container, instead of terminating with a panic. + * Bugfix (introduced: postfix-2.11): with posttls-finger, + connections to unix-domain servers always resulted in "Failed + to establish session" even after a connection was established. + Jaroslav Skarva. File: posttls-finger/posttls-finger.c. + * Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes, + table lookups could casefold the search string when searching + a lookup table that does not use fixed-string keys (regexp, + pcre, tcp, etc.). Historically, Postfix would not case-fold + the search string with such tables. File: util/dict_utf8.c. + +------------------------------------------------------------------- +Fri Mar 1 16:23:13 UTC 2019 - Reinhard Max + +- PostrgeSQL's pg_config is meant for linking server extensions, + use libpq's pkg-config instead, if available. + This is needed to fix build with PostgreSQL 11. + +------------------------------------------------------------------- +Thu Feb 7 18:22:14 UTC 2019 - chris@computersalat.de + +- rework config.postfix + * disable commenting of smtpd_sasl_path/smtpd_sasl_type + no need to comment, cause it is set to default anyway + and 'uncommenting' would place it at end of file then + which is not wanted + +------------------------------------------------------------------- +Sat Jan 26 19:28:02 UTC 2019 - chris@computersalat.de + +- rework postfix-main.cf.patch + * disable virtual_alias_domains cause (default: $virtual_alias_maps) +- rework config.postfix + * disable PCONF of virtual_alias_domains + virtual_alias_maps will be set anyway to the correct value + * extend virtual_alias_maps with + - mysql_virtual_alias_domain_maps.cf + - mysql_virtual_alias_domain_catchall_maps.cf +- rework postfix-mysql, added + * mysql_virtual_alias_domain_maps.cf + * mysql_virtual_alias_domain_catchall_maps.cf + needed for reject_unverified_recipient + +------------------------------------------------------------------- +Thu Dec 13 10:20:31 UTC 2018 - malte.kraus@suse.com + +- binary hardening: link with full RELRO + +------------------------------------------------------------------- +Sun Nov 25 10:18:07 UTC 2018 - Michael Ströder + +- Update to 3.3.2 + * Support for OpenSSL 1.1.1 and TLSv1.3. + * Bugfixes: + - smtpd_discard_ehlo_keywords could not disable "SMTPUTF8", because + some lookup table was using "EHLO_MASK_SMTPUTF8" instead. + - minor memory leak in DANE support when minting issuer certs. + - The Postfix build did not abort if the m4 command was not installed, + resulting in a broken postconf command. + +------------------------------------------------------------------- +Sat Nov 24 17:08:30 UTC 2018 - chris@computersalat.de + +- add POSTFIX_RELAY_DOMAINS + * more flexibility to add to relay_domains without breaking + config.postfix + * rework restriction examples in sysconf.postfix + based on postfix-buch.com (2. edtion by Hildebrandt, Koetter) +- disable weak cipher: RC4 + after check with https://ssl-tools.net/mailservers + +------------------------------------------------------------------- +Mon Oct 22 13:00:03 UTC 2018 - chris@computersalat.de + +- update config.postfix + * don't reject mail from authenticated users even if + reject_unknown_client_hostname would match, + add permit_sasl_authenticated to all restrictions + requires smtpd_delay_reject = yes +- update postfix-main.cf.patch + * recover removed setting smtpd_sasl_path and smtpd_sasl_type, + set to default value + config.postfix will not 'enable' (remove #) var, but place + modified (enabled) var at end of file, far away from place + where it should be +- rebase patches + * fix-postfix-script.patch + * postfix-vda-v14-3.0.3.patch + * postfix-linux45.patch + * postfix-master.cf.patch + * pointer_to_literals.patch + * postfix-no-md5.patch + +------------------------------------------------------------------- +Thu Oct 4 12:51:32 UTC 2018 - varkoly@suse.com + +- bsc#1092939 - Postfixes postconf gives a lot of LDAP related warnings + o add m4 as buildrequires, as proposed. + +------------------------------------------------------------------- +Mon Aug 27 09:38:29 UTC 2018 - tchvatal@suse.com + +- Add zlib-devel as buildrequires, previously included from + openssl-devel + +------------------------------------------------------------------- +Fri May 25 11:19:22 UTC 2018 - varkoly@suse.com + +- bsc#1087471 Unreleased Postfix update breaks SUSE Manager + o Removing setting smtpd_sasl_path and smtpd_sasl_type to empty + +------------------------------------------------------------------- +Mon May 21 16:31:57 UTC 2018 - michael@stroeder.com + +- Update to 3.3.1 + * Postfix did not support running as a PID=1 process, which + complicated Postfix deployment in containers. The "postfix + start-fg" command will now run the Postfix master daemon as a + PID=1 process if possible. Thanks for inputs from Andreas + Schulze, Eray Aslan, and Viktor Dukhovni. + * Segfault in the postconf(1) command after it could not open a + Postfix database configuration file due to a file permission + error (dereferencing a null pointer). Reported by Andreas + Hasenack, fixed by Viktor Dukhovni. + * The luser_relay feature became a black hole, when the luser_relay + parameter was set to a non-existent local address (i.e. mail + disappeared silently). Reported by J?rgen Thomsen. + * Missing error propagation in the tlsproxy(8) daemon could result + in a segfault after TLS handshake error (dereferencing a + 0xffff...ffff pointer). This daemon handles the TLS protocol + when a non-whitelisted client sends a STARTTLS command to + postscreen(8). + +------------------------------------------------------------------- +Wed May 9 09:02:12 UTC 2018 - lnussel@suse.de + +- remove pre-requirements on sysvinit(network) and sysvinit(syslog). + There seems to be no good reason for that other than blowing up + the dependencies (bsc#1092408). + +------------------------------------------------------------------- +Mon Apr 9 09:32:56 UTC 2018 - adam.majer@suse.de + +- bsc#1071807 postfix-SuSE/config.postfix: only reload postfix + if the actual service is running. This prevents spurious + and irrelevant error messages in system logs. + +------------------------------------------------------------------- +Thu Mar 22 14:20:20 UTC 2018 - varkoly@suse.com + +- bsc#1082514 autoyast: postfix gets not set myhostname properly - + set to localhost + +------------------------------------------------------------------- +Mon Mar 12 13:43:43 UTC 2018 - ilya@ilya.pp.ua + +- Refresh spec-file via spec-cleaner and manual optinizations. + * Add %license macro. + * Set license to IPL-1.0 OR EPL-2.0. +- Update to 3.3.0 + * http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.0.RELEASE_NOTES + * Dual license: in addition to the historical IBM Public License + 1.0, Postfix is now also distributed with the more recent Eclipse + Public License 2.0. Recipients can choose to take the software + under the license of their choice. Those who are more comfortable + with the IPL can continue with that license. + * The postconf command now warns about unknown parameter names + in a Postfix database configuration file. As with other unknown + parameter names, these warnings can help to find typos early. + * Container support: Postfix 3.3 will run in the foreground with + "postfix start-fg". This requires that Postfix multi-instance + support is disabled (the default). To collect Postfix syslog + information on the container's host, mount the host's /dev/log + socket into the container, for example with "docker run -v + /dev/log:/dev/log ...other options...", and specify a distinct + Postfix syslog_name setting in the container (for example with + "postconf syslog_name=the-name-here"). + * Milter support: applications can now send RET and ENVID parameters + in SMFIR_CHGFROM (change envelope sender) requests. + * Postfix-generated From: headers with 'full name' information + are now formatted as "From: name
" by default. Specify + "header_from_format = obsolete" to get the earlier form "From: + address (name)". + * Interoperability: when Postfix IPv6 and IPv4 support are both + enabled, the Postfix SMTP client will now relax MX preferences + and attempt to schedule similar numbers of IPv4 and IPv6 + addresses. This works around mail delivery problems when a + destination announces lots of primary MX addresses on IPv6, but + is reachable only over IPv4 (or vice versa). The new behavior + is controlled with the smtp_balance_mx_inet_protocols parameter. + * Compatibility safety net: with compatibility_level < 1, the + Postfix SMTP server now warns for mail that would be blocked + by the Postfix 2.10 smtpd_relay_restrictions feature, without + blocking that mail. There still is a steady trickle of sites + that upgrade from an earlier Postfix version. + +------------------------------------------------------------------- +Tue Feb 13 10:39:37 UTC 2018 - varkoly@suse.com + +- bsc#1065411 Package postfix should require package system-user-nobody +- bsc#1080772 postfix smtpd throttle getting "hello" if no sasl auth + was configured + +------------------------------------------------------------------- +Thu Dec 7 15:02:14 UTC 2017 - dimstar@opensuse.org + +- Fix usage of fillup_only:-y is not a valid option to this macro. + +------------------------------------------------------------------- +Thu Nov 23 13:43:17 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Wed Nov 8 13:32:28 CET 2017 - kukuk@suse.de + +- Don't mark postfix.service as config file, this is no config + file. +- Some of the Requires(pre) are needed for post-install and at + runtime, fix the requires. + +------------------------------------------------------------------- +Mon Oct 30 12:12:08 UTC 2017 - michael@stroeder.com + +- update to 3.2.4 + * DANE interoperability. Postfix builds with OpenSSL 1.0.0 or + 1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS + records associated with an intermediate CA certificate. Problem + report and initial fix by Erwan Legrand. + * Missing dynamicmaps support in the Postfix sendmail command. + This broke authorized_submit_users settings that use a + dynamically-loaded map type. Problem reported by Ulrich Zehl. + +------------------------------------------------------------------- +Fri Oct 20 12:27:12 UTC 2017 - varkoly@suse.com + +- bnc#1059512 L3: Postfix Problem + The applied changes breaks existing postfix configurations because + daemon_directory was not adapted to the new value. + + +------------------------------------------------------------------- +Sun Oct 15 22:47:29 UTC 2017 - chris@computersalat.de + +- fix build for SLE + * nothing provides libnsl-devel + * add bcond_with libnsl + +------------------------------------------------------------------- +Wed Oct 4 10:58:28 UTC 2017 - varkoly@suse.com + +- bnc#1059512 L3: Postfix Problem + To manage multiple Postfix instances on a single host requires + that daemon_directory and shlib_directory is different to + avoid use of the shared directories also as per-instance directories. + For this reason daemon_directory was set to /usr/lib/postfix/bin/. + shlib_directory stands /usr/lib/postfix/. + +------------------------------------------------------------------- +Thu Sep 28 08:44:41 UTC 2017 - varkoly@suse.com + +- bnc#1016491 postfix raported to log "warning: group or other writable:" + on each symlink in config. + * Add fix-postfix-script.patch + +------------------------------------------------------------------- +Mon Sep 25 16:25:05 UTC 2017 - michael@stroeder.com + +- update to 3.2.3 + * Extension propagation was broken with "recipient_delimiter = .". + This change reverts a change that was trying to be too clever. + * The postqueue command would abort with a panic message after it + experienced an output write error while listing the mail queue. + This change restores a write error check that was lost with the + Postfix 3.2 rewrite of the vbuf_print formatter. + * Restored sanity checks for dynamically-specified width and precision + in format strings (%*, %.*, and %*.*). These checks were lost with + the Postfix 3.2 rewrite of the vbuf_print formatter. + +------------------------------------------------------------------- +Thu Aug 17 08:56:15 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Jul 27 10:31:01 UTC 2017 - varkoly@suse.com + +- bnc#1045264 L3: postmap problem + * Applying proposed patch of leen.meyer@ziggo.nl in bnc#771811 + +------------------------------------------------------------------- +Fri Jun 16 17:45:55 UTC 2017 - michael@stroeder.com + +- update to 3.2.2 + * Security: Berkeley DB versions 2 and later try to read settings + from a file DB_CONFIG in the current directory. This undocumented + feature may introduce undisclosed vulnerabilities resulting in + privilege escalation with Postfix set-gid programs (postdrop, + postqueue) before they chdir to the Postfix queue directory, + and with the postmap and postalias commands depending on whether + the user's current directory is writable by other users. This + fix does not change Postfix behavior for Berkeley DB versions + < 3, but it does reduce postmap and postalias 'create' performance + with Berkeley DB versions 3.0 .. 4.6. + * The SMTP server receive_override_options were not restored at + the end of an SMTP session, after the options were modified by + an smtpd_milter_maps setting of "DISABLE". Milter support + remained disabled for the life time of the smtpd process. + * After the Postfix 3.2 address/domain table lookup overhaul, the + check_sender_access and check_recipient_access features ignored + a non-default parent_domain_matches_subdomains setting. + +------------------------------------------------------------------- +Wed Apr 19 20:36:03 UTC 2017 - chris@computersalat.de + +- revert changes of postfix-main.cf.patch from rev=261 + * config.postfix will not 'enable' (remove #) var, but place + modified (enabled) var at end of file, far away from place + where it should be + * keep vars enabled but empty + +------------------------------------------------------------------- +Thu Apr 13 09:18:45 UTC 2017 - werner@suse.de + +- Some cleanups + * Fix SUSE postfix-files to avoid chown errors (anyway this file + seems to be obsolete) + * Avoid installing shared libraries twice + * Refresh patch postfix-linux45.patch + +------------------------------------------------------------------- +Sat Apr 8 15:06:14 UTC 2017 - chris@computersalat.de + +- update postfix-master.cf.patch + * recover lost (with 3.2.0 update) submission, smtps sections + * merge with upstream update +- update config.postfix + * update master.cf generation for submission +- rebase patches against 3.2.0 + * pointer_to_literals.patch + * postfix-no-md5.patch + * postfix-ssl-release-buffers.patch + * postfix-vda-v14-3.0.3.patch + +------------------------------------------------------------------- +Mon Mar 20 18:01:36 CET 2017 - kukuk@suse.de + +- Require system group mail +- Use mail group name instead of GID + +------------------------------------------------------------------- +Mon Mar 6 21:27:38 UTC 2017 - mrueckert@suse.de + +- update to 3.2.0 + - [Feature 20170128] Postfix 3.2 fixes the handling of address + extensions with email addresses that contain spaces. For + example, the virtual_alias_maps, canonical_maps, and + smtp_generic_maps features now correctly propagate an address + extension from "aa bb+ext"@example.com to "cc + dd+ext"@other.example, instead of producing broken output. + - [Feature 20161008] "PASS" and "STRIP" actions in + header/body_checks. "STRIP" is similar to "IGNORE" but also + logs the action, and "PASS" disables header, body, and Milter + inspection for the remainder of the message content. + Contributed by Hobbit. + - [Feature 20160330] The collate.pl script by Viktor Dukhovni for + grouping Postfix logfile records into "sessions" based on queue + ID and process ID information. It's in the auxiliary/collate + directory of the Postfix source tree. + - [Feature 20160527] Postfix 3.2 cidr tables support if/endif and + negation (by prepending ! to a pattern), just like regexp and + pcre tables. The primarily purpose is to improve readability + of complex tables. See the cidr_table(5) manpage for syntax + details. + - [Incompat 20160925] In the Postfix MySQL database client, the + default option_group value has changed to "client", to enable + reading of "client" option group settings in the MySQL options + file. This fixes a "not found" problem with Postfix queries + that contain UTF8-encoded non-ASCII text. Specify an empty + option_group value (option_group =) to get backwards-compatible + behavior. + - [Feature 20161217] Stored-procedure support for MySQL + databases. Contributed by John Fawcett. See mysql_table(5) for + instructions. + - [Feature 20170128] The postmap command, and the inline: and + texthash: maps now support spaces in left-hand field of the + lookup table "source text". Use double quotes (") around a + left-hand field that contains spaces, and use backslash (\) to + protect embedded quotes in a left-hand field. There is no + change in the processing of the right-hand field. + - [Feature 20160611] The Postfix SMTP server local IP address and + port are available in the policy delegation protocol (attribute + names: server_address, server_port), in the Milter protocol + (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT + protocol (attribute names: DESTADDR, DESTPORT). + - [Feature 20161024] smtpd_milter_maps support for per-client + Milter configuration that overrides smtpd_milters, and that has + the same syntax. A lookup result of "DISABLE" turns off Milter + support. See MILTER_README.html for details. + - [Feature 20160611] The Postfix SMTP server local IP address and + port are available in the policy delegation protocol (attribute + names: server_address, server_port), in the Milter protocol + (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT + protocol (attribute names: DESTADDR, DESTPORT). + - [Incompat 20170129] The postqueue command no longer forces all + message arrival times to be reported in UTC. To get the old + behavior, set TZ=UTC in main.cf:import_environment (this + override is not recommended, as it affects all Postfix utities + and daemons). + - [Incompat 20161227] For safety reasons, the sendmail -C option + must specify an authorized directory: the default configuration + directory, a directory that is listed in the default main.cf + file with alternate_config_directories or + multi_instance_directories, or the command must be invoked with + root privileges (UID 0 and EUID 0). This mitigates a recurring + problem with the PHP mail() function. + - [Feature 20160625] The Postfix SMTP server now passes remote + client and local server network address and port information to + the Cyrus SASL library. Build with ``make makefiles + "CCARGS=$CCARGS -DNO_IP_CYRUS_SASL_AUTH"'' for backwards + compatibility. + - [Feature 20161103] Postfix 3.2 disables the 'transitional' + compatibility between the IDNA2003 and IDNA2008 standards for + internationalized domain names (domain names beyond the limits + of US-ASCII). + + This change makes Postfix behavior consistent with contemporary + web browsers. It affects the handling of some corner cases such + as German sz and Greek zeta. See + http://unicode.org/cldr/utility/idna.jsp for more examples. + + Specify "enable_idna2003_compatibility = yes" to restore + historical behavior (but keep in mind that the rest of the + world may not make that same choice). + - [Feature 20160828] Fixes for deprecated OpenSSL 1.1.0 API + features, so that Postfix will build without depending on + backwards-compatibility support. + + [Incompat 20161204] Postfix 3.2 removes tentative features that + were implemented before the DANE spec was finalized: + + - Support for certificate usage PKIX-EE(1), + + - The ability to disable digest agility (Postfix now behaves as + if "tls_dane_digest_agility = on"), and + + - The ability to disable support for "TLSA 2 [01] [12]" records + that specify the digest of a trust anchor (Postfix now + behaves as if "tls_dane_trust_anchor_digest_enable = yes). + - [Feature 20161217] Postfix 3.2 enables elliptic curve + negotiation with OpenSSL >= 1.0.2. This changes the default + smtpd_tls_eecdh_grade setting to "auto", and introduces a new + parameter tls_eecdh_auto_curves with the names of curves that + may be negotiated. + + The default tls_eecdh_auto_curves setting is determined at + compile time, and depends on the Postfix and OpenSSL versions. + At runtime, Postfix will skip curve names that aren't supported + by the OpenSSL library. + - [Feature 20160611] The Postfix SMTP server local IP address and + port are available in the policy delegation protocol (attribute + names: server_address, server_port), in the Milter protocol + (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT + protocol (attribute names: DESTADDR, DESTPORT). +- refresh postfix-master.cf.patch + +------------------------------------------------------------------- +Mon Mar 6 14:04:13 UTC 2017 - wr@rosenauer.org + +- make sure that system users can be created in %pre + +------------------------------------------------------------------- +Sat Feb 18 14:01:35 UTC 2017 - kukuk@suse.com + +- Fix requires: + - shadow is needed for postfix-mysql pre-install section + - insserv is not needed if systemd is used + +------------------------------------------------------------------- +Sat Jan 21 23:27:34 UTC 2017 - chris@computersalat.de + +- update postfix-mysql + * update mysql_*.cf files + * update postfix-mysql.sql (INNODB, utf8) +- update postfix-main.cf.patch + * uncomment smtpd_sasl_path, smtpd_sasl_type + can be changed via POSTFIX_SMTP_AUTH_SERVICE=(cyrus,dovecot) + * add option for smtp_tls_policy_maps (commented) +- update postfix-master.cf.patch + * fix indentation of submission, smtps options for correct + enabling via config.postfix +- update config.postfix + * fix sync of CA certificates + * fix master.cf generation for submission, smtps +- rebase postfix-vda-v14-3.0.3.patch + +------------------------------------------------------------------- +Wed Jan 11 14:07:35 UTC 2017 - varkoly@suse.com + +- FATE#322322 Update postfix to version 3.X + Merging changes with SLES12-SP2 + Removeved patches: add_missed_library.patch bnc#947707.diff dynamic_maps.patch postfix-db6.diff + postfix-opensslconfig.patch bnc#947519.diff dynamic_maps_pie.patch + postfix-post-install.patch + These are included in the new version of postfix +- Remove references to SuSEconfig.postfix from sysconfig docs. + (bsc#871575) +- bnc#947519 SuSEconfig.postfix should enforce umask 022 +- bnc#947707 mail generated by Amavis being prevented from being re-adressed by /etc/postfix/virtual +- bnc#972346 /usr/sbin/SuSEconfig.postfix is wrong +- postfix-linux45.patch: handle Linux 4.x and Linux 5.x (used by aarch64) + (bsc#940289) + +------------------------------------------------------------------- +Tue Jan 3 12:20:18 UTC 2017 - varkoly@suse.com + +- update to 3.1.4 + * The postscreen daemon did not merge the client test status information + for concurrent sessions from the same IP address. + * The Postfix SMTP server falsely rejected a sender address when validating + a sender address with "smtpd_reject_unlisted_recipient = yes" or with + "reject_unlisted_sender". Cause: the address validation code did not query sender_canonical_maps. + * The virtual delivery agent did not detect failure to skip to the end + of a mailbox file, so that mail would be delivered to the beginning of the file. + This could happen when a mailbox file was already larger than the virtual mailbox size limit. + * The postsuper logged an incorrect rename operation count after creating a missing directory. + * The Postfix SMTP server falsely rejected mail when a sender-dependent "error" + transport was configured. Cause: the SMTP server address validation code + was not updated when the sender_dependent_default_transport_maps feature + was introduced. + * The Postfix SMTP server falsely rejected an SMTPUTF8 sender address, when "smtpd_delay_reject = no". + * The "postfix tls deploy-server-cert" command used the wrong certificate + and key file. This was caused by a cut-and-paste error in the postfix-tls-script file. + +------------------------------------------------------------------- +Sat Nov 26 15:43:57 UTC 2016 - chris@computersalat.de + +- improve config.postfix + * improve SASL stuff + * add POSTFIX_SMTP_AUTH_SERVICE=(cyrus|dovecot) + +------------------------------------------------------------------- +Mon Nov 14 21:53:18 UTC 2016 - chris@computersalat.de + +- improve config.postfix + * improve with MySQL stuff + +------------------------------------------------------------------- +Mon Nov 7 13:35:38 UTC 2016 - chris@computersalat.de + +- update vda patch to latest available + * remove postfix-vda-v13-3.10.0.patch + * add postfix-vda-v14-3.0.3.patch +- rebase patches (and to be p0) + * pointer_to_literals.patch + * postfix-main.cf.patch + * postfix-master.cf.patch + * postfix-no-md5.patch + * postfix-ssl-release-buffers.patch +- add /etc/postfix/ssl as default DIR for SSL stuff + * cacerts -> ../../ssl/certs/ + * certs/ +- revert POSTFIX_SSL_PATH from '/etc/ssl' to '/etc/postfix/ssl' +- improve config.postfix + * revert smtpd_tls_CApath to POSTFIX_SSL_PATH/cacerts which is a + symlink to /etc/ssl/certs + Without reverting, 'gen_CA' would create files which would then be on + the previous defined 'sslpath(/etc/ssl)/certs' (smtpd_tls_CApath) + Cert reqs would be placed in 'sslpath(/etc/ssl)/certs/postfixreq.pem' + which is not a good idea. + * mkchroot: sync '/etc/postfix/ssl' to chroot + * improve PCONF for smtp{,d}_tls_{cert,key}_file, adding/removing from + main.cf, show warning if enabled and file is missing + +------------------------------------------------------------------- +Sun Oct 9 20:11:34 UTC 2016 - michael@stroeder.com + +- update to 3.1.3: + * The Postfix SMTP server did not reset a previous session's + failed/total command counts before rejecting a client that + exceeds request or concurrency rates. This resulted in incorrect + failed/total command counts being logged at the end of the + rejected session. + * The unionmap multi-table interface did not propagate table + lookup errors, resulting in false "user unknown" responses. + * The documentation was updated with a workaround for false "not + found" errors with MySQL map queries that contain UTF8-encoded + text. The workaround is to specify "option_group = client" in + Postfix MySQL configuration files. This will be the default + setting with Postfix 3.2 and later. + +------------------------------------------------------------------- +Sun Sep 4 15:33:27 UTC 2016 - michael@stroeder.com + +- update to 3.1.2: + * Changes to make Postfix build with OpenSSL 1.1.0. + * The makedefs script ignored readme_directory=pathname overrides. + Fix by Todd C. Olson. + * The tls_session_ticket_cipher documentation says that the default + cipher for TLS session tickets is aes-256-cbc, but the implemented + default was aes-128-cbc. Note that TLS session ticket keys are + rotated after 1/2 hour, to limit the impact of attacks on session + ticket keys. + +------------------------------------------------------------------- +Thu Jun 2 12:26:17 UTC 2016 - schwab@suse.de + +- postfix-post-install.patch: remove empty patch + +------------------------------------------------------------------- +Sun May 29 16:45:30 UTC 2016 - chris@computersalat.de + +- fix Changelog cause of Factory decline + +------------------------------------------------------------------- +Tue May 24 13:18:55 UTC 2016 - varkoly@suse.com + +- Fix typo in config.postfix + +------------------------------------------------------------------- +Tue May 24 04:29:41 UTC 2016 - varkoly@suse.com + +- bnc#981097 config.postfix creates broken main.cf for tls client configuration +- bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete +- update to 3.1.1: +- The new address_verify_pending_request_limit + parameter introduces a safety limit for the number of address + verification probes in the active queue. The default limit is 1/4 + of the active queue maximum size. The queue manager enforces the + limit by tempfailing probe messages that exceed the limit. This + design avoids dependencies on global counters that get out of sync + after a process or system crash. +- Machine-readable, JSON-formatted queue listing with "postqueue -j" + (no "mailq" equivalent). +- The milter_macro_defaults feature provides an optional list of macro + name=value pairs. These specify default values for Milter macros when + no value is available from the SMTP session context. +- Support to enforce a destination-independent delay between email + deliveries. The following example inserts 20 seconds of delay + between all deliveries with the SMTP transport, limiting the delivery + rate to at most three messages per minute. + smtp_transport_rate_delay = 20s +- Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes + that a "not found" result from a DNSBL server will be valid for one + hour. This may have been adequate five years ago when postscreen + was first implemented, but nowadays, that one hour can result in + missed opportunities to block new spambots. + To address this, postscreen now respects the TTL of DNSBL "not + found" replies, as well as the TTL of DNSWL replies (both "found" + and "not found"). The TTL for a "not found" reply is determined + according to RFC 2308 (the TTL of an SOA record in the reply). + + Support for DNSBL or DNSWL reply TTL values is controlled by two + configuration parameters: + + postscreen_dnsbl_min_ttl (default: 60 seconds). + postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour) + + The postscreen_dnsbl_ttl parameter is now obsolete, and has become + the default value for the new postscreen_dnsbl_max_ttl parameter. +- New "smtpd_client_auth_rate_limit" feature, to + enforce an optional rate limit on AUTH commands per SMTP client IP + address. Similar to other smtpd_client_*_rate_limit features, this + enforces a limit on the number of requests per $anvil_rate_time_unit. +- New SMTPD policy service attribute "policy_context", + with a corresponding "smtpd_policy_service_policy_context" configuration + parameter. Originally, this was implemented to share the same SMTPD + policy service endpoint among multiple check_policy_service clients. +- A new "postfix tls" command to quickly enable opportunistic TLS + in the Postfix SMTP client or server, and to manage SMTP server keys + and certificates, including certificate signing requests and + TLSA DNS records for DANE. + +------------------------------------------------------------------- +Tue Apr 19 07:59:32 UTC 2016 - opensuse@dstoecker.de + +- build with working support for SMTPUTF8 + +------------------------------------------------------------------- +Sun Mar 20 14:11:27 UTC 2016 - mrueckert@suse.de + +- fix build on sle11 by pointing _libexecdir to /usr/lib all the + time. + +------------------------------------------------------------------- +Sun Mar 20 13:46:56 UTC 2016 - mrueckert@suse.de + +- some distros did not pull pkgconfig indirectly. pull it directly. + +------------------------------------------------------------------- +Sun Mar 20 08:19:23 UTC 2016 - mrueckert@suse.de + +- fix building the dynamic maps: the old build had postgresql e.g. + with missing symbols. + - convert to AUXLIBS_* instead of plain AUXLIBS which is needed + for proper dynamic maps. + - reordered the CCARGS and AUXLIBS* lines to group by feature + - use pkgconfig or *_config tools where possible +- picked up signed char from fedora spec file +- enable lmdb support: new BR lmdb-devel, new subpackage + postfix-lmdb. +- don't delete vmail user/groups + +------------------------------------------------------------------- +Wed Mar 9 13:06:35 UTC 2016 - varkoly@suse.com + +- update to 3.1.0 +- Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, + lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. + Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch + could be removed. +- Adapting all the patches to postfix 3.1.0 +- remove obsolete patches + * add_missed_library.patch + * postfix-opensslconfig.patch +- update vda patch + * remove postfix-vda-v13-2.10.0.patch + * add postfix-vda-v13-3.10.0.patch +- The patch postfix-db6.diff is not more neccessary + +- Backwards-compatibility safety net. + With NEW Postfix installs, you MUST install a main.cf file with + the setting "compatibility_level = 2". See conf/main.cf for an + example. + + With UPGRADES of existing Postfix systems, you MUST NOT change the + main.cf compatibility_level setting, nor add this setting if it + does not exist. + + Several Postfix default settings have changed with Postfix 3.0. To + avoid massive frustration with existing Postfix installations, + Postfix 3.0 comes with a safety net that forces Postfix to keep + running with backwards-compatible main.cf and master.cf default + settings. This safety net depends on the main.cf compatibility_level + setting (default: 0). Details are in COMPATIBILITY_README. + +- Major changes - tls +* [Feature 20160207] A new "postfix tls" command to quickly enable + opportunistic TLS in the Postfix SMTP client or server, and to + manage SMTP server keys and certificates, including certificate + signing requests and TLSA DNS records for DANE. +* As of the middle of 2015, all supported Postfix releases no longer + nable "export" grade ciphers for opportunistic TLS, and no longer + use the deprecated SSLv2 and SSLv3 protocols for mandatory or + opportunistic TLS. +* [Incompat 20150719] The default Diffie-Hellman non-export prime was + updated from 1024 to 2048 bits, because SMTP clients are starting + to reject TLS handshakes with primes smaller than 2048 bits. +* [Feature 20160103] The Postfix SMTP client by default enables DANE + policies when an MX host has a (DNSSEC) secure TLSA DNS record, + even if the MX DNS record was obtained with insecure lookups. The + existence of a secure TLSA record implies that the host wants to + talk TLS and not plaintext. For details see the + smtp_tls_dane_insecure_mx_policy configuration parameter. + +- Major changes - default settings + [Incompat 20141009] The default settings have changed for relay_domains + (new: empty, old: $mydestination) and mynetworks_style (new: host, + old: subnet). However the backwards-compatibility safety net will + prevent these changes from taking effect, giving the system + administrator the option to make an old default setting permanent + in main.cf or to adopt the new default setting, before turning off + backwards compatibility. See COMPATIBILITY_README for details. + + [Incompat 20141001] A new backwards-compatibility safety net forces + Postfix to run with backwards-compatible main.cf and master.cf + default settings after an upgrade to a newer but incompatible Postfix + version. See COMPATIBILITY_README for details. + + While the backwards-compatible default settings are in effect, + Postfix logs what services or what email would be affected by the + incompatible change. Based on this the administrator can make some + backwards-compatibility settings permanent in main.cf or master.cf, + before turning off backwards compatibility. + +- Major changes - address verification safety + [Feature 20151227] The new address_verify_pending_request_limit + parameter introduces a safety limit for the number of address + verification probes in the active queue. The default limit is 1/4 + of the active queue maximum size. The queue manager enforces the + limit by tempfailing probe messages that exceed the limit. This + design avoids dependencies on global counters that get out of sync + after a process or system crash. + + Tempfailing verify requests is not as bad as one might think. The + Postfix verify cache proactively updates active addresses weeks + before they expire. The address_verify_pending_request_limit affects + only unknown addresses, and inactive addresses that have expired + from the address verify cache (by default, after 31 days). + +- Major changes - json support + [Feature 20151129] Machine-readable, JSON-formatted queue listing + with "postqueue -j" (no "mailq" equivalent). The output is a stream + of JSON objects, one per queue file. To simplify parsing, each + JSON object is formatted as one text line followed by one newline + character. See the postqueue(1) manpage for a detailed description + of the output format. + +- Major changes - milter support + [Feature 20150523] The milter_macro_defaults feature provides an + optional list of macro name=value pairs. These specify default + values for Milter macros when no value is available from the SMTP + session context. + + For example, with "milter_macro_defaults = auth_type=TLS", the + Postfix SMTP server will send an auth_type of "TLS" to a Milter, + unless the remote client authenticates with SASL. + + This feature was originally implemented for a submission service + that may authenticate clients with a TLS certificate, without having + to make changes to the code that implements TLS support. + +- Major changes - output rate control + + [Feature 20150710] Destination-independent delivery rate delay + + Support to enforce a destination-independent delay between email + deliveries. The following example inserts 20 seconds of delay + between all deliveries with the SMTP transport, limiting the delivery + rate to at most three messages per minute. + + /etc/postfix/main.cf: + smtp_transport_rate_delay = 20s + + For details, see the description of default_transport_rate_delay + and transport_transport_rate_delay in the postconf(5) manpage. + +- Major changes - postscreen dnsbl + [Feature 20150710] postscreen support for the TTL of DNSBL and DNSWL + lookup results + + Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes + that a "not found" result from a DNSBL server will be valid for one + hour. This may have been adequate five years ago when postscreen + was first implemented, but nowadays, that one hour can result in + missed opportunities to block new spambots. + + To address this, postscreen now respects the TTL of DNSBL "not + found" replies, as well as the TTL of DNSWL replies (both "found" + and "not found"). The TTL for a "not found" reply is determined + according to RFC 2308 (the TTL of an SOA record in the reply). + + Support for DNSBL or DNSWL reply TTL values is controlled by two + configuration parameters: + + postscreen_dnsbl_min_ttl (default: 60 seconds). + + This parameter specifies a minimum for the amount of time that + a DNSBL or DNSWL result will be cached in the postscreen_cache_map. + This prevents an excessive number of postscreen cache updates + when a DNSBL or DNSWL server specifies a very small reply TTL. + + postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour) + + This parameter specifies a maximum for the amount of time that + a DNSBL or DNSWL result will be cached in the postscreen_cache_map. + This prevents cache pollution when a DNSBL or DNSWL server + specifies a very large reply TTL. + + The postscreen_dnsbl_ttl parameter is now obsolete, and has become + the default value for the new postscreen_dnsbl_max_ttl parameter. + +- Major changes - sasl auth safety + [Feature 20151031] New "smtpd_client_auth_rate_limit" feature, to + enforce an optional rate limit on AUTH commands per SMTP client IP + address. Similar to other smtpd_client_*_rate_limit features, this + enforces a limit on the number of requests per $anvil_rate_time_unit. + +- Major changes - smtpd policy + [Feature 20150913] New SMTPD policy service attribute "policy_context", + with a corresponding "smtpd_policy_service_policy_context" configuration + parameter. Originally, this was implemented to share the same SMTPD + policy service endpoint among multiple check_policy_service clients. + +------------------------------------------------------------------- +Wed Dec 9 14:05:22 UTC 2015 - varkoly@suse.com + +- bnc#958329 postfix fails to start when openslp is not installed + +------------------------------------------------------------------- +Mon Oct 12 20:49:27 UTC 2015 - michael@stroeder.com + +- upstream update postfix 2.11.7: + * The Postfix Milter client aborted with a panic while adding a + message header, after adding a short message header with the + header_checks PREPEND action. Fixed by invoking the header + output function while PREPENDing a message header. + * False alarms while scanning the Postfix queue. Fixed by resetting + errno before calling readdir(). This defect was introduced + 19970309. + * The postmulti command produced an incorrect error message. + * The postmulti command now refuses to create a new MTA instance + when the template main.cf or master.cf file are missing. This + is a common problem on Debian-like systems. + * Turning on Postfix SMTP server HAProxy support broke TLS + wrappermode. Fixed by temporarily using a 1-byte VSTREAM buffer + to read the HAProxy connection hand-off information. + * The xtext_unquote() function did not propagate error reports + from xtext_unquote_append(), causing the decoder to return + partial output, instead of rejecting malformed input. The Postfix + SMTP server uses this function to parse input for the ENVID and + ORCPT parameters, and for XFORWARD and XCLIENT command parameters. + +------------------------------------------------------------------- +Wed Aug 12 10:51:51 UTC 2015 - jkeil@suse.de + +- boo#934060: Remove quirky hostname logic from config.postfix + * /etc/hostname doesn't contain anything useful + * linux.local is no good either + * postfix will use `hostname`.localdomain as fallback + +------------------------------------------------------------------- +Tue Aug 4 09:09:04 UTC 2015 - meissner@suse.com + +- postfix-no-md5.patch: replace fingerprint defaults by sha1. bsc#928885 + +------------------------------------------------------------------- +Tue Aug 4 09:07:25 UTC 2015 - meissner@suse.com + +- %verifyscript is a new section, move it out of the %ifdef + so the fillups are run afterwards. + +------------------------------------------------------------------- +Wed Jul 22 16:44:44 UTC 2015 - michael@stroeder.com + +- upstream update postfix 2.11.6: + Default settings have been updated so that they no longer enable + export-grade ciphers, and no longer enable the SSLv2 and SSLv3 + protocols. +- removed postfix-2.11.5_linux4.patch because it's obsolete +- Bugfix (introduced: Postfix 2.11): with connection caching + enabled (the default), recipients could be given to the wrong + mail server. (bsc#944722) + +------------------------------------------------------------------- +Mon Jun 1 22:25:51 UTC 2015 - crrodriguez@opensuse.org + +- postfix-SuSE.tar.gz/postfix.service: None of + nss-lookup.target network.target local-fs.target time-sync.target + should be Wanted or Required except by the services + the implement the relevant functionality i.e network.target + is wanted/required by networkmanager, wicked, + systemd-network. other software must be ordered After them, + see systemd.special(7) + +------------------------------------------------------------------- +Sun May 17 18:41:52 UTC 2015 - mpluskal@suse.com + +- Fix library symlink generation (boo#928662) + +------------------------------------------------------------------- +Tue Apr 21 09:55:44 UTC 2015 - mrueckert@suse.de + +- added postfix-2.11.5_linux4.patch: + Allow building on kernel 4. Patch taken from: + https://groups.google.com/forum/#!topic/mailing.postfix.users/fufS22sMGWY + +------------------------------------------------------------------- +Sun Apr 19 23:03:25 UTC 2015 - mrueckert@suse.de + +- update to postfix 2.11.5 + - Bugfix (introduced: Postfix 2.6): + sender_dependent_relayhost_maps ignored the relayhost setting + in the case of a DUNNO lookup result. It would use the + recipient domain instead. Viktor Dukhovni. Wietse took the + pieces of code that enforce the precedence of a + sender-dependent relayhost, the global relayhost, and the + recipient domain, and put that code together in once place so + that it is easier to maintain. File: + trivial-rewrite/resolve.c. + - Bitrot: prepare for future changes in OpenSSL API. Viktor + Dukhovni. File: tls_dane.c. + - Incompatibility: specifying "make makefiles" with "CC=command" + will no longer override the default WARN setting. + +------------------------------------------------------------------- +Mon Feb 9 18:01:38 UTC 2015 - michael@stroeder.com + +- upstream update postfix 2.11.4: + +Postfix 2.11.4 only: + +* Fix a core dump when smtp_policy_maps specifies an invalid TLS + level. + +* Fix a missing " in \%s\", in postconf(1) fatal error messages, + which violated the C language spec. Reported by Iain Hibbert. + +All supported releases: + +* Stop excessive recursion in the cleanup server while recovering + from a virtual alias expansion loop. Problem found at Two Sigma. + +* Stop exponential memory allocation with virtual alias expansion + loops. This came to light after fixing the previous problem. + +------------------------------------------------------------------- +Sun Feb 8 13:08:36 UTC 2015 - varkoly@suse.com + +- correct pf_daemon_directory in spec. This must be /usr/lib/ + +------------------------------------------------------------------- +Thu Jan 22 09:36:09 UTC 2015 - varkoly@suse.com + +- bnc#914086 syntax error in config.postfix +- Adapt config.postfix to be able to run on SLE11 too. + +------------------------------------------------------------------- +Mon Jan 19 22:15:30 UTC 2015 - mpluskal@suse.com + +- Don't install sysvinit script when systemd is used +- Make explicit PreReq dependencies conditional only for older + systems +- Don't try to set explicit attributes to symlinks +- Cleanup spec file vith spec-cleaner + +------------------------------------------------------------------- +Tue Jan 13 07:04:52 UTC 2015 - varkoly@suse.com + +- bnc#912594 config.postfix creates config based on old options + +------------------------------------------------------------------- +Tue Jan 6 14:26:51 UTC 2015 - varkoly@suse.com + +- bnc#911806 config.postfix does not set up correct saslauthd socket directory for chroot +- bnc#910265 config.postfix does not upgrade the chroot +- bnc#908003 wrong access rights on /usr/sbin/postdrop causes + permission denied when trying to send a mail as non root user +- bnc#729154 wrong permissions for some postfix components + +------------------------------------------------------------------- +Fri Nov 21 14:49:19 UTC 2014 - tchvatal@suse.com + +- Remove keyring and things as it is md5 based one no longer + accepted by gpg 2.1 + +------------------------------------------------------------------- +Fri Nov 14 09:19:00 UTC 2014 - dimstar@opensuse.org + +- No longer perform gpg validation; osc source_validator does it + implicit: + + Drop gpg-offline BuildRequires. + + No longer execute gpg_verify. + +------------------------------------------------------------------- +Mon Oct 27 18:22:02 UTC 2014 - dmueller@suse.com + +- restore previously lost fix: + Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de + - Ignore errors in %pre/%post. + +------------------------------------------------------------------- +Mon Oct 20 07:52:39 UTC 2014 - michael@stroeder.com + +- postfix 2.11.3: + + * Fix for configurations that prepend message headers with Postfix + access maps, policy servers or Milter applications. Postfix now + hides its own Received: header from Milters and exposes prepended + headers to Milters, regardless of the mechanism used to prepend + a header. This fix reverts a partial solution that was released + on October 13, 2014, and replaces it with a complete solution. + * Portability fix for MacOS X 10.7.x (Darwin 11.x) build procedure. + +- postfix 2.11.2: + + * Fix for DMARC implementations based on SPF policy plus DKIM + Milter. The PREPEND access/policy action added headers ABOVE + Postfix's own Received: header, exposing Postfix's own Received: + header to Milters (protocol violation) and hiding the PREPENDed + header from Milters. PREPENDed headers are now added BELOW + Postfix's own Received: header and remain visible to Milters. + * The Postfix SMTP server logged an incorrect client name in + reject messages for check_reverse_client_hostname_access and + check_reverse_client_hostname_{mx,ns}_access. They replied with + the verified client name, instead of the name that was rejected. + * The qmqpd daemon crashed with null pointer bug when logging a + lost connection while not in a mail transaction. + +------------------------------------------------------------------- +Sun Sep 14 16:50:57 UTC 2014 - andreas.stieger@gmx.de + +- switch from md5 based signature to one using the SHA-512 digest + algorithm supplied by maintainer on ML to pass source_validator + +------------------------------------------------------------------- +Sat Sep 13 21:44:41 UTC 2014 - andreas.stieger@gmx.de + +- postfix 2.11.1: + * With connection caching enabled (the default), recipients could + be given to the wrong mail server. + * Enforce TLS when TLSA records exist, but all are unusable. + * Don't leak memory when TLSA records exist, but all are unusable. + * Prepend "-I. -I../../include" to the compiler command-line + options, to avoid name clashes with non-Postfix header files. + * documentation fixes + * logging fixes + +------------------------------------------------------------------- +Fri Aug 29 15:40:00 UTC 2014 - rusjako@rus.uni-stuttgart.de + +- fix dynamic_maps patch to enable memcache support, which does not + need any libraries + +------------------------------------------------------------------- +Thu Jul 31 12:44:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Fri Jun 27 23:16:21 UTC 2014 - chris@computersalat.de + +- fix typo in postfix-SuSE/update_chroot.systemd +- fix config.postfix + * 'insserv amavis' -> 'chkconfig amavis on' +- rework main.cf patch + * fix virtual stuff + * add some dovecot stuff +- rework master.cf patch + * add some dovecot stuff + +------------------------------------------------------------------- +Mon Jun 23 21:41:23 UTC 2014 - jamesp@vicidial.com + +- The included postfix-mysql.tar.bz2 was using a MySQL 4.1 style of + table engine specification. Modified so that the sql uses + 'ENGINE=' instead of 'TYPE=' for creating tables. + +------------------------------------------------------------------- +Mon Jun 23 15:17:52 UTC 2014 - varkoly@suse.com + +- bnc#816769 - config.postfix issues warnings about missing master.cf + +------------------------------------------------------------------- +Tue Jun 10 13:34:03 UTC 2014 - varkoly@suse.com + +- bnc#882033 - Package postfix has changed files according to rpm +- bnc#855688 - possible systemd bug: postfix & cifs dependency confict + +------------------------------------------------------------------- +Mon Jun 9 12:17:35 UTC 2014 - varkoly@suse.com + +- bnc#863350 - SuSEconfig.postfix complains about modified /etc/postfix/main.cf after updating postfix + +------------------------------------------------------------------- +Mon May 26 17:21:54 UTC 2014 - chris@computersalat.de + +- replace vda patch: + * add postfix-vda-v13-2.10.0.patch + * remove postfix-vda-v11-2.9.6.patch +- rebase patches +- config.postfix + * add master.cf support for submission (587) + * rework master.cf support for smtps + +------------------------------------------------------------------- +Wed Feb 12 15:10:27 UTC 2014 - varkoly@suse.com + +- bnc#862662 - Unable to configure postfix SMTP with forced TLS using YaST2 + +- Update to 2.11.0 + * TLS + o Support for PKI-less TLS server certificate verification, where + the CA public key or the server certificate is identified via DNSSEC lookup + * LMDB database support + * master + o The master_service_disable parameter value syntax has changed: + use "service/type" instead of "service.type". + * postconf: + o Support for advanced master.cf query and update operations. + This was implemented primarily to support automated system management tools. + o The postconf command produces more warnings + * relay safety + New smtpd_relay_restrictions parameter built-in default settings: + smtpd_relay_restrictions = + permit_mynetworks + permit_sasl_authenticated + defer_unauth_destination + * postscreen whitelisting + Allow a remote SMTP client to skip postscreen(8) tests based on + its postscreen_dnsbl_sites score. + +------------------------------------------------------------------- +Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de + +- Ignore errors in %pre/%post. + +------------------------------------------------------------------- +Thu Oct 3 02:47:54 UTC 2013 - crrodriguez@opensuse.org + +- two improvements for 13.1 and factory +* postfix-opensslconfig.patch call openSSL_config + so postfix respects the system's openssl configuration +* postfix-SuSE/postfix.service since a few months there + is no mail-transfer-agent.target, units must be ordered + after a list of smtpd implementations instead. + +------------------------------------------------------------------- +Fri Sep 20 04:48:08 UTC 2013 - varkoly@suse.com + +- Proc is not needed in chroot anymore + +------------------------------------------------------------------- +Tue Jul 30 14:34:01 UTC 2013 - schwab@suse.de + +- postfix-main.cf.patch: remove duplicate entry for inet_protocols + +------------------------------------------------------------------- +Mon Jun 17 10:50:08 UTC 2013 - chris@computersalat.de + +- fix for warning + * unused parameter: virtual_create_maildirsize=yes + * unused parameter: virtual_mailbox_extended=yes + * rework main.cf.patch +- fix rcpostfix for sysvinit systems + * /etc/postfix/system/update_postmaps: No such file or directory +- rebase patches + * vda-v11-2.9.5 -> vda-v11-2.9.6 +- fix file postfix-SuSE.tar.gz + * made a tar.gz + +------------------------------------------------------------------- +Sun Jun 16 02:12:07 UTC 2013 - jengelh@inai.de + +- postfix.spec forces the use of SSL and SASL libraries, + so make sure the BuildRequires are there + +------------------------------------------------------------------- +Fri Jun 14 01:33:52 UTC 2013 - jengelh@inai.de + +- Add postfix-db6.diff to fix compile abort with libdb-6.0 + +------------------------------------------------------------------- +Mon Apr 22 11:51:37 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/SourceUrls +- Add GPG verification + +------------------------------------------------------------------- +Sat Apr 20 05:46:00 UTC 2013 - crrodriguez@opensuse.org + +- postfix-SuSE/postfix.service do not Require or + order after syslog.target as it no longer exists + postfix will fail to start in the next systemd version. + +------------------------------------------------------------------- +Sat Feb 23 09:33:08 UTC 2013 - rmilasan@suse.com + +- Install postfix.service accordingly (/usr/lib/systemd for 12.3 + and up or /lib/systemd for older versions). + +------------------------------------------------------------------- +Wed Feb 6 19:56:57 UTC 2013 - varkoly@suse.com + +- update to 2,9.6 + Bugfix: the local(8) delivery agent dereferenced a null pointer + while delivering to null command (for example, "|" in a .forward file). + Bugfix: memory leak in program initialization. tls/tls_misc.c. + Bugfix: he undocumented OpenSSL X509_pubkey_digest() function is + unsuitable for computing certificate PUBLIC KEY fingerprints. + Postfix now provides a correct procedure that accounts for + the algorithm and parameters in addition to the key data. Specify + "tls_legacy_public_key_fingerprints = yes" if you need backwards compatibility. + +------------------------------------------------------------------- +Thu Jan 17 22:01:16 UTC 2013 - varkoly@suse.com + +- bnc#796162 - script to assign path elements not working in postfix install Build-0284(iso) + +------------------------------------------------------------------- +Thu Jan 10 18:23:56 UTC 2013 - chris@computersalat.de + +- rebase patches + * vda-v10-2.8.12 -> vda-v11-2.9.5 (and to be a p0) + * main, master, post-instal, ssl-release-buffers (remove version) + * dynamic_maps, dynamic_maps_pie, pointer_to_literals + +------------------------------------------------------------------- +Thu Jan 10 14:45:59 UTC 2013 - varkoly@suse.com + +- update to 2,9.5 + * tls support: + Support to turn off the TLSv1.1 and TLSv1.2 protocols: + To temporarily turn off problematic protocols globally: + /etc/postfix/main.cf: + smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 + smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 + However, it may be better to temporarily turn off problematic + protocols for broken sites only: + /etc/postfix/main.cf: + smtp_tls_policy_maps = hash:/etc/postfix/tls_policy + /etc/postfix/tls_policy: + example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2 + * 20111012 To simplify integration with third-party + applications, the Postfix sendmail command now always transforms + all input lines ending in into UNIX format (lines ending + in ). Specify "sendmail_fix_line_endings = strict" to restore + historical Postfix behavior (i.e. convert all input lines ending + in only if the first line ends in ). + * 20120114 Logfile-based alerting systems may need to be + updated to look for "error" messages in addition to "fatal" messages. + Specify "daemon_table_open_error_is_fatal = yes" to get the historical + behavior (immediate termination with "fatal" message). + * enable_long_queue_ids Postfix 2.9 introduces support for non-repeating queue IDs (also + used as queue file names). These names are encoded in a mix of upper + case, lower case and decimal digit characters. Long queue IDs are + disabled by default to avoid breaking tools that parse logfiles and + that expect queue IDs with the smaller [A-F0-9] character set. + * 20111209 memcache lookup and update support. This provides + a way to share postscreen(8) or verify(8) caches between Postfix + instances. See MEMCACHE_README and memcache_table(5) for details + and limitations. + * 20111218 To support external SASL authentication, e.g., + in an NGINX proxy daemon, the Postfix SMTP server now always checks + the smtpd_sender_login_maps table, even without having + "smtpd_sasl_auth_enable = yes" in main.cf. + * ipv6 + o The default inet_protocols value is now "all" instead of "ipv4", + meaning use both IPv4 and IPv6. + o The default smtp_address_preference value is now "any" instead + of "ipv6", meaning choose randomly between IPv6 and IPv4. With + this the Postfix SMTP client will have more success delivering + mail to sites that have problematic IPv6 configurations. + +------------------------------------------------------------------- +Sat Dec 15 16:33:24 UTC 2012 - chris@computersalat.de + +- update to 2.8.13 + * 20121029 + Workaround: strip datalink suffix from IPv6 addresses + returned by the system getaddrinfo() routine. Such suffixes + mess up the default mynetworks value, host name/address + verification and possibly more. This change obsoletes the + 20101108 change that removes datalink suffixes in the SMTP + and QMQP servers, but we leave that code alone. File: + util/myaddrinfo.c. + * 20121013 + Cleanup: to compute the LDAP connection cache lookup key, + join the numeric fields with null, just like string fields. + Viktor Dukhovni. File: global/dict_ldap.c. + * 20121010 + Bugfix (introduced: Postfix 2.5): memory leak in program + initialization. Reported by Coverity. File: tls/tls_misc.c. + Bugfix (introduced: Postfix 2.3): memory leak in the unused + oqmgr program. Reported by Coverity. File: oqmgr/qmgr_message.c. + * 20121003 + Bugfix: the postscreen_access_list feature was case-sensitive + in the first character of permit, reject, etc. Reported by + Feancis Picabia. File: global/server_acl.c. +- rebase dynamic_maps_pie patch +- rpmlint + * invalid-suse-version-check 1140 + * obsolete-suse-version-check 920 (changes file) + +------------------------------------------------------------------- +Fri Dec 14 06:03:42 UTC 2012 - varkoly@suse.com + +- bnc#790141 - Command SuSEconfig.postfix reports ERROR - + "can not find /lib/YaST/SuSEconfig.functions!!" + +------------------------------------------------------------------- +Thu Nov 8 11:33:33 UTC 2012 - varkoly@suse.com + +- bnc#782048 - postfix uses /sbin/conf.d +- bnc#784659 - remove SuSEconfig calls from yast2-mail + +------------------------------------------------------------------- +Fri Aug 10 18:56:59 UTC 2012 - chris@computersalat.de + +- update to 2.8.12 + * 20120730 + Bugfix (introduced: 20000314): AUTH is not allowed after + MAIL. Timo Sirainen. File: smtpd/smtpd_sasl_proto.c. + * 20120702 + Bugfix (introduced: 19990127): the BIFF client leaked an + unprivileged UDP socket. Fix by Jaroslav Skarvada. File: + local/biff_notify.c. + * 20120621 + Bugfix (introduced: Postfix 2.8): the unused "pass" trigger + client could close the wrong file descriptors. File: + util/unix_pass_trigger.c. +- fix for bnc#771303 + * add 'version = 3' to ldap_aliases.cf +- rebase patches + * main, master, post-install: 2.8.3 -> 2.8.12 + * ssl-release-buffers: 2.8.5 -> 2.8.12 + * vda-v10: 2.8.9 -> 2.8.12 + * dynamic_maps, dynamic_maps_pie, ipv6_disabled, pointer_to_literals +- fix changes file + +------------------------------------------------------------------- +Thu Jul 19 06:52:18 UTC 2012 - varkoly@suse.com + +- bnc#771811 - postfix update does not regenerate the maps + +------------------------------------------------------------------- +Mon Jun 11 09:51:22 UTC 2012 - varkoly@suse.com + +- update to 2.8.11 + * 20120520 + - Bugfix (introduced Postfix 2.4): the event_drain() function + was comparing bitmasks incorrectly causing the program to + always wait for the full time limit. This error affected + the unused postkick command, but only after s/fifo/unix/ + in master.cf. File: util/events.c. + - Cleanup: laptop users have always been able to avoid + unnecessary disk spin-up by doing s/fifo/unix/ in master.cf + (this is currently not supported on Solaris systems). + However, to make this work reliably, the "postqueue -f" + command must wait until its requests have reached the pickup + and qmgr servers before closing the UNIX-domain request + sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in. + +------------------------------------------------------------------- +Wed May 9 10:07:10 UTC 2012 - varkoly@suse.com + +- bnc#753910 - {name} instead of %{name} in postfix .spec +- bnc#756452 - VUL-1: postfix: VRFY allows enumerating users + +------------------------------------------------------------------- +Thu May 3 16:47:11 UTC 2012 - chris@computersalat.de + +- update to 2.8.10 + * 20120401 + Bitrot: shut up useless warnings about Cyrus SASL call-back + function pointer type mis-matches. Files: xsasl/xsasl_cyrus.h, + xsasl/xsasl_cyrus_server.c, xsasl/xsasl_client.c. + * 20120422 + Bit-rot: OpenSSL 1.0.1 introduces new protocols. Update the + known TLS protocol list so that protocols can be turned off + selectively to work around implementation bugs. Based on + a patch by Victor Duchovni. Files: proto/TLS_README.html, + proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c, + tls/tls_server.c. +- update to 2.8.9 + * 20120217 + Cleanup: missing #include statement for bugfix code added + 20111226. File: local/unknown.c. + * 20120214 + Bugfix (introduced: Postfix 2.4): extraneous null assignment + caused core dump when postlog emitted the "usage" message. + Reported by Kant (fnord.hammer). File: postlog/postlog.c. + * 20120202 + Bugfix (introduced: Postfix 2.3): the "change header" milter + request could replace the wrong header. A long header name + could match a shorter one, because a length check was done + on the wrong string. Reported by Vladimir Vassiliev. File: + cleanup/cleanup_milter.c. +- use latest VDA patch (2.8.9) + +------------------------------------------------------------------- +Thu Apr 12 08:15:06 UTC 2012 - varkoly@suse.com + +- bnc#756450 - postfix: remove version from banner + +------------------------------------------------------------------- +Mon Apr 9 16:13:28 UTC 2012 - bruno@ioda-net.ch + +- add port 587 smtp-auth submission to postfix-fw bnc#756289 + +------------------------------------------------------------------- +Mon Apr 2 22:09:00 CEST 2012 - dmueller@suse.de + +- set exit code explicitely in cond_slp, systemd checks for it + +------------------------------------------------------------------- +Tue Mar 13 13:35:13 UTC 2012 - varkoly@suse.com + +- Documentation for bnc#751994 - SuSEconfig module postfix does not exist + +------------------------------------------------------------------- +Wed Mar 7 06:31:05 UTC 2012 - varkoly@suse.com + +- rcpostfix now updates the aliases too + +------------------------------------------------------------------- +Mon Feb 27 16:35:56 UTC 2012 - chris@computersalat.de + +- update to 2.8.8 + Bugfixes: + tlsproxy(8) stored TLS sessions with a serverID of + "tlsproxy" instead of "smtpd", wasting an opportunity for + session reuse. File: tlsproxy/tlsproxy.c. + missing lookup table entry and terminator, causing + proxymap server segfault when postscreen(8) or verify(8) + attempted to access their cache via the proxymap server. + This could never have worked anyway, because the Postfix + 2.8 proxymap protocol does not support cache cleanup. File + util/dict.c. + the Postfix client sqlite + quoting routine returned the unquoted result instead of the + quoted text. The opportunities for misuse are limited, + because Postfix sqlite files are usually owned by root, and + Postfix daemons usually run with non-root privileges so + they can't corrupt the database. Problem reported by Rob + McGee (rob0). File: global/dict_sqlite.c. + the trace service did not + distinguish between notifications for a non-bounce or a + bounce message. This code pre-dates DSN support and should + have been updated when it was re-purposed to handle DSN + SUCCESS notifications. Problem reported by Sabahattin + Gucukoglu. File: bounce/bounce_trace_service.c. +- use latest VDA patch (2.8.5) + +------------------------------------------------------------------- +Wed Jan 25 15:12:38 UTC 2012 - varkoly@suse.com + +- bnc#743369 - yast2 mail module does not open the firewall +- Set MD5DIR in SuSEconfig.postfix to avoid warnings + +------------------------------------------------------------------- +Tue Jan 17 11:14:30 UTC 2012 - varkoly@suse.com + +- bnc738693 - upgrade from 11.4 enables mysql service for systemd + +------------------------------------------------------------------- +Thu Jan 12 12:18:17 UTC 2012 - varkoly@suse.com + +- Add postmap rebuild script to systemv init script too + +------------------------------------------------------------------- +Wed Jan 11 14:21:21 UTC 2012 - varkoly@suse.com + +- bnc#738900 - cyrus-imapd not receiving mail from postfix + +------------------------------------------------------------------- +Tue Dec 13 14:50:45 UTC 2011 - varkoly@suse.com + +- Move the post map rebuild script into the start script + +------------------------------------------------------------------- +Tue Dec 6 11:04:12 UTC 2011 - varkoly@suse.com + +- Fix the last change in %post + +------------------------------------------------------------------- +Fri Dec 2 06:44:28 UTC 2011 - varkoly@suse.com + +- bnc#728308 - warning output after update the postfix package + +------------------------------------------------------------------- +Wed Nov 9 20:05:38 UTC 2011 - varkoly@suse.com + +- update to 2.8.7 + Bugfixes: + smtpd(8) did not sanitize newline characters in cleanup(8) + REJECT messages, causing them to be sent out via SMTP as bare newline characters. + smtpd(8) sent multi-line responses from a before-queue content filter as text with + bare instead of . + Workaround: postscreen sent non-compliant SMTP responses (220- followed by 421) + when it could not give a connection to a real smtpd process, causing some + remote SMTP clients to bounce mail. + +------------------------------------------------------------------- +Thu Nov 3 15:56:23 UTC 2011 - varkoly@suse.com + +- Use the systemd macros in the spec file + +------------------------------------------------------------------- +Fri Oct 14 16:43:02 CEST 2011 - mhrusecky@suse.cz + +- only fix files that exists in %post + +------------------------------------------------------------------- +Sun Oct 9 04:30:54 UTC 2011 - crrodriguez@opensuse.org + + - Use SSL_MODE_RELEASE_BUFFERS if available, see + SSL_CTX_set_mode man page and + http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html + for the full details. + +------------------------------------------------------------------- +Tue Sep 6 14:49:47 UTC 2011 - chris@computersalat.de + +- update to 2.8.5 + * Bugfix: allow for Milters that send an SMTP server reply + without RFC 3463 enhanced status code. Reported by Vladimir + Vassiliev. File: milter/milter8.c. + +------------------------------------------------------------------- +Mon Aug 22 09:31:02 UTC 2011 - varkoly@novell.com + +- bnc#684304 - server:mail/postfix: Bugs in SuSEconfig chroot setup script +- Aplly SASL_SOCKET_DIR patch + +------------------------------------------------------------------- +Thu Aug 18 09:32:04 UTC 2011 - varkoly@novell.com + +- Move SuSEconfig.postfix into /usr/sbin/ + (FATE#311272: Do not rewrite postfix.cf via SuSEconfig) + SuSEconfig.postfix will be executed only once after installation + automaticaly. Afterwards only you can start it manually or via + yast2 mail module. + +------------------------------------------------------------------- +Fri Aug 12 16:40:40 UTC 2011 - werner@suse.de + +- Just the first strep forward to systemd, please test out + /etc/postfix/system/update_chroot + /etc/postfix/system/wait_qmgr + /etc/postfix/system/cond_slp + and + /lib/systemd/system/postfix.service + and also fill out the missing description. + +------------------------------------------------------------------- +Tue Aug 9 11:03:55 UTC 2011 - chris@computersalat.de + +- rework SuSE patch + * add missing SASL stuff in rc.postfix + +------------------------------------------------------------------- +Mon Jul 25 09:08:14 UTC 2011 - chris@computersalat.de + +- when chrooted and using SASL + o mount -o bind SASL_SOCKET_DIR into postfix CHROOT + +------------------------------------------------------------------- +Mon Jul 11 17:22:19 UTC 2011 - chris@computersalat.de + +- update to 2.8.4 + o Linux kernel version 3 support. + for more info see ChangeLog + +------------------------------------------------------------------- +Wed Jul 6 13:11:07 UTC 2011 - varkoly@novell.com + +- bnc#686436 - postfix bounces messages with improper use of 8-bit data in message body +- Apply patch + +------------------------------------------------------------------- +Fri Jul 1 12:35:59 UTC 2011 - chris@computersalat.de + +- rework master.cf patch + o fix receive_override_options line +- rework SuSE patch + o sysconfig: remove POSTFIX_WITH_POP_BEFORE_SMTP + o SuSEconfig: fix receive_override_options line + +------------------------------------------------------------------- +Thu Jun 30 20:15:40 UTC 2011 - chris@computersalat.de + +- replace vda patch + o 2.8.1 -> 2.8.3 +- fix files doc + o remove 'doc auxiliary' + instead cp to pf_docdir + +------------------------------------------------------------------- +Sat May 28 04:22:22 UTC 2011 - varkoly@novell.com + +- fix spec for building on all repos + +------------------------------------------------------------------- +Tue May 24 10:24:51 UTC 2011 - varkoly@novell.com + +- bnc#679187 - suseconfig/postfix: missing dependency + +------------------------------------------------------------------- +Tue May 17 22:31:46 UTC 2011 - chris@computersalat.de + +- fix master.cf + o fix missing + - amavis unix - - n - 4 smtp + - localhost:10025 inet n - n - - smtpd + o add master.cf patch +- rework patches + o main.cf (add two missing sasl vars) + o postfix-SuSE (SuSEconfig, cleanup those vars,...) + +------------------------------------------------------------------- +Sun May 15 14:16:03 UTC 2011 - chris@computersalat.de + +- rework TLS stuff + o reworked main.cf patch + o added postfix-SuSE patch + o added post-install patch + Editing /etc/postfix/master.cf, adding missing entry for tlsmgr service + add only if it really does not exist +- removed Author from description +- updated vda patch + o vda-2.7.1 > vda-v10-2.8.1 +- fix build for SLE_10 + o no fdupes ;) + +------------------------------------------------------------------- +Wed May 11 08:23:56 UTC 2011 - varkoly@novell.com + +- remove document paths from postfix-files to avoid error messages + when postfix-doc is not installed + +------------------------------------------------------------------- +Tue May 10 09:20:23 UTC 2011 - varkoly@novell.com + +- update to 2.8.3 - VUL-0: postfix memory corruption + +------------------------------------------------------------------- +Sun Apr 10 07:00:18 UTC 2011 - varkoly@novell.com + +- bnc#641271 - postfix-2.7.1: init script cannot properly stop + multi-instance configurations + +------------------------------------------------------------------- +Wed Mar 30 21:21:16 UTC 2011 - varkoly@novell.com + +- update to 2.8.2 + * DNSBL/DNSWL: + o Support for address patterns in DNS blacklist and whitelist lookup results. + o The Postfix SMTP server now supports DNS-based whitelisting with several safety features + * Support for read-only sqlite database access. + * Alias expansion: + o Postfix now reports a temporary delivery error when the result + of virtual alias expansion would exceed the virtual_alias_recursion_limit + or virtual_alias_expansion_limit. + o To avoid repeated delivery to mailing lists with pathological + nested alias configurations, the local(8) delivery agent now keeps + the owner-alias attribute of a parent alias, when delivering mail + to a child alias that does not have its own owner alias. + * The Postfix SMTP client no longer appends the local domain when + looking up a DNS name without ".". + * The SMTP server now supports contact information that is appended + to "reject" responses: smtpd_reject_footer + * Postfix by default no longer adds a "To: undisclosed-recipients:;" + header when no recipient specified in the message header. + * tls support: + o The Postfix SMTP server now always re-computes the SASL mechanism + list after successful completion of the STARTTLS command. + o The smtpd_starttls_timeout default value is now stress-dependent. + o Postfix no longer appends the system-supplied default CA certificates + to the lists specified with *_tls_CAfile or with *_tls_CApath. + * New feature: Prototype postscreen(8) server that runs a number + of time-consuming checks in parallel for all incoming SMTP connections, + before clients are allowed to talk to a real Postfix SMTP server. + It detects clients that start talking too soon, or clients that appear + on DNS blocklists, or clients that hang up without sending any command. + +------------------------------------------------------------------- +Thu Feb 10 11:43:28 UTC 2011 - varkoly@novell.com + +- bnc#667299 - Postfix LICENSE not marked as documentation + +------------------------------------------------------------------- +Mon Jan 17 09:56:32 UTC 2011 - chris@computersalat.de + +- add some min LDAP support for virtual LDAP-users + o sysconfig "WITH_LDAP" + o add ldap_aliases.cf + o SuSEconfig.postfix + virtual_alias_maps = ... ldap:/etc/postfix/ldap_aliases.cf + +------------------------------------------------------------------- +Tue Jan 4 12:14:06 UTC 2011 - chris@computersalat.de + +- update to 2.7.2 + * Bugfix (introduced Postfix 2.2): Postfix no longer appends + the system default CA certificates to the lists specified + with *_tls_CAfile or with *_tls_CApath. This prevents + third-party certificates from getting mail relay permission + with the permit_tls_all_clientcerts feature. Unfortunately + this may cause compatibility problems with configurations + that rely on certificate verification for other purposes. + To get the old behavior, specify "tls_append_default_CA = + yes". Files: tls/tls_certkey.c, tls/tls_misc.c, + global/mail_params.h. proto/postconf.proto, mantools/postlink. + * Compatibility with Postfix < 2.3: fix 20061207 was incomplete + (undoing the change to bounce instead of defer after + pipe-to-command delivery fails with a signal). Fix by Thomas + Arnett. File: global/pipe_command.c. + * Bugfix: the milter_header_checks parser provided only the + actions that change the message flow (reject, filter, + discard, redirect) but disabled the non-flow actions (warn, + replace, prepend, ignore, dunno, ok). File: + cleanup/cleanup_milter.c. + * Performance: fix for poor smtpd_proxy_filter TCP performance + over loopback (127.0.0.1) connections. Problem reported by + Mark Martinec. Files: smtpd/smtpd_proxy.c. + * Cleanup: don't apply reject_rhsbl_helo to non-domain forms + such as network addresses. This would cause false positives + with dbl.spamhaus.org. File: smtpd/smtpd_check.c. + * Bugfix: the "421" reply after Milter error was overruled + by Postfix 1.1 code that replied with "503" for RFC 2821 + compliance. We now make an exception for "final" replies, + as permitted by RFC. Solution by Victor Duchovni. File: + smtpd/smtpd.c. + +------------------------------------------------------------------- +Sat Dec 11 19:50:25 UTC 2010 - chris@computersalat.de + +- update vda patch + o remove 2.6.1-vda-ng.patch + o remove 2.6.1-vda-ng-64bit.patch + o add vda-2.7.1.patch +- rework main.cf.patch + o remove 2.2.9-main.cf.patch + o add 2.7.1-main.cf.patch + +------------------------------------------------------------------- +Tue Dec 7 22:02:56 UTC 2010 - coolo@novell.com + +- prereq init scripts network and syslog + +------------------------------------------------------------------- +Thu Aug 12 18:57:14 UTC 2010 - varkoly@novell.com + +- Remove obsolate postscripts +- bnc#625657 - SuSEconfig.postfix and smtp_use_tls +- bnc#622873 - postfix doesn't start if ipv6 is disabled + +------------------------------------------------------------------- +Tue Jul 6 15:04:30 UTC 2010 - chris@computersalat.de + +- reworked bnc#606251 stuff (not checked in to Factory) + o used my_print_defaults command for parsing of /etc/my.cnf + o using quotation marks: "$PF_CHROOT" + o added sysconfig option POSTFIX_MYSQL_CONN=(socket,tcp) + +------------------------------------------------------------------- +Wed Jun 16 23:39:09 UTC 2010 - chris@computersalat.de + +- bnc#606251 - postfix chrooted mysql.sock lost on mysql restart + o Now MYSQL_SOCK_DIR is mounted with '-o bind' to postfix CHROOT + +------------------------------------------------------------------- +Thu Jun 10 10:55:54 UTC 2010 - varkoly@novell.com + +- update to 2.7.1 + * Bugfix (introduced Postfix 2.6) in the XFORWARD implementation, + which sends remote SMTP client attributes through SMTP-based content filters. + The Postfix SMTP client did not skip "unknown" SMTP client attributes, + causing a syntax error when sending an "unknown" client PORT attribute. + * Robustness: skip LDAP queries with non-ASCII search strings, instead of failing with a database lookup error. + * Safety: Postfix processes now log a warning when a matchlist has + a #comment at the end of a line (for example mynetworks or relay_domains). + * Portability: OpenSSL 1.0.0 changes the priority of anonymous cyphers. + * Portability: Berkeley DB 5.x is now supported. + +------------------------------------------------------------------- +Thu May 20 17:08:26 UTC 2010 - chris@computersalat.de + +- fix obviously lost POSTFIX_MYHOSTNAME in SuSEconfig.postfix + +------------------------------------------------------------------- +Wed Apr 7 12:39:16 UTC 2010 - varkoly@novell.com + +- New file check_mail_queue. This script checks if there are some + mails in the queue and starts postfix if necessary. After delivering + the mails postfix will be stoped. + +------------------------------------------------------------------- +Thu Apr 1 10:28:09 UTC 2010 - varkoly@novell.com + +- bnc#559145 - Changed Domain name not reflected when sending mail + First /var/run/dhcp-hostname will be evaluated +- Now POSTFIX_SMTP_TLS_CLIENT is ternary : no yes must + +------------------------------------------------------------------- +Sun Feb 28 18:38:18 UTC 2010 - varkoly@novell.com +- update to 2.7.0 + * performance + - Periodic cache cleanup for the verify(8) cache database. + - Improved before-queue filter performance. + * sender reputation + - The FILTER action in access maps or header/body_checks now supports sender + reputation schemes that dynamically choose the SMTP source IP address. + * address verification + - The verify(8) service now uses a persistent cache by default. + * content filter + - The meaning of an empty filter next-hop destination has changed. + - The FILTER action in access maps or header/body_checks now supports sender + reputation schemes that dynamically choose the SMTP source IP address. + * milter + - Support for header checks on Milter-generated message headers. + Please read /usr/share/doc/packages/postfix/RELEASE_NOTES for details. +------------------------------------------------------------------- +Thu Feb 11 15:16:13 UTC 2010 - coolo@novell.com + +- revert the change to PreReq openldap-devel, this increases the + default installation several MBs + +------------------------------------------------------------------- +Tue Feb 2 15:45:26 UTC 2010 - varkoly@novell.com + +- bnc#567569 - Postfix: move ldap support to a separate package +- bnc#557239 - postfix delivers mail to user's home instead of /var/spool/mail + +------------------------------------------------------------------- +Tue Jan 5 23:28:12 UTC 2010 - chris@computersalat.de + +- rpmlint fixes + o init-script-undefined-dependency $network-remotefs +- fix for SuSEconfig.postfix + o if use_amavis eq "yes" + then content_filter "amavis:[127.0.0.1]:10024]" is defined, + so removed "-o content_filter=smtp:[127.0.0.1]:10024" for smtp +- s#ldconfig#/sbin/ldconfig# + +------------------------------------------------------------------- +Tue Dec 22 16:15:00 CEST 2009 - freespacer@gmx.de + +- Add support for dovecot as MDA to SuSEconfig. + +------------------------------------------------------------------- +Wed Dec 16 10:45:14 CET 2009 - jengelh@medozas.de + +- Package documentation as noarch + +------------------------------------------------------------------- +Tue Dec 10 13:15:15 CET 2009 - varkoly@suse.de + +- Remove postfixs update script. This does not work now. + +------------------------------------------------------------------- +Tue Dec 8 19:15:15 CET 2009 - varkoly@suse.de + +- Fix the %post section add missed %{fillup_only -an mail} + +------------------------------------------------------------------- +Mon Nov 16 17:14:39 CET 2009 - varkoly@suse.de + +- bnc#555814 – VUL-0: SMTPD_LISTEN_REMOTE="yes" by default +- bnc#555732 - Invalid $(hostname -i) usage SuSEconfig.postfix +- bnc#547928 – Postfix does not start during boot process +- Avoid append relay multiple times in POSTFIX_MAP_LIST + +------------------------------------------------------------------- +Mon Oct 26 14:36:55 CET 2009 - varkoly@suse.de + +- bnc#549612 – SuSEconfig.postfix + +------------------------------------------------------------------- +Mon Sep 28 09:22:54 CEST 2009 - varkoly@suse.de + +- bnc#540538 – postfix-2.6.1-10.1 installs new files in /etc/postfix and does not generate .db +- bnc#519438 - Postfix: Running chrooted lets qmgr loosing his syslog-socket +- remove obsolate version tests from SuSEconfig.postfix + +------------------------------------------------------------------- +Mon Sep 28 08:24:43 CEST 2009 - varkoly@suse.de + +- bnc#525825 - when using cyrus in a chroot environment Suseconfig does not + create socket /var/lib/imap/socket/lmtp + +------------------------------------------------------------------- +Mon Sep 14 11:34:41 UTC 2009 - chris@computersalat.de + +- spec + o fdupes if >= 1100 + +------------------------------------------------------------------- +Thu Sep 10 21:22:46 CEST 2009 - chris@computersalat.de + +- update to 2.6.1 + o merge home:varkoly:Factory and o:F +- spec mods + o use of getent +- rpmlint + o remove unneeded dists from examples/chroot-setup/ + o postin-without-ldconfig + o files-duplicate /usr/share/doc/packages/postfix-doc/html/ + o files-duplicate /usr/share/man/man? + +------------------------------------------------------------------- +Mon Apr 13 18:21:14 UTC 2009 - chris@computersalat.de + +- added VDA patch + o Mailbox / Maildir size limit, known also as "soft quota", + to avoid user take all you disk space + o Customizable "limit" message when the soft quota limit is reached. + NOTE: message is sent to senders, but NOT to the owner of the mailbox. + o Limit only 'INBOX', because some people use IMAP and don't want + the same limit in IMAP folder that are differents from INBOX. + o Support for 'Courier' style Maildir, usefull for people that + use courier as pop3/imap server and to get fast soft quota summary. + Note that it is also compatible with qmail maildir per default. + o Supports for Courier 'maildirsize' file in Maildir folder that + is used to read quotas quickly. Note that this option is not + actived per default and can be dangerous on some NFS client + implementation + (like for example Solaris that cache some filesystem operations). + o Customisable suffix for Maildir support, when share same external + dict between postfix and pop3/imap server sometime "Maildir/" suffix + is needed to avoid extra database handling (eg LDAP, MySQL...). +- some improvements of SuSEconfig.postfix + o POSTFIX_LISTEN: Comma separated list of IP's + o POSTFIX_INET_PROTO: ipv4, ipv6, all + o POSTFIX_MYHOSTNAME: define SMTPs FQHOSTNAME + o POSTFIX_WITH_MYSQL: when using MySQL as backend + o POSTFIX_BASIC_SPAM_PREVENTION: "custom" + you can now define your own rules + - POSTFIX_SMTPD_CLIENT_RESTRICTIONS + - POSTFIX_SMTPD_HELO_RESTRICTIONS + - POSTFIX_SMTPD_SENDER_RESTRICTIONS + - POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS +- added helo_access for helo checks +- added relay for relaying domain +- added MySQL stuff when using MySQL as backend (virtuser) + o you should consider postfixAdmin as mgmnt interface + o when runninng postfix chrooted: + you have to run SUSEconfig each time when you have restarted MySQL + because of linking mysql.sock + +------------------------------------------------------------------- +Sun Mar 29 15:18:52 CEST 2009 - varkoly@suse.de + +- bnc#439287 - not all POSTFIX_ADD_* values are properly handled + by SuSEconfig.postfix +- bnc#483208 - Postfix configuration trashed after update +- bnc#488268 - SuSEconfig.postfix chroot setup misses /etc/ssl/certs + +------------------------------------------------------------------- +Mon Jan 12 11:12:16 CET 2009 - varkoly@suse.de + +- bnc#465165 - postfix src package + +------------------------------------------------------------------- +Fri Jan 9 17:43:53 CET 2009 - varkoly@suse.de + +- bnc#464869 - SuSEconfig.postfix causes DNS lookup +- bnc#460442 - amavisd-new and Postfix need fqdn-hostname in "uname -n" + +------------------------------------------------------------------- +Mon Jan 5 13:54:11 CET 2009 - varkoly@suse.de + +- update to 2.5.6 + - The SMTP server did not ask for a client certificate + with "smtpd_tls_req_ccert = yes". Reported by Rob Foehl. + + - Avoid reduced TCP performance when reusing an SMTP connection + with a larger than 4096-byte TCP MSS value. In practice, this + could happen only with loopback (localhost) connections. + +------------------------------------------------------------------- +Sun Nov 16 12:16:03 CET 2008 - varkoly@suse.de + +- (bnc#442456) - chrooted postfix and saslauthd + +------------------------------------------------------------------- +Tue Nov 4 15:24:41 CET 2008 - ro@suse.de + +- fix build + +------------------------------------------------------------------- +Tue Nov 4 15:15:03 CET 2008 - varkoly@suse.de + +- upgrade must not be executed during installation + +------------------------------------------------------------------- +Tue Oct 14 11:16:21 CEST 2008 - varkoly@suse.de + +- (bnc#403976) - permissions on /var/lib/postfix changed +- (bnc#433916) - postfix should be splitted into postfix and postfix-doc + +------------------------------------------------------------------- +Thu Sep 11 14:34:22 CEST 2008 - varkoly@suse.de + +- (bnc#415216) - Postfix RPM Install Displays Multiple Warnings +- clean up spec file + +------------------------------------------------------------------- +Tue Sep 9 09:57:35 CEST 2008 - varkoly@suse.de + +- Update to Version 2.5 patchlevel 5 + * Bugfix (introduced Postfix 2.4): epoll file descriptor leak. + With Postfix >= 2.4 on Linux >= 2.6, Postfix has an epoll + file descriptor leak when it executes non-Postfix commands + in, for example, user-controlled $HOME/.forward files. + * Security: some systems have changed their link() semantics, + and will hardlink a symlink, contrary to POSIX and XPG4. + Sebastian Krahmer, SuSE. File: util/safe_open.c. + + The solution introduces the following incompatible change: + when the target of mail delivery is a symlink, the parent + directory of that symlink must now be writable by root only + (in addition to the already existing requirement that the + symlink itself is owned by root). This change will break + legitimate configurations that deliver mail to a symbolic + link in a directory with less restrictive permissions. + * Bugfix: dangling pointer in vstring_sprintf_prepend(). + File: util/vstring.c. + +------------------------------------------------------------------- +Mon Aug 25 18:45:03 CEST 2008 - mt@suse.de + +- init script: copy LSB *-Start tags to *-Stop +- spec file: removed obsolete rc.config update hooks + +------------------------------------------------------------------- +Wed Aug 6 13:33:01 CEST 2008 - varkoly@suse.de + +- (bnc#414959) postfix doesn't have any "Name: " tag in firewall definition +- (bnc#405900) SuSEconfig.postfix changes owner and permissions of + /tmp if smtpd_tls_CApath is not set + +- Update to Version 2.5 patchlevel 3 + * Cleanup of code + * defer delivery when a mailbox file is not owned by the recipient. + Requested by Sebastian Krahmer, SuSE. + Specify "strict_mailbox_ownership=no" to ignore ownership discrepancies. + * Bugfix: null-terminate CN comment string after sanitization. + * Bugfix (introduced Postfix 2.0): after "warn_if_reject + reject_unlisted_recipient/sender", the SMTP server mistakenly + remembered that recipient/sender validation was already done. + +------------------------------------------------------------------- +Wed Jul 9 15:07:46 CEST 2008 - varkoly@suse.de + +- (fate#305005) Enable SMTPS in postfix ootb + +------------------------------------------------------------------- +Tue Jun 17 12:27:10 CEST 2008 - varkoly@suse.de + +- (bnc#396985) sending of NUL character disallowed by RFC2822 +- (bnc#397127) without relay is silent about undeliverable mails + +------------------------------------------------------------------- +Tue May 13 18:17:09 CEST 2008 - varkoly@suse.de + +- (bnc#389670) - postfix generates invalid config + +------------------------------------------------------------------- +Tue Apr 1 16:17:31 CEST 2008 - mkoenig@suse.de + +- remove dir /usr/share/omc/svcinfo.d as it is provided now + by filesystem + +------------------------------------------------------------------- +Tue Feb 26 09:59:43 CET 2008 - varkoly@suse.de + +- Update to Version 2.5 patchlevel 1 + Changes: The Postfix 2.5 "postfix upgrade-configuration" command + now works even with Postfix 2.4 or earlier versions of the + postfix command. When installing Postfix 2.5.0 without upgrading + from an existing master.cf file, the new master.cf file had an + incorrect process limit for the proxywrite service. This service + is used only by the obscure "smtp_sasl_auth_cache_name" and + "lmtp_sasl_auth_cache_name" configuration parameters. Someone + needed multi-line support for header/body Milter replies. The + LDAP client's TLS support was broken in several ways. + +------------------------------------------------------------------- +Wed Feb 13 14:58:52 CET 2008 - varkoly@suse.de + +- #360572 - postfix %post script leaves lots of backup files in /etc/postfix/ + +------------------------------------------------------------------- +Wed Jan 30 12:20:53 CET 2008 - varkoly@suse.de + +- Update to Version 2.5 patchlevel 0 + + Major changes - critical + ------------------------ + + [Incompat 20071224] The protocol to send Milter information from + smtpd(8) to cleanup(8) processes was cleaned up. If you use the + Milter feature, and upgrade a live Postfix system, you may see an + "unexpected record type" warning from a cleanup(8) server process. + To prevent this, execute the command "postfix reload". The + incompatibility affects only systems that use the Milter feature. + It does not cause loss of mail, just a minor delay until the remote + SMTP client retries. + + [Incompat 20071212] The allow_min_user feature now applies to both + sender and recipient addresses in SMTP commands. With earlier Postfix + versions, only recipients were subject to the allow_min_user feature, + and the restriction took effect at mail delivery time, causing mail + to be bounced later instead of being rejected immediately. + + [Incompat 20071206] The "make install" and "make upgrade" procedures + now create a Postfix-owned directory for Postfix-writable data files + such as caches and random numbers. The location is specified with + the "data_directory" parameter (default: "/var/lib/postfix"), and + the ownership is specified with the "mail_owner" parameter. + + [Incompat 20071206] The tlsmgr(8) and verify(8) servers no longer + use root privileges when opening the address_verify_map, + *_tls_session_cache_database, and tls_random_exchange_name cache + files. This avoids a potential security loophole where the ownership + of a file (or directory) does not match the trust level of the + content of that file (or directory). + + [Incompat 20071206] The tlsmgr(8) and verify(8) cache files should + now be stored as Postfix-owned files under the Postfix-owned + data_directory. As a migration aid, attempts to open these files + under a non-Postfix directory are redirected to the Postfix-owned + data_directory, and a warning is logged. + + This is an example of the warning messages: + + Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: request + to update file /etc/postfix/prng_exch in non-postfix directory + /etc/postfix + + Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: redirecting + the request to postfix-owned data_directory /var/lib/postfix + + If you wish to continue using a pre-existing tls_random_exchange_name + or address_verify_map file, move it to the Postfix-owned data_directory + and change ownership from root to Postfix (that is, change ownership + to the account specified with the mail_owner configuration parameter). + + [Feature 20071205] The "make install" and "make upgrade" procedures + now create a Postfix-owned directory for Postfix-writable data files + such as caches and random numbers. The location is specified with + the "data_directory" parameter (default: "/var/lib/postfix"), and + the ownership is specified with the "mail_owner" parameter. + + [Incompat 20071203] The "make upgrade" procedure adds a new service + "proxywrite" to the master.cf file, for read/write lookup table + access. If you copy your old configuration file over the updated + one, you may see warnings in the maillog file like this: + + connect #xx to subsystem private/proxywrite: No such file or directory + + To recover, run "postfix upgrade-configuration" again. + + [Incompat 20070613] The pipe(8) delivery agent no longer allows + delivery with the same group ID as the main.cf postdrop group. + + Major changes - malware defense + ------------------------------- + + [Feature 20080107] New "pass" service type in master.cf. Written + years ago, this allows future front-end daemons to accept all + connections from the network, and to hand over connections from + well-behaved clients to Postfix. Since this feature uses file + descriptor passing, it imposes no overhead once a connection is + handed over to Postfix. See master(5) for a few details. + + [Feature 20070911] Stress-adaptive behavior. When a "public" network + service runs into an "all processes are busy" condition, the master(8) + daemon logs a warning, restarts the service, and runs it with "-o + stress=yes" on the command line (under normal conditions it runs + the service with "-o stress=" on the command line). This can be + used to make main.cf parameter settings stress dependent, for + example: + + /etc/postfix/main.cf: + smtpd_timeout = ${stress?10}${stress:300} + smtpd_hard_error_limit = ${stress?1}${stress:20} + + Translation: under conditions of stress, use an smtpd_timeout value + of 10 seconds instead of 300, and use smtpd_hard_error_limit of 1 + instead of 20. The syntax is explained in the postconf(5) manpage. + + The STRESS_README file gives examples of how to mitigate flooding + problems. + + Major changes - tls support + --------------------------- + + [Incompat 20080109] TLS logging output has changed to make it more + useful. Existing logfile parser regular expressions may need + adjustment. + + - More log entries include the "hostnamename[ipaddress]" of the + remote SMTP peer. + + - Certificate trust chain error reports show only the first + error certificate (closest to the trust chain root), and the + reporting is more human-readable for the most likely errors. + + - After the completion of the TLS handshake, the session is logged + with TLS loglevel >= 1 as either "Untrusted", "Trusted" or + "Verified" (SMTP client only). + - "Untrusted" means that the certificate trust chain is invalid, + or that the root CA is not trusted. + - "Trusted" means that the certificate trust chain is valid, and + that the root CA is trusted. + - "Verified" means that the certificate meets the SMTP client's + matching criteria for the destination: + - In the case of a destination name match, "Verified" also + implies "Trusted". + - In the case of a fingerprint match, CA trust is not applicable. + + - The logging of protocol states with TLS loglevel >= 2 no longer + reports bogus error conditions when OpenSSL asks Postfix to refill + (or flush) network I/O buffers. This loglevel is for debugging + only; use 0 or 1 in production configurations. + + [Feature 20080109] The Postfix SMTP client has a new "fingerprint" + security level. This avoids dependencies on CAs, and relies entirely + on bi-lateral exchange of public keys (really self-signed or private + CA signed X.509 public key certificates). Scalability is clearly + limited. For details, see the fingerprint discussion in TLS_README. + + [Feature 20080109] The Postfix SMTP server can now use SHA1 instead + of MD5 to compute remote SMTP client certificate fingerprints. For + backwards compatibility, the default algorithm is MD5. For details, + see the "smtpd_tls_fingerprint_digest" parameter in the postconf(5) + manual. + + [Feature 20080109] The maximum certificate trust chain depth + (verifydepth) is finally implemented in the Postfix TLS library. + Previously, the parameter had no effect. The default depth was + changed to 9 (the OpenSSL default) for backwards compatibility. + + If you have explicity limited the verification depth in main.cf, + check that the configured limit meets your needs. See the + "lmtp_tls_scert_verifydepth", "smtp_tls_scert_verifydepth" and + "smtpd_tls_ccert_verifydepth" parameters in the postconf(5) manual. + + [Feature 20080109] The selection of SSL/TLS protocols for mandatory + TLS can now use exclusion rather than inclusion. Either form is + acceptable; see the "lmtp_tls_mandatory_protocols", + "smtp_tls_mandatory_protocols" and "smtpd_tls_mandatory_protocols" + parameters in the postconf(5) manual. + + Major changes - scheduler + ------------------------- + + [Feature 20071130] Revised queue manager with separate mechanisms + for per-destination concurrency control and for dead destination + detection. The concurrency control supports less-than-1 feedback + to allow for more gradual concurrency adjustments, and uses hysteresis + to avoid rapid oscillations. A destination is declared "dead" after + a configurable number of pseudo-cohorts(*) reports connection or + handshake failure. + + (*) A pseudo-cohort is a number of delivery requests equal to a + destination's delivery concurrency. + + The drawbacks of the old +/-1 feedback scheduler are a) overshoot + due to exponential delivery concurrency growth with each pseudo-cohort(*) + (5-10-20...); b) throttling down to zero concurrency after a single + pseudo-cohort(*) failure. The latter was especially an issue with + low-concurrency channels where a single failure could be sufficient + to mark a destination as "dead", and suspend further deliveries. + + New configuration parameters: destination_concurrency_feedback_debug, + default_destination_concurrency_positive_feedback, + default_destination_concurrency_negative_feedback, + default_destination_concurrency_failed_cohort_limit, as well as + transport-specific versions of the same. + + The default parameter settings are backwards compatible with older + Postfix versions. This may change after better defaults are field + tested. + + The updated SCHEDULER_README document describes the theory behind + the new concurrency scheduler, as well as Patrik Rak's preemptive + job scheduler. See postconf(5) for more extensive descriptions of + the configuration parameters. + + Major changes - small/home office + --------------------------------- + + [Feature 20080115] Preliminary SOHO_README document that combines + bits and pieces from other document in one place, so that it is + easier to find. This document describes the "mail sending" side + only. + + [Feature 20071202] Output rate control in the queue manager. For + example, specify "smtp_destination_rate_delay = 5m", to pause five + minutes between message deliveries. More information in the postconf(5) + manual under "default_destination_rate_delay". + + Major changes - smtp client + --------------------------- + + [Incompat 20080114] The Postfix SMTP client now by default defers + mail after a remote SMTP server rejects a SASL authentication + attempt. Specify "smtp_sasl_auth_soft_bounce = no" for the old + behavior. + + [Feature 20080114] The Postfix SMTP client can now avoid making + repeated SASL login failures with the same server, username and + password. To enable this safety feature, specify for example + "smtp_sasl_auth_cache_name = proxy:btree:/var/lib/postfix/sasl_auth_cache" + (access through the proxy service is required). Instead of trying + to SASL authenticate, the Postfix SMTP client defers or bounces + mail as controlled with the new smtp_sasl_auth_soft_bounce configuration + parameter. + + [Feature 20071111] Header/body checks are now available in the SMTP + client, after the implementation was moved from the cleanup server + to a library module. The SMTP client provides only actions that + don't change the message delivery time or destination: warn, replace, + prepend, ignore, dunno, ok. + + [Incompat 20070614] By default, the Postfix Cyrus SASL client no + longer sends a SASL authoriZation ID (authzid); it sends only the + SASL authentiCation ID (authcid) plus the authcid's password. Specify + "send_cyrus_sasl_authzid = yes" to get the old behavior. + + Major changes - smtp server + --------------------------- + + [Feature 20070724] Not really major. New support for RFC 3848 + (Received: headers with ESMTPS, ESMTPA, or ESMTPSA); updated SASL + support according to RFC 4954, resulting in small changes to SMTP + reply codes and (DSN) enhanced status codes. + + Major changes - milter + ---------------------- + + [Incompat 20071224] The protocol to send Milter information from + smtpd(8) to cleanup(8) processes was cleaned up. If you use the + Milter feature, and upgrade a live Postfix system, you may see an + "unexpected record type" warning from a cleanup(8) server process. + To prevent this, execute the command "postfix reload". The + incompatibility affects only systems that use the Milter feature. + It does not cause loss of mail, just a minor delay until the remote + SMTP client retries. + + [Feature 20071221] Support for most of the Sendmail 8.14 Milter + protocol features. + + To enable the new features specify "milter_protocol = 6" and link + the filter application with a libmilter library from Sendmail 8.14 + or later. + + Sendmail 8.14 Milter features supported at this time: + + - NR_CONN, NR_HELO, NR_MAIL, NR_RCPT, NR_DATA, NR_UNKN, NR_HDR, + NR_EOH, NR_BODY: The filter can tell Postfix that it won't reply + to some of the SMTP events that Postfix sends. This makes the + protocol less chatty and improves performance. + + - SKIP: The filter can tell Postfix to skip sending the rest of + the message body, which also improves performance. + + - HDR_LEADSPC: The filter can request that Postfix does not delete + the first space character between header name and header value + when sending a header to the filter, and that Postfix does not + insert a space character between header name and header value + when receiving a header from the filter. This fixes a limitation + in the old Milter protocol that can break DKIM and DK signatures. + + - SETSYMLIST: The filter can override one or more of the main.cf + milter_xxx_macros parameter settings. + + Sendmail 8.14 Milter features not supported at this time: + + - RCPT_REJ: report rejected recipients to the mail filter. + + - CHGFROM: replace sender, with optional ESMTP command parameters. + + - ADDRCPT_PAR: add recipient, with optional ESMTP command parameters. + + It is unclear when (if ever) the missing features will be implemented. + SMFIP_RCPT_REJ requires invasive changes in the SMTP server recipient + processing and error handling. SMFIR_CHGFROM and SMFIR_ADDRCPT_PAR + require ESMTP command-line parsing in the cleanup server. Unfortunately, + Sendmail's documentation does not specify what ESMTP options are + supported, but only discusses examples of things that don't work. + + Major changes - address verification + ------------------------------------ + + [Incompat 20070514] The default sender address for address verification + probes was changed from "postmaster" to "double-bounce", so that + the Postfix SMTP server no longer causes surprising behavior by + excluding "postmaster" from SMTP server access controls. + + Major changes - ldap + -------------------- + + [Incompat 20071216] Due to an incompatible API change between + OpenLDAP 2.0.11 and 2.0.12, an LDAP client compiled for OpenLDAP + version <= 2.0.11 will refuse to work with an OpenLDAP library + version >= 2.0.12 and vice versa. + + Major changes - logging + ----------------------- + + [Incompat 20080109] TLS logging output has changed to make it more + useful. Existing logfile parser regular expressions may need + adjustment. + + - More log entries include the "hostnamename[ipaddress]" of the + remote SMTP peer. + + - Certificate trust chain error reports show only the first + error certificate (closest to the trust chain root), and the + reporting is more human-readable for the most likely errors. + + - After the completion of the TLS handshake, the session is logged + with TLS loglevel >= 1 as either "Untrusted", "Trusted" or + "Verified" (SMTP client only). + - "Untrusted" means that the certificate trust chain is invalid, + or that the root CA is not trusted. + - "Trusted" means that the certificate trust chain is valid, and + that the root CA is trusted. + - "Verified" means that the certificate meets the SMTP client's + matching criteria for the destination: + - In the case of a destination name match, "Verified" also + implies "Trusted". + - In the case of a fingerprint match, CA trust is not applicable. + + - The logging of protocol states with TLS loglevel >= 2 no longer + reports bogus error conditions when OpenSSL asks Postfix to refill + (or flush) network I/O buffers. This loglevel is for debugging + only; use 0 or 1 in production configurations. + + [Incompat 20071216] The SMTP "transcript of session" email now + includes the remote SMTP server TCP port number. + + Major changes - loop detection + ------------------------------ + + [Incompat 20070422] [Incompat 20070422] When the pipe(8) delivery + agent is configured to create the optional Delivered-To: header, + it now first checks if that same header is already present in the + message. If so, the message is returned as undeliverable. This test + should have been included with Postfix 2.0 when Delivered-To: support + was added to the pipe(8) delivery agent. + +------------------------------------------------------------------- +Tue Jan 8 10:00:12 CET 2008 - varkoly@suse.de + +- Remove previous fix + +------------------------------------------------------------------- +Sun Dec 30 19:58:02 CET 2007 - varkoly@suse.de + +- #301335 - [SuSEconfig]: Postfix module uses stderr + +------------------------------------------------------------------- +Tue Dec 4 09:02:19 CET 2007 - varkoly@suse.de + +- Update to Version 2.4 patchlevel 6 + Bugfix (introduced Postfix 2.2.11): TLS client certificate + with unparsable canonical name caused the SMTP server's + policy client to allocate zero-length memory, triggering + an assertion that it shouldn't do such things. File: + smtpd/smtpd_check.c. + + Bugfix (introduced Postfix 2.4) missing initialization of + event mask in the event_mask_drain() routine (used by the + obsolete postkick(1) command). Found by Coverity. File: + util/events.c. + + Workaround: the flush daemon forces an access time update + for the per-destination logfile, to prevent an excessive + rate of delivery attempts when the queue file system is + mounted with "noatime". File: flush/flush.c. + +- #330276 – /sbin/conf.d/SuSEconfig.postfix could copy certs into smtpd_tls_CApath + +------------------------------------------------------------------- +Mon Oct 22 17:38:19 CEST 2007 - sbrabec@suse.cz + +- Use correct SuSEfirewall2 rule directory. + +------------------------------------------------------------------- +Wed Oct 17 11:52:01 CEST 2007 - varkoly@suse.de + +- #333629 - saslauthd typo in SuSEconfig.postfix + +------------------------------------------------------------------- +Mon Oct 8 12:37:39 CEST 2007 - varkoly@suse.de + +- #331044 - Postfix uses receive_override_options in main.cf + +------------------------------------------------------------------- +Sun Sep 9 17:42:27 CEST 2007 - varkoly@suse.de + +- fix the last fix + +------------------------------------------------------------------- +Tue Sep 4 00:38:58 CEST 2007 - cthiel@suse.de + +- fix the last fix + +------------------------------------------------------------------- +Mon Sep 3 12:37:43 CEST 2007 - varkoly@suse.de + +- Fixing bug: #297622 - SMTPD_LISTEN_REMOTE has no effect + +------------------------------------------------------------------- +Mon Aug 6 00:26:31 CEST 2007 - mrueckert@suse.de + +- Update to Version 2.4 patchlevel 5 + Bugfix: the loopback TCP performance workaround was ineffective + due to a wetware bit-flip during code cleanup. File: + util/vstream_tweak.c. + + (patch level 4) + Bugfix: the Milter client assumed that a Milter application + does not modify the message header or envelope, after that + same Milter application has modified the message body of + that same email message. This is not a problem with updates + by different Milter applications. Problem was triggered + by Jose-Marcio Martins da Cruz. Also simplified the handling + of queue file update errors. File: milter/milter8.c. + + Workaround: some non-Cyrus SASL SMTP servers require SASL + login without authzid (authoriZation ID), i.e. the client + must send only the authcid (authentiCation ID) + the authcid's + password. In this case the server is supposed to derive + the authzid from the authcid. This works as expected when + authenticating to a Cyrus SASL SMTP server. To get the old + behavior specify "send_cyrus_sasl_authzid = yes", in which + case Postfix sends the (authzid, authcid, password), with + the authzid equal to the authcid. File: xsasl/xsasl_cyrus_client.c. + + Portability: /dev/poll support for Solaris chroot jail setup + scripts. Files: examples/chroot-setup/Solaris8, + examples/chroot-setup/Solaris10. + + Cleanup: Milter client error handling, so that the (Postfix + SMTP server's Milter client) does not get out of sync with + Milter applications after the (cleanup server's Milter + client) encounters some non-recoverable problem. Files: + milter/milter8.c, smtpd/smtpd.c. + + Performance: workaround for poor TCP performance on loopback + (127.0.0.1) connections. Problem reported by Mark Martinec. + Files: util/vstream_tweak.c, milter/milter8.c, smtp/smtp_connect.c, + smtpstone/*source.c. + + Bugfix: when a milter replied with ACCEPT at or before the + first RCPT command, the cleanup server would apply the + non_smtpd_milters setting as if the message was a local + submission. Problem reported by Jukka Salmi. Also, the + cleanup server would get out of sync with the milter when + a milter replied with ACCEPT at the DATA command. Files: + cleanup/cleanup_envelope.c, smtpd/smtpd.c, milter/milters.c. +- rediffed patches + +------------------------------------------------------------------- +Tue Jul 31 18:21:11 CEST 2007 - varkoly@suse.de + +- Update to Version 2.4 patchlevel 3 + (patch level 1) + Bugfix (introduced Postfix 2.3): segfault with HOLD action + in access/header_checks/body_checks on 64-bit platforms. + File: cleanup/cleanup_api.c. + + Portability (introduced 20070325): the fix for hardlinks + and symlinks in postfix-install forgot to work around shells + where "IFS=/ command" makes the IFS setting permanent. This + is allowed by some broken standard, and affects Solaris. + File: postfix-install. + + Portability (introduced 20070212): the workaround for + non-existent library bugs with descriptors >= FD_SETSIZE + broke with "fcntl F_DUPFD: Invalid argument" on 64-bit + Solaris. Files: master/multi_server.c, *qmgr/qmgr_transport.c. + + Cleanup: on (Linux) platforms that cripple signal handlers + with deadlock, "postfix stop" now forcefully stops all the + processes in the master's process group, not just the master + process alone. File: conf/postfix-script. + + (patch level 2) + Bugfix: don't falsely report "lost connection from + localhost[127.0.0.1]" when Postfix is being portscanned. + Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c. + + Robustness: recommend a "0" process limit for policy servers + to avoid "connection refused" problems when the smtpd process + limit exceeds the default process limit. File: + proto/SMTPD_POLICY_README.html. + + Safety: when IPv6 (or IPv4) is turned off, don't treat an + IPv6 (or IPv4) connection from e.g. inetd as if it comes + from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c, + qmqpd/qmqpd_peer.c. + + Bugfix: Content-Transfer-Encoding: attribute values are + case insensitive. File: src/cleanup/cleanup_message.c. + + Bugfix: mailbox_transport(_maps) and fallback_transport(_maps) + were broken when used with the error(8) or discard(8) + transports. Cause: insufficient documentation. Files: + error/error.c, discard/discard.c. + + Bugfix (problem introduced Postfix 2.3): when DSN support + was introduced it broke "agressive" recipient duplicate + elimination with "enable_original_recipient = no". File: + cleanup/cleanup_out_recipient.c. + + Bugfix (introduced Postfix 2.3): the sendmail/postdrop + commands would hang when trying to submit a message larger + than the per-message size limit. File: postdrop/postdrop.c. + + Sabotage the saboteur who insists on breaking Postfix by + adding gethostbyname() calls that cause maildir delivery + to fail when the machine name is not found in /etc/hosts, + or that cause Postfix processes to hang when the network + is down. + + (patch level 3) + Portability: Victor helpfully pointed out that change + 20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c, + qmqpd/qmqpd_peer.c. + +------------------------------------------------------------------- +Thu Jun 21 08:30:45 CEST 2007 - varkoly@suse.de + +- Bug 285553 amavisd inconsistency + +------------------------------------------------------------------- +Tue Jun 19 18:55:43 CEST 2007 - dmueller@suse.de + +- provide smtp meta-service as well + +------------------------------------------------------------------- +Mon Jun 11 21:32:53 CEST 2007 - lrupp@suse.de + +- don't PreRequire /sbin/ip: removed call in SuSEconfig.postfix + +------------------------------------------------------------------- +Thu May 3 12:09:13 CEST 2007 - varkoly@suse.de + +- dynamic_maps.patch: readded the chunk for dict_tcp and dict_pcre +- replaced prereq for postfix with a prereq on + %{name} = %{version} +- updated to postfix 2.4, patchlevel 0 + Major changes - safety + * As a safety measure, Postfix now by default creates mailbox dotlock + files on all systems. This prevents problems with GNU POP3D which + subverts kernel locking by creating a new mailbox file and deleting + the old one + + Major changes - Milter support + * The support for Milter header modification + requests was revised. With minimal change in the on-disk representation, + the code was greatly simplified, and regression tests were updated + to ensure that old errors were not re-introduced. The queue file + format is entirely backwards compatible with Postfix 2.3. + + * Support for Milter requests to replace the message + body. Postfix now implements all the header/body modification + requests that are available with Sendmail 8.13. + + * A new field is added to the queue file "size" + record that specifies the message content length. Postfix 2.3 and + older Postfix 2.4 snapshots will ignore this field, and will report + the message size as it was before the body was replaced. + + Major changes - TLS support + * The check_smtpd_policy client sends TLS certificate + attributes (client ccert_subject, ccert_issuer) only after successful + client certificate verification. The reason is that the certification + verification status itself is not available in the policy request. + + * The check_smtpd_policy client sends TLS certificate + fingerprint information even when the certificate itself was not + verified. + + * The remote SMTP client TLS certificate fingerprint + can be used for access control even when the certificate itself was + not verified. + + * The format of SMTP server TLS session cache + lookup keys has changed. The lookup key now includes the master.cf + service name. + + Major changes - performance + * Better support for systems that run thousands + of Postfix processes. Postfix now supports FreeBSD kqueue(2), + Solaris poll(7d) and Linux epoll(4) as more scalable alternatives + to the traditional select(2) system call, and uses poll(2) when + examining a single file descriptor for readability or writability. + These features are supported on sufficiently recent versions of + FreeBSD, NetBSD, OpenBSD, Solaris and Linux; support for other + systems will be added as evidence becomes available that usable + implementations exist. + + Major changes - delivery status notifications + * Small changes were made to the default bounce + message templates, to prevent HTML-aware software from hiding or + removing the text "", and producing misleading text. + + * Postfix no longer announces its name in delivery + status notifications. Users believe that Wietse provides a free + help desk service that solves all their email problems. + + Major changes - ETRN support + * More precise queue flushing with the ETRN, + "postqueue -s site", and "sendmail -qRsite" commands, after + minimization of race conditions. New per-queue-file flushing with + "postqueue -i queueid" and "sendmail -qIqueueid". + + Major changes - small office/home office support + * Postfix no longer requires a domain name. It + uses "localdomain" as the default Internet domain name when no + domain is specified via main.cf or via the machine's hostname. + + Major changes - SMTP access control + * The check_smtpd_policy client sends TLS certificate + attributes (client ccert_subject, ccert_issuer) only after successful + client certificate verification. The reason is that the certification + verification status itself is not available in the policy request. + + * The check_smtpd_policy client sends TLS certificate + fingerprint information even when the certificate itself was not + verified. + + * The remote SMTP client TLS certificate fingerprint can be used for + access control even when the certificate itself was not verified. + + * The Postfix installation procedure no longer + updates main.cf with "unknown_local_recipient_reject_code = 450". + Four years after the introduction of mandatory recipient validation, + this transitional tool is no longer neeed. + +------------------------------------------------------------------- +Thu Mar 29 14:33:03 CEST 2007 - rguenther@suse.de + +- Add pwdutils BuildRequires to allow postinst script to succeed. +- Add /usr/share/omc directory. + +------------------------------------------------------------------- +Mon Feb 26 10:32:36 CET 2007 - varkoly@suse.de + +- #247351 - postfix - Ports for SuSEfirewall added via packages + +- Move postfix.xml into the postfix-SuSE tarball + +- #228479 - Postfix is configured for inet_protocols=all if + selecting ipv4 only support during installation. + Now we set both inet_protocols and inet_interfaces to all. + This means the available interfaces and protocols will be used. + To avoid bogus warnings inet_proto.c was patched. + +- #251598 - postfix use pointers for literals + +------------------------------------------------------------------- +Mon Jan 15 13:14:07 CET 2007 - varkoly@suse.de + +- #144104 - postfix does not start + +- Implementing Fate #301840: Postfix XML Service Description Document + +- Enhancing /etc/sysconfig/postfix descripton to avoid problems + like Bug 228678 - Problems with setting up chroot environment if + /var/spool is not on same filesystem as /var + +------------------------------------------------------------------- +Wed Nov 22 03:03:18 CET 2006 - mrueckert@suse.de + +- moved the dict handling into a preun script instead of postun + and do not remove the dict entry on upgrade (#223176) +- removed duplicates in the filelists. + +------------------------------------------------------------------- +Fri Nov 10 11:43:00 CET 2006 - varkoly@suse.de + +- #218229 - Postfix SuSEconfig script increases the max_proc line each run in master.cf + +------------------------------------------------------------------- +Sat Oct 28 11:41:50 CEST 2006 - varkoly@suse.de + +- #206414 - /usr/lib/sasl2/smtpd.conf misplaced + +------------------------------------------------------------------- +Tue Oct 24 22:32:45 CEST 2006 - varkoly@suse.de + +- #202119 – SuSEconfig script for Postfix incomplete +- #202162 – Postfix 2.3.2 slightly incorrect, Cyrus SASL unavailable +- #203174 – /sbin/conf.d/SuSEconfig.postfix should configure a TLS session cache for postfix 2.2 +- #203575 – postfix-2.2.9-10 chokes without scache +- #213589 - No development package/headers for postfix + +------------------------------------------------------------------- +Wed Aug 16 01:24:20 CEST 2006 - ro@suse.de + +- also add libpostfix-milter.so* + +------------------------------------------------------------------- +Mon Aug 14 12:34:37 CEST 2006 - varkoly@suse.de + +- updated to postfix 2.3, patchlevel 2 +- Major changes + - Name server replies that contain a malformed hostname are now flagged + as permanent errors instead of transient errors. + - DSN support as described in RFC 3461 .. RFC 3464. + - The SMTP client now implements the LMTP protocol. + - Milter (mail filter) application support, compatible with Sendmail + version 8.13.6 and earlier. +- Major changes - SASL authentication + - Plug-in support for SASL authentication in the SMTP server and in the + SMTP/LMTP client. + - The Postfix-with-Cyrus-SASL build procedure has changed. + - Support for sender-dependent ISP accounts. +- Major changes - SMTP client + - The SMTP client now implements the LMTP protocol. + - This version addresses a performance stability problem with remote + SMTP servers. +- Major changes - SMTP server + - The Postfix SMTP server now refuses to receive mail from the network + if it isn't running with postfix mail_owner privileges. + - Optional suppression of remote SMTP client hostname lookup and hostname + verification. + - SMTPD Access control based on the existence of an address->name mapping +- Major changes - TLS + - New concept: TLS security levels ("none", "may", "encrypt", "verify" + or "secure") in the Postfix SMTP client. + - Both the Postfix SMTP client and server can be configured without a + client or server certificate. +- See + /usr/share/doc/packages/postfix/RELEASE_NOTES + /usr/share/doc/packages/postfix/TLS_CHANGES + /usr/share/doc/packages/postfix/README_FILES/SASL_README + for detailed informations. + +------------------------------------------------------------------- +Wed Aug 2 16:18:30 CEST 2006 - varkoly@suse.de + +- Only %{conf_backup_dir} is contained by the package not /var/adm/backup + +------------------------------------------------------------------- +Mon Jul 10 16:21:31 CEST 2006 - varkoly@suse.de + +- Bugfix: #190639 Default number of processes for postfix +- Bugfix: #190270 postfix-postgresql + +------------------------------------------------------------------- +Fri Jun 2 19:58:38 CEST 2006 - varkoly@suse.de + +- Bugfix: #98188 - SuSE.tar.gz filename collision in cyrus/postfix SRPMs + +------------------------------------------------------------------- +Mon Apr 24 17:14:40 CEST 2006 - varkoly@suse.de + +- Bugfix: #165786 - yast2-mail modul uses obsolate postfix attributes + +------------------------------------------------------------------- +Mon Mar 20 10:21:55 CET 2006 - varkoly@suse.de + +- updated to postfix 2.2, patchlevel 9. +- Reasons: + Bugfix: the LMTP client would reuse a session after negative + reply to the RSET command (which may happen when client and + server somehow get out of sync). + Bugfix: race condition in the connection caching protocol, + causing the SMTP delivery agent to hang after delivering + mail, while trying to save a connection. + Bugfix: the best_mx_transport, mailbox_transport and + fallback_transport features did not write a per-recipient + defer logfile record when the target delivery agent was + broken. + Bugfix: an EHLO I/O error after STARTTLS would be reported + as a STARTTLS I/O error. + Bugfix: the *SQL, proxy and LDAP maps were not defined in + user-land commands such as postqueue. + Bugfix: the anvil server would terminate after "max_idle" + seconds, even when this was less than the anvil_rate_time_unit + interval. + Portability: 64-bit support for LINUX chroot script by Keith + Owens. + Safety: new "smtp_cname_overrides_servername" parameter. + + Bugfix: mailbox_command_maps was not subject to $name + expansion. + Bugfix: don't ignore the per-site policy when SSL library + initialization fails. + Bugfix: a TLS per-site MUST_NOPEERMATCH policy could not + override a stronger main.cf policy, while a per-site NONE + policy could. + Bugfix: a combined TLS per-site (host, recipient) policy + of (NONE, MAY) changed a global MUST policy into NONE, and + a global MUST_NOPEERMATCH into MAY. The result is now NONE. + Problem found by exhaustive simulation. + Bugfix: an empty remote_header_rewrite_domain value caused + trivial-rewrite to dereference a null pointer, but only in + regression tests, not in production. Postfix rewrites + addresses in the remote rewriting context only when the + remote_header_rewrite_domain parameter value is non-empty. + Workaround: a malformed domain name lookup result (such as + null MX record) is now treated as a hard error, so that + Postfix will no longer repeatedly try to deliver mail until + the message expires in the queue. However, this will not + reject mail with reject_unknown_sender/recipient_domain. + That would require too much change for a stable release. + +------------------------------------------------------------------- +Fri Jan 27 02:19:42 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Tue Jan 24 09:11:46 CET 2006 - varkoly@suse.de + +- Fixing the spec-file +- Bugfix: ID#143682 - Spurious (obsoleted?) configuration variable in postfix's main.cf + +------------------------------------------------------------------- +Mon Jan 23 13:00:13 CET 2006 - varkoly@suse.de + +- Bugfix: ID#140173 postfix allows relaying on the whole subnet +- Bugfix: ID#144091 postfix doesn't start with the latest kernel + +------------------------------------------------------------------- +Fri Jan 20 11:56:24 CET 2006 - varkoly@suse.de + +- Bugfix: ID#144091 +- Postfix makes an entry in slp servre for smtp & smtps + +------------------------------------------------------------------- +Mon Jan 16 14:49:29 CET 2006 - varkoly@suse.de + +- removing openldap from "neededforbuild" + +------------------------------------------------------------------- +Wed Nov 30 11:11:16 CET 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 6 + +------------------------------------------------------------------- +Tue Oct 11 15:03:56 CEST 2005 - choeger@suse.de + +- added patch ldap_api_changes.patch: openldap2.3 enforces to use + "The C LDAP Application Program Interface" + +------------------------------------------------------------------- +Mon Aug 15 13:55:32 CEST 2005 - choeger@suse.de + +- Bugfix Bugzilla ID#104663 - consistent use of variables in postfix + init-script +- Bugfix Bugzilla ID#104568 - SuSEconfig.postfix doesnt set $PATH properly to + find all binaries. + +------------------------------------------------------------------- +Fri Aug 12 10:25:09 CEST 2005 - mmj@suse.de + +- Package the /usr/lib/sendmail -> /usr/sbin/sendmail link [#102947] + +------------------------------------------------------------------- +Tue Jul 26 11:05:29 CEST 2005 - choeger@suse.de + +- Bugfix Bugzilla ID#93884 - package postfix uses -fsigned-char + Remove -fsigned-char option for ppc and s390 archs + +------------------------------------------------------------------- +Mon Jul 25 11:52:18 CEST 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 5: + - Portability: the connection caching code broke on LP64 + systems (inherited from Stevens Network Programming). + Files: util/unix_send_fd.c, util/unix_recv_fd.c. This code + is back-ported from the Postfix 2.3 snapshot release. + - Robustness: the SMTP client now disables connection caching + when it is unable to communicate with the scache(8) server, + instead of looping forever and not delivering mail. File: + global/scache_clnt.c. This code is back-ported from the + Postfix 2.3 snapshot release. + - Portability: after sending a socket, the scache(8) server + now waits for an ACK from the connection cache client before + closing the socket that it just sent. Files: scache/scache.c, + global/scache_clnt.c. This code is back-ported from the + Postfix 2.3 snapshot release. + - Portability: on LP64 systems, integer expressions are int, + but sizeof() and pointer difference expressions are larger. + Point fixes for a few discrepancies with variadic functions + that expect int (the permanent fix is to change the receiving + modules, but that results in too much change, and is not + allowed in the stable release). Files: tls/tls_scache.c, + util/clean_env.c, util/vstring.h, smtpstone/qmqp-source.c. + +------------------------------------------------------------------- +Mon Jul 18 15:49:16 CEST 2005 - choeger@suse.de + +- force to set strict_8bitmime to "no" when POSTFIX_MDA != cyrus, + because once it is set to "yes", nobody sets it back. +- only install /etc/pam.d/smtp if suse_version > 920 +- use Prereq instead of Requires for mysql and postgresql subpackages + +------------------------------------------------------------------- +Wed Jul 13 16:59:14 CEST 2005 - choeger@suse.de + +- added /etc/pam.d/smtp configuration file + +------------------------------------------------------------------- +Thu Jul 7 16:44:05 CEST 2005 - choeger@suse.de + +- Fixed build on x86_64: use -fPIC for libraries and -fPIE for the + rest + +------------------------------------------------------------------- +Tue Jul 5 17:57:48 CEST 2005 - choeger@suse.de + +- applied dynamic maps patch of LaMont Jones at debian +- Fix to SuSEconfig.postfix: only touch tlsmgr line in master.cf, + if it is the new one using unix socket instead of fifo + +------------------------------------------------------------------- +Thu Jun 30 17:52:10 CEST 2005 - uli@suse.de + +- build with -fPIE (not -fpie) to avoid GOT overflow on s390x + +------------------------------------------------------------------- +Thu Jun 23 10:22:18 CEST 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 4 + +------------------------------------------------------------------- +Fri Jun 17 17:06:39 CEST 2005 - choeger@suse.de + +- fixed build using -pie/-fpie (hopefully) + +------------------------------------------------------------------- +Fri Jun 17 11:04:03 CEST 2005 - choeger@suse.de + +- Build using -pie + +------------------------------------------------------------------- +Fri May 13 18:24:50 CEST 2005 - choeger@suse.de + +- set strict_8bitmime parameter to yes when using cyrus mailbox + delivery + +------------------------------------------------------------------- +Wed May 4 15:54:33 CEST 2005 - choeger@suse.de + +- Bugfix ID#66325 - postfix: permissions + also ship a postfix.paranoid file with the package with all suid and sgid + bits disabled + +------------------------------------------------------------------- +Tue May 3 16:29:04 CEST 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 3 +- Bugfix ID#75717 - postfix init scripts reports success allthough postfix is + not running: + use checkproc again instead of "master -t", as "master -t" seems to be broken + +------------------------------------------------------------------- +Thu Apr 21 17:42:04 CEST 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 2 +- Bugfix ID#74712, problems with read-only mounting of $chroot/proc: + don't mount /var/spool/postfix/proc ro as that results in /proc also mounted + ro. +- Bugfix ID#74709, postfix configuration and USE_IPV6 in + sysconfig/network/config + +------------------------------------------------------------------- +Tue Mar 15 17:46:44 CET 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 1 + Postfix 2.2.1 solves four portability problems that surfaced in + the week since the 2.2.0 release, one harmless bug in the TLS + session cache cleaning code, and cleans up minor documentation + problems. + +------------------------------------------------------------------- +Thu Mar 10 10:18:45 CET 2005 - choeger@suse.de + +- 2.2.0 is out + +------------------------------------------------------------------- +Mon Mar 7 14:15:08 CET 2005 - choeger@suse.de + +- update to RC2 + +------------------------------------------------------------------- +Wed Mar 2 15:01:33 CET 2005 - choeger@suse.de + +- make it compile with gcc4 + +------------------------------------------------------------------- +Mon Feb 28 18:03:36 CET 2005 - choeger@suse.de + +- RC1 of 2.2 is out + +------------------------------------------------------------------- +Fri Feb 18 16:34:07 CET 2005 - choeger@suse.de + +- use "usr/sbin/postfix upgrade-configuration" now instead of + "etc/postfix/post-install upgrade-package" + +------------------------------------------------------------------- +Thu Feb 17 19:28:22 CET 2005 - choeger@suse.de + +- removed some @ chars (don't know how they slipped in) + +------------------------------------------------------------------- +Thu Feb 17 13:42:18 CET 2005 - choeger@suse.de + +- update to current pre 2.2 snapshot (2.2-20050216) + 2.2 release could happen next week + +------------------------------------------------------------------- +Thu Feb 10 09:08:18 CET 2005 - choeger@suse.de + +- added patch needed for the Kolab project (this patch is part of the upcoming + postfix 2-2 release), see + http://wiki.kolab.org/index.php/Kolab-major-app-patches + +------------------------------------------------------------------- +Thu Feb 3 10:00:38 CET 2005 - choeger@suse.de + +- s/X-UnitedLinux-Should-Start/Should-Start/ + +------------------------------------------------------------------- +Wed Feb 2 16:44:34 CET 2005 - choeger@suse.de + +- added long_header.patch + long lines piped into postfix sendmail can lead to errors. + +------------------------------------------------------------------- +Wed Feb 2 08:52:19 CET 2005 - choeger@suse.de + +- Bugfix ID#49307: faster postfix startup: don't use hashed directories if + possible: + - added patch empty_hash_queue_names.patch to be able to modify + hash_queue_names parameter. + - added check to %post to change hash_queue_names in case of + /var/spool/postfix residing on a reiserfs partition when doing + a fresh installation +- Bugfix ID#50386 - postfix must prereq /sbin/ip (iproute2) + +------------------------------------------------------------------- +Fri Jan 28 16:29:05 CET 2005 - choeger@suse.de + +- updated tls+ipv6 patchkit to v1.26 + - Bugfix: Incomplete error checking in getaddrinfo() could cause lmtpd to + crash with debug_peer_list defined. Carsten Hoeger, SuSE. File: + util/match_ops.c + - Linux workaround: When mynetworks isn't set, a chrooted process could not + read the IPv6 address information from /proc. We now invoke own_inet_addr() + before chrooting, while processing main.cf. [backported from 2.2-nonprod + snapshot] File: global/mail_params.c + - Safety: when IPv6 netmask can't be determined, mynetworks is not set and + mynetworks_style = subnet, assume /128 (host only). Until now, Tru64Unix + assumed /64 (good for real subnets, but not safe for tunnel ranges etc.). + File: util/inet_addr_local.c + +------------------------------------------------------------------- +Sat Jan 15 20:48:48 CET 2005 - schwab@suse.de + +- Use : in permissions file. + +------------------------------------------------------------------- +Thu Jan 13 16:16:41 CET 2005 - choeger@suse.de + +- Two fixes to ipv6-patch related bugs: + - Bugfix Bugzilla ID#49435 - VUL-0: Postfix, permit_mx_backup, IPv6, chroot + --> Open Relay! + - Bugfix Bugzilla ID#49695 - SEGV while lmtp delivery +- mount /proc into chroot jail to be able to access /proc/net/if_inet6 + +------------------------------------------------------------------- +Wed Nov 24 14:46:16 CET 2004 - schwab@suse.de + +- Put options first in find command line. + +------------------------------------------------------------------- +Tue Nov 9 09:20:27 CET 2004 - choeger@suse.de + +- setting LC_ALL=POSIX in SuSEconfig.postfix + +------------------------------------------------------------------- +Wed Sep 29 18:14:13 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#46462, postfix should switch biff off + +------------------------------------------------------------------- +Tue Sep 21 12:48:02 CEST 2004 - choeger@suse.de + +- updated to postfix 2.1, patchlevel 5 + (several small bugfixes) +- updated tls+ipv6 patchkit (there have been some small bugs) +- use v4 address 127.0.0.1 as amavisd-new local contact address + as amavisd is not listening on any v6 address + +------------------------------------------------------------------- +Mon Sep 20 09:51:25 CEST 2004 - choeger@suse.de + +- also chmod the .db file resulting of a postmap (related to + bugfix ID#39045 + +------------------------------------------------------------------- +Thu Sep 16 13:57:32 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#39045 - tls_per_site table updates in SuSEconfig.postfix + introduced POSTFIX_MAP_LIST in /etc/sysconfig/postfix where additional + maps maintained by SuSEconfig.postfix can be added + +------------------------------------------------------------------- +Thu Sep 16 10:34:58 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#45252 - rpm calls SuSEconfig.permissions which calls rpm + -> 3 minute timeout + Also don't call rpm from SuSEconfig.postfix +- Speedup: set timestamp of $TMPDIR/main.cf into the past to workaround + postconf safety which is not neccessary, because we do not touch the main.cf, + the postfix daemons are using. + +------------------------------------------------------------------- +Mon Sep 13 11:57:15 CEST 2004 - choeger@suse.de + +- added $time to Required-Start in init-script + +------------------------------------------------------------------- +Thu Aug 26 14:15:31 CEST 2004 - choeger@suse.de + +- do not filter locally delivered mail when USE_AMAVIS=yes + (don't set content_filter=vscan in main.cf) +- removed obsolete vscan service definition from master.cf + +------------------------------------------------------------------- +Fri Aug 20 12:47:52 CEST 2004 - choeger@suse.de + +- use "$MASTER_BIN -t" to check whether postfix is already running + in start section of init-script. That's more reliable then checkproc. + +------------------------------------------------------------------- +Wed Jul 14 17:48:29 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#42995 - SuSEconfig.postfix should ignore + .swp and other files in /etc/aliases.d + +------------------------------------------------------------------- +Tue Jul 13 16:22:02 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#42281, openssl ca segfaults: + added missing [ policy_anything ] configuration + options to openssl.cnf + +------------------------------------------------------------------- +Mon Jul 12 14:58:58 CEST 2004 - choeger@suse.de + +- updated to postfix 2.1, patchlevel 4 +- updated tls+ipv6 patchkit to v1.25 +- new feature POSTFIX_REGISTER_SLP in /etc/sysconfig/postfix + to be able to totally disable slptool from being started + +------------------------------------------------------------------- +Tue May 25 12:42:45 CEST 2004 - choeger@suse.de + +- updated tls+ipv6 patchkit to v1.24: + - Bugfix: Prefixlen non-null host portion validation (in CIDR maps for + example) yielded incorrect results sometimes because signed arithmetic was + used instad of unsigned. + - Patch correction: The TLS+IPv6 patch for Postfix 2.1.0 missed the master.cf + update (used for new installattions). Added it back. +- as tls and ipv6 patches have not been completely ported to postfix 2.1 + new documentation system, especially the new postconf(5) manpage is + missing the complete ipv6 and tls related configuration parameters, + readded the sample-* files from ipv6+tls to %doc/samples + +------------------------------------------------------------------- +Tue May 4 11:24:20 CEST 2004 - choeger@suse.de + +- update to postfix 2.1, patchlevel 1: + - Patch 01 fixes a signal 11 problem in the check_policy_service + feature when SASL support is compiled in but turned off in the + SMTP server (smtpd_sasl_auth_enable = no). + +------------------------------------------------------------------- +Wed Apr 28 10:46:55 CEST 2004 - choeger@suse.de + +- added now officially released tls patchkit 0.8.18-2.1.0-0.9.7d to + the source package for the user to be able to build a non-ipv6 + postfix package + +------------------------------------------------------------------- +Mon Apr 26 17:46:01 CEST 2004 - choeger@suse.de + +- official tls+ipv6 v1.23 patchkit released: + - Patch fixes: Several code fixes to make the patch compile and work + correctly when compiled without IPv6 support. + - Bugfix (Solaris only?): address family length was not updated + which could cause client hostname validation errors. File: + smtpd/smtpd_peer.c + - Portability: added support for Darwin 7.3+. This may need some + further testing. + - Cleanup: Restructure and redocument interface address retrieval + functions. (This reduced the number of preprocessor statements + from 99 to 93 ;) File: util/inet_addr_local.c + - Cleanup: make several explicit casts to have compilers shut their + pie holes about uninteresting things. + +------------------------------------------------------------------- +Fri Apr 23 11:22:35 CEST 2004 - choeger@suse.de + +- update to final postfix v2.1 + +------------------------------------------------------------------- +Wed Apr 21 17:35:26 CEST 2004 - choeger@suse.de + +- Bugfix: changed {main,master}.cf backup path in specfile, but not in + SuSEconfig script + +------------------------------------------------------------------- +Wed Apr 21 11:55:43 CEST 2004 - choeger@suse.de + +- update to postfix 2.1 RC5 + +------------------------------------------------------------------- +Mon Apr 19 14:23:19 CEST 2004 - choeger@suse.de + +- update to current postfix 2.1 release candidate (RC4) + +------------------------------------------------------------------- +Wed Apr 7 13:09:09 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#38569, exit SuSEconfig.postfix if + mktemp fails + +------------------------------------------------------------------- +Tue Mar 30 11:13:38 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#37409 + the saslauthd socket is not copied to chroot jail due to + a wrong test in SuSEconfig.postfix (used -L instead of -S) + +------------------------------------------------------------------- +Mon Mar 29 20:03:16 CEST 2004 - choeger@suse.de + +- only add ::1 to inet_interfaces when SMTPD_LISTEN_REMOTE=no + AND ipv6 is enabled + +------------------------------------------------------------------- +Mon Mar 29 11:03:56 CEST 2004 - choeger@suse.de + +- Bugfix Bug ID#37293, SuSEConfig complains POSTFIX_ADD_* parameters are + unknown (in turkish locale settings) + added LC_CTYPE=POSIX to SuSEconfig.postfix + +------------------------------------------------------------------- +Thu Mar 25 10:54:26 CET 2004 - choeger@suse.de + +- updated to tls+ipv6 version 1.22 (related to Bugzilla ID#35884) + - Feature: Support "inet_interfaces = IPv4:all" and "inet_interfaces = + IPv6:all", to restrict postfix to use either IPv4-only or IPv6-only. A more + complete implementation will be part of a future patch. (Slightly modified) + patch by Michal Ludvig, SuSE. Files: util/interfaces_to_af.[ch], + util/inet_addr_local.c, global/own_inet_addr.c, + global/wildcard_inet_addr.[ch], master/master_ent.ch + - Bugfix: In Postfix snapshots, a #define was misplaced with the effect that + IPv6 subnets were not included in auto- generated $mynetworks (i.e., + mynetworks not defined in main.cf, when also mynetworks_style=subnet) on + Linux 2.x systems. File: utils/sys_defs.h +- now adding ::1 to inet_interfaces when SMTPD_LISTEN_REMOTE=no + (related to Bugzilla ID#35884) +- enabled ipv6 again + +------------------------------------------------------------------- +Thu Mar 18 12:37:44 CET 2004 - choeger@suse.de + +- updated to most recent snapshot version 2.0.19-20040312: + Patch 19 fixes two low-priority problems: + + - When mail is submitted at a high rate with the Postfix sendmail + command, the pickup daemon is keps busy long enough that it it + terminated by the watchdog timer (a feature that prevents Postfix + from locking up permanently). + + - Malformed addresses in SMTP commands could result in table looks + with zero-length search strings, causing trouble with NIS lookups. + +------------------------------------------------------------------- +Wed Mar 17 16:51:00 CET 2004 - choeger@suse.de + +- disable IPv6 patch as it introduces problems for people + who do not use IPv6, see Bugzilla ID#35884, + "ipv6 mynetworks don't work" + +------------------------------------------------------------------- +Mon Mar 8 15:58:35 CET 2004 - choeger@suse.de + +- be a nice packager and strictly follow + http://www.porcupine.org/postfix-mirror/newdoc/PACKAGE_README.html + (added setgid_group=... to post-install upgrade-package) + +------------------------------------------------------------------- +Fri Feb 27 11:37:56 CET 2004 - choeger@suse.de + +- update to most recent version 2.0.18-20040209 + +------------------------------------------------------------------- +Mon Feb 23 15:25:20 CET 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#34817, SuSEconfig.postfix doesn't specify direct path to + "postconf" and generates errors if run via sudo by a non-root user. + +------------------------------------------------------------------- +Fri Feb 6 13:15:49 CET 2004 - choeger@suse.de + +- update to postfix 2.0.18-20040205 +- enabled tls+ipv6 patch as it is now available for latest + pre 2.1 snapshot + +------------------------------------------------------------------- +Mon Feb 2 13:22:54 CET 2004 - choeger@suse.de + +- finally, the official TLS patchkit of Lutz hit the ground + +------------------------------------------------------------------- +Mon Feb 2 11:02:16 CET 2004 - choeger@suse.de + +- additional fix for the TLS extensions patch + should also fix Bugzilla ID#34218 + +------------------------------------------------------------------- +Fri Jan 23 12:15:00 CET 2004 - choeger@suse.de + +- fixed the smtp segfault + +------------------------------------------------------------------- +Thu Jan 22 21:37:51 CET 2004 - choeger@suse.de + +- updated to postfix 2.0.18-20040122 +- added new feature for specfile usetls to en/dis-able TLS + support +- temporary removed TLS support (self adapted patch to most recent + postfix snapshot version) as it currently results in smtp segfaulting + +------------------------------------------------------------------- +Thu Jan 22 13:53:44 CET 2004 - choeger@suse.de + +- update to recent postfix snapshot version 2.0.17-20040120 + which will become the next official release 2.1 around + next week according to Wietse Venema. +- added possibility to compile using the combined IPV6/TLS patch + which can be downloaded from http://www.ipnet6.org/postfix/ + just set useipv6 to 1 at the top of the specfile. + +------------------------------------------------------------------- +Thu Jan 22 01:45:58 CET 2004 - ro@suse.de + +- remove call to ldap_enable_cache + (function has been removed from openldap and was already + obsolete before (warning was issued back then)) + +------------------------------------------------------------------- +Wed Jan 14 16:38:06 CET 2004 - choeger@suse.de + +- added openslp register/derigister calls to postfix init-script + +------------------------------------------------------------------- +Mon Jan 12 15:50:35 CET 2004 - choeger@suse.de + +- add postfix user to group mail in case of POSTFIX_MDA==cyrus + to let postfix lmtp access /var/lib/imap/socket/lmtp + +------------------------------------------------------------------- +Thu Jan 8 16:00:30 CET 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#33421, SMTP-Auth and relaying + added permit_sasl_authenticated also to smtpd_recipient_restrictions + in SuSEconfig.postfix + +------------------------------------------------------------------- +Mon Dec 1 14:51:06 CET 2003 - choeger@suse.de + +- always create temp files and always remove them later on + +------------------------------------------------------------------- +Mon Nov 17 12:51:09 CET 2003 - choeger@suse.de + +- some .spec improvements + +------------------------------------------------------------------- +Thu Oct 30 12:13:51 CET 2003 - mmj@suse.de + +- Run SuSEconfig after install + +------------------------------------------------------------------- +Wed Oct 29 20:23:44 CET 2003 - mmj@suse.de + +- Don't build as root +- Be nice and clean up after ourselves + +------------------------------------------------------------------- +Tue Oct 14 15:47:52 CEST 2003 - choeger@suse.de + +- update to postfix v2.0.16 +- update to tls extensions v0.8.16 +- Fix for Bugzilla ID#32114, fixed some if condition syntaxes + +------------------------------------------------------------------- +Tue Sep 16 10:29:25 CEST 2003 - choeger@suse.de + +- fixed example for POSTFIX_RELAYHOST, Bug ID#30756 + +------------------------------------------------------------------- +Mon Sep 8 09:49:49 CEST 2003 - choeger@suse.de + +- updated some sysconfig descriptions +- removed relays.osirosoft.com from the examples, Bug ID#30215 + +------------------------------------------------------------------- +Thu Sep 4 15:40:25 CEST 2003 - kukuk@suse.de + +- Fix next useradd call + +------------------------------------------------------------------- +Wed Sep 3 11:31:54 CEST 2003 - choeger@suse.de + +- conf/postfix-files as input for /etc/permissions.d/postfix (Bug ID#29915) +- generate better amavisd-new master.cf line: + limit maxproc to 2 and use brackets around localhost + (Bug ID#29917) + +------------------------------------------------------------------- +Mon Sep 1 13:08:33 CEST 2003 - choeger@suse.de + +- use conf/postfix-files as input for directories and permissions + for files/directories in/below $queue_directory and $command_directory +- use /var/lib/imap/socket/lmtp as lmtp socket in SuSEconfig.postfix + and change access modes of /var/lib/imap and /var/lib/imap/socket + to let postfix lmtp access the unix socket + +------------------------------------------------------------------- +Fri Aug 29 11:43:53 CEST 2003 - kukuk@suse.de + +- Create postfix user as system account [Bug #29611] + +------------------------------------------------------------------- +Fri Aug 29 08:48:52 CEST 2003 - kukuk@suse.de + +- Adjust sendmail permissions +- Create /var/spool/postfix/public with permissions postfix is + using + +------------------------------------------------------------------- +Fri Aug 29 00:27:03 CEST 2003 - mmj@suse.de + +- Add sendmail to /etc/sysconfig/mail + +------------------------------------------------------------------- +Thu Aug 14 18:41:19 CEST 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 14 +- Bugfix Bugzilla ID#28921: + missing activation metadata in sysconfig template + +------------------------------------------------------------------- +Wed Jul 30 11:48:21 CEST 2003 - choeger@suse.de + +- new macros for stop/restart of services on rpm update/removal + +------------------------------------------------------------------- +Mon Jul 21 13:33:53 CEST 2003 - choeger@suse.de + +- chown user:group instead of user.group + +------------------------------------------------------------------- +Fri Jul 11 11:23:05 CEST 2003 - choeger@suse.de + +- update to tls extensions 0.8.15-2.0.13-0.9.7b + +------------------------------------------------------------------- +Tue Jul 1 15:44:05 CEST 2003 - choeger@suse.de + +- updated SuSEconfig to use amavisd-new instead of amavis[d]-postfix + +------------------------------------------------------------------- +Mon Jun 30 17:43:20 CEST 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 13 +- After "postfix reload", the master daemon now warns when the + inet_interfaces parameter setting has changed, and ignores the + change, instead of passing incorrect information to the smtp + server. +- After the postdrop command change with Postfix 2.0.11, the postcat + command no longer recognized "maildrop" queue files as valid. +- Mail could bounce when two messages were delivered simultaneously + to a non-existent mailbox file. The safe_open() code that prevents + race condition exploits will now try a little harder when it + actually encounters a race condition. +- update to tls extensions 0.8.14-2.0.12-0.9.7b + +------------------------------------------------------------------- +Thu Jun 12 13:27:48 CEST 2003 - choeger@suse.de + +- also change path to smtpd.conf in sysconfig template parameter + description dependent on what %{_lib} is set to. + +------------------------------------------------------------------- +Thu Jun 12 09:51:33 CEST 2003 - choeger@suse.de + +- update to postfix 2.0, patchlevel 12 + +------------------------------------------------------------------- +Wed Jun 11 17:55:21 CEST 2003 - choeger@suse.de + +- mkdir -p $RPM_BUILD_ROOT/%{_libdir}/sasl2 instead of + $RPM_BUILD_ROOT/usr/lib/sasl2 + and we also can build on 64bit archs + +------------------------------------------------------------------- +Wed Jun 11 14:25:29 CEST 2003 - choeger@suse.de + +- package /usr/lib/sasl2/smtpd.conf using %{_libdir}/sasl2/smtpd.conf +- added /etc/postfix to filelist + +------------------------------------------------------------------- +Wed Jun 11 09:11:11 CEST 2003 - choeger@suse.de + +- update to postfix 2.0, patchlevel 11 +- update to tls extensions 0.8.13-2.0.10-0.9.7b + +------------------------------------------------------------------- +Fri May 23 14:33:01 CEST 2003 - choeger@suse.de + +- updated SuSE/master.cf toplevel comments + +------------------------------------------------------------------- +Fri May 23 14:19:43 CEST 2003 - choeger@suse.de + +- update to postfix 2.0, patchlevel 10 + +------------------------------------------------------------------- +Mon May 19 12:42:36 CEST 2003 - choeger@suse.de + +- remove installed (but unpackaged) file /etc/postfix/aliases + +------------------------------------------------------------------- +Mon May 19 10:12:52 CEST 2003 - choeger@suse.de + +- path to ca, certificate and key is relative to $POSTFIX_SSL_PATH, + added $POSTFIX_SSL_PATH/ to the relevant parts of SuSEconfig.postfix + +------------------------------------------------------------------- +Wed May 14 11:29:48 CEST 2003 - choeger@suse.de + +- correctly handle new POSTFIX_SMTP_TLS_CLIENT parameter in + SuSEconfig.postfix (activate/deactivate master.cf entries) + +------------------------------------------------------------------- +Wed May 14 11:05:36 CEST 2003 - choeger@suse.de + +- added libxcrypt to chroot jail, Bugzilla ID#25766 + +------------------------------------------------------------------- +Tue May 13 20:40:00 CEST 2003 - choeger@suse.de + +- added TLS_CLIENT support, Bugzilla ID#26647 + +------------------------------------------------------------------- +Wed Apr 23 13:43:02 CEST 2003 - choeger@suse.de + +- update to postfix 2.0, patchlevel 9 + +------------------------------------------------------------------- +Tue Apr 15 10:27:13 CEST 2003 - ro@suse.de + +- fixed neededforbuild + +------------------------------------------------------------------- +Mon Apr 7 12:58:01 CEST 2003 - choeger@suse.de + +- update to postfix 2.0, patchlevel 7 +- update to tls extensions 0.8.13-2.0.6-0.9.7a +- Bugfix Bugzilla ID#25905, do not restrict mailbox size per default + +------------------------------------------------------------------- +Sat Mar 8 15:56:26 CET 2003 - choeger@suse.de + +- use checkproc to check if there really is a postfix master + process running when there's a pid file lying around. + (Bugzilla ID#24910) + +------------------------------------------------------------------- +Thu Mar 6 11:02:12 CET 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 06 +- Postfix now truncates non-address information in message address + headers (comments, etc.) to 250 characters per address. This should + rarely present a problem. Reportedly, junk mail from poorly written + software can trigger the protection, but that is no great loss. +- Some little fixes to documentation. + +------------------------------------------------------------------- +Tue Mar 4 10:29:31 CET 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 05 +- The SMTP server's hard and soft error limits were off by one. + With "smtpd_hard_error_limit = 1", Postfix will now disconnect + after the first error, instead of the second one. +- The proxymap server could deadlock when the mydestination parameter + setting included a proxymapped lookup table. +- Some little fixes to documentation. + +------------------------------------------------------------------- +Sat Mar 1 16:41:10 CET 2003 - choeger@suse.de + +- when updating postfix, check whether post-install changed + main/master.cf and update md5sums to not confuse SuSEconfig +- when installing postfix on a fresh system, create md5sums + in %post to be able to let check_md5_and_move() detect + changes that a user might have done without running SuSEconfig + before. + +------------------------------------------------------------------- +Thu Feb 27 19:01:32 CET 2003 - choeger@suse.de + +- no longer remove md5sums of main.cf and master.cf during + postinstall, as SuSEconfig then no longer knows, whether + main.cf/master.cf had been modified by the user. + Disadvantage: as postfix permanently needs basic changes + to both main and master.cf, SuSEconfig.postfix will frequently + generate .SuSEconfig files although the user did not change anything + Bugzilla ID#24432 + +------------------------------------------------------------------- +Fri Feb 21 10:04:48 CET 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 04 + - The format of maildir filenames is synchronized with the present + version of the maildir definition document. This format was already + adopted by the 20030126 snapshot release. + - The time limit on delivery to external commands was not enforced. + This was broken probably some time before the first public Postfix + release. + - Duplicate elimination after virtual alias expansion works again. + This was broken with the introduction of the original recipient + attribute. + - The local pickup daemon dropped incomplete records from local + submissions. This was broken somewhere in the middle of 2002. + +------------------------------------------------------------------- +Sat Feb 15 14:59:54 CET 2003 - choeger@suse.de + +- Bugfix Bugzilla ID#23675: new service proxymap will not be + appended during update + +------------------------------------------------------------------- +Mon Feb 10 16:25:39 CET 2003 - choeger@suse.de + +- also check whether amavisd-postfix is installed and set up + filter section in master.cf + +------------------------------------------------------------------- +Thu Jan 30 11:43:03 CET 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 03 + - Postfix 2.0 broke relocated table lookup results with mail not + rejected at the SMTP port, causing "User has moved to" text to be + deleted. + - A widely used maildir filename generating algorithm was broken. + This affects all Postfix versions with maildir support. Instead of + TIME.PID_COUNT.HOST Postfix now uses TIME.DEVICE_INODE.HOST. + - Postfix 2.0 gave incorrect FILTER_README instructions for sites + that wish to disable virtual alias mapping before the content + filter. +- postfix-lib64.patch code now integrated in postfix + +------------------------------------------------------------------- +Fri Jan 24 11:52:17 CET 2003 - choeger@suse.de + +- changed SuSEconfig.postfix and smtpd.conf to use sasl2 + +------------------------------------------------------------------- +Thu Jan 23 13:07:17 CET 2003 - choeger@suse.de + +- forgot to add tlsmgr to master.cf + +------------------------------------------------------------------- +Thu Jan 23 11:43:24 CET 2003 - choeger@suse.de + +- Hmmm, just noticed, that suddenly 2.0.0.x became 2.0.x + must have missed something... +- updated SuSE/master.cf (new proxymap service) + +------------------------------------------------------------------- +Thu Jan 16 10:21:27 CET 2003 - choeger@suse.de + +- added POSTFIX_ADD_MESSAGE_SIZE_LIMIT as example to sysconfig.postfix + (Bugzilla ID#22907) + +------------------------------------------------------------------- +Tue Jan 14 12:51:56 CET 2003 - choeger@suse.de + +- build using sasl2 + +------------------------------------------------------------------- +Fri Jan 10 13:24:43 CET 2003 - choeger@suse.de + +- update to postfix v2 (version 2.0.0.2) + +------------------------------------------------------------------- +Wed Dec 11 11:44:51 CET 2002 - choeger@suse.de + +- added sysconfig metadata to sysconfig templates +- updated to new tls extensions + +------------------------------------------------------------------- +Fri Nov 29 13:16:42 CET 2002 - choeger@suse.de + +- Bugfix Bugzilla ID#21865: don't copy directories into + directories when updating chroot jail in cpifnewer() +- Update to version 1.11, pl12 + +------------------------------------------------------------------- +Tue Nov 19 14:29:36 CET 2002 - choeger@suse.de + +- new SuSEconfig.postfix features: + . SMTP-AUTH server + . SMTP-AUTH client + . TLS Server + +------------------------------------------------------------------- +Tue Nov 5 15:08:43 CET 2002 - choeger@suse.de + +- quote args of tr command + +------------------------------------------------------------------- +Mon Nov 4 13:52:51 CET 2002 - choeger@suse.de + +- new feature: POSTFIX_ADD_* command in sysconfig/postfix to + be able to add any regular postfix command via SuSEconfig +- Bugfix Bugzilla ID#21120 added POSTFIX_ADD_MAILBOX_SIZE_LIMIT + as example with value 0 (unlimited) +- added a header to main.cf explaining that many postfix + parameters have been added to the end of main.cf + +------------------------------------------------------------------- +Tue Oct 15 11:27:46 CEST 2002 - choeger@suse.de + +- Bugfix for Bugzilla ID#20754 + missed some parameters when restoring main.cf or master.cf + from scratch + +------------------------------------------------------------------- +Wed Oct 9 20:34:03 CEST 2002 - choeger@suse.de + +- NULLCLIENT did not work because SuSEconfig searches for the wrong + keyword + +------------------------------------------------------------------- +Mon Oct 7 17:47:56 CEST 2002 - choeger@suse.de + +- Bugfix related to Bugzilla IDs 20506, 18298, 19294: + masquerade_classes should not be extended by envelope_recipient + +------------------------------------------------------------------- +Fri Sep 6 17:04:57 CEST 2002 - choeger@suse.de + +- added ypbind to X-UnitedLinux-Should-Start in init-script + +------------------------------------------------------------------- +Wed Aug 28 11:37:38 CEST 2002 - choeger@suse.de + +- added restoration mechanism to restore master.cf and/or main.cf + if they got deleted by (intention or) accident to SuSEconfig.postfix +- added ldap to X-UnitedLinux-Should-Start + +------------------------------------------------------------------- +Mon Aug 26 11:11:26 CEST 2002 - choeger@suse.de + +- Bugfix Bugzilla ID#18298: when setting FROM_HEADER, also unqualified + envelope recipients should be qualified to FROM_HEADER, not to + myorigin, added envelope_recipient to masquerade_classes +- Bugfix Bugzilla ID#18297: %post touches main.cf and master.cf so it + may happen, that an update leaves .SuSEconfig files. + Remove /var/adm/SuSEconfig/md5/etc/postfix/main.cf and master.cf + in %post +- Bugfix Bugzilla ID#18301: sendmail and postfix have different + opinions on the usage of NULLCLIENT. Moved NULLCLIENT to + sysconfig.postfix.POSTFIX_NULLCLIENT +- added exim to Conflicts + +------------------------------------------------------------------- +Thu Aug 22 09:47:51 CEST 2002 - choeger@suse.de + +- wait for qmgr in the background for a maximum of 60 seconds + +------------------------------------------------------------------- +Wed Aug 21 17:07:39 CEST 2002 - choeger@suse.de + +- Bugfix for init-script: + wait for qmgr to be ready before calling postfix flush + +------------------------------------------------------------------- +Wed Aug 14 15:59:04 CEST 2002 - choeger@suse.de + +- added accidently removed line in master.cf for amavis, + Bugzilla ID#17732 + +------------------------------------------------------------------- +Tue Aug 13 10:08:47 CEST 2002 - choeger@suse.de + +- exclude .rpmsave and .rpmorig from /etc/aliases.d expansion + +------------------------------------------------------------------- +Wed Aug 7 11:55:55 CEST 2002 - choeger@suse.de + +- added netcfg to Prereq (/etc/aliases) + +------------------------------------------------------------------- +Tue Aug 6 11:28:56 CEST 2002 - choeger@suse.de + +- added pcre openldap2-client to prereq (Bugzilla ID#17447) + +------------------------------------------------------------------- +Mon Aug 5 16:38:49 CEST 2002 - choeger@suse.de + +- completed Prereq + +------------------------------------------------------------------- +Fri Jul 19 16:49:57 CEST 2002 - choeger@suse.de + +- Bugfix for the handling of POSTFIX_MASQUERADE_DOMAIN + and FROM_HEADER +- removed main.cf from SuSE.tar.gz +- added X-UnitedLinux-Should-Start: cyrus to init-script + +------------------------------------------------------------------- +Thu Jul 18 13:57:44 CEST 2002 - choeger@suse.de + +- set local as default MDA again + reason: postfix does not execute any external programs like procmail + with uid 0, so root mails will go to /var/mail/nobody, which + will confuse people +- remove setting of SUSE_RELEASE version in the (E)SMTP banner + +------------------------------------------------------------------- +Fri Jul 12 11:08:03 CEST 2002 - choeger@suse.de + +- removed /etc/aliases from filelist, it's now in netcfg + +------------------------------------------------------------------- +Thu Jul 11 14:16:25 CEST 2002 - choeger@suse.de + +- removed 'q' flag from vscan transport definition, because + current amavis versions have a rfc2821_mailbox_addr function +- remove old aliases.db files in %post +- do not use unset in %post + +------------------------------------------------------------------- +Mon Jul 8 15:14:00 CEST 2002 - choeger@suse.de + +- make procmail the default MDA + +------------------------------------------------------------------- +Fri Jul 5 17:11:03 CEST 2002 - choeger@suse.de + +- use %{_lib} macro to detect platforms with lib64 + directories + +------------------------------------------------------------------- +Fri Jul 5 16:34:38 CEST 2002 - choeger@suse.de + +- make chroot jail function lib64 aware + +------------------------------------------------------------------- +Thu Jul 4 13:53:40 CEST 2002 - uli@suse.de + +- fixed libnsl detection on lib64 systems + +------------------------------------------------------------------- +Thu Jul 4 10:34:26 CEST 2002 - choeger@suse.de + +- ldap_url_search_st is no longer available in OpenLDAP v2.1 + added a patch, that uses ldap_url_parse +- added new feature POSTFIX_MDA, Bugzilla ID#16720 + +------------------------------------------------------------------- +Fri Jun 7 13:34:09 CEST 2002 - choeger@suse.de + +- changed POSTFIX_BASIC_SPAM_PREVENTION. It can now be set to + either off(default), medium or hard +- cleaned up SuSEconfig.postfix +- prepared for /etc/aliases.d + +------------------------------------------------------------------- +Wed Jun 5 18:09:16 CEST 2002 - choeger@suse.de + +- new FEATURES: POSTFIX_RBL_HOSTS, POSTFIX_BASIC_SPAM_PREVENTION, + Bugzilla ID#16383 +- moved sample-*.cf files to %{_docdir}/postfix/samples + +------------------------------------------------------------------- +Wed Jun 5 11:14:29 CEST 2002 - choeger@suse.de + +- update to patchlevel 11, version 1.1.11 +- new FEATURE: POSTFIX_UPDATE_MAPS + +------------------------------------------------------------------- +Fri May 24 13:39:05 CEST 2002 - choeger@suse.de + +- update to patchlevel 10, version 1.1.10 +- create required users and groups in %pre install + +------------------------------------------------------------------- +Thu Apr 25 16:55:58 CEST 2002 - choeger@suse.de + +- removed provides of my own packagename... + +------------------------------------------------------------------- +Fri Apr 19 13:25:32 CEST 2002 - choeger@suse.de + +- Bugfix for README.SuSE: POSTFIX_CREATECF is now + MAIL_CREATE_CONFIG + +------------------------------------------------------------------- +Thu Apr 4 11:36:52 CEST 2002 - choeger@suse.de + +- update to patchlevel 7, version 1.1.7 +- introduced new feature POSTFIX_LAPTOP + +------------------------------------------------------------------- +Tue Mar 26 15:21:18 CET 2002 - choeger@suse.de + +- update to patchlevel 5, version 1.1.5 + +------------------------------------------------------------------- +Tue Mar 12 15:28:24 CET 2002 - choeger@suse.de + +- Bugfix: don't check whether POSTFIX_MASQUERADE_DOMAIN is empty + or not, because else we won't be able to clear it. + +------------------------------------------------------------------- +Thu Feb 28 10:21:36 CET 2002 - choeger@suse.de + +- added flags=q to amavis transport definition (link@suse.de): + [...] + If your postfix is older than snapshot 20010610, leave out the + "flags=q" part. However, amavis will not function properly with + envelope adresses that contain whitespace in the local-part. + This is quite rare, but has been observed a few times. + [...] + +------------------------------------------------------------------- +Mon Feb 25 13:58:05 CET 2002 - choeger@suse.de + +- update to version 1.1.4 (1.1, patchlevel 4) + Bugfix (excerpt from HISTORY): + .................................................................. + off-by-one error, causing a null byte to be + written outside dynamically allocated memory in + the queue manager with addresses of exactly 100 + bytes long, resulting in SIGSEGV on systems with + an "exact fit" malloc routine. + .................................................................. +- added new option SMTPD_LISTEN_REMOTE to /etc/sysconfig/mail + which has been introduced by the SuSE dist-team (excerpt): + .................................................................. + sendmail does have an option to listen only on the local port, + this should be the default. + A flag "SMTPD_LISTEN_REMOTE" in /etc/sysconfig/mail will be used + to decide if port 25 should be opened externally. + The sendmail package will send a mail to root explaining this + fact. sendmail updates will copy the value of START_SMTPD to this + new flag. + .................................................................. + As this is a totally different behaviour compared to old releases, + SMTPD_LISTEN_REMOTE will be set to "yes", if POSTFIX_CREATECF + (now MAIL_CREATE_CONFIG) had been set to "yes" before the update. + +------------------------------------------------------------------- +Thu Feb 21 12:39:55 CET 2002 - choeger@suse.de + +- fillup workaround + +------------------------------------------------------------------- +Thu Feb 21 11:23:52 CET 2002 - choeger@suse.de + +- hostname handling is still annoying + added some piece of code to SuSEconfig.postfix to + get a valid hostname + +------------------------------------------------------------------- +Mon Feb 18 16:03:40 CET 2002 - choeger@suse.de + +- %postinst cleanup: + . use rename_sysconfig_variable macro + . use remove_and_set macro + instead of directly calling fillup + +------------------------------------------------------------------- +Wed Feb 13 17:27:37 CET 2002 - choeger@suse.de + +- FQHOSTNAME has been removed from /etc/sysconfig/network/config + and is now set in /etc/HOSTNAME, which wasn't FQ in the past. + *Please, don't change it again* +- if POSTFIX_LOCALDOMAINS is set, do not append + "$myhostname, localhost.$mydomain" anymore + +------------------------------------------------------------------- +Tue Feb 12 16:31:14 CET 2002 - choeger@suse.de + +- Also take care of the localhost:10025 mailer definition when + setting up chroot options + +------------------------------------------------------------------- +Mon Feb 11 09:27:47 CET 2002 - choeger@suse.de + +- Do not set myorigin to FROM_HEADER + +------------------------------------------------------------------- +Thu Feb 7 10:10:55 CET 2002 - choeger@suse.de + +- Bugfix(SuSEconfig.postfix): typo in path to /etc/sysconfig/amavis + +------------------------------------------------------------------- +Mon Feb 4 11:25:51 CET 2002 - choeger@suse.de + +- SuSEconfig.postfix enhancement: get hostname from hostname -f + Bugfix: get FQHOSTNAME from /etc/sysconfig/network/config +- added -y to fillup_and_insserv to create startlinks + after installation +- changed company name to SuSE Linux AG in copyright headers + +------------------------------------------------------------------- +Mon Feb 4 09:44:45 CET 2002 - choeger@suse.de + +- update to postfix 1.1.3 and tls extensions 0.8.3 + minor bugfixes + http://groups.yahoo.com/group/postfix-users/message/52953 + +------------------------------------------------------------------- +Fri Feb 1 20:37:27 CET 2002 - choeger@suse.de + +- Bugfix: Forgot to assign a name to TMPDIR in SuSEconfig.postfix + +------------------------------------------------------------------- +Fri Feb 1 11:43:17 CET 2002 - choeger@suse.de + +- added resolve_local_panic.patch + http://groups.yahoo.com/group/postfix-users/message/52746 + +------------------------------------------------------------------- +Wed Jan 30 15:44:10 CET 2002 - choeger@suse.de + +- update of tls extensions to 0.8.2 + +------------------------------------------------------------------- +Mon Jan 28 15:00:07 CET 2002 - choeger@suse.de + +- update to version 1.1.2 +- sysconfig.mail changes + +------------------------------------------------------------------- +Tue Jan 22 12:08:43 CET 2002 - choeger@suse.de + +- renamed cleanup.fillup to sysconfig.postfix.cleanup +- added postqueue patch, see + http://groups.yahoo.com/group/postfix-users/message/51611 + for more details + +------------------------------------------------------------------- +Mon Jan 21 14:56:39 CET 2002 - choeger@suse.de + +- update to official release version 1.1.0 +- moved some stuff to /etc/sysconfig/mail +- cleaned up /etc/rc.config access +- added some safety checks to SuSEconfig.postfix + +------------------------------------------------------------------- +Wed Jan 16 16:58:53 CET 2002 - choeger@suse.de + +- update to version 20020115 (release candidate for Postfix + official release version 1.1) + +------------------------------------------------------------------- +Tue Jan 15 16:20:13 CET 2002 - choeger@suse.de + +- some improvements to SuSEconfig.postfix + +------------------------------------------------------------------- +Fri Jan 11 17:52:25 CET 2002 - choeger@suse.de + +- updated to version 20020107 +- added postinstall section to update from previous versions + of postfix + +------------------------------------------------------------------- +Tue Jan 8 20:11:07 CET 2002 - egmont@suselinux.hu + +- Changed /sbin/init.d to /etc/init.d in init script comment + +------------------------------------------------------------------- +Mon Jan 7 15:01:16 CET 2002 - choeger@suse.de + +- added sender_canonical_maps to SuSEconfig.postfix to let + the new YaST2 module setup this map similar to sendmails + genericstable + +------------------------------------------------------------------- +Thu Jan 3 13:51:45 CET 2002 - kukuk@suse.de + +- SuSEconfig.postfix shell script is no config file [Bug #12712] + +------------------------------------------------------------------- +Wed Dec 19 15:26:20 CET 2001 - choeger@suse.de + +- Made initscript more LSB compliant (status codes) +- Bugfix for Bugzilla ID#12672 (improve explanation + of POSTFIX_LOCALDOMAINS) +- robustness enhancement for SuSEconfig.postfix + +------------------------------------------------------------------- +Fri Dec 14 15:42:31 CET 2001 - choeger@suse.de + +- typo in specfile (master.cf installed as main.cf) + +------------------------------------------------------------------- +Thu Dec 13 11:25:44 CET 2001 - choeger@suse.de + +- update to version 20011210 +- some changes to SuSEconfig.postfix: + . added POSTFIX_UPDATE_CHROOT_JAIL variable, see README.SuSE + . some cleanups for chroot jail + . little bugfixes + +------------------------------------------------------------------- +Thu Dec 13 01:16:57 CET 2001 - ro@suse.de + +- moved rc.config.d -> sysconfig + +------------------------------------------------------------------- +Wed Nov 28 18:36:10 CET 2001 - choeger@suse.de + +- update to version 20011127 +- some changes to SuSEconfig.postfix: + . added more robustness (Jehova) + . do not chown -R postfix to /var/spool/postfix + . query for package cyrus-sasl instead of sasl + +------------------------------------------------------------------- +Tue Nov 20 16:13:00 CET 2001 - choeger@suse.de + +- update to version 20011115 + Bugfix for a memory exhaustion bug in smtpd + see http://groups.yahoo.com/group/postfix-users/message/46597 +- remove START_ variable + +------------------------------------------------------------------- +Fri Nov 9 14:54:24 CET 2001 - choeger@suse.de + +- some changes to specfile (thanks to Simon J Mudd from whom + I copied some code) + +------------------------------------------------------------------- +Tue Nov 6 15:19:18 CET 2001 - choeger@suse.de + +- fix some SuSEconfig.postfix bugs: + . master.cf chroot column can also contain '-' + . don't do anything if POSTFIX_CREATECF != yes + +------------------------------------------------------------------- +Fri Oct 26 13:11:17 CEST 2001 - choeger@suse.de + +- update to most recent snapshot version 20011008 + +------------------------------------------------------------------- +Thu Oct 25 14:36:47 CEST 2001 - choeger@suse.de + +- update to pl05 + +------------------------------------------------------------------- +Fri Oct 19 12:53:44 CEST 2001 - choeger@suse.de + +- Bugfix, Bugzilla ID#11914 + +------------------------------------------------------------------- +Wed Sep 26 09:33:34 CEST 2001 - choeger@suse.de + +- ALWAYS create master.cf, even is POSTFIX_CREATECF is set + to no, because else chroot mode may not work, Bugzilla ID#11359 + +------------------------------------------------------------------- +Thu Sep 13 14:34:06 CEST 2001 - choeger@suse.de + +- removed an obsolete echo in start section of init-script + +------------------------------------------------------------------- +Thu Sep 6 13:48:29 CEST 2001 - choeger@suse.de + +- Bugfix in init-script: redirect output of postfix start + to dev/null and do not use startproc to start postfix + +------------------------------------------------------------------- +Tue Sep 4 18:09:43 CEST 2001 - choeger@suse.de + +- update to tls-extensions v0.7.9 + see http://groups.yahoo.com/group/postfix-users/message/41094 + for details + +------------------------------------------------------------------- +Fri Aug 31 13:54:02 CEST 2001 - choeger@suse.de + +- update of tls-extensions to 0.7.8 +- update of postfix to pl04 +- Bugfix: - check if postfix spool is set up before starting postfix + - start postfix with postfix start, because postfix-script + wouldn't be executed, else. + +------------------------------------------------------------------- +Tue Jul 10 14:34:17 CEST 2001 - choeger@suse.de + +- update of tls-extensions to 0.7.3 + +------------------------------------------------------------------- +Thu Jun 28 13:06:47 CEST 2001 - choeger@suse.de + +- bugfix: remove libs from chroot jail, that are no longer + valid, Bugzilla ID#9133 +- bugfix: init script was not LSB compliant, Bugzilla ID#9063 + +------------------------------------------------------------------- +Fri Jun 15 09:44:49 CEST 2001 - choeger@suse.de + +- added cyrus to require start in init-script +- "bugfix": bootstrap problem cyrus-imapd <-> postfix: + cyrus-imapd must run before postfix, but fails to create + lmtp socket, because /var/spool/postfix/public directory + isn't present. FIX: add it to filelist + +------------------------------------------------------------------- +Wed Jun 13 15:08:33 CEST 2001 - choeger@suse.de + +- install postrop with special SGID modes + +------------------------------------------------------------------- +Tue Jun 12 13:29:36 CEST 2001 - choeger@suse.de + +- improved SuSEconfig.postfix + - better main.cf handling + - new feature: chroot or not chroot + +------------------------------------------------------------------- +Mon May 28 09:36:49 CEST 2001 - choeger@suse.de + +- major bugfix: memory leak in the LDAP client module +- minor bugfixes + +------------------------------------------------------------------- +Wed May 9 20:15:27 CEST 2001 - mfabian@suse.de + +- bzip2 sources + +------------------------------------------------------------------- +Wed May 2 09:44:29 CEST 2001 - choeger@suse.de + +- updated to pl02, bugfixrelease + +------------------------------------------------------------------- +Mon Apr 30 11:41:35 CEST 2001 - choeger@suse.de + +- Bugfix for SuSEconfig.postfix: + Handling of TIMEZONE variable if set to unappropriate or no + value +- Improvement: Warnings are printed out in bold + +------------------------------------------------------------------- +Tue Apr 17 16:28:41 CEST 2001 - kukuk@suse.de + +- Don't use a RPM macro for version number + +------------------------------------------------------------------- +Fri Mar 30 10:08:15 CEST 2001 - choeger@suse.de + +- update to pl01, bugfixrelease + +------------------------------------------------------------------- +Tue Mar 27 13:16:45 CEST 2001 - choeger@suse.de + +- added libcrack to chroot jail, because + it is needed by pam_pwcheck + +------------------------------------------------------------------- +Thu Mar 15 01:08:35 CET 2001 - ro@suse.de + +- fixed neededforbuild for openldap + +------------------------------------------------------------------- +Mon Mar 5 11:49:48 CET 2001 - choeger@suse.de + +- first non-beta of the next postfix generation +- v20010228 + +------------------------------------------------------------------- +Tue Feb 27 11:22:24 CET 2001 - ro@suse.de + +- added cyrus-sasl-devel to neededforbuild + +------------------------------------------------------------------- +Tue Feb 27 09:51:56 CET 2001 - choeger@suse.de + +- new version, 20010225 +- removed notification message + +------------------------------------------------------------------- +Tue Feb 20 14:16:30 CET 2001 - choeger@suse.de + +- bugfix: wrong permissions for maildrop directory + +------------------------------------------------------------------- +Wed Jan 31 10:53:04 CET 2001 - choeger@suse.de + +- update to version 20010128 +- now linked against ldaplib2 + +------------------------------------------------------------------- +Fri Jan 5 14:25:11 CET 2001 - choeger@suse.de + +- bugfix: maildrop must be owned by postfix.root + +------------------------------------------------------------------- +Mon Dec 18 14:47:53 CET 2000 - choeger@suse.de + +- update to version 20001212 +- bugfix: insserv +- bugfix: missed openssl in neededforbuilt +- renamed to postfix, because a non-crypto version + is no longer needed + +------------------------------------------------------------------- +Wed Dec 13 15:52:43 CET 2000 - choeger@suse.de + +- Bugfix: postfix-script was not executable + +------------------------------------------------------------------- +Tue Dec 12 15:13:40 CET 2000 - choeger@suse.de + +- Bugfixes: + Provides in initscript + Use /bin/bash in SuSEconfig.postfix +- Update to version 20001210 + +------------------------------------------------------------------- +Thu Nov 30 08:35:09 CET 2000 - ro@suse.de + +- startscript sbin -> etc + +------------------------------------------------------------------- +Thu Nov 23 09:55:37 CET 2000 - choeger@suse.de + +- new version +- fix for neededforbuild +- fix for master.cf + +------------------------------------------------------------------- +Wed Nov 22 13:06:54 CET 2000 - choeger@suse.de + +- adopted to new init scheme + +------------------------------------------------------------------- +Wed Nov 15 16:13:12 CET 2000 - choeger@suse.de + +- fixed neededforbuild + +------------------------------------------------------------------- +Tue Nov 14 15:19:40 CET 2000 - choeger@suse.de + +- update to version 20001030 + +------------------------------------------------------------------- +Thu Nov 9 17:14:48 CET 2000 - choeger@suse.de + +- long packagename +- added rpm buildroot + +------------------------------------------------------------------- +Wed Nov 8 15:59:41 CET 2000 - uli@suse.de + +- fixed neededforbuild + +------------------------------------------------------------------- +Fri Nov 3 18:12:57 CET 2000 - bk@suse.de + +- src/util/dict_ldap.c:dict_ldap_lookup(): fix missing **-termination. + +------------------------------------------------------------------- +Tue Oct 24 17:28:06 CEST 2000 - fober@suse.de + +- s390,ppc: added -fsigned-char compiler option, to fix obscure segfaults. + (code is not signed/unsigned-char-clean) + +------------------------------------------------------------------- +Thu Oct 12 18:24:54 CEST 2000 - choeger@suse.de + +- yet another SuSEconfig.postfix bug (incorrect link) + +------------------------------------------------------------------- +Wed Oct 11 16:47:35 CEST 2000 - choeger@suse.de + +- bugfix for SuSEconfig.postfix + +------------------------------------------------------------------- +Mon Oct 9 13:54:13 CEST 2000 - choeger@suse.de + +- bugfix: missed to install new flush service + +------------------------------------------------------------------- +Mon Oct 9 11:48:39 CEST 2000 - choeger@suse.de + +- inititial revision of pfixtls diff --git a/postfix.keyring b/postfix.keyring new file mode 100644 index 0000000..643bbee --- /dev/null +++ b/postfix.keyring @@ -0,0 +1,154 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.18 (FreeBSD) + +mQMuBFYZbx0RCADaN3/xzcSgTh/Zdpn5Ia0cRAGF/0ZKbd6azuiFTvXQd/JLZkYj +DkNHHGZImtQhPf+aa7JXCUSqrbgvSyYOYUI6enx+W8RBzvYBWEccW1Ls4D7mxUmA +CbHfcGn7gdEXaQaHS4sJzoYCGRboOKyLCGHvSajxr+HidAv9JEzuGb20TRZ9bL9B +P3LrKIleSSJICH5qU+mGtCE0nZspAhpbLizCAx9jkS5lKfmPI7ua2q+nDQJ3/Q9I +mfJGM6HR2SvPR5hl9ZoZF0p44bl30hmwezbkx151+Zt23MW+OWUtpoZQBiW5q3J0 +wa6td1llChOrjTYBhSIhiHifC59FCnxp48EzAQCGskLjC2PyrPOOPMRez5yaxLJq +YhAuOc8hZNVmCSeVKQf+MbxsyUaraay4SpUIwtzRYZVBrdjM8XGeBJcmFBhWHaoD +G1fIflmP8RfmP0lx8CUSMR4o508mKZ8Rf5VQlAkjUFMeCG+3Hf1bmvZqUwiwy27o +tuhud+XSN5QErzbP7nakkmE8vUhzWQAYIrg/GMSWOZW74JWuhRUgBgEDG8AMQNRS +JfABm3/c+xJlidnLjgam73iG0VM/ivzdOKKZM/XCqihmpSJg7U0a2C0cnOOFQkHa ++ym7rgeZJrUM2A/KEWS8i/eqBlp7RZXovpSFfFIWWbM9HngdjND0Kk7RMxtzgt6p +GrQaqArthyOlMpZ72xTdnUGex5rxgo19J9eJmkrg7wf/cncD5yuR99/myQjAqx+a +uHOV7vOclyyZB7HLqW5ry4AozRv8TNTPsYUNc7ie4gjslkwXFSgv/RVjBIMeM7Jd +JRvBvehttr0SnkiiixTFEjw1n9kIJAh3YD+3/zP2rz2nxYyQhCdswcQNVHWQcx17 +bCMgzXw5ysjusG+lej1dueEApXlU6+mfnfbQ05lR4u5wAxfbcqN6vS4aEiYbTixL +Kgm9wffU9Snshqz4OU4Nj8so2OtDrCyAZ+WQEOY7A+j96VUFeM3FaBnvWz8b5JZg +JaMbKr5naovFIBaDBzLzxjn42IcI778EwFetXbFGrLSZU17FoufDnOEFKbwkJehh +o7QkV2lldHNlIFZlbmVtYSA8d2lldHNlQHBvcmN1cGluZS5vcmc+iHoEExEIACIF +AlYZbx0CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAwLWQ6AyhWn4h8B +AIMevjwXE2/kAQb/H5VJ+arXkE8FRH0crSCvFcrKTES8AP9ToDZzYv/OvG8swSe3 +oWK5eIFcpE8+G7EpCsBfE/t+gokBHAQQAQIABgUCVhly2AAKCRAHL2DwwSvNmSxM +CACPPUp1ubd07nR8PET6meHHC7UnsvhibnGD2y1pbHzLBQi6U4oLQqowHj1tF/sk +xcdC48V+bNCs3Q80lkky9UpjJLaVlQcoJHFrluORDw0RfshRqaYP2T0ZJqYRjV2e +N1lBoDWaGiNuGfQLxSaj+yRsS66Q0cX3dR5xCXhsa2MYyLa0EavrWNeIve/FdLbk +QVFSECvXd62n+P4tH2VEdTocmJ2tioAIMruvVcUFNDxNBa6vNNMtUVM9cNzHbkzH +sBFTBKqzNfWpLSPXcSWbEZ+DWRBeiVJ683hiRugDeQ2VIinqt/BNO0vbAWtJV9yV +sVlrpwHoysisUuYIBJYWsCyQiJwEEAECAAYFAlYZddMACgkQ3IDyptUyfLky0QP9 +Hubtzxg2DiiundHEZUIzBHF5Wopi/eCmsZcKXhUcrf8T8zN1y9O2GwUIV+7wIAUp +n2vEXSbZ+zO3XEmmkClgYPRu+cO9mSswZ2LKZEtfgOTX66JVLK5pusxswLmYnWqV +l3qC+rJMDIy9NvcV/XwkIqrdBArwDnQEwaU0EaZStkG5Ag0EVhlvHRAIAI/ORSNY +4F1dujiRX7RiW+VYDTnmz3CIrRF9oKUKvZsqLEaP0hK8Ozn7jgFy0n1jBlFWGxrK +dQgevQkQf1WpYEUVO20nrS9kx3BWYXsoOlT/3mGXT8gR5CD7vAY4xWl2740c2Km1 +fmJy08JKcOa/j+kUuaNUx5uqskyr66bKyhSvW9qWKKBL92dqoQsquVH3wF5B6j20 +UpiN5rnV65OriY1MwWeaBK7+yfkP4PqTYLQ4CKl0Zcqar17SUvmmWTYZEtm6r9UI +ZP/uNFMu7kqfQZrmHDozsKJezcKSTuFFJmcLztY+2SfN0iH2DNlbwfJ/g6jyCDz8 +s4EtAQCIIuOOvucABA0H/RN17RQfhJdNLhyvOmHq8xtHpc9ja+JCsn9/cvx9LjaP +Qeg/sqqpyjCED4cNNFPpw3InHi6dWG6ImdEkzKdyTgvMo1MV0eeuHibxFUDVrNeF +v3zYKR4/Hy97ETmhd3ny/t19kZh3osDHRq4uau00aGHn01Gxq5tFEFufrVhY27YI +ZpTmhn67Gspdf+BP92DCOou+IsPaljiuJd0TwU2OXrY+RJYTNANPttCoexqXEhba +M06kZehxFbeDUj2oFVwCZDiNDcQssKALM1fvC/Gp/HI2HDciKiSeiR8hDlQJavHx +U/0I/G5kLTeDfXIguf5b7MM8awhG8XeehmqP9RIauoeIYQQYEQgACQUCVhlvHQIb +DAAKCRAMC1kOgMoVp5aUAP9F2s2Qu/NTmAmLTKbBGTzJlR2JF1XfQOi8H0r6fNvA +4wD+OeVe1s+AlR80UoTb97YyuGvFvVr4xFm/Qk776pbAXLY= +=yZP5 +-----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: PGPfreeware 5.0i for non-commercial use + +mQENA0Ije1oAAAEIALlEqB1UICFF3dfwDij9LHtBhtiEfGnv0PL5rRmSJ4rA9pqs +oM3oc0nfgnB502XpeCkT1RW5ymQggEx7+8fXnWhNUAmNGPrbmWzymvrdr4XnPOoB +ODlnVYkc9Gt5BLRNSfuLbc1G3nH+FDzhpuJ5zqtb8RrYm5FOPU7eC9QnVoC2nXPW +fPfTWVXQoCOEuQQ3zZHEculWQYhRVgxI+CFZjWzWgwZq3wWi/nGGZcFYRtCfodH4 +UiP0lvj8tOEhD8vUGQKiQGwiw/BBbiCm5ZPcCkSOWxXbZTUrkfTzwse9Ka2blmgH +AhlySLtSD/tCX2ykzQEK9JJDw4++By9g8MErzZkABRG0JFdpZXRzZSBWZW5lbWEg +PHdpZXRzZUBwb3JjdXBpbmUub3JnPokBFQMFEEIje1oHL2DwwSvNmQEBA8oIALG7 +Un8SRtlQ+EXMSK/MyJLD9+T/tS1vq2Z6BwN6oZ0G21VvbMdhXvOEjPUFXhJPIFs8 +pNIYtUV/uQMiMZsATOlJObe3ZkXazdbpGcGAekO0G158CYy2mH50hqYLewTYCt3T +TNf6fSu+bVFrrQ8S/89QDceN0M+WFECgjlYHMTMqB2Ye2KZRWAQG1S8hLLFG42HV +QaWAVG4yR4xZEC0sYuMBZQTJlJXWb/CnhdlcdS2y5DRq/UYZ5oM/ZilKnIxnWzvf +zZM/5+5d7DA0YLjY2uIiSGWs9MfQv1MwvAPjTs/Aiz0j3y5lCa3lVObGskroUhN6 +Pf14rTC6p585H3mQBRuJAJQDBRBCI3uC3IDyptUyfLkBAUJtA/jL8AHJtrrb6/CV +w0gBL0vIVI2FV2F7FxmttbHV9HqErkB7bypuFoUZkbrYd8jl5aco4E2fet8avoVF +JKaY+YwcUTpy0wZSwYr6vt+bm1lMDg2BuNdd3j8lcJ5qzTo0SRfuGoJaIDKbqUIR +g+zlLNnoLgf8qPhyFczoiN/MZKl0 +=Uc/Z +-----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: 2.6.2 + +mQCNAirDhV8AAAED/i4LrhQ/mwOgam8ZfQpEcxYoE9kru5oRDGtoVeKae/4bUver +aGX7qVtskD6vwPwr2FF6JW2c+z2oY4JGPGUArORiigoT82/q6vqT0Wm1jIPsXQSB +ZCkBoyvBcmXEi+J7eDBbWLPDxeDimgrORbAIQ4uikRafs8KlpNyA8qbVMny5AAUR +tCV3aWV0c2UgdmVuZW1hIDx3aWV0c2VAd3p2Lndpbi50dWUubmw+iQCVAgUQMGq3 +lNmn2lx+CrKBAQFa9gQArugc+G/gKE/Oq5a572ZobbaI4E76YknpF4quLJ3NxRTP +DAsAQOfM3tMlpYGPt/8zpqetOpNTElZyblHcHNI95wuYz0U3UH7OwmOGoD8FtON+ +vuUO5bOmUsjnlKV7MetIPZl2Ht81mnouOgtaEClQK3Bjkmqh9gRW61IcuMqcrACJ +ARUDBRAxDqLR57u1Gl0NQHkBAYAeB/4xfFxNOjvfOrsjLefbcmORFi4ZFJxHLEc+ +szgK8J+nEZnQqpcXJ2QaNpXY3FYFR2NnPOteoTFO//DqX9v9MblYOo5KRKaYhhhz +VzWhoq9s+nCKaTNEQr1BkAGJsrw4D5M3wTY6vu/z8O7BZFV8N2aFuV/3w8fb3ABi +80DAaV+2fN+x04gtPEfJJnTvbhBhYMczzvqwnuW/NnWw9SS/rVuWrV60HRWtFQnR +h7BqqE/8mafjmV0dF3GPM3zKvOq7ivOsfHUslvqP+YdIfuygTAQqkdEK1k1j4+0t +wqF4XGIXB67w4AyybnvjCbJsQavYQgJIDSngjpSzBPRFyfs5tr/ViQCVAwUQMQ6i +M05B7Bs/MbpVAQFeSgQAihFUGbn8uY6I7J4H73rwrI49XEJcdmop4/CO3fazP+jM +pBR+O/EYTXHYb2AB1IWV8jeqMvcjDww9iylfXSdRhu29xPhAFyLq93+AC63p3WnC +X9HP+6LQepuO8HETMsUo2beywin8V43IEE7wpkV36HhipzhOqSOJg6dHoJxq0jqJ +AJUDBRAweOef5PJqLyI0q20BAdIhA/4vmWq5lh9ZB9xiNL41NMJcLx9KiXKeewl/ +Lnz2Sc95A6PEo+/0h1TRtdfNE+HBegJ+3GbTz+qsUTNGYslfw1uzhVVwke3VWegi +j4W7QBKfolXR/QeIOE9YIl6sFiXCupNig8QLyFYZCv3cBF1rg7zcpnpBCoEVe4qB +gfG8edNMwYkAlQMFEDBzrxICT4RrFG3ijQEBlIID/1tgODC51T64V/b97YYBRPWD +FMeFI+BIqWDwJrynoAl5qoHdi8nAGAVqpg006bRcaXgra5ZclRFMDytuhL5Ss3v5 +t6ydsulRndafEhY8yFTR4rjHrsxIfa1Ku3PR9m2c6kiRnQW88wL9bjKJ2caDBPeH +FsePOcUfsUTcZg69bIz+iQCVAwUQMG++9DH/t4NEE7aRAQEFnAP+OWpls7UuOm55 +ZIyKMsXee0KbrXshwR8brHPShEwzYYQG2C0giu/lhpMvLyNg/K7l52+/Jz+x9y4U +HDffDPFOG4J9QirNL9PCOCpKhpMvX5GXeHiD5VNK15JaD/58J8CnlPnQMfVSrcmq +JX2XPB2BMrm4y9ibAbxkeWfqO7YXYTiJAJUDBRAwaqn6Gts03AL4jIEBAcqCBAC2 +gsdcPBgHZo8zhbdUZ0GRPiObyjVeC+poW/9f7vFkoX1SBZE9EWoXzxZ5lEDaZlv8 +PGua5yQWy+qEm6+MS8puv3dBi5d1kb97tqbvVZcsEpI+e+ygljnV5PtesMjqGaq9 +ZxhueAekfNj5kHo32HupwbDXNHC3j8rFunqfGUUB6okAlQMFEDBqX0voJUrjD0yX +dQEBjiwEANOf185iXALuJUlV3/MYxnJbmC+J/08rD4at+fxLTbH2LU6WpfVyDEmQ +xahelAKKVDiPJK2/ct6SEnYG2nmRQKIKiU5k7g05vufQi7CyfHVOQuXvlFZkoNz7 +uDEDk/EKfMUT7Lw7qLilK7POGkWrPhwSdFDgP4qWuq77enjet8RNiQCVAgUQMGgn +6SJRltlmbQBRAQGk2QP+MR8rAlXGgVNqR1SQjKmutmDe5gFNuHB/StLKdRWOb5fc +oJspE4TLHoayTMfT0PQtP6BOL3Nn1GvNe/X/J47/rC17VZlP680uG8as7jKeJib4 +6znNJr7lpb9/IeKUTTZk2TbSv4eFjpo6ZlDxRca/5TmvKDjxS4Z973bRSd1CK5iJ +AJUDBRAwacpgufMnN2zLdBkBAbOUBAC4hEmF/ywCS7Lc95P1S5e+3W5QfBOISSsN +1sWcFA5+aRXFxA4/zaDOBZiTmKLCVOaBPh66h16QjMyswjGpCyrKG/DHFu0P6Tdo +cW2hyu9FRNKE7nWDx+JBw3sJNsR5NrdrNSkxuI5ae8VM4qp+AAafTf2yaCQUiiPL +Bfs10T6D4YkAlQMFEDBpykFiZfpIB1Z0VQEBPV0EAJ65XnrutwZ7isTcGOXrb2Va +vnsL020c58qHrcpPXFQczp/R6Woh8xYEJdM0CZL+ulDtuODv5ZtZhhy3ZgpKLOk/ +397IWrQDHZwXMIGLxzYN1S6zMTI929fplK9cyRHln3Rstt4fbrLNpyfIXUx0PTC0 +Cp205yzrEcKt/IqX/sKYiQCVAwUQMGnHUAQmfXmOCknRAQEJRwP/SARfkEKPKx9U +2NEcuJvHC/jpqoUZ/gUQP9nIkRuMLqzO3SraPM4ZlSEyzJg2qagJJ2PaYYN3YAbT +UfElGpWmS9oy/k7hdg68L2hBPC/z7kRXQF7Ydn4l+X1enKXtMb7cKVBelQfbULmy +6JY5MSx7Grtrdi91QsQuq2VCkGimJqeJAJUDBRAwZ/3ro2xF3nu86kkBAXyeA/0Z +MXHkn7nuf1KwhIL/fYaV4zLSDeUclOuO1afEg63bwNNcj1XE6ZpEiHTTY8kbx3Z6 +wWrXsNfEl/rQzjezXgX/py38+YHamyAhrJpb7UyPUW0EBSvhwqx8ZnK1wqqsegy9 +KnutkeF+BXL/EswooKab5zvF1glKBuJyunCrUgG4MYkAlQMFEDBn/C87f8e8znZr +HwEBH5YD/jtnDovJRAdHQeqKQFma7W9N+Abqx5q3/3dXzPaQDzR/74VsqKwnDOrF +TMnbsREUCA51tM8ZbC4J5aSzN3tNIFXN+gCixT/8fVxshQuYP2O/sMuHqVDH5FQR +2UPvORSJWSaFTbfgCOfNbHV18uKDmImiYATWouyS9uLWTlNEjdK3iQCVAwUQMGai +rFiXq3zaXLJBAQF6QgQA0p/HnqrN5UJr14iJziPYVekkLmdhQ5x1KE+SEpakNkzE +0dPlL+DKpkW2Ay+puopwOzGa2wWOkcmvtBfWUoFhMDMZS1I86BvYGIlsfAd8rcYf +pN8qo0e32tgRG8Ftp6TIQQFLwOxVzDVlOCL+AgFI3zc2Qsm5zT2L+ceD3f2F2veJ +AHUCBRAvzCraaA8r0KMuYqEBAW/UAv9sv6+2UbrUO2a7z+S/keQ+I5Wp+KiZRgjU +58XRqYlQ0qAFp2F1snjRAYy6GFceVbJvj8ydK3hq6OfADywqG1Eq0kcq+OMt/4tO +Z0yiXbCegrTvaUukW6ZftonelLXhpSCJAJUDBRAviXcRE9wTBKB3hqEBAW36A/9m +x57+4pe+0zEbkNIKAqmdT2n1AZXiCc/1sLJ1D5uuZ6kS4xK6P1z9UXMeVgtekmz1 +mF8JuM265VHKNAhWPclur2zhfDKHFz5DTGCUxSGObXzJwnw8+CTHh7wV3NxK5l9o +UjqEfQSvsl6H/wc7KspKWyqsZk7LQcYC4o5ZAo/5kIkAlQMFEC+IFuvKbyuD/AwC +1QEBoS8D/RmXEJrUpr/oFAzFozP7F1sM91xtye2lzK4RGbYUxjlrZs6vWPhGmJzf +NzX5D03plADkUk6la8cHTFdTDls2jpobVUAeuZXnWOYhRhUnL4NOZdl6Vr2cYd+I +zfdG9220Oy+jHodN7+16j5/M/ezoxBpZJwsPHfdF7NVOZVIGTbZZiQCVAwUQL30a +Z9yA8qbVMny5AQEnOwP7BphCYkobRu0ZTT4ZROD5tExJ8IbBv2n29vCddAg+VCuw +XwGjObwjIUZbGx8pPx1GWOqYATAouFoWBh0WueWK5h+ZUzD6dKl2lMNUTQ3h3uF3 +yZM35YK9jSDrH2u/W4E8orqU+BahkeyRvM0vCINdnm88p2hIIIiLdpCQJB37qrGJ +AJUCBRAubfYWwMf8FvAPBCEBAVmrA/9xJIGybDPjmtnwc/k2FRbEJQbVkyZq+nja +aeE5si/TdvrzS580zGnye9uABdRbAKceOa91Rm/OEtmzeDjFPJ/pdcZ13FUDNBlQ +Shyt4P3abOb24kiL67MwJy+70Wbg+C71O7Hed2NVqFUEtkSg2hlV09kCxr4+aQIR +fQYVcr7R+YkAlQIFEC5t9dpsodCHBnntkQEBh5oD/1ozk6LmRoT0qN9VHDFKnJzZ +RagTBfA3JpsxWmnkdOpmMSeb+f7SCwH+FwtRYNLX+8Z54/dR8esPNy08FfDNGz6U +C2Eu4eLy330wei8QtfLdytcSIij2OJRJetg9xrzw5H7h2Hia3oWJ2CzHFmH2YWEx +QvYhDAIWTwektUQLYl+viQCVAgUQLmrlqOMR7qLvJ+dxAQGt3QP/WDFIlcxrgy1B +uxgvT9CkSjjJgKzV1D8z8iodPLul9s+1WxUGYTIYvdN67QXREYLV7yh0YRdBNVBr +NdtKutstdsbW/y6LHed4Id+sBuK4Y7OAN38mtjuaOpZLFGm8ex15KVvRJb/77u7y +LOixdFS7DpiSnaXoZpxC9vFMmm2R1Iu0JHdpZXRzZSB2ZW5lbWEgPHdpZXRzZUBw +b3JjdXBpbmUub3JnPokAlQMFEDTZBvTcgPKm1TJ8uQEBoRMD/RkjT4YtF/ltBN+V +eCLv272pxZo38JJZEGyWg4QTHXYQ7ayVc22RL3vQLEMRISvZnvl6pe2UMzgI8jOH +NWhTtvrKuvR/M/nvqTpFf8lp0SiF/ZVVeGCaSmS1Eoyp1dk76qPRCl6RcI6bTv2F +NT2RRKl3v4t4iEXnEjiyS6irzd2b +=o1uH +-----END PGP PUBLIC KEY BLOCK----- diff --git a/postfix.spec b/postfix.spec new file mode 100644 index 0000000..3bebca2 --- /dev/null +++ b/postfix.spec @@ -0,0 +1,641 @@ +# +# spec file for package postfix +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define pf_docdir %{_docdir}/%{name}-doc +%define pf_config_directory %{_sysconfdir}/%{name} +%define pf_daemon_directory %{_prefix}/lib/%{name}/bin/ +%define _libexecdir %{_prefix}/lib +%define pf_shlib_directory %{_prefix}/lib/%{name} +%define pf_command_directory %{_sbindir} +%define pf_queue_directory var/spool/%{name} +%define pf_sendmail_path %{_sbindir}/sendmail +%define pf_newaliases_path %{_bindir}/newaliases +%define pf_mailq_path %{_bindir}/mailq +%define pf_setgid_group maildrop +%define pf_readme_directory %{_docdir}/%{name}-doc/README_FILES +%define pf_html_directory %{_docdir}/%{name}-doc/html +%define pf_sample_directory %{_docdir}/%{name}-doc/samples +%define pf_data_directory %{_localstatedir}/lib/%{name} +%define pf_database_convert %{_rundir}/%{name}-needs-convert +%define mail_group mail +%define conf_backup_dir %{_localstatedir}/adm/backup/%{name} +%define unitdir %{_prefix}/lib/systemd +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir %{_localstatedir}/adm/fillup-templates +%endif +%if 0%{?suse_version} < 1599 +%bcond_without libnsl +%else +%bcond_with libnsl +%endif +%bcond_without ldap +Name: postfix +Version: 3.9.0 +Release: 0 +Summary: A fast, secure, and flexible mailer +License: EPL-2.0 OR IPL-1.0 +Group: Productivity/Networking/Email/Servers +URL: http://www.postfix.org +Source0: https://de.postfix.org/ftpmirror/official/postfix-%{version}.tar.gz +Source1: https://de.postfix.org/ftpmirror/official/postfix-%{version}.tar.gz.gpg2#/postfix-%{version}.tar.gz.asc +Source2: %{name}-SUSE.tar.gz +Source3: %{name}-mysql.tar.bz2 +Source4: postfix.keyring +Source10: %{name}-rpmlintrc +Source11: check_mail_queue +Source12: postfix-user.conf +Source13: postfix-vmail-user.conf +Patch1: %{name}-no-md5.patch +Patch2: pointer_to_literals.patch +Patch3: ipv6_disabled.patch +Patch4: %{name}-main.cf.patch +Patch5: %{name}-master.cf.patch +Patch6: %{name}-linux45.patch +Patch7: %{name}-ssl-release-buffers.patch +Patch8: %{name}-vda-v14-3.0.3.patch +Patch9: fix-postfix-script.patch +Patch10: %{name}-avoid-infinit-loop-if-no-permission.patch +Patch11: set-default-db-type.patch +BuildRequires: ca-certificates +BuildRequires: cyrus-sasl-devel +BuildRequires: diffutils +BuildRequires: fdupes +BuildRequires: libicu-devel +BuildRequires: libopenssl-devel >= 1.1.1 +BuildRequires: lmdb-devel +BuildRequires: m4 +BuildRequires: mysql-devel +BuildRequires: pcre2-devel +BuildRequires: pkgconfig +BuildRequires: postgresql-devel +BuildRequires: shadow +BuildRequires: sysuser-tools +BuildRequires: zlib-devel +BuildRequires: pkgconfig(systemd) +Requires: iproute2 +Requires(post): permissions +Requires(pre): %fillup_prereq +Requires(pre): group(%{mail_group}) +Requires(pre): permissions +Requires(pre): user(nobody) +Conflicts: exim +Conflicts: postfix-bdb +Conflicts: sendmail +Provides: postfix-lmdb = %{version}-%{release} +Obsoletes: postfix-lmdb < %{version}-%{release} +Provides: smtp_daemon +%{?systemd_ordering} +%sysusers_requires +%if %{with ldap} +BuildRequires: openldap2-devel +%endif +%if %{with libnsl} +BuildRequires: libnsl-devel +%endif +# /usr/lib/postfix/bin//postfix-script: line 400: cmp: command not found +Requires: /usr/bin/cmp +# /usr/lib/postfix/bin//post-install: line 667: ed: command not found +Requires(pre): /usr/bin/ed +Requires(preun): /usr/bin/ed +Requires(post): /usr/bin/ed +Requires(postun): /usr/bin/ed +# /usr/sbin/config.postfix needs perl +Requires(pre): perl +Requires(preun): perl +Requires(post): perl +Requires(postun): perl + +%description +Postfix aims to be an alternative to the widely-used sendmail program. + +%package devel +Summary: Development headers for the %{name} package +Group: Development/Libraries/C and C++ +Requires(pre): %{name} = %{version} +BuildArch: noarch + +%description devel +Postfix aims to be an alternative to the widely-used sendmail program. + +%package doc +Summary: Documentations for the %{name} package +Group: Productivity/Networking/Email/Servers +BuildArch: noarch + +%description doc +Postfix aims to be an alternative to the widely-used sendmail program. +This package contains the documentation for %{name} + +%package mysql +Summary: Postfix plugin to support MySQL maps +Group: Productivity/Networking/Email/Servers +Requires(pre): %{name} = %{version} +%sysusers_requires +%if 0%{?suse_version} < 1550 +Provides: group(vmail) +%endif + +%description mysql +Postfix plugin to support MySQL maps. This library will be loaded by +starting %{name} if you'll access a postmap which is stored in mysql. + +%package postgresql +Summary: Postfix plugin to support PostgreSQL maps +Group: Productivity/Networking/Email/Servers +Requires(pre): %{name} = %{version} + +%description postgresql +Postfix plugin to support PostgreSQL maps. This library will be loaded +by starting %{name} if you'll access a postmap which is stored in +PostgreSQL. + +%if %{with ldap} +%package ldap +Summary: Postfix LDAP map support +Group: Productivity/Networking/Email/Servers +Requires: %{name} = %{version} +Provides: postfix:/usr/lib/postfix/postfix-ldap.so + +%description ldap +This provides support for LDAP maps in Postfix. If you plan to use LDAP +maps with Postfix, you need this. +%endif + +%prep +%setup -q -a 2 -a 3 +%autopatch -p0 + +# --------------------------------------------------------------------------- + +%build +unset AUXLIBS AUXLIBS_LDAP AUXLIBS_PCRE AUXLIBS_MYSQL AUXLIBS_PGSQL AUXLIBS_SQLITE AUXLIBS_CDB + +export CCARGS="${CCARGS} %{optflags} -fcommon -Wno-comments -Wno-missing-braces -fPIC" +%ifarch s390 s390x ppc +export CCARGS="${CCARGS} -fsigned-char" +%endif +# +if pkg-config openssl ; then + export CCARGS="${CCARGS} -DUSE_TLS $(pkg-config --cflags openssl)" + export AUXLIBS="$AUXLIBS $(pkg-config --libs openssl)" +else + export CCARGS="${CCARGS} -DUSE_TLS" + export AUXLIBS="${AUXLIBS} -lssl -lcrypto" +fi +# +%if %{without libnsl} +export CCARGS="${CCARGS} -DNO_NIS" +%endif +%if %{with ldap} +export CCARGS="${CCARGS} -DHAS_LDAP -DLDAP_DEPRECATED=1 -DUSE_LDAP_SASL" +export AUXLIBS_LDAP="-lldap -llber" +%endif +# +export CCARGS="${CCARGS} -DHAS_PCRE=2" +export AUXLIBS_PCRE="-lpcre2-8" +# +export CCARGS="${CCARGS} -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I%{_includedir}/sasl" +if pkg-config libsasl2 ; then + export AUXLIBS="$AUXLIBS $(pkg-config --libs libsasl2)" +else + export AUXLIBS="$AUXLIBS -lsasl2" +fi +# +export CCARGS="${CCARGS} -DHAS_MYSQL $(mysql_config --cflags)" +export AUXLIBS_MYSQL="$(mysql_config --libs)" +# +if pkg-config --exists libpq ; then + export CCARGS="${CCARGS} -DHAS_PGSQL $(pkg-config libpq --cflags)" + export AUXLIBS_PGSQL="$(pkg-config libpq --libs)" +else + export CCARGS="${CCARGS} -DHAS_PGSQL -I$(pg_config --includedir)" + export AUXLIBS_PGSQL="-lpq" +fi +# +export CCARGS="${CCARGS} -DHAS_LMDB -I/usr/local/include" \ +export AUXLIBS_LMDB="-llmdb" +# +# TODO +#export AUXLIBS_SQLITE +#export AUXLIBS_CDB +#export AUXLIBS_SDBM +# Remove berkeley DB and set lmdb as default +export CCARGS="${CCARGS} -DNO_DB -DDEF_DB_TYPE=\\\"lmdb\\\"" + +export PIE=-pie +# using SHLIB_RPATH to specify unrelated linker flags, because LDFLAGS is +# ignored +%make_build makefiles pie=yes shared=yes dynamicmaps=yes \ + daemon_directory=%{pf_daemon_directory} \ + shlib_directory=%{_prefix}/lib/%{name} \ + meta_directory=%{_prefix}/lib/%{name} \ + config_directory=%{pf_config_directory} \ + command_directory=%{pf_command_directory} \ + queue_directory=/%{pf_queue_directory} \ + sendmail_path=%{pf_sendmail_path} \ + newaliases_path=%{pf_newaliases_path} \ + mailq_path=%{pf_mailq_path} \ + manpage_directory=%{_mandir} \ + setgid_group=%{pf_setgid_group} \ + readme_directory=%{pf_readme_directory} \ + data_directory=%{pf_data_directory} \ + SHLIB_RPATH="-Wl,-rpath,%{pf_shlib_directory} -Wl,-z,relro,-z,now" +%make_build +# Create postfix user +%sysusers_generate_pre %{SOURCE12} postfix postfix-user.conf +%sysusers_generate_pre %{SOURCE13} vmail postfix-vmail-user.conf +# --------------------------------------------------------------------------- + +%install +mkdir -p %{buildroot}/%{_libdir} +mkdir -p %{buildroot}%{_sysconfdir}/%{name} +# create our default postfix ssl DIR (/etc/postfix/ssl) +mkdir -p %{buildroot}%{_sysconfdir}/%{name}/ssl/certs +# link cacerts to /etc/ssl/certs +ln -s ../../ssl/certs %{buildroot}%{_sysconfdir}/%{name}/ssl/cacerts +cp lib/lib%{name}-* %{buildroot}/%{_libdir} +export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:%{buildroot}/%{_libdir} +sh postfix-install -non-interactive \ + install_root=%{buildroot} \ + config_directory=%{pf_config_directory} \ + daemon_directory=%{pf_daemon_directory} \ + command_directory=%{pf_command_directory} \ + queue_directory=/%{pf_queue_directory} \ + sendmail_path=%{pf_sendmail_path} \ + newaliases_path=%{pf_newaliases_path} \ + mailq_path=%{pf_mailq_path} \ + manpage_directory=%{_mandir} \ + setgid_group=%{pf_setgid_group} \ + readme_directory=%{pf_readme_directory} \ + data_directory=%{pf_data_directory} +ln -s ../sbin/sendmail %{buildroot}%{_libexecdir}/sendmail +for i in qmqp-source smtp-sink smtp-source; do + install -pm 0755 bin/$i %{buildroot}%{_sbindir}/$i +done +mkdir -p %{buildroot}/sbin/conf.d +mkdir -p %{buildroot}%{_sysconfdir}/permissions.d +mkdir -p %{buildroot}/%{_libdir}/sasl2 +mkdir -p %{buildroot}%{_sbindir} +mkdir -p %{buildroot}/%{conf_backup_dir} +mkdir -p %{buildroot}/%{pf_sample_directory} +mkdir -p %{buildroot}/%{pf_html_directory} +mkdir -p %{buildroot}%{_includedir}/%{name} +mkdir -p %{buildroot}%{_sysconfdir}/pam.d +mkdir -p %{buildroot}/var/spool/mail +ln -s spool/mail %{buildroot}/var/mail +install -pm 0644 %{name}-SUSE/smtp %{buildroot}%{_sysconfdir}/pam.d/smtp +mkdir -p %{buildroot}%{_fillupdir} +sed -e 's;@lib@;%{_lib};g' %{name}-SUSE/sysconfig.%{name} > %{buildroot}%{_fillupdir}/sysconfig.%{name} +install -pm 0644 %{name}-SUSE/sysconfig.mail-%{name} %{buildroot}%{_fillupdir}/sysconfig.mail-%{name} +sed -e 's;@lib@;%{_lib};g' \ + -e 's;@conf_backup_dir@;%{conf_backup_dir};' \ + -e 's;@daemon_directory@;%{pf_daemon_directory};' \ + -e 's;@readme_directory@;%{pf_readme_directory};' \ + -e 's;@html_directory@;%{pf_html_directory};' \ + -e 's;@sendmail_path@;%{pf_sendmail_path};' \ + -e 's;@setgid_group@;%{pf_setgid_group};' \ + -e 's;@manpage_directory@;%{_mandir};' \ + -e 's;@newaliases_path@;%{pf_newaliases_path};' \ + -e 's;@sample_directory@;%{pf_sample_directory};' \ + -e 's;@mailq_path@;%{pf_mailq_path};' %{name}-SUSE/config.%{name} > %{buildroot}%{_sbindir}/config.%{name} +chmod 0755 %{buildroot}%{_sbindir}/config.%{name} +install -pm 0644 %{name}-SUSE/ldap_aliases.cf %{buildroot}%{_sysconfdir}/%{name}/ldap_aliases.cf +install -pm 0644 %{name}-SUSE/helo_access %{buildroot}%{_sysconfdir}/%{name}/helo_access +install -pm 0644 %{name}-SUSE/permissions %{buildroot}%{_sysconfdir}/permissions.d/%{name} +install -pm 0644 %{name}-SUSE/sender_canonical %{buildroot}%{_sysconfdir}/%{name}/sender_canonical +install -pm 0644 %{name}-SUSE/relay %{buildroot}%{_sysconfdir}/%{name}/relay +install -pm 0644 %{name}-SUSE/relay_ccerts %{buildroot}%{_sysconfdir}/%{name}/relay_ccerts +install -pm 0644 %{name}-SUSE/relay_recipients %{buildroot}%{_sysconfdir}/%{name}/relay_recipients +install -pm 0600 %{name}-SUSE/sasl_passwd %{buildroot}%{_sysconfdir}/%{name}/sasl_passwd +mkdir -p %{buildroot}%{_sysconfdir}/sasl2 +install -pm 0600 %{name}-SUSE/smtpd.conf %{buildroot}%{_sysconfdir}/sasl2/smtpd.conf +install -pm 0644 %{name}-SUSE/openssl_%{name}.conf.in %{buildroot}%{_sysconfdir}/%{name}/openssl_%{name}.conf.in +install -pm 0755 %{name}-SUSE/mk%{name}cert %{buildroot}%{_sbindir}/mk%{name}cert +{ +cat< %{buildroot}%{_sysconfdir}/%{name}/main.cf +%{buildroot}%{_sbindir}/postconf -c %{buildroot}%{_sysconfdir}/%{name} \ + -e "manpage_directory = %{_mandir}" \ + "setgid_group = %{pf_setgid_group}" \ + "mailq_path = %{pf_mailq_path}" \ + "newaliases_path = %{pf_newaliases_path}" \ + "sendmail_path = %{pf_sendmail_path}" \ + "readme_directory = %{pf_readme_directory}" \ + "html_directory = %{pf_html_directory}" \ + "sample_directory = %{pf_sample_directory}" \ + "daemon_directory = %{pf_daemon_directory}" \ + "smtpd_helo_required = yes" \ + "smtpd_delay_reject = yes" \ + "disable_vrfy_command = yes" \ + 'smtpd_banner = $myhostname ESMTP' +#Set Permissions +sed -i -e 's/\(.*ldap.*\)/#\1/g' \ + -e 's/\(.*mysql.*\)/#\1/g' \ + -e 's/\(.*pgsql.*\)/#\1/g' \ + -e 's/\(.*LICENSE.*\)/#\1/g' \ + -e '/html_directory/d' \ + -e '/manpage_directory/d' \ + -e '/readme_directory/d' \ + %{buildroot}%{pf_shlib_directory}/postfix-files +mkdir -p %{buildroot}%{pf_shlib_directory}/postfix-files.d +# postfix-mysql +install -pm 0644 %{name}-mysql/main.cf-mysql %{buildroot}%{_sysconfdir}/%{name}/main.cf-mysql +install -pm 0640 %{name}-mysql/*_maps.cf %{buildroot}%{_sysconfdir}/%{name}/ +# create paranoid permissions file +printf '%%-38s %%-18s %%s\n' %{_sbindir}/postdrop "root.%{pf_setgid_group}" "0755" >> %{buildroot}%{_sysconfdir}/permissions.d/%{name}.paranoid +printf '%%-38s %%-18s %%s\n' %{_sbindir}/postqueue "root.%{pf_setgid_group}" "0755" >> %{buildroot}%{_sysconfdir}/permissions.d/%{name}.paranoid +install -pm 0644 include/*.h %{buildroot}%{_includedir}/%{name}/ +# some rpmlint stuff +# remove unneeded examples/chroot-setup +for example in AIX42 BSDI* F* HPUX* IRIX* NETBSD1 NEXTSTEP3 OPENSTEP4 OSF1 Solaris*; do + rm examples/chroot-setup/${example} +done +cp -a examples/* %{buildroot}%{pf_sample_directory} +cp -a html/* %{buildroot}%{pf_html_directory} +cp -a auxiliary %{buildroot}%{pf_docdir} +rm %{buildroot}%{pf_docdir}/README_FILES/INSTALL +rm -r %{buildroot}%{pf_docdir}/auxiliary/qshape +install -p auxiliary/qshape/qshape.pl %{buildroot}%{_sbindir}/qshape +mantools/srctoman - auxiliary/qshape/qshape.pl > %{buildroot}%{_mandir}/man1/qshape.1 +# Fix build for Leap 42.3. +rm -f %{buildroot}%{_sysconfdir}/%{name}/*.orig +mkdir -p %{buildroot}%{_unitdir}/mail-transfer-agent.target.wants/ +mkdir -p %{buildroot}%{pf_shlib_directory}/systemd +install -pm 0644 %{name}-SUSE/%{name}.service %{buildroot}%{_unitdir}/%{name}.service +install -pm 0755 %{name}-SUSE/config_%{name}.systemd %{buildroot}%{pf_shlib_directory}/systemd/config_%{name} +install -pm 0755 %{name}-SUSE/update_chroot.systemd %{buildroot}%{pf_shlib_directory}/systemd/update_chroot +install -pm 0755 %{name}-SUSE/update_postmaps.systemd %{buildroot}%{pf_shlib_directory}/systemd/update_postmaps +install -pm 0755 %{name}-SUSE/wait_qmgr.systemd %{buildroot}%{pf_shlib_directory}/systemd/wait_qmgr +install -pm 0755 %{name}-SUSE/cond_slp.systemd %{buildroot}%{pf_shlib_directory}/systemd/cond_slp +%if 0%{?suse_version} < 1599 +ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} +%endif +ln -sv %{_unitdir}/%{name}.service %{buildroot}%{_unitdir}/mail-transfer-agent.target.wants/%{name}.service +%fdupes %{buildroot}%{pf_docdir} +%fdupes %{buildroot}%{_mandir} +for path in %{buildroot}%{pf_shlib_directory}/lib%{name}-*.so +do + test -e "$path" || continue + name=${path##*/} + cmp "$path" %{buildroot}%{_libdir}/$name || continue + rm -vf $path + ln -sf %{_libdir}/$name $path +done + +# create dynamicmaps.cf.d entries for optional modules +sed -n -e '/^#/p' -e '/mysql/p' %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf > %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-mysql.cf +sed -i -e '/mysql/d' %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf +sed -n -e '/^#/p' -e '/pgsql/p' %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf > %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-pgsql.cf +sed -i -e '/pgsql/d' %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf +%if %{with ldap} +sed -n -e '/^#/p' -e "/ldap/p" %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf > %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-ldap.cf +sed -i -e '/ldap/d' %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf +%endif + +install -m 755 %{SOURCE11} %{buildroot}%{_sbindir}/ +mkdir -p %{buildroot}%{_sysusersdir} +install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/ +install -m 644 %{SOURCE13} %{buildroot}%{_sysusersdir}/ + +# --------------------------------------------------------------------------- + +%pre -f postfix.pre +# If existing default database type is hash, we need to convert the +# databases because hash (and btree) is no longer supported after +# the upgrade +if [ -x %{_sbindir}/postconf ]; then + DEF_DB_TYPE=$(postconf default_database_type) + case $DEF_DB_TYPE in *hash) + touch %{pf_database_convert} + esac +fi +%service_add_pre %{name}.service + +%preun +%service_del_preun %{name}.service + +%post +# We never have to run suseconfig for postfix after installation +# We only start postfix own upgrade-configuration by update +# +# If the default database type of the previous installation was +# hash, we also need to rebuild the databases in the new lmdb +# format +if [ ${1:-0} -gt 1 ]; then + touch %{_localstatedir}/adm/%{name}.configured + echo "Executing upgrade-configuration." + %{_sbindir}/%{name} set-permissions upgrade-configuration setgid_group=%{pf_setgid_group} || : + if [ "$(%{_sbindir}/postconf -h daemon_directory)" != "%{pf_daemon_directory}" ]; then + %{_sbindir}/postconf daemon_directory=%{pf_daemon_directory} + fi + if [ -e %{pf_database_convert} ]; then + sed -i -E "s/(btree|hash):/lmdb:/g" %{pf_config_directory}/{main.cf,master.cf} + for i in $(find %{pf_config_directory} -name "*.db"); do + postmap ${i%.db} + done + for i in $(find %{_sysconfdir}/aliases.d/ -name "*.db"); do + postalias ${i%.db} + done + if [ -e %{_sysconfdir}/aliases.db ]; then + postalias %{_sysconfdir}/aliases + fi + rm %{pf_database_convert} + fi +fi +%set_permissions %{_sbindir}/postdrop +%set_permissions %{_sbindir}/postlog +%set_permissions %{_sbindir}/postqueue +%set_permissions %{_sysconfdir}/%{name}/sasl_passwd +%set_permissions %{_sbindir}/sendmail +%{fillup_only postfix} +%{fillup_only -an mail} +%service_add_post %{name}.service + +%postun +%service_del_postun %{name}.service + +%verifyscript +%verify_permissions -e %{_sbindir}/postdrop +%verify_permissions -e %{_sbindir}/postlog +%verify_permissions -e %{_sbindir}/postqueue +%verify_permissions -e %{_sysconfdir}/%{name}/sasl_passwd +%verify_permissions -e %{_sbindir}/sendmail + +# --------------------------------------------------------------------------- + +%pre mysql -f vmail.pre +%post mysql -p /sbin/ldconfig +%postun mysql -p /sbin/ldconfig +%post postgresql -p /sbin/ldconfig +%postun postgresql -p /sbin/ldconfig + +%if %{with ldap} +%post ldap -p /sbin/ldconfig +%postun ldap -p /sbin/ldconfig +%endif + +%files +%license LICENSE TLS_LICENSE +%doc RELEASE_NOTES +%config %{_sysconfdir}/pam.d/* +%{_fillupdir}/sysconfig.%{name} +%{_fillupdir}/sysconfig.mail-%{name} +%{_sbindir}/config.%{name} +%dir %{_sysconfdir}/%{name} +%config %{_sysconfdir}/%{name}/main.cf.default +%config(noreplace) %{_sysconfdir}/%{name}/[^mysql]*[^mysql] +%config(noreplace) %{_sysconfdir}/%{name}/access +%config(noreplace) %{_sysconfdir}/%{name}/aliases +%config(noreplace) %{_sysconfdir}/%{name}/canonical +%config(noreplace) %{_sysconfdir}/%{name}/header_checks +%config(noreplace) %{_sysconfdir}/%{name}/helo_access +%config(noreplace) %{_sysconfdir}/%{name}/main.cf +%config(noreplace) %{_sysconfdir}/%{name}/master.cf +%config(noreplace) %{_sysconfdir}/%{name}/relay +%config(noreplace) %{_sysconfdir}/%{name}/relay_ccerts +%config(noreplace) %{_sysconfdir}/%{name}/relay_recipients +%config(noreplace) %{_sysconfdir}/%{name}/sasl_passwd +%config(noreplace) %{_sysconfdir}/%{name}/sender_canonical +%config(noreplace) %{_sysconfdir}/%{name}/virtual +%ghost %{_sysconfdir}/%{name}/*.lmdb +%ghost %{_sysconfdir}/aliases.lmdb +%dir %{_sysconfdir}/sasl2 +%config(noreplace) %{_sysconfdir}/sasl2/smtpd.conf +%exclude %{_sysconfdir}/%{name}/LICENSE +%exclude %{_sysconfdir}/%{name}/TLS_LICENSE +%config %{_sysconfdir}/permissions.d/%{name} +%config %{_sysconfdir}/permissions.d/%{name}.paranoid +%{pf_shlib_directory}/%{name}-files +# create our default postfix ssl DIR (/etc/postfix/ssl) +%dir %{_sysconfdir}/%{name}/ssl +%dir %{_sysconfdir}/%{name}/ssl/certs +%{_sysconfdir}/%{name}/ssl/cacerts +%dir %{pf_shlib_directory}/systemd +%attr(0755,root,root) %{pf_shlib_directory}/systemd/* +%{_unitdir}/%{name}.service +%{_unitdir}/mail-transfer-agent.target.wants +%verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postdrop +%verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postlog +%verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postqueue +%{_bindir}/mailq +%{_bindir}/newaliases +%attr(0755,root,root) %{_sbindir}/sendmail +%attr(0755,root,root) %{_sbindir}/postalias +%attr(0755,root,root) %{_sbindir}/postcat +%attr(0755,root,root) %{_sbindir}/postconf +%attr(0755,root,root) %{_sbindir}/%{name} +%attr(0755,root,root) %{_sbindir}/postkick +%attr(0755,root,root) %{_sbindir}/postlock +%attr(0755,root,root) %{_sbindir}/postmap +%attr(0755,root,root) %{_sbindir}/postmulti +%attr(0755,root,root) %{_sbindir}/postsuper +%attr(0755,root,root) %{_sbindir}/qshape +%attr(0755,root,root) %{_sbindir}/qmqp-source +%attr(0755,root,root) %{_sbindir}/smtp-sink +%attr(0755,root,root) %{_sbindir}/smtp-source +%attr(0755,root,root) %{_sbindir}/mk%{name}cert +%attr(0755,root,root) %{_sbindir}/check_mail_queue +%attr(0755,root,root) %{_sbindir}/config.%{name} +%if 0%{?suse_version} < 1599 +%{_sbindir}/rc%{name} +%endif +%{_libdir}/lib* +%{_libexecdir}/sendmail +%dir %{pf_shlib_directory} +%{pf_shlib_directory}/%{name}-pcre.so +%{pf_shlib_directory}/%{name}-lmdb.so +%{pf_shlib_directory}/lib%{name}-dns.so +%{pf_shlib_directory}/lib%{name}-global.so +%{pf_shlib_directory}/lib%{name}-master.so +%{pf_shlib_directory}/lib%{name}-tls.so +%{pf_shlib_directory}/lib%{name}-util.so +%{pf_shlib_directory}/dynamicmaps.cf +%{pf_shlib_directory}/main.cf.proto +%{pf_shlib_directory}/makedefs.out +%{pf_shlib_directory}/master.cf.proto +%dir %{pf_daemon_directory} +%{pf_daemon_directory}/* +%dir %{pf_shlib_directory}/dynamicmaps.cf.d +%dir %{pf_shlib_directory}/postfix-files.d + +%{conf_backup_dir} +%dir %attr(0700,%{name},root) %{pf_data_directory} +%exclude %{_mandir}/man5/ldap_table.5* +%exclude %{_mandir}/man5/mysql_table.5* +%exclude %{_mandir}/man5/pgsql_table.5* +%{_mandir}/man?/*%{?ext_man} +%dir %attr(0755,root,root) /%{pf_queue_directory} +%dir %attr(0755,root,root) /%{pf_queue_directory}/pid +%dir %attr(0700,%{name},root) /%{pf_queue_directory}/active +%dir %attr(0700,%{name},root) /%{pf_queue_directory}/bounce +%dir %attr(0700,%{name},root) /%{pf_queue_directory}/corrupt +%dir %attr(0700,%{name},root) /%{pf_queue_directory}/defer +%dir %attr(0700,%{name},root) /%{pf_queue_directory}/deferred +%dir %attr(0700,%{name},root) /%{pf_queue_directory}/flush +%dir %attr(0700,%{name},root) /%{pf_queue_directory}/hold +%dir %attr(0700,%{name},root) /%{pf_queue_directory}/incoming +%dir %attr(0700,%{name},root) /%{pf_queue_directory}/private +%dir %attr(0700,%{name},root) /%{pf_queue_directory}/saved +%dir %attr(0700,%{name},root) /%{pf_queue_directory}/trace +%dir %attr(0730,%{name},maildrop) /%{pf_queue_directory}/maildrop +%dir %attr(0710,%{name},maildrop) /%{pf_queue_directory}/public +%{_sysusersdir}/postfix-user.conf +%dir %attr(1777,root,root) /var/spool/mail +/var/mail + +%files devel +%{_includedir}/%{name}/ + +%files doc +%defattr(0644,root,root,0755) +%{pf_docdir}/ + +%files mysql +%doc %{name}-mysql/%{name}-mysql.sql +%config(noreplace) %attr(640, root, %{name}) %{_sysconfdir}/%{name}/*_maps.cf +%config(noreplace) %{_sysconfdir}/%{name}/main.cf-mysql +%{pf_shlib_directory}/%{name}-mysql.so +%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-mysql.cf +%{_mandir}/man5/mysql_table.5%{?ext_man} +%{_sysusersdir}/postfix-vmail-user.conf + +%files postgresql +%{pf_shlib_directory}/%{name}-pgsql.so +%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-pgsql.cf +%{_mandir}/man5/pgsql_table.5%{?ext_man} + +%if %{with ldap} +%files ldap +%config(noreplace) %{_sysconfdir}/%{name}/ldap_aliases.cf +%{pf_shlib_directory}/%{name}-ldap.so +%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-ldap.cf +%{_mandir}/man5/ldap_table.5%{?ext_man} +%endif + +%changelog diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..5be1a61 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +echo -n "Generating postfix-bdb " + +cp postfix.changes postfix-bdb.changes +VERSION=$(awk '/^Version/ {print $2; exit;} {next;};' < postfix.spec) +perl -pi -e "s/^Version:.*/Version: $VERSION/" postfix-bdb.spec +echo "Done." diff --git a/set-default-db-type.patch b/set-default-db-type.patch new file mode 100644 index 0000000..5392fc3 --- /dev/null +++ b/set-default-db-type.patch @@ -0,0 +1,187 @@ +Index: src/util/sys_defs.h +=================================================================== +--- src/util/sys_defs.h.orig ++++ src/util/sys_defs.h +@@ -53,7 +53,7 @@ + #define HAS_FSYNC + #define HAS_DB + #define HAS_SA_LEN +-#define NATIVE_DB_TYPE "hash" ++#define NATIVE_DB_TYPE "lmdb" + #if (defined(__NetBSD_Version__) && __NetBSD_Version__ >= 104250000) + #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/mail/aliases" /* sendmail 8.10 */ + #endif +@@ -234,7 +234,7 @@ + #define HAS_FSYNC + #define HAS_DB + #define HAS_SA_LEN +-#define NATIVE_DB_TYPE "hash" ++#define NATIVE_DB_TYPE "lmdb" + #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" + #define GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *) 0) + #define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin" +@@ -291,7 +291,7 @@ + #define HAS_FSYNC + /* might be set by makedef */ + #ifdef HAS_DB +-#define NATIVE_DB_TYPE "hash" ++#define NATIVE_DB_TYPE "lmdb" + #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" + #else + #define HAS_DBM +@@ -775,7 +775,7 @@ extern int initgroups(const char *, int) + #define DEF_MAILBOX_LOCK "fcntl, dotlock" /* RedHat >= 4.x */ + #define HAS_FSYNC + #define HAS_DB +-#define NATIVE_DB_TYPE "hash" ++#define NATIVE_DB_TYPE "lmdb" + #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" + #ifndef NO_NIS + #define HAS_NIS +@@ -851,7 +851,7 @@ extern int initgroups(const char *, int) + #define DEF_MAILBOX_LOCK "dotlock" /* verified RedHat 3.03 */ + #define HAS_FSYNC + #define HAS_DB +-#define NATIVE_DB_TYPE "hash" ++#define NATIVE_DB_TYPE "lmdb" + #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" + #ifndef NO_NIS + #define HAS_NIS +@@ -884,7 +884,7 @@ extern int initgroups(const char *, int) + #define DEF_MAILBOX_LOCK "fcntl, dotlock" /* RedHat >= 4.x */ + #define HAS_FSYNC + #define HAS_DB +-#define NATIVE_DB_TYPE "hash" ++#define NATIVE_DB_TYPE "lmdb" + #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" + #ifndef NO_NIS + #define HAS_NIS +@@ -1209,7 +1209,7 @@ extern int opterr; /* XXX use