From 8f38b6a1f2d6986cd747be6e08e3eab3e72b44ed874338dbf8a7ec5e0777c6fa Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 23 Jul 2009 14:00:50 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postfix?expand=0&rev=36 --- postfix-SuSE.tar.gz | 4 +- postfix.changes | 8 + postfix.spec | 1707 +------------------------------------------ 3 files changed, 18 insertions(+), 1701 deletions(-) diff --git a/postfix-SuSE.tar.gz b/postfix-SuSE.tar.gz index e862081..3260469 100644 --- a/postfix-SuSE.tar.gz +++ b/postfix-SuSE.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:30439a6e074035609fde981cd31dcc07f6f996d3c07be8eb88b5fc7fbce783f8 -size 17940 +oid sha256:5e9732abe32e8eebb4fb53a2e338cc31d2307f96af303f6f5d2b0993040684c2 +size 18111 diff --git a/postfix.changes b/postfix.changes index 1cb9951..293b89a 100644 --- a/postfix.changes +++ b/postfix.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Sun Mar 29 15:18:52 CEST 2009 - varkoly@suse.de + +- bnc#439287 - not all POSTFIX_ADD_* values are properly handled + by SuSEconfig.postfix +- bnc#483208 - Postfix configuration trashed after update +- bnc#488268 - SuSEconfig.postfix chroot setup misses /etc/ssl/certs + ------------------------------------------------------------------- Mon Jan 12 11:12:16 CET 2009 - varkoly@suse.de diff --git a/postfix.spec b/postfix.spec index 639c430..aa76a0d 100644 --- a/postfix.spec +++ b/postfix.spec @@ -25,14 +25,14 @@ BuildRequires: db-devel mysql-devel openldap2-devel pcre-devel postgresql-devel BuildRequires: pwdutils %define usetls 1 Url: http://www.postfix.org/ -License: IBM Public License +License: IBM Public License .. Group: Productivity/Networking/Email/Servers Provides: smtp_daemon Conflicts: sendmail exim AutoReqProv: on Summary: A fast, secure, and flexible mailer Version: 2.5.6 -Release: 3 +Release: 5 Source: postfix-%{version}.tar.bz2 Source1: postfix-SuSE.tar.gz Patch: dynamic_maps.patch @@ -44,7 +44,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build # %package mysql -License: IBM Public License +License: IBM Public License .. Summary: Postfix plugin to support MySQL maps AutoReqProv: on Group: Productivity/Networking/Email/Servers @@ -52,7 +52,7 @@ PreReq: %{name} = %{version} # %package postgresql -License: IBM Public License +License: IBM Public License .. Summary: Postfix plugin to support PostgreSQL maps AutoReqProv: on Group: Productivity/Networking/Email/Servers @@ -60,14 +60,14 @@ PreReq: %{name} = %{version} # %package devel -License: IBM Public License +License: IBM Public License .. Summary: Development headers for the postfix package AutoReqProv: on Group: Productivity/Networking/Email/Servers PreReq: %{name} = %{version} %package doc -License: IBM Public License +License: IBM Public License .. Summary: Documentations for the postfix package AutoReqProv: on Group: Productivity/Networking/Email/Servers @@ -297,112 +297,13 @@ fi %stop_on_removal postfix %post -# Remember whether we had an older version of postfix installed before -# doing the fillup -PFOLD= -# Update from SuSE Linux > 7.3 -test -e etc/sysconfig/postfix && \ - { grep POSTFIX_UPDATE_CHROOT_JAIL \ - etc/sysconfig/postfix >/dev/null || PFOLD=yes; } %{fillup_and_insserv -y postfix} -if [ -f etc/sysconfig/mail ]; then - . etc/sysconfig/mail - if [ -n "$NULLCLIENT" ]; then - RCTMP=etc/sysconfig/postfix.$$ - sed "s/^POSTFIX_NULLCLIENT.*/POSTFIX_NULLCLIENT=\"$NULLCLIENT\"/" \ - etc/sysconfig/postfix > $RCTMP - mv $RCTMP etc/sysconfig/postfix - fi -fi -# -%{remove_and_set POSTFIX_MAILDROP_MODE} -%{remove_and_set -n mail NULLCLIENT} -%{fillup_only -an mail} -# postfix config is now in /etc/sysconfig/postfix... -# ------------------------------------------------------------------ -if [ -n "$PFOLD" ]; then - # We have to set POSTFIX_UPDATE_CHROOT_JAIL according to MAIL_CREATE_CONFIG - RCTMP=etc/sysconfig/postfix.$$ - . etc/sysconfig/postfix - . etc/sysconfig/mail - if [ "`echo $POSTFIX_CHROOT | tr 'A-Z' 'a-z' `" == "yes" -o \ - "`echo $MAIL_CREATE_CONFIG | tr 'A-Z' 'a-z' `" == "yes" ]; then - echo "Setting POSTFIX_UPDATE_CHROOT_JAIL to yes" - rm -f $RCTMP - sed 's/^POSTFIX_UPDATE_CHROOT_JAIL.*/POSTFIX_UPDATE_CHROOT_JAIL="yes"/' \ - etc/sysconfig/postfix > $RCTMP - mv $RCTMP etc/sysconfig/postfix - fi - if [ "`echo $MAIL_CREATE_CONFIG | tr 'A-Z' 'a-z' `" == "yes" ]; then - echo "Setting SMTPD_LISTEN_REMOTE to yes" - rm -f $RCTMP - sed 's/^SMTPD_LISTEN_REMOTE.*/SMTPD_LISTEN_REMOTE="yes"/' \ - etc/sysconfig/postfix > $RCTMP - mv $RCTMP etc/sysconfig/postfix - fi -fi -# ------------------------------------------------------------------ -# ------------------------------------------------------------------ -# updating main.cf -MAINCF=etc/postfix/main.cf -MASTERCF=etc/postfix/master.cf -TMPMAIN=etc/postfix/main.cf.tmp.$$ -TMPMASTER=etc/postfix/master.cf.tmp.$$ -BAKSUFFIX=$(date +%Y-%m-%d) -MD5DIR=var/adm/SuSEconfig/md5 -if [ ${1:-0} -gt 1 ]; then - echo "Updating postfix configuration files" -else - test -e $MD5DIR/$MAINCF && rm -f $MD5DIR/$MAINCF - test -e $MD5DIR/$MASTERCF && rm -f $MD5DIR/$MASTERCF - test -e $MAINCF && rm -f $MAINCF.SuSEconfig - test -e $MASTERCF && rm -f $MASTERCF.SuSEconfig -fi -mkdir -p $MD5DIR/etc/postfix -cp --remove-destination $MAINCF $TMPMAIN -cp --remove-destination $MASTERCF $TMPMASTER -if [ -f $MD5DIR/$MAINCF ]; then - OLDMD5MAINCF=$(cat $MD5DIR/$MAINCF) -fi -if [ -f $MD5DIR/$MASTERCF ]; then - OLDMD5MASTERCF=$(cat $MD5DIR/$MASTERCF) -fi -#This is a new feature in 2.3.2 -grep -ql "^scache" $MASTERCF || \ - perl -pi -e 's/(^anvil.*anvil)/$1\nscache unix - - n - 1 scache/' $MASTERCF -NEWMD5MAINCF=$(cat $MAINCF | grep -v "^#" | md5sum) -NEWMD5MASTERCF=$(cat $MASTERCF | grep -v "^#" | md5sum) -if [ -n "$OLDMD5MAINCF" ]; then - if [ "$NEWMD5MAINCF" != "$OLDMD5MAINCF" ]; then - echo "post-install modified $MAINCF, updating MD5SUM" - rm -f $MD5DIR/$MAINCF - echo "$NEWMD5MAINCF" > $MD5DIR/$MAINCF - echo "backing up $MAINCF to $MAINCF.$BAKSUFFIX" - echo "!!! Please clean up the backup files in your /etc/postfix/ !!!" - cp --remove-destination $TMPMAIN $MAINCF.$BAKSUFFIX - fi -else - echo "$NEWMD5MAINCF" > $MD5DIR/$MAINCF -fi -if [ -n "$OLDMD5MASTERCF" ]; then - if [ "$NEWMD5MASTERCF" != "$OLDMD5MASTERCF" ]; then - echo "post-install modified $MASTERCF, updating MD5SUM" - rm -f $MD5DIR/$MASTERCF - echo "$NEWMD5MASTERCF" > $MD5DIR/$MASTERCF - echo "backing up $MASTERCF to $MASTERCF.$BAKSUFFIX" - cp --remove-destination $TMPMASTER $MASTERCF.$BAKSUFFIX - fi -else - echo "$NEWMD5MASTERCF" > $MD5DIR/$MASTERCF -fi -%run_suseconfig -m postfix +# We never have to run suseconfig for postfix after installation +# We only start postfix own upgrade-configuration by update if [ ${1:-0} -gt 1 ]; then echo "executing upgrade-configuration" /usr/sbin/postfix set-permissions upgrade-configuration setgid_group=%{pf_setgid_group} fi -rm -f $TMPMAIN $TMPMASTER -cat $MAINCF | grep -v "^#" | md5sum > $MD5DIR/$MAINCF -cat $MASTERCF | grep -v "^#" | md5sum > $MD5DIR/$MASTERCF %postun %restart_on_update postfix @@ -587,1595 +488,3 @@ Authors: Wietse Venema %changelog -* Mon Jan 12 2009 varkoly@suse.de -- bnc#465165 - postfix src package -* Fri Jan 09 2009 varkoly@suse.de -- bnc#464869 - SuSEconfig.postfix causes DNS lookup -- bnc#460442 - amavisd-new and Postfix need fqdn-hostname in "uname -n" -* Mon Jan 05 2009 varkoly@suse.de -- update to 2.5.6 - - The SMTP server did not ask for a client certificate - with "smtpd_tls_req_ccert = yes". Reported by Rob Foehl. - - Avoid reduced TCP performance when reusing an SMTP connection - with a larger than 4096-byte TCP MSS value. In practice, this - could happen only with loopback (localhost) connections. -* Sun Nov 16 2008 varkoly@suse.de -- (bnc#442456) - chrooted postfix and saslauthd -* Tue Nov 04 2008 ro@suse.de -- fix build -* Tue Nov 04 2008 varkoly@suse.de -- upgrade must not be executed during installation -* Tue Oct 14 2008 varkoly@suse.de -- (bnc#403976) - permissions on /var/lib/postfix changed -- (bnc#433916) - postfix should be splitted into postfix and postfix-doc -* Thu Sep 11 2008 varkoly@suse.de -- (bnc#415216) - Postfix RPM Install Displays Multiple Warnings -- clean up spec file -* Tue Sep 09 2008 varkoly@suse.de -- Update to Version 2.5 patchlevel 5 - * Bugfix (introduced Postfix 2.4): epoll file descriptor leak. - With Postfix >= 2.4 on Linux >= 2.6, Postfix has an epoll - file descriptor leak when it executes non-Postfix commands - in, for example, user-controlled $HOME/.forward files. - * Security: some systems have changed their link() semantics, - and will hardlink a symlink, contrary to POSIX and XPG4. - Sebastian Krahmer, SuSE. File: util/safe_open.c. - The solution introduces the following incompatible change: - when the target of mail delivery is a symlink, the parent - directory of that symlink must now be writable by root only - (in addition to the already existing requirement that the - symlink itself is owned by root). This change will break - legitimate configurations that deliver mail to a symbolic - link in a directory with less restrictive permissions. - * Bugfix: dangling pointer in vstring_sprintf_prepend(). - File: util/vstring.c. -* Mon Aug 25 2008 mt@suse.de -- init script: copy LSB *-Start tags to *-Stop -- spec file: removed obsolete rc.config update hooks -* Wed Aug 06 2008 varkoly@suse.de -- (bnc#414959) postfix doesn't have any "Name: " tag in firewall definition -- (bnc#405900) SuSEconfig.postfix changes owner and permissions of - /tmp if smtpd_tls_CApath is not set -- Update to Version 2.5 patchlevel 3 - * Cleanup of code - * defer delivery when a mailbox file is not owned by the recipient. - Requested by Sebastian Krahmer, SuSE. - Specify "strict_mailbox_ownership=no" to ignore ownership discrepancies. - * Bugfix: null-terminate CN comment string after sanitization. - * Bugfix (introduced Postfix 2.0): after "warn_if_reject - reject_unlisted_recipient/sender", the SMTP server mistakenly - remembered that recipient/sender validation was already done. -* Wed Jul 09 2008 varkoly@suse.de -- (fate#305005) Enable SMTPS in postfix ootb -* Tue Jun 17 2008 varkoly@suse.de -- (bnc#396985) sending of NUL character disallowed by RFC2822 -- (bnc#397127) without relay is silent about undeliverable mails -* Tue May 13 2008 varkoly@suse.de -- (bnc#389670) - postfix generates invalid config -* Tue Apr 01 2008 mkoenig@suse.de -- remove dir /usr/share/omc/svcinfo.d as it is provided now - by filesystem -* Tue Feb 26 2008 varkoly@suse.de -- Update to Version 2.5 patchlevel 1 - Changes: The Postfix 2.5 "postfix upgrade-configuration" command - now works even with Postfix 2.4 or earlier versions of the - postfix command. When installing Postfix 2.5.0 without upgrading - from an existing master.cf file, the new master.cf file had an - incorrect process limit for the proxywrite service. This service - is used only by the obscure "smtp_sasl_auth_cache_name" and - "lmtp_sasl_auth_cache_name" configuration parameters. Someone - needed multi-line support for header/body Milter replies. The - LDAP client's TLS support was broken in several ways. -* Wed Feb 13 2008 varkoly@suse.de -- #360572 - postfix %%post script leaves lots of backup files in /etc/postfix/ -* Wed Jan 30 2008 varkoly@suse.de -- Update to Version 2.5 patchlevel 0 - Major changes - critical - ------------------------ - [Incompat 20071224] The protocol to send Milter information from - smtpd(8) to cleanup(8) processes was cleaned up. If you use the - Milter feature, and upgrade a live Postfix system, you may see an - "unexpected record type" warning from a cleanup(8) server process. - To prevent this, execute the command "postfix reload". The - incompatibility affects only systems that use the Milter feature. - It does not cause loss of mail, just a minor delay until the remote - SMTP client retries. - [Incompat 20071212] The allow_min_user feature now applies to both - sender and recipient addresses in SMTP commands. With earlier Postfix - versions, only recipients were subject to the allow_min_user feature, - and the restriction took effect at mail delivery time, causing mail - to be bounced later instead of being rejected immediately. - [Incompat 20071206] The "make install" and "make upgrade" procedures - now create a Postfix-owned directory for Postfix-writable data files - such as caches and random numbers. The location is specified with - the "data_directory" parameter (default: "/var/lib/postfix"), and - the ownership is specified with the "mail_owner" parameter. - [Incompat 20071206] The tlsmgr(8) and verify(8) servers no longer - use root privileges when opening the address_verify_map, - *_tls_session_cache_database, and tls_random_exchange_name cache - files. This avoids a potential security loophole where the ownership - of a file (or directory) does not match the trust level of the - content of that file (or directory). - [Incompat 20071206] The tlsmgr(8) and verify(8) cache files should - now be stored as Postfix-owned files under the Postfix-owned - data_directory. As a migration aid, attempts to open these files - under a non-Postfix directory are redirected to the Postfix-owned - data_directory, and a warning is logged. - This is an example of the warning messages: - Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: request - to update file /etc/postfix/prng_exch in non-postfix directory - /etc/postfix - Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: redirecting - the request to postfix-owned data_directory /var/lib/postfix - If you wish to continue using a pre-existing tls_random_exchange_name - or address_verify_map file, move it to the Postfix-owned data_directory - and change ownership from root to Postfix (that is, change ownership - to the account specified with the mail_owner configuration parameter). - [Feature 20071205] The "make install" and "make upgrade" procedures - now create a Postfix-owned directory for Postfix-writable data files - such as caches and random numbers. The location is specified with - the "data_directory" parameter (default: "/var/lib/postfix"), and - the ownership is specified with the "mail_owner" parameter. - [Incompat 20071203] The "make upgrade" procedure adds a new service - "proxywrite" to the master.cf file, for read/write lookup table - access. If you copy your old configuration file over the updated - one, you may see warnings in the maillog file like this: - connect #xx to subsystem private/proxywrite: No such file or directory - To recover, run "postfix upgrade-configuration" again. - [Incompat 20070613] The pipe(8) delivery agent no longer allows - delivery with the same group ID as the main.cf postdrop group. - Major changes - malware defense - ------------------------------- - [Feature 20080107] New "pass" service type in master.cf. Written - years ago, this allows future front-end daemons to accept all - connections from the network, and to hand over connections from - well-behaved clients to Postfix. Since this feature uses file - descriptor passing, it imposes no overhead once a connection is - handed over to Postfix. See master(5) for a few details. - [Feature 20070911] Stress-adaptive behavior. When a "public" network - service runs into an "all processes are busy" condition, the master(8) - daemon logs a warning, restarts the service, and runs it with "-o - stress=yes" on the command line (under normal conditions it runs - the service with "-o stress=" on the command line). This can be - used to make main.cf parameter settings stress dependent, for - example: - /etc/postfix/main.cf: - smtpd_timeout = ${stress?10}${stress:300} - smtpd_hard_error_limit = ${stress?1}${stress:20} - Translation: under conditions of stress, use an smtpd_timeout value - of 10 seconds instead of 300, and use smtpd_hard_error_limit of 1 - instead of 20. The syntax is explained in the postconf(5) manpage. - The STRESS_README file gives examples of how to mitigate flooding - problems. - Major changes - tls support - --------------------------- - [Incompat 20080109] TLS logging output has changed to make it more - useful. Existing logfile parser regular expressions may need - adjustment. - - More log entries include the "hostnamename[ipaddress]" of the - remote SMTP peer. - - Certificate trust chain error reports show only the first - error certificate (closest to the trust chain root), and the - reporting is more human-readable for the most likely errors. - - After the completion of the TLS handshake, the session is logged - with TLS loglevel >= 1 as either "Untrusted", "Trusted" or - "Verified" (SMTP client only). - - "Untrusted" means that the certificate trust chain is invalid, - or that the root CA is not trusted. - - "Trusted" means that the certificate trust chain is valid, and - that the root CA is trusted. - - "Verified" means that the certificate meets the SMTP client's - matching criteria for the destination: - - In the case of a destination name match, "Verified" also - implies "Trusted". - - In the case of a fingerprint match, CA trust is not applicable. - - The logging of protocol states with TLS loglevel >= 2 no longer - reports bogus error conditions when OpenSSL asks Postfix to refill - (or flush) network I/O buffers. This loglevel is for debugging - only; use 0 or 1 in production configurations. - [Feature 20080109] The Postfix SMTP client has a new "fingerprint" - security level. This avoids dependencies on CAs, and relies entirely - on bi-lateral exchange of public keys (really self-signed or private - CA signed X.509 public key certificates). Scalability is clearly - limited. For details, see the fingerprint discussion in TLS_README. - [Feature 20080109] The Postfix SMTP server can now use SHA1 instead - of MD5 to compute remote SMTP client certificate fingerprints. For - backwards compatibility, the default algorithm is MD5. For details, - see the "smtpd_tls_fingerprint_digest" parameter in the postconf(5) - manual. - [Feature 20080109] The maximum certificate trust chain depth - (verifydepth) is finally implemented in the Postfix TLS library. - Previously, the parameter had no effect. The default depth was - changed to 9 (the OpenSSL default) for backwards compatibility. - If you have explicity limited the verification depth in main.cf, - check that the configured limit meets your needs. See the - "lmtp_tls_scert_verifydepth", "smtp_tls_scert_verifydepth" and - "smtpd_tls_ccert_verifydepth" parameters in the postconf(5) manual. - [Feature 20080109] The selection of SSL/TLS protocols for mandatory - TLS can now use exclusion rather than inclusion. Either form is - acceptable; see the "lmtp_tls_mandatory_protocols", - "smtp_tls_mandatory_protocols" and "smtpd_tls_mandatory_protocols" - parameters in the postconf(5) manual. - Major changes - scheduler - ------------------------- - [Feature 20071130] Revised queue manager with separate mechanisms - for per-destination concurrency control and for dead destination - detection. The concurrency control supports less-than-1 feedback - to allow for more gradual concurrency adjustments, and uses hysteresis - to avoid rapid oscillations. A destination is declared "dead" after - a configurable number of pseudo-cohorts(*) reports connection or - handshake failure. - (*) A pseudo-cohort is a number of delivery requests equal to a - destination's delivery concurrency. - The drawbacks of the old +/-1 feedback scheduler are a) overshoot - due to exponential delivery concurrency growth with each pseudo-cohort(*) - (5-10-20...); b) throttling down to zero concurrency after a single - pseudo-cohort(*) failure. The latter was especially an issue with - low-concurrency channels where a single failure could be sufficient - to mark a destination as "dead", and suspend further deliveries. - New configuration parameters: destination_concurrency_feedback_debug, - default_destination_concurrency_positive_feedback, - default_destination_concurrency_negative_feedback, - default_destination_concurrency_failed_cohort_limit, as well as - transport-specific versions of the same. - The default parameter settings are backwards compatible with older - Postfix versions. This may change after better defaults are field - tested. - The updated SCHEDULER_README document describes the theory behind - the new concurrency scheduler, as well as Patrik Rak's preemptive - job scheduler. See postconf(5) for more extensive descriptions of - the configuration parameters. - Major changes - small/home office - --------------------------------- - [Feature 20080115] Preliminary SOHO_README document that combines - bits and pieces from other document in one place, so that it is - easier to find. This document describes the "mail sending" side - only. - [Feature 20071202] Output rate control in the queue manager. For - example, specify "smtp_destination_rate_delay = 5m", to pause five - minutes between message deliveries. More information in the postconf(5) - manual under "default_destination_rate_delay". - Major changes - smtp client - --------------------------- - [Incompat 20080114] The Postfix SMTP client now by default defers - mail after a remote SMTP server rejects a SASL authentication - attempt. Specify "smtp_sasl_auth_soft_bounce = no" for the old - behavior. - [Feature 20080114] The Postfix SMTP client can now avoid making - repeated SASL login failures with the same server, username and - password. To enable this safety feature, specify for example - "smtp_sasl_auth_cache_name = proxy:btree:/var/lib/postfix/sasl_auth_cache" - (access through the proxy service is required). Instead of trying - to SASL authenticate, the Postfix SMTP client defers or bounces - mail as controlled with the new smtp_sasl_auth_soft_bounce configuration - parameter. - [Feature 20071111] Header/body checks are now available in the SMTP - client, after the implementation was moved from the cleanup server - to a library module. The SMTP client provides only actions that - don't change the message delivery time or destination: warn, replace, - prepend, ignore, dunno, ok. - [Incompat 20070614] By default, the Postfix Cyrus SASL client no - longer sends a SASL authoriZation ID (authzid); it sends only the - SASL authentiCation ID (authcid) plus the authcid's password. Specify - "send_cyrus_sasl_authzid = yes" to get the old behavior. - Major changes - smtp server - --------------------------- - [Feature 20070724] Not really major. New support for RFC 3848 - (Received: headers with ESMTPS, ESMTPA, or ESMTPSA); updated SASL - support according to RFC 4954, resulting in small changes to SMTP - reply codes and (DSN) enhanced status codes. - Major changes - milter - ---------------------- - [Incompat 20071224] The protocol to send Milter information from - smtpd(8) to cleanup(8) processes was cleaned up. If you use the - Milter feature, and upgrade a live Postfix system, you may see an - "unexpected record type" warning from a cleanup(8) server process. - To prevent this, execute the command "postfix reload". The - incompatibility affects only systems that use the Milter feature. - It does not cause loss of mail, just a minor delay until the remote - SMTP client retries. - [Feature 20071221] Support for most of the Sendmail 8.14 Milter - protocol features. - To enable the new features specify "milter_protocol = 6" and link - the filter application with a libmilter library from Sendmail 8.14 - or later. - Sendmail 8.14 Milter features supported at this time: - - NR_CONN, NR_HELO, NR_MAIL, NR_RCPT, NR_DATA, NR_UNKN, NR_HDR, - NR_EOH, NR_BODY: The filter can tell Postfix that it won't reply - to some of the SMTP events that Postfix sends. This makes the - protocol less chatty and improves performance. - - SKIP: The filter can tell Postfix to skip sending the rest of - the message body, which also improves performance. - - HDR_LEADSPC: The filter can request that Postfix does not delete - the first space character between header name and header value - when sending a header to the filter, and that Postfix does not - insert a space character between header name and header value - when receiving a header from the filter. This fixes a limitation - in the old Milter protocol that can break DKIM and DK signatures. - - SETSYMLIST: The filter can override one or more of the main.cf - milter_xxx_macros parameter settings. - Sendmail 8.14 Milter features not supported at this time: - - RCPT_REJ: report rejected recipients to the mail filter. - - CHGFROM: replace sender, with optional ESMTP command parameters. - - ADDRCPT_PAR: add recipient, with optional ESMTP command parameters. - It is unclear when (if ever) the missing features will be implemented. - SMFIP_RCPT_REJ requires invasive changes in the SMTP server recipient - processing and error handling. SMFIR_CHGFROM and SMFIR_ADDRCPT_PAR - require ESMTP command-line parsing in the cleanup server. Unfortunately, - Sendmail's documentation does not specify what ESMTP options are - supported, but only discusses examples of things that don't work. - Major changes - address verification - ------------------------------------ - [Incompat 20070514] The default sender address for address verification - probes was changed from "postmaster" to "double-bounce", so that - the Postfix SMTP server no longer causes surprising behavior by - excluding "postmaster" from SMTP server access controls. - Major changes - ldap - -------------------- - [Incompat 20071216] Due to an incompatible API change between - OpenLDAP 2.0.11 and 2.0.12, an LDAP client compiled for OpenLDAP - version <= 2.0.11 will refuse to work with an OpenLDAP library - version >= 2.0.12 and vice versa. - Major changes - logging - ----------------------- - [Incompat 20080109] TLS logging output has changed to make it more - useful. Existing logfile parser regular expressions may need - adjustment. - - More log entries include the "hostnamename[ipaddress]" of the - remote SMTP peer. - - Certificate trust chain error reports show only the first - error certificate (closest to the trust chain root), and the - reporting is more human-readable for the most likely errors. - - After the completion of the TLS handshake, the session is logged - with TLS loglevel >= 1 as either "Untrusted", "Trusted" or - "Verified" (SMTP client only). - - "Untrusted" means that the certificate trust chain is invalid, - or that the root CA is not trusted. - - "Trusted" means that the certificate trust chain is valid, and - that the root CA is trusted. - - "Verified" means that the certificate meets the SMTP client's - matching criteria for the destination: - - In the case of a destination name match, "Verified" also - implies "Trusted". - - In the case of a fingerprint match, CA trust is not applicable. - - The logging of protocol states with TLS loglevel >= 2 no longer - reports bogus error conditions when OpenSSL asks Postfix to refill - (or flush) network I/O buffers. This loglevel is for debugging - only; use 0 or 1 in production configurations. - [Incompat 20071216] The SMTP "transcript of session" email now - includes the remote SMTP server TCP port number. - Major changes - loop detection - ------------------------------ - [Incompat 20070422] [Incompat 20070422] When the pipe(8) delivery - agent is configured to create the optional Delivered-To: header, - it now first checks if that same header is already present in the - message. If so, the message is returned as undeliverable. This test - should have been included with Postfix 2.0 when Delivered-To: support - was added to the pipe(8) delivery agent. -* Tue Jan 08 2008 varkoly@suse.de -- Remove previous fix -* Sun Dec 30 2007 varkoly@suse.de -- #301335 - [SuSEconfig]: Postfix module uses stderr -* Tue Dec 04 2007 varkoly@suse.de -- Update to Version 2.4 patchlevel 6 - Bugfix (introduced Postfix 2.2.11): TLS client certificate - with unparsable canonical name caused the SMTP server's - policy client to allocate zero-length memory, triggering - an assertion that it shouldn't do such things. File: - smtpd/smtpd_check.c. - Bugfix (introduced Postfix 2.4) missing initialization of - event mask in the event_mask_drain() routine (used by the - obsolete postkick(1) command). Found by Coverity. File: - util/events.c. - Workaround: the flush daemon forces an access time update - for the per-destination logfile, to prevent an excessive - rate of delivery attempts when the queue file system is - mounted with "noatime". File: flush/flush.c. -- #330276 – /sbin/conf.d/SuSEconfig.postfix could copy certs into smtpd_tls_CApath -* Mon Oct 22 2007 sbrabec@suse.cz -- Use correct SuSEfirewall2 rule directory. -* Wed Oct 17 2007 varkoly@suse.de -- #333629 - saslauthd typo in SuSEconfig.postfix -* Mon Oct 08 2007 varkoly@suse.de -- #331044 - Postfix uses receive_override_options in main.cf -* Sun Sep 09 2007 varkoly@suse.de -- fix the last fix -* Mon Sep 03 2007 cthiel@suse.de -- fix the last fix -* Mon Sep 03 2007 varkoly@suse.de -- Fixing bug: #297622 - SMTPD_LISTEN_REMOTE has no effect -* Sun Aug 05 2007 mrueckert@suse.de -- Update to Version 2.4 patchlevel 5 - Bugfix: the loopback TCP performance workaround was ineffective - due to a wetware bit-flip during code cleanup. File: - util/vstream_tweak.c. - (patch level 4) - Bugfix: the Milter client assumed that a Milter application - does not modify the message header or envelope, after that - same Milter application has modified the message body of - that same email message. This is not a problem with updates - by different Milter applications. Problem was triggered - by Jose-Marcio Martins da Cruz. Also simplified the handling - of queue file update errors. File: milter/milter8.c. - Workaround: some non-Cyrus SASL SMTP servers require SASL - login without authzid (authoriZation ID), i.e. the client - must send only the authcid (authentiCation ID) + the authcid's - password. In this case the server is supposed to derive - the authzid from the authcid. This works as expected when - authenticating to a Cyrus SASL SMTP server. To get the old - behavior specify "send_cyrus_sasl_authzid = yes", in which - case Postfix sends the (authzid, authcid, password), with - the authzid equal to the authcid. File: xsasl/xsasl_cyrus_client.c. - Portability: /dev/poll support for Solaris chroot jail setup - scripts. Files: examples/chroot-setup/Solaris8, - examples/chroot-setup/Solaris10. - Cleanup: Milter client error handling, so that the (Postfix - SMTP server's Milter client) does not get out of sync with - Milter applications after the (cleanup server's Milter - client) encounters some non-recoverable problem. Files: - milter/milter8.c, smtpd/smtpd.c. - Performance: workaround for poor TCP performance on loopback - (127.0.0.1) connections. Problem reported by Mark Martinec. - Files: util/vstream_tweak.c, milter/milter8.c, smtp/smtp_connect.c, - smtpstone/*source.c. - Bugfix: when a milter replied with ACCEPT at or before the - first RCPT command, the cleanup server would apply the - non_smtpd_milters setting as if the message was a local - submission. Problem reported by Jukka Salmi. Also, the - cleanup server would get out of sync with the milter when - a milter replied with ACCEPT at the DATA command. Files: - cleanup/cleanup_envelope.c, smtpd/smtpd.c, milter/milters.c. -- rediffed patches -* Tue Jul 31 2007 varkoly@suse.de -- Update to Version 2.4 patchlevel 3 - (patch level 1) - Bugfix (introduced Postfix 2.3): segfault with HOLD action - in access/header_checks/body_checks on 64-bit platforms. - File: cleanup/cleanup_api.c. - Portability (introduced 20070325): the fix for hardlinks - and symlinks in postfix-install forgot to work around shells - where "IFS=/ command" makes the IFS setting permanent. This - is allowed by some broken standard, and affects Solaris. - File: postfix-install. - Portability (introduced 20070212): the workaround for - non-existent library bugs with descriptors >= FD_SETSIZE - broke with "fcntl F_DUPFD: Invalid argument" on 64-bit - Solaris. Files: master/multi_server.c, *qmgr/qmgr_transport.c. - Cleanup: on (Linux) platforms that cripple signal handlers - with deadlock, "postfix stop" now forcefully stops all the - processes in the master's process group, not just the master - process alone. File: conf/postfix-script. - (patch level 2) - Bugfix: don't falsely report "lost connection from - localhost[127.0.0.1]" when Postfix is being portscanned. - Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c. - Robustness: recommend a "0" process limit for policy servers - to avoid "connection refused" problems when the smtpd process - limit exceeds the default process limit. File: - proto/SMTPD_POLICY_README.html. - Safety: when IPv6 (or IPv4) is turned off, don't treat an - IPv6 (or IPv4) connection from e.g. inetd as if it comes - from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c, - qmqpd/qmqpd_peer.c. - Bugfix: Content-Transfer-Encoding: attribute values are - case insensitive. File: src/cleanup/cleanup_message.c. - Bugfix: mailbox_transport(_maps) and fallback_transport(_maps) - were broken when used with the error(8) or discard(8) - transports. Cause: insufficient documentation. Files: - error/error.c, discard/discard.c. - Bugfix (problem introduced Postfix 2.3): when DSN support - was introduced it broke "agressive" recipient duplicate - elimination with "enable_original_recipient = no". File: - cleanup/cleanup_out_recipient.c. - Bugfix (introduced Postfix 2.3): the sendmail/postdrop - commands would hang when trying to submit a message larger - than the per-message size limit. File: postdrop/postdrop.c. - Sabotage the saboteur who insists on breaking Postfix by - adding gethostbyname() calls that cause maildir delivery - to fail when the machine name is not found in /etc/hosts, - or that cause Postfix processes to hang when the network - is down. - (patch level 3) - Portability: Victor helpfully pointed out that change - 20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c, - qmqpd/qmqpd_peer.c. -* Thu Jun 21 2007 varkoly@suse.de -- Bug 285553 amavisd inconsistency -* Tue Jun 19 2007 dmueller@suse.de -- provide smtp meta-service as well -* Mon Jun 11 2007 lrupp@suse.de -- don't PreRequire /sbin/ip: removed call in SuSEconfig.postfix -* Thu May 03 2007 varkoly@suse.de -- dynamic_maps.patch: readded the chunk for dict_tcp and dict_pcre -- replaced prereq for postfix with a prereq on - %%{name} = %%{version} -- updated to postfix 2.4, patchlevel 0 - Major changes - safety - * As a safety measure, Postfix now by default creates mailbox dotlock - files on all systems. This prevents problems with GNU POP3D which - subverts kernel locking by creating a new mailbox file and deleting - the old one - Major changes - Milter support - * The support for Milter header modification - requests was revised. With minimal change in the on-disk representation, - the code was greatly simplified, and regression tests were updated - to ensure that old errors were not re-introduced. The queue file - format is entirely backwards compatible with Postfix 2.3. - * Support for Milter requests to replace the message - body. Postfix now implements all the header/body modification - requests that are available with Sendmail 8.13. - * A new field is added to the queue file "size" - record that specifies the message content length. Postfix 2.3 and - older Postfix 2.4 snapshots will ignore this field, and will report - the message size as it was before the body was replaced. - Major changes - TLS support - * The check_smtpd_policy client sends TLS certificate - attributes (client ccert_subject, ccert_issuer) only after successful - client certificate verification. The reason is that the certification - verification status itself is not available in the policy request. - * The check_smtpd_policy client sends TLS certificate - fingerprint information even when the certificate itself was not - verified. - * The remote SMTP client TLS certificate fingerprint - can be used for access control even when the certificate itself was - not verified. - * The format of SMTP server TLS session cache - lookup keys has changed. The lookup key now includes the master.cf - service name. - Major changes - performance - * Better support for systems that run thousands - of Postfix processes. Postfix now supports FreeBSD kqueue(2), - Solaris poll(7d) and Linux epoll(4) as more scalable alternatives - to the traditional select(2) system call, and uses poll(2) when - examining a single file descriptor for readability or writability. - These features are supported on sufficiently recent versions of - FreeBSD, NetBSD, OpenBSD, Solaris and Linux; support for other - systems will be added as evidence becomes available that usable - implementations exist. - Major changes - delivery status notifications - * Small changes were made to the default bounce - message templates, to prevent HTML-aware software from hiding or - removing the text "", and producing misleading text. - * Postfix no longer announces its name in delivery - status notifications. Users believe that Wietse provides a free - help desk service that solves all their email problems. - Major changes - ETRN support - * More precise queue flushing with the ETRN, - "postqueue -s site", and "sendmail -qRsite" commands, after - minimization of race conditions. New per-queue-file flushing with - "postqueue -i queueid" and "sendmail -qIqueueid". - Major changes - small office/home office support - * Postfix no longer requires a domain name. It - uses "localdomain" as the default Internet domain name when no - domain is specified via main.cf or via the machine's hostname. - Major changes - SMTP access control - * The check_smtpd_policy client sends TLS certificate - attributes (client ccert_subject, ccert_issuer) only after successful - client certificate verification. The reason is that the certification - verification status itself is not available in the policy request. - * The check_smtpd_policy client sends TLS certificate - fingerprint information even when the certificate itself was not - verified. - * The remote SMTP client TLS certificate fingerprint can be used for - access control even when the certificate itself was not verified. - * The Postfix installation procedure no longer - updates main.cf with "unknown_local_recipient_reject_code = 450". - Four years after the introduction of mandatory recipient validation, - this transitional tool is no longer neeed. -* Thu Mar 29 2007 rguenther@suse.de -- Add pwdutils BuildRequires to allow postinst script to succeed. -- Add /usr/share/omc directory. -* Mon Feb 26 2007 varkoly@suse.de -- #247351 - postfix - Ports for SuSEfirewall added via packages -- Move postfix.xml into the postfix-SuSE tarball -- #228479 - Postfix is configured for inet_protocols=all if - selecting ipv4 only support during installation. - Now we set both inet_protocols and inet_interfaces to all. - This means the available interfaces and protocols will be used. - To avoid bogus warnings inet_proto.c was patched. -- #251598 - postfix use pointers for literals -* Mon Jan 15 2007 varkoly@suse.de -- #144104 - postfix does not start -- Implementing Fate #301840: Postfix XML Service Description Document -- Enhancing /etc/sysconfig/postfix descripton to avoid problems - like Bug 228678 - Problems with setting up chroot environment if - /var/spool is not on same filesystem as /var -* Wed Nov 22 2006 mrueckert@suse.de -- moved the dict handling into a preun script instead of postun - and do not remove the dict entry on upgrade (#223176) -- removed duplicates in the filelists. -* Fri Nov 10 2006 varkoly@suse.de -- #218229 - Postfix SuSEconfig script increases the max_proc line each run in master.cf -* Sat Oct 28 2006 varkoly@suse.de -- #206414 - /usr/lib/sasl2/smtpd.conf misplaced -* Tue Oct 24 2006 varkoly@suse.de -- #202119 – SuSEconfig script for Postfix incomplete -- #202162 – Postfix 2.3.2 slightly incorrect, Cyrus SASL unavailable -- #203174 – /sbin/conf.d/SuSEconfig.postfix should configure a TLS session cache for postfix 2.2 -- #203575 – postfix-2.2.9-10 chokes without scache -- #213589 - No development package/headers for postfix -* Wed Aug 16 2006 ro@suse.de -- also add libpostfix-milter.so* -* Mon Aug 14 2006 varkoly@suse.de -- updated to postfix 2.3, patchlevel 2 -- Major changes - - Name server replies that contain a malformed hostname are now flagged - as permanent errors instead of transient errors. - - DSN support as described in RFC 3461 .. RFC 3464. - - The SMTP client now implements the LMTP protocol. - - Milter (mail filter) application support, compatible with Sendmail - version 8.13.6 and earlier. -- Major changes - SASL authentication - - Plug-in support for SASL authentication in the SMTP server and in the - SMTP/LMTP client. - - The Postfix-with-Cyrus-SASL build procedure has changed. - - Support for sender-dependent ISP accounts. -- Major changes - SMTP client - - The SMTP client now implements the LMTP protocol. - - This version addresses a performance stability problem with remote - SMTP servers. -- Major changes - SMTP server - - The Postfix SMTP server now refuses to receive mail from the network - if it isn't running with postfix mail_owner privileges. - - Optional suppression of remote SMTP client hostname lookup and hostname - verification. - - SMTPD Access control based on the existence of an address->name mapping -- Major changes - TLS - - New concept: TLS security levels ("none", "may", "encrypt", "verify" - or "secure") in the Postfix SMTP client. - - Both the Postfix SMTP client and server can be configured without a - client or server certificate. -- See - /usr/share/doc/packages/postfix/RELEASE_NOTES - /usr/share/doc/packages/postfix/TLS_CHANGES - /usr/share/doc/packages/postfix/README_FILES/SASL_README - for detailed informations. -* Wed Aug 02 2006 varkoly@suse.de -- Only %%{conf_backup_dir} is contained by the package not /var/adm/backup -* Mon Jul 10 2006 varkoly@suse.de -- Bugfix: #190639 Default number of processes for postfix -- Bugfix: #190270 postfix-postgresql -* Fri Jun 02 2006 varkoly@suse.de -- Bugfix: #98188 - SuSE.tar.gz filename collision in cyrus/postfix SRPMs -* Mon Apr 24 2006 varkoly@suse.de -- Bugfix: #165786 - yast2-mail modul uses obsolate postfix attributes -* Mon Mar 20 2006 varkoly@suse.de -- updated to postfix 2.2, patchlevel 9. -- Reasons: - Bugfix: the LMTP client would reuse a session after negative - reply to the RSET command (which may happen when client and - server somehow get out of sync). - Bugfix: race condition in the connection caching protocol, - causing the SMTP delivery agent to hang after delivering - mail, while trying to save a connection. - Bugfix: the best_mx_transport, mailbox_transport and - fallback_transport features did not write a per-recipient - defer logfile record when the target delivery agent was - broken. - Bugfix: an EHLO I/O error after STARTTLS would be reported - as a STARTTLS I/O error. - Bugfix: the *SQL, proxy and LDAP maps were not defined in - user-land commands such as postqueue. - Bugfix: the anvil server would terminate after "max_idle" - seconds, even when this was less than the anvil_rate_time_unit - interval. - Portability: 64-bit support for LINUX chroot script by Keith - Owens. - Safety: new "smtp_cname_overrides_servername" parameter. - Bugfix: mailbox_command_maps was not subject to $name - expansion. - Bugfix: don't ignore the per-site policy when SSL library - initialization fails. - Bugfix: a TLS per-site MUST_NOPEERMATCH policy could not - override a stronger main.cf policy, while a per-site NONE - policy could. - Bugfix: a combined TLS per-site (host, recipient) policy - of (NONE, MAY) changed a global MUST policy into NONE, and - a global MUST_NOPEERMATCH into MAY. The result is now NONE. - Problem found by exhaustive simulation. - Bugfix: an empty remote_header_rewrite_domain value caused - trivial-rewrite to dereference a null pointer, but only in - regression tests, not in production. Postfix rewrites - addresses in the remote rewriting context only when the - remote_header_rewrite_domain parameter value is non-empty. - Workaround: a malformed domain name lookup result (such as - null MX record) is now treated as a hard error, so that - Postfix will no longer repeatedly try to deliver mail until - the message expires in the queue. However, this will not - reject mail with reject_unknown_sender/recipient_domain. - That would require too much change for a stable release. -* Fri Jan 27 2006 mls@suse.de -- converted neededforbuild to BuildRequires -* Tue Jan 24 2006 varkoly@suse.de -- Fixing the spec-file -- Bugfix: ID#143682 - Spurious (obsoleted?) configuration variable in postfix's main.cf -* Mon Jan 23 2006 varkoly@suse.de -- Bugfix: ID#140173 postfix allows relaying on the whole subnet -- Bugfix: ID#144091 postfix doesn't start with the latest kernel -* Fri Jan 20 2006 varkoly@suse.de -- Bugfix: ID#144091 -- Postfix makes an entry in slp servre for smtp & smtps -* Mon Jan 16 2006 varkoly@suse.de -- removing openldap from "neededforbuild" -* Wed Nov 30 2005 choeger@suse.de -- updated to postfix 2.2, patchlevel 6 -* Tue Oct 11 2005 choeger@suse.de -- added patch ldap_api_changes.patch: openldap2.3 enforces to use - "The C LDAP Application Program Interface" -* Mon Aug 15 2005 choeger@suse.de -- Bugfix Bugzilla ID#104663 - consistent use of variables in postfix - init-script -- Bugfix Bugzilla ID#104568 - SuSEconfig.postfix doesnt set $PATH properly to - find all binaries. -* Fri Aug 12 2005 mmj@suse.de -- Package the /usr/lib/sendmail -> /usr/sbin/sendmail link [#102947] -* Tue Jul 26 2005 choeger@suse.de -- Bugfix Bugzilla ID#93884 - package postfix uses -fsigned-char - Remove -fsigned-char option for ppc and s390 archs -* Mon Jul 25 2005 choeger@suse.de -- updated to postfix 2.2, patchlevel 5: - - Portability: the connection caching code broke on LP64 - systems (inherited from Stevens Network Programming). - Files: util/unix_send_fd.c, util/unix_recv_fd.c. This code - is back-ported from the Postfix 2.3 snapshot release. - - Robustness: the SMTP client now disables connection caching - when it is unable to communicate with the scache(8) server, - instead of looping forever and not delivering mail. File: - global/scache_clnt.c. This code is back-ported from the - Postfix 2.3 snapshot release. - - Portability: after sending a socket, the scache(8) server - now waits for an ACK from the connection cache client before - closing the socket that it just sent. Files: scache/scache.c, - global/scache_clnt.c. This code is back-ported from the - Postfix 2.3 snapshot release. - - Portability: on LP64 systems, integer expressions are int, - but sizeof() and pointer difference expressions are larger. - Point fixes for a few discrepancies with variadic functions - that expect int (the permanent fix is to change the receiving - modules, but that results in too much change, and is not - allowed in the stable release). Files: tls/tls_scache.c, - util/clean_env.c, util/vstring.h, smtpstone/qmqp-source.c. -* Mon Jul 18 2005 choeger@suse.de -- force to set strict_8bitmime to "no" when POSTFIX_MDA != cyrus, - because once it is set to "yes", nobody sets it back. -- only install /etc/pam.d/smtp if %%suse_version > 920 -- use Prereq instead of Requires for mysql and postgresql subpackages -* Wed Jul 13 2005 choeger@suse.de -- added /etc/pam.d/smtp configuration file -* Thu Jul 07 2005 choeger@suse.de -- Fixed build on x86_64: use -fPIC for libraries and -fPIE for the - rest -* Tue Jul 05 2005 choeger@suse.de -- applied dynamic maps patch of LaMont Jones at debian -- Fix to SuSEconfig.postfix: only touch tlsmgr line in master.cf, - if it is the new one using unix socket instead of fifo -* Thu Jun 30 2005 uli@suse.de -- build with -fPIE (not -fpie) to avoid GOT overflow on s390x -* Thu Jun 23 2005 choeger@suse.de -- updated to postfix 2.2, patchlevel 4 -* Fri Jun 17 2005 choeger@suse.de -- fixed build using -pie/-fpie (hopefully) -* Fri Jun 17 2005 choeger@suse.de -- Build using -pie -* Fri May 13 2005 choeger@suse.de -- set strict_8bitmime parameter to yes when using cyrus mailbox - delivery -* Wed May 04 2005 choeger@suse.de -- Bugfix ID#66325 - postfix: permissions - also ship a postfix.paranoid file with the package with all suid and sgid - bits disabled -* Tue May 03 2005 choeger@suse.de -- updated to postfix 2.2, patchlevel 3 -- Bugfix ID#75717 - postfix init scripts reports success allthough postfix is - not running: - use checkproc again instead of "master -t", as "master -t" seems to be broken -* Thu Apr 21 2005 choeger@suse.de -- updated to postfix 2.2, patchlevel 2 -- Bugfix ID#74712, problems with read-only mounting of $chroot/proc: - don't mount /var/spool/postfix/proc ro as that results in /proc also mounted - ro. -- Bugfix ID#74709, postfix configuration and USE_IPV6 in - sysconfig/network/config -* Tue Mar 15 2005 choeger@suse.de -- updated to postfix 2.2, patchlevel 1 - Postfix 2.2.1 solves four portability problems that surfaced in - the week since the 2.2.0 release, one harmless bug in the TLS - session cache cleaning code, and cleans up minor documentation - problems. -* Thu Mar 10 2005 choeger@suse.de -- 2.2.0 is out -* Mon Mar 07 2005 choeger@suse.de -- update to RC2 -* Wed Mar 02 2005 choeger@suse.de -- make it compile with gcc4 -* Mon Feb 28 2005 choeger@suse.de -- RC1 of 2.2 is out -* Fri Feb 18 2005 choeger@suse.de -- use "usr/sbin/postfix upgrade-configuration" now instead of - "etc/postfix/post-install upgrade-package" -* Thu Feb 17 2005 choeger@suse.de -- removed some @ chars (don't know how they slipped in) -* Thu Feb 17 2005 choeger@suse.de -- update to current pre 2.2 snapshot (2.2-20050216) - 2.2 release could happen next week -* Thu Feb 10 2005 choeger@suse.de -- added patch needed for the Kolab project (this patch is part of the upcoming - postfix 2-2 release), see - http://wiki.kolab.org/index.php/Kolab-major-app-patches -* Thu Feb 03 2005 choeger@suse.de -- s/X-UnitedLinux-Should-Start/Should-Start/ -* Wed Feb 02 2005 choeger@suse.de -- added long_header.patch - long lines piped into postfix sendmail can lead to errors. -* Wed Feb 02 2005 choeger@suse.de -- Bugfix ID#49307: faster postfix startup: don't use hashed directories if - possible: - - added patch empty_hash_queue_names.patch to be able to modify - hash_queue_names parameter. - - added check to %%post to change hash_queue_names in case of - /var/spool/postfix residing on a reiserfs partition when doing - a fresh installation -- Bugfix ID#50386 - postfix must prereq /sbin/ip (iproute2) -* Fri Jan 28 2005 choeger@suse.de -- updated tls+ipv6 patchkit to v1.26 - - Bugfix: Incomplete error checking in getaddrinfo() could cause lmtpd to - crash with debug_peer_list defined. Carsten Hoeger, SuSE. File: - util/match_ops.c - - Linux workaround: When mynetworks isn't set, a chrooted process could not - read the IPv6 address information from /proc. We now invoke own_inet_addr() - before chrooting, while processing main.cf. [backported from 2.2-nonprod - snapshot] File: global/mail_params.c - - Safety: when IPv6 netmask can't be determined, mynetworks is not set and - mynetworks_style = subnet, assume /128 (host only). Until now, Tru64Unix - assumed /64 (good for real subnets, but not safe for tunnel ranges etc.). - File: util/inet_addr_local.c -* Sat Jan 15 2005 schwab@suse.de -- Use : in permissions file. -* Thu Jan 13 2005 choeger@suse.de -- Two fixes to ipv6-patch related bugs: - - Bugfix Bugzilla ID#49435 - VUL-0: Postfix, permit_mx_backup, IPv6, chroot - --> Open Relay! - - Bugfix Bugzilla ID#49695 - SEGV while lmtp delivery -- mount /proc into chroot jail to be able to access /proc/net/if_inet6 -* Wed Nov 24 2004 schwab@suse.de -- Put options first in find command line. -* Tue Nov 09 2004 choeger@suse.de -- setting LC_ALL=POSIX in SuSEconfig.postfix -* Wed Sep 29 2004 choeger@suse.de -- Bugfix Bugzilla ID#46462, postfix should switch biff off -* Tue Sep 21 2004 choeger@suse.de -- updated to postfix 2.1, patchlevel 5 - (several small bugfixes) -- updated tls+ipv6 patchkit (there have been some small bugs) -- use v4 address 127.0.0.1 as amavisd-new local contact address - as amavisd is not listening on any v6 address -* Mon Sep 20 2004 choeger@suse.de -- also chmod the .db file resulting of a postmap (related to - bugfix ID#39045 -* Thu Sep 16 2004 choeger@suse.de -- Bugfix Bugzilla ID#39045 - tls_per_site table updates in SuSEconfig.postfix - introduced POSTFIX_MAP_LIST in /etc/sysconfig/postfix where additional - maps maintained by SuSEconfig.postfix can be added -* Thu Sep 16 2004 choeger@suse.de -- Bugfix Bugzilla ID#45252 - rpm calls SuSEconfig.permissions which calls rpm - -> 3 minute timeout - Also don't call rpm from SuSEconfig.postfix -- Speedup: set timestamp of $TMPDIR/main.cf into the past to workaround - postconf safety which is not neccessary, because we do not touch the main.cf, - the postfix daemons are using. -* Mon Sep 13 2004 choeger@suse.de -- added $time to Required-Start in init-script -* Thu Aug 26 2004 choeger@suse.de -- do not filter locally delivered mail when USE_AMAVIS=yes - (don't set content_filter=vscan in main.cf) -- removed obsolete vscan service definition from master.cf -* Fri Aug 20 2004 choeger@suse.de -- use "$MASTER_BIN -t" to check whether postfix is already running - in start section of init-script. That's more reliable then checkproc. -* Wed Jul 14 2004 choeger@suse.de -- Bugfix Bugzilla ID#42995 - SuSEconfig.postfix should ignore - .swp and other files in /etc/aliases.d -* Tue Jul 13 2004 choeger@suse.de -- Bugfix Bugzilla ID#42281, openssl ca segfaults: - added missing [ policy_anything ] configuration - options to openssl.cnf -* Mon Jul 12 2004 choeger@suse.de -- updated to postfix 2.1, patchlevel 4 -- updated tls+ipv6 patchkit to v1.25 -- new feature POSTFIX_REGISTER_SLP in /etc/sysconfig/postfix - to be able to totally disable slptool from being started -* Tue May 25 2004 choeger@suse.de -- updated tls+ipv6 patchkit to v1.24: - - Bugfix: Prefixlen non-null host portion validation (in CIDR maps for - example) yielded incorrect results sometimes because signed arithmetic was - used instad of unsigned. - - Patch correction: The TLS+IPv6 patch for Postfix 2.1.0 missed the master.cf - update (used for new installattions). Added it back. -- as tls and ipv6 patches have not been completely ported to postfix 2.1 - new documentation system, especially the new postconf(5) manpage is - missing the complete ipv6 and tls related configuration parameters, - readded the sample-* files from ipv6+tls to %%doc/samples -* Tue May 04 2004 choeger@suse.de -- update to postfix 2.1, patchlevel 1: - - Patch 01 fixes a signal 11 problem in the check_policy_service - feature when SASL support is compiled in but turned off in the - SMTP server (smtpd_sasl_auth_enable = no). -* Wed Apr 28 2004 choeger@suse.de -- added now officially released tls patchkit 0.8.18-2.1.0-0.9.7d to - the source package for the user to be able to build a non-ipv6 - postfix package -* Mon Apr 26 2004 choeger@suse.de -- official tls+ipv6 v1.23 patchkit released: - - Patch fixes: Several code fixes to make the patch compile and work - correctly when compiled without IPv6 support. - - Bugfix (Solaris only?): address family length was not updated - which could cause client hostname validation errors. File: - smtpd/smtpd_peer.c - - Portability: added support for Darwin 7.3+. This may need some - further testing. - - Cleanup: Restructure and redocument interface address retrieval - functions. (This reduced the number of preprocessor statements - from 99 to 93 ;) File: util/inet_addr_local.c - - Cleanup: make several explicit casts to have compilers shut their - pie holes about uninteresting things. -* Fri Apr 23 2004 choeger@suse.de -- update to final postfix v2.1 -* Wed Apr 21 2004 choeger@suse.de -- Bugfix: changed {main,master}.cf backup path in specfile, but not in - SuSEconfig script -* Wed Apr 21 2004 choeger@suse.de -- update to postfix 2.1 RC5 -* Mon Apr 19 2004 choeger@suse.de -- update to current postfix 2.1 release candidate (RC4) -* Wed Apr 07 2004 choeger@suse.de -- Bugfix Bugzilla ID#38569, exit SuSEconfig.postfix if - mktemp fails -* Tue Mar 30 2004 choeger@suse.de -- Bugfix Bugzilla ID#37409 - the saslauthd socket is not copied to chroot jail due to - a wrong test in SuSEconfig.postfix (used -L instead of -S) -* Mon Mar 29 2004 choeger@suse.de -- only add ::1 to inet_interfaces when SMTPD_LISTEN_REMOTE=no - AND ipv6 is enabled -* Mon Mar 29 2004 choeger@suse.de -- Bugfix Bug ID#37293, SuSEConfig complains POSTFIX_ADD_* parameters are - unknown (in turkish locale settings) - added LC_CTYPE=POSIX to SuSEconfig.postfix -* Thu Mar 25 2004 choeger@suse.de -- updated to tls+ipv6 version 1.22 (related to Bugzilla ID#35884) - - Feature: Support "inet_interfaces = IPv4:all" and "inet_interfaces = - IPv6:all", to restrict postfix to use either IPv4-only or IPv6-only. A more - complete implementation will be part of a future patch. (Slightly modified) - patch by Michal Ludvig, SuSE. Files: util/interfaces_to_af.[ch], - util/inet_addr_local.c, global/own_inet_addr.c, - global/wildcard_inet_addr.[ch], master/master_ent.ch - - Bugfix: In Postfix snapshots, a #define was misplaced with the effect that - IPv6 subnets were not included in auto- generated $mynetworks (i.e., - mynetworks not defined in main.cf, when also mynetworks_style=subnet) on - Linux 2.x systems. File: utils/sys_defs.h -- now adding ::1 to inet_interfaces when SMTPD_LISTEN_REMOTE=no - (related to Bugzilla ID#35884) -- enabled ipv6 again -* Thu Mar 18 2004 choeger@suse.de -- updated to most recent snapshot version 2.0.19-20040312: - Patch 19 fixes two low-priority problems: - - When mail is submitted at a high rate with the Postfix sendmail - command, the pickup daemon is keps busy long enough that it it - terminated by the watchdog timer (a feature that prevents Postfix - from locking up permanently). - - Malformed addresses in SMTP commands could result in table looks - with zero-length search strings, causing trouble with NIS lookups. -* Wed Mar 17 2004 choeger@suse.de -- disable IPv6 patch as it introduces problems for people - who do not use IPv6, see Bugzilla ID#35884, - "ipv6 mynetworks don't work" -* Mon Mar 08 2004 choeger@suse.de -- be a nice packager and strictly follow - http://www.porcupine.org/postfix-mirror/newdoc/PACKAGE_README.html - (added setgid_group=... to post-install upgrade-package) -* Fri Feb 27 2004 choeger@suse.de -- update to most recent version 2.0.18-20040209 -* Mon Feb 23 2004 choeger@suse.de -- Bugfix Bugzilla ID#34817, SuSEconfig.postfix doesn't specify direct path to - "postconf" and generates errors if run via sudo by a non-root user. -* Fri Feb 06 2004 choeger@suse.de -- update to postfix 2.0.18-20040205 -- enabled tls+ipv6 patch as it is now available for latest - pre 2.1 snapshot -* Mon Feb 02 2004 choeger@suse.de -- finally, the official TLS patchkit of Lutz hit the ground -* Mon Feb 02 2004 choeger@suse.de -- additional fix for the TLS extensions patch - should also fix Bugzilla ID#34218 -* Fri Jan 23 2004 choeger@suse.de -- fixed the smtp segfault -* Thu Jan 22 2004 choeger@suse.de -- updated to postfix 2.0.18-20040122 -- added new feature for specfile usetls to en/dis-able TLS - support -- temporary removed TLS support (self adapted patch to most recent - postfix snapshot version) as it currently results in smtp segfaulting -* Thu Jan 22 2004 choeger@suse.de -- update to recent postfix snapshot version 2.0.17-20040120 - which will become the next official release 2.1 around - next week according to Wietse Venema. -- added possibility to compile using the combined IPV6/TLS patch - which can be downloaded from http://www.ipnet6.org/postfix/ - just set useipv6 to 1 at the top of the specfile. -* Thu Jan 22 2004 ro@suse.de -- remove call to ldap_enable_cache - (function has been removed from openldap and was already - obsolete before (warning was issued back then)) -* Wed Jan 14 2004 choeger@suse.de -- added openslp register/derigister calls to postfix init-script -* Mon Jan 12 2004 choeger@suse.de -- add postfix user to group mail in case of POSTFIX_MDA==cyrus - to let postfix lmtp access /var/lib/imap/socket/lmtp -* Thu Jan 08 2004 choeger@suse.de -- Bugfix Bugzilla ID#33421, SMTP-Auth and relaying - added permit_sasl_authenticated also to smtpd_recipient_restrictions - in SuSEconfig.postfix -* Mon Dec 01 2003 choeger@suse.de -- always create temp files and always remove them later on -* Mon Nov 17 2003 choeger@suse.de -- some .spec improvements -* Thu Oct 30 2003 mmj@suse.de -- Run SuSEconfig after install -* Wed Oct 29 2003 mmj@suse.de -- Don't build as root -- Be nice and clean up after ourselves -* Tue Oct 14 2003 choeger@suse.de -- update to postfix v2.0.16 -- update to tls extensions v0.8.16 -- Fix for Bugzilla ID#32114, fixed some if condition syntaxes -* Tue Sep 16 2003 choeger@suse.de -- fixed example for POSTFIX_RELAYHOST, Bug ID#30756 -* Mon Sep 08 2003 choeger@suse.de -- updated some sysconfig descriptions -- removed relays.osirosoft.com from the examples, Bug ID#30215 -* Thu Sep 04 2003 kukuk@suse.de -- Fix next useradd call -* Wed Sep 03 2003 choeger@suse.de -- conf/postfix-files as input for /etc/permissions.d/postfix (Bug ID#29915) -- generate better amavisd-new master.cf line: - limit maxproc to 2 and use brackets around localhost - (Bug ID#29917) -* Mon Sep 01 2003 choeger@suse.de -- use conf/postfix-files as input for directories and permissions - for files/directories in/below $queue_directory and $command_directory -- use /var/lib/imap/socket/lmtp as lmtp socket in SuSEconfig.postfix - and change access modes of /var/lib/imap and /var/lib/imap/socket - to let postfix lmtp access the unix socket -* Fri Aug 29 2003 kukuk@suse.de -- Create postfix user as system account [Bug #29611] -* Fri Aug 29 2003 kukuk@suse.de -- Adjust sendmail permissions -- Create /var/spool/postfix/public with permissions postfix is - using -* Thu Aug 28 2003 mmj@suse.de -- Add sendmail to /etc/sysconfig/mail -* Thu Aug 14 2003 choeger@suse.de -- update to Postfix 2.0 Patch 14 -- Bugfix Bugzilla ID#28921: - missing activation metadata in sysconfig template -* Wed Jul 30 2003 choeger@suse.de -- new macros for stop/restart of services on rpm update/removal -* Mon Jul 21 2003 choeger@suse.de -- chown user:group instead of user.group -* Fri Jul 11 2003 choeger@suse.de -- update to tls extensions 0.8.15-2.0.13-0.9.7b -* Tue Jul 01 2003 choeger@suse.de -- updated SuSEconfig to use amavisd-new instead of amavis[d]-postfix -* Mon Jun 30 2003 choeger@suse.de -- update to Postfix 2.0 Patch 13 -- After "postfix reload", the master daemon now warns when the - inet_interfaces parameter setting has changed, and ignores the - change, instead of passing incorrect information to the smtp - server. -- After the postdrop command change with Postfix 2.0.11, the postcat - command no longer recognized "maildrop" queue files as valid. -- Mail could bounce when two messages were delivered simultaneously - to a non-existent mailbox file. The safe_open() code that prevents - race condition exploits will now try a little harder when it - actually encounters a race condition. -- update to tls extensions 0.8.14-2.0.12-0.9.7b -* Thu Jun 12 2003 choeger@suse.de -- also change path to smtpd.conf in sysconfig template parameter - description dependent on what %%{_lib} is set to. -* Thu Jun 12 2003 choeger@suse.de -- update to postfix 2.0, patchlevel 12 -* Wed Jun 11 2003 choeger@suse.de -- mkdir -p $RPM_BUILD_ROOT/%%{_libdir}/sasl2 instead of - $RPM_BUILD_ROOT/usr/lib/sasl2 - and we also can build on 64bit archs -* Wed Jun 11 2003 choeger@suse.de -- package /usr/lib/sasl2/smtpd.conf using %%{_libdir}/sasl2/smtpd.conf -- added /etc/postfix to filelist -* Wed Jun 11 2003 choeger@suse.de -- update to postfix 2.0, patchlevel 11 -- update to tls extensions 0.8.13-2.0.10-0.9.7b -* Fri May 23 2003 choeger@suse.de -- updated SuSE/master.cf toplevel comments -* Fri May 23 2003 choeger@suse.de -- update to postfix 2.0, patchlevel 10 -* Mon May 19 2003 choeger@suse.de -- remove installed (but unpackaged) file /etc/postfix/aliases -* Mon May 19 2003 choeger@suse.de -- path to ca, certificate and key is relative to $POSTFIX_SSL_PATH, - added $POSTFIX_SSL_PATH/ to the relevant parts of SuSEconfig.postfix -* Wed May 14 2003 choeger@suse.de -- correctly handle new POSTFIX_SMTP_TLS_CLIENT parameter in - SuSEconfig.postfix (activate/deactivate master.cf entries) -* Wed May 14 2003 choeger@suse.de -- added libxcrypt to chroot jail, Bugzilla ID#25766 -* Tue May 13 2003 choeger@suse.de -- added TLS_CLIENT support, Bugzilla ID#26647 -* Wed Apr 23 2003 choeger@suse.de -- update to postfix 2.0, patchlevel 9 -* Tue Apr 15 2003 ro@suse.de -- fixed neededforbuild -* Mon Apr 07 2003 choeger@suse.de -- update to postfix 2.0, patchlevel 7 -- update to tls extensions 0.8.13-2.0.6-0.9.7a -- Bugfix Bugzilla ID#25905, do not restrict mailbox size per default -* Sat Mar 08 2003 choeger@suse.de -- use checkproc to check if there really is a postfix master - process running when there's a pid file lying around. - (Bugzilla ID#24910) -* Thu Mar 06 2003 choeger@suse.de -- update to Postfix 2.0 Patch 06 -- Postfix now truncates non-address information in message address - headers (comments, etc.) to 250 characters per address. This should - rarely present a problem. Reportedly, junk mail from poorly written - software can trigger the protection, but that is no great loss. -- Some little fixes to documentation. -* Tue Mar 04 2003 choeger@suse.de -- update to Postfix 2.0 Patch 05 -- The SMTP server's hard and soft error limits were off by one. - With "smtpd_hard_error_limit = 1", Postfix will now disconnect - after the first error, instead of the second one. -- The proxymap server could deadlock when the mydestination parameter - setting included a proxymapped lookup table. -- Some little fixes to documentation. -* Sat Mar 01 2003 choeger@suse.de -- when updating postfix, check whether post-install changed - main/master.cf and update md5sums to not confuse SuSEconfig -- when installing postfix on a fresh system, create md5sums - in %%post to be able to let check_md5_and_move() detect - changes that a user might have done without running SuSEconfig - before. -* Thu Feb 27 2003 choeger@suse.de -- no longer remove md5sums of main.cf and master.cf during - postinstall, as SuSEconfig then no longer knows, whether - main.cf/master.cf had been modified by the user. - Disadvantage: as postfix permanently needs basic changes - to both main and master.cf, SuSEconfig.postfix will frequently - generate .SuSEconfig files although the user did not change anything - Bugzilla ID#24432 -* Fri Feb 21 2003 choeger@suse.de -- update to Postfix 2.0 Patch 04 - - The format of maildir filenames is synchronized with the present - version of the maildir definition document. This format was already - adopted by the 20030126 snapshot release. - - The time limit on delivery to external commands was not enforced. - This was broken probably some time before the first public Postfix - release. - - Duplicate elimination after virtual alias expansion works again. - This was broken with the introduction of the original recipient - attribute. - - The local pickup daemon dropped incomplete records from local - submissions. This was broken somewhere in the middle of 2002. -* Sat Feb 15 2003 choeger@suse.de -- Bugfix Bugzilla ID#23675: new service proxymap will not be - appended during update -* Mon Feb 10 2003 choeger@suse.de -- also check whether amavisd-postfix is installed and set up - filter section in master.cf -* Thu Jan 30 2003 choeger@suse.de -- update to Postfix 2.0 Patch 03 - - Postfix 2.0 broke relocated table lookup results with mail not - rejected at the SMTP port, causing "User has moved to" text to be - deleted. - - A widely used maildir filename generating algorithm was broken. - This affects all Postfix versions with maildir support. Instead of - TIME.PID_COUNT.HOST Postfix now uses TIME.DEVICE_INODE.HOST. - - Postfix 2.0 gave incorrect FILTER_README instructions for sites - that wish to disable virtual alias mapping before the content - filter. -- postfix-lib64.patch code now integrated in postfix -* Fri Jan 24 2003 choeger@suse.de -- changed SuSEconfig.postfix and smtpd.conf to use sasl2 -* Thu Jan 23 2003 choeger@suse.de -- forgot to add tlsmgr to master.cf -* Thu Jan 23 2003 choeger@suse.de -- Hmmm, just noticed, that suddenly 2.0.0.x became 2.0.x - must have missed something... -- updated SuSE/master.cf (new proxymap service) -* Thu Jan 16 2003 choeger@suse.de -- added POSTFIX_ADD_MESSAGE_SIZE_LIMIT as example to sysconfig.postfix - (Bugzilla ID#22907) -* Tue Jan 14 2003 choeger@suse.de -- build using sasl2 -* Fri Jan 10 2003 choeger@suse.de -- update to postfix v2 (version 2.0.0.2) -* Wed Dec 11 2002 choeger@suse.de -- added sysconfig metadata to sysconfig templates -- updated to new tls extensions -* Fri Nov 29 2002 choeger@suse.de -- Bugfix Bugzilla ID#21865: don't copy directories into - directories when updating chroot jail in cpifnewer() -- Update to version 1.11, pl12 -* Tue Nov 19 2002 choeger@suse.de -- new SuSEconfig.postfix features: - . SMTP-AUTH server - . SMTP-AUTH client - . TLS Server -* Tue Nov 05 2002 choeger@suse.de -- quote args of tr command -* Mon Nov 04 2002 choeger@suse.de -- new feature: POSTFIX_ADD_* command in sysconfig/postfix to - be able to add any regular postfix command via SuSEconfig -- Bugfix Bugzilla ID#21120 added POSTFIX_ADD_MAILBOX_SIZE_LIMIT - as example with value 0 (unlimited) -- added a header to main.cf explaining that many postfix - parameters have been added to the end of main.cf -* Tue Oct 15 2002 choeger@suse.de -- Bugfix for Bugzilla ID#20754 - missed some parameters when restoring main.cf or master.cf - from scratch -* Wed Oct 09 2002 choeger@suse.de -- NULLCLIENT did not work because SuSEconfig searches for the wrong - keyword -* Mon Oct 07 2002 choeger@suse.de -- Bugfix related to Bugzilla IDs 20506, 18298, 19294: - masquerade_classes should not be extended by envelope_recipient -* Fri Sep 06 2002 choeger@suse.de -- added ypbind to X-UnitedLinux-Should-Start in init-script -* Wed Aug 28 2002 choeger@suse.de -- added restoration mechanism to restore master.cf and/or main.cf - if they got deleted by (intention or) accident to SuSEconfig.postfix -- added ldap to X-UnitedLinux-Should-Start -* Mon Aug 26 2002 choeger@suse.de -- Bugfix Bugzilla ID#18298: when setting FROM_HEADER, also unqualified - envelope recipients should be qualified to FROM_HEADER, not to - myorigin, added envelope_recipient to masquerade_classes -- Bugfix Bugzilla ID#18297: %%post touches main.cf and master.cf so it - may happen, that an update leaves .SuSEconfig files. - Remove /var/adm/SuSEconfig/md5/etc/postfix/main.cf and master.cf - in %%post -- Bugfix Bugzilla ID#18301: sendmail and postfix have different - opinions on the usage of NULLCLIENT. Moved NULLCLIENT to - sysconfig.postfix.POSTFIX_NULLCLIENT -- added exim to Conflicts -* Thu Aug 22 2002 choeger@suse.de -- wait for qmgr in the background for a maximum of 60 seconds -* Wed Aug 21 2002 choeger@suse.de -- Bugfix for init-script: - wait for qmgr to be ready before calling postfix flush -* Wed Aug 14 2002 choeger@suse.de -- added accidently removed line in master.cf for amavis, - Bugzilla ID#17732 -* Tue Aug 13 2002 choeger@suse.de -- exclude .rpmsave and .rpmorig from /etc/aliases.d expansion -* Wed Aug 07 2002 choeger@suse.de -- added netcfg to Prereq (/etc/aliases) -* Tue Aug 06 2002 choeger@suse.de -- added pcre openldap2-client to prereq (Bugzilla ID#17447) -* Mon Aug 05 2002 choeger@suse.de -- completed Prereq -* Fri Jul 19 2002 choeger@suse.de -- Bugfix for the handling of POSTFIX_MASQUERADE_DOMAIN - and FROM_HEADER -- removed main.cf from SuSE.tar.gz -- added X-UnitedLinux-Should-Start: cyrus to init-script -* Thu Jul 18 2002 choeger@suse.de -- set local as default MDA again - reason: postfix does not execute any external programs like procmail - with uid 0, so root mails will go to /var/mail/nobody, which - will confuse people -- remove setting of SUSE_RELEASE version in the (E)SMTP banner -* Fri Jul 12 2002 choeger@suse.de -- removed /etc/aliases from filelist, it's now in netcfg -* Thu Jul 11 2002 choeger@suse.de -- removed 'q' flag from vscan transport definition, because - current amavis versions have a rfc2821_mailbox_addr function -- remove old aliases.db files in %%post -- do not use unset in %%post -* Mon Jul 08 2002 choeger@suse.de -- make procmail the default MDA -* Fri Jul 05 2002 choeger@suse.de -- use %%{_lib} macro to detect platforms with lib64 - directories -* Fri Jul 05 2002 choeger@suse.de -- make chroot jail function lib64 aware -* Thu Jul 04 2002 uli@suse.de -- fixed libnsl detection on lib64 systems -* Thu Jul 04 2002 choeger@suse.de -- ldap_url_search_st is no longer available in OpenLDAP v2.1 - added a patch, that uses ldap_url_parse -- added new feature POSTFIX_MDA, Bugzilla ID#16720 -* Fri Jun 07 2002 choeger@suse.de -- changed POSTFIX_BASIC_SPAM_PREVENTION. It can now be set to - either off(default), medium or hard -- cleaned up SuSEconfig.postfix -- prepared for /etc/aliases.d -* Wed Jun 05 2002 choeger@suse.de -- new FEATURES: POSTFIX_RBL_HOSTS, POSTFIX_BASIC_SPAM_PREVENTION, - Bugzilla ID#16383 -- moved sample-*.cf files to %%{_docdir}/postfix/samples -* Wed Jun 05 2002 choeger@suse.de -- update to patchlevel 11, version 1.1.11 -- new FEATURE: POSTFIX_UPDATE_MAPS -* Fri May 24 2002 choeger@suse.de -- update to patchlevel 10, version 1.1.10 -- create required users and groups in %%pre install -* Thu Apr 25 2002 choeger@suse.de -- removed provides of my own packagename... -* Fri Apr 19 2002 choeger@suse.de -- Bugfix for README.SuSE: POSTFIX_CREATECF is now - MAIL_CREATE_CONFIG -* Thu Apr 04 2002 choeger@suse.de -- update to patchlevel 7, version 1.1.7 -- introduced new feature POSTFIX_LAPTOP -* Tue Mar 26 2002 choeger@suse.de -- update to patchlevel 5, version 1.1.5 -* Tue Mar 12 2002 choeger@suse.de -- Bugfix: don't check whether POSTFIX_MASQUERADE_DOMAIN is empty - or not, because else we won't be able to clear it. -* Thu Feb 28 2002 choeger@suse.de -- added flags=q to amavis transport definition (link@suse.de): - [...] - If your postfix is older than snapshot 20010610, leave out the - "flags=q" part. However, amavis will not function properly with - envelope adresses that contain whitespace in the local-part. - This is quite rare, but has been observed a few times. - [...] -* Mon Feb 25 2002 choeger@suse.de -- update to version 1.1.4 (1.1, patchlevel 4) - Bugfix (excerpt from HISTORY): - .................................................................. - off-by-one error, causing a null byte to be - written outside dynamically allocated memory in - the queue manager with addresses of exactly 100 - bytes long, resulting in SIGSEGV on systems with - an "exact fit" malloc routine. - .................................................................. -- added new option SMTPD_LISTEN_REMOTE to /etc/sysconfig/mail - which has been introduced by the SuSE dist-team (excerpt): - .................................................................. - sendmail does have an option to listen only on the local port, - this should be the default. - A flag "SMTPD_LISTEN_REMOTE" in /etc/sysconfig/mail will be used - to decide if port 25 should be opened externally. - The sendmail package will send a mail to root explaining this - fact. sendmail updates will copy the value of START_SMTPD to this - new flag. - .................................................................. - As this is a totally different behaviour compared to old releases, - SMTPD_LISTEN_REMOTE will be set to "yes", if POSTFIX_CREATECF - (now MAIL_CREATE_CONFIG) had been set to "yes" before the update. -* Thu Feb 21 2002 choeger@suse.de -- fillup workaround -* Thu Feb 21 2002 choeger@suse.de -- hostname handling is still annoying - added some piece of code to SuSEconfig.postfix to - get a valid hostname -* Mon Feb 18 2002 choeger@suse.de -- %%postinst cleanup: - . use rename_sysconfig_variable macro - . use remove_and_set macro - instead of directly calling fillup -* Wed Feb 13 2002 choeger@suse.de -- FQHOSTNAME has been removed from /etc/sysconfig/network/config - and is now set in /etc/HOSTNAME, which wasn't FQ in the past. - *Please, don't change it again* -- if POSTFIX_LOCALDOMAINS is set, do not append - "$myhostname, localhost.$mydomain" anymore -* Tue Feb 12 2002 choeger@suse.de -- Also take care of the localhost:10025 mailer definition when - setting up chroot options -* Mon Feb 11 2002 choeger@suse.de -- Do not set myorigin to FROM_HEADER -* Thu Feb 07 2002 choeger@suse.de -- Bugfix(SuSEconfig.postfix): typo in path to /etc/sysconfig/amavis -* Mon Feb 04 2002 choeger@suse.de -- SuSEconfig.postfix enhancement: get hostname from hostname -f - Bugfix: get FQHOSTNAME from /etc/sysconfig/network/config -- added -y to fillup_and_insserv to create startlinks - after installation -- changed company name to SuSE Linux AG in copyright headers -* Mon Feb 04 2002 choeger@suse.de -- update to postfix 1.1.3 and tls extensions 0.8.3 - minor bugfixes - http://groups.yahoo.com/group/postfix-users/message/52953 -* Fri Feb 01 2002 choeger@suse.de -- Bugfix: Forgot to assign a name to TMPDIR in SuSEconfig.postfix -* Fri Feb 01 2002 choeger@suse.de -- added resolve_local_panic.patch - http://groups.yahoo.com/group/postfix-users/message/52746 -* Wed Jan 30 2002 choeger@suse.de -- update of tls extensions to 0.8.2 -* Mon Jan 28 2002 choeger@suse.de -- update to version 1.1.2 -- sysconfig.mail changes -* Tue Jan 22 2002 choeger@suse.de -- renamed cleanup.fillup to sysconfig.postfix.cleanup -- added postqueue patch, see - http://groups.yahoo.com/group/postfix-users/message/51611 - for more details -* Mon Jan 21 2002 choeger@suse.de -- update to official release version 1.1.0 -- moved some stuff to /etc/sysconfig/mail -- cleaned up /etc/rc.config access -- added some safety checks to SuSEconfig.postfix -* Wed Jan 16 2002 choeger@suse.de -- update to version 20020115 (release candidate for Postfix - official release version 1.1) -* Tue Jan 15 2002 choeger@suse.de -- some improvements to SuSEconfig.postfix -* Fri Jan 11 2002 choeger@suse.de -- updated to version 20020107 -- added postinstall section to update from previous versions - of postfix -* Tue Jan 08 2002 egmont@suselinux.hu -- Changed /sbin/init.d to /etc/init.d in init script comment -* Mon Jan 07 2002 choeger@suse.de -- added sender_canonical_maps to SuSEconfig.postfix to let - the new YaST2 module setup this map similar to sendmails - genericstable -* Thu Jan 03 2002 kukuk@suse.de -- SuSEconfig.postfix shell script is no config file [Bug #12712] -* Wed Dec 19 2001 choeger@suse.de -- Made initscript more LSB compliant (status codes) -- Bugfix for Bugzilla ID#12672 (improve explanation - of POSTFIX_LOCALDOMAINS) -- robustness enhancement for SuSEconfig.postfix -* Fri Dec 14 2001 choeger@suse.de -- typo in specfile (master.cf installed as main.cf) -* Thu Dec 13 2001 choeger@suse.de -- update to version 20011210 -- some changes to SuSEconfig.postfix: - . added POSTFIX_UPDATE_CHROOT_JAIL variable, see README.SuSE - . some cleanups for chroot jail - . little bugfixes -* Thu Dec 13 2001 ro@suse.de -- moved rc.config.d -> sysconfig -* Wed Nov 28 2001 choeger@suse.de -- update to version 20011127 -- some changes to SuSEconfig.postfix: - . added more robustness (Jehova) - . do not chown -R postfix to /var/spool/postfix - . query for package cyrus-sasl instead of sasl -* Tue Nov 20 2001 choeger@suse.de -- update to version 20011115 - Bugfix for a memory exhaustion bug in smtpd - see http://groups.yahoo.com/group/postfix-users/message/46597 -- remove START_ variable -* Fri Nov 09 2001 choeger@suse.de -- some changes to specfile (thanks to Simon J Mudd from whom - I copied some code) -* Tue Nov 06 2001 choeger@suse.de -- fix some SuSEconfig.postfix bugs: - . master.cf chroot column can also contain '-' - . don't do anything if POSTFIX_CREATECF != yes -* Fri Oct 26 2001 choeger@suse.de -- update to most recent snapshot version 20011008 -* Thu Oct 25 2001 choeger@suse.de -- update to pl05 -* Fri Oct 19 2001 choeger@suse.de -- Bugfix, Bugzilla ID#11914 -* Wed Sep 26 2001 choeger@suse.de -- ALWAYS create master.cf, even is POSTFIX_CREATECF is set - to no, because else chroot mode may not work, Bugzilla ID#11359 -* Thu Sep 13 2001 choeger@suse.de -- removed an obsolete echo in start section of init-script -* Thu Sep 06 2001 choeger@suse.de -- Bugfix in init-script: redirect output of postfix start - to dev/null and do not use startproc to start postfix -* Tue Sep 04 2001 choeger@suse.de -- update to tls-extensions v0.7.9 - see http://groups.yahoo.com/group/postfix-users/message/41094 - for details -* Fri Aug 31 2001 choeger@suse.de -- update of tls-extensions to 0.7.8 -- update of postfix to pl04 -- Bugfix: - check if postfix spool is set up before starting postfix - - start postfix with postfix start, because postfix-script - wouldn't be executed, else. -* Tue Jul 10 2001 choeger@suse.de -- update of tls-extensions to 0.7.3 -* Thu Jun 28 2001 choeger@suse.de -- bugfix: remove libs from chroot jail, that are no longer - valid, Bugzilla ID#9133 -- bugfix: init script was not LSB compliant, Bugzilla ID#9063 -* Fri Jun 15 2001 choeger@suse.de -- added cyrus to require start in init-script -- "bugfix": bootstrap problem cyrus-imapd <-> postfix: - cyrus-imapd must run before postfix, but fails to create - lmtp socket, because /var/spool/postfix/public directory - isn't present. FIX: add it to filelist -* Wed Jun 13 2001 choeger@suse.de -- install postrop with special SGID modes -* Tue Jun 12 2001 choeger@suse.de -- improved SuSEconfig.postfix - - better main.cf handling - - new feature: chroot or not chroot -* Mon May 28 2001 choeger@suse.de -- major bugfix: memory leak in the LDAP client module -- minor bugfixes -* Wed May 09 2001 mfabian@suse.de -- bzip2 sources -* Wed May 02 2001 choeger@suse.de -- updated to pl02, bugfixrelease -* Mon Apr 30 2001 choeger@suse.de -- Bugfix for SuSEconfig.postfix: - Handling of TIMEZONE variable if set to unappropriate or no - value -- Improvement: Warnings are printed out in bold -* Tue Apr 17 2001 kukuk@suse.de -- Don't use a RPM macro for version number -* Fri Mar 30 2001 choeger@suse.de -- update to pl01, bugfixrelease -* Tue Mar 27 2001 choeger@suse.de -- added libcrack to chroot jail, because - it is needed by pam_pwcheck -* Thu Mar 15 2001 ro@suse.de -- fixed neededforbuild for openldap -* Mon Mar 05 2001 choeger@suse.de -- first non-beta of the next postfix generation -- v20010228 -* Tue Feb 27 2001 ro@suse.de -- added cyrus-sasl-devel to neededforbuild -* Tue Feb 27 2001 choeger@suse.de -- new version, 20010225 -- removed notification message -* Tue Feb 20 2001 choeger@suse.de -- bugfix: wrong permissions for maildrop directory -* Wed Jan 31 2001 choeger@suse.de -- update to version 20010128 -- now linked against ldaplib2 -* Fri Jan 05 2001 choeger@suse.de -- bugfix: maildrop must be owned by postfix.root -* Mon Dec 18 2000 choeger@suse.de -- update to version 20001212 -- bugfix: insserv -- bugfix: missed openssl in neededforbuilt -- renamed to postfix, because a non-crypto version - is no longer needed -* Wed Dec 13 2000 choeger@suse.de -- Bugfix: postfix-script was not executable -* Tue Dec 12 2000 choeger@suse.de -- Bugfixes: - Provides in initscript - Use /bin/bash in SuSEconfig.postfix -- Update to version 20001210 -* Thu Nov 30 2000 ro@suse.de -- startscript sbin -> etc -* Thu Nov 23 2000 choeger@suse.de -- new version -- fix for neededforbuild -- fix for master.cf -* Wed Nov 22 2000 choeger@suse.de -- adopted to new init scheme -* Wed Nov 15 2000 choeger@suse.de -- fixed neededforbuild -* Tue Nov 14 2000 choeger@suse.de -- update to version 20001030 -* Thu Nov 09 2000 choeger@suse.de -- long packagename -- added rpm buildroot -* Wed Nov 08 2000 uli@suse.de -- fixed neededforbuild -* Fri Nov 03 2000 bk@suse.de -- src/util/dict_ldap.c:dict_ldap_lookup(): fix missing **-termination. -* Tue Oct 24 2000 fober@suse.de -- s390,ppc: added -fsigned-char compiler option, to fix obscure segfaults. - (code is not signed/unsigned-char-clean) -* Thu Oct 12 2000 choeger@suse.de -- yet another SuSEconfig.postfix bug (incorrect link) -* Wed Oct 11 2000 choeger@suse.de -- bugfix for SuSEconfig.postfix -* Mon Oct 09 2000 choeger@suse.de -- bugfix: missed to install new flush service -* Mon Oct 09 2000 choeger@suse.de -- inititial revision of pfixtls