diff --git a/postfix-3.5.8.tar.gz b/postfix-3.5.8.tar.gz new file mode 100644 index 0000000..81ea02f --- /dev/null +++ b/postfix-3.5.8.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:22582628cf3edc18c5155c9ff44543dd95a9435fb68135d76a99f572cb07456f +size 4614733 diff --git a/postfix-3.5.8.tar.gz.asc b/postfix-3.5.8.tar.gz.asc new file mode 100644 index 0000000..c91b223 --- /dev/null +++ b/postfix-3.5.8.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.18 (FreeBSD) + +iFcDBQBfpx7vDAtZDoDKFacRCoWNAP48whcIl3p06B6xosrFuNgN4SIvY3DAKAZi +7pKaMyPhbAEAhYVQhtaheHNcWbPnWAj8Z9hRQvLGbEDlnEjkNlYmKQc= +=F5E8 +-----END PGP SIGNATURE----- diff --git a/postfix-3.5.9.tar.gz b/postfix-3.5.9.tar.gz deleted file mode 100644 index 731c32c..0000000 --- a/postfix-3.5.9.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:51ced5a3165a415beba812b6c9ead0496b7172ac6c3beb654d2ccd9a1b00762b -size 4620852 diff --git a/postfix-3.5.9.tar.gz.asc b/postfix-3.5.9.tar.gz.asc deleted file mode 100644 index 27ff915..0000000 --- a/postfix-3.5.9.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.18 (FreeBSD) - -iFcDBQBgBFwoDAtZDoDKFacRCvzhAP4yix6R51EeNGV+lGfzsS2NEgDnoGvdoXIp -m8O0ocFIXAD9HgylqBBdTnAm3PnDawYVJS6vWPUKJRGrqjwnTJ4Ikqc= -=ncG3 ------END PGP SIGNATURE----- diff --git a/postfix-SUSE.tar.gz b/postfix-SUSE.tar.gz index 39d2fb7..03802d9 100644 --- a/postfix-SUSE.tar.gz +++ b/postfix-SUSE.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:694d01f378319f2cf087acef611a849f5b03738e882f172fd00dd53a9e4cbc0e -size 22916 +oid sha256:6fc0d9079d0fabb16191c3d2e3af9bd6bb06317abe07d30c65017b8537f3cbf0 +size 24077 diff --git a/postfix-bdb-main.cf.patch b/postfix-bdb-main.cf.patch deleted file mode 100644 index dad7975..0000000 --- a/postfix-bdb-main.cf.patch +++ /dev/null @@ -1,153 +0,0 @@ -Index: conf/main.cf -=================================================================== ---- conf/main.cf.orig -+++ conf/main.cf -@@ -567,6 +567,7 @@ unknown_local_recipient_reject_code = 55 - # - #smtpd_banner = $myhostname ESMTP $mail_name - #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) -+smtpd_banner = $myhostname ESMTP - - # PARALLEL DELIVERY TO THE SAME DESTINATION - # -@@ -673,4 +674,140 @@ sample_directory = - # readme_directory: The location of the Postfix README files. - # - readme_directory = -+ -+############################################################ -+# -+# before changing values manually consider editing -+# /etc/sysconfig/postfix -+# and run -+# config.postfix -+# -+# if you miss a feature of config.postfix then just send a -+# mail to chris@computersalat.de -+# patches for new feature(s) are also welcome :) -+# -+############################################################ -+ -+biff = no -+content_filter = -+delay_warning_time = 0h -+disable_dns_lookups = no -+disable_mime_output_conversion = no -+disable_vrfy_command = yes -+inet_interfaces = all - inet_protocols = ipv4 -+masquerade_classes = envelope_sender, header_sender, header_recipient -+masquerade_domains = -+masquerade_exceptions = -+mydestination = $myhostname, localhost.$mydomain -+myhostname = localhost -+mynetworks_style = subnet -+relayhost = -+ -+alias_maps = -+canonical_maps = -+relocated_maps = -+sender_canonical_maps = -+transport_maps = -+mail_spool_directory = /var/mail -+message_strip_characters = -+defer_transports = -+mailbox_command = -+mailbox_transport = -+mailbox_size_limit = 0 -+message_size_limit = 0 -+strict_8bitmime = no -+strict_rfc821_envelopes = no -+smtpd_delay_reject = yes -+smtpd_helo_required = no -+ -+smtpd_client_restrictions = -+ -+smtpd_helo_restrictions = -+ -+smtpd_sender_restrictions = -+ -+smtpd_recipient_restrictions = -+ -+ -+############################################################ -+# SASL stuff -+############################################################ -+smtp_sasl_auth_enable = no -+smtp_sasl_security_options = -+smtp_sasl_password_maps = -+smtpd_sasl_auth_enable = no -+# cyrus : smtpd_sasl_type = cyrus -+# smtpd_sasl_path = smtpd -+# dovecot : smtpd_sasl_type = dovecot -+# smtpd_sasl_path = private/auth -+smtpd_sasl_type = cyrus -+smtpd_sasl_path = smtpd -+############################################################ -+# TLS stuff -+############################################################ -+#tls_append_default_CA = no -+relay_clientcerts = -+#tls_random_source = dev:/dev/urandom -+ -+smtp_use_tls = no -+#smtp_tls_loglevel = 0 -+smtp_enforce_tls = no -+smtp_tls_CAfile = -+smtp_tls_CApath = -+smtp_tls_cert_file = -+smtp_tls_key_file = -+#smtp_tls_policy_maps = hash:/etc/postfix/tls_policy -+#smtp_tls_session_cache_timeout = 3600s -+smtp_tls_session_cache_database = -+ -+smtpd_use_tls = no -+#smtpd_tls_loglevel = 0 -+smtpd_tls_CAfile = -+smtpd_tls_CApath = -+smtpd_tls_cert_file = -+smtpd_tls_key_file = -+smtpd_tls_ask_ccert = no -+smtpd_tls_exclude_ciphers = RC4 -+smtpd_tls_received_header = no -+############################################################ -+# Start MySQL from postfixwiki.org -+############################################################ -+relay_domains = $mydestination, hash:/etc/postfix/relay -+#virtual_alias_domains = -+#virtual_alias_maps = hash:/etc/postfix/virtual -+#virtual_uid_maps = static:303 -+#virtual_gid_maps = static:303 -+#virtual_minimum_uid = 303 -+#virtual_mailbox_base = /srv/maildirs -+#virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf -+#virtual_mailbox_limit = 0 -+#virtual_mailbox_limit_inbox = no -+#virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf -+## For dovecot LMTP replace 'virtual' with 'lmtp:unix:private/dovecot-lmtp' -+#virtual_transport = virtual -+## Additional for quota support -+#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf -+#virtual_mailbox_limit_override = yes -+### Needs Maildir++ compatible IMAP servers, like Courier-IMAP -+#virtual_maildir_filter = yes -+#virtual_maildir_filter_maps = hash:/etc/postfix/vfilter -+#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later. -+#virtual_maildir_limit_message_maps = hash:/etc/postfix/vmsg -+#virtual_overquota_bounce = yes -+#virtual_trash_count = yes -+#virtual_trash_name = ".Trash" -+############################################################ -+# End MySQL from postfixwiki.org -+############################################################ -+# Rewrite reject codes -+############################################################ -+#unknown_address_reject_code = 550 -+#unknown_client_reject_code = 550 -+#unknown_hostname_reject_code = 550 -+#unverified_recipient_reject_code = 550 -+#soft_bounce = yes -+############################################################ -+#debug_peer_list = example.com -+#debug_peer_level = 3 -+ diff --git a/postfix-bdb.changes b/postfix-bdb.changes deleted file mode 100644 index 39939b2..0000000 --- a/postfix-bdb.changes +++ /dev/null @@ -1,5065 +0,0 @@ -------------------------------------------------------------------- -Mon Jan 25 10:31:03 UTC 2021 - Paolo Stivanin - -- Update to 3.5.9: - * improves the reporting of DNSSEC problems that may affect - DANE security - -------------------------------------------------------------------- -Wed Jan 20 15:19:13 UTC 2021 - Peter Varkoly - -- postfix-bdb-lmdb should provide postfix-lmdb - -------------------------------------------------------------------- -Tue Dec 8 13:36:35 UTC 2020 - Peter Varkoly - -- bsc#1176650 L3: What is regularly triggering the "fillup" - command and changing modify-time of /etc/sysconfig/postfix? - o Remove miss placed fillup_only call from %verifyscript - -------------------------------------------------------------------- -Thu Nov 26 15:30:10 UTC 2020 - Peter Varkoly - -- Remove Berkeley DB dependency (JIRA#SLE-12191) - The pacakges postfix is build without Berkely DB support. - lmdb will be used instead of BDB. - The pacakges postfix-bdb is build with Berkely DB support. - o add patch for main.cf for postfix-bdb package - postfix-bdb-main.cf.patch - -------------------------------------------------------------------- -Sun Nov 8 20:59:23 UTC 2020 - Michael Ströder - -- Update to 3.5.8 - * The Postfix SMTP client inserted into message headers longer - than $line_length_limit (default: 2048), causing all subsequent header - content to become message body content. - * The postscreen daemon did not save a copy of the - postscreen_dnsbl_reply_map lookup result. This has no effect when the - recommended texthash: look table is used, but it could result in stale - data with other lookup tables. - * After deleting a recipient with a Milter, the Postfix recipient - duplicate filter was not updated; the filter suppressed requests - to add the recipient back. - * Memory leak: the static: maps did not free their casefolding buffer. - * With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a - TLS handshake, after processing an XCLIENT command. - * The smtp_sasl_mechanism_filter implementation ignored table lookup - errors, treating them as 'not found'. - * The code that looks for Delivered-To: headers ignored headers longer - than $line_length_limit (default: 2048). - -------------------------------------------------------------------- -Mon Aug 31 13:38:04 UTC 2020 - Michael Ströder - -- Update to 3.5.7 - * Fixed random certificate verification failures with - "smtp_tls_connection_reuse = yes", because tlsproxy(8) was using - the wrong global TLS context for connections that use DANE or - non-DANE trust anchors. - -------------------------------------------------------------------- -Tue Aug 25 13:54:40 UTC 2020 - Thorsten Kukuk - -- Move ldap into an own sub-package like all other databases -- Move manual pages to correct sub-package - -------------------------------------------------------------------- -Fri Aug 21 08:44:22 UTC 2020 - Thorsten Kukuk - -- Use sysusers.d to create system accounts -- Remove wrong %config for systemd directory content - -------------------------------------------------------------------- -Sun Aug 9 06:55:01 UTC 2020 - Arjen de Korte - -- Use the correct signature file for source verification -- Rename postfix-3.5.6.tar.gz.sig to postfix-3.5.6.tar.gz.asc (to - prevent confusion, as the signature file from upstream with .sig - extension is incompatible with the build service) - -------------------------------------------------------------------- -Sun Jul 26 21:22:39 UTC 2020 - Michael Ströder - -- Update to 3.5.6 with following fixes: - * Workaround for unexpected TLS interoperability problems when Postfix - runs on OS distributions with system-wide OpenSSL configurations. - * Memory leaks in the Postfix TLS library, the largest one - involving multiple kBytes per peer certificate. - -------------------------------------------------------------------- -Thu Jul 16 20:42:19 UTC 2020 - Arjen de Korte - -- Add source verification (add postfix.keyring) - -------------------------------------------------------------------- -Fri Jul 3 14:06:53 UTC 2020 - Thorsten Kukuk - -- Use systemd_ordering instead of systemd_require. -- Move /etc/postfix/system to /usr/lib/postfix/systemd [bsc#1173688] -- Drop /var/adm/SuSEconfig from %post, it does nothing. -- Rename postfix-SuSE to postfix-SUSE -- Delete postfix-SUSE/README.SuSE, company name spelled wrong, - completly outdated and not used. -- Delete postfix-SUSE/SPAMASSASSIN+POSTFIX.SuSE, company name - spelled wrong, outdated and not used. -- sysconfig.mail-postfix: Fix description of MAIL_CREATE_CONFIG, - SuSEconfig is gone since ages. -- update_chroot.systemd: Remove advice to run SuSEconfig. -- Remove rc.postfix, not used, outdated. -- mkpostfixcert: Remove advice to run SuSEconfig. - -------------------------------------------------------------------- -Mon Jun 29 18:44:13 UTC 2020 - Michael Ströder - -- Update to 3.5.4: - * The connection_reuse attribute in smtp_tls_policy_maps always - resulted in an "invalid attribute name" error. - * SMTP over TLS connection reuse always failed for Postfix SMTP - client configurations that specify explicit trust anchors (remote - SMTP server certificates or public keys). - * The Postfix SMTP client's DANE implementation would always send - an SNI option with the name in a destination's MX record, even - if the MX record pointed to a CNAME record. MX records that - point to CNAME records are not conformant with RFC5321, and so - are rare. - Based on the DANE survey of ~2 million hosts it was found that - with the corrected SMTP client behavior, sending SNI with the - CNAME-expanded name, the SMTP server would not send a different - certificate. This fix should therefore be safe. - -------------------------------------------------------------------- -Mon Jun 15 16:09:57 UTC 2020 - Michael Ströder - -- Update to 3.5.3: - * TLS handshake failure in the Postfix SMTP server during SNI - processing, after the server-side TLS engine sent a TLSv1.3 - HelloRetryRequest (HRR) to a remote SMTP client. - * The command "postfix tls deploy-server-cert" did not handle a - missing optional argument. This bug was introduced in Postfix - 3.1. - -------------------------------------------------------------------- -Sun May 17 19:57:57 UTC 2020 - Michael Ströder - -- Update to 3.5.2: - * A TLS error for a database client caused a false 'lost connection' - error for an SMTP over TLS session in the same Postfix process. - This bug was introduced with Postfix 2.2. - * The same bug existed in the tlsproxy(8) daemon, where a TLS - error for one TLS session could cause a false 'lost connection' - error for a concurrent TLS session in the same process. This - bug was introduced with Postfix 2.8. - * The Postfix build now disables DANE support on Linux systems - with libc-musl such as Alpine, because libc-musl provides no - indication whether DNS responses are authentic. This broke DANE - support without a clear explanation. - * Due to implementation changes in the ICU library, some Postfix - daemons reported file access errrors (U_FILE_ACCESS_ERROR) after - chroot(). This was fixed by initializing the ICU library before - making the chroot() call. - * Minor code changes to silence a compiler that special-cases - string literals. - * Segfault (null pointer) in the tlsproxy(8) client role when the - server role was disabled. This typically happened on systems - that do not receive mail, after configuring connection reuse - for outbound SMTP over TLS. - * The date portion of the maillog_file_rotate_suffix default value - used the minute (%M) instead of the month (%m). - -------------------------------------------------------------------- -Mon May 11 20:07:40 UTC 2020 - Arjen de Korte - -- boo#1106004 fix incorrect locations for files in postfix-files - -------------------------------------------------------------------- -Sun Apr 19 10:22:12 UTC 2020 - Michael Ströder - -- Dropped deprecated-RES_INSECURE1.patch to make DNSSEC-secured - lookups and DANE mail transport work again -- Update to 3.5.1: - * Support for the haproxy v2 protocol. The Postfix implementation - supports TCP over IPv4 and IPv6, as well as non-proxied - connections; the latter are typically used for heartbeat tests. - * Support to force-expire email messages. This introduces new - postsuper(1) command-line options to request expiration, and - additional information in mailq(1) or postqueue(1) output. - * The Postfix SMTP and LMTP client support a list of nexthop - destinations separated by comma or whitespace. These destinations - will be tried in the specified order. - * Incompatible changes: - * Logging: Postfix daemon processes now log the from= and to= - addresses in external (quoted) form in non-debug logging (info, - warning, etc.). This means that when an address localpart - contains spaces or other special characters, the localpart will - be quoted, for example: - from=<"name with spaces"@example.com> - Specify "info_log_address_format = internal" for backwards compatibility. - * Postfix now normalizes IP addresses received with XCLIENT, - XFORWARD, or with the HaProxy protocol, for consistency with - direct connections to Postfix. This may change the appearance - of logging, and the way that check_client_access will match - subnets of an IPv6 address. - -------------------------------------------------------------------- -Fri Mar 13 14:29:32 UTC 2020 - Michael Ströder - -- Update to 3.4.10: - * Bug (introduced: Postfix 2.3): Postfix Milter client state - was not properly reset after one Milter in a multi-Milter - configuration failed during MAIL FROM, resulting in a Postfix - Milter client panic during the next MAIL FROM command in the - same SMTP session. - -------------------------------------------------------------------- -Fri Feb 7 17:07:39 UTC 2020 - Peter Varkoly - -- bsc#1162891 server:mail/postfix: cond_slp bug on TW after - moving /etc/services to /usr/etc/services - -------------------------------------------------------------------- -Wed Feb 5 12:27:07 UTC 2020 - Peter Varkoly - -- bsc#1160413 postfix fails with -fno-common - -------------------------------------------------------------------- -Mon Feb 3 12:31:48 UTC 2020 - Michael Ströder - -- Update to 3.4.9: - * Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were - broken while adding support for negative DNS response caching - in postscreen. Postfix was inadvertently changed to call - res_query() instead of res_search(). - * Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro - overrides from a Milter application. Postfix now evaluates the - Milter macros for an SMTP CONNECT event after the Postfix-to-Milter - connection is negotiated. - * Bug (introduced: Postfix 3.0): sanitize (remote) server responses - before storing them in the verify database, to avoid Postfix - warnings about malformed UTF8. Found during code maintenance. - -------------------------------------------------------------------- -Wed Nov 27 19:55:30 UTC 2019 - Michael Ströder - -- Update to 3.4.8: - * Fix for an Exim interoperability problem when postscreen after-220 - checks are enabled. Bug introduced in Postfix 3.4: the code - that detected "PIPELINING after BDAT" looked at the wrong - variable. The warning now says "BDAT without valid RCPT", and - the error is no longer treated as a command PIPELINING error, - thus allowing mail to be delivered. Meanwhile, Exim has been - fixed to stop sending BDAT commands when postscreen rejects all - RCPT commands. - * Usability bug, introduced in Postfix 3.4: the parser for - key/certificate chain files rejected inputs that contain an EC - PARAMETERS object. While this is technically correct (the - documentation says what types are allowed) this is surprising - behavior because the legacy cert/key parameters will accept - such inputs. For now, the parser skips object types that it - does not know about for usability, and logs a warning because - ignoring inputs is not kosher. - * Bug introduced in Postfix 2.8: don't gratuitously enable all - after-220 tests when only one such test is enabled. This made - selective tests impossible with 'good' clients. This will be - fixed in older Postfix versions at some later time. - -------------------------------------------------------------------- -Tue Sep 24 07:59:04 UTC 2019 - Martin Liška - -- Backport deprecated-RES_INSECURE1.patch in order to fix - boo#1149705. - -------------------------------------------------------------------- -Sun Sep 22 16:45:39 UTC 2019 - Michael Ströder - -- Update to 3.4.7: - * Robustness: the tlsproxy(8) daemon could go into a loop, logging - a flood of error messages. Problem reported by Andreas Schulze - after enabling SMTP/TLS connection reuse. - * Workaround: OpenSSL changed an SSL_Shutdown() non-error result - value into an error result value, causing logfile noise. - * Configuration: the new 'TLS fast shutdown' parameter name was - implemented incorrectly. The documentation said - "tls_fast_shutdown_enable", but the code said "tls_fast_shutdown". - This was fixed by changing the code, because no-one is expected - to override the default. - * Performance: workaround for poor TCP loopback performance on - LINUX, where getsockopt(..., TCP_MAXSEG, ...) reports a bogus - TCP maximal segment size that is 1/2 to 1/3 of the real MSS. - To avoid client-side Nagle delays or server-side delayed ACKs - caused by multiple smaller-than-MSS writes, Postfix chooses a - VSTREAM buffer size that is a small multiple of the reported - bogus MSS. This workaround increases the multiplier from 2x to - 4x. - * Robustness: the Postfix Dovecot client could segfault (null - pointer read) or cause an SMTP server assertion to fail when - talking to a fake Dovecot server. The Postfix Dovecot client - now logs a proper error instead. - -------------------------------------------------------------------- -Thu Sep 19 06:20:48 UTC 2019 - Peter Varkoly - -- bsc#1120757 L3: File Permissions->Paranoid can cause a system hang - Break loop if postfix has no permission in spool directory. - - add postfix-avoid-infinit-loop-if-no-permission.patch - -------------------------------------------------------------------- -Fri Aug 9 14:50:12 UTC 2019 - chris@computersalat.de - -- fix for boo#1144946 - mydestination - missing default localhost - * update config.postfix - -------------------------------------------------------------------- -Fri Jul 26 08:26:07 UTC 2019 - Peter Varkoly - -- bsc#1142881 - mkpostfixcert from Postfix still uses md - -------------------------------------------------------------------- -Thu Jul 25 12:38:43 UTC 2019 - matthias.gerstner@suse.com - -- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by - firewalld, see [1]. - - [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html - -------------------------------------------------------------------- -Sun Jul 21 23:54:34 UTC 2019 - chris@computersalat.de - -- update example POSTFIX_BASIC_SPAM_PREVENTION: permit_mynetworks for - * POSTFIX_SMTPD_HELO_RESTRICTIONS - * POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS -- fix for: Can't connect to local MySQL server through socket - '/run/mysql/mysql.sock' - * update config.postfix - * update update_chroot.systemd - -------------------------------------------------------------------- -Wed Jul 3 08:43:58 UTC 2019 - Michael Ströder - -- Update to 3.4.6: - * Workaround for implementations that hang Postfix while shutting - down a TLS session, until Postfix times out. With - "tls_fast_shutdown_enable = yes" (the default), Postfix no - longer waits for the TLS peer to respond to a TLS 'close' - request. This is recommended with TLSv1.0 and later. - * Fixed a too-strict censoring filter that broke multiline Milter - responses for header/body events. Problem report by Andreas - Thienemann. - * The code to reset Postfix SMTP server command counts was not - called after a HaProxy handshake failure, causing stale numbers - to be reported. Problem report by Joseph Ward. - * postconf(5) documentation: tlsext_padding is not a tls_ssl_options - feature. - * smtp(8) documentation: updated the BUGS section text about - Postfix support to reuse open TLS connections. - * Portability: added "#undef sun" to util/unix_dgram_connect.c. - -------------------------------------------------------------------- -Wed Jun 26 13:52:30 UTC 2019 - Peter Varkoly - -- Ensure that postfix is member of all groups as before. - -------------------------------------------------------------------- -Wed Jun 12 14:30:34 UTC 2019 - Dominique Leuenberger - -- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to - shortcut the build queues by allowing usage of systemd-mini - -------------------------------------------------------------------- -Thu Jun 6 09:29:34 UTC 2019 - Tomáš Chvátal - -- Drop the omc config fate#301838: - * it is obsolete since SLE11 - -------------------------------------------------------------------- -Wed May 8 09:27:51 UTC 2019 - Peter Varkoly - -- bsc#1104543 config.postfix does not start tlsmgr in master.cf - when using POSTFIX_SMTP_TLS_CLIENT="must". Applyed the proposed - patch. - -------------------------------------------------------------------- -Sun Mar 31 09:08:58 UTC 2019 - Michael Ströder - -- Update to 3.4.5: - Bugfix (introduced: Postfix 3.0): LMTP connections over - UNIX-domain sockets were cached but not reused, due to a - cache lookup key mismatch. Therefore, idle cached connections - could exhaust LMTP server resources, resulting in two-second - pauses between email deliveries. This problem was investigated - by Juliana Rodrigueiro. File: smtp/smtp_connect.c. - -------------------------------------------------------------------- -Mon Mar 18 09:56:11 UTC 2019 - Peter Varkoly - -- Update to 3.4.4 - - o Incompatible changes - - The Postfix SMTP server announces CHUNKING (BDAT - command) by default. In the unlikely case that this breaks some - important remote SMTP client, disable the feature as follows: - - /etc/postfix/main.cf: - # The logging alternative: - smtpd_discard_ehlo_keywords = chunking - # The non-logging alternative: - smtpd_discard_ehlo_keywords = chunking, silent_discard - - This introduces a new master.cf service 'postlog' - with type 'unix-dgram' that is used by the new postlogd(8) daemon. - Before backing out to an older Postfix version, edit the master.cf - file and remove the postlog entry. - - Postfix 3.4 drops support for OpenSSL 1.0.1 - - To avoid performance loss under load, the - tlsproxy(8) daemon now requires a zero process limit in master.cf - (this setting is provided with the default master.cf file). By - default, a tlsproxy(8) process will retire after several hours. - - To set the tlsproxy process limit to zero: - postconf -F tlsproxy/unix/process_limit=0 - postfix reload - o Major changes - - Postfix SMTP server support for RFC 3030 CHUNKING - (the BDAT command) without BINARYMIME, in both smtpd(8) and - postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions, - and smtpd_proxy_filter. See BDAT_README for more. - - Support for logging to file or stdout, instead of using syslog. - - Logging to file solves a usability problem for MacOS, and - eliminates multiple problems with systemd-based systems. - - Logging to stdout is useful when Postfix runs in a container, as - it eliminates a syslogd dependency. - - Better handling of undocumented(!) Linux behavior - whether or not signals are delivered to a PID=1 process. - - Support for (key, list of filenames) in map source text. - Currently, this feature is used only by tls_server_sni_maps. - - Automatic retirement: dnsblog(8) and tlsproxy(8) process - will now voluntarily retire after after max_idle*max_use, or some - sane limit if either limit is disabled. Without this, a process - could stay busy for days or more. - - Postfix SMTP client support for multiple deliveries - per TLS-encrypted connection. This is primarily to improve mail - delivery performance for destinations that throttle clients when - they don't combine deliveries. - This feature is enabled with "smtp_tls_connection_reuse=yes" in - main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps. - It supports all Postfix TLS security levels including dane and - dane-only. - - SNI support in the Postfix SMTP server, the - Postfix SMTP client, and in the tlsproxy(8) daemon (both server and - client roles). See the postconf(5) documentation for the new - tls_server_sni_maps and smtp_tls_servername parameters. - - Support for files that contain multiple (key, certificate, trust chain) - instances. This was required to implement - server-side SNI table lookups, but it also eliminates the need for - separate cert/key files for RSA, DSA, Elliptic Curve, and so on. - - Support for smtpd_reject_footer_maps (as well as the postscreen - variant postscreen_reject_footer_maps) for more informative reject - messages. This is indexed with the Postfix SMTP server response - text, and overrides the footer specified with smtpd_reject_footer. - One will want to use a pcre: or regexp: map with this. - o Bugfixes - - Andreas Schulze discovered that reject_multi_recipient_bounce - was producing false rejects with BDAT commands. This problem - already existed with Postfix 2.2 smtpd_end_of_data_restrictons. - Postfix 3.4.4 fixes both. - -------------------------------------------------------------------- -Tue Mar 5 13:21:35 UTC 2019 - Jiri Slaby - -- postfix-linux45.patch: support also newer kernels -- pretend - we are still at kernel 3. Note that there are no conditionals for - LINUX3 or LINUX4. And LINUX5 was generated, but not tested in the - code which caused build failures. - -------------------------------------------------------------------- -Mon Mar 4 14:43:05 UTC 2019 - Marcus Rueckert - -- skip set -x and fix version update changes entry - -------------------------------------------------------------------- -Sat Mar 2 19:26:21 UTC 2019 - Michael Ströder - -- Update to 3.3.3 - * When the master daemon runs with PID=1 (init mode), it will now - reap child processes from non-Postfix code running in the same - container, instead of terminating with a panic. - * Bugfix (introduced: postfix-2.11): with posttls-finger, - connections to unix-domain servers always resulted in "Failed - to establish session" even after a connection was established. - Jaroslav Skarva. File: posttls-finger/posttls-finger.c. - * Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes, - table lookups could casefold the search string when searching - a lookup table that does not use fixed-string keys (regexp, - pcre, tcp, etc.). Historically, Postfix would not case-fold - the search string with such tables. File: util/dict_utf8.c. - -------------------------------------------------------------------- -Fri Mar 1 16:23:13 UTC 2019 - Reinhard Max - -- PostrgeSQL's pg_config is meant for linking server extensions, - use libpq's pkg-config instead, if available. - This is needed to fix build with PostgreSQL 11. - -------------------------------------------------------------------- -Thu Feb 7 18:22:14 UTC 2019 - chris@computersalat.de - -- rework config.postfix - * disable commenting of smtpd_sasl_path/smtpd_sasl_type - no need to comment, cause it is set to default anyway - and 'uncommenting' would place it at end of file then - which is not wanted - -------------------------------------------------------------------- -Sat Jan 26 19:28:02 UTC 2019 - chris@computersalat.de - -- rework postfix-main.cf.patch - * disable virtual_alias_domains cause (default: $virtual_alias_maps) -- rework config.postfix - * disable PCONF of virtual_alias_domains - virtual_alias_maps will be set anyway to the correct value - * extend virtual_alias_maps with - - mysql_virtual_alias_domain_maps.cf - - mysql_virtual_alias_domain_catchall_maps.cf -- rework postfix-mysql, added - * mysql_virtual_alias_domain_maps.cf - * mysql_virtual_alias_domain_catchall_maps.cf - needed for reject_unverified_recipient - -------------------------------------------------------------------- -Thu Dec 13 10:20:31 UTC 2018 - malte.kraus@suse.com - -- binary hardening: link with full RELRO - -------------------------------------------------------------------- -Sun Nov 25 10:18:07 UTC 2018 - Michael Ströder - -- Update to 3.3.2 - * Support for OpenSSL 1.1.1 and TLSv1.3. - * Bugfixes: - - smtpd_discard_ehlo_keywords could not disable "SMTPUTF8", because - some lookup table was using "EHLO_MASK_SMTPUTF8" instead. - - minor memory leak in DANE support when minting issuer certs. - - The Postfix build did not abort if the m4 command was not installed, - resulting in a broken postconf command. - -------------------------------------------------------------------- -Sat Nov 24 17:08:30 UTC 2018 - chris@computersalat.de - -- add POSTFIX_RELAY_DOMAINS - * more flexibility to add to relay_domains without breaking - config.postfix - * rework restriction examples in sysconf.postfix - based on postfix-buch.com (2. edtion by Hildebrandt, Koetter) -- disable weak cipher: RC4 - after check with https://ssl-tools.net/mailservers - -------------------------------------------------------------------- -Mon Oct 22 13:00:03 UTC 2018 - chris@computersalat.de - -- update config.postfix - * don't reject mail from authenticated users even if - reject_unknown_client_hostname would match, - add permit_sasl_authenticated to all restrictions - requires smtpd_delay_reject = yes -- update postfix-main.cf.patch - * recover removed setting smtpd_sasl_path and smtpd_sasl_type, - set to default value - config.postfix will not 'enable' (remove #) var, but place - modified (enabled) var at end of file, far away from place - where it should be -- rebase patches - * fix-postfix-script.patch - * postfix-vda-v14-3.0.3.patch - * postfix-linux45.patch - * postfix-master.cf.patch - * pointer_to_literals.patch - * postfix-no-md5.patch - -------------------------------------------------------------------- -Thu Oct 4 12:51:32 UTC 2018 - varkoly@suse.com - -- bsc#1092939 - Postfixes postconf gives a lot of LDAP related warnings - o add m4 as buildrequires, as proposed. - -------------------------------------------------------------------- -Mon Aug 27 09:38:29 UTC 2018 - tchvatal@suse.com - -- Add zlib-devel as buildrequires, previously included from - openssl-devel - -------------------------------------------------------------------- -Fri May 25 11:19:22 UTC 2018 - varkoly@suse.com - -- bsc#1087471 Unreleased Postfix update breaks SUSE Manager - o Removing setting smtpd_sasl_path and smtpd_sasl_type to empty - -------------------------------------------------------------------- -Mon May 21 16:31:57 UTC 2018 - michael@stroeder.com - -- Update to 3.3.1 - * Postfix did not support running as a PID=1 process, which - complicated Postfix deployment in containers. The "postfix - start-fg" command will now run the Postfix master daemon as a - PID=1 process if possible. Thanks for inputs from Andreas - Schulze, Eray Aslan, and Viktor Dukhovni. - * Segfault in the postconf(1) command after it could not open a - Postfix database configuration file due to a file permission - error (dereferencing a null pointer). Reported by Andreas - Hasenack, fixed by Viktor Dukhovni. - * The luser_relay feature became a black hole, when the luser_relay - parameter was set to a non-existent local address (i.e. mail - disappeared silently). Reported by J?rgen Thomsen. - * Missing error propagation in the tlsproxy(8) daemon could result - in a segfault after TLS handshake error (dereferencing a - 0xffff...ffff pointer). This daemon handles the TLS protocol - when a non-whitelisted client sends a STARTTLS command to - postscreen(8). - -------------------------------------------------------------------- -Wed May 9 09:02:12 UTC 2018 - lnussel@suse.de - -- remove pre-requirements on sysvinit(network) and sysvinit(syslog). - There seems to be no good reason for that other than blowing up - the dependencies (bsc#1092408). - -------------------------------------------------------------------- -Mon Apr 9 09:32:56 UTC 2018 - adam.majer@suse.de - -- bsc#1071807 postfix-SuSE/config.postfix: only reload postfix - if the actual service is running. This prevents spurious - and irrelevant error messages in system logs. - -------------------------------------------------------------------- -Thu Mar 22 14:20:20 UTC 2018 - varkoly@suse.com - -- bsc#1082514 autoyast: postfix gets not set myhostname properly - - set to localhost - -------------------------------------------------------------------- -Mon Mar 12 13:43:43 UTC 2018 - ilya@ilya.pp.ua - -- Refresh spec-file via spec-cleaner and manual optinizations. - * Add %license macro. - * Set license to IPL-1.0 OR EPL-2.0. -- Update to 3.3.0 - * http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.0.RELEASE_NOTES - * Dual license: in addition to the historical IBM Public License - 1.0, Postfix is now also distributed with the more recent Eclipse - Public License 2.0. Recipients can choose to take the software - under the license of their choice. Those who are more comfortable - with the IPL can continue with that license. - * The postconf command now warns about unknown parameter names - in a Postfix database configuration file. As with other unknown - parameter names, these warnings can help to find typos early. - * Container support: Postfix 3.3 will run in the foreground with - "postfix start-fg". This requires that Postfix multi-instance - support is disabled (the default). To collect Postfix syslog - information on the container's host, mount the host's /dev/log - socket into the container, for example with "docker run -v - /dev/log:/dev/log ...other options...", and specify a distinct - Postfix syslog_name setting in the container (for example with - "postconf syslog_name=the-name-here"). - * Milter support: applications can now send RET and ENVID parameters - in SMFIR_CHGFROM (change envelope sender) requests. - * Postfix-generated From: headers with 'full name' information - are now formatted as "From: name
" by default. Specify - "header_from_format = obsolete" to get the earlier form "From: - address (name)". - * Interoperability: when Postfix IPv6 and IPv4 support are both - enabled, the Postfix SMTP client will now relax MX preferences - and attempt to schedule similar numbers of IPv4 and IPv6 - addresses. This works around mail delivery problems when a - destination announces lots of primary MX addresses on IPv6, but - is reachable only over IPv4 (or vice versa). The new behavior - is controlled with the smtp_balance_mx_inet_protocols parameter. - * Compatibility safety net: with compatibility_level < 1, the - Postfix SMTP server now warns for mail that would be blocked - by the Postfix 2.10 smtpd_relay_restrictions feature, without - blocking that mail. There still is a steady trickle of sites - that upgrade from an earlier Postfix version. - -------------------------------------------------------------------- -Tue Feb 13 10:39:37 UTC 2018 - varkoly@suse.com - -- bsc#1065411 Package postfix should require package system-user-nobody -- bsc#1080772 postfix smtpd throttle getting "hello" if no sasl auth - was configured - -------------------------------------------------------------------- -Thu Dec 7 15:02:14 UTC 2017 - dimstar@opensuse.org - -- Fix usage of fillup_only:-y is not a valid option to this macro. - -------------------------------------------------------------------- -Thu Nov 23 13:43:17 UTC 2017 - rbrown@suse.com - -- Replace references to /var/adm/fillup-templates with new - %_fillupdir macro (boo#1069468) - -------------------------------------------------------------------- -Wed Nov 8 13:32:28 CET 2017 - kukuk@suse.de - -- Don't mark postfix.service as config file, this is no config - file. -- Some of the Requires(pre) are needed for post-install and at - runtime, fix the requires. - -------------------------------------------------------------------- -Mon Oct 30 12:12:08 UTC 2017 - michael@stroeder.com - -- update to 3.2.4 - * DANE interoperability. Postfix builds with OpenSSL 1.0.0 or - 1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS - records associated with an intermediate CA certificate. Problem - report and initial fix by Erwan Legrand. - * Missing dynamicmaps support in the Postfix sendmail command. - This broke authorized_submit_users settings that use a - dynamically-loaded map type. Problem reported by Ulrich Zehl. - -------------------------------------------------------------------- -Fri Oct 20 12:27:12 UTC 2017 - varkoly@suse.com - -- bnc#1059512 L3: Postfix Problem - The applied changes breaks existing postfix configurations because - daemon_directory was not adapted to the new value. - - -------------------------------------------------------------------- -Sun Oct 15 22:47:29 UTC 2017 - chris@computersalat.de - -- fix build for SLE - * nothing provides libnsl-devel - * add bcond_with libnsl - -------------------------------------------------------------------- -Wed Oct 4 10:58:28 UTC 2017 - varkoly@suse.com - -- bnc#1059512 L3: Postfix Problem - To manage multiple Postfix instances on a single host requires - that daemon_directory and shlib_directory is different to - avoid use of the shared directories also as per-instance directories. - For this reason daemon_directory was set to /usr/lib/postfix/bin/. - shlib_directory stands /usr/lib/postfix/. - -------------------------------------------------------------------- -Thu Sep 28 08:44:41 UTC 2017 - varkoly@suse.com - -- bnc#1016491 postfix raported to log "warning: group or other writable:" - on each symlink in config. - * Add fix-postfix-script.patch - -------------------------------------------------------------------- -Mon Sep 25 16:25:05 UTC 2017 - michael@stroeder.com - -- update to 3.2.3 - * Extension propagation was broken with "recipient_delimiter = .". - This change reverts a change that was trying to be too clever. - * The postqueue command would abort with a panic message after it - experienced an output write error while listing the mail queue. - This change restores a write error check that was lost with the - Postfix 3.2 rewrite of the vbuf_print formatter. - * Restored sanity checks for dynamically-specified width and precision - in format strings (%*, %.*, and %*.*). These checks were lost with - the Postfix 3.2 rewrite of the vbuf_print formatter. - -------------------------------------------------------------------- -Thu Aug 17 08:56:15 CEST 2017 - kukuk@suse.de - -- Add libnsl-devel build requires for glibc obsoleting libnsl - -------------------------------------------------------------------- -Thu Jul 27 10:31:01 UTC 2017 - varkoly@suse.com - -- bnc#1045264 L3: postmap problem - * Applying proposed patch of leen.meyer@ziggo.nl in bnc#771811 - -------------------------------------------------------------------- -Fri Jun 16 17:45:55 UTC 2017 - michael@stroeder.com - -- update to 3.2.2 - * Security: Berkeley DB versions 2 and later try to read settings - from a file DB_CONFIG in the current directory. This undocumented - feature may introduce undisclosed vulnerabilities resulting in - privilege escalation with Postfix set-gid programs (postdrop, - postqueue) before they chdir to the Postfix queue directory, - and with the postmap and postalias commands depending on whether - the user's current directory is writable by other users. This - fix does not change Postfix behavior for Berkeley DB versions - < 3, but it does reduce postmap and postalias 'create' performance - with Berkeley DB versions 3.0 .. 4.6. - * The SMTP server receive_override_options were not restored at - the end of an SMTP session, after the options were modified by - an smtpd_milter_maps setting of "DISABLE". Milter support - remained disabled for the life time of the smtpd process. - * After the Postfix 3.2 address/domain table lookup overhaul, the - check_sender_access and check_recipient_access features ignored - a non-default parent_domain_matches_subdomains setting. - -------------------------------------------------------------------- -Wed Apr 19 20:36:03 UTC 2017 - chris@computersalat.de - -- revert changes of postfix-main.cf.patch from rev=261 - * config.postfix will not 'enable' (remove #) var, but place - modified (enabled) var at end of file, far away from place - where it should be - * keep vars enabled but empty - -------------------------------------------------------------------- -Thu Apr 13 09:18:45 UTC 2017 - werner@suse.de - -- Some cleanups - * Fix SUSE postfix-files to avoid chown errors (anyway this file - seems to be obsolete) - * Avoid installing shared libraries twice - * Refresh patch postfix-linux45.patch - -------------------------------------------------------------------- -Sat Apr 8 15:06:14 UTC 2017 - chris@computersalat.de - -- update postfix-master.cf.patch - * recover lost (with 3.2.0 update) submission, smtps sections - * merge with upstream update -- update config.postfix - * update master.cf generation for submission -- rebase patches against 3.2.0 - * pointer_to_literals.patch - * postfix-no-md5.patch - * postfix-ssl-release-buffers.patch - * postfix-vda-v14-3.0.3.patch - -------------------------------------------------------------------- -Mon Mar 20 18:01:36 CET 2017 - kukuk@suse.de - -- Require system group mail -- Use mail group name instead of GID - -------------------------------------------------------------------- -Mon Mar 6 21:27:38 UTC 2017 - mrueckert@suse.de - -- update to 3.2.0 - - [Feature 20170128] Postfix 3.2 fixes the handling of address - extensions with email addresses that contain spaces. For - example, the virtual_alias_maps, canonical_maps, and - smtp_generic_maps features now correctly propagate an address - extension from "aa bb+ext"@example.com to "cc - dd+ext"@other.example, instead of producing broken output. - - [Feature 20161008] "PASS" and "STRIP" actions in - header/body_checks. "STRIP" is similar to "IGNORE" but also - logs the action, and "PASS" disables header, body, and Milter - inspection for the remainder of the message content. - Contributed by Hobbit. - - [Feature 20160330] The collate.pl script by Viktor Dukhovni for - grouping Postfix logfile records into "sessions" based on queue - ID and process ID information. It's in the auxiliary/collate - directory of the Postfix source tree. - - [Feature 20160527] Postfix 3.2 cidr tables support if/endif and - negation (by prepending ! to a pattern), just like regexp and - pcre tables. The primarily purpose is to improve readability - of complex tables. See the cidr_table(5) manpage for syntax - details. - - [Incompat 20160925] In the Postfix MySQL database client, the - default option_group value has changed to "client", to enable - reading of "client" option group settings in the MySQL options - file. This fixes a "not found" problem with Postfix queries - that contain UTF8-encoded non-ASCII text. Specify an empty - option_group value (option_group =) to get backwards-compatible - behavior. - - [Feature 20161217] Stored-procedure support for MySQL - databases. Contributed by John Fawcett. See mysql_table(5) for - instructions. - - [Feature 20170128] The postmap command, and the inline: and - texthash: maps now support spaces in left-hand field of the - lookup table "source text". Use double quotes (") around a - left-hand field that contains spaces, and use backslash (\) to - protect embedded quotes in a left-hand field. There is no - change in the processing of the right-hand field. - - [Feature 20160611] The Postfix SMTP server local IP address and - port are available in the policy delegation protocol (attribute - names: server_address, server_port), in the Milter protocol - (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT - protocol (attribute names: DESTADDR, DESTPORT). - - [Feature 20161024] smtpd_milter_maps support for per-client - Milter configuration that overrides smtpd_milters, and that has - the same syntax. A lookup result of "DISABLE" turns off Milter - support. See MILTER_README.html for details. - - [Feature 20160611] The Postfix SMTP server local IP address and - port are available in the policy delegation protocol (attribute - names: server_address, server_port), in the Milter protocol - (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT - protocol (attribute names: DESTADDR, DESTPORT). - - [Incompat 20170129] The postqueue command no longer forces all - message arrival times to be reported in UTC. To get the old - behavior, set TZ=UTC in main.cf:import_environment (this - override is not recommended, as it affects all Postfix utities - and daemons). - - [Incompat 20161227] For safety reasons, the sendmail -C option - must specify an authorized directory: the default configuration - directory, a directory that is listed in the default main.cf - file with alternate_config_directories or - multi_instance_directories, or the command must be invoked with - root privileges (UID 0 and EUID 0). This mitigates a recurring - problem with the PHP mail() function. - - [Feature 20160625] The Postfix SMTP server now passes remote - client and local server network address and port information to - the Cyrus SASL library. Build with ``make makefiles - "CCARGS=$CCARGS -DNO_IP_CYRUS_SASL_AUTH"'' for backwards - compatibility. - - [Feature 20161103] Postfix 3.2 disables the 'transitional' - compatibility between the IDNA2003 and IDNA2008 standards for - internationalized domain names (domain names beyond the limits - of US-ASCII). - - This change makes Postfix behavior consistent with contemporary - web browsers. It affects the handling of some corner cases such - as German sz and Greek zeta. See - http://unicode.org/cldr/utility/idna.jsp for more examples. - - Specify "enable_idna2003_compatibility = yes" to restore - historical behavior (but keep in mind that the rest of the - world may not make that same choice). - - [Feature 20160828] Fixes for deprecated OpenSSL 1.1.0 API - features, so that Postfix will build without depending on - backwards-compatibility support. - - [Incompat 20161204] Postfix 3.2 removes tentative features that - were implemented before the DANE spec was finalized: - - - Support for certificate usage PKIX-EE(1), - - - The ability to disable digest agility (Postfix now behaves as - if "tls_dane_digest_agility = on"), and - - - The ability to disable support for "TLSA 2 [01] [12]" records - that specify the digest of a trust anchor (Postfix now - behaves as if "tls_dane_trust_anchor_digest_enable = yes). - - [Feature 20161217] Postfix 3.2 enables elliptic curve - negotiation with OpenSSL >= 1.0.2. This changes the default - smtpd_tls_eecdh_grade setting to "auto", and introduces a new - parameter tls_eecdh_auto_curves with the names of curves that - may be negotiated. - - The default tls_eecdh_auto_curves setting is determined at - compile time, and depends on the Postfix and OpenSSL versions. - At runtime, Postfix will skip curve names that aren't supported - by the OpenSSL library. - - [Feature 20160611] The Postfix SMTP server local IP address and - port are available in the policy delegation protocol (attribute - names: server_address, server_port), in the Milter protocol - (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT - protocol (attribute names: DESTADDR, DESTPORT). -- refresh postfix-master.cf.patch - -------------------------------------------------------------------- -Mon Mar 6 14:04:13 UTC 2017 - wr@rosenauer.org - -- make sure that system users can be created in %pre - -------------------------------------------------------------------- -Sat Feb 18 14:01:35 UTC 2017 - kukuk@suse.com - -- Fix requires: - - shadow is needed for postfix-mysql pre-install section - - insserv is not needed if systemd is used - -------------------------------------------------------------------- -Sat Jan 21 23:27:34 UTC 2017 - chris@computersalat.de - -- update postfix-mysql - * update mysql_*.cf files - * update postfix-mysql.sql (INNODB, utf8) -- update postfix-main.cf.patch - * uncomment smtpd_sasl_path, smtpd_sasl_type - can be changed via POSTFIX_SMTP_AUTH_SERVICE=(cyrus,dovecot) - * add option for smtp_tls_policy_maps (commented) -- update postfix-master.cf.patch - * fix indentation of submission, smtps options for correct - enabling via config.postfix -- update config.postfix - * fix sync of CA certificates - * fix master.cf generation for submission, smtps -- rebase postfix-vda-v14-3.0.3.patch - -------------------------------------------------------------------- -Wed Jan 11 14:07:35 UTC 2017 - varkoly@suse.com - -- FATE#322322 Update postfix to version 3.X - Merging changes with SLES12-SP2 - Removeved patches: add_missed_library.patch bnc#947707.diff dynamic_maps.patch postfix-db6.diff - postfix-opensslconfig.patch bnc#947519.diff dynamic_maps_pie.patch - postfix-post-install.patch - These are included in the new version of postfix -- Remove references to SuSEconfig.postfix from sysconfig docs. - (bsc#871575) -- bnc#947519 SuSEconfig.postfix should enforce umask 022 -- bnc#947707 mail generated by Amavis being prevented from being re-adressed by /etc/postfix/virtual -- bnc#972346 /usr/sbin/SuSEconfig.postfix is wrong -- postfix-linux45.patch: handle Linux 4.x and Linux 5.x (used by aarch64) - (bsc#940289) - -------------------------------------------------------------------- -Tue Jan 3 12:20:18 UTC 2017 - varkoly@suse.com - -- update to 3.1.4 - * The postscreen daemon did not merge the client test status information - for concurrent sessions from the same IP address. - * The Postfix SMTP server falsely rejected a sender address when validating - a sender address with "smtpd_reject_unlisted_recipient = yes" or with - "reject_unlisted_sender". Cause: the address validation code did not query sender_canonical_maps. - * The virtual delivery agent did not detect failure to skip to the end - of a mailbox file, so that mail would be delivered to the beginning of the file. - This could happen when a mailbox file was already larger than the virtual mailbox size limit. - * The postsuper logged an incorrect rename operation count after creating a missing directory. - * The Postfix SMTP server falsely rejected mail when a sender-dependent "error" - transport was configured. Cause: the SMTP server address validation code - was not updated when the sender_dependent_default_transport_maps feature - was introduced. - * The Postfix SMTP server falsely rejected an SMTPUTF8 sender address, when "smtpd_delay_reject = no". - * The "postfix tls deploy-server-cert" command used the wrong certificate - and key file. This was caused by a cut-and-paste error in the postfix-tls-script file. - -------------------------------------------------------------------- -Sat Nov 26 15:43:57 UTC 2016 - chris@computersalat.de - -- improve config.postfix - * improve SASL stuff - * add POSTFIX_SMTP_AUTH_SERVICE=(cyrus|dovecot) - -------------------------------------------------------------------- -Mon Nov 14 21:53:18 UTC 2016 - chris@computersalat.de - -- improve config.postfix - * improve with MySQL stuff - -------------------------------------------------------------------- -Mon Nov 7 13:35:38 UTC 2016 - chris@computersalat.de - -- update vda patch to latest available - * remove postfix-vda-v13-3.10.0.patch - * add postfix-vda-v14-3.0.3.patch -- rebase patches (and to be p0) - * pointer_to_literals.patch - * postfix-main.cf.patch - * postfix-master.cf.patch - * postfix-no-md5.patch - * postfix-ssl-release-buffers.patch -- add /etc/postfix/ssl as default DIR for SSL stuff - * cacerts -> ../../ssl/certs/ - * certs/ -- revert POSTFIX_SSL_PATH from '/etc/ssl' to '/etc/postfix/ssl' -- improve config.postfix - * revert smtpd_tls_CApath to POSTFIX_SSL_PATH/cacerts which is a - symlink to /etc/ssl/certs - Without reverting, 'gen_CA' would create files which would then be on - the previous defined 'sslpath(/etc/ssl)/certs' (smtpd_tls_CApath) - Cert reqs would be placed in 'sslpath(/etc/ssl)/certs/postfixreq.pem' - which is not a good idea. - * mkchroot: sync '/etc/postfix/ssl' to chroot - * improve PCONF for smtp{,d}_tls_{cert,key}_file, adding/removing from - main.cf, show warning if enabled and file is missing - -------------------------------------------------------------------- -Sun Oct 9 20:11:34 UTC 2016 - michael@stroeder.com - -- update to 3.1.3: - * The Postfix SMTP server did not reset a previous session's - failed/total command counts before rejecting a client that - exceeds request or concurrency rates. This resulted in incorrect - failed/total command counts being logged at the end of the - rejected session. - * The unionmap multi-table interface did not propagate table - lookup errors, resulting in false "user unknown" responses. - * The documentation was updated with a workaround for false "not - found" errors with MySQL map queries that contain UTF8-encoded - text. The workaround is to specify "option_group = client" in - Postfix MySQL configuration files. This will be the default - setting with Postfix 3.2 and later. - -------------------------------------------------------------------- -Sun Sep 4 15:33:27 UTC 2016 - michael@stroeder.com - -- update to 3.1.2: - * Changes to make Postfix build with OpenSSL 1.1.0. - * The makedefs script ignored readme_directory=pathname overrides. - Fix by Todd C. Olson. - * The tls_session_ticket_cipher documentation says that the default - cipher for TLS session tickets is aes-256-cbc, but the implemented - default was aes-128-cbc. Note that TLS session ticket keys are - rotated after 1/2 hour, to limit the impact of attacks on session - ticket keys. - -------------------------------------------------------------------- -Thu Jun 2 12:26:17 UTC 2016 - schwab@suse.de - -- postfix-post-install.patch: remove empty patch - -------------------------------------------------------------------- -Sun May 29 16:45:30 UTC 2016 - chris@computersalat.de - -- fix Changelog cause of Factory decline - -------------------------------------------------------------------- -Tue May 24 13:18:55 UTC 2016 - varkoly@suse.com - -- Fix typo in config.postfix - -------------------------------------------------------------------- -Tue May 24 04:29:41 UTC 2016 - varkoly@suse.com - -- bnc#981097 config.postfix creates broken main.cf for tls client configuration -- bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete -- update to 3.1.1: -- The new address_verify_pending_request_limit - parameter introduces a safety limit for the number of address - verification probes in the active queue. The default limit is 1/4 - of the active queue maximum size. The queue manager enforces the - limit by tempfailing probe messages that exceed the limit. This - design avoids dependencies on global counters that get out of sync - after a process or system crash. -- Machine-readable, JSON-formatted queue listing with "postqueue -j" - (no "mailq" equivalent). -- The milter_macro_defaults feature provides an optional list of macro - name=value pairs. These specify default values for Milter macros when - no value is available from the SMTP session context. -- Support to enforce a destination-independent delay between email - deliveries. The following example inserts 20 seconds of delay - between all deliveries with the SMTP transport, limiting the delivery - rate to at most three messages per minute. - smtp_transport_rate_delay = 20s -- Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes - that a "not found" result from a DNSBL server will be valid for one - hour. This may have been adequate five years ago when postscreen - was first implemented, but nowadays, that one hour can result in - missed opportunities to block new spambots. - To address this, postscreen now respects the TTL of DNSBL "not - found" replies, as well as the TTL of DNSWL replies (both "found" - and "not found"). The TTL for a "not found" reply is determined - according to RFC 2308 (the TTL of an SOA record in the reply). - - Support for DNSBL or DNSWL reply TTL values is controlled by two - configuration parameters: - - postscreen_dnsbl_min_ttl (default: 60 seconds). - postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour) - - The postscreen_dnsbl_ttl parameter is now obsolete, and has become - the default value for the new postscreen_dnsbl_max_ttl parameter. -- New "smtpd_client_auth_rate_limit" feature, to - enforce an optional rate limit on AUTH commands per SMTP client IP - address. Similar to other smtpd_client_*_rate_limit features, this - enforces a limit on the number of requests per $anvil_rate_time_unit. -- New SMTPD policy service attribute "policy_context", - with a corresponding "smtpd_policy_service_policy_context" configuration - parameter. Originally, this was implemented to share the same SMTPD - policy service endpoint among multiple check_policy_service clients. -- A new "postfix tls" command to quickly enable opportunistic TLS - in the Postfix SMTP client or server, and to manage SMTP server keys - and certificates, including certificate signing requests and - TLSA DNS records for DANE. - -------------------------------------------------------------------- -Tue Apr 19 07:59:32 UTC 2016 - opensuse@dstoecker.de - -- build with working support for SMTPUTF8 - -------------------------------------------------------------------- -Sun Mar 20 14:11:27 UTC 2016 - mrueckert@suse.de - -- fix build on sle11 by pointing _libexecdir to /usr/lib all the - time. - -------------------------------------------------------------------- -Sun Mar 20 13:46:56 UTC 2016 - mrueckert@suse.de - -- some distros did not pull pkgconfig indirectly. pull it directly. - -------------------------------------------------------------------- -Sun Mar 20 08:19:23 UTC 2016 - mrueckert@suse.de - -- fix building the dynamic maps: the old build had postgresql e.g. - with missing symbols. - - convert to AUXLIBS_* instead of plain AUXLIBS which is needed - for proper dynamic maps. - - reordered the CCARGS and AUXLIBS* lines to group by feature - - use pkgconfig or *_config tools where possible -- picked up signed char from fedora spec file -- enable lmdb support: new BR lmdb-devel, new subpackage - postfix-lmdb. -- don't delete vmail user/groups - -------------------------------------------------------------------- -Wed Mar 9 13:06:35 UTC 2016 - varkoly@suse.com - -- update to 3.1.0 -- Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, - lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. - Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch - could be removed. -- Adapting all the patches to postfix 3.1.0 -- remove obsolete patches - * add_missed_library.patch - * postfix-opensslconfig.patch -- update vda patch - * remove postfix-vda-v13-2.10.0.patch - * add postfix-vda-v13-3.10.0.patch -- The patch postfix-db6.diff is not more neccessary - -- Backwards-compatibility safety net. - With NEW Postfix installs, you MUST install a main.cf file with - the setting "compatibility_level = 2". See conf/main.cf for an - example. - - With UPGRADES of existing Postfix systems, you MUST NOT change the - main.cf compatibility_level setting, nor add this setting if it - does not exist. - - Several Postfix default settings have changed with Postfix 3.0. To - avoid massive frustration with existing Postfix installations, - Postfix 3.0 comes with a safety net that forces Postfix to keep - running with backwards-compatible main.cf and master.cf default - settings. This safety net depends on the main.cf compatibility_level - setting (default: 0). Details are in COMPATIBILITY_README. - -- Major changes - tls -* [Feature 20160207] A new "postfix tls" command to quickly enable - opportunistic TLS in the Postfix SMTP client or server, and to - manage SMTP server keys and certificates, including certificate - signing requests and TLSA DNS records for DANE. -* As of the middle of 2015, all supported Postfix releases no longer - nable "export" grade ciphers for opportunistic TLS, and no longer - use the deprecated SSLv2 and SSLv3 protocols for mandatory or - opportunistic TLS. -* [Incompat 20150719] The default Diffie-Hellman non-export prime was - updated from 1024 to 2048 bits, because SMTP clients are starting - to reject TLS handshakes with primes smaller than 2048 bits. -* [Feature 20160103] The Postfix SMTP client by default enables DANE - policies when an MX host has a (DNSSEC) secure TLSA DNS record, - even if the MX DNS record was obtained with insecure lookups. The - existence of a secure TLSA record implies that the host wants to - talk TLS and not plaintext. For details see the - smtp_tls_dane_insecure_mx_policy configuration parameter. - -- Major changes - default settings - [Incompat 20141009] The default settings have changed for relay_domains - (new: empty, old: $mydestination) and mynetworks_style (new: host, - old: subnet). However the backwards-compatibility safety net will - prevent these changes from taking effect, giving the system - administrator the option to make an old default setting permanent - in main.cf or to adopt the new default setting, before turning off - backwards compatibility. See COMPATIBILITY_README for details. - - [Incompat 20141001] A new backwards-compatibility safety net forces - Postfix to run with backwards-compatible main.cf and master.cf - default settings after an upgrade to a newer but incompatible Postfix - version. See COMPATIBILITY_README for details. - - While the backwards-compatible default settings are in effect, - Postfix logs what services or what email would be affected by the - incompatible change. Based on this the administrator can make some - backwards-compatibility settings permanent in main.cf or master.cf, - before turning off backwards compatibility. - -- Major changes - address verification safety - [Feature 20151227] The new address_verify_pending_request_limit - parameter introduces a safety limit for the number of address - verification probes in the active queue. The default limit is 1/4 - of the active queue maximum size. The queue manager enforces the - limit by tempfailing probe messages that exceed the limit. This - design avoids dependencies on global counters that get out of sync - after a process or system crash. - - Tempfailing verify requests is not as bad as one might think. The - Postfix verify cache proactively updates active addresses weeks - before they expire. The address_verify_pending_request_limit affects - only unknown addresses, and inactive addresses that have expired - from the address verify cache (by default, after 31 days). - -- Major changes - json support - [Feature 20151129] Machine-readable, JSON-formatted queue listing - with "postqueue -j" (no "mailq" equivalent). The output is a stream - of JSON objects, one per queue file. To simplify parsing, each - JSON object is formatted as one text line followed by one newline - character. See the postqueue(1) manpage for a detailed description - of the output format. - -- Major changes - milter support - [Feature 20150523] The milter_macro_defaults feature provides an - optional list of macro name=value pairs. These specify default - values for Milter macros when no value is available from the SMTP - session context. - - For example, with "milter_macro_defaults = auth_type=TLS", the - Postfix SMTP server will send an auth_type of "TLS" to a Milter, - unless the remote client authenticates with SASL. - - This feature was originally implemented for a submission service - that may authenticate clients with a TLS certificate, without having - to make changes to the code that implements TLS support. - -- Major changes - output rate control - - [Feature 20150710] Destination-independent delivery rate delay - - Support to enforce a destination-independent delay between email - deliveries. The following example inserts 20 seconds of delay - between all deliveries with the SMTP transport, limiting the delivery - rate to at most three messages per minute. - - /etc/postfix/main.cf: - smtp_transport_rate_delay = 20s - - For details, see the description of default_transport_rate_delay - and transport_transport_rate_delay in the postconf(5) manpage. - -- Major changes - postscreen dnsbl - [Feature 20150710] postscreen support for the TTL of DNSBL and DNSWL - lookup results - - Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes - that a "not found" result from a DNSBL server will be valid for one - hour. This may have been adequate five years ago when postscreen - was first implemented, but nowadays, that one hour can result in - missed opportunities to block new spambots. - - To address this, postscreen now respects the TTL of DNSBL "not - found" replies, as well as the TTL of DNSWL replies (both "found" - and "not found"). The TTL for a "not found" reply is determined - according to RFC 2308 (the TTL of an SOA record in the reply). - - Support for DNSBL or DNSWL reply TTL values is controlled by two - configuration parameters: - - postscreen_dnsbl_min_ttl (default: 60 seconds). - - This parameter specifies a minimum for the amount of time that - a DNSBL or DNSWL result will be cached in the postscreen_cache_map. - This prevents an excessive number of postscreen cache updates - when a DNSBL or DNSWL server specifies a very small reply TTL. - - postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour) - - This parameter specifies a maximum for the amount of time that - a DNSBL or DNSWL result will be cached in the postscreen_cache_map. - This prevents cache pollution when a DNSBL or DNSWL server - specifies a very large reply TTL. - - The postscreen_dnsbl_ttl parameter is now obsolete, and has become - the default value for the new postscreen_dnsbl_max_ttl parameter. - -- Major changes - sasl auth safety - [Feature 20151031] New "smtpd_client_auth_rate_limit" feature, to - enforce an optional rate limit on AUTH commands per SMTP client IP - address. Similar to other smtpd_client_*_rate_limit features, this - enforces a limit on the number of requests per $anvil_rate_time_unit. - -- Major changes - smtpd policy - [Feature 20150913] New SMTPD policy service attribute "policy_context", - with a corresponding "smtpd_policy_service_policy_context" configuration - parameter. Originally, this was implemented to share the same SMTPD - policy service endpoint among multiple check_policy_service clients. - -------------------------------------------------------------------- -Wed Dec 9 14:05:22 UTC 2015 - varkoly@suse.com - -- bnc#958329 postfix fails to start when openslp is not installed - -------------------------------------------------------------------- -Mon Oct 12 20:49:27 UTC 2015 - michael@stroeder.com - -- upstream update postfix 2.11.7: - * The Postfix Milter client aborted with a panic while adding a - message header, after adding a short message header with the - header_checks PREPEND action. Fixed by invoking the header - output function while PREPENDing a message header. - * False alarms while scanning the Postfix queue. Fixed by resetting - errno before calling readdir(). This defect was introduced - 19970309. - * The postmulti command produced an incorrect error message. - * The postmulti command now refuses to create a new MTA instance - when the template main.cf or master.cf file are missing. This - is a common problem on Debian-like systems. - * Turning on Postfix SMTP server HAProxy support broke TLS - wrappermode. Fixed by temporarily using a 1-byte VSTREAM buffer - to read the HAProxy connection hand-off information. - * The xtext_unquote() function did not propagate error reports - from xtext_unquote_append(), causing the decoder to return - partial output, instead of rejecting malformed input. The Postfix - SMTP server uses this function to parse input for the ENVID and - ORCPT parameters, and for XFORWARD and XCLIENT command parameters. - -------------------------------------------------------------------- -Wed Aug 12 10:51:51 UTC 2015 - jkeil@suse.de - -- boo#934060: Remove quirky hostname logic from config.postfix - * /etc/hostname doesn't contain anything useful - * linux.local is no good either - * postfix will use `hostname`.localdomain as fallback - -------------------------------------------------------------------- -Tue Aug 4 09:09:04 UTC 2015 - meissner@suse.com - -- postfix-no-md5.patch: replace fingerprint defaults by sha1. bsc#928885 - -------------------------------------------------------------------- -Tue Aug 4 09:07:25 UTC 2015 - meissner@suse.com - -- %verifyscript is a new section, move it out of the %ifdef - so the fillups are run afterwards. - -------------------------------------------------------------------- -Wed Jul 22 16:44:44 UTC 2015 - michael@stroeder.com - -- upstream update postfix 2.11.6: - Default settings have been updated so that they no longer enable - export-grade ciphers, and no longer enable the SSLv2 and SSLv3 - protocols. -- removed postfix-2.11.5_linux4.patch because it's obsolete -- Bugfix (introduced: Postfix 2.11): with connection caching - enabled (the default), recipients could be given to the wrong - mail server. (bsc#944722) - -------------------------------------------------------------------- -Mon Jun 1 22:25:51 UTC 2015 - crrodriguez@opensuse.org - -- postfix-SuSE.tar.gz/postfix.service: None of - nss-lookup.target network.target local-fs.target time-sync.target - should be Wanted or Required except by the services - the implement the relevant functionality i.e network.target - is wanted/required by networkmanager, wicked, - systemd-network. other software must be ordered After them, - see systemd.special(7) - -------------------------------------------------------------------- -Sun May 17 18:41:52 UTC 2015 - mpluskal@suse.com - -- Fix library symlink generation (boo#928662) - -------------------------------------------------------------------- -Tue Apr 21 09:55:44 UTC 2015 - mrueckert@suse.de - -- added postfix-2.11.5_linux4.patch: - Allow building on kernel 4. Patch taken from: - https://groups.google.com/forum/#!topic/mailing.postfix.users/fufS22sMGWY - -------------------------------------------------------------------- -Sun Apr 19 23:03:25 UTC 2015 - mrueckert@suse.de - -- update to postfix 2.11.5 - - Bugfix (introduced: Postfix 2.6): - sender_dependent_relayhost_maps ignored the relayhost setting - in the case of a DUNNO lookup result. It would use the - recipient domain instead. Viktor Dukhovni. Wietse took the - pieces of code that enforce the precedence of a - sender-dependent relayhost, the global relayhost, and the - recipient domain, and put that code together in once place so - that it is easier to maintain. File: - trivial-rewrite/resolve.c. - - Bitrot: prepare for future changes in OpenSSL API. Viktor - Dukhovni. File: tls_dane.c. - - Incompatibility: specifying "make makefiles" with "CC=command" - will no longer override the default WARN setting. - -------------------------------------------------------------------- -Mon Feb 9 18:01:38 UTC 2015 - michael@stroeder.com - -- upstream update postfix 2.11.4: - -Postfix 2.11.4 only: - -* Fix a core dump when smtp_policy_maps specifies an invalid TLS - level. - -* Fix a missing " in \%s\", in postconf(1) fatal error messages, - which violated the C language spec. Reported by Iain Hibbert. - -All supported releases: - -* Stop excessive recursion in the cleanup server while recovering - from a virtual alias expansion loop. Problem found at Two Sigma. - -* Stop exponential memory allocation with virtual alias expansion - loops. This came to light after fixing the previous problem. - -------------------------------------------------------------------- -Sun Feb 8 13:08:36 UTC 2015 - varkoly@suse.com - -- correct pf_daemon_directory in spec. This must be /usr/lib/ - -------------------------------------------------------------------- -Thu Jan 22 09:36:09 UTC 2015 - varkoly@suse.com - -- bnc#914086 syntax error in config.postfix -- Adapt config.postfix to be able to run on SLE11 too. - -------------------------------------------------------------------- -Mon Jan 19 22:15:30 UTC 2015 - mpluskal@suse.com - -- Don't install sysvinit script when systemd is used -- Make explicit PreReq dependencies conditional only for older - systems -- Don't try to set explicit attributes to symlinks -- Cleanup spec file vith spec-cleaner - -------------------------------------------------------------------- -Tue Jan 13 07:04:52 UTC 2015 - varkoly@suse.com - -- bnc#912594 config.postfix creates config based on old options - -------------------------------------------------------------------- -Tue Jan 6 14:26:51 UTC 2015 - varkoly@suse.com - -- bnc#911806 config.postfix does not set up correct saslauthd socket directory for chroot -- bnc#910265 config.postfix does not upgrade the chroot -- bnc#908003 wrong access rights on /usr/sbin/postdrop causes - permission denied when trying to send a mail as non root user -- bnc#729154 wrong permissions for some postfix components - -------------------------------------------------------------------- -Fri Nov 21 14:49:19 UTC 2014 - tchvatal@suse.com - -- Remove keyring and things as it is md5 based one no longer - accepted by gpg 2.1 - -------------------------------------------------------------------- -Fri Nov 14 09:19:00 UTC 2014 - dimstar@opensuse.org - -- No longer perform gpg validation; osc source_validator does it - implicit: - + Drop gpg-offline BuildRequires. - + No longer execute gpg_verify. - -------------------------------------------------------------------- -Mon Oct 27 18:22:02 UTC 2014 - dmueller@suse.com - -- restore previously lost fix: - Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de - - Ignore errors in %pre/%post. - -------------------------------------------------------------------- -Mon Oct 20 07:52:39 UTC 2014 - michael@stroeder.com - -- postfix 2.11.3: - - * Fix for configurations that prepend message headers with Postfix - access maps, policy servers or Milter applications. Postfix now - hides its own Received: header from Milters and exposes prepended - headers to Milters, regardless of the mechanism used to prepend - a header. This fix reverts a partial solution that was released - on October 13, 2014, and replaces it with a complete solution. - * Portability fix for MacOS X 10.7.x (Darwin 11.x) build procedure. - -- postfix 2.11.2: - - * Fix for DMARC implementations based on SPF policy plus DKIM - Milter. The PREPEND access/policy action added headers ABOVE - Postfix's own Received: header, exposing Postfix's own Received: - header to Milters (protocol violation) and hiding the PREPENDed - header from Milters. PREPENDed headers are now added BELOW - Postfix's own Received: header and remain visible to Milters. - * The Postfix SMTP server logged an incorrect client name in - reject messages for check_reverse_client_hostname_access and - check_reverse_client_hostname_{mx,ns}_access. They replied with - the verified client name, instead of the name that was rejected. - * The qmqpd daemon crashed with null pointer bug when logging a - lost connection while not in a mail transaction. - -------------------------------------------------------------------- -Sun Sep 14 16:50:57 UTC 2014 - andreas.stieger@gmx.de - -- switch from md5 based signature to one using the SHA-512 digest - algorithm supplied by maintainer on ML to pass source_validator - -------------------------------------------------------------------- -Sat Sep 13 21:44:41 UTC 2014 - andreas.stieger@gmx.de - -- postfix 2.11.1: - * With connection caching enabled (the default), recipients could - be given to the wrong mail server. - * Enforce TLS when TLSA records exist, but all are unusable. - * Don't leak memory when TLSA records exist, but all are unusable. - * Prepend "-I. -I../../include" to the compiler command-line - options, to avoid name clashes with non-Postfix header files. - * documentation fixes - * logging fixes - -------------------------------------------------------------------- -Fri Aug 29 15:40:00 UTC 2014 - rusjako@rus.uni-stuttgart.de - -- fix dynamic_maps patch to enable memcache support, which does not - need any libraries - -------------------------------------------------------------------- -Thu Jul 31 12:44:59 UTC 2014 - dimstar@opensuse.org - -- Rename rpmlintrc to %{name}-rpmlintrc. - Follow the packaging guidelines. - -------------------------------------------------------------------- -Fri Jun 27 23:16:21 UTC 2014 - chris@computersalat.de - -- fix typo in postfix-SuSE/update_chroot.systemd -- fix config.postfix - * 'insserv amavis' -> 'chkconfig amavis on' -- rework main.cf patch - * fix virtual stuff - * add some dovecot stuff -- rework master.cf patch - * add some dovecot stuff - -------------------------------------------------------------------- -Mon Jun 23 21:41:23 UTC 2014 - jamesp@vicidial.com - -- The included postfix-mysql.tar.bz2 was using a MySQL 4.1 style of - table engine specification. Modified so that the sql uses - 'ENGINE=' instead of 'TYPE=' for creating tables. - -------------------------------------------------------------------- -Mon Jun 23 15:17:52 UTC 2014 - varkoly@suse.com - -- bnc#816769 - config.postfix issues warnings about missing master.cf - -------------------------------------------------------------------- -Tue Jun 10 13:34:03 UTC 2014 - varkoly@suse.com - -- bnc#882033 - Package postfix has changed files according to rpm -- bnc#855688 - possible systemd bug: postfix & cifs dependency confict - -------------------------------------------------------------------- -Mon Jun 9 12:17:35 UTC 2014 - varkoly@suse.com - -- bnc#863350 - SuSEconfig.postfix complains about modified /etc/postfix/main.cf after updating postfix - -------------------------------------------------------------------- -Mon May 26 17:21:54 UTC 2014 - chris@computersalat.de - -- replace vda patch: - * add postfix-vda-v13-2.10.0.patch - * remove postfix-vda-v11-2.9.6.patch -- rebase patches -- config.postfix - * add master.cf support for submission (587) - * rework master.cf support for smtps - -------------------------------------------------------------------- -Wed Feb 12 15:10:27 UTC 2014 - varkoly@suse.com - -- bnc#862662 - Unable to configure postfix SMTP with forced TLS using YaST2 - -- Update to 2.11.0 - * TLS - o Support for PKI-less TLS server certificate verification, where - the CA public key or the server certificate is identified via DNSSEC lookup - * LMDB database support - * master - o The master_service_disable parameter value syntax has changed: - use "service/type" instead of "service.type". - * postconf: - o Support for advanced master.cf query and update operations. - This was implemented primarily to support automated system management tools. - o The postconf command produces more warnings - * relay safety - New smtpd_relay_restrictions parameter built-in default settings: - smtpd_relay_restrictions = - permit_mynetworks - permit_sasl_authenticated - defer_unauth_destination - * postscreen whitelisting - Allow a remote SMTP client to skip postscreen(8) tests based on - its postscreen_dnsbl_sites score. - -------------------------------------------------------------------- -Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de - -- Ignore errors in %pre/%post. - -------------------------------------------------------------------- -Thu Oct 3 02:47:54 UTC 2013 - crrodriguez@opensuse.org - -- two improvements for 13.1 and factory -* postfix-opensslconfig.patch call openSSL_config - so postfix respects the system's openssl configuration -* postfix-SuSE/postfix.service since a few months there - is no mail-transfer-agent.target, units must be ordered - after a list of smtpd implementations instead. - -------------------------------------------------------------------- -Fri Sep 20 04:48:08 UTC 2013 - varkoly@suse.com - -- Proc is not needed in chroot anymore - -------------------------------------------------------------------- -Tue Jul 30 14:34:01 UTC 2013 - schwab@suse.de - -- postfix-main.cf.patch: remove duplicate entry for inet_protocols - -------------------------------------------------------------------- -Mon Jun 17 10:50:08 UTC 2013 - chris@computersalat.de - -- fix for warning - * unused parameter: virtual_create_maildirsize=yes - * unused parameter: virtual_mailbox_extended=yes - * rework main.cf.patch -- fix rcpostfix for sysvinit systems - * /etc/postfix/system/update_postmaps: No such file or directory -- rebase patches - * vda-v11-2.9.5 -> vda-v11-2.9.6 -- fix file postfix-SuSE.tar.gz - * made a tar.gz - -------------------------------------------------------------------- -Sun Jun 16 02:12:07 UTC 2013 - jengelh@inai.de - -- postfix.spec forces the use of SSL and SASL libraries, - so make sure the BuildRequires are there - -------------------------------------------------------------------- -Fri Jun 14 01:33:52 UTC 2013 - jengelh@inai.de - -- Add postfix-db6.diff to fix compile abort with libdb-6.0 - -------------------------------------------------------------------- -Mon Apr 22 11:51:37 UTC 2013 - idonmez@suse.com - -- Add Source URL, see https://en.opensuse.org/SourceUrls -- Add GPG verification - -------------------------------------------------------------------- -Sat Apr 20 05:46:00 UTC 2013 - crrodriguez@opensuse.org - -- postfix-SuSE/postfix.service do not Require or - order after syslog.target as it no longer exists - postfix will fail to start in the next systemd version. - -------------------------------------------------------------------- -Sat Feb 23 09:33:08 UTC 2013 - rmilasan@suse.com - -- Install postfix.service accordingly (/usr/lib/systemd for 12.3 - and up or /lib/systemd for older versions). - -------------------------------------------------------------------- -Wed Feb 6 19:56:57 UTC 2013 - varkoly@suse.com - -- update to 2,9.6 - Bugfix: the local(8) delivery agent dereferenced a null pointer - while delivering to null command (for example, "|" in a .forward file). - Bugfix: memory leak in program initialization. tls/tls_misc.c. - Bugfix: he undocumented OpenSSL X509_pubkey_digest() function is - unsuitable for computing certificate PUBLIC KEY fingerprints. - Postfix now provides a correct procedure that accounts for - the algorithm and parameters in addition to the key data. Specify - "tls_legacy_public_key_fingerprints = yes" if you need backwards compatibility. - -------------------------------------------------------------------- -Thu Jan 17 22:01:16 UTC 2013 - varkoly@suse.com - -- bnc#796162 - script to assign path elements not working in postfix install Build-0284(iso) - -------------------------------------------------------------------- -Thu Jan 10 18:23:56 UTC 2013 - chris@computersalat.de - -- rebase patches - * vda-v10-2.8.12 -> vda-v11-2.9.5 (and to be a p0) - * main, master, post-instal, ssl-release-buffers (remove version) - * dynamic_maps, dynamic_maps_pie, pointer_to_literals - -------------------------------------------------------------------- -Thu Jan 10 14:45:59 UTC 2013 - varkoly@suse.com - -- update to 2,9.5 - * tls support: - Support to turn off the TLSv1.1 and TLSv1.2 protocols: - To temporarily turn off problematic protocols globally: - /etc/postfix/main.cf: - smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 - smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 - However, it may be better to temporarily turn off problematic - protocols for broken sites only: - /etc/postfix/main.cf: - smtp_tls_policy_maps = hash:/etc/postfix/tls_policy - /etc/postfix/tls_policy: - example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2 - * 20111012 To simplify integration with third-party - applications, the Postfix sendmail command now always transforms - all input lines ending in into UNIX format (lines ending - in ). Specify "sendmail_fix_line_endings = strict" to restore - historical Postfix behavior (i.e. convert all input lines ending - in only if the first line ends in ). - * 20120114 Logfile-based alerting systems may need to be - updated to look for "error" messages in addition to "fatal" messages. - Specify "daemon_table_open_error_is_fatal = yes" to get the historical - behavior (immediate termination with "fatal" message). - * enable_long_queue_ids Postfix 2.9 introduces support for non-repeating queue IDs (also - used as queue file names). These names are encoded in a mix of upper - case, lower case and decimal digit characters. Long queue IDs are - disabled by default to avoid breaking tools that parse logfiles and - that expect queue IDs with the smaller [A-F0-9] character set. - * 20111209 memcache lookup and update support. This provides - a way to share postscreen(8) or verify(8) caches between Postfix - instances. See MEMCACHE_README and memcache_table(5) for details - and limitations. - * 20111218 To support external SASL authentication, e.g., - in an NGINX proxy daemon, the Postfix SMTP server now always checks - the smtpd_sender_login_maps table, even without having - "smtpd_sasl_auth_enable = yes" in main.cf. - * ipv6 - o The default inet_protocols value is now "all" instead of "ipv4", - meaning use both IPv4 and IPv6. - o The default smtp_address_preference value is now "any" instead - of "ipv6", meaning choose randomly between IPv6 and IPv4. With - this the Postfix SMTP client will have more success delivering - mail to sites that have problematic IPv6 configurations. - -------------------------------------------------------------------- -Sat Dec 15 16:33:24 UTC 2012 - chris@computersalat.de - -- update to 2.8.13 - * 20121029 - Workaround: strip datalink suffix from IPv6 addresses - returned by the system getaddrinfo() routine. Such suffixes - mess up the default mynetworks value, host name/address - verification and possibly more. This change obsoletes the - 20101108 change that removes datalink suffixes in the SMTP - and QMQP servers, but we leave that code alone. File: - util/myaddrinfo.c. - * 20121013 - Cleanup: to compute the LDAP connection cache lookup key, - join the numeric fields with null, just like string fields. - Viktor Dukhovni. File: global/dict_ldap.c. - * 20121010 - Bugfix (introduced: Postfix 2.5): memory leak in program - initialization. Reported by Coverity. File: tls/tls_misc.c. - Bugfix (introduced: Postfix 2.3): memory leak in the unused - oqmgr program. Reported by Coverity. File: oqmgr/qmgr_message.c. - * 20121003 - Bugfix: the postscreen_access_list feature was case-sensitive - in the first character of permit, reject, etc. Reported by - Feancis Picabia. File: global/server_acl.c. -- rebase dynamic_maps_pie patch -- rpmlint - * invalid-suse-version-check 1140 - * obsolete-suse-version-check 920 (changes file) - -------------------------------------------------------------------- -Fri Dec 14 06:03:42 UTC 2012 - varkoly@suse.com - -- bnc#790141 - Command SuSEconfig.postfix reports ERROR - - "can not find /lib/YaST/SuSEconfig.functions!!" - -------------------------------------------------------------------- -Thu Nov 8 11:33:33 UTC 2012 - varkoly@suse.com - -- bnc#782048 - postfix uses /sbin/conf.d -- bnc#784659 - remove SuSEconfig calls from yast2-mail - -------------------------------------------------------------------- -Fri Aug 10 18:56:59 UTC 2012 - chris@computersalat.de - -- update to 2.8.12 - * 20120730 - Bugfix (introduced: 20000314): AUTH is not allowed after - MAIL. Timo Sirainen. File: smtpd/smtpd_sasl_proto.c. - * 20120702 - Bugfix (introduced: 19990127): the BIFF client leaked an - unprivileged UDP socket. Fix by Jaroslav Skarvada. File: - local/biff_notify.c. - * 20120621 - Bugfix (introduced: Postfix 2.8): the unused "pass" trigger - client could close the wrong file descriptors. File: - util/unix_pass_trigger.c. -- fix for bnc#771303 - * add 'version = 3' to ldap_aliases.cf -- rebase patches - * main, master, post-install: 2.8.3 -> 2.8.12 - * ssl-release-buffers: 2.8.5 -> 2.8.12 - * vda-v10: 2.8.9 -> 2.8.12 - * dynamic_maps, dynamic_maps_pie, ipv6_disabled, pointer_to_literals -- fix changes file - -------------------------------------------------------------------- -Thu Jul 19 06:52:18 UTC 2012 - varkoly@suse.com - -- bnc#771811 - postfix update does not regenerate the maps - -------------------------------------------------------------------- -Mon Jun 11 09:51:22 UTC 2012 - varkoly@suse.com - -- update to 2.8.11 - * 20120520 - - Bugfix (introduced Postfix 2.4): the event_drain() function - was comparing bitmasks incorrectly causing the program to - always wait for the full time limit. This error affected - the unused postkick command, but only after s/fifo/unix/ - in master.cf. File: util/events.c. - - Cleanup: laptop users have always been able to avoid - unnecessary disk spin-up by doing s/fifo/unix/ in master.cf - (this is currently not supported on Solaris systems). - However, to make this work reliably, the "postqueue -f" - command must wait until its requests have reached the pickup - and qmgr servers before closing the UNIX-domain request - sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in. - -------------------------------------------------------------------- -Wed May 9 10:07:10 UTC 2012 - varkoly@suse.com - -- bnc#753910 - {name} instead of %{name} in postfix .spec -- bnc#756452 - VUL-1: postfix: VRFY allows enumerating users - -------------------------------------------------------------------- -Thu May 3 16:47:11 UTC 2012 - chris@computersalat.de - -- update to 2.8.10 - * 20120401 - Bitrot: shut up useless warnings about Cyrus SASL call-back - function pointer type mis-matches. Files: xsasl/xsasl_cyrus.h, - xsasl/xsasl_cyrus_server.c, xsasl/xsasl_client.c. - * 20120422 - Bit-rot: OpenSSL 1.0.1 introduces new protocols. Update the - known TLS protocol list so that protocols can be turned off - selectively to work around implementation bugs. Based on - a patch by Victor Duchovni. Files: proto/TLS_README.html, - proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c, - tls/tls_server.c. -- update to 2.8.9 - * 20120217 - Cleanup: missing #include statement for bugfix code added - 20111226. File: local/unknown.c. - * 20120214 - Bugfix (introduced: Postfix 2.4): extraneous null assignment - caused core dump when postlog emitted the "usage" message. - Reported by Kant (fnord.hammer). File: postlog/postlog.c. - * 20120202 - Bugfix (introduced: Postfix 2.3): the "change header" milter - request could replace the wrong header. A long header name - could match a shorter one, because a length check was done - on the wrong string. Reported by Vladimir Vassiliev. File: - cleanup/cleanup_milter.c. -- use latest VDA patch (2.8.9) - -------------------------------------------------------------------- -Thu Apr 12 08:15:06 UTC 2012 - varkoly@suse.com - -- bnc#756450 - postfix: remove version from banner - -------------------------------------------------------------------- -Mon Apr 9 16:13:28 UTC 2012 - bruno@ioda-net.ch - -- add port 587 smtp-auth submission to postfix-fw bnc#756289 - -------------------------------------------------------------------- -Mon Apr 2 22:09:00 CEST 2012 - dmueller@suse.de - -- set exit code explicitely in cond_slp, systemd checks for it - -------------------------------------------------------------------- -Tue Mar 13 13:35:13 UTC 2012 - varkoly@suse.com - -- Documentation for bnc#751994 - SuSEconfig module postfix does not exist - -------------------------------------------------------------------- -Wed Mar 7 06:31:05 UTC 2012 - varkoly@suse.com - -- rcpostfix now updates the aliases too - -------------------------------------------------------------------- -Mon Feb 27 16:35:56 UTC 2012 - chris@computersalat.de - -- update to 2.8.8 - Bugfixes: - tlsproxy(8) stored TLS sessions with a serverID of - "tlsproxy" instead of "smtpd", wasting an opportunity for - session reuse. File: tlsproxy/tlsproxy.c. - missing lookup table entry and terminator, causing - proxymap server segfault when postscreen(8) or verify(8) - attempted to access their cache via the proxymap server. - This could never have worked anyway, because the Postfix - 2.8 proxymap protocol does not support cache cleanup. File - util/dict.c. - the Postfix client sqlite - quoting routine returned the unquoted result instead of the - quoted text. The opportunities for misuse are limited, - because Postfix sqlite files are usually owned by root, and - Postfix daemons usually run with non-root privileges so - they can't corrupt the database. Problem reported by Rob - McGee (rob0). File: global/dict_sqlite.c. - the trace service did not - distinguish between notifications for a non-bounce or a - bounce message. This code pre-dates DSN support and should - have been updated when it was re-purposed to handle DSN - SUCCESS notifications. Problem reported by Sabahattin - Gucukoglu. File: bounce/bounce_trace_service.c. -- use latest VDA patch (2.8.5) - -------------------------------------------------------------------- -Wed Jan 25 15:12:38 UTC 2012 - varkoly@suse.com - -- bnc#743369 - yast2 mail module does not open the firewall -- Set MD5DIR in SuSEconfig.postfix to avoid warnings - -------------------------------------------------------------------- -Tue Jan 17 11:14:30 UTC 2012 - varkoly@suse.com - -- bnc738693 - upgrade from 11.4 enables mysql service for systemd - -------------------------------------------------------------------- -Thu Jan 12 12:18:17 UTC 2012 - varkoly@suse.com - -- Add postmap rebuild script to systemv init script too - -------------------------------------------------------------------- -Wed Jan 11 14:21:21 UTC 2012 - varkoly@suse.com - -- bnc#738900 - cyrus-imapd not receiving mail from postfix - -------------------------------------------------------------------- -Tue Dec 13 14:50:45 UTC 2011 - varkoly@suse.com - -- Move the post map rebuild script into the start script - -------------------------------------------------------------------- -Tue Dec 6 11:04:12 UTC 2011 - varkoly@suse.com - -- Fix the last change in %post - -------------------------------------------------------------------- -Fri Dec 2 06:44:28 UTC 2011 - varkoly@suse.com - -- bnc#728308 - warning output after update the postfix package - -------------------------------------------------------------------- -Wed Nov 9 20:05:38 UTC 2011 - varkoly@suse.com - -- update to 2.8.7 - Bugfixes: - smtpd(8) did not sanitize newline characters in cleanup(8) - REJECT messages, causing them to be sent out via SMTP as bare newline characters. - smtpd(8) sent multi-line responses from a before-queue content filter as text with - bare instead of . - Workaround: postscreen sent non-compliant SMTP responses (220- followed by 421) - when it could not give a connection to a real smtpd process, causing some - remote SMTP clients to bounce mail. - -------------------------------------------------------------------- -Thu Nov 3 15:56:23 UTC 2011 - varkoly@suse.com - -- Use the systemd macros in the spec file - -------------------------------------------------------------------- -Fri Oct 14 16:43:02 CEST 2011 - mhrusecky@suse.cz - -- only fix files that exists in %post - -------------------------------------------------------------------- -Sun Oct 9 04:30:54 UTC 2011 - crrodriguez@opensuse.org - - - Use SSL_MODE_RELEASE_BUFFERS if available, see - SSL_CTX_set_mode man page and - http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html - for the full details. - -------------------------------------------------------------------- -Tue Sep 6 14:49:47 UTC 2011 - chris@computersalat.de - -- update to 2.8.5 - * Bugfix: allow for Milters that send an SMTP server reply - without RFC 3463 enhanced status code. Reported by Vladimir - Vassiliev. File: milter/milter8.c. - -------------------------------------------------------------------- -Mon Aug 22 09:31:02 UTC 2011 - varkoly@novell.com - -- bnc#684304 - server:mail/postfix: Bugs in SuSEconfig chroot setup script -- Aplly SASL_SOCKET_DIR patch - -------------------------------------------------------------------- -Thu Aug 18 09:32:04 UTC 2011 - varkoly@novell.com - -- Move SuSEconfig.postfix into /usr/sbin/ - (FATE#311272: Do not rewrite postfix.cf via SuSEconfig) - SuSEconfig.postfix will be executed only once after installation - automaticaly. Afterwards only you can start it manually or via - yast2 mail module. - -------------------------------------------------------------------- -Fri Aug 12 16:40:40 UTC 2011 - werner@suse.de - -- Just the first strep forward to systemd, please test out - /etc/postfix/system/update_chroot - /etc/postfix/system/wait_qmgr - /etc/postfix/system/cond_slp - and - /lib/systemd/system/postfix.service - and also fill out the missing description. - -------------------------------------------------------------------- -Tue Aug 9 11:03:55 UTC 2011 - chris@computersalat.de - -- rework SuSE patch - * add missing SASL stuff in rc.postfix - -------------------------------------------------------------------- -Mon Jul 25 09:08:14 UTC 2011 - chris@computersalat.de - -- when chrooted and using SASL - o mount -o bind SASL_SOCKET_DIR into postfix CHROOT - -------------------------------------------------------------------- -Mon Jul 11 17:22:19 UTC 2011 - chris@computersalat.de - -- update to 2.8.4 - o Linux kernel version 3 support. - for more info see ChangeLog - -------------------------------------------------------------------- -Wed Jul 6 13:11:07 UTC 2011 - varkoly@novell.com - -- bnc#686436 - postfix bounces messages with improper use of 8-bit data in message body -- Apply patch - -------------------------------------------------------------------- -Fri Jul 1 12:35:59 UTC 2011 - chris@computersalat.de - -- rework master.cf patch - o fix receive_override_options line -- rework SuSE patch - o sysconfig: remove POSTFIX_WITH_POP_BEFORE_SMTP - o SuSEconfig: fix receive_override_options line - -------------------------------------------------------------------- -Thu Jun 30 20:15:40 UTC 2011 - chris@computersalat.de - -- replace vda patch - o 2.8.1 -> 2.8.3 -- fix files doc - o remove 'doc auxiliary' - instead cp to pf_docdir - -------------------------------------------------------------------- -Sat May 28 04:22:22 UTC 2011 - varkoly@novell.com - -- fix spec for building on all repos - -------------------------------------------------------------------- -Tue May 24 10:24:51 UTC 2011 - varkoly@novell.com - -- bnc#679187 - suseconfig/postfix: missing dependency - -------------------------------------------------------------------- -Tue May 17 22:31:46 UTC 2011 - chris@computersalat.de - -- fix master.cf - o fix missing - - amavis unix - - n - 4 smtp - - localhost:10025 inet n - n - - smtpd - o add master.cf patch -- rework patches - o main.cf (add two missing sasl vars) - o postfix-SuSE (SuSEconfig, cleanup those vars,...) - -------------------------------------------------------------------- -Sun May 15 14:16:03 UTC 2011 - chris@computersalat.de - -- rework TLS stuff - o reworked main.cf patch - o added postfix-SuSE patch - o added post-install patch - Editing /etc/postfix/master.cf, adding missing entry for tlsmgr service - add only if it really does not exist -- removed Author from description -- updated vda patch - o vda-2.7.1 > vda-v10-2.8.1 -- fix build for SLE_10 - o no fdupes ;) - -------------------------------------------------------------------- -Wed May 11 08:23:56 UTC 2011 - varkoly@novell.com - -- remove document paths from postfix-files to avoid error messages - when postfix-doc is not installed - -------------------------------------------------------------------- -Tue May 10 09:20:23 UTC 2011 - varkoly@novell.com - -- update to 2.8.3 - VUL-0: postfix memory corruption - -------------------------------------------------------------------- -Sun Apr 10 07:00:18 UTC 2011 - varkoly@novell.com - -- bnc#641271 - postfix-2.7.1: init script cannot properly stop - multi-instance configurations - -------------------------------------------------------------------- -Wed Mar 30 21:21:16 UTC 2011 - varkoly@novell.com - -- update to 2.8.2 - * DNSBL/DNSWL: - o Support for address patterns in DNS blacklist and whitelist lookup results. - o The Postfix SMTP server now supports DNS-based whitelisting with several safety features - * Support for read-only sqlite database access. - * Alias expansion: - o Postfix now reports a temporary delivery error when the result - of virtual alias expansion would exceed the virtual_alias_recursion_limit - or virtual_alias_expansion_limit. - o To avoid repeated delivery to mailing lists with pathological - nested alias configurations, the local(8) delivery agent now keeps - the owner-alias attribute of a parent alias, when delivering mail - to a child alias that does not have its own owner alias. - * The Postfix SMTP client no longer appends the local domain when - looking up a DNS name without ".". - * The SMTP server now supports contact information that is appended - to "reject" responses: smtpd_reject_footer - * Postfix by default no longer adds a "To: undisclosed-recipients:;" - header when no recipient specified in the message header. - * tls support: - o The Postfix SMTP server now always re-computes the SASL mechanism - list after successful completion of the STARTTLS command. - o The smtpd_starttls_timeout default value is now stress-dependent. - o Postfix no longer appends the system-supplied default CA certificates - to the lists specified with *_tls_CAfile or with *_tls_CApath. - * New feature: Prototype postscreen(8) server that runs a number - of time-consuming checks in parallel for all incoming SMTP connections, - before clients are allowed to talk to a real Postfix SMTP server. - It detects clients that start talking too soon, or clients that appear - on DNS blocklists, or clients that hang up without sending any command. - -------------------------------------------------------------------- -Thu Feb 10 11:43:28 UTC 2011 - varkoly@novell.com - -- bnc#667299 - Postfix LICENSE not marked as documentation - -------------------------------------------------------------------- -Mon Jan 17 09:56:32 UTC 2011 - chris@computersalat.de - -- add some min LDAP support for virtual LDAP-users - o sysconfig "WITH_LDAP" - o add ldap_aliases.cf - o SuSEconfig.postfix - virtual_alias_maps = ... ldap:/etc/postfix/ldap_aliases.cf - -------------------------------------------------------------------- -Tue Jan 4 12:14:06 UTC 2011 - chris@computersalat.de - -- update to 2.7.2 - * Bugfix (introduced Postfix 2.2): Postfix no longer appends - the system default CA certificates to the lists specified - with *_tls_CAfile or with *_tls_CApath. This prevents - third-party certificates from getting mail relay permission - with the permit_tls_all_clientcerts feature. Unfortunately - this may cause compatibility problems with configurations - that rely on certificate verification for other purposes. - To get the old behavior, specify "tls_append_default_CA = - yes". Files: tls/tls_certkey.c, tls/tls_misc.c, - global/mail_params.h. proto/postconf.proto, mantools/postlink. - * Compatibility with Postfix < 2.3: fix 20061207 was incomplete - (undoing the change to bounce instead of defer after - pipe-to-command delivery fails with a signal). Fix by Thomas - Arnett. File: global/pipe_command.c. - * Bugfix: the milter_header_checks parser provided only the - actions that change the message flow (reject, filter, - discard, redirect) but disabled the non-flow actions (warn, - replace, prepend, ignore, dunno, ok). File: - cleanup/cleanup_milter.c. - * Performance: fix for poor smtpd_proxy_filter TCP performance - over loopback (127.0.0.1) connections. Problem reported by - Mark Martinec. Files: smtpd/smtpd_proxy.c. - * Cleanup: don't apply reject_rhsbl_helo to non-domain forms - such as network addresses. This would cause false positives - with dbl.spamhaus.org. File: smtpd/smtpd_check.c. - * Bugfix: the "421" reply after Milter error was overruled - by Postfix 1.1 code that replied with "503" for RFC 2821 - compliance. We now make an exception for "final" replies, - as permitted by RFC. Solution by Victor Duchovni. File: - smtpd/smtpd.c. - -------------------------------------------------------------------- -Sat Dec 11 19:50:25 UTC 2010 - chris@computersalat.de - -- update vda patch - o remove 2.6.1-vda-ng.patch - o remove 2.6.1-vda-ng-64bit.patch - o add vda-2.7.1.patch -- rework main.cf.patch - o remove 2.2.9-main.cf.patch - o add 2.7.1-main.cf.patch - -------------------------------------------------------------------- -Tue Dec 7 22:02:56 UTC 2010 - coolo@novell.com - -- prereq init scripts network and syslog - -------------------------------------------------------------------- -Thu Aug 12 18:57:14 UTC 2010 - varkoly@novell.com - -- Remove obsolate postscripts -- bnc#625657 - SuSEconfig.postfix and smtp_use_tls -- bnc#622873 - postfix doesn't start if ipv6 is disabled - -------------------------------------------------------------------- -Tue Jul 6 15:04:30 UTC 2010 - chris@computersalat.de - -- reworked bnc#606251 stuff (not checked in to Factory) - o used my_print_defaults command for parsing of /etc/my.cnf - o using quotation marks: "$PF_CHROOT" - o added sysconfig option POSTFIX_MYSQL_CONN=(socket,tcp) - -------------------------------------------------------------------- -Wed Jun 16 23:39:09 UTC 2010 - chris@computersalat.de - -- bnc#606251 - postfix chrooted mysql.sock lost on mysql restart - o Now MYSQL_SOCK_DIR is mounted with '-o bind' to postfix CHROOT - -------------------------------------------------------------------- -Thu Jun 10 10:55:54 UTC 2010 - varkoly@novell.com - -- update to 2.7.1 - * Bugfix (introduced Postfix 2.6) in the XFORWARD implementation, - which sends remote SMTP client attributes through SMTP-based content filters. - The Postfix SMTP client did not skip "unknown" SMTP client attributes, - causing a syntax error when sending an "unknown" client PORT attribute. - * Robustness: skip LDAP queries with non-ASCII search strings, instead of failing with a database lookup error. - * Safety: Postfix processes now log a warning when a matchlist has - a #comment at the end of a line (for example mynetworks or relay_domains). - * Portability: OpenSSL 1.0.0 changes the priority of anonymous cyphers. - * Portability: Berkeley DB 5.x is now supported. - -------------------------------------------------------------------- -Thu May 20 17:08:26 UTC 2010 - chris@computersalat.de - -- fix obviously lost POSTFIX_MYHOSTNAME in SuSEconfig.postfix - -------------------------------------------------------------------- -Wed Apr 7 12:39:16 UTC 2010 - varkoly@novell.com - -- New file check_mail_queue. This script checks if there are some - mails in the queue and starts postfix if necessary. After delivering - the mails postfix will be stoped. - -------------------------------------------------------------------- -Thu Apr 1 10:28:09 UTC 2010 - varkoly@novell.com - -- bnc#559145 - Changed Domain name not reflected when sending mail - First /var/run/dhcp-hostname will be evaluated -- Now POSTFIX_SMTP_TLS_CLIENT is ternary : no yes must - -------------------------------------------------------------------- -Sun Feb 28 18:38:18 UTC 2010 - varkoly@novell.com -- update to 2.7.0 - * performance - - Periodic cache cleanup for the verify(8) cache database. - - Improved before-queue filter performance. - * sender reputation - - The FILTER action in access maps or header/body_checks now supports sender - reputation schemes that dynamically choose the SMTP source IP address. - * address verification - - The verify(8) service now uses a persistent cache by default. - * content filter - - The meaning of an empty filter next-hop destination has changed. - - The FILTER action in access maps or header/body_checks now supports sender - reputation schemes that dynamically choose the SMTP source IP address. - * milter - - Support for header checks on Milter-generated message headers. - Please read /usr/share/doc/packages/postfix/RELEASE_NOTES for details. -------------------------------------------------------------------- -Thu Feb 11 15:16:13 UTC 2010 - coolo@novell.com - -- revert the change to PreReq openldap-devel, this increases the - default installation several MBs - -------------------------------------------------------------------- -Tue Feb 2 15:45:26 UTC 2010 - varkoly@novell.com - -- bnc#567569 - Postfix: move ldap support to a separate package -- bnc#557239 - postfix delivers mail to user's home instead of /var/spool/mail - -------------------------------------------------------------------- -Tue Jan 5 23:28:12 UTC 2010 - chris@computersalat.de - -- rpmlint fixes - o init-script-undefined-dependency $network-remotefs -- fix for SuSEconfig.postfix - o if use_amavis eq "yes" - then content_filter "amavis:[127.0.0.1]:10024]" is defined, - so removed "-o content_filter=smtp:[127.0.0.1]:10024" for smtp -- s#ldconfig#/sbin/ldconfig# - -------------------------------------------------------------------- -Tue Dec 22 16:15:00 CEST 2009 - freespacer@gmx.de - -- Add support for dovecot as MDA to SuSEconfig. - -------------------------------------------------------------------- -Wed Dec 16 10:45:14 CET 2009 - jengelh@medozas.de - -- Package documentation as noarch - -------------------------------------------------------------------- -Tue Dec 10 13:15:15 CET 2009 - varkoly@suse.de - -- Remove postfixs update script. This does not work now. - -------------------------------------------------------------------- -Tue Dec 8 19:15:15 CET 2009 - varkoly@suse.de - -- Fix the %post section add missed %{fillup_only -an mail} - -------------------------------------------------------------------- -Mon Nov 16 17:14:39 CET 2009 - varkoly@suse.de - -- bnc#555814 – VUL-0: SMTPD_LISTEN_REMOTE="yes" by default -- bnc#555732 - Invalid $(hostname -i) usage SuSEconfig.postfix -- bnc#547928 – Postfix does not start during boot process -- Avoid append relay multiple times in POSTFIX_MAP_LIST - -------------------------------------------------------------------- -Mon Oct 26 14:36:55 CET 2009 - varkoly@suse.de - -- bnc#549612 – SuSEconfig.postfix - -------------------------------------------------------------------- -Mon Sep 28 09:22:54 CEST 2009 - varkoly@suse.de - -- bnc#540538 – postfix-2.6.1-10.1 installs new files in /etc/postfix and does not generate .db -- bnc#519438 - Postfix: Running chrooted lets qmgr loosing his syslog-socket -- remove obsolate version tests from SuSEconfig.postfix - -------------------------------------------------------------------- -Mon Sep 28 08:24:43 CEST 2009 - varkoly@suse.de - -- bnc#525825 - when using cyrus in a chroot environment Suseconfig does not - create socket /var/lib/imap/socket/lmtp - -------------------------------------------------------------------- -Mon Sep 14 11:34:41 UTC 2009 - chris@computersalat.de - -- spec - o fdupes if >= 1100 - -------------------------------------------------------------------- -Thu Sep 10 21:22:46 CEST 2009 - chris@computersalat.de - -- update to 2.6.1 - o merge home:varkoly:Factory and o:F -- spec mods - o use of getent -- rpmlint - o remove unneeded dists from examples/chroot-setup/ - o postin-without-ldconfig - o files-duplicate /usr/share/doc/packages/postfix-doc/html/ - o files-duplicate /usr/share/man/man? - -------------------------------------------------------------------- -Mon Apr 13 18:21:14 UTC 2009 - chris@computersalat.de - -- added VDA patch - o Mailbox / Maildir size limit, known also as "soft quota", - to avoid user take all you disk space - o Customizable "limit" message when the soft quota limit is reached. - NOTE: message is sent to senders, but NOT to the owner of the mailbox. - o Limit only 'INBOX', because some people use IMAP and don't want - the same limit in IMAP folder that are differents from INBOX. - o Support for 'Courier' style Maildir, usefull for people that - use courier as pop3/imap server and to get fast soft quota summary. - Note that it is also compatible with qmail maildir per default. - o Supports for Courier 'maildirsize' file in Maildir folder that - is used to read quotas quickly. Note that this option is not - actived per default and can be dangerous on some NFS client - implementation - (like for example Solaris that cache some filesystem operations). - o Customisable suffix for Maildir support, when share same external - dict between postfix and pop3/imap server sometime "Maildir/" suffix - is needed to avoid extra database handling (eg LDAP, MySQL...). -- some improvements of SuSEconfig.postfix - o POSTFIX_LISTEN: Comma separated list of IP's - o POSTFIX_INET_PROTO: ipv4, ipv6, all - o POSTFIX_MYHOSTNAME: define SMTPs FQHOSTNAME - o POSTFIX_WITH_MYSQL: when using MySQL as backend - o POSTFIX_BASIC_SPAM_PREVENTION: "custom" - you can now define your own rules - - POSTFIX_SMTPD_CLIENT_RESTRICTIONS - - POSTFIX_SMTPD_HELO_RESTRICTIONS - - POSTFIX_SMTPD_SENDER_RESTRICTIONS - - POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS -- added helo_access for helo checks -- added relay for relaying domain -- added MySQL stuff when using MySQL as backend (virtuser) - o you should consider postfixAdmin as mgmnt interface - o when runninng postfix chrooted: - you have to run SUSEconfig each time when you have restarted MySQL - because of linking mysql.sock - -------------------------------------------------------------------- -Sun Mar 29 15:18:52 CEST 2009 - varkoly@suse.de - -- bnc#439287 - not all POSTFIX_ADD_* values are properly handled - by SuSEconfig.postfix -- bnc#483208 - Postfix configuration trashed after update -- bnc#488268 - SuSEconfig.postfix chroot setup misses /etc/ssl/certs - -------------------------------------------------------------------- -Mon Jan 12 11:12:16 CET 2009 - varkoly@suse.de - -- bnc#465165 - postfix src package - -------------------------------------------------------------------- -Fri Jan 9 17:43:53 CET 2009 - varkoly@suse.de - -- bnc#464869 - SuSEconfig.postfix causes DNS lookup -- bnc#460442 - amavisd-new and Postfix need fqdn-hostname in "uname -n" - -------------------------------------------------------------------- -Mon Jan 5 13:54:11 CET 2009 - varkoly@suse.de - -- update to 2.5.6 - - The SMTP server did not ask for a client certificate - with "smtpd_tls_req_ccert = yes". Reported by Rob Foehl. - - - Avoid reduced TCP performance when reusing an SMTP connection - with a larger than 4096-byte TCP MSS value. In practice, this - could happen only with loopback (localhost) connections. - -------------------------------------------------------------------- -Sun Nov 16 12:16:03 CET 2008 - varkoly@suse.de - -- (bnc#442456) - chrooted postfix and saslauthd - -------------------------------------------------------------------- -Tue Nov 4 15:24:41 CET 2008 - ro@suse.de - -- fix build - -------------------------------------------------------------------- -Tue Nov 4 15:15:03 CET 2008 - varkoly@suse.de - -- upgrade must not be executed during installation - -------------------------------------------------------------------- -Tue Oct 14 11:16:21 CEST 2008 - varkoly@suse.de - -- (bnc#403976) - permissions on /var/lib/postfix changed -- (bnc#433916) - postfix should be splitted into postfix and postfix-doc - -------------------------------------------------------------------- -Thu Sep 11 14:34:22 CEST 2008 - varkoly@suse.de - -- (bnc#415216) - Postfix RPM Install Displays Multiple Warnings -- clean up spec file - -------------------------------------------------------------------- -Tue Sep 9 09:57:35 CEST 2008 - varkoly@suse.de - -- Update to Version 2.5 patchlevel 5 - * Bugfix (introduced Postfix 2.4): epoll file descriptor leak. - With Postfix >= 2.4 on Linux >= 2.6, Postfix has an epoll - file descriptor leak when it executes non-Postfix commands - in, for example, user-controlled $HOME/.forward files. - * Security: some systems have changed their link() semantics, - and will hardlink a symlink, contrary to POSIX and XPG4. - Sebastian Krahmer, SuSE. File: util/safe_open.c. - - The solution introduces the following incompatible change: - when the target of mail delivery is a symlink, the parent - directory of that symlink must now be writable by root only - (in addition to the already existing requirement that the - symlink itself is owned by root). This change will break - legitimate configurations that deliver mail to a symbolic - link in a directory with less restrictive permissions. - * Bugfix: dangling pointer in vstring_sprintf_prepend(). - File: util/vstring.c. - -------------------------------------------------------------------- -Mon Aug 25 18:45:03 CEST 2008 - mt@suse.de - -- init script: copy LSB *-Start tags to *-Stop -- spec file: removed obsolete rc.config update hooks - -------------------------------------------------------------------- -Wed Aug 6 13:33:01 CEST 2008 - varkoly@suse.de - -- (bnc#414959) postfix doesn't have any "Name: " tag in firewall definition -- (bnc#405900) SuSEconfig.postfix changes owner and permissions of - /tmp if smtpd_tls_CApath is not set - -- Update to Version 2.5 patchlevel 3 - * Cleanup of code - * defer delivery when a mailbox file is not owned by the recipient. - Requested by Sebastian Krahmer, SuSE. - Specify "strict_mailbox_ownership=no" to ignore ownership discrepancies. - * Bugfix: null-terminate CN comment string after sanitization. - * Bugfix (introduced Postfix 2.0): after "warn_if_reject - reject_unlisted_recipient/sender", the SMTP server mistakenly - remembered that recipient/sender validation was already done. - -------------------------------------------------------------------- -Wed Jul 9 15:07:46 CEST 2008 - varkoly@suse.de - -- (fate#305005) Enable SMTPS in postfix ootb - -------------------------------------------------------------------- -Tue Jun 17 12:27:10 CEST 2008 - varkoly@suse.de - -- (bnc#396985) sending of NUL character disallowed by RFC2822 -- (bnc#397127) without relay is silent about undeliverable mails - -------------------------------------------------------------------- -Tue May 13 18:17:09 CEST 2008 - varkoly@suse.de - -- (bnc#389670) - postfix generates invalid config - -------------------------------------------------------------------- -Tue Apr 1 16:17:31 CEST 2008 - mkoenig@suse.de - -- remove dir /usr/share/omc/svcinfo.d as it is provided now - by filesystem - -------------------------------------------------------------------- -Tue Feb 26 09:59:43 CET 2008 - varkoly@suse.de - -- Update to Version 2.5 patchlevel 1 - Changes: The Postfix 2.5 "postfix upgrade-configuration" command - now works even with Postfix 2.4 or earlier versions of the - postfix command. When installing Postfix 2.5.0 without upgrading - from an existing master.cf file, the new master.cf file had an - incorrect process limit for the proxywrite service. This service - is used only by the obscure "smtp_sasl_auth_cache_name" and - "lmtp_sasl_auth_cache_name" configuration parameters. Someone - needed multi-line support for header/body Milter replies. The - LDAP client's TLS support was broken in several ways. - -------------------------------------------------------------------- -Wed Feb 13 14:58:52 CET 2008 - varkoly@suse.de - -- #360572 - postfix %post script leaves lots of backup files in /etc/postfix/ - -------------------------------------------------------------------- -Wed Jan 30 12:20:53 CET 2008 - varkoly@suse.de - -- Update to Version 2.5 patchlevel 0 - - Major changes - critical - ------------------------ - - [Incompat 20071224] The protocol to send Milter information from - smtpd(8) to cleanup(8) processes was cleaned up. If you use the - Milter feature, and upgrade a live Postfix system, you may see an - "unexpected record type" warning from a cleanup(8) server process. - To prevent this, execute the command "postfix reload". The - incompatibility affects only systems that use the Milter feature. - It does not cause loss of mail, just a minor delay until the remote - SMTP client retries. - - [Incompat 20071212] The allow_min_user feature now applies to both - sender and recipient addresses in SMTP commands. With earlier Postfix - versions, only recipients were subject to the allow_min_user feature, - and the restriction took effect at mail delivery time, causing mail - to be bounced later instead of being rejected immediately. - - [Incompat 20071206] The "make install" and "make upgrade" procedures - now create a Postfix-owned directory for Postfix-writable data files - such as caches and random numbers. The location is specified with - the "data_directory" parameter (default: "/var/lib/postfix"), and - the ownership is specified with the "mail_owner" parameter. - - [Incompat 20071206] The tlsmgr(8) and verify(8) servers no longer - use root privileges when opening the address_verify_map, - *_tls_session_cache_database, and tls_random_exchange_name cache - files. This avoids a potential security loophole where the ownership - of a file (or directory) does not match the trust level of the - content of that file (or directory). - - [Incompat 20071206] The tlsmgr(8) and verify(8) cache files should - now be stored as Postfix-owned files under the Postfix-owned - data_directory. As a migration aid, attempts to open these files - under a non-Postfix directory are redirected to the Postfix-owned - data_directory, and a warning is logged. - - This is an example of the warning messages: - - Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: request - to update file /etc/postfix/prng_exch in non-postfix directory - /etc/postfix - - Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: redirecting - the request to postfix-owned data_directory /var/lib/postfix - - If you wish to continue using a pre-existing tls_random_exchange_name - or address_verify_map file, move it to the Postfix-owned data_directory - and change ownership from root to Postfix (that is, change ownership - to the account specified with the mail_owner configuration parameter). - - [Feature 20071205] The "make install" and "make upgrade" procedures - now create a Postfix-owned directory for Postfix-writable data files - such as caches and random numbers. The location is specified with - the "data_directory" parameter (default: "/var/lib/postfix"), and - the ownership is specified with the "mail_owner" parameter. - - [Incompat 20071203] The "make upgrade" procedure adds a new service - "proxywrite" to the master.cf file, for read/write lookup table - access. If you copy your old configuration file over the updated - one, you may see warnings in the maillog file like this: - - connect #xx to subsystem private/proxywrite: No such file or directory - - To recover, run "postfix upgrade-configuration" again. - - [Incompat 20070613] The pipe(8) delivery agent no longer allows - delivery with the same group ID as the main.cf postdrop group. - - Major changes - malware defense - ------------------------------- - - [Feature 20080107] New "pass" service type in master.cf. Written - years ago, this allows future front-end daemons to accept all - connections from the network, and to hand over connections from - well-behaved clients to Postfix. Since this feature uses file - descriptor passing, it imposes no overhead once a connection is - handed over to Postfix. See master(5) for a few details. - - [Feature 20070911] Stress-adaptive behavior. When a "public" network - service runs into an "all processes are busy" condition, the master(8) - daemon logs a warning, restarts the service, and runs it with "-o - stress=yes" on the command line (under normal conditions it runs - the service with "-o stress=" on the command line). This can be - used to make main.cf parameter settings stress dependent, for - example: - - /etc/postfix/main.cf: - smtpd_timeout = ${stress?10}${stress:300} - smtpd_hard_error_limit = ${stress?1}${stress:20} - - Translation: under conditions of stress, use an smtpd_timeout value - of 10 seconds instead of 300, and use smtpd_hard_error_limit of 1 - instead of 20. The syntax is explained in the postconf(5) manpage. - - The STRESS_README file gives examples of how to mitigate flooding - problems. - - Major changes - tls support - --------------------------- - - [Incompat 20080109] TLS logging output has changed to make it more - useful. Existing logfile parser regular expressions may need - adjustment. - - - More log entries include the "hostnamename[ipaddress]" of the - remote SMTP peer. - - - Certificate trust chain error reports show only the first - error certificate (closest to the trust chain root), and the - reporting is more human-readable for the most likely errors. - - - After the completion of the TLS handshake, the session is logged - with TLS loglevel >= 1 as either "Untrusted", "Trusted" or - "Verified" (SMTP client only). - - "Untrusted" means that the certificate trust chain is invalid, - or that the root CA is not trusted. - - "Trusted" means that the certificate trust chain is valid, and - that the root CA is trusted. - - "Verified" means that the certificate meets the SMTP client's - matching criteria for the destination: - - In the case of a destination name match, "Verified" also - implies "Trusted". - - In the case of a fingerprint match, CA trust is not applicable. - - - The logging of protocol states with TLS loglevel >= 2 no longer - reports bogus error conditions when OpenSSL asks Postfix to refill - (or flush) network I/O buffers. This loglevel is for debugging - only; use 0 or 1 in production configurations. - - [Feature 20080109] The Postfix SMTP client has a new "fingerprint" - security level. This avoids dependencies on CAs, and relies entirely - on bi-lateral exchange of public keys (really self-signed or private - CA signed X.509 public key certificates). Scalability is clearly - limited. For details, see the fingerprint discussion in TLS_README. - - [Feature 20080109] The Postfix SMTP server can now use SHA1 instead - of MD5 to compute remote SMTP client certificate fingerprints. For - backwards compatibility, the default algorithm is MD5. For details, - see the "smtpd_tls_fingerprint_digest" parameter in the postconf(5) - manual. - - [Feature 20080109] The maximum certificate trust chain depth - (verifydepth) is finally implemented in the Postfix TLS library. - Previously, the parameter had no effect. The default depth was - changed to 9 (the OpenSSL default) for backwards compatibility. - - If you have explicity limited the verification depth in main.cf, - check that the configured limit meets your needs. See the - "lmtp_tls_scert_verifydepth", "smtp_tls_scert_verifydepth" and - "smtpd_tls_ccert_verifydepth" parameters in the postconf(5) manual. - - [Feature 20080109] The selection of SSL/TLS protocols for mandatory - TLS can now use exclusion rather than inclusion. Either form is - acceptable; see the "lmtp_tls_mandatory_protocols", - "smtp_tls_mandatory_protocols" and "smtpd_tls_mandatory_protocols" - parameters in the postconf(5) manual. - - Major changes - scheduler - ------------------------- - - [Feature 20071130] Revised queue manager with separate mechanisms - for per-destination concurrency control and for dead destination - detection. The concurrency control supports less-than-1 feedback - to allow for more gradual concurrency adjustments, and uses hysteresis - to avoid rapid oscillations. A destination is declared "dead" after - a configurable number of pseudo-cohorts(*) reports connection or - handshake failure. - - (*) A pseudo-cohort is a number of delivery requests equal to a - destination's delivery concurrency. - - The drawbacks of the old +/-1 feedback scheduler are a) overshoot - due to exponential delivery concurrency growth with each pseudo-cohort(*) - (5-10-20...); b) throttling down to zero concurrency after a single - pseudo-cohort(*) failure. The latter was especially an issue with - low-concurrency channels where a single failure could be sufficient - to mark a destination as "dead", and suspend further deliveries. - - New configuration parameters: destination_concurrency_feedback_debug, - default_destination_concurrency_positive_feedback, - default_destination_concurrency_negative_feedback, - default_destination_concurrency_failed_cohort_limit, as well as - transport-specific versions of the same. - - The default parameter settings are backwards compatible with older - Postfix versions. This may change after better defaults are field - tested. - - The updated SCHEDULER_README document describes the theory behind - the new concurrency scheduler, as well as Patrik Rak's preemptive - job scheduler. See postconf(5) for more extensive descriptions of - the configuration parameters. - - Major changes - small/home office - --------------------------------- - - [Feature 20080115] Preliminary SOHO_README document that combines - bits and pieces from other document in one place, so that it is - easier to find. This document describes the "mail sending" side - only. - - [Feature 20071202] Output rate control in the queue manager. For - example, specify "smtp_destination_rate_delay = 5m", to pause five - minutes between message deliveries. More information in the postconf(5) - manual under "default_destination_rate_delay". - - Major changes - smtp client - --------------------------- - - [Incompat 20080114] The Postfix SMTP client now by default defers - mail after a remote SMTP server rejects a SASL authentication - attempt. Specify "smtp_sasl_auth_soft_bounce = no" for the old - behavior. - - [Feature 20080114] The Postfix SMTP client can now avoid making - repeated SASL login failures with the same server, username and - password. To enable this safety feature, specify for example - "smtp_sasl_auth_cache_name = proxy:btree:/var/lib/postfix/sasl_auth_cache" - (access through the proxy service is required). Instead of trying - to SASL authenticate, the Postfix SMTP client defers or bounces - mail as controlled with the new smtp_sasl_auth_soft_bounce configuration - parameter. - - [Feature 20071111] Header/body checks are now available in the SMTP - client, after the implementation was moved from the cleanup server - to a library module. The SMTP client provides only actions that - don't change the message delivery time or destination: warn, replace, - prepend, ignore, dunno, ok. - - [Incompat 20070614] By default, the Postfix Cyrus SASL client no - longer sends a SASL authoriZation ID (authzid); it sends only the - SASL authentiCation ID (authcid) plus the authcid's password. Specify - "send_cyrus_sasl_authzid = yes" to get the old behavior. - - Major changes - smtp server - --------------------------- - - [Feature 20070724] Not really major. New support for RFC 3848 - (Received: headers with ESMTPS, ESMTPA, or ESMTPSA); updated SASL - support according to RFC 4954, resulting in small changes to SMTP - reply codes and (DSN) enhanced status codes. - - Major changes - milter - ---------------------- - - [Incompat 20071224] The protocol to send Milter information from - smtpd(8) to cleanup(8) processes was cleaned up. If you use the - Milter feature, and upgrade a live Postfix system, you may see an - "unexpected record type" warning from a cleanup(8) server process. - To prevent this, execute the command "postfix reload". The - incompatibility affects only systems that use the Milter feature. - It does not cause loss of mail, just a minor delay until the remote - SMTP client retries. - - [Feature 20071221] Support for most of the Sendmail 8.14 Milter - protocol features. - - To enable the new features specify "milter_protocol = 6" and link - the filter application with a libmilter library from Sendmail 8.14 - or later. - - Sendmail 8.14 Milter features supported at this time: - - - NR_CONN, NR_HELO, NR_MAIL, NR_RCPT, NR_DATA, NR_UNKN, NR_HDR, - NR_EOH, NR_BODY: The filter can tell Postfix that it won't reply - to some of the SMTP events that Postfix sends. This makes the - protocol less chatty and improves performance. - - - SKIP: The filter can tell Postfix to skip sending the rest of - the message body, which also improves performance. - - - HDR_LEADSPC: The filter can request that Postfix does not delete - the first space character between header name and header value - when sending a header to the filter, and that Postfix does not - insert a space character between header name and header value - when receiving a header from the filter. This fixes a limitation - in the old Milter protocol that can break DKIM and DK signatures. - - - SETSYMLIST: The filter can override one or more of the main.cf - milter_xxx_macros parameter settings. - - Sendmail 8.14 Milter features not supported at this time: - - - RCPT_REJ: report rejected recipients to the mail filter. - - - CHGFROM: replace sender, with optional ESMTP command parameters. - - - ADDRCPT_PAR: add recipient, with optional ESMTP command parameters. - - It is unclear when (if ever) the missing features will be implemented. - SMFIP_RCPT_REJ requires invasive changes in the SMTP server recipient - processing and error handling. SMFIR_CHGFROM and SMFIR_ADDRCPT_PAR - require ESMTP command-line parsing in the cleanup server. Unfortunately, - Sendmail's documentation does not specify what ESMTP options are - supported, but only discusses examples of things that don't work. - - Major changes - address verification - ------------------------------------ - - [Incompat 20070514] The default sender address for address verification - probes was changed from "postmaster" to "double-bounce", so that - the Postfix SMTP server no longer causes surprising behavior by - excluding "postmaster" from SMTP server access controls. - - Major changes - ldap - -------------------- - - [Incompat 20071216] Due to an incompatible API change between - OpenLDAP 2.0.11 and 2.0.12, an LDAP client compiled for OpenLDAP - version <= 2.0.11 will refuse to work with an OpenLDAP library - version >= 2.0.12 and vice versa. - - Major changes - logging - ----------------------- - - [Incompat 20080109] TLS logging output has changed to make it more - useful. Existing logfile parser regular expressions may need - adjustment. - - - More log entries include the "hostnamename[ipaddress]" of the - remote SMTP peer. - - - Certificate trust chain error reports show only the first - error certificate (closest to the trust chain root), and the - reporting is more human-readable for the most likely errors. - - - After the completion of the TLS handshake, the session is logged - with TLS loglevel >= 1 as either "Untrusted", "Trusted" or - "Verified" (SMTP client only). - - "Untrusted" means that the certificate trust chain is invalid, - or that the root CA is not trusted. - - "Trusted" means that the certificate trust chain is valid, and - that the root CA is trusted. - - "Verified" means that the certificate meets the SMTP client's - matching criteria for the destination: - - In the case of a destination name match, "Verified" also - implies "Trusted". - - In the case of a fingerprint match, CA trust is not applicable. - - - The logging of protocol states with TLS loglevel >= 2 no longer - reports bogus error conditions when OpenSSL asks Postfix to refill - (or flush) network I/O buffers. This loglevel is for debugging - only; use 0 or 1 in production configurations. - - [Incompat 20071216] The SMTP "transcript of session" email now - includes the remote SMTP server TCP port number. - - Major changes - loop detection - ------------------------------ - - [Incompat 20070422] [Incompat 20070422] When the pipe(8) delivery - agent is configured to create the optional Delivered-To: header, - it now first checks if that same header is already present in the - message. If so, the message is returned as undeliverable. This test - should have been included with Postfix 2.0 when Delivered-To: support - was added to the pipe(8) delivery agent. - -------------------------------------------------------------------- -Tue Jan 8 10:00:12 CET 2008 - varkoly@suse.de - -- Remove previous fix - -------------------------------------------------------------------- -Sun Dec 30 19:58:02 CET 2007 - varkoly@suse.de - -- #301335 - [SuSEconfig]: Postfix module uses stderr - -------------------------------------------------------------------- -Tue Dec 4 09:02:19 CET 2007 - varkoly@suse.de - -- Update to Version 2.4 patchlevel 6 - Bugfix (introduced Postfix 2.2.11): TLS client certificate - with unparsable canonical name caused the SMTP server's - policy client to allocate zero-length memory, triggering - an assertion that it shouldn't do such things. File: - smtpd/smtpd_check.c. - - Bugfix (introduced Postfix 2.4) missing initialization of - event mask in the event_mask_drain() routine (used by the - obsolete postkick(1) command). Found by Coverity. File: - util/events.c. - - Workaround: the flush daemon forces an access time update - for the per-destination logfile, to prevent an excessive - rate of delivery attempts when the queue file system is - mounted with "noatime". File: flush/flush.c. - -- #330276 – /sbin/conf.d/SuSEconfig.postfix could copy certs into smtpd_tls_CApath - -------------------------------------------------------------------- -Mon Oct 22 17:38:19 CEST 2007 - sbrabec@suse.cz - -- Use correct SuSEfirewall2 rule directory. - -------------------------------------------------------------------- -Wed Oct 17 11:52:01 CEST 2007 - varkoly@suse.de - -- #333629 - saslauthd typo in SuSEconfig.postfix - -------------------------------------------------------------------- -Mon Oct 8 12:37:39 CEST 2007 - varkoly@suse.de - -- #331044 - Postfix uses receive_override_options in main.cf - -------------------------------------------------------------------- -Sun Sep 9 17:42:27 CEST 2007 - varkoly@suse.de - -- fix the last fix - -------------------------------------------------------------------- -Tue Sep 4 00:38:58 CEST 2007 - cthiel@suse.de - -- fix the last fix - -------------------------------------------------------------------- -Mon Sep 3 12:37:43 CEST 2007 - varkoly@suse.de - -- Fixing bug: #297622 - SMTPD_LISTEN_REMOTE has no effect - -------------------------------------------------------------------- -Mon Aug 6 00:26:31 CEST 2007 - mrueckert@suse.de - -- Update to Version 2.4 patchlevel 5 - Bugfix: the loopback TCP performance workaround was ineffective - due to a wetware bit-flip during code cleanup. File: - util/vstream_tweak.c. - - (patch level 4) - Bugfix: the Milter client assumed that a Milter application - does not modify the message header or envelope, after that - same Milter application has modified the message body of - that same email message. This is not a problem with updates - by different Milter applications. Problem was triggered - by Jose-Marcio Martins da Cruz. Also simplified the handling - of queue file update errors. File: milter/milter8.c. - - Workaround: some non-Cyrus SASL SMTP servers require SASL - login without authzid (authoriZation ID), i.e. the client - must send only the authcid (authentiCation ID) + the authcid's - password. In this case the server is supposed to derive - the authzid from the authcid. This works as expected when - authenticating to a Cyrus SASL SMTP server. To get the old - behavior specify "send_cyrus_sasl_authzid = yes", in which - case Postfix sends the (authzid, authcid, password), with - the authzid equal to the authcid. File: xsasl/xsasl_cyrus_client.c. - - Portability: /dev/poll support for Solaris chroot jail setup - scripts. Files: examples/chroot-setup/Solaris8, - examples/chroot-setup/Solaris10. - - Cleanup: Milter client error handling, so that the (Postfix - SMTP server's Milter client) does not get out of sync with - Milter applications after the (cleanup server's Milter - client) encounters some non-recoverable problem. Files: - milter/milter8.c, smtpd/smtpd.c. - - Performance: workaround for poor TCP performance on loopback - (127.0.0.1) connections. Problem reported by Mark Martinec. - Files: util/vstream_tweak.c, milter/milter8.c, smtp/smtp_connect.c, - smtpstone/*source.c. - - Bugfix: when a milter replied with ACCEPT at or before the - first RCPT command, the cleanup server would apply the - non_smtpd_milters setting as if the message was a local - submission. Problem reported by Jukka Salmi. Also, the - cleanup server would get out of sync with the milter when - a milter replied with ACCEPT at the DATA command. Files: - cleanup/cleanup_envelope.c, smtpd/smtpd.c, milter/milters.c. -- rediffed patches - -------------------------------------------------------------------- -Tue Jul 31 18:21:11 CEST 2007 - varkoly@suse.de - -- Update to Version 2.4 patchlevel 3 - (patch level 1) - Bugfix (introduced Postfix 2.3): segfault with HOLD action - in access/header_checks/body_checks on 64-bit platforms. - File: cleanup/cleanup_api.c. - - Portability (introduced 20070325): the fix for hardlinks - and symlinks in postfix-install forgot to work around shells - where "IFS=/ command" makes the IFS setting permanent. This - is allowed by some broken standard, and affects Solaris. - File: postfix-install. - - Portability (introduced 20070212): the workaround for - non-existent library bugs with descriptors >= FD_SETSIZE - broke with "fcntl F_DUPFD: Invalid argument" on 64-bit - Solaris. Files: master/multi_server.c, *qmgr/qmgr_transport.c. - - Cleanup: on (Linux) platforms that cripple signal handlers - with deadlock, "postfix stop" now forcefully stops all the - processes in the master's process group, not just the master - process alone. File: conf/postfix-script. - - (patch level 2) - Bugfix: don't falsely report "lost connection from - localhost[127.0.0.1]" when Postfix is being portscanned. - Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c. - - Robustness: recommend a "0" process limit for policy servers - to avoid "connection refused" problems when the smtpd process - limit exceeds the default process limit. File: - proto/SMTPD_POLICY_README.html. - - Safety: when IPv6 (or IPv4) is turned off, don't treat an - IPv6 (or IPv4) connection from e.g. inetd as if it comes - from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c, - qmqpd/qmqpd_peer.c. - - Bugfix: Content-Transfer-Encoding: attribute values are - case insensitive. File: src/cleanup/cleanup_message.c. - - Bugfix: mailbox_transport(_maps) and fallback_transport(_maps) - were broken when used with the error(8) or discard(8) - transports. Cause: insufficient documentation. Files: - error/error.c, discard/discard.c. - - Bugfix (problem introduced Postfix 2.3): when DSN support - was introduced it broke "agressive" recipient duplicate - elimination with "enable_original_recipient = no". File: - cleanup/cleanup_out_recipient.c. - - Bugfix (introduced Postfix 2.3): the sendmail/postdrop - commands would hang when trying to submit a message larger - than the per-message size limit. File: postdrop/postdrop.c. - - Sabotage the saboteur who insists on breaking Postfix by - adding gethostbyname() calls that cause maildir delivery - to fail when the machine name is not found in /etc/hosts, - or that cause Postfix processes to hang when the network - is down. - - (patch level 3) - Portability: Victor helpfully pointed out that change - 20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c, - qmqpd/qmqpd_peer.c. - -------------------------------------------------------------------- -Thu Jun 21 08:30:45 CEST 2007 - varkoly@suse.de - -- Bug 285553 amavisd inconsistency - -------------------------------------------------------------------- -Tue Jun 19 18:55:43 CEST 2007 - dmueller@suse.de - -- provide smtp meta-service as well - -------------------------------------------------------------------- -Mon Jun 11 21:32:53 CEST 2007 - lrupp@suse.de - -- don't PreRequire /sbin/ip: removed call in SuSEconfig.postfix - -------------------------------------------------------------------- -Thu May 3 12:09:13 CEST 2007 - varkoly@suse.de - -- dynamic_maps.patch: readded the chunk for dict_tcp and dict_pcre -- replaced prereq for postfix with a prereq on - %{name} = %{version} -- updated to postfix 2.4, patchlevel 0 - Major changes - safety - * As a safety measure, Postfix now by default creates mailbox dotlock - files on all systems. This prevents problems with GNU POP3D which - subverts kernel locking by creating a new mailbox file and deleting - the old one - - Major changes - Milter support - * The support for Milter header modification - requests was revised. With minimal change in the on-disk representation, - the code was greatly simplified, and regression tests were updated - to ensure that old errors were not re-introduced. The queue file - format is entirely backwards compatible with Postfix 2.3. - - * Support for Milter requests to replace the message - body. Postfix now implements all the header/body modification - requests that are available with Sendmail 8.13. - - * A new field is added to the queue file "size" - record that specifies the message content length. Postfix 2.3 and - older Postfix 2.4 snapshots will ignore this field, and will report - the message size as it was before the body was replaced. - - Major changes - TLS support - * The check_smtpd_policy client sends TLS certificate - attributes (client ccert_subject, ccert_issuer) only after successful - client certificate verification. The reason is that the certification - verification status itself is not available in the policy request. - - * The check_smtpd_policy client sends TLS certificate - fingerprint information even when the certificate itself was not - verified. - - * The remote SMTP client TLS certificate fingerprint - can be used for access control even when the certificate itself was - not verified. - - * The format of SMTP server TLS session cache - lookup keys has changed. The lookup key now includes the master.cf - service name. - - Major changes - performance - * Better support for systems that run thousands - of Postfix processes. Postfix now supports FreeBSD kqueue(2), - Solaris poll(7d) and Linux epoll(4) as more scalable alternatives - to the traditional select(2) system call, and uses poll(2) when - examining a single file descriptor for readability or writability. - These features are supported on sufficiently recent versions of - FreeBSD, NetBSD, OpenBSD, Solaris and Linux; support for other - systems will be added as evidence becomes available that usable - implementations exist. - - Major changes - delivery status notifications - * Small changes were made to the default bounce - message templates, to prevent HTML-aware software from hiding or - removing the text "", and producing misleading text. - - * Postfix no longer announces its name in delivery - status notifications. Users believe that Wietse provides a free - help desk service that solves all their email problems. - - Major changes - ETRN support - * More precise queue flushing with the ETRN, - "postqueue -s site", and "sendmail -qRsite" commands, after - minimization of race conditions. New per-queue-file flushing with - "postqueue -i queueid" and "sendmail -qIqueueid". - - Major changes - small office/home office support - * Postfix no longer requires a domain name. It - uses "localdomain" as the default Internet domain name when no - domain is specified via main.cf or via the machine's hostname. - - Major changes - SMTP access control - * The check_smtpd_policy client sends TLS certificate - attributes (client ccert_subject, ccert_issuer) only after successful - client certificate verification. The reason is that the certification - verification status itself is not available in the policy request. - - * The check_smtpd_policy client sends TLS certificate - fingerprint information even when the certificate itself was not - verified. - - * The remote SMTP client TLS certificate fingerprint can be used for - access control even when the certificate itself was not verified. - - * The Postfix installation procedure no longer - updates main.cf with "unknown_local_recipient_reject_code = 450". - Four years after the introduction of mandatory recipient validation, - this transitional tool is no longer neeed. - -------------------------------------------------------------------- -Thu Mar 29 14:33:03 CEST 2007 - rguenther@suse.de - -- Add pwdutils BuildRequires to allow postinst script to succeed. -- Add /usr/share/omc directory. - -------------------------------------------------------------------- -Mon Feb 26 10:32:36 CET 2007 - varkoly@suse.de - -- #247351 - postfix - Ports for SuSEfirewall added via packages - -- Move postfix.xml into the postfix-SuSE tarball - -- #228479 - Postfix is configured for inet_protocols=all if - selecting ipv4 only support during installation. - Now we set both inet_protocols and inet_interfaces to all. - This means the available interfaces and protocols will be used. - To avoid bogus warnings inet_proto.c was patched. - -- #251598 - postfix use pointers for literals - -------------------------------------------------------------------- -Mon Jan 15 13:14:07 CET 2007 - varkoly@suse.de - -- #144104 - postfix does not start - -- Implementing Fate #301840: Postfix XML Service Description Document - -- Enhancing /etc/sysconfig/postfix descripton to avoid problems - like Bug 228678 - Problems with setting up chroot environment if - /var/spool is not on same filesystem as /var - -------------------------------------------------------------------- -Wed Nov 22 03:03:18 CET 2006 - mrueckert@suse.de - -- moved the dict handling into a preun script instead of postun - and do not remove the dict entry on upgrade (#223176) -- removed duplicates in the filelists. - -------------------------------------------------------------------- -Fri Nov 10 11:43:00 CET 2006 - varkoly@suse.de - -- #218229 - Postfix SuSEconfig script increases the max_proc line each run in master.cf - -------------------------------------------------------------------- -Sat Oct 28 11:41:50 CEST 2006 - varkoly@suse.de - -- #206414 - /usr/lib/sasl2/smtpd.conf misplaced - -------------------------------------------------------------------- -Tue Oct 24 22:32:45 CEST 2006 - varkoly@suse.de - -- #202119 – SuSEconfig script for Postfix incomplete -- #202162 – Postfix 2.3.2 slightly incorrect, Cyrus SASL unavailable -- #203174 – /sbin/conf.d/SuSEconfig.postfix should configure a TLS session cache for postfix 2.2 -- #203575 – postfix-2.2.9-10 chokes without scache -- #213589 - No development package/headers for postfix - -------------------------------------------------------------------- -Wed Aug 16 01:24:20 CEST 2006 - ro@suse.de - -- also add libpostfix-milter.so* - -------------------------------------------------------------------- -Mon Aug 14 12:34:37 CEST 2006 - varkoly@suse.de - -- updated to postfix 2.3, patchlevel 2 -- Major changes - - Name server replies that contain a malformed hostname are now flagged - as permanent errors instead of transient errors. - - DSN support as described in RFC 3461 .. RFC 3464. - - The SMTP client now implements the LMTP protocol. - - Milter (mail filter) application support, compatible with Sendmail - version 8.13.6 and earlier. -- Major changes - SASL authentication - - Plug-in support for SASL authentication in the SMTP server and in the - SMTP/LMTP client. - - The Postfix-with-Cyrus-SASL build procedure has changed. - - Support for sender-dependent ISP accounts. -- Major changes - SMTP client - - The SMTP client now implements the LMTP protocol. - - This version addresses a performance stability problem with remote - SMTP servers. -- Major changes - SMTP server - - The Postfix SMTP server now refuses to receive mail from the network - if it isn't running with postfix mail_owner privileges. - - Optional suppression of remote SMTP client hostname lookup and hostname - verification. - - SMTPD Access control based on the existence of an address->name mapping -- Major changes - TLS - - New concept: TLS security levels ("none", "may", "encrypt", "verify" - or "secure") in the Postfix SMTP client. - - Both the Postfix SMTP client and server can be configured without a - client or server certificate. -- See - /usr/share/doc/packages/postfix/RELEASE_NOTES - /usr/share/doc/packages/postfix/TLS_CHANGES - /usr/share/doc/packages/postfix/README_FILES/SASL_README - for detailed informations. - -------------------------------------------------------------------- -Wed Aug 2 16:18:30 CEST 2006 - varkoly@suse.de - -- Only %{conf_backup_dir} is contained by the package not /var/adm/backup - -------------------------------------------------------------------- -Mon Jul 10 16:21:31 CEST 2006 - varkoly@suse.de - -- Bugfix: #190639 Default number of processes for postfix -- Bugfix: #190270 postfix-postgresql - -------------------------------------------------------------------- -Fri Jun 2 19:58:38 CEST 2006 - varkoly@suse.de - -- Bugfix: #98188 - SuSE.tar.gz filename collision in cyrus/postfix SRPMs - -------------------------------------------------------------------- -Mon Apr 24 17:14:40 CEST 2006 - varkoly@suse.de - -- Bugfix: #165786 - yast2-mail modul uses obsolate postfix attributes - -------------------------------------------------------------------- -Mon Mar 20 10:21:55 CET 2006 - varkoly@suse.de - -- updated to postfix 2.2, patchlevel 9. -- Reasons: - Bugfix: the LMTP client would reuse a session after negative - reply to the RSET command (which may happen when client and - server somehow get out of sync). - Bugfix: race condition in the connection caching protocol, - causing the SMTP delivery agent to hang after delivering - mail, while trying to save a connection. - Bugfix: the best_mx_transport, mailbox_transport and - fallback_transport features did not write a per-recipient - defer logfile record when the target delivery agent was - broken. - Bugfix: an EHLO I/O error after STARTTLS would be reported - as a STARTTLS I/O error. - Bugfix: the *SQL, proxy and LDAP maps were not defined in - user-land commands such as postqueue. - Bugfix: the anvil server would terminate after "max_idle" - seconds, even when this was less than the anvil_rate_time_unit - interval. - Portability: 64-bit support for LINUX chroot script by Keith - Owens. - Safety: new "smtp_cname_overrides_servername" parameter. - - Bugfix: mailbox_command_maps was not subject to $name - expansion. - Bugfix: don't ignore the per-site policy when SSL library - initialization fails. - Bugfix: a TLS per-site MUST_NOPEERMATCH policy could not - override a stronger main.cf policy, while a per-site NONE - policy could. - Bugfix: a combined TLS per-site (host, recipient) policy - of (NONE, MAY) changed a global MUST policy into NONE, and - a global MUST_NOPEERMATCH into MAY. The result is now NONE. - Problem found by exhaustive simulation. - Bugfix: an empty remote_header_rewrite_domain value caused - trivial-rewrite to dereference a null pointer, but only in - regression tests, not in production. Postfix rewrites - addresses in the remote rewriting context only when the - remote_header_rewrite_domain parameter value is non-empty. - Workaround: a malformed domain name lookup result (such as - null MX record) is now treated as a hard error, so that - Postfix will no longer repeatedly try to deliver mail until - the message expires in the queue. However, this will not - reject mail with reject_unknown_sender/recipient_domain. - That would require too much change for a stable release. - -------------------------------------------------------------------- -Fri Jan 27 02:19:42 CET 2006 - mls@suse.de - -- converted neededforbuild to BuildRequires - -------------------------------------------------------------------- -Tue Jan 24 09:11:46 CET 2006 - varkoly@suse.de - -- Fixing the spec-file -- Bugfix: ID#143682 - Spurious (obsoleted?) configuration variable in postfix's main.cf - -------------------------------------------------------------------- -Mon Jan 23 13:00:13 CET 2006 - varkoly@suse.de - -- Bugfix: ID#140173 postfix allows relaying on the whole subnet -- Bugfix: ID#144091 postfix doesn't start with the latest kernel - -------------------------------------------------------------------- -Fri Jan 20 11:56:24 CET 2006 - varkoly@suse.de - -- Bugfix: ID#144091 -- Postfix makes an entry in slp servre for smtp & smtps - -------------------------------------------------------------------- -Mon Jan 16 14:49:29 CET 2006 - varkoly@suse.de - -- removing openldap from "neededforbuild" - -------------------------------------------------------------------- -Wed Nov 30 11:11:16 CET 2005 - choeger@suse.de - -- updated to postfix 2.2, patchlevel 6 - -------------------------------------------------------------------- -Tue Oct 11 15:03:56 CEST 2005 - choeger@suse.de - -- added patch ldap_api_changes.patch: openldap2.3 enforces to use - "The C LDAP Application Program Interface" - -------------------------------------------------------------------- -Mon Aug 15 13:55:32 CEST 2005 - choeger@suse.de - -- Bugfix Bugzilla ID#104663 - consistent use of variables in postfix - init-script -- Bugfix Bugzilla ID#104568 - SuSEconfig.postfix doesnt set $PATH properly to - find all binaries. - -------------------------------------------------------------------- -Fri Aug 12 10:25:09 CEST 2005 - mmj@suse.de - -- Package the /usr/lib/sendmail -> /usr/sbin/sendmail link [#102947] - -------------------------------------------------------------------- -Tue Jul 26 11:05:29 CEST 2005 - choeger@suse.de - -- Bugfix Bugzilla ID#93884 - package postfix uses -fsigned-char - Remove -fsigned-char option for ppc and s390 archs - -------------------------------------------------------------------- -Mon Jul 25 11:52:18 CEST 2005 - choeger@suse.de - -- updated to postfix 2.2, patchlevel 5: - - Portability: the connection caching code broke on LP64 - systems (inherited from Stevens Network Programming). - Files: util/unix_send_fd.c, util/unix_recv_fd.c. This code - is back-ported from the Postfix 2.3 snapshot release. - - Robustness: the SMTP client now disables connection caching - when it is unable to communicate with the scache(8) server, - instead of looping forever and not delivering mail. File: - global/scache_clnt.c. This code is back-ported from the - Postfix 2.3 snapshot release. - - Portability: after sending a socket, the scache(8) server - now waits for an ACK from the connection cache client before - closing the socket that it just sent. Files: scache/scache.c, - global/scache_clnt.c. This code is back-ported from the - Postfix 2.3 snapshot release. - - Portability: on LP64 systems, integer expressions are int, - but sizeof() and pointer difference expressions are larger. - Point fixes for a few discrepancies with variadic functions - that expect int (the permanent fix is to change the receiving - modules, but that results in too much change, and is not - allowed in the stable release). Files: tls/tls_scache.c, - util/clean_env.c, util/vstring.h, smtpstone/qmqp-source.c. - -------------------------------------------------------------------- -Mon Jul 18 15:49:16 CEST 2005 - choeger@suse.de - -- force to set strict_8bitmime to "no" when POSTFIX_MDA != cyrus, - because once it is set to "yes", nobody sets it back. -- only install /etc/pam.d/smtp if suse_version > 920 -- use Prereq instead of Requires for mysql and postgresql subpackages - -------------------------------------------------------------------- -Wed Jul 13 16:59:14 CEST 2005 - choeger@suse.de - -- added /etc/pam.d/smtp configuration file - -------------------------------------------------------------------- -Thu Jul 7 16:44:05 CEST 2005 - choeger@suse.de - -- Fixed build on x86_64: use -fPIC for libraries and -fPIE for the - rest - -------------------------------------------------------------------- -Tue Jul 5 17:57:48 CEST 2005 - choeger@suse.de - -- applied dynamic maps patch of LaMont Jones at debian -- Fix to SuSEconfig.postfix: only touch tlsmgr line in master.cf, - if it is the new one using unix socket instead of fifo - -------------------------------------------------------------------- -Thu Jun 30 17:52:10 CEST 2005 - uli@suse.de - -- build with -fPIE (not -fpie) to avoid GOT overflow on s390x - -------------------------------------------------------------------- -Thu Jun 23 10:22:18 CEST 2005 - choeger@suse.de - -- updated to postfix 2.2, patchlevel 4 - -------------------------------------------------------------------- -Fri Jun 17 17:06:39 CEST 2005 - choeger@suse.de - -- fixed build using -pie/-fpie (hopefully) - -------------------------------------------------------------------- -Fri Jun 17 11:04:03 CEST 2005 - choeger@suse.de - -- Build using -pie - -------------------------------------------------------------------- -Fri May 13 18:24:50 CEST 2005 - choeger@suse.de - -- set strict_8bitmime parameter to yes when using cyrus mailbox - delivery - -------------------------------------------------------------------- -Wed May 4 15:54:33 CEST 2005 - choeger@suse.de - -- Bugfix ID#66325 - postfix: permissions - also ship a postfix.paranoid file with the package with all suid and sgid - bits disabled - -------------------------------------------------------------------- -Tue May 3 16:29:04 CEST 2005 - choeger@suse.de - -- updated to postfix 2.2, patchlevel 3 -- Bugfix ID#75717 - postfix init scripts reports success allthough postfix is - not running: - use checkproc again instead of "master -t", as "master -t" seems to be broken - -------------------------------------------------------------------- -Thu Apr 21 17:42:04 CEST 2005 - choeger@suse.de - -- updated to postfix 2.2, patchlevel 2 -- Bugfix ID#74712, problems with read-only mounting of $chroot/proc: - don't mount /var/spool/postfix/proc ro as that results in /proc also mounted - ro. -- Bugfix ID#74709, postfix configuration and USE_IPV6 in - sysconfig/network/config - -------------------------------------------------------------------- -Tue Mar 15 17:46:44 CET 2005 - choeger@suse.de - -- updated to postfix 2.2, patchlevel 1 - Postfix 2.2.1 solves four portability problems that surfaced in - the week since the 2.2.0 release, one harmless bug in the TLS - session cache cleaning code, and cleans up minor documentation - problems. - -------------------------------------------------------------------- -Thu Mar 10 10:18:45 CET 2005 - choeger@suse.de - -- 2.2.0 is out - -------------------------------------------------------------------- -Mon Mar 7 14:15:08 CET 2005 - choeger@suse.de - -- update to RC2 - -------------------------------------------------------------------- -Wed Mar 2 15:01:33 CET 2005 - choeger@suse.de - -- make it compile with gcc4 - -------------------------------------------------------------------- -Mon Feb 28 18:03:36 CET 2005 - choeger@suse.de - -- RC1 of 2.2 is out - -------------------------------------------------------------------- -Fri Feb 18 16:34:07 CET 2005 - choeger@suse.de - -- use "usr/sbin/postfix upgrade-configuration" now instead of - "etc/postfix/post-install upgrade-package" - -------------------------------------------------------------------- -Thu Feb 17 19:28:22 CET 2005 - choeger@suse.de - -- removed some @ chars (don't know how they slipped in) - -------------------------------------------------------------------- -Thu Feb 17 13:42:18 CET 2005 - choeger@suse.de - -- update to current pre 2.2 snapshot (2.2-20050216) - 2.2 release could happen next week - -------------------------------------------------------------------- -Thu Feb 10 09:08:18 CET 2005 - choeger@suse.de - -- added patch needed for the Kolab project (this patch is part of the upcoming - postfix 2-2 release), see - http://wiki.kolab.org/index.php/Kolab-major-app-patches - -------------------------------------------------------------------- -Thu Feb 3 10:00:38 CET 2005 - choeger@suse.de - -- s/X-UnitedLinux-Should-Start/Should-Start/ - -------------------------------------------------------------------- -Wed Feb 2 16:44:34 CET 2005 - choeger@suse.de - -- added long_header.patch - long lines piped into postfix sendmail can lead to errors. - -------------------------------------------------------------------- -Wed Feb 2 08:52:19 CET 2005 - choeger@suse.de - -- Bugfix ID#49307: faster postfix startup: don't use hashed directories if - possible: - - added patch empty_hash_queue_names.patch to be able to modify - hash_queue_names parameter. - - added check to %post to change hash_queue_names in case of - /var/spool/postfix residing on a reiserfs partition when doing - a fresh installation -- Bugfix ID#50386 - postfix must prereq /sbin/ip (iproute2) - -------------------------------------------------------------------- -Fri Jan 28 16:29:05 CET 2005 - choeger@suse.de - -- updated tls+ipv6 patchkit to v1.26 - - Bugfix: Incomplete error checking in getaddrinfo() could cause lmtpd to - crash with debug_peer_list defined. Carsten Hoeger, SuSE. File: - util/match_ops.c - - Linux workaround: When mynetworks isn't set, a chrooted process could not - read the IPv6 address information from /proc. We now invoke own_inet_addr() - before chrooting, while processing main.cf. [backported from 2.2-nonprod - snapshot] File: global/mail_params.c - - Safety: when IPv6 netmask can't be determined, mynetworks is not set and - mynetworks_style = subnet, assume /128 (host only). Until now, Tru64Unix - assumed /64 (good for real subnets, but not safe for tunnel ranges etc.). - File: util/inet_addr_local.c - -------------------------------------------------------------------- -Sat Jan 15 20:48:48 CET 2005 - schwab@suse.de - -- Use : in permissions file. - -------------------------------------------------------------------- -Thu Jan 13 16:16:41 CET 2005 - choeger@suse.de - -- Two fixes to ipv6-patch related bugs: - - Bugfix Bugzilla ID#49435 - VUL-0: Postfix, permit_mx_backup, IPv6, chroot - --> Open Relay! - - Bugfix Bugzilla ID#49695 - SEGV while lmtp delivery -- mount /proc into chroot jail to be able to access /proc/net/if_inet6 - -------------------------------------------------------------------- -Wed Nov 24 14:46:16 CET 2004 - schwab@suse.de - -- Put options first in find command line. - -------------------------------------------------------------------- -Tue Nov 9 09:20:27 CET 2004 - choeger@suse.de - -- setting LC_ALL=POSIX in SuSEconfig.postfix - -------------------------------------------------------------------- -Wed Sep 29 18:14:13 CEST 2004 - choeger@suse.de - -- Bugfix Bugzilla ID#46462, postfix should switch biff off - -------------------------------------------------------------------- -Tue Sep 21 12:48:02 CEST 2004 - choeger@suse.de - -- updated to postfix 2.1, patchlevel 5 - (several small bugfixes) -- updated tls+ipv6 patchkit (there have been some small bugs) -- use v4 address 127.0.0.1 as amavisd-new local contact address - as amavisd is not listening on any v6 address - -------------------------------------------------------------------- -Mon Sep 20 09:51:25 CEST 2004 - choeger@suse.de - -- also chmod the .db file resulting of a postmap (related to - bugfix ID#39045 - -------------------------------------------------------------------- -Thu Sep 16 13:57:32 CEST 2004 - choeger@suse.de - -- Bugfix Bugzilla ID#39045 - tls_per_site table updates in SuSEconfig.postfix - introduced POSTFIX_MAP_LIST in /etc/sysconfig/postfix where additional - maps maintained by SuSEconfig.postfix can be added - -------------------------------------------------------------------- -Thu Sep 16 10:34:58 CEST 2004 - choeger@suse.de - -- Bugfix Bugzilla ID#45252 - rpm calls SuSEconfig.permissions which calls rpm - -> 3 minute timeout - Also don't call rpm from SuSEconfig.postfix -- Speedup: set timestamp of $TMPDIR/main.cf into the past to workaround - postconf safety which is not neccessary, because we do not touch the main.cf, - the postfix daemons are using. - -------------------------------------------------------------------- -Mon Sep 13 11:57:15 CEST 2004 - choeger@suse.de - -- added $time to Required-Start in init-script - -------------------------------------------------------------------- -Thu Aug 26 14:15:31 CEST 2004 - choeger@suse.de - -- do not filter locally delivered mail when USE_AMAVIS=yes - (don't set content_filter=vscan in main.cf) -- removed obsolete vscan service definition from master.cf - -------------------------------------------------------------------- -Fri Aug 20 12:47:52 CEST 2004 - choeger@suse.de - -- use "$MASTER_BIN -t" to check whether postfix is already running - in start section of init-script. That's more reliable then checkproc. - -------------------------------------------------------------------- -Wed Jul 14 17:48:29 CEST 2004 - choeger@suse.de - -- Bugfix Bugzilla ID#42995 - SuSEconfig.postfix should ignore - .swp and other files in /etc/aliases.d - -------------------------------------------------------------------- -Tue Jul 13 16:22:02 CEST 2004 - choeger@suse.de - -- Bugfix Bugzilla ID#42281, openssl ca segfaults: - added missing [ policy_anything ] configuration - options to openssl.cnf - -------------------------------------------------------------------- -Mon Jul 12 14:58:58 CEST 2004 - choeger@suse.de - -- updated to postfix 2.1, patchlevel 4 -- updated tls+ipv6 patchkit to v1.25 -- new feature POSTFIX_REGISTER_SLP in /etc/sysconfig/postfix - to be able to totally disable slptool from being started - -------------------------------------------------------------------- -Tue May 25 12:42:45 CEST 2004 - choeger@suse.de - -- updated tls+ipv6 patchkit to v1.24: - - Bugfix: Prefixlen non-null host portion validation (in CIDR maps for - example) yielded incorrect results sometimes because signed arithmetic was - used instad of unsigned. - - Patch correction: The TLS+IPv6 patch for Postfix 2.1.0 missed the master.cf - update (used for new installattions). Added it back. -- as tls and ipv6 patches have not been completely ported to postfix 2.1 - new documentation system, especially the new postconf(5) manpage is - missing the complete ipv6 and tls related configuration parameters, - readded the sample-* files from ipv6+tls to %doc/samples - -------------------------------------------------------------------- -Tue May 4 11:24:20 CEST 2004 - choeger@suse.de - -- update to postfix 2.1, patchlevel 1: - - Patch 01 fixes a signal 11 problem in the check_policy_service - feature when SASL support is compiled in but turned off in the - SMTP server (smtpd_sasl_auth_enable = no). - -------------------------------------------------------------------- -Wed Apr 28 10:46:55 CEST 2004 - choeger@suse.de - -- added now officially released tls patchkit 0.8.18-2.1.0-0.9.7d to - the source package for the user to be able to build a non-ipv6 - postfix package - -------------------------------------------------------------------- -Mon Apr 26 17:46:01 CEST 2004 - choeger@suse.de - -- official tls+ipv6 v1.23 patchkit released: - - Patch fixes: Several code fixes to make the patch compile and work - correctly when compiled without IPv6 support. - - Bugfix (Solaris only?): address family length was not updated - which could cause client hostname validation errors. File: - smtpd/smtpd_peer.c - - Portability: added support for Darwin 7.3+. This may need some - further testing. - - Cleanup: Restructure and redocument interface address retrieval - functions. (This reduced the number of preprocessor statements - from 99 to 93 ;) File: util/inet_addr_local.c - - Cleanup: make several explicit casts to have compilers shut their - pie holes about uninteresting things. - -------------------------------------------------------------------- -Fri Apr 23 11:22:35 CEST 2004 - choeger@suse.de - -- update to final postfix v2.1 - -------------------------------------------------------------------- -Wed Apr 21 17:35:26 CEST 2004 - choeger@suse.de - -- Bugfix: changed {main,master}.cf backup path in specfile, but not in - SuSEconfig script - -------------------------------------------------------------------- -Wed Apr 21 11:55:43 CEST 2004 - choeger@suse.de - -- update to postfix 2.1 RC5 - -------------------------------------------------------------------- -Mon Apr 19 14:23:19 CEST 2004 - choeger@suse.de - -- update to current postfix 2.1 release candidate (RC4) - -------------------------------------------------------------------- -Wed Apr 7 13:09:09 CEST 2004 - choeger@suse.de - -- Bugfix Bugzilla ID#38569, exit SuSEconfig.postfix if - mktemp fails - -------------------------------------------------------------------- -Tue Mar 30 11:13:38 CEST 2004 - choeger@suse.de - -- Bugfix Bugzilla ID#37409 - the saslauthd socket is not copied to chroot jail due to - a wrong test in SuSEconfig.postfix (used -L instead of -S) - -------------------------------------------------------------------- -Mon Mar 29 20:03:16 CEST 2004 - choeger@suse.de - -- only add ::1 to inet_interfaces when SMTPD_LISTEN_REMOTE=no - AND ipv6 is enabled - -------------------------------------------------------------------- -Mon Mar 29 11:03:56 CEST 2004 - choeger@suse.de - -- Bugfix Bug ID#37293, SuSEConfig complains POSTFIX_ADD_* parameters are - unknown (in turkish locale settings) - added LC_CTYPE=POSIX to SuSEconfig.postfix - -------------------------------------------------------------------- -Thu Mar 25 10:54:26 CET 2004 - choeger@suse.de - -- updated to tls+ipv6 version 1.22 (related to Bugzilla ID#35884) - - Feature: Support "inet_interfaces = IPv4:all" and "inet_interfaces = - IPv6:all", to restrict postfix to use either IPv4-only or IPv6-only. A more - complete implementation will be part of a future patch. (Slightly modified) - patch by Michal Ludvig, SuSE. Files: util/interfaces_to_af.[ch], - util/inet_addr_local.c, global/own_inet_addr.c, - global/wildcard_inet_addr.[ch], master/master_ent.ch - - Bugfix: In Postfix snapshots, a #define was misplaced with the effect that - IPv6 subnets were not included in auto- generated $mynetworks (i.e., - mynetworks not defined in main.cf, when also mynetworks_style=subnet) on - Linux 2.x systems. File: utils/sys_defs.h -- now adding ::1 to inet_interfaces when SMTPD_LISTEN_REMOTE=no - (related to Bugzilla ID#35884) -- enabled ipv6 again - -------------------------------------------------------------------- -Thu Mar 18 12:37:44 CET 2004 - choeger@suse.de - -- updated to most recent snapshot version 2.0.19-20040312: - Patch 19 fixes two low-priority problems: - - - When mail is submitted at a high rate with the Postfix sendmail - command, the pickup daemon is keps busy long enough that it it - terminated by the watchdog timer (a feature that prevents Postfix - from locking up permanently). - - - Malformed addresses in SMTP commands could result in table looks - with zero-length search strings, causing trouble with NIS lookups. - -------------------------------------------------------------------- -Wed Mar 17 16:51:00 CET 2004 - choeger@suse.de - -- disable IPv6 patch as it introduces problems for people - who do not use IPv6, see Bugzilla ID#35884, - "ipv6 mynetworks don't work" - -------------------------------------------------------------------- -Mon Mar 8 15:58:35 CET 2004 - choeger@suse.de - -- be a nice packager and strictly follow - http://www.porcupine.org/postfix-mirror/newdoc/PACKAGE_README.html - (added setgid_group=... to post-install upgrade-package) - -------------------------------------------------------------------- -Fri Feb 27 11:37:56 CET 2004 - choeger@suse.de - -- update to most recent version 2.0.18-20040209 - -------------------------------------------------------------------- -Mon Feb 23 15:25:20 CET 2004 - choeger@suse.de - -- Bugfix Bugzilla ID#34817, SuSEconfig.postfix doesn't specify direct path to - "postconf" and generates errors if run via sudo by a non-root user. - -------------------------------------------------------------------- -Fri Feb 6 13:15:49 CET 2004 - choeger@suse.de - -- update to postfix 2.0.18-20040205 -- enabled tls+ipv6 patch as it is now available for latest - pre 2.1 snapshot - -------------------------------------------------------------------- -Mon Feb 2 13:22:54 CET 2004 - choeger@suse.de - -- finally, the official TLS patchkit of Lutz hit the ground - -------------------------------------------------------------------- -Mon Feb 2 11:02:16 CET 2004 - choeger@suse.de - -- additional fix for the TLS extensions patch - should also fix Bugzilla ID#34218 - -------------------------------------------------------------------- -Fri Jan 23 12:15:00 CET 2004 - choeger@suse.de - -- fixed the smtp segfault - -------------------------------------------------------------------- -Thu Jan 22 21:37:51 CET 2004 - choeger@suse.de - -- updated to postfix 2.0.18-20040122 -- added new feature for specfile usetls to en/dis-able TLS - support -- temporary removed TLS support (self adapted patch to most recent - postfix snapshot version) as it currently results in smtp segfaulting - -------------------------------------------------------------------- -Thu Jan 22 13:53:44 CET 2004 - choeger@suse.de - -- update to recent postfix snapshot version 2.0.17-20040120 - which will become the next official release 2.1 around - next week according to Wietse Venema. -- added possibility to compile using the combined IPV6/TLS patch - which can be downloaded from http://www.ipnet6.org/postfix/ - just set useipv6 to 1 at the top of the specfile. - -------------------------------------------------------------------- -Thu Jan 22 01:45:58 CET 2004 - ro@suse.de - -- remove call to ldap_enable_cache - (function has been removed from openldap and was already - obsolete before (warning was issued back then)) - -------------------------------------------------------------------- -Wed Jan 14 16:38:06 CET 2004 - choeger@suse.de - -- added openslp register/derigister calls to postfix init-script - -------------------------------------------------------------------- -Mon Jan 12 15:50:35 CET 2004 - choeger@suse.de - -- add postfix user to group mail in case of POSTFIX_MDA==cyrus - to let postfix lmtp access /var/lib/imap/socket/lmtp - -------------------------------------------------------------------- -Thu Jan 8 16:00:30 CET 2004 - choeger@suse.de - -- Bugfix Bugzilla ID#33421, SMTP-Auth and relaying - added permit_sasl_authenticated also to smtpd_recipient_restrictions - in SuSEconfig.postfix - -------------------------------------------------------------------- -Mon Dec 1 14:51:06 CET 2003 - choeger@suse.de - -- always create temp files and always remove them later on - -------------------------------------------------------------------- -Mon Nov 17 12:51:09 CET 2003 - choeger@suse.de - -- some .spec improvements - -------------------------------------------------------------------- -Thu Oct 30 12:13:51 CET 2003 - mmj@suse.de - -- Run SuSEconfig after install - -------------------------------------------------------------------- -Wed Oct 29 20:23:44 CET 2003 - mmj@suse.de - -- Don't build as root -- Be nice and clean up after ourselves - -------------------------------------------------------------------- -Tue Oct 14 15:47:52 CEST 2003 - choeger@suse.de - -- update to postfix v2.0.16 -- update to tls extensions v0.8.16 -- Fix for Bugzilla ID#32114, fixed some if condition syntaxes - -------------------------------------------------------------------- -Tue Sep 16 10:29:25 CEST 2003 - choeger@suse.de - -- fixed example for POSTFIX_RELAYHOST, Bug ID#30756 - -------------------------------------------------------------------- -Mon Sep 8 09:49:49 CEST 2003 - choeger@suse.de - -- updated some sysconfig descriptions -- removed relays.osirosoft.com from the examples, Bug ID#30215 - -------------------------------------------------------------------- -Thu Sep 4 15:40:25 CEST 2003 - kukuk@suse.de - -- Fix next useradd call - -------------------------------------------------------------------- -Wed Sep 3 11:31:54 CEST 2003 - choeger@suse.de - -- conf/postfix-files as input for /etc/permissions.d/postfix (Bug ID#29915) -- generate better amavisd-new master.cf line: - limit maxproc to 2 and use brackets around localhost - (Bug ID#29917) - -------------------------------------------------------------------- -Mon Sep 1 13:08:33 CEST 2003 - choeger@suse.de - -- use conf/postfix-files as input for directories and permissions - for files/directories in/below $queue_directory and $command_directory -- use /var/lib/imap/socket/lmtp as lmtp socket in SuSEconfig.postfix - and change access modes of /var/lib/imap and /var/lib/imap/socket - to let postfix lmtp access the unix socket - -------------------------------------------------------------------- -Fri Aug 29 11:43:53 CEST 2003 - kukuk@suse.de - -- Create postfix user as system account [Bug #29611] - -------------------------------------------------------------------- -Fri Aug 29 08:48:52 CEST 2003 - kukuk@suse.de - -- Adjust sendmail permissions -- Create /var/spool/postfix/public with permissions postfix is - using - -------------------------------------------------------------------- -Fri Aug 29 00:27:03 CEST 2003 - mmj@suse.de - -- Add sendmail to /etc/sysconfig/mail - -------------------------------------------------------------------- -Thu Aug 14 18:41:19 CEST 2003 - choeger@suse.de - -- update to Postfix 2.0 Patch 14 -- Bugfix Bugzilla ID#28921: - missing activation metadata in sysconfig template - -------------------------------------------------------------------- -Wed Jul 30 11:48:21 CEST 2003 - choeger@suse.de - -- new macros for stop/restart of services on rpm update/removal - -------------------------------------------------------------------- -Mon Jul 21 13:33:53 CEST 2003 - choeger@suse.de - -- chown user:group instead of user.group - -------------------------------------------------------------------- -Fri Jul 11 11:23:05 CEST 2003 - choeger@suse.de - -- update to tls extensions 0.8.15-2.0.13-0.9.7b - -------------------------------------------------------------------- -Tue Jul 1 15:44:05 CEST 2003 - choeger@suse.de - -- updated SuSEconfig to use amavisd-new instead of amavis[d]-postfix - -------------------------------------------------------------------- -Mon Jun 30 17:43:20 CEST 2003 - choeger@suse.de - -- update to Postfix 2.0 Patch 13 -- After "postfix reload", the master daemon now warns when the - inet_interfaces parameter setting has changed, and ignores the - change, instead of passing incorrect information to the smtp - server. -- After the postdrop command change with Postfix 2.0.11, the postcat - command no longer recognized "maildrop" queue files as valid. -- Mail could bounce when two messages were delivered simultaneously - to a non-existent mailbox file. The safe_open() code that prevents - race condition exploits will now try a little harder when it - actually encounters a race condition. -- update to tls extensions 0.8.14-2.0.12-0.9.7b - -------------------------------------------------------------------- -Thu Jun 12 13:27:48 CEST 2003 - choeger@suse.de - -- also change path to smtpd.conf in sysconfig template parameter - description dependent on what %{_lib} is set to. - -------------------------------------------------------------------- -Thu Jun 12 09:51:33 CEST 2003 - choeger@suse.de - -- update to postfix 2.0, patchlevel 12 - -------------------------------------------------------------------- -Wed Jun 11 17:55:21 CEST 2003 - choeger@suse.de - -- mkdir -p $RPM_BUILD_ROOT/%{_libdir}/sasl2 instead of - $RPM_BUILD_ROOT/usr/lib/sasl2 - and we also can build on 64bit archs - -------------------------------------------------------------------- -Wed Jun 11 14:25:29 CEST 2003 - choeger@suse.de - -- package /usr/lib/sasl2/smtpd.conf using %{_libdir}/sasl2/smtpd.conf -- added /etc/postfix to filelist - -------------------------------------------------------------------- -Wed Jun 11 09:11:11 CEST 2003 - choeger@suse.de - -- update to postfix 2.0, patchlevel 11 -- update to tls extensions 0.8.13-2.0.10-0.9.7b - -------------------------------------------------------------------- -Fri May 23 14:33:01 CEST 2003 - choeger@suse.de - -- updated SuSE/master.cf toplevel comments - -------------------------------------------------------------------- -Fri May 23 14:19:43 CEST 2003 - choeger@suse.de - -- update to postfix 2.0, patchlevel 10 - -------------------------------------------------------------------- -Mon May 19 12:42:36 CEST 2003 - choeger@suse.de - -- remove installed (but unpackaged) file /etc/postfix/aliases - -------------------------------------------------------------------- -Mon May 19 10:12:52 CEST 2003 - choeger@suse.de - -- path to ca, certificate and key is relative to $POSTFIX_SSL_PATH, - added $POSTFIX_SSL_PATH/ to the relevant parts of SuSEconfig.postfix - -------------------------------------------------------------------- -Wed May 14 11:29:48 CEST 2003 - choeger@suse.de - -- correctly handle new POSTFIX_SMTP_TLS_CLIENT parameter in - SuSEconfig.postfix (activate/deactivate master.cf entries) - -------------------------------------------------------------------- -Wed May 14 11:05:36 CEST 2003 - choeger@suse.de - -- added libxcrypt to chroot jail, Bugzilla ID#25766 - -------------------------------------------------------------------- -Tue May 13 20:40:00 CEST 2003 - choeger@suse.de - -- added TLS_CLIENT support, Bugzilla ID#26647 - -------------------------------------------------------------------- -Wed Apr 23 13:43:02 CEST 2003 - choeger@suse.de - -- update to postfix 2.0, patchlevel 9 - -------------------------------------------------------------------- -Tue Apr 15 10:27:13 CEST 2003 - ro@suse.de - -- fixed neededforbuild - -------------------------------------------------------------------- -Mon Apr 7 12:58:01 CEST 2003 - choeger@suse.de - -- update to postfix 2.0, patchlevel 7 -- update to tls extensions 0.8.13-2.0.6-0.9.7a -- Bugfix Bugzilla ID#25905, do not restrict mailbox size per default - -------------------------------------------------------------------- -Sat Mar 8 15:56:26 CET 2003 - choeger@suse.de - -- use checkproc to check if there really is a postfix master - process running when there's a pid file lying around. - (Bugzilla ID#24910) - -------------------------------------------------------------------- -Thu Mar 6 11:02:12 CET 2003 - choeger@suse.de - -- update to Postfix 2.0 Patch 06 -- Postfix now truncates non-address information in message address - headers (comments, etc.) to 250 characters per address. This should - rarely present a problem. Reportedly, junk mail from poorly written - software can trigger the protection, but that is no great loss. -- Some little fixes to documentation. - -------------------------------------------------------------------- -Tue Mar 4 10:29:31 CET 2003 - choeger@suse.de - -- update to Postfix 2.0 Patch 05 -- The SMTP server's hard and soft error limits were off by one. - With "smtpd_hard_error_limit = 1", Postfix will now disconnect - after the first error, instead of the second one. -- The proxymap server could deadlock when the mydestination parameter - setting included a proxymapped lookup table. -- Some little fixes to documentation. - -------------------------------------------------------------------- -Sat Mar 1 16:41:10 CET 2003 - choeger@suse.de - -- when updating postfix, check whether post-install changed - main/master.cf and update md5sums to not confuse SuSEconfig -- when installing postfix on a fresh system, create md5sums - in %post to be able to let check_md5_and_move() detect - changes that a user might have done without running SuSEconfig - before. - -------------------------------------------------------------------- -Thu Feb 27 19:01:32 CET 2003 - choeger@suse.de - -- no longer remove md5sums of main.cf and master.cf during - postinstall, as SuSEconfig then no longer knows, whether - main.cf/master.cf had been modified by the user. - Disadvantage: as postfix permanently needs basic changes - to both main and master.cf, SuSEconfig.postfix will frequently - generate .SuSEconfig files although the user did not change anything - Bugzilla ID#24432 - -------------------------------------------------------------------- -Fri Feb 21 10:04:48 CET 2003 - choeger@suse.de - -- update to Postfix 2.0 Patch 04 - - The format of maildir filenames is synchronized with the present - version of the maildir definition document. This format was already - adopted by the 20030126 snapshot release. - - The time limit on delivery to external commands was not enforced. - This was broken probably some time before the first public Postfix - release. - - Duplicate elimination after virtual alias expansion works again. - This was broken with the introduction of the original recipient - attribute. - - The local pickup daemon dropped incomplete records from local - submissions. This was broken somewhere in the middle of 2002. - -------------------------------------------------------------------- -Sat Feb 15 14:59:54 CET 2003 - choeger@suse.de - -- Bugfix Bugzilla ID#23675: new service proxymap will not be - appended during update - -------------------------------------------------------------------- -Mon Feb 10 16:25:39 CET 2003 - choeger@suse.de - -- also check whether amavisd-postfix is installed and set up - filter section in master.cf - -------------------------------------------------------------------- -Thu Jan 30 11:43:03 CET 2003 - choeger@suse.de - -- update to Postfix 2.0 Patch 03 - - Postfix 2.0 broke relocated table lookup results with mail not - rejected at the SMTP port, causing "User has moved to" text to be - deleted. - - A widely used maildir filename generating algorithm was broken. - This affects all Postfix versions with maildir support. Instead of - TIME.PID_COUNT.HOST Postfix now uses TIME.DEVICE_INODE.HOST. - - Postfix 2.0 gave incorrect FILTER_README instructions for sites - that wish to disable virtual alias mapping before the content - filter. -- postfix-lib64.patch code now integrated in postfix - -------------------------------------------------------------------- -Fri Jan 24 11:52:17 CET 2003 - choeger@suse.de - -- changed SuSEconfig.postfix and smtpd.conf to use sasl2 - -------------------------------------------------------------------- -Thu Jan 23 13:07:17 CET 2003 - choeger@suse.de - -- forgot to add tlsmgr to master.cf - -------------------------------------------------------------------- -Thu Jan 23 11:43:24 CET 2003 - choeger@suse.de - -- Hmmm, just noticed, that suddenly 2.0.0.x became 2.0.x - must have missed something... -- updated SuSE/master.cf (new proxymap service) - -------------------------------------------------------------------- -Thu Jan 16 10:21:27 CET 2003 - choeger@suse.de - -- added POSTFIX_ADD_MESSAGE_SIZE_LIMIT as example to sysconfig.postfix - (Bugzilla ID#22907) - -------------------------------------------------------------------- -Tue Jan 14 12:51:56 CET 2003 - choeger@suse.de - -- build using sasl2 - -------------------------------------------------------------------- -Fri Jan 10 13:24:43 CET 2003 - choeger@suse.de - -- update to postfix v2 (version 2.0.0.2) - -------------------------------------------------------------------- -Wed Dec 11 11:44:51 CET 2002 - choeger@suse.de - -- added sysconfig metadata to sysconfig templates -- updated to new tls extensions - -------------------------------------------------------------------- -Fri Nov 29 13:16:42 CET 2002 - choeger@suse.de - -- Bugfix Bugzilla ID#21865: don't copy directories into - directories when updating chroot jail in cpifnewer() -- Update to version 1.11, pl12 - -------------------------------------------------------------------- -Tue Nov 19 14:29:36 CET 2002 - choeger@suse.de - -- new SuSEconfig.postfix features: - . SMTP-AUTH server - . SMTP-AUTH client - . TLS Server - -------------------------------------------------------------------- -Tue Nov 5 15:08:43 CET 2002 - choeger@suse.de - -- quote args of tr command - -------------------------------------------------------------------- -Mon Nov 4 13:52:51 CET 2002 - choeger@suse.de - -- new feature: POSTFIX_ADD_* command in sysconfig/postfix to - be able to add any regular postfix command via SuSEconfig -- Bugfix Bugzilla ID#21120 added POSTFIX_ADD_MAILBOX_SIZE_LIMIT - as example with value 0 (unlimited) -- added a header to main.cf explaining that many postfix - parameters have been added to the end of main.cf - -------------------------------------------------------------------- -Tue Oct 15 11:27:46 CEST 2002 - choeger@suse.de - -- Bugfix for Bugzilla ID#20754 - missed some parameters when restoring main.cf or master.cf - from scratch - -------------------------------------------------------------------- -Wed Oct 9 20:34:03 CEST 2002 - choeger@suse.de - -- NULLCLIENT did not work because SuSEconfig searches for the wrong - keyword - -------------------------------------------------------------------- -Mon Oct 7 17:47:56 CEST 2002 - choeger@suse.de - -- Bugfix related to Bugzilla IDs 20506, 18298, 19294: - masquerade_classes should not be extended by envelope_recipient - -------------------------------------------------------------------- -Fri Sep 6 17:04:57 CEST 2002 - choeger@suse.de - -- added ypbind to X-UnitedLinux-Should-Start in init-script - -------------------------------------------------------------------- -Wed Aug 28 11:37:38 CEST 2002 - choeger@suse.de - -- added restoration mechanism to restore master.cf and/or main.cf - if they got deleted by (intention or) accident to SuSEconfig.postfix -- added ldap to X-UnitedLinux-Should-Start - -------------------------------------------------------------------- -Mon Aug 26 11:11:26 CEST 2002 - choeger@suse.de - -- Bugfix Bugzilla ID#18298: when setting FROM_HEADER, also unqualified - envelope recipients should be qualified to FROM_HEADER, not to - myorigin, added envelope_recipient to masquerade_classes -- Bugfix Bugzilla ID#18297: %post touches main.cf and master.cf so it - may happen, that an update leaves .SuSEconfig files. - Remove /var/adm/SuSEconfig/md5/etc/postfix/main.cf and master.cf - in %post -- Bugfix Bugzilla ID#18301: sendmail and postfix have different - opinions on the usage of NULLCLIENT. Moved NULLCLIENT to - sysconfig.postfix.POSTFIX_NULLCLIENT -- added exim to Conflicts - -------------------------------------------------------------------- -Thu Aug 22 09:47:51 CEST 2002 - choeger@suse.de - -- wait for qmgr in the background for a maximum of 60 seconds - -------------------------------------------------------------------- -Wed Aug 21 17:07:39 CEST 2002 - choeger@suse.de - -- Bugfix for init-script: - wait for qmgr to be ready before calling postfix flush - -------------------------------------------------------------------- -Wed Aug 14 15:59:04 CEST 2002 - choeger@suse.de - -- added accidently removed line in master.cf for amavis, - Bugzilla ID#17732 - -------------------------------------------------------------------- -Tue Aug 13 10:08:47 CEST 2002 - choeger@suse.de - -- exclude .rpmsave and .rpmorig from /etc/aliases.d expansion - -------------------------------------------------------------------- -Wed Aug 7 11:55:55 CEST 2002 - choeger@suse.de - -- added netcfg to Prereq (/etc/aliases) - -------------------------------------------------------------------- -Tue Aug 6 11:28:56 CEST 2002 - choeger@suse.de - -- added pcre openldap2-client to prereq (Bugzilla ID#17447) - -------------------------------------------------------------------- -Mon Aug 5 16:38:49 CEST 2002 - choeger@suse.de - -- completed Prereq - -------------------------------------------------------------------- -Fri Jul 19 16:49:57 CEST 2002 - choeger@suse.de - -- Bugfix for the handling of POSTFIX_MASQUERADE_DOMAIN - and FROM_HEADER -- removed main.cf from SuSE.tar.gz -- added X-UnitedLinux-Should-Start: cyrus to init-script - -------------------------------------------------------------------- -Thu Jul 18 13:57:44 CEST 2002 - choeger@suse.de - -- set local as default MDA again - reason: postfix does not execute any external programs like procmail - with uid 0, so root mails will go to /var/mail/nobody, which - will confuse people -- remove setting of SUSE_RELEASE version in the (E)SMTP banner - -------------------------------------------------------------------- -Fri Jul 12 11:08:03 CEST 2002 - choeger@suse.de - -- removed /etc/aliases from filelist, it's now in netcfg - -------------------------------------------------------------------- -Thu Jul 11 14:16:25 CEST 2002 - choeger@suse.de - -- removed 'q' flag from vscan transport definition, because - current amavis versions have a rfc2821_mailbox_addr function -- remove old aliases.db files in %post -- do not use unset in %post - -------------------------------------------------------------------- -Mon Jul 8 15:14:00 CEST 2002 - choeger@suse.de - -- make procmail the default MDA - -------------------------------------------------------------------- -Fri Jul 5 17:11:03 CEST 2002 - choeger@suse.de - -- use %{_lib} macro to detect platforms with lib64 - directories - -------------------------------------------------------------------- -Fri Jul 5 16:34:38 CEST 2002 - choeger@suse.de - -- make chroot jail function lib64 aware - -------------------------------------------------------------------- -Thu Jul 4 13:53:40 CEST 2002 - uli@suse.de - -- fixed libnsl detection on lib64 systems - -------------------------------------------------------------------- -Thu Jul 4 10:34:26 CEST 2002 - choeger@suse.de - -- ldap_url_search_st is no longer available in OpenLDAP v2.1 - added a patch, that uses ldap_url_parse -- added new feature POSTFIX_MDA, Bugzilla ID#16720 - -------------------------------------------------------------------- -Fri Jun 7 13:34:09 CEST 2002 - choeger@suse.de - -- changed POSTFIX_BASIC_SPAM_PREVENTION. It can now be set to - either off(default), medium or hard -- cleaned up SuSEconfig.postfix -- prepared for /etc/aliases.d - -------------------------------------------------------------------- -Wed Jun 5 18:09:16 CEST 2002 - choeger@suse.de - -- new FEATURES: POSTFIX_RBL_HOSTS, POSTFIX_BASIC_SPAM_PREVENTION, - Bugzilla ID#16383 -- moved sample-*.cf files to %{_docdir}/postfix/samples - -------------------------------------------------------------------- -Wed Jun 5 11:14:29 CEST 2002 - choeger@suse.de - -- update to patchlevel 11, version 1.1.11 -- new FEATURE: POSTFIX_UPDATE_MAPS - -------------------------------------------------------------------- -Fri May 24 13:39:05 CEST 2002 - choeger@suse.de - -- update to patchlevel 10, version 1.1.10 -- create required users and groups in %pre install - -------------------------------------------------------------------- -Thu Apr 25 16:55:58 CEST 2002 - choeger@suse.de - -- removed provides of my own packagename... - -------------------------------------------------------------------- -Fri Apr 19 13:25:32 CEST 2002 - choeger@suse.de - -- Bugfix for README.SuSE: POSTFIX_CREATECF is now - MAIL_CREATE_CONFIG - -------------------------------------------------------------------- -Thu Apr 4 11:36:52 CEST 2002 - choeger@suse.de - -- update to patchlevel 7, version 1.1.7 -- introduced new feature POSTFIX_LAPTOP - -------------------------------------------------------------------- -Tue Mar 26 15:21:18 CET 2002 - choeger@suse.de - -- update to patchlevel 5, version 1.1.5 - -------------------------------------------------------------------- -Tue Mar 12 15:28:24 CET 2002 - choeger@suse.de - -- Bugfix: don't check whether POSTFIX_MASQUERADE_DOMAIN is empty - or not, because else we won't be able to clear it. - -------------------------------------------------------------------- -Thu Feb 28 10:21:36 CET 2002 - choeger@suse.de - -- added flags=q to amavis transport definition (link@suse.de): - [...] - If your postfix is older than snapshot 20010610, leave out the - "flags=q" part. However, amavis will not function properly with - envelope adresses that contain whitespace in the local-part. - This is quite rare, but has been observed a few times. - [...] - -------------------------------------------------------------------- -Mon Feb 25 13:58:05 CET 2002 - choeger@suse.de - -- update to version 1.1.4 (1.1, patchlevel 4) - Bugfix (excerpt from HISTORY): - .................................................................. - off-by-one error, causing a null byte to be - written outside dynamically allocated memory in - the queue manager with addresses of exactly 100 - bytes long, resulting in SIGSEGV on systems with - an "exact fit" malloc routine. - .................................................................. -- added new option SMTPD_LISTEN_REMOTE to /etc/sysconfig/mail - which has been introduced by the SuSE dist-team (excerpt): - .................................................................. - sendmail does have an option to listen only on the local port, - this should be the default. - A flag "SMTPD_LISTEN_REMOTE" in /etc/sysconfig/mail will be used - to decide if port 25 should be opened externally. - The sendmail package will send a mail to root explaining this - fact. sendmail updates will copy the value of START_SMTPD to this - new flag. - .................................................................. - As this is a totally different behaviour compared to old releases, - SMTPD_LISTEN_REMOTE will be set to "yes", if POSTFIX_CREATECF - (now MAIL_CREATE_CONFIG) had been set to "yes" before the update. - -------------------------------------------------------------------- -Thu Feb 21 12:39:55 CET 2002 - choeger@suse.de - -- fillup workaround - -------------------------------------------------------------------- -Thu Feb 21 11:23:52 CET 2002 - choeger@suse.de - -- hostname handling is still annoying - added some piece of code to SuSEconfig.postfix to - get a valid hostname - -------------------------------------------------------------------- -Mon Feb 18 16:03:40 CET 2002 - choeger@suse.de - -- %postinst cleanup: - . use rename_sysconfig_variable macro - . use remove_and_set macro - instead of directly calling fillup - -------------------------------------------------------------------- -Wed Feb 13 17:27:37 CET 2002 - choeger@suse.de - -- FQHOSTNAME has been removed from /etc/sysconfig/network/config - and is now set in /etc/HOSTNAME, which wasn't FQ in the past. - *Please, don't change it again* -- if POSTFIX_LOCALDOMAINS is set, do not append - "$myhostname, localhost.$mydomain" anymore - -------------------------------------------------------------------- -Tue Feb 12 16:31:14 CET 2002 - choeger@suse.de - -- Also take care of the localhost:10025 mailer definition when - setting up chroot options - -------------------------------------------------------------------- -Mon Feb 11 09:27:47 CET 2002 - choeger@suse.de - -- Do not set myorigin to FROM_HEADER - -------------------------------------------------------------------- -Thu Feb 7 10:10:55 CET 2002 - choeger@suse.de - -- Bugfix(SuSEconfig.postfix): typo in path to /etc/sysconfig/amavis - -------------------------------------------------------------------- -Mon Feb 4 11:25:51 CET 2002 - choeger@suse.de - -- SuSEconfig.postfix enhancement: get hostname from hostname -f - Bugfix: get FQHOSTNAME from /etc/sysconfig/network/config -- added -y to fillup_and_insserv to create startlinks - after installation -- changed company name to SuSE Linux AG in copyright headers - -------------------------------------------------------------------- -Mon Feb 4 09:44:45 CET 2002 - choeger@suse.de - -- update to postfix 1.1.3 and tls extensions 0.8.3 - minor bugfixes - http://groups.yahoo.com/group/postfix-users/message/52953 - -------------------------------------------------------------------- -Fri Feb 1 20:37:27 CET 2002 - choeger@suse.de - -- Bugfix: Forgot to assign a name to TMPDIR in SuSEconfig.postfix - -------------------------------------------------------------------- -Fri Feb 1 11:43:17 CET 2002 - choeger@suse.de - -- added resolve_local_panic.patch - http://groups.yahoo.com/group/postfix-users/message/52746 - -------------------------------------------------------------------- -Wed Jan 30 15:44:10 CET 2002 - choeger@suse.de - -- update of tls extensions to 0.8.2 - -------------------------------------------------------------------- -Mon Jan 28 15:00:07 CET 2002 - choeger@suse.de - -- update to version 1.1.2 -- sysconfig.mail changes - -------------------------------------------------------------------- -Tue Jan 22 12:08:43 CET 2002 - choeger@suse.de - -- renamed cleanup.fillup to sysconfig.postfix.cleanup -- added postqueue patch, see - http://groups.yahoo.com/group/postfix-users/message/51611 - for more details - -------------------------------------------------------------------- -Mon Jan 21 14:56:39 CET 2002 - choeger@suse.de - -- update to official release version 1.1.0 -- moved some stuff to /etc/sysconfig/mail -- cleaned up /etc/rc.config access -- added some safety checks to SuSEconfig.postfix - -------------------------------------------------------------------- -Wed Jan 16 16:58:53 CET 2002 - choeger@suse.de - -- update to version 20020115 (release candidate for Postfix - official release version 1.1) - -------------------------------------------------------------------- -Tue Jan 15 16:20:13 CET 2002 - choeger@suse.de - -- some improvements to SuSEconfig.postfix - -------------------------------------------------------------------- -Fri Jan 11 17:52:25 CET 2002 - choeger@suse.de - -- updated to version 20020107 -- added postinstall section to update from previous versions - of postfix - -------------------------------------------------------------------- -Tue Jan 8 20:11:07 CET 2002 - egmont@suselinux.hu - -- Changed /sbin/init.d to /etc/init.d in init script comment - -------------------------------------------------------------------- -Mon Jan 7 15:01:16 CET 2002 - choeger@suse.de - -- added sender_canonical_maps to SuSEconfig.postfix to let - the new YaST2 module setup this map similar to sendmails - genericstable - -------------------------------------------------------------------- -Thu Jan 3 13:51:45 CET 2002 - kukuk@suse.de - -- SuSEconfig.postfix shell script is no config file [Bug #12712] - -------------------------------------------------------------------- -Wed Dec 19 15:26:20 CET 2001 - choeger@suse.de - -- Made initscript more LSB compliant (status codes) -- Bugfix for Bugzilla ID#12672 (improve explanation - of POSTFIX_LOCALDOMAINS) -- robustness enhancement for SuSEconfig.postfix - -------------------------------------------------------------------- -Fri Dec 14 15:42:31 CET 2001 - choeger@suse.de - -- typo in specfile (master.cf installed as main.cf) - -------------------------------------------------------------------- -Thu Dec 13 11:25:44 CET 2001 - choeger@suse.de - -- update to version 20011210 -- some changes to SuSEconfig.postfix: - . added POSTFIX_UPDATE_CHROOT_JAIL variable, see README.SuSE - . some cleanups for chroot jail - . little bugfixes - -------------------------------------------------------------------- -Thu Dec 13 01:16:57 CET 2001 - ro@suse.de - -- moved rc.config.d -> sysconfig - -------------------------------------------------------------------- -Wed Nov 28 18:36:10 CET 2001 - choeger@suse.de - -- update to version 20011127 -- some changes to SuSEconfig.postfix: - . added more robustness (Jehova) - . do not chown -R postfix to /var/spool/postfix - . query for package cyrus-sasl instead of sasl - -------------------------------------------------------------------- -Tue Nov 20 16:13:00 CET 2001 - choeger@suse.de - -- update to version 20011115 - Bugfix for a memory exhaustion bug in smtpd - see http://groups.yahoo.com/group/postfix-users/message/46597 -- remove START_ variable - -------------------------------------------------------------------- -Fri Nov 9 14:54:24 CET 2001 - choeger@suse.de - -- some changes to specfile (thanks to Simon J Mudd from whom - I copied some code) - -------------------------------------------------------------------- -Tue Nov 6 15:19:18 CET 2001 - choeger@suse.de - -- fix some SuSEconfig.postfix bugs: - . master.cf chroot column can also contain '-' - . don't do anything if POSTFIX_CREATECF != yes - -------------------------------------------------------------------- -Fri Oct 26 13:11:17 CEST 2001 - choeger@suse.de - -- update to most recent snapshot version 20011008 - -------------------------------------------------------------------- -Thu Oct 25 14:36:47 CEST 2001 - choeger@suse.de - -- update to pl05 - -------------------------------------------------------------------- -Fri Oct 19 12:53:44 CEST 2001 - choeger@suse.de - -- Bugfix, Bugzilla ID#11914 - -------------------------------------------------------------------- -Wed Sep 26 09:33:34 CEST 2001 - choeger@suse.de - -- ALWAYS create master.cf, even is POSTFIX_CREATECF is set - to no, because else chroot mode may not work, Bugzilla ID#11359 - -------------------------------------------------------------------- -Thu Sep 13 14:34:06 CEST 2001 - choeger@suse.de - -- removed an obsolete echo in start section of init-script - -------------------------------------------------------------------- -Thu Sep 6 13:48:29 CEST 2001 - choeger@suse.de - -- Bugfix in init-script: redirect output of postfix start - to dev/null and do not use startproc to start postfix - -------------------------------------------------------------------- -Tue Sep 4 18:09:43 CEST 2001 - choeger@suse.de - -- update to tls-extensions v0.7.9 - see http://groups.yahoo.com/group/postfix-users/message/41094 - for details - -------------------------------------------------------------------- -Fri Aug 31 13:54:02 CEST 2001 - choeger@suse.de - -- update of tls-extensions to 0.7.8 -- update of postfix to pl04 -- Bugfix: - check if postfix spool is set up before starting postfix - - start postfix with postfix start, because postfix-script - wouldn't be executed, else. - -------------------------------------------------------------------- -Tue Jul 10 14:34:17 CEST 2001 - choeger@suse.de - -- update of tls-extensions to 0.7.3 - -------------------------------------------------------------------- -Thu Jun 28 13:06:47 CEST 2001 - choeger@suse.de - -- bugfix: remove libs from chroot jail, that are no longer - valid, Bugzilla ID#9133 -- bugfix: init script was not LSB compliant, Bugzilla ID#9063 - -------------------------------------------------------------------- -Fri Jun 15 09:44:49 CEST 2001 - choeger@suse.de - -- added cyrus to require start in init-script -- "bugfix": bootstrap problem cyrus-imapd <-> postfix: - cyrus-imapd must run before postfix, but fails to create - lmtp socket, because /var/spool/postfix/public directory - isn't present. FIX: add it to filelist - -------------------------------------------------------------------- -Wed Jun 13 15:08:33 CEST 2001 - choeger@suse.de - -- install postrop with special SGID modes - -------------------------------------------------------------------- -Tue Jun 12 13:29:36 CEST 2001 - choeger@suse.de - -- improved SuSEconfig.postfix - - better main.cf handling - - new feature: chroot or not chroot - -------------------------------------------------------------------- -Mon May 28 09:36:49 CEST 2001 - choeger@suse.de - -- major bugfix: memory leak in the LDAP client module -- minor bugfixes - -------------------------------------------------------------------- -Wed May 9 20:15:27 CEST 2001 - mfabian@suse.de - -- bzip2 sources - -------------------------------------------------------------------- -Wed May 2 09:44:29 CEST 2001 - choeger@suse.de - -- updated to pl02, bugfixrelease - -------------------------------------------------------------------- -Mon Apr 30 11:41:35 CEST 2001 - choeger@suse.de - -- Bugfix for SuSEconfig.postfix: - Handling of TIMEZONE variable if set to unappropriate or no - value -- Improvement: Warnings are printed out in bold - -------------------------------------------------------------------- -Tue Apr 17 16:28:41 CEST 2001 - kukuk@suse.de - -- Don't use a RPM macro for version number - -------------------------------------------------------------------- -Fri Mar 30 10:08:15 CEST 2001 - choeger@suse.de - -- update to pl01, bugfixrelease - -------------------------------------------------------------------- -Tue Mar 27 13:16:45 CEST 2001 - choeger@suse.de - -- added libcrack to chroot jail, because - it is needed by pam_pwcheck - -------------------------------------------------------------------- -Thu Mar 15 01:08:35 CET 2001 - ro@suse.de - -- fixed neededforbuild for openldap - -------------------------------------------------------------------- -Mon Mar 5 11:49:48 CET 2001 - choeger@suse.de - -- first non-beta of the next postfix generation -- v20010228 - -------------------------------------------------------------------- -Tue Feb 27 11:22:24 CET 2001 - ro@suse.de - -- added cyrus-sasl-devel to neededforbuild - -------------------------------------------------------------------- -Tue Feb 27 09:51:56 CET 2001 - choeger@suse.de - -- new version, 20010225 -- removed notification message - -------------------------------------------------------------------- -Tue Feb 20 14:16:30 CET 2001 - choeger@suse.de - -- bugfix: wrong permissions for maildrop directory - -------------------------------------------------------------------- -Wed Jan 31 10:53:04 CET 2001 - choeger@suse.de - -- update to version 20010128 -- now linked against ldaplib2 - -------------------------------------------------------------------- -Fri Jan 5 14:25:11 CET 2001 - choeger@suse.de - -- bugfix: maildrop must be owned by postfix.root - -------------------------------------------------------------------- -Mon Dec 18 14:47:53 CET 2000 - choeger@suse.de - -- update to version 20001212 -- bugfix: insserv -- bugfix: missed openssl in neededforbuilt -- renamed to postfix, because a non-crypto version - is no longer needed - -------------------------------------------------------------------- -Wed Dec 13 15:52:43 CET 2000 - choeger@suse.de - -- Bugfix: postfix-script was not executable - -------------------------------------------------------------------- -Tue Dec 12 15:13:40 CET 2000 - choeger@suse.de - -- Bugfixes: - Provides in initscript - Use /bin/bash in SuSEconfig.postfix -- Update to version 20001210 - -------------------------------------------------------------------- -Thu Nov 30 08:35:09 CET 2000 - ro@suse.de - -- startscript sbin -> etc - -------------------------------------------------------------------- -Thu Nov 23 09:55:37 CET 2000 - choeger@suse.de - -- new version -- fix for neededforbuild -- fix for master.cf - -------------------------------------------------------------------- -Wed Nov 22 13:06:54 CET 2000 - choeger@suse.de - -- adopted to new init scheme - -------------------------------------------------------------------- -Wed Nov 15 16:13:12 CET 2000 - choeger@suse.de - -- fixed neededforbuild - -------------------------------------------------------------------- -Tue Nov 14 15:19:40 CET 2000 - choeger@suse.de - -- update to version 20001030 - -------------------------------------------------------------------- -Thu Nov 9 17:14:48 CET 2000 - choeger@suse.de - -- long packagename -- added rpm buildroot - -------------------------------------------------------------------- -Wed Nov 8 15:59:41 CET 2000 - uli@suse.de - -- fixed neededforbuild - -------------------------------------------------------------------- -Fri Nov 3 18:12:57 CET 2000 - bk@suse.de - -- src/util/dict_ldap.c:dict_ldap_lookup(): fix missing **-termination. - -------------------------------------------------------------------- -Tue Oct 24 17:28:06 CEST 2000 - fober@suse.de - -- s390,ppc: added -fsigned-char compiler option, to fix obscure segfaults. - (code is not signed/unsigned-char-clean) - -------------------------------------------------------------------- -Thu Oct 12 18:24:54 CEST 2000 - choeger@suse.de - -- yet another SuSEconfig.postfix bug (incorrect link) - -------------------------------------------------------------------- -Wed Oct 11 16:47:35 CEST 2000 - choeger@suse.de - -- bugfix for SuSEconfig.postfix - -------------------------------------------------------------------- -Mon Oct 9 13:54:13 CEST 2000 - choeger@suse.de - -- bugfix: missed to install new flush service - -------------------------------------------------------------------- -Mon Oct 9 11:48:39 CEST 2000 - choeger@suse.de - -- inititial revision of pfixtls - diff --git a/postfix-bdb.spec b/postfix-bdb.spec deleted file mode 100644 index a8502b0..0000000 --- a/postfix-bdb.spec +++ /dev/null @@ -1,547 +0,0 @@ -# -# spec file for package postfix-bdb -# -# Copyright (c) 2020 SUSE LLC -# -# All modifications and additions to the file contributed by third parties -# remain the property of their copyright owners, unless otherwise agreed -# upon. The license for this file, and modifications and additions to the -# file, is the same license as for the pristine package itself (unless the -# license for the pristine package is not an Open Source License, in which -# case the license is the MIT License). An "Open Source License" is a -# license that conforms to the Open Source Definition (Version 1.9) -# published by the Open Source Initiative. - -# Please submit bugfixes or comments via https://bugs.opensuse.org/ -# - - -%define pf_docdir %{_docdir}/postfix-doc -%define pf_config_directory %{_sysconfdir}/postfix -%define pf_daemon_directory %{_prefix}/lib/postfix/bin/ -%define _libexecdir %{_prefix}/lib -%define pf_shlib_directory %{_prefix}/lib/postfix -%define pf_command_directory %{_sbindir} -%define pf_queue_directory var/spool/postfix -%define pf_sendmail_path %{_sbindir}/sendmail -%define pf_newaliases_path %{_bindir}/newaliases -%define pf_mailq_path %{_bindir}/mailq -%define pf_setgid_group maildrop -%define pf_readme_directory %{_docdir}/postfix-doc/README_FILES -%define pf_html_directory %{_docdir}/postfix-doc/html -%define pf_sample_directory %{_docdir}/postfix-doc/samples -%define pf_data_directory %{_localstatedir}/lib/postfix -%if 0%{?suse_version} < 1330 -%define pf_uid 51 -%define pf_gid 51 -%define maildrop_gid 59 -%define vmusr vmail -%define vmgid 303 -%define vmid 303 -%define vmdir /srv/maildirs -%endif -%define mail_group mail -%define conf_backup_dir %{_localstatedir}/adm/backup/postfix -%define unitdir %{_prefix}/lib/systemd -#Compat macro for new _fillupdir macro introduced in Nov 2017 -%if ! %{defined _fillupdir} - %define _fillupdir %{_localstatedir}/adm/fillup-templates -%endif -%if 0%{?suse_version} >= 1320 || ( 0%{?suse_version} == 1315 && 0%{?is_opensuse} ) -%bcond_without lmdb -%bcond_without libnsl -%else -%bcond_with lmdb -%bcond_with libnsl -%endif -%bcond_without ldap -Name: postfix-bdb -Version: 3.5.9 -Release: 0 -Summary: A fast, secure, and flexible mailer -License: IPL-1.0 OR EPL-2.0 -Group: Productivity/Networking/Email/Servers -URL: http://www.postfix.org -Source0: http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-%{version}.tar.gz -Source1: http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-%{version}.tar.gz.gpg2#/postfix-%{version}.tar.gz.asc -Source2: postfix-SUSE.tar.gz -Source3: postfix-mysql.tar.bz2 -#Source4: http://cdn.postfix.johnriley.me/mirrors/postfix-release/wietse.pgp#/postfix.keyring -Source4: postfix.keyring -Source10: postfix-rpmlintrc -Source11: check_mail_queue -Source12: postfix-user.conf -Source13: postfix-vmail-user.conf -Patch1: postfix-no-md5.patch -Patch2: pointer_to_literals.patch -Patch3: ipv6_disabled.patch -Patch4: postfix-bdb-main.cf.patch -Patch5: postfix-master.cf.patch -Patch6: postfix-linux45.patch -Patch7: postfix-ssl-release-buffers.patch -Patch8: postfix-vda-v14-3.0.3.patch -Patch9: fix-postfix-script.patch -Patch10: postfix-avoid-infinit-loop-if-no-permission.patch -BuildRequires: ca-certificates -BuildRequires: cyrus-sasl-devel -BuildRequires: db-devel -BuildRequires: diffutils -BuildRequires: fdupes -BuildRequires: libicu-devel -BuildRequires: libopenssl-devel -BuildRequires: m4 -BuildRequires: mysql-devel -%if %{with ldap} -BuildRequires: openldap2-devel -%endif -BuildRequires: pcre-devel -BuildRequires: pkgconfig -BuildRequires: postgresql-devel -BuildRequires: shadow -BuildRequires: zlib-devel -BuildRequires: pkgconfig(systemd) -Requires: iproute2 -Requires(post): permissions -Requires(pre): %fillup_prereq -Requires(pre): permissions -Conflicts: exim -Conflicts: sendmail -Conflicts: postfix -Provides: smtp_daemon -%{?systemd_ordering} -%if %{with lmdb} -BuildRequires: lmdb-devel -%endif -%if %{with libnsl} -BuildRequires: libnsl-devel -%endif -%if 0%{?suse_version} >= 1330 -BuildRequires: sysuser-tools -Requires: system-user-nobody -Requires: group(%{mail_group}) -Requires(pre): group(%{mail_group}) -%sysusers_requires -%else -Requires(pre): shadow -%endif - -%description -Postfix aims to be an alternative to the widely-used sendmail program with bdb support - -%if %{with lmdb} -%package lmdb -Summary: Postfix plugin to support LMDB maps -Group: Productivity/Networking/Email/Servers -Requires(pre): postfix-bdb = %{version} -Conflicts: postfix -Provides: postfix-lmdb = %{version}-%{release} -Obsoletes: postfix-lmdb < %{version}-%{release} -Conflicts: postfix-lmdb < %{version}-%{release} - -%description lmdb -Postfix plugin to support LMDB maps. This library will be loaded -by starting postfix if you'll access a postmap which is stored in -lmdb. -%endif - -%prep -%setup -n postfix-%{version} -a 2 -a 3 -%patch1 -%patch2 -%patch3 -%patch4 -%patch5 -%patch6 -%patch7 -%patch8 -%patch9 -%patch10 - -# --------------------------------------------------------------------------- - -%build -unset AUXLIBS AUXLIBS_LDAP AUXLIBS_PCRE AUXLIBS_MYSQL AUXLIBS_PGSQL AUXLIBS_SQLITE AUXLIBS_CDB - -export CCARGS="${CCARGS} %{optflags} -fcommon -Wno-comments -Wno-missing-braces -fPIC" -%ifarch s390 s390x ppc -export CCARGS="${CCARGS} -fsigned-char" -%endif -# -if pkg-config openssl ; then - export CCARGS="${CCARGS} -DUSE_TLS $(pkg-config --cflags openssl)" - export AUXLIBS="$AUXLIBS $(pkg-config --libs openssl)" -else - export CCARGS="${CCARGS} -DUSE_TLS" - export AUXLIBS="${AUXLIBS} -lssl -lcrypto" -fi -# -%if %{with ldap} -export CCARGS="${CCARGS} -DHAS_LDAP -DLDAP_DEPRECATED=1 -DUSE_LDAP_SASL" -export AUXLIBS_LDAP="-lldap -llber" -%endif -# -export CCARGS="${CCARGS} -DHAS_PCRE" -export AUXLIBS_PCRE="-lpcre" -# -export CCARGS="${CCARGS} -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I%{_includedir}/sasl" -if pkg-config libsasl2 ; then - export AUXLIBS="$AUXLIBS $(pkg-config --libs libsasl2)" -else - export AUXLIBS="$AUXLIBS -lsasl2" -fi -# -export CCARGS="${CCARGS} -DHAS_MYSQL $(mysql_config --cflags)" -export AUXLIBS_MYSQL="$(mysql_config --libs)" -# -if pkg-config --exists libpq ; then - export CCARGS="${CCARGS} -DHAS_PGSQL $(pkg-config libpq --cflags)" - export AUXLIBS_PGSQL="$(pkg-config libpq --libs)" -else - export CCARGS="${CCARGS} -DHAS_PGSQL -I$(pg_config --includedir)" - export AUXLIBS_PGSQL="-lpq" -fi -# -%if %{with lmdb} -export CCARGS="${CCARGS} -DHAS_LMDB -I/usr/local/include" \ -export AUXLIBS_LMDB="-llmdb" -%endif -# -# TODO -#export AUXLIBS_SQLITE -#export AUXLIBS_CDB -#export AUXLIBS_SDBM - -export PIE=-pie -# using SHLIB_RPATH to specify unrelated linker flags, because LDFLAGS is -# ignored -make makefiles pie=yes shared=yes dynamicmaps=yes \ - shlib_directory=%{_prefix}/lib/postfix \ - meta_directory=%{_prefix}/lib/postfix \ - config_directory=%{_sysconfdir}/postfix \ - SHLIB_RPATH="-Wl,-rpath,%{pf_shlib_directory} -Wl,-z,relro,-z,now" -make %{?_smp_mflags} -%if 0%{?suse_version} >= 1330 -# Create postfix user -%sysusers_generate_pre %{SOURCE12} postfix -%sysusers_generate_pre %{SOURCE13} vmail -%endif -# --------------------------------------------------------------------------- - -%install -mkdir -p %{buildroot}/%{_libdir} -mkdir -p %{buildroot}%{_sysconfdir}/postfix -cp conf/* %{buildroot}%{_sysconfdir}/postfix -# create our default postfix ssl DIR (/etc/postfix/ssl) -mkdir -p %{buildroot}%{_sysconfdir}/postfix/ssl/certs -# link cacerts to /etc/ssl/certs -ln -sf ../../ssl/certs %{buildroot}%{_sysconfdir}/postfix/ssl/cacerts -cp lib/libpostfix-* %{buildroot}/%{_libdir} -export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:%{buildroot}/%{_libdir} -sh postfix-install -non-interactive \ - install_root=%{buildroot} \ - config_directory=%{pf_config_directory} \ - daemon_directory=%{pf_daemon_directory} \ - command_directory=%{pf_command_directory} \ - queue_directory=/%{pf_queue_directory} \ - sendmail_path=%{pf_sendmail_path} \ - newaliases_path=%{pf_newaliases_path} \ - mailq_path=%{pf_mailq_path} \ - manpage_directory=%{_mandir} \ - setgid_group=%{pf_setgid_group} \ - readme_directory=%{pf_readme_directory} \ - data_directory=%{pf_data_directory} -ln -sf ../sbin/sendmail %{buildroot}%{_libexecdir}/sendmail -for i in qmqp-source smtp-sink smtp-source; do - install -m 755 bin/$i %{buildroot}%{_sbindir}/$i -done -mkdir -p %{buildroot}/sbin/conf.d -mkdir -p %{buildroot}%{_sysconfdir}/permissions.d -mkdir -p %{buildroot}/%{_libdir}/sasl2 -mkdir -p %{buildroot}%{_sbindir} -mkdir -p %{buildroot}/%{conf_backup_dir} -mkdir -p %{buildroot}/%{pf_sample_directory} -mkdir -p %{buildroot}/%{pf_html_directory} -mkdir -p %{buildroot}%{_includedir}/postfix -mkdir -p %{buildroot}%{_sysconfdir}/pam.d -install -m 644 postfix-SUSE/smtp %{buildroot}%{_sysconfdir}/pam.d/smtp -mkdir -p %{buildroot}%{_fillupdir} -sed -e 's;@lib@;%{_lib};g' postfix-SUSE/sysconfig.postfix > %{buildroot}%{_fillupdir}/sysconfig.postfix -install -m 644 postfix-SUSE/sysconfig.mail-postfix %{buildroot}%{_fillupdir}/sysconfig.mail-postfix -sed -e 's;@lib@;%{_lib};g' \ - -e 's;@conf_backup_dir@;%{conf_backup_dir};' \ - -e 's;@daemon_directory@;%{pf_daemon_directory};' \ - -e 's;@readme_directory@;%{pf_readme_directory};' \ - -e 's;@html_directory@;%{pf_html_directory};' \ - -e 's;@sendmail_path@;%{pf_sendmail_path};' \ - -e 's;@setgid_group@;%{pf_setgid_group};' \ - -e 's;@manpage_directory@;%{_mandir};' \ - -e 's;@newaliases_path@;%{pf_newaliases_path};' \ - -e 's;@sample_directory@;%{pf_sample_directory};' \ - -e 's;@mailq_path@;%{pf_mailq_path};' postfix-SUSE/config.postfix > %{buildroot}%{_sbindir}/config.postfix -chmod 755 %{buildroot}%{_sbindir}/config.postfix -install -m 644 postfix-SUSE/dynamicmaps.cf %{buildroot}%{_sysconfdir}/postfix/dynamicmaps.cf -install -m 644 postfix-SUSE/ldap_aliases.cf %{buildroot}%{_sysconfdir}/postfix/ldap_aliases.cf -install -m 644 postfix-SUSE/helo_access %{buildroot}%{_sysconfdir}/postfix/helo_access -install -m 644 postfix-SUSE/permissions %{buildroot}%{_sysconfdir}/permissions.d/postfix -install -m 644 postfix-SUSE/sender_canonical %{buildroot}%{_sysconfdir}/postfix/sender_canonical -install -m 644 postfix-SUSE/relay %{buildroot}%{_sysconfdir}/postfix/relay -install -m 644 postfix-SUSE/relay_ccerts %{buildroot}%{_sysconfdir}/postfix/relay_ccerts -install -m 600 postfix-SUSE/sasl_passwd %{buildroot}%{_sysconfdir}/postfix/sasl_passwd -mkdir -p %{buildroot}%{_sysconfdir}/sasl2 -install -m 600 postfix-SUSE/smtpd.conf %{buildroot}%{_sysconfdir}/sasl2/smtpd.conf -install -m 644 postfix-SUSE/openssl_postfix.conf.in %{buildroot}%{_sysconfdir}/postfix/openssl_postfix.conf.in -install -m 755 postfix-SUSE/mkpostfixcert %{buildroot}%{_sbindir}/mkpostfixcert -{ -cat< %{buildroot}%{_sysconfdir}/postfix/main.cf -%{buildroot}%{_sbindir}/postconf -c %{buildroot}%{_sysconfdir}/postfix \ - -e "manpage_directory = %{_mandir}" \ - "setgid_group = %{pf_setgid_group}" \ - "mailq_path = %{pf_mailq_path}" \ - "newaliases_path = %{pf_newaliases_path}" \ - "sendmail_path = %{pf_sendmail_path}" \ - "readme_directory = %{pf_readme_directory}" \ - "html_directory = %{pf_html_directory}" \ - "sample_directory = %{pf_sample_directory}" \ - "daemon_directory = %{pf_daemon_directory}" \ - "smtpd_helo_required = yes" \ - "smtpd_delay_reject = yes" \ - "disable_vrfy_command = yes" \ - 'smtpd_banner = $myhostname ESMTP' -#Set Permissions -install -m 644 postfix-SUSE/postfix-files %{buildroot}%{pf_shlib_directory}/postfix-files -# create paranoid permissions file -printf '%%-38s %%-18s %%s\n' %{_sbindir}/postdrop "root.%{pf_setgid_group}" "0755" >> %{buildroot}%{_sysconfdir}/permissions.d/postfix.paranoid -printf '%%-38s %%-18s %%s\n' %{_sbindir}/postqueue "root.%{pf_setgid_group}" "0755" >> %{buildroot}%{_sysconfdir}/permissions.d/postfix.paranoid -install -m 644 include/*.h %{buildroot}%{_includedir}/postfix/ -# some rpmlint stuff -# remove unneeded examples/chroot-setup -for example in AIX42 BSDI* F* HPUX* IRIX* NETBSD1 NEXTSTEP3 OPENSTEP4 OSF1 Solaris*; do - rm examples/chroot-setup/${example} -done -cp -a examples/* %{buildroot}%{pf_sample_directory} -cp -a html/* %{buildroot}%{pf_html_directory} -cp -a auxiliary %{buildroot}%{pf_docdir} -rm %{buildroot}%{pf_docdir}/README_FILES/INSTALL -# Fix build for Leap 42.3. -rm -f %{buildroot}%{_sysconfdir}/postfix/*.orig -mkdir -p %{buildroot}%{_unitdir} -mkdir -p %{buildroot}%{pf_shlib_directory}/systemd -install -m 0644 postfix-SUSE/postfix.service %{buildroot}%{_unitdir}/postfix.service -install -m 0755 postfix-SUSE/config_postfix.systemd %{buildroot}%{pf_shlib_directory}/systemd/config_postfix -install -m 0755 postfix-SUSE/update_chroot.systemd %{buildroot}%{pf_shlib_directory}/systemd/update_chroot -install -m 0755 postfix-SUSE/update_postmaps.systemd %{buildroot}%{pf_shlib_directory}/systemd/update_postmaps -install -m 0755 postfix-SUSE/wait_qmgr.systemd %{buildroot}%{pf_shlib_directory}/systemd/wait_qmgr -install -m 0755 postfix-SUSE/cond_slp.systemd %{buildroot}%{pf_shlib_directory}/systemd/cond_slp -ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rcpostfix -%fdupes %{buildroot}%{pf_docdir} -%fdupes %{buildroot}%{_mandir} -for path in %{buildroot}%{pf_shlib_directory}/libpostfix-*.so -do - test -e "$path" || continue - name=${path##*/} - cmp "$path" %{buildroot}%{_libdir}/$name || continue - rm -vf $path - ln -sf %{_libdir}/$name $path -done -# --------------------------------------------------------------------------- -install -m 755 %{SOURCE11} %{buildroot}%{_sbindir}/ -%if 0%{?suse_version} >= 1330 -mkdir -p %{buildroot}%{_sysusersdir} -install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/ -install -m 644 %{SOURCE13} %{buildroot}%{_sysusersdir}/ -%endif - -#Clean up for postfix-bdb -rm -rf %{buildroot}/etc/postfix/ldap_aliases.cf -rm -rf %{buildroot}/usr/lib/debug/usr/lib/postfix/postfix-ldap.so-3.5.8-2.11.1.x86_64.debug -rm -rf %{buildroot}/usr/lib/debug/usr/lib/postfix/postfix-mysql.so-3.5.8-2.11.1.x86_64.debug -rm -rf %{buildroot}/usr/lib/debug/usr/lib/postfix/postfix-pgsql.so-3.5.8-2.11.1.x86_64.debug -rm -rf %{buildroot}/usr/lib/postfix/postfix-ldap.so -rm -rf %{buildroot}/usr/lib/postfix/postfix-mysql.so -rm -rf %{buildroot}/usr/lib/postfix/postfix-pgsql.so -rm -rf %{buildroot}/usr/lib/sysusers.d/postfix-vmail-user.conf -rm -rf %{buildroot}/usr/share/doc/packages/postfix-doc/ -rm -rf %{buildroot}/%{_includedir}/postfix/ - -%if 0%{?suse_version} >= 1330 -%pre -f postfix.pre -%else -%pre -getent group postfix >/dev/null || groupadd -g %{pf_gid} -o -r postfix -getent group maildrop >/dev/null || groupadd -g %{maildrop_gid} -o -r maildrop -getent passwd postfix >/dev/null || useradd -r -o -g postfix -u %{pf_uid} -s /bin/false -c "Postfix Daemon" -d /%{pf_queue_directory} postfix -usermod -a -G %{maildrop_gid},%{mail_group} postfix -%endif - -%service_add_pre postfix.service - -VERSIONTEST=$(test -x usr/sbin/postconf && usr/sbin/postconf proxy_read_maps 2>/dev/null || :) -if [ -z "$VERSIONTEST" -a -f %{pf_queue_directory}/pid/master.pid ]; then - if checkproc -p %{pf_queue_directory}/pid/master.pid usr/lib/postfix/master; then - echo "postfix is still running. You have to stop postfix in order to" - echo "install a newer version." - exit 1 - fi -fi -# --------------------------------------------------------------------------- - -%preun -%stop_on_removal postfix -%service_del_preun postfix.service -# --------------------------------------------------------------------------- - -%post -# We never have to run suseconfig for postfix after installation -# We only start postfix own upgrade-configuration by update -if [ ${1:-0} -gt 1 ]; then - touch %{_localstatedir}/adm/postfix.configured - echo "Executing upgrade-configuration." - %{_sbindir}/postfix set-permissions upgrade-configuration setgid_group=%{pf_setgid_group} || : - if [ "$(%{_sbindir}/postconf -h daemon_directory)" != "%{pf_daemon_directory}" ]; then - %{_sbindir}/postconf daemon_directory=%{pf_daemon_directory} - fi -fi - -%service_add_post postfix.service - -%set_permissions %{_sbindir}/postqueue -%set_permissions %{_sbindir}/postdrop -%set_permissions %{_sysconfdir}/postfix/sasl_passwd -%set_permissions %{_sbindir}/sendmail - -%{fillup_only postfix} -%{fillup_only -an mail} -/sbin/ldconfig - -%verifyscript -%verify_permissions -e %{_sbindir}/postqueue -%verify_permissions -e %{_sbindir}/postdrop -%verify_permissions -e %{_sysconfdir}/postfix/sasl_passwd -%verify_permissions -e %{_sbindir}/sendmail - -%postun -%service_del_postun postfix.service -/sbin/ldconfig - -# --------------------------------------------------------------------------- - -%files -%license LICENSE -%config %{_sysconfdir}/pam.d/* -%{_fillupdir}/sysconfig.postfix -%{_fillupdir}/sysconfig.mail-postfix -%{_sbindir}/config.postfix -%dir %{_sysconfdir}/postfix -%config %{_sysconfdir}/postfix/main.cf.default -%config(noreplace) %{_sysconfdir}/postfix/[^mysql]*[^mysql] -%config(noreplace) %{_sysconfdir}/postfix/access -%config(noreplace) %{_sysconfdir}/postfix/aliases -%config(noreplace) %{_sysconfdir}/postfix/canonical -%config(noreplace) %{_sysconfdir}/postfix/header_checks -%config(noreplace) %{_sysconfdir}/postfix/helo_access -%config(noreplace) %{_sysconfdir}/postfix/main.cf -%config(noreplace) %{_sysconfdir}/postfix/master.cf -%attr(0750,root,root) %config %{_sysconfdir}/postfix/post-install -%attr(0750,root,root) %config %{_sysconfdir}/postfix/postfix-tls-script -%attr(0750,root,root) %config %{_sysconfdir}/postfix/postfix-wrapper -%attr(0750,root,root) %config %{_sysconfdir}/postfix/postmulti-script -%config(noreplace) %{_sysconfdir}/postfix/postfix-files -%config(noreplace) %{_sysconfdir}/postfix/relay -%config(noreplace) %{_sysconfdir}/postfix/relay_ccerts -%config(noreplace) %{_sysconfdir}/postfix/sasl_passwd -%config(noreplace) %{_sysconfdir}/postfix/sender_canonical -%config(noreplace) %{_sysconfdir}/postfix/virtual - -%dir %{_sysconfdir}/sasl2 -%config(noreplace) %{_sysconfdir}/sasl2/smtpd.conf -%config %{_sysconfdir}/postfix/LICENSE -%config %{_sysconfdir}/postfix/TLS_LICENSE -%config %{_sysconfdir}/permissions.d/postfix -%config %{_sysconfdir}/permissions.d/postfix.paranoid -%attr(0644, root, root) %config %{_sysconfdir}/postfix/makedefs.out -%{pf_shlib_directory}/postfix-files -# create our default postfix ssl DIR (/etc/postfix/ssl) -%dir %{_sysconfdir}/postfix/ssl -%dir %{_sysconfdir}/postfix/ssl/certs -%{_sysconfdir}/postfix/ssl/cacerts -%dir %{pf_shlib_directory}/systemd -%attr(0755,root,root) %{pf_shlib_directory}/systemd/* -%{_unitdir}/postfix.service -%verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postdrop -%verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postqueue -%{_bindir}/mailq -%{_bindir}/newaliases -%attr(0755,root,root) %{_sbindir}/sendmail -%attr(0755,root,root) %{_sbindir}/postalias -%attr(0755,root,root) %{_sbindir}/postcat -%attr(0755,root,root) %{_sbindir}/postconf -%attr(0755,root,root) %{_sbindir}/postfix -%attr(0755,root,root) %{_sbindir}/postkick -%attr(0755,root,root) %{_sbindir}/postlock -%attr(0755,root,root) %{_sbindir}/postlog -%attr(0755,root,root) %{_sbindir}/postmap -%attr(0755,root,root) %{_sbindir}/postmulti -%attr(0755,root,root) %{_sbindir}/postsuper -%attr(0755,root,root) %{_sbindir}/qmqp-source -%attr(0755,root,root) %{_sbindir}/smtp-sink -%attr(0755,root,root) %{_sbindir}/smtp-source -%attr(0755,root,root) %{_sbindir}/mkpostfixcert -%attr(0755,root,root) %{_sbindir}/check_mail_queue -%attr(0755,root,root) %{_sbindir}/config.postfix -%{_sbindir}/rcpostfix -%{_libdir}/lib* -%{_libexecdir}/sendmail -%dir %{pf_shlib_directory} -%{pf_shlib_directory}/*[^.so] -%{pf_shlib_directory}/postfix-pcre.so -%{pf_shlib_directory}/libpostfix-dns.so -%{pf_shlib_directory}/libpostfix-global.so -%{pf_shlib_directory}/libpostfix-master.so -%{pf_shlib_directory}/libpostfix-tls.so -%{pf_shlib_directory}/libpostfix-util.so -%{pf_shlib_directory}/main.cf.proto -%{pf_shlib_directory}/master.cf.proto - -%{conf_backup_dir} -%dir %attr(0700,postfix,root) %{pf_data_directory} -%exclude %{_mandir}/man5/ldap_table.5* -%exclude %{_mandir}/man5/lmdb_table.5* -%exclude %{_mandir}/man5/mysql_table.5* -%exclude %{_mandir}/man5/pgsql_table.5* -%{_mandir}/man?/*%{?ext_man} -%dir %attr(0755,root,root) /%{pf_queue_directory} -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/active -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/bounce -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/corrupt -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/defer -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/deferred -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/flush -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/hold -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/incoming -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/private -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/saved -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/trace -%dir %attr(0730,postfix,maildrop) /%{pf_queue_directory}/maildrop -%dir %attr(0710,postfix,maildrop) /%{pf_queue_directory}/public -%if 0%{?suse_version} >= 1330 -%{_sysusersdir}/postfix-user.conf -%endif - -%if %{with lmdb} -%files lmdb -%{pf_shlib_directory}/postfix-lmdb.so -%{_mandir}/man5/lmdb_table.5%{?ext_man} -%endif - -%changelog diff --git a/postfix-main.cf.patch b/postfix-main.cf.patch index f1c6c0f..dad7975 100644 --- a/postfix-main.cf.patch +++ b/postfix-main.cf.patch @@ -1,46 +1,8 @@ ---- conf/main.cf-orig 2020-11-26 19:22:10.273349060 +0100 -+++ conf/main.cf 2020-11-26 19:22:57.917974110 +0100 -@@ -278,7 +278,7 @@ - # - #mynetworks = 168.100.189.0/28, 127.0.0.0/8 - #mynetworks = $config_directory/mynetworks --#mynetworks = hash:/etc/postfix/network_table -+#mynetworks = lmdb:/etc/postfix/network_table - - # The relay_domains parameter restricts what destinations this system will - # relay mail to. See the smtpd_recipient_restrictions description in -@@ -343,7 +343,7 @@ - # In the left-hand side, specify an @domain.tld wild-card, or specify - # a user@domain.tld address. - # --#relay_recipient_maps = hash:/etc/postfix/relay_recipients -+#relay_recipient_maps = lmdb:/etc/postfix/relay_recipients - - # INPUT RATE CONTROL - # -@@ -398,8 +398,8 @@ - # "postfix reload" to eliminate the delay. - # - #alias_maps = dbm:/etc/aliases --#alias_maps = hash:/etc/aliases --#alias_maps = hash:/etc/aliases, nis:mail.aliases -+#alias_maps = lmdb:/etc/aliases -+#alias_maps = lmdb:/etc/aliases, nis:mail.aliases - #alias_maps = netinfo:/aliases - - # The alias_database parameter specifies the alias database(s) that -@@ -409,8 +409,8 @@ - # - #alias_database = dbm:/etc/aliases - #alias_database = dbm:/etc/mail/aliases --#alias_database = hash:/etc/aliases --#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases -+#alias_database = lmdb:/etc/aliases -+#alias_database = lmdb:/etc/aliases, lmdb:/opt/majordomo/aliases - - # ADDRESS EXTENSIONS (e.g., user+foo) - # -@@ -567,6 +567,7 @@ +Index: conf/main.cf +=================================================================== +--- conf/main.cf.orig ++++ conf/main.cf +@@ -567,6 +567,7 @@ unknown_local_recipient_reject_code = 55 # #smtpd_banner = $myhostname ESMTP $mail_name #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) @@ -48,7 +10,7 @@ # PARALLEL DELIVERY TO THE SAME DESTINATION # -@@ -673,4 +674,140 @@ +@@ -673,4 +674,140 @@ sample_directory = # readme_directory: The location of the Postfix README files. # readme_directory = @@ -135,7 +97,7 @@ +smtp_tls_CApath = +smtp_tls_cert_file = +smtp_tls_key_file = -+#smtp_tls_policy_maps = lmdb:/etc/postfix/tls_policy ++#smtp_tls_policy_maps = hash:/etc/postfix/tls_policy +#smtp_tls_session_cache_timeout = 3600s +smtp_tls_session_cache_database = + @@ -151,9 +113,9 @@ +############################################################ +# Start MySQL from postfixwiki.org +############################################################ -+relay_domains = $mydestination, lmdb:/etc/postfix/relay ++relay_domains = $mydestination, hash:/etc/postfix/relay +#virtual_alias_domains = -+#virtual_alias_maps = lmdb:/etc/postfix/virtual ++#virtual_alias_maps = hash:/etc/postfix/virtual +#virtual_uid_maps = static:303 +#virtual_gid_maps = static:303 +#virtual_minimum_uid = 303 @@ -169,9 +131,9 @@ +#virtual_mailbox_limit_override = yes +### Needs Maildir++ compatible IMAP servers, like Courier-IMAP +#virtual_maildir_filter = yes -+#virtual_maildir_filter_maps = lmdb:/etc/postfix/vfilter ++#virtual_maildir_filter_maps = hash:/etc/postfix/vfilter +#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later. -+#virtual_maildir_limit_message_maps = lmdb:/etc/postfix/vmsg ++#virtual_maildir_limit_message_maps = hash:/etc/postfix/vmsg +#virtual_overquota_bounce = yes +#virtual_trash_count = yes +#virtual_trash_name = ".Trash" diff --git a/postfix.changes b/postfix.changes index 2b2c869..e19f562 100644 --- a/postfix.changes +++ b/postfix.changes @@ -1,75 +1,3 @@ -------------------------------------------------------------------- -Mon Jan 25 10:28:26 UTC 2021 - Paolo Stivanin - -- Update to 3.5.9 - * improves the reporting of DNSSEC problems that may affect - DANE security - -------------------------------------------------------------------- -Thu Jan 7 12:26:08 UTC 2021 - Arjen de Korte - -- Only do the conversion from the hash/btree databases to lmdb when - the default database type changes from hash to lmdb and do not - stop and start the service (the old compiled databases can live - together with the new ones) - - convert-bdb-to-lmdb.sh -- Clean up the specfile - * Remove < 1330 conditional builds - * Use generated postfix-files instead of the obsolete one from - postfix-SUSE.tar.gz - * Use dynamicmaps.cf.d instead of modifying dynamicmaps.cf upon - (de)installation of optional mysql, pgsql and ldap subpackages - * Use default location for post-install, postfix-tls-script, - postfix-wrapper and postmulti-script - -------------------------------------------------------------------- -Mon Jan 4 12:17:03 UTC 2021 - Peter Varkoly - -- Set lmdb to be the default db. -- Convert btree tables to lmdb too. Stop postfix before converting from - bdb to lmdb -- This package is without bdb support. That's why convert must be done - without any suse release condition. - o remove patch postfix-no-btree.patch - o add set-default-db-type.patch - -------------------------------------------------------------------- -Fri Dec 25 20:32:04 UTC 2020 - Arjen de Korte - -- Set database type for address_verify_map and postscreen_cache_map - to lmdb (btree requires Berkeley DB) - o add postfix-no-btree.patch - -------------------------------------------------------------------- -Fri Dec 25 10:28:30 UTC 2020 - Arjen de Korte - -- Set default database type to lmdb and fix update_postmaps script - -------------------------------------------------------------------- -Thu Dec 24 14:09:32 UTC 2020 - Arjen de Korte - -- Use variable substition instead of sed to remove .db suffix and - substitute hash: for lmdb: in /etc/postfix/master.cf as well. - Check before substitution if there is something to do (to keep - rpmcheck happy). - -------------------------------------------------------------------- -Tue Dec 8 13:36:35 UTC 2020 - Peter Varkoly - -- bsc#1176650 L3: What is regularly triggering the "fillup" - command and changing modify-time of /etc/sysconfig/postfix? - o Remove miss placed fillup_only call from %verifyscript - -------------------------------------------------------------------- -Thu Nov 26 15:30:10 UTC 2020 - Peter Varkoly - -- Remove Berkeley DB dependency (JIRA#SLE-12191) - The pacakges postfix is build without Berkely DB support. - lmdb will be used instead of BDB. - The pacakges postfix-bdb is build with Berkely DB support. - o add patch for main.cf for postfix-bdb package - postfix-bdb-main.cf.patch - ------------------------------------------------------------------- Sun Nov 8 20:59:23 UTC 2020 - Michael Ströder diff --git a/postfix.spec b/postfix.spec index 581e64f..c050604 100644 --- a/postfix.spec +++ b/postfix.spec @@ -31,7 +31,15 @@ %define pf_html_directory %{_docdir}/%{name}-doc/html %define pf_sample_directory %{_docdir}/%{name}-doc/samples %define pf_data_directory %{_localstatedir}/lib/%{name} -%define pf_database_convert %{_rundir}/%{name}-needs-convert +%if 0%{?suse_version} < 1330 +%define pf_uid 51 +%define pf_gid 51 +%define maildrop_gid 59 +%define vmusr vmail +%define vmgid 303 +%define vmid 303 +%define vmdir /srv/maildirs +%endif %define mail_group mail %define conf_backup_dir %{_localstatedir}/adm/backup/%{name} %define unitdir %{_prefix}/lib/systemd @@ -39,10 +47,16 @@ %if ! %{defined _fillupdir} %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif +%if 0%{?suse_version} >= 1320 || ( 0%{?suse_version} == 1315 && 0%{?is_opensuse} ) +%bcond_without lmdb %bcond_without libnsl +%else +%bcond_with lmdb +%bcond_with libnsl +%endif %bcond_without ldap Name: postfix -Version: 3.5.9 +Version: 3.5.8 Release: 0 Summary: A fast, secure, and flexible mailer License: IPL-1.0 OR EPL-2.0 @@ -68,10 +82,9 @@ Patch7: %{name}-ssl-release-buffers.patch Patch8: %{name}-vda-v14-3.0.3.patch Patch9: fix-postfix-script.patch Patch10: %{name}-avoid-infinit-loop-if-no-permission.patch -Patch11: set-default-db-type.patch BuildRequires: ca-certificates BuildRequires: cyrus-sasl-devel -#BuildRequires: db-devel +BuildRequires: db-devel BuildRequires: diffutils BuildRequires: fdupes BuildRequires: libicu-devel @@ -81,7 +94,6 @@ BuildRequires: mysql-devel %if %{with ldap} BuildRequires: openldap2-devel %endif -BuildRequires: lmdb-devel BuildRequires: pcre-devel BuildRequires: pkgconfig BuildRequires: postgresql-devel @@ -94,19 +106,23 @@ Requires(pre): %fillup_prereq Requires(pre): permissions Conflicts: exim Conflicts: sendmail -Conflicts: postfix-bdb -Provides: postfix-lmdb = %{version}-%{release} -Obsoletes: postfix-lmdb < %{version}-%{release} Provides: smtp_daemon %{?systemd_ordering} +%if %{with lmdb} +BuildRequires: lmdb-devel +%endif %if %{with libnsl} BuildRequires: libnsl-devel %endif +%if 0%{?suse_version} >= 1330 BuildRequires: sysuser-tools Requires: system-user-nobody Requires: group(%{mail_group}) Requires(pre): group(%{mail_group}) %sysusers_requires +%else +Requires(pre): shadow +%endif %description Postfix aims to be an alternative to the widely-used sendmail program. @@ -132,7 +148,11 @@ This package contains the documentation for %{name} Summary: Postfix plugin to support MySQL maps Group: Productivity/Networking/Email/Servers Requires(pre): %{name} = %{version} +%if 0%{?suse_version} >= 1330 %sysusers_requires +%else +Requires(pre): shadow +%endif %description mysql Postfix plugin to support MySQL maps. This library will be loaded by @@ -160,6 +180,18 @@ This provides support for LDAP maps in Postfix. If you plan to use LDAP maps with Postfix, you need this. %endif +%if %{with lmdb} +%package lmdb +Summary: Postfix plugin to support LMDB maps +Group: Productivity/Networking/Email/Servers +Requires(pre): %{name} = %{version} + +%description lmdb +Postfix plugin to support LMDB maps. This library will be loaded +by starting %{name} if you'll access a postmap which is stored in +PostgreSQL. +%endif + %prep %setup -q -a 2 -a 3 %patch1 @@ -172,7 +204,6 @@ maps with Postfix, you need this. %patch8 %patch9 %patch10 -%patch11 # --------------------------------------------------------------------------- @@ -218,15 +249,15 @@ else export AUXLIBS_PGSQL="-lpq" fi # +%if %{with lmdb} export CCARGS="${CCARGS} -DHAS_LMDB -I/usr/local/include" \ export AUXLIBS_LMDB="-llmdb" +%endif # # TODO #export AUXLIBS_SQLITE #export AUXLIBS_CDB #export AUXLIBS_SDBM -# Remove berkeley DB and set lmdb as default -export CCARGS="${CCARGS} -DNO_DB -DDEF_DB_TYPE=\\\"lmdb\\\"" export PIE=-pie # using SHLIB_RPATH to specify unrelated linker flags, because LDFLAGS is @@ -237,14 +268,17 @@ make makefiles pie=yes shared=yes dynamicmaps=yes \ config_directory=%{_sysconfdir}/%{name} \ SHLIB_RPATH="-Wl,-rpath,%{pf_shlib_directory} -Wl,-z,relro,-z,now" make %{?_smp_mflags} +%if 0%{?suse_version} >= 1330 # Create postfix user %sysusers_generate_pre %{SOURCE12} postfix %sysusers_generate_pre %{SOURCE13} vmail +%endif # --------------------------------------------------------------------------- %install mkdir -p %{buildroot}/%{_libdir} mkdir -p %{buildroot}%{_sysconfdir}/%{name} +cp conf/* %{buildroot}%{_sysconfdir}/%{name} # create our default postfix ssl DIR (/etc/postfix/ssl) mkdir -p %{buildroot}%{_sysconfdir}/%{name}/ssl/certs # link cacerts to /etc/ssl/certs @@ -293,6 +327,7 @@ sed -e 's;@lib@;%{_lib};g' \ -e 's;@sample_directory@;%{pf_sample_directory};' \ -e 's;@mailq_path@;%{pf_mailq_path};' %{name}-SUSE/config.%{name} > %{buildroot}%{_sbindir}/config.%{name} chmod 755 %{buildroot}%{_sbindir}/config.%{name} +install -m 644 %{name}-SUSE/dynamicmaps.cf %{buildroot}%{_sysconfdir}/%{name}/dynamicmaps.cf install -m 644 %{name}-SUSE/ldap_aliases.cf %{buildroot}%{_sysconfdir}/%{name}/ldap_aliases.cf install -m 644 %{name}-SUSE/helo_access %{buildroot}%{_sysconfdir}/%{name}/helo_access install -m 644 %{name}-SUSE/permissions %{buildroot}%{_sysconfdir}/permissions.d/%{name} @@ -332,15 +367,7 @@ cat conf/main.cf "disable_vrfy_command = yes" \ 'smtpd_banner = $myhostname ESMTP' #Set Permissions -sed -i -e 's/\(.*ldap.*\)/#\1/g' \ - -e 's/\(.*mysql.*\)/#\1/g' \ - -e 's/\(.*pgsql.*\)/#\1/g' \ - -e 's/\(.*LICENSE.*\)/#\1/g' \ - -e '/html_directory/d' \ - -e '/manpage_directory/d' \ - -e '/readme_directory/d' \ - %{buildroot}%{pf_shlib_directory}/postfix-files -mkdir -p %{buildroot}%{pf_shlib_directory}/postfix-files.d +install -m 644 %{name}-SUSE/%{name}-files %{buildroot}%{pf_shlib_directory}/%{name}-files # postfix-mysql install -m 644 %{name}-mysql/main.cf-mysql %{buildroot}%{_sysconfdir}/%{name}/main.cf-mysql install -m 640 %{name}-mysql/*_maps.cf %{buildroot}%{_sysconfdir}/%{name}/ @@ -378,101 +405,148 @@ do rm -vf $path ln -sf %{_libdir}/$name $path done - -# create dynamicmaps.cf.d entries for optional modules -sed -n -e '/^#/p' -e '/mysql/p' %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf > %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-mysql.cf -sed -i -e '/mysql/d' %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf -sed -n -e '/^#/p' -e '/pgsql/p' %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf > %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-pgsql.cf -sed -i -e '/pgsql/d' %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf -%if %{with ldap} -sed -n -e '/^#/p' -e "/ldap/p" %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf > %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-ldap.cf -sed -i -e '/ldap/d' %{buildroot}%{pf_shlib_directory}/dynamicmaps.cf -%endif - +# --------------------------------------------------------------------------- install -m 755 %{SOURCE11} %{buildroot}%{_sbindir}/ +%if 0%{?suse_version} >= 1330 mkdir -p %{buildroot}%{_sysusersdir} install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/ install -m 644 %{SOURCE13} %{buildroot}%{_sysusersdir}/ +%endif -# --------------------------------------------------------------------------- - +%if 0%{?suse_version} >= 1330 %pre -f postfix.pre -# If existing default database type is hash, we need to convert the -# databases because hash (and btree) is no longer supported after -# the upgrade -if [ -x %{_sbindir}/postconf ]; then - DEF_DB_TYPE=$(postconf default_database_type) - case $DEF_DB_TYPE in *hash) - touch %{pf_database_convert} - esac -fi +%else +%pre +getent group %{name} >/dev/null || groupadd -g %{pf_gid} -o -r %{name} +getent group maildrop >/dev/null || groupadd -g %{maildrop_gid} -o -r maildrop +getent passwd %{name} >/dev/null || useradd -r -o -g %{name} -u %{pf_uid} -s /bin/false -c "Postfix Daemon" -d /%{pf_queue_directory} %{name} +usermod -a -G %{maildrop_gid},%{mail_group} %{name} +%endif + %service_add_pre %{name}.service +VERSIONTEST=$(test -x usr/sbin/postconf && usr/sbin/postconf proxy_read_maps 2>/dev/null || :) +if [ -z "$VERSIONTEST" -a -f %{pf_queue_directory}/pid/master.pid ]; then + if checkproc -p %{pf_queue_directory}/pid/master.pid usr/lib/%{name}/master; then + echo "%{name} is still running. You have to stop %{name} in order to" + echo "install a newer version." + exit 1 + fi +fi +# --------------------------------------------------------------------------- + +%if 0%{?suse_version} >= 1330 +%pre mysql -f vmail.pre +%else +%pre mysql +#echo "PARAM_pre: "$1 +# on `rpm -ivh` PARAM is 1 +# on `rpm -Uvh` PARAM is 2 +if [ "$1" = "1" ]; then + echo "Adding %{vmusr} user" + if [ -z "`getent group %{vmusr} 2>/dev/null`" ]; then + groupadd -r -g %{vmgid} %{vmusr} + fi + if [ -z "`getent passwd %{vmusr} 2>/dev/null`" ]; then + useradd -c "maildirs chef" -d %{vmdir} -g %{vmusr} -u %{vmid} -r -s /bin/false %{vmusr} + fi +fi +%endif +# --------------------------------------------------------------------------- + %preun +%stop_on_removal %{name} %service_del_preun %{name}.service +# --------------------------------------------------------------------------- + +%preun mysql +#echo "PARAM_preun: "$1 +# on `rpm -e` PARAM is 0 +if [ "$1" = "0" ]; then + FILE=etc/%{name}/dynamicmaps.cf + if [ -e "$FILE" ] ; then + if grep -q "^mysql[[:space:]]" ${FILE}; then + echo "Removing mysql map entry from ${FILE}" + sed "/^mysql[[:space:]]/d" ${FILE} > ${FILE}.$$ && \ + cp --remove-destination ${FILE}.$$ ${FILE} && \ + rm ${FILE}.$$ + fi + else + echo "Can not find \"$FILE\". Not updating the file." >&2 + fi +fi +# --------------------------------------------------------------------------- + +%preun postgresql +if [ "$1" = 0 ] ; then + FILE=etc/%{name}/dynamicmaps.cf + if [ -e "$FILE" ] ; then + if grep -q "^pgsql[[:space:]]" ${FILE}; then + echo "Removing pgsql map entry from ${FILE}" + sed "/^pgsql[[:space:]]/d" ${FILE} > ${FILE}.$$ && \ + cp --remove-destination ${FILE}.$$ ${FILE} && \ + rm ${FILE}.$$ + fi + else + echo "Can not find \"$FILE\". Not updating the file." >&2 + fi +fi +# --------------------------------------------------------------------------- %post # We never have to run suseconfig for postfix after installation # We only start postfix own upgrade-configuration by update -# -# If the default database type of the previous installation was -# hash, we also need to rebuild the databases in the new lmdb -# format if [ ${1:-0} -gt 1 ]; then touch %{_localstatedir}/adm/%{name}.configured - echo "Executing upgrade-configuration." - %{_sbindir}/%{name} set-permissions upgrade-configuration setgid_group=%{pf_setgid_group} || : - if [ "$(%{_sbindir}/postconf -h daemon_directory)" != "%{pf_daemon_directory}" ]; then - %{_sbindir}/postconf daemon_directory=%{pf_daemon_directory} - fi - if [ -e %{pf_database_convert} ]; then - sed -i -E "s/(btree|hash):/lmdb:/g" %{pf_config_directory}/{main.cf,master.cf} - for i in $(find %{pf_config_directory} -name "*.db"); do - postmap ${i%.db} - done - for i in $(find %{_sysconfdir}/aliases.d/ -name "*.db"); do - postalias ${i%.db} - done - if [ -e %{_sysconfdir}/aliases.db ]; then - postalias %{_sysconfdir}/aliases - fi - rm %{pf_database_convert} - fi + echo "Executing upgrade-configuration." + %{_sbindir}/%{name} set-permissions upgrade-configuration setgid_group=%{pf_setgid_group} || : + if [ "$(%{_sbindir}/postconf -h daemon_directory)" != "%{pf_daemon_directory}" ]; then + %{_sbindir}/postconf daemon_directory=%{pf_daemon_directory} + fi fi + +%service_add_post %{name}.service + %set_permissions %{_sbindir}/postqueue %set_permissions %{_sbindir}/postdrop %set_permissions %{_sysconfdir}/%{name}/sasl_passwd %set_permissions %{_sbindir}/sendmail + %{fillup_only postfix} %{fillup_only -an mail} -%service_add_post %{name}.service - -%postun -%service_del_postun %{name}.service +/sbin/ldconfig %verifyscript %verify_permissions -e %{_sbindir}/postqueue %verify_permissions -e %{_sbindir}/postdrop %verify_permissions -e %{_sysconfdir}/%{name}/sasl_passwd %verify_permissions -e %{_sbindir}/sendmail +%{fillup_only postfix} + +%postun +%service_del_postun %{name}.service +/sbin/ldconfig # --------------------------------------------------------------------------- -%pre mysql -f vmail.pre +%post postgresql +FILE=etc/%{name}/dynamicmaps.cf +if ! grep -q "^pgsql[[:space:]]" ${FILE}; then + echo "Adding pgsql map entry to ${FILE}" + echo "pgsql %{pf_shlib_directory}/dict_pgsql.so dict_pgsql_open" >> ${FILE} +fi +# --------------------------------------------------------------------------- -%post mysql -p /sbin/ldconfig -%postun mysql -p /sbin/ldconfig - -%post postgresql -p /sbin/ldconfig -%postun postgresql -p /sbin/ldconfig - -%if %{with ldap} -%post ldap -p /sbin/ldconfig -%postun ldap -p /sbin/ldconfig -%endif +%post mysql +FILE=etc/%{name}/dynamicmaps.cf +if ! grep -q "^mysql[[:space:]]" ${FILE}; then + echo "Adding mysql map entry to ${FILE}" + echo "mysql %{pf_shlib_directory}/dict_mysql.so dict_mysql_open" >> ${FILE} +fi +# --------------------------------------------------------------------------- %files -%license LICENSE TLS_LICENSE +%license LICENSE %config %{_sysconfdir}/pam.d/* %{_fillupdir}/sysconfig.%{name} %{_fillupdir}/sysconfig.mail-%{name} @@ -487,19 +561,24 @@ fi %config(noreplace) %{_sysconfdir}/%{name}/helo_access %config(noreplace) %{_sysconfdir}/%{name}/main.cf %config(noreplace) %{_sysconfdir}/%{name}/master.cf +%attr(0750,root,root) %config %{_sysconfdir}/%{name}/post-install +%attr(0750,root,root) %config %{_sysconfdir}/%{name}/%{name}-tls-script +%attr(0750,root,root) %config %{_sysconfdir}/%{name}/%{name}-wrapper +%attr(0750,root,root) %config %{_sysconfdir}/%{name}/postmulti-script +%config(noreplace) %{_sysconfdir}/%{name}/%{name}-files %config(noreplace) %{_sysconfdir}/%{name}/relay %config(noreplace) %{_sysconfdir}/%{name}/relay_ccerts %config(noreplace) %{_sysconfdir}/%{name}/sasl_passwd %config(noreplace) %{_sysconfdir}/%{name}/sender_canonical %config(noreplace) %{_sysconfdir}/%{name}/virtual -%ghost %{_sysconfdir}/%{name}/*.lmdb -%ghost %{_sysconfdir}/aliases.lmdb + %dir %{_sysconfdir}/sasl2 %config(noreplace) %{_sysconfdir}/sasl2/smtpd.conf -%exclude %{_sysconfdir}/%{name}/LICENSE -%exclude %{_sysconfdir}/%{name}/TLS_LICENSE +%config %{_sysconfdir}/%{name}/LICENSE +%config %{_sysconfdir}/%{name}/TLS_LICENSE %config %{_sysconfdir}/permissions.d/%{name} %config %{_sysconfdir}/permissions.d/%{name}.paranoid +%attr(0644, root, root) %config %{_sysconfdir}/%{name}/makedefs.out %{pf_shlib_directory}/%{name}-files # create our default postfix ssl DIR (/etc/postfix/ssl) %dir %{_sysconfdir}/%{name}/ssl @@ -533,25 +612,20 @@ fi %{_libdir}/lib* %{_libexecdir}/sendmail %dir %{pf_shlib_directory} +%{pf_shlib_directory}/*[^.so] %{pf_shlib_directory}/%{name}-pcre.so -%{pf_shlib_directory}/%{name}-lmdb.so %{pf_shlib_directory}/lib%{name}-dns.so %{pf_shlib_directory}/lib%{name}-global.so %{pf_shlib_directory}/lib%{name}-master.so %{pf_shlib_directory}/lib%{name}-tls.so %{pf_shlib_directory}/lib%{name}-util.so -%{pf_shlib_directory}/dynamicmaps.cf %{pf_shlib_directory}/main.cf.proto -%{pf_shlib_directory}/makedefs.out %{pf_shlib_directory}/master.cf.proto -%dir %{pf_daemon_directory} -%{pf_daemon_directory}/* -%dir %{pf_shlib_directory}/dynamicmaps.cf.d -%dir %{pf_shlib_directory}/postfix-files.d %{conf_backup_dir} %dir %attr(0700,%{name},root) %{pf_data_directory} %exclude %{_mandir}/man5/ldap_table.5* +%exclude %{_mandir}/man5/lmdb_table.5* %exclude %{_mandir}/man5/mysql_table.5* %exclude %{_mandir}/man5/pgsql_table.5* %{_mandir}/man?/*%{?ext_man} @@ -569,7 +643,9 @@ fi %dir %attr(0700,%{name},root) /%{pf_queue_directory}/trace %dir %attr(0730,%{name},maildrop) /%{pf_queue_directory}/maildrop %dir %attr(0710,%{name},maildrop) /%{pf_queue_directory}/public +%if 0%{?suse_version} >= 1330 %{_sysusersdir}/postfix-user.conf +%endif %files devel %{_includedir}/%{name}/ @@ -583,21 +659,26 @@ fi %config(noreplace) %attr(640, root, %{name}) %{_sysconfdir}/%{name}/*_maps.cf %config(noreplace) %{_sysconfdir}/%{name}/main.cf-mysql %{pf_shlib_directory}/%{name}-mysql.so -%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-mysql.cf %{_mandir}/man5/mysql_table.5%{?ext_man} +%if 0%{?suse_version} >= 1330 %{_sysusersdir}/postfix-vmail-user.conf +%endif %files postgresql %{pf_shlib_directory}/%{name}-pgsql.so -%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-pgsql.cf %{_mandir}/man5/pgsql_table.5%{?ext_man} %if %{with ldap} %files ldap %config(noreplace) %{_sysconfdir}/%{name}/ldap_aliases.cf %{pf_shlib_directory}/%{name}-ldap.so -%{pf_shlib_directory}/dynamicmaps.cf.d/%{name}-ldap.cf %{_mandir}/man5/ldap_table.5%{?ext_man} %endif +%if %{with lmdb} +%files lmdb +%{pf_shlib_directory}/%{name}-lmdb.so +%{_mandir}/man5/lmdb_table.5%{?ext_man} +%endif + %changelog diff --git a/pre_checkin.sh b/pre_checkin.sh deleted file mode 100644 index 5be1a61..0000000 --- a/pre_checkin.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -echo -n "Generating postfix-bdb " - -cp postfix.changes postfix-bdb.changes -VERSION=$(awk '/^Version/ {print $2; exit;} {next;};' < postfix.spec) -perl -pi -e "s/^Version:.*/Version: $VERSION/" postfix-bdb.spec -echo "Done." diff --git a/set-default-db-type.patch b/set-default-db-type.patch deleted file mode 100644 index e87ff18..0000000 --- a/set-default-db-type.patch +++ /dev/null @@ -1,179 +0,0 @@ ---- src/util/sys_defs.h.orig 2021-01-04 13:12:06.272285413 +0100 -+++ src/util/sys_defs.h 2021-01-04 13:12:38.412720371 +0100 -@@ -51,7 +51,7 @@ - #define HAS_FSYNC - #define HAS_DB - #define HAS_SA_LEN --#define NATIVE_DB_TYPE "hash" -+#define NATIVE_DB_TYPE "lmdb" - #if (defined(__NetBSD_Version__) && __NetBSD_Version__ >= 104250000) - #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/mail/aliases" /* sendmail 8.10 */ - #endif -@@ -232,7 +232,7 @@ - #define HAS_FSYNC - #define HAS_DB - #define HAS_SA_LEN --#define NATIVE_DB_TYPE "hash" -+#define NATIVE_DB_TYPE "lmdb" - #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" - #define GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *) 0) - #define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin" -@@ -289,7 +289,7 @@ - #define HAS_FSYNC - /* might be set by makedef */ - #ifdef HAS_DB --#define NATIVE_DB_TYPE "hash" -+#define NATIVE_DB_TYPE "lmdb" - #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" - #else - #define HAS_DBM -@@ -761,7 +761,7 @@ - #define DEF_MAILBOX_LOCK "fcntl, dotlock" /* RedHat >= 4.x */ - #define HAS_FSYNC - #define HAS_DB --#define NATIVE_DB_TYPE "hash" -+#define NATIVE_DB_TYPE "lmdb" - #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" - #ifndef NO_NIS - #define HAS_NIS -@@ -841,7 +841,7 @@ - #define DEF_MAILBOX_LOCK "dotlock" /* verified RedHat 3.03 */ - #define HAS_FSYNC - #define HAS_DB --#define NATIVE_DB_TYPE "hash" -+#define NATIVE_DB_TYPE "lmdb" - #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" - #ifndef NO_NIS - #define HAS_NIS -@@ -874,7 +874,7 @@ - #define DEF_MAILBOX_LOCK "fcntl, dotlock" /* RedHat >= 4.x */ - #define HAS_FSYNC - #define HAS_DB --#define NATIVE_DB_TYPE "hash" -+#define NATIVE_DB_TYPE "lmdb" - #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" - #ifndef NO_NIS - #define HAS_NIS -@@ -1199,7 +1199,7 @@ - #define INTERNAL_LOCK MYFLOCK_STYLE_FCNTL - #define DEF_MAILBOX_LOCK "fcntl, dotlock" - #define HAS_FSYNC --#define NATIVE_DB_TYPE "hash" -+#define NATIVE_DB_TYPE "lmdb" - #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" - /* Uncomment the following line if you have NIS package installed */ - /* #define HAS_NIS */ ---- src/global/mail_params.h.orig 2020-05-09 17:51:27.000000000 +0200 -+++ src/global/mail_params.h 2020-12-25 21:04:11.428544623 +0100 -@@ -2826,7 +2826,7 @@ extern int var_vrfy_pend_limit; - extern char *var_verify_service; - - #define VAR_VERIFY_MAP "address_verify_map" --#define DEF_VERIFY_MAP "btree:$data_directory/verify_cache" -+#define DEF_VERIFY_MAP "lmdb:$data_directory/verify_cache" - extern char *var_verify_map; - - #define VAR_VERIFY_POS_EXP "address_verify_positive_expire_time" -@@ -3594,7 +3594,7 @@ extern char *var_multi_cntrl_cmds; - * postscreen(8) - */ - #define VAR_PSC_CACHE_MAP "postscreen_cache_map" --#define DEF_PSC_CACHE_MAP "btree:$data_directory/postscreen_cache" -+#define DEF_PSC_CACHE_MAP "lmdb:$data_directory/postscreen_cache" - extern char *var_psc_cache_map; - - #define VAR_SMTPD_SERVICE "smtpd_service_name" ---- man/man1/postmap.1.orig 2021-01-05 10:57:44.915488687 +0100 -+++ man/man1/postmap.1 2021-01-05 11:10:12.377571721 +0100 -@@ -63,7 +63,7 @@ - By default the lookup key is mapped to lowercase to make - the lookups case insensitive; as of Postfix 2.3 this case - folding happens only with tables whose lookup keys are --fixed\-case strings such as btree:, dbm: or hash:. With -+fixed\-case strings such as dbm:. With - earlier versions, the lookup key is folded even with tables - where a lookup field can match both upper and lower case - text, such as regexp: and pcre:. This resulted in loss of -@@ -210,9 +210,9 @@ - The \fBpostmap\fR(1) command can query any supported file type, - but it can create only the following file types: - .RS --.IP \fBbtree\fR --The output file is a btree file, named \fIfile_name\fB.db\fR. --This is available on systems with support for \fBdb\fR databases. -+.IP \fBlmdb\fR -+The output file is a lmdb file, named \fIfile_name\fB.lmdb\fR. -+This is available on systems with support for \fBlmdb\fR databases. - .IP \fBcdb\fR - The output consists of one file, named \fIfile_name\fB.cdb\fR. - This is available on systems with support for \fBcdb\fR databases. -@@ -220,9 +220,6 @@ - The output consists of two files, named \fIfile_name\fB.pag\fR and - \fIfile_name\fB.dir\fR. - This is available on systems with support for \fBdbm\fR databases. --.IP \fBhash\fR --The output file is a hashed file, named \fIfile_name\fB.db\fR. --This is available on systems with support for \fBdb\fR databases. - .IP \fBfail\fR - A table that reliably fails all requests. The lookup table - name is used for logging only. This table exists to simplify -@@ -267,12 +264,6 @@ - this program. - The text below provides only a parameter summary. See - \fBpostconf\fR(5) for more details including examples. --.IP "\fBberkeley_db_create_buffer_size (16777216)\fR" --The per\-table I/O buffer size for programs that create Berkeley DB --hash or btree tables. --.IP "\fBberkeley_db_read_buffer_size (131072)\fR" --The per\-table I/O buffer size for programs that read Berkeley DB --hash or btree tables. - .IP "\fBconfig_directory (see 'postconf -d' output)\fR" - The default location of the Postfix main.cf and master.cf - configuration files. ---- man/man1/postalias.1.orig 2021-01-05 10:58:04.579753235 +0100 -+++ man/man1/postalias.1 2021-01-05 11:08:10.135919006 +0100 -@@ -34,7 +34,7 @@ - By default the lookup key is mapped to lowercase to make - the lookups case insensitive; as of Postfix 2.3 this case - folding happens only with tables whose lookup keys are --fixed\-case strings such as btree:, dbm: or hash:. With -+fixed\-case strings such as dbm:. With - earlier versions, the lookup key is folded even with tables - where a lookup field can match both upper and lower case - text, such as regexp: and pcre:. This resulted in loss of -@@ -122,9 +122,9 @@ - The \fBpostalias\fR(1) command can query any supported file type, - but it can create only the following file types: - .RS --.IP \fBbtree\fR --The output is a btree file, named \fIfile_name\fB.db\fR. --This is available on systems with support for \fBdb\fR databases. -+.IP \fBlmdb\fR -+The output is a lmdb file, named \fIfile_name\fB.lmdb\fR. -+This is available on systems with support for \fBlmdb\fR databases. - .IP \fBcdb\fR - The output is one file named \fIfile_name\fB.cdb\fR. - This is available on systems with support for \fBcdb\fR databases. -@@ -132,9 +132,6 @@ - The output consists of two files, named \fIfile_name\fB.pag\fR and - \fIfile_name\fB.dir\fR. - This is available on systems with support for \fBdbm\fR databases. --.IP \fBhash\fR --The output is a hashed file, named \fIfile_name\fB.db\fR. --This is available on systems with support for \fBdb\fR databases. - .IP \fBfail\fR - A table that reliably fails all requests. The lookup table - name is used for logging only. This table exists to simplify -@@ -187,12 +184,6 @@ - .IP "\fBconfig_directory (see 'postconf -d' output)\fR" - The default location of the Postfix main.cf and master.cf - configuration files. --.IP "\fBberkeley_db_create_buffer_size (16777216)\fR" --The per\-table I/O buffer size for programs that create Berkeley DB --hash or btree tables. --.IP "\fBberkeley_db_read_buffer_size (131072)\fR" --The per\-table I/O buffer size for programs that read Berkeley DB --hash or btree tables. - .IP "\fBdefault_database_type (see 'postconf -d' output)\fR" - The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1) - and \fBpostmap\fR(1) commands.