From 9feb64fd6d8db7e241c13371357e34cda4c6bcc94352d908ed9ca33073eb2784 Mon Sep 17 00:00:00 2001 From: Peter Varkoly Date: Thu, 24 Dec 2020 07:17:02 +0000 Subject: [PATCH] - bsc#1176650 L3: What is regularly triggering the "fillup" command and changing modify-time of /etc/sysconfig/postfix? o Remove miss placed fillup_only call from %verifyscript - Remove Berkeley DB dependency (JIRA#SLE-12191) The pacakges postfix is build without Berkely DB support. lmdb will be used instead of BDB. The pacakges postfix-bdb is build with Berkely DB support. o add patch for main.cf for postfix-bdb package postfix-bdb-main.cf.patch - bsc#1176650 L3: What is regularly triggering the "fillup" command and changing modify-time of /etc/sysconfig/postfix? o Remove miss placed fillup_only call from %verifyscript - Remove Berkeley DB dependency (JIRA#SLE-12191) The pacakges postfix is build without Berkely DB support. lmdb will be used instead of BDB. The pacakges postfix-bdb is build with Berkely DB support. o add patch for main.cf for postfix-bdb package postfix-bdb-main.cf.patch - Update to 3.5.8 * The Postfix SMTP client inserted into message headers longer than $line_length_limit (default: 2048), causing all subsequent header content to become message body content. * The postscreen daemon did not save a copy of the postscreen_dnsbl_reply_map lookup result. This has no effect when the recommended texthash: look table is used, but it could result in stale data with other lookup tables. OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=393 --- convert-bdb-to-lmdb.sh | 18 + postfix-bdb-main.cf.patch | 153 ++ postfix-bdb.changes | 5053 +++++++++++++++++++++++++++++++++++++ postfix-bdb.spec | 544 ++++ postfix-main.cf.patch | 60 +- postfix.changes | 17 + postfix.spec | 44 +- pre_checkin.sh | 8 + 8 files changed, 5858 insertions(+), 39 deletions(-) create mode 100644 convert-bdb-to-lmdb.sh create mode 100644 postfix-bdb-main.cf.patch create mode 100644 postfix-bdb.changes create mode 100644 postfix-bdb.spec create mode 100644 pre_checkin.sh diff --git a/convert-bdb-to-lmdb.sh b/convert-bdb-to-lmdb.sh new file mode 100644 index 0000000..4896a6d --- /dev/null +++ b/convert-bdb-to-lmdb.sh @@ -0,0 +1,18 @@ +#!/bin/bash +sed -i 's/hash:/lmdb:/g' /etc/postfix/main.cf +for i in $( find /etc/postfix/ -name "*.db" ) +do + j=$( echo $i | sed 's/.db$//' ) + postmap $j + mv $i $i-back +done +for i in $( find /etc/aliases.d/ -name "*.db" ) +do + j=$( echo $i | sed 's/.db$//' ) + postalias $j + mv $i $i-back +done +if [ -e /etc/aliases.db ]; then + mv /etc/aliases.db /etc/aliases.db-back + postalias /etc/aliases +fi diff --git a/postfix-bdb-main.cf.patch b/postfix-bdb-main.cf.patch new file mode 100644 index 0000000..dad7975 --- /dev/null +++ b/postfix-bdb-main.cf.patch @@ -0,0 +1,153 @@ +Index: conf/main.cf +=================================================================== +--- conf/main.cf.orig ++++ conf/main.cf +@@ -567,6 +567,7 @@ unknown_local_recipient_reject_code = 55 + # + #smtpd_banner = $myhostname ESMTP $mail_name + #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) ++smtpd_banner = $myhostname ESMTP + + # PARALLEL DELIVERY TO THE SAME DESTINATION + # +@@ -673,4 +674,140 @@ sample_directory = + # readme_directory: The location of the Postfix README files. + # + readme_directory = ++ ++############################################################ ++# ++# before changing values manually consider editing ++# /etc/sysconfig/postfix ++# and run ++# config.postfix ++# ++# if you miss a feature of config.postfix then just send a ++# mail to chris@computersalat.de ++# patches for new feature(s) are also welcome :) ++# ++############################################################ ++ ++biff = no ++content_filter = ++delay_warning_time = 0h ++disable_dns_lookups = no ++disable_mime_output_conversion = no ++disable_vrfy_command = yes ++inet_interfaces = all + inet_protocols = ipv4 ++masquerade_classes = envelope_sender, header_sender, header_recipient ++masquerade_domains = ++masquerade_exceptions = ++mydestination = $myhostname, localhost.$mydomain ++myhostname = localhost ++mynetworks_style = subnet ++relayhost = ++ ++alias_maps = ++canonical_maps = ++relocated_maps = ++sender_canonical_maps = ++transport_maps = ++mail_spool_directory = /var/mail ++message_strip_characters = ++defer_transports = ++mailbox_command = ++mailbox_transport = ++mailbox_size_limit = 0 ++message_size_limit = 0 ++strict_8bitmime = no ++strict_rfc821_envelopes = no ++smtpd_delay_reject = yes ++smtpd_helo_required = no ++ ++smtpd_client_restrictions = ++ ++smtpd_helo_restrictions = ++ ++smtpd_sender_restrictions = ++ ++smtpd_recipient_restrictions = ++ ++ ++############################################################ ++# SASL stuff ++############################################################ ++smtp_sasl_auth_enable = no ++smtp_sasl_security_options = ++smtp_sasl_password_maps = ++smtpd_sasl_auth_enable = no ++# cyrus : smtpd_sasl_type = cyrus ++# smtpd_sasl_path = smtpd ++# dovecot : smtpd_sasl_type = dovecot ++# smtpd_sasl_path = private/auth ++smtpd_sasl_type = cyrus ++smtpd_sasl_path = smtpd ++############################################################ ++# TLS stuff ++############################################################ ++#tls_append_default_CA = no ++relay_clientcerts = ++#tls_random_source = dev:/dev/urandom ++ ++smtp_use_tls = no ++#smtp_tls_loglevel = 0 ++smtp_enforce_tls = no ++smtp_tls_CAfile = ++smtp_tls_CApath = ++smtp_tls_cert_file = ++smtp_tls_key_file = ++#smtp_tls_policy_maps = hash:/etc/postfix/tls_policy ++#smtp_tls_session_cache_timeout = 3600s ++smtp_tls_session_cache_database = ++ ++smtpd_use_tls = no ++#smtpd_tls_loglevel = 0 ++smtpd_tls_CAfile = ++smtpd_tls_CApath = ++smtpd_tls_cert_file = ++smtpd_tls_key_file = ++smtpd_tls_ask_ccert = no ++smtpd_tls_exclude_ciphers = RC4 ++smtpd_tls_received_header = no ++############################################################ ++# Start MySQL from postfixwiki.org ++############################################################ ++relay_domains = $mydestination, hash:/etc/postfix/relay ++#virtual_alias_domains = ++#virtual_alias_maps = hash:/etc/postfix/virtual ++#virtual_uid_maps = static:303 ++#virtual_gid_maps = static:303 ++#virtual_minimum_uid = 303 ++#virtual_mailbox_base = /srv/maildirs ++#virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf ++#virtual_mailbox_limit = 0 ++#virtual_mailbox_limit_inbox = no ++#virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf ++## For dovecot LMTP replace 'virtual' with 'lmtp:unix:private/dovecot-lmtp' ++#virtual_transport = virtual ++## Additional for quota support ++#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf ++#virtual_mailbox_limit_override = yes ++### Needs Maildir++ compatible IMAP servers, like Courier-IMAP ++#virtual_maildir_filter = yes ++#virtual_maildir_filter_maps = hash:/etc/postfix/vfilter ++#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later. ++#virtual_maildir_limit_message_maps = hash:/etc/postfix/vmsg ++#virtual_overquota_bounce = yes ++#virtual_trash_count = yes ++#virtual_trash_name = ".Trash" ++############################################################ ++# End MySQL from postfixwiki.org ++############################################################ ++# Rewrite reject codes ++############################################################ ++#unknown_address_reject_code = 550 ++#unknown_client_reject_code = 550 ++#unknown_hostname_reject_code = 550 ++#unverified_recipient_reject_code = 550 ++#soft_bounce = yes ++############################################################ ++#debug_peer_list = example.com ++#debug_peer_level = 3 ++ diff --git a/postfix-bdb.changes b/postfix-bdb.changes new file mode 100644 index 0000000..d473aae --- /dev/null +++ b/postfix-bdb.changes @@ -0,0 +1,5053 @@ +------------------------------------------------------------------- +Tue Dec 8 13:36:35 UTC 2020 - Peter Varkoly + +- bsc#1176650 L3: What is regularly triggering the "fillup" + command and changing modify-time of /etc/sysconfig/postfix? + o Remove miss placed fillup_only call from %verifyscript + +------------------------------------------------------------------- +Thu Nov 26 15:30:10 UTC 2020 - Peter Varkoly + +- Remove Berkeley DB dependency (JIRA#SLE-12191) + The pacakges postfix is build without Berkely DB support. + lmdb will be used instead of BDB. + The pacakges postfix-bdb is build with Berkely DB support. + o add patch for main.cf for postfix-bdb package + postfix-bdb-main.cf.patch + +------------------------------------------------------------------- +Sun Nov 8 20:59:23 UTC 2020 - Michael Ströder + +- Update to 3.5.8 + * The Postfix SMTP client inserted into message headers longer + than $line_length_limit (default: 2048), causing all subsequent header + content to become message body content. + * The postscreen daemon did not save a copy of the + postscreen_dnsbl_reply_map lookup result. This has no effect when the + recommended texthash: look table is used, but it could result in stale + data with other lookup tables. + * After deleting a recipient with a Milter, the Postfix recipient + duplicate filter was not updated; the filter suppressed requests + to add the recipient back. + * Memory leak: the static: maps did not free their casefolding buffer. + * With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a + TLS handshake, after processing an XCLIENT command. + * The smtp_sasl_mechanism_filter implementation ignored table lookup + errors, treating them as 'not found'. + * The code that looks for Delivered-To: headers ignored headers longer + than $line_length_limit (default: 2048). + +------------------------------------------------------------------- +Mon Aug 31 13:38:04 UTC 2020 - Michael Ströder + +- Update to 3.5.7 + * Fixed random certificate verification failures with + "smtp_tls_connection_reuse = yes", because tlsproxy(8) was using + the wrong global TLS context for connections that use DANE or + non-DANE trust anchors. + +------------------------------------------------------------------- +Tue Aug 25 13:54:40 UTC 2020 - Thorsten Kukuk + +- Move ldap into an own sub-package like all other databases +- Move manual pages to correct sub-package + +------------------------------------------------------------------- +Fri Aug 21 08:44:22 UTC 2020 - Thorsten Kukuk + +- Use sysusers.d to create system accounts +- Remove wrong %config for systemd directory content + +------------------------------------------------------------------- +Sun Aug 9 06:55:01 UTC 2020 - Arjen de Korte + +- Use the correct signature file for source verification +- Rename postfix-3.5.6.tar.gz.sig to postfix-3.5.6.tar.gz.asc (to + prevent confusion, as the signature file from upstream with .sig + extension is incompatible with the build service) + +------------------------------------------------------------------- +Sun Jul 26 21:22:39 UTC 2020 - Michael Ströder + +- Update to 3.5.6 with following fixes: + * Workaround for unexpected TLS interoperability problems when Postfix + runs on OS distributions with system-wide OpenSSL configurations. + * Memory leaks in the Postfix TLS library, the largest one + involving multiple kBytes per peer certificate. + +------------------------------------------------------------------- +Thu Jul 16 20:42:19 UTC 2020 - Arjen de Korte + +- Add source verification (add postfix.keyring) + +------------------------------------------------------------------- +Fri Jul 3 14:06:53 UTC 2020 - Thorsten Kukuk + +- Use systemd_ordering instead of systemd_require. +- Move /etc/postfix/system to /usr/lib/postfix/systemd [bsc#1173688] +- Drop /var/adm/SuSEconfig from %post, it does nothing. +- Rename postfix-SuSE to postfix-SUSE +- Delete postfix-SUSE/README.SuSE, company name spelled wrong, + completly outdated and not used. +- Delete postfix-SUSE/SPAMASSASSIN+POSTFIX.SuSE, company name + spelled wrong, outdated and not used. +- sysconfig.mail-postfix: Fix description of MAIL_CREATE_CONFIG, + SuSEconfig is gone since ages. +- update_chroot.systemd: Remove advice to run SuSEconfig. +- Remove rc.postfix, not used, outdated. +- mkpostfixcert: Remove advice to run SuSEconfig. + +------------------------------------------------------------------- +Mon Jun 29 18:44:13 UTC 2020 - Michael Ströder + +- Update to 3.5.4: + * The connection_reuse attribute in smtp_tls_policy_maps always + resulted in an "invalid attribute name" error. + * SMTP over TLS connection reuse always failed for Postfix SMTP + client configurations that specify explicit trust anchors (remote + SMTP server certificates or public keys). + * The Postfix SMTP client's DANE implementation would always send + an SNI option with the name in a destination's MX record, even + if the MX record pointed to a CNAME record. MX records that + point to CNAME records are not conformant with RFC5321, and so + are rare. + Based on the DANE survey of ~2 million hosts it was found that + with the corrected SMTP client behavior, sending SNI with the + CNAME-expanded name, the SMTP server would not send a different + certificate. This fix should therefore be safe. + +------------------------------------------------------------------- +Mon Jun 15 16:09:57 UTC 2020 - Michael Ströder + +- Update to 3.5.3: + * TLS handshake failure in the Postfix SMTP server during SNI + processing, after the server-side TLS engine sent a TLSv1.3 + HelloRetryRequest (HRR) to a remote SMTP client. + * The command "postfix tls deploy-server-cert" did not handle a + missing optional argument. This bug was introduced in Postfix + 3.1. + +------------------------------------------------------------------- +Sun May 17 19:57:57 UTC 2020 - Michael Ströder + +- Update to 3.5.2: + * A TLS error for a database client caused a false 'lost connection' + error for an SMTP over TLS session in the same Postfix process. + This bug was introduced with Postfix 2.2. + * The same bug existed in the tlsproxy(8) daemon, where a TLS + error for one TLS session could cause a false 'lost connection' + error for a concurrent TLS session in the same process. This + bug was introduced with Postfix 2.8. + * The Postfix build now disables DANE support on Linux systems + with libc-musl such as Alpine, because libc-musl provides no + indication whether DNS responses are authentic. This broke DANE + support without a clear explanation. + * Due to implementation changes in the ICU library, some Postfix + daemons reported file access errrors (U_FILE_ACCESS_ERROR) after + chroot(). This was fixed by initializing the ICU library before + making the chroot() call. + * Minor code changes to silence a compiler that special-cases + string literals. + * Segfault (null pointer) in the tlsproxy(8) client role when the + server role was disabled. This typically happened on systems + that do not receive mail, after configuring connection reuse + for outbound SMTP over TLS. + * The date portion of the maillog_file_rotate_suffix default value + used the minute (%M) instead of the month (%m). + +------------------------------------------------------------------- +Mon May 11 20:07:40 UTC 2020 - Arjen de Korte + +- boo#1106004 fix incorrect locations for files in postfix-files + +------------------------------------------------------------------- +Sun Apr 19 10:22:12 UTC 2020 - Michael Ströder + +- Dropped deprecated-RES_INSECURE1.patch to make DNSSEC-secured + lookups and DANE mail transport work again +- Update to 3.5.1: + * Support for the haproxy v2 protocol. The Postfix implementation + supports TCP over IPv4 and IPv6, as well as non-proxied + connections; the latter are typically used for heartbeat tests. + * Support to force-expire email messages. This introduces new + postsuper(1) command-line options to request expiration, and + additional information in mailq(1) or postqueue(1) output. + * The Postfix SMTP and LMTP client support a list of nexthop + destinations separated by comma or whitespace. These destinations + will be tried in the specified order. + * Incompatible changes: + * Logging: Postfix daemon processes now log the from= and to= + addresses in external (quoted) form in non-debug logging (info, + warning, etc.). This means that when an address localpart + contains spaces or other special characters, the localpart will + be quoted, for example: + from=<"name with spaces"@example.com> + Specify "info_log_address_format = internal" for backwards compatibility. + * Postfix now normalizes IP addresses received with XCLIENT, + XFORWARD, or with the HaProxy protocol, for consistency with + direct connections to Postfix. This may change the appearance + of logging, and the way that check_client_access will match + subnets of an IPv6 address. + +------------------------------------------------------------------- +Fri Mar 13 14:29:32 UTC 2020 - Michael Ströder + +- Update to 3.4.10: + * Bug (introduced: Postfix 2.3): Postfix Milter client state + was not properly reset after one Milter in a multi-Milter + configuration failed during MAIL FROM, resulting in a Postfix + Milter client panic during the next MAIL FROM command in the + same SMTP session. + +------------------------------------------------------------------- +Fri Feb 7 17:07:39 UTC 2020 - Peter Varkoly + +- bsc#1162891 server:mail/postfix: cond_slp bug on TW after + moving /etc/services to /usr/etc/services + +------------------------------------------------------------------- +Wed Feb 5 12:27:07 UTC 2020 - Peter Varkoly + +- bsc#1160413 postfix fails with -fno-common + +------------------------------------------------------------------- +Mon Feb 3 12:31:48 UTC 2020 - Michael Ströder + +- Update to 3.4.9: + * Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were + broken while adding support for negative DNS response caching + in postscreen. Postfix was inadvertently changed to call + res_query() instead of res_search(). + * Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro + overrides from a Milter application. Postfix now evaluates the + Milter macros for an SMTP CONNECT event after the Postfix-to-Milter + connection is negotiated. + * Bug (introduced: Postfix 3.0): sanitize (remote) server responses + before storing them in the verify database, to avoid Postfix + warnings about malformed UTF8. Found during code maintenance. + +------------------------------------------------------------------- +Wed Nov 27 19:55:30 UTC 2019 - Michael Ströder + +- Update to 3.4.8: + * Fix for an Exim interoperability problem when postscreen after-220 + checks are enabled. Bug introduced in Postfix 3.4: the code + that detected "PIPELINING after BDAT" looked at the wrong + variable. The warning now says "BDAT without valid RCPT", and + the error is no longer treated as a command PIPELINING error, + thus allowing mail to be delivered. Meanwhile, Exim has been + fixed to stop sending BDAT commands when postscreen rejects all + RCPT commands. + * Usability bug, introduced in Postfix 3.4: the parser for + key/certificate chain files rejected inputs that contain an EC + PARAMETERS object. While this is technically correct (the + documentation says what types are allowed) this is surprising + behavior because the legacy cert/key parameters will accept + such inputs. For now, the parser skips object types that it + does not know about for usability, and logs a warning because + ignoring inputs is not kosher. + * Bug introduced in Postfix 2.8: don't gratuitously enable all + after-220 tests when only one such test is enabled. This made + selective tests impossible with 'good' clients. This will be + fixed in older Postfix versions at some later time. + +------------------------------------------------------------------- +Tue Sep 24 07:59:04 UTC 2019 - Martin Liška + +- Backport deprecated-RES_INSECURE1.patch in order to fix + boo#1149705. + +------------------------------------------------------------------- +Sun Sep 22 16:45:39 UTC 2019 - Michael Ströder + +- Update to 3.4.7: + * Robustness: the tlsproxy(8) daemon could go into a loop, logging + a flood of error messages. Problem reported by Andreas Schulze + after enabling SMTP/TLS connection reuse. + * Workaround: OpenSSL changed an SSL_Shutdown() non-error result + value into an error result value, causing logfile noise. + * Configuration: the new 'TLS fast shutdown' parameter name was + implemented incorrectly. The documentation said + "tls_fast_shutdown_enable", but the code said "tls_fast_shutdown". + This was fixed by changing the code, because no-one is expected + to override the default. + * Performance: workaround for poor TCP loopback performance on + LINUX, where getsockopt(..., TCP_MAXSEG, ...) reports a bogus + TCP maximal segment size that is 1/2 to 1/3 of the real MSS. + To avoid client-side Nagle delays or server-side delayed ACKs + caused by multiple smaller-than-MSS writes, Postfix chooses a + VSTREAM buffer size that is a small multiple of the reported + bogus MSS. This workaround increases the multiplier from 2x to + 4x. + * Robustness: the Postfix Dovecot client could segfault (null + pointer read) or cause an SMTP server assertion to fail when + talking to a fake Dovecot server. The Postfix Dovecot client + now logs a proper error instead. + +------------------------------------------------------------------- +Thu Sep 19 06:20:48 UTC 2019 - Peter Varkoly + +- bsc#1120757 L3: File Permissions->Paranoid can cause a system hang + Break loop if postfix has no permission in spool directory. + - add postfix-avoid-infinit-loop-if-no-permission.patch + +------------------------------------------------------------------- +Fri Aug 9 14:50:12 UTC 2019 - chris@computersalat.de + +- fix for boo#1144946 + mydestination - missing default localhost + * update config.postfix + +------------------------------------------------------------------- +Fri Jul 26 08:26:07 UTC 2019 - Peter Varkoly + +- bsc#1142881 - mkpostfixcert from Postfix still uses md + +------------------------------------------------------------------- +Thu Jul 25 12:38:43 UTC 2019 - matthias.gerstner@suse.com + +- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by + firewalld, see [1]. + + [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html + +------------------------------------------------------------------- +Sun Jul 21 23:54:34 UTC 2019 - chris@computersalat.de + +- update example POSTFIX_BASIC_SPAM_PREVENTION: permit_mynetworks for + * POSTFIX_SMTPD_HELO_RESTRICTIONS + * POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS +- fix for: Can't connect to local MySQL server through socket + '/run/mysql/mysql.sock' + * update config.postfix + * update update_chroot.systemd + +------------------------------------------------------------------- +Wed Jul 3 08:43:58 UTC 2019 - Michael Ströder + +- Update to 3.4.6: + * Workaround for implementations that hang Postfix while shutting + down a TLS session, until Postfix times out. With + "tls_fast_shutdown_enable = yes" (the default), Postfix no + longer waits for the TLS peer to respond to a TLS 'close' + request. This is recommended with TLSv1.0 and later. + * Fixed a too-strict censoring filter that broke multiline Milter + responses for header/body events. Problem report by Andreas + Thienemann. + * The code to reset Postfix SMTP server command counts was not + called after a HaProxy handshake failure, causing stale numbers + to be reported. Problem report by Joseph Ward. + * postconf(5) documentation: tlsext_padding is not a tls_ssl_options + feature. + * smtp(8) documentation: updated the BUGS section text about + Postfix support to reuse open TLS connections. + * Portability: added "#undef sun" to util/unix_dgram_connect.c. + +------------------------------------------------------------------- +Wed Jun 26 13:52:30 UTC 2019 - Peter Varkoly + +- Ensure that postfix is member of all groups as before. + +------------------------------------------------------------------- +Wed Jun 12 14:30:34 UTC 2019 - Dominique Leuenberger + +- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to + shortcut the build queues by allowing usage of systemd-mini + +------------------------------------------------------------------- +Thu Jun 6 09:29:34 UTC 2019 - Tomáš Chvátal + +- Drop the omc config fate#301838: + * it is obsolete since SLE11 + +------------------------------------------------------------------- +Wed May 8 09:27:51 UTC 2019 - Peter Varkoly + +- bsc#1104543 config.postfix does not start tlsmgr in master.cf + when using POSTFIX_SMTP_TLS_CLIENT="must". Applyed the proposed + patch. + +------------------------------------------------------------------- +Sun Mar 31 09:08:58 UTC 2019 - Michael Ströder + +- Update to 3.4.5: + Bugfix (introduced: Postfix 3.0): LMTP connections over + UNIX-domain sockets were cached but not reused, due to a + cache lookup key mismatch. Therefore, idle cached connections + could exhaust LMTP server resources, resulting in two-second + pauses between email deliveries. This problem was investigated + by Juliana Rodrigueiro. File: smtp/smtp_connect.c. + +------------------------------------------------------------------- +Mon Mar 18 09:56:11 UTC 2019 - Peter Varkoly + +- Update to 3.4.4 + + o Incompatible changes + - The Postfix SMTP server announces CHUNKING (BDAT + command) by default. In the unlikely case that this breaks some + important remote SMTP client, disable the feature as follows: + + /etc/postfix/main.cf: + # The logging alternative: + smtpd_discard_ehlo_keywords = chunking + # The non-logging alternative: + smtpd_discard_ehlo_keywords = chunking, silent_discard + - This introduces a new master.cf service 'postlog' + with type 'unix-dgram' that is used by the new postlogd(8) daemon. + Before backing out to an older Postfix version, edit the master.cf + file and remove the postlog entry. + - Postfix 3.4 drops support for OpenSSL 1.0.1 + - To avoid performance loss under load, the + tlsproxy(8) daemon now requires a zero process limit in master.cf + (this setting is provided with the default master.cf file). By + default, a tlsproxy(8) process will retire after several hours. + - To set the tlsproxy process limit to zero: + postconf -F tlsproxy/unix/process_limit=0 + postfix reload + o Major changes + - Postfix SMTP server support for RFC 3030 CHUNKING + (the BDAT command) without BINARYMIME, in both smtpd(8) and + postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions, + and smtpd_proxy_filter. See BDAT_README for more. + - Support for logging to file or stdout, instead of using syslog. + - Logging to file solves a usability problem for MacOS, and + eliminates multiple problems with systemd-based systems. + - Logging to stdout is useful when Postfix runs in a container, as + it eliminates a syslogd dependency. + - Better handling of undocumented(!) Linux behavior + whether or not signals are delivered to a PID=1 process. + - Support for (key, list of filenames) in map source text. + Currently, this feature is used only by tls_server_sni_maps. + - Automatic retirement: dnsblog(8) and tlsproxy(8) process + will now voluntarily retire after after max_idle*max_use, or some + sane limit if either limit is disabled. Without this, a process + could stay busy for days or more. + - Postfix SMTP client support for multiple deliveries + per TLS-encrypted connection. This is primarily to improve mail + delivery performance for destinations that throttle clients when + they don't combine deliveries. + This feature is enabled with "smtp_tls_connection_reuse=yes" in + main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps. + It supports all Postfix TLS security levels including dane and + dane-only. + - SNI support in the Postfix SMTP server, the + Postfix SMTP client, and in the tlsproxy(8) daemon (both server and + client roles). See the postconf(5) documentation for the new + tls_server_sni_maps and smtp_tls_servername parameters. + - Support for files that contain multiple (key, certificate, trust chain) + instances. This was required to implement + server-side SNI table lookups, but it also eliminates the need for + separate cert/key files for RSA, DSA, Elliptic Curve, and so on. + - Support for smtpd_reject_footer_maps (as well as the postscreen + variant postscreen_reject_footer_maps) for more informative reject + messages. This is indexed with the Postfix SMTP server response + text, and overrides the footer specified with smtpd_reject_footer. + One will want to use a pcre: or regexp: map with this. + o Bugfixes + - Andreas Schulze discovered that reject_multi_recipient_bounce + was producing false rejects with BDAT commands. This problem + already existed with Postfix 2.2 smtpd_end_of_data_restrictons. + Postfix 3.4.4 fixes both. + +------------------------------------------------------------------- +Tue Mar 5 13:21:35 UTC 2019 - Jiri Slaby + +- postfix-linux45.patch: support also newer kernels -- pretend + we are still at kernel 3. Note that there are no conditionals for + LINUX3 or LINUX4. And LINUX5 was generated, but not tested in the + code which caused build failures. + +------------------------------------------------------------------- +Mon Mar 4 14:43:05 UTC 2019 - Marcus Rueckert + +- skip set -x and fix version update changes entry + +------------------------------------------------------------------- +Sat Mar 2 19:26:21 UTC 2019 - Michael Ströder + +- Update to 3.3.3 + * When the master daemon runs with PID=1 (init mode), it will now + reap child processes from non-Postfix code running in the same + container, instead of terminating with a panic. + * Bugfix (introduced: postfix-2.11): with posttls-finger, + connections to unix-domain servers always resulted in "Failed + to establish session" even after a connection was established. + Jaroslav Skarva. File: posttls-finger/posttls-finger.c. + * Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes, + table lookups could casefold the search string when searching + a lookup table that does not use fixed-string keys (regexp, + pcre, tcp, etc.). Historically, Postfix would not case-fold + the search string with such tables. File: util/dict_utf8.c. + +------------------------------------------------------------------- +Fri Mar 1 16:23:13 UTC 2019 - Reinhard Max + +- PostrgeSQL's pg_config is meant for linking server extensions, + use libpq's pkg-config instead, if available. + This is needed to fix build with PostgreSQL 11. + +------------------------------------------------------------------- +Thu Feb 7 18:22:14 UTC 2019 - chris@computersalat.de + +- rework config.postfix + * disable commenting of smtpd_sasl_path/smtpd_sasl_type + no need to comment, cause it is set to default anyway + and 'uncommenting' would place it at end of file then + which is not wanted + +------------------------------------------------------------------- +Sat Jan 26 19:28:02 UTC 2019 - chris@computersalat.de + +- rework postfix-main.cf.patch + * disable virtual_alias_domains cause (default: $virtual_alias_maps) +- rework config.postfix + * disable PCONF of virtual_alias_domains + virtual_alias_maps will be set anyway to the correct value + * extend virtual_alias_maps with + - mysql_virtual_alias_domain_maps.cf + - mysql_virtual_alias_domain_catchall_maps.cf +- rework postfix-mysql, added + * mysql_virtual_alias_domain_maps.cf + * mysql_virtual_alias_domain_catchall_maps.cf + needed for reject_unverified_recipient + +------------------------------------------------------------------- +Thu Dec 13 10:20:31 UTC 2018 - malte.kraus@suse.com + +- binary hardening: link with full RELRO + +------------------------------------------------------------------- +Sun Nov 25 10:18:07 UTC 2018 - Michael Ströder + +- Update to 3.3.2 + * Support for OpenSSL 1.1.1 and TLSv1.3. + * Bugfixes: + - smtpd_discard_ehlo_keywords could not disable "SMTPUTF8", because + some lookup table was using "EHLO_MASK_SMTPUTF8" instead. + - minor memory leak in DANE support when minting issuer certs. + - The Postfix build did not abort if the m4 command was not installed, + resulting in a broken postconf command. + +------------------------------------------------------------------- +Sat Nov 24 17:08:30 UTC 2018 - chris@computersalat.de + +- add POSTFIX_RELAY_DOMAINS + * more flexibility to add to relay_domains without breaking + config.postfix + * rework restriction examples in sysconf.postfix + based on postfix-buch.com (2. edtion by Hildebrandt, Koetter) +- disable weak cipher: RC4 + after check with https://ssl-tools.net/mailservers + +------------------------------------------------------------------- +Mon Oct 22 13:00:03 UTC 2018 - chris@computersalat.de + +- update config.postfix + * don't reject mail from authenticated users even if + reject_unknown_client_hostname would match, + add permit_sasl_authenticated to all restrictions + requires smtpd_delay_reject = yes +- update postfix-main.cf.patch + * recover removed setting smtpd_sasl_path and smtpd_sasl_type, + set to default value + config.postfix will not 'enable' (remove #) var, but place + modified (enabled) var at end of file, far away from place + where it should be +- rebase patches + * fix-postfix-script.patch + * postfix-vda-v14-3.0.3.patch + * postfix-linux45.patch + * postfix-master.cf.patch + * pointer_to_literals.patch + * postfix-no-md5.patch + +------------------------------------------------------------------- +Thu Oct 4 12:51:32 UTC 2018 - varkoly@suse.com + +- bsc#1092939 - Postfixes postconf gives a lot of LDAP related warnings + o add m4 as buildrequires, as proposed. + +------------------------------------------------------------------- +Mon Aug 27 09:38:29 UTC 2018 - tchvatal@suse.com + +- Add zlib-devel as buildrequires, previously included from + openssl-devel + +------------------------------------------------------------------- +Fri May 25 11:19:22 UTC 2018 - varkoly@suse.com + +- bsc#1087471 Unreleased Postfix update breaks SUSE Manager + o Removing setting smtpd_sasl_path and smtpd_sasl_type to empty + +------------------------------------------------------------------- +Mon May 21 16:31:57 UTC 2018 - michael@stroeder.com + +- Update to 3.3.1 + * Postfix did not support running as a PID=1 process, which + complicated Postfix deployment in containers. The "postfix + start-fg" command will now run the Postfix master daemon as a + PID=1 process if possible. Thanks for inputs from Andreas + Schulze, Eray Aslan, and Viktor Dukhovni. + * Segfault in the postconf(1) command after it could not open a + Postfix database configuration file due to a file permission + error (dereferencing a null pointer). Reported by Andreas + Hasenack, fixed by Viktor Dukhovni. + * The luser_relay feature became a black hole, when the luser_relay + parameter was set to a non-existent local address (i.e. mail + disappeared silently). Reported by J?rgen Thomsen. + * Missing error propagation in the tlsproxy(8) daemon could result + in a segfault after TLS handshake error (dereferencing a + 0xffff...ffff pointer). This daemon handles the TLS protocol + when a non-whitelisted client sends a STARTTLS command to + postscreen(8). + +------------------------------------------------------------------- +Wed May 9 09:02:12 UTC 2018 - lnussel@suse.de + +- remove pre-requirements on sysvinit(network) and sysvinit(syslog). + There seems to be no good reason for that other than blowing up + the dependencies (bsc#1092408). + +------------------------------------------------------------------- +Mon Apr 9 09:32:56 UTC 2018 - adam.majer@suse.de + +- bsc#1071807 postfix-SuSE/config.postfix: only reload postfix + if the actual service is running. This prevents spurious + and irrelevant error messages in system logs. + +------------------------------------------------------------------- +Thu Mar 22 14:20:20 UTC 2018 - varkoly@suse.com + +- bsc#1082514 autoyast: postfix gets not set myhostname properly - + set to localhost + +------------------------------------------------------------------- +Mon Mar 12 13:43:43 UTC 2018 - ilya@ilya.pp.ua + +- Refresh spec-file via spec-cleaner and manual optinizations. + * Add %license macro. + * Set license to IPL-1.0 OR EPL-2.0. +- Update to 3.3.0 + * http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.0.RELEASE_NOTES + * Dual license: in addition to the historical IBM Public License + 1.0, Postfix is now also distributed with the more recent Eclipse + Public License 2.0. Recipients can choose to take the software + under the license of their choice. Those who are more comfortable + with the IPL can continue with that license. + * The postconf command now warns about unknown parameter names + in a Postfix database configuration file. As with other unknown + parameter names, these warnings can help to find typos early. + * Container support: Postfix 3.3 will run in the foreground with + "postfix start-fg". This requires that Postfix multi-instance + support is disabled (the default). To collect Postfix syslog + information on the container's host, mount the host's /dev/log + socket into the container, for example with "docker run -v + /dev/log:/dev/log ...other options...", and specify a distinct + Postfix syslog_name setting in the container (for example with + "postconf syslog_name=the-name-here"). + * Milter support: applications can now send RET and ENVID parameters + in SMFIR_CHGFROM (change envelope sender) requests. + * Postfix-generated From: headers with 'full name' information + are now formatted as "From: name
" by default. Specify + "header_from_format = obsolete" to get the earlier form "From: + address (name)". + * Interoperability: when Postfix IPv6 and IPv4 support are both + enabled, the Postfix SMTP client will now relax MX preferences + and attempt to schedule similar numbers of IPv4 and IPv6 + addresses. This works around mail delivery problems when a + destination announces lots of primary MX addresses on IPv6, but + is reachable only over IPv4 (or vice versa). The new behavior + is controlled with the smtp_balance_mx_inet_protocols parameter. + * Compatibility safety net: with compatibility_level < 1, the + Postfix SMTP server now warns for mail that would be blocked + by the Postfix 2.10 smtpd_relay_restrictions feature, without + blocking that mail. There still is a steady trickle of sites + that upgrade from an earlier Postfix version. + +------------------------------------------------------------------- +Tue Feb 13 10:39:37 UTC 2018 - varkoly@suse.com + +- bsc#1065411 Package postfix should require package system-user-nobody +- bsc#1080772 postfix smtpd throttle getting "hello" if no sasl auth + was configured + +------------------------------------------------------------------- +Thu Dec 7 15:02:14 UTC 2017 - dimstar@opensuse.org + +- Fix usage of fillup_only:-y is not a valid option to this macro. + +------------------------------------------------------------------- +Thu Nov 23 13:43:17 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Wed Nov 8 13:32:28 CET 2017 - kukuk@suse.de + +- Don't mark postfix.service as config file, this is no config + file. +- Some of the Requires(pre) are needed for post-install and at + runtime, fix the requires. + +------------------------------------------------------------------- +Mon Oct 30 12:12:08 UTC 2017 - michael@stroeder.com + +- update to 3.2.4 + * DANE interoperability. Postfix builds with OpenSSL 1.0.0 or + 1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS + records associated with an intermediate CA certificate. Problem + report and initial fix by Erwan Legrand. + * Missing dynamicmaps support in the Postfix sendmail command. + This broke authorized_submit_users settings that use a + dynamically-loaded map type. Problem reported by Ulrich Zehl. + +------------------------------------------------------------------- +Fri Oct 20 12:27:12 UTC 2017 - varkoly@suse.com + +- bnc#1059512 L3: Postfix Problem + The applied changes breaks existing postfix configurations because + daemon_directory was not adapted to the new value. + + +------------------------------------------------------------------- +Sun Oct 15 22:47:29 UTC 2017 - chris@computersalat.de + +- fix build for SLE + * nothing provides libnsl-devel + * add bcond_with libnsl + +------------------------------------------------------------------- +Wed Oct 4 10:58:28 UTC 2017 - varkoly@suse.com + +- bnc#1059512 L3: Postfix Problem + To manage multiple Postfix instances on a single host requires + that daemon_directory and shlib_directory is different to + avoid use of the shared directories also as per-instance directories. + For this reason daemon_directory was set to /usr/lib/postfix/bin/. + shlib_directory stands /usr/lib/postfix/. + +------------------------------------------------------------------- +Thu Sep 28 08:44:41 UTC 2017 - varkoly@suse.com + +- bnc#1016491 postfix raported to log "warning: group or other writable:" + on each symlink in config. + * Add fix-postfix-script.patch + +------------------------------------------------------------------- +Mon Sep 25 16:25:05 UTC 2017 - michael@stroeder.com + +- update to 3.2.3 + * Extension propagation was broken with "recipient_delimiter = .". + This change reverts a change that was trying to be too clever. + * The postqueue command would abort with a panic message after it + experienced an output write error while listing the mail queue. + This change restores a write error check that was lost with the + Postfix 3.2 rewrite of the vbuf_print formatter. + * Restored sanity checks for dynamically-specified width and precision + in format strings (%*, %.*, and %*.*). These checks were lost with + the Postfix 3.2 rewrite of the vbuf_print formatter. + +------------------------------------------------------------------- +Thu Aug 17 08:56:15 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Jul 27 10:31:01 UTC 2017 - varkoly@suse.com + +- bnc#1045264 L3: postmap problem + * Applying proposed patch of leen.meyer@ziggo.nl in bnc#771811 + +------------------------------------------------------------------- +Fri Jun 16 17:45:55 UTC 2017 - michael@stroeder.com + +- update to 3.2.2 + * Security: Berkeley DB versions 2 and later try to read settings + from a file DB_CONFIG in the current directory. This undocumented + feature may introduce undisclosed vulnerabilities resulting in + privilege escalation with Postfix set-gid programs (postdrop, + postqueue) before they chdir to the Postfix queue directory, + and with the postmap and postalias commands depending on whether + the user's current directory is writable by other users. This + fix does not change Postfix behavior for Berkeley DB versions + < 3, but it does reduce postmap and postalias 'create' performance + with Berkeley DB versions 3.0 .. 4.6. + * The SMTP server receive_override_options were not restored at + the end of an SMTP session, after the options were modified by + an smtpd_milter_maps setting of "DISABLE". Milter support + remained disabled for the life time of the smtpd process. + * After the Postfix 3.2 address/domain table lookup overhaul, the + check_sender_access and check_recipient_access features ignored + a non-default parent_domain_matches_subdomains setting. + +------------------------------------------------------------------- +Wed Apr 19 20:36:03 UTC 2017 - chris@computersalat.de + +- revert changes of postfix-main.cf.patch from rev=261 + * config.postfix will not 'enable' (remove #) var, but place + modified (enabled) var at end of file, far away from place + where it should be + * keep vars enabled but empty + +------------------------------------------------------------------- +Thu Apr 13 09:18:45 UTC 2017 - werner@suse.de + +- Some cleanups + * Fix SUSE postfix-files to avoid chown errors (anyway this file + seems to be obsolete) + * Avoid installing shared libraries twice + * Refresh patch postfix-linux45.patch + +------------------------------------------------------------------- +Sat Apr 8 15:06:14 UTC 2017 - chris@computersalat.de + +- update postfix-master.cf.patch + * recover lost (with 3.2.0 update) submission, smtps sections + * merge with upstream update +- update config.postfix + * update master.cf generation for submission +- rebase patches against 3.2.0 + * pointer_to_literals.patch + * postfix-no-md5.patch + * postfix-ssl-release-buffers.patch + * postfix-vda-v14-3.0.3.patch + +------------------------------------------------------------------- +Mon Mar 20 18:01:36 CET 2017 - kukuk@suse.de + +- Require system group mail +- Use mail group name instead of GID + +------------------------------------------------------------------- +Mon Mar 6 21:27:38 UTC 2017 - mrueckert@suse.de + +- update to 3.2.0 + - [Feature 20170128] Postfix 3.2 fixes the handling of address + extensions with email addresses that contain spaces. For + example, the virtual_alias_maps, canonical_maps, and + smtp_generic_maps features now correctly propagate an address + extension from "aa bb+ext"@example.com to "cc + dd+ext"@other.example, instead of producing broken output. + - [Feature 20161008] "PASS" and "STRIP" actions in + header/body_checks. "STRIP" is similar to "IGNORE" but also + logs the action, and "PASS" disables header, body, and Milter + inspection for the remainder of the message content. + Contributed by Hobbit. + - [Feature 20160330] The collate.pl script by Viktor Dukhovni for + grouping Postfix logfile records into "sessions" based on queue + ID and process ID information. It's in the auxiliary/collate + directory of the Postfix source tree. + - [Feature 20160527] Postfix 3.2 cidr tables support if/endif and + negation (by prepending ! to a pattern), just like regexp and + pcre tables. The primarily purpose is to improve readability + of complex tables. See the cidr_table(5) manpage for syntax + details. + - [Incompat 20160925] In the Postfix MySQL database client, the + default option_group value has changed to "client", to enable + reading of "client" option group settings in the MySQL options + file. This fixes a "not found" problem with Postfix queries + that contain UTF8-encoded non-ASCII text. Specify an empty + option_group value (option_group =) to get backwards-compatible + behavior. + - [Feature 20161217] Stored-procedure support for MySQL + databases. Contributed by John Fawcett. See mysql_table(5) for + instructions. + - [Feature 20170128] The postmap command, and the inline: and + texthash: maps now support spaces in left-hand field of the + lookup table "source text". Use double quotes (") around a + left-hand field that contains spaces, and use backslash (\) to + protect embedded quotes in a left-hand field. There is no + change in the processing of the right-hand field. + - [Feature 20160611] The Postfix SMTP server local IP address and + port are available in the policy delegation protocol (attribute + names: server_address, server_port), in the Milter protocol + (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT + protocol (attribute names: DESTADDR, DESTPORT). + - [Feature 20161024] smtpd_milter_maps support for per-client + Milter configuration that overrides smtpd_milters, and that has + the same syntax. A lookup result of "DISABLE" turns off Milter + support. See MILTER_README.html for details. + - [Feature 20160611] The Postfix SMTP server local IP address and + port are available in the policy delegation protocol (attribute + names: server_address, server_port), in the Milter protocol + (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT + protocol (attribute names: DESTADDR, DESTPORT). + - [Incompat 20170129] The postqueue command no longer forces all + message arrival times to be reported in UTC. To get the old + behavior, set TZ=UTC in main.cf:import_environment (this + override is not recommended, as it affects all Postfix utities + and daemons). + - [Incompat 20161227] For safety reasons, the sendmail -C option + must specify an authorized directory: the default configuration + directory, a directory that is listed in the default main.cf + file with alternate_config_directories or + multi_instance_directories, or the command must be invoked with + root privileges (UID 0 and EUID 0). This mitigates a recurring + problem with the PHP mail() function. + - [Feature 20160625] The Postfix SMTP server now passes remote + client and local server network address and port information to + the Cyrus SASL library. Build with ``make makefiles + "CCARGS=$CCARGS -DNO_IP_CYRUS_SASL_AUTH"'' for backwards + compatibility. + - [Feature 20161103] Postfix 3.2 disables the 'transitional' + compatibility between the IDNA2003 and IDNA2008 standards for + internationalized domain names (domain names beyond the limits + of US-ASCII). + + This change makes Postfix behavior consistent with contemporary + web browsers. It affects the handling of some corner cases such + as German sz and Greek zeta. See + http://unicode.org/cldr/utility/idna.jsp for more examples. + + Specify "enable_idna2003_compatibility = yes" to restore + historical behavior (but keep in mind that the rest of the + world may not make that same choice). + - [Feature 20160828] Fixes for deprecated OpenSSL 1.1.0 API + features, so that Postfix will build without depending on + backwards-compatibility support. + + [Incompat 20161204] Postfix 3.2 removes tentative features that + were implemented before the DANE spec was finalized: + + - Support for certificate usage PKIX-EE(1), + + - The ability to disable digest agility (Postfix now behaves as + if "tls_dane_digest_agility = on"), and + + - The ability to disable support for "TLSA 2 [01] [12]" records + that specify the digest of a trust anchor (Postfix now + behaves as if "tls_dane_trust_anchor_digest_enable = yes). + - [Feature 20161217] Postfix 3.2 enables elliptic curve + negotiation with OpenSSL >= 1.0.2. This changes the default + smtpd_tls_eecdh_grade setting to "auto", and introduces a new + parameter tls_eecdh_auto_curves with the names of curves that + may be negotiated. + + The default tls_eecdh_auto_curves setting is determined at + compile time, and depends on the Postfix and OpenSSL versions. + At runtime, Postfix will skip curve names that aren't supported + by the OpenSSL library. + - [Feature 20160611] The Postfix SMTP server local IP address and + port are available in the policy delegation protocol (attribute + names: server_address, server_port), in the Milter protocol + (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT + protocol (attribute names: DESTADDR, DESTPORT). +- refresh postfix-master.cf.patch + +------------------------------------------------------------------- +Mon Mar 6 14:04:13 UTC 2017 - wr@rosenauer.org + +- make sure that system users can be created in %pre + +------------------------------------------------------------------- +Sat Feb 18 14:01:35 UTC 2017 - kukuk@suse.com + +- Fix requires: + - shadow is needed for postfix-mysql pre-install section + - insserv is not needed if systemd is used + +------------------------------------------------------------------- +Sat Jan 21 23:27:34 UTC 2017 - chris@computersalat.de + +- update postfix-mysql + * update mysql_*.cf files + * update postfix-mysql.sql (INNODB, utf8) +- update postfix-main.cf.patch + * uncomment smtpd_sasl_path, smtpd_sasl_type + can be changed via POSTFIX_SMTP_AUTH_SERVICE=(cyrus,dovecot) + * add option for smtp_tls_policy_maps (commented) +- update postfix-master.cf.patch + * fix indentation of submission, smtps options for correct + enabling via config.postfix +- update config.postfix + * fix sync of CA certificates + * fix master.cf generation for submission, smtps +- rebase postfix-vda-v14-3.0.3.patch + +------------------------------------------------------------------- +Wed Jan 11 14:07:35 UTC 2017 - varkoly@suse.com + +- FATE#322322 Update postfix to version 3.X + Merging changes with SLES12-SP2 + Removeved patches: add_missed_library.patch bnc#947707.diff dynamic_maps.patch postfix-db6.diff + postfix-opensslconfig.patch bnc#947519.diff dynamic_maps_pie.patch + postfix-post-install.patch + These are included in the new version of postfix +- Remove references to SuSEconfig.postfix from sysconfig docs. + (bsc#871575) +- bnc#947519 SuSEconfig.postfix should enforce umask 022 +- bnc#947707 mail generated by Amavis being prevented from being re-adressed by /etc/postfix/virtual +- bnc#972346 /usr/sbin/SuSEconfig.postfix is wrong +- postfix-linux45.patch: handle Linux 4.x and Linux 5.x (used by aarch64) + (bsc#940289) + +------------------------------------------------------------------- +Tue Jan 3 12:20:18 UTC 2017 - varkoly@suse.com + +- update to 3.1.4 + * The postscreen daemon did not merge the client test status information + for concurrent sessions from the same IP address. + * The Postfix SMTP server falsely rejected a sender address when validating + a sender address with "smtpd_reject_unlisted_recipient = yes" or with + "reject_unlisted_sender". Cause: the address validation code did not query sender_canonical_maps. + * The virtual delivery agent did not detect failure to skip to the end + of a mailbox file, so that mail would be delivered to the beginning of the file. + This could happen when a mailbox file was already larger than the virtual mailbox size limit. + * The postsuper logged an incorrect rename operation count after creating a missing directory. + * The Postfix SMTP server falsely rejected mail when a sender-dependent "error" + transport was configured. Cause: the SMTP server address validation code + was not updated when the sender_dependent_default_transport_maps feature + was introduced. + * The Postfix SMTP server falsely rejected an SMTPUTF8 sender address, when "smtpd_delay_reject = no". + * The "postfix tls deploy-server-cert" command used the wrong certificate + and key file. This was caused by a cut-and-paste error in the postfix-tls-script file. + +------------------------------------------------------------------- +Sat Nov 26 15:43:57 UTC 2016 - chris@computersalat.de + +- improve config.postfix + * improve SASL stuff + * add POSTFIX_SMTP_AUTH_SERVICE=(cyrus|dovecot) + +------------------------------------------------------------------- +Mon Nov 14 21:53:18 UTC 2016 - chris@computersalat.de + +- improve config.postfix + * improve with MySQL stuff + +------------------------------------------------------------------- +Mon Nov 7 13:35:38 UTC 2016 - chris@computersalat.de + +- update vda patch to latest available + * remove postfix-vda-v13-3.10.0.patch + * add postfix-vda-v14-3.0.3.patch +- rebase patches (and to be p0) + * pointer_to_literals.patch + * postfix-main.cf.patch + * postfix-master.cf.patch + * postfix-no-md5.patch + * postfix-ssl-release-buffers.patch +- add /etc/postfix/ssl as default DIR for SSL stuff + * cacerts -> ../../ssl/certs/ + * certs/ +- revert POSTFIX_SSL_PATH from '/etc/ssl' to '/etc/postfix/ssl' +- improve config.postfix + * revert smtpd_tls_CApath to POSTFIX_SSL_PATH/cacerts which is a + symlink to /etc/ssl/certs + Without reverting, 'gen_CA' would create files which would then be on + the previous defined 'sslpath(/etc/ssl)/certs' (smtpd_tls_CApath) + Cert reqs would be placed in 'sslpath(/etc/ssl)/certs/postfixreq.pem' + which is not a good idea. + * mkchroot: sync '/etc/postfix/ssl' to chroot + * improve PCONF for smtp{,d}_tls_{cert,key}_file, adding/removing from + main.cf, show warning if enabled and file is missing + +------------------------------------------------------------------- +Sun Oct 9 20:11:34 UTC 2016 - michael@stroeder.com + +- update to 3.1.3: + * The Postfix SMTP server did not reset a previous session's + failed/total command counts before rejecting a client that + exceeds request or concurrency rates. This resulted in incorrect + failed/total command counts being logged at the end of the + rejected session. + * The unionmap multi-table interface did not propagate table + lookup errors, resulting in false "user unknown" responses. + * The documentation was updated with a workaround for false "not + found" errors with MySQL map queries that contain UTF8-encoded + text. The workaround is to specify "option_group = client" in + Postfix MySQL configuration files. This will be the default + setting with Postfix 3.2 and later. + +------------------------------------------------------------------- +Sun Sep 4 15:33:27 UTC 2016 - michael@stroeder.com + +- update to 3.1.2: + * Changes to make Postfix build with OpenSSL 1.1.0. + * The makedefs script ignored readme_directory=pathname overrides. + Fix by Todd C. Olson. + * The tls_session_ticket_cipher documentation says that the default + cipher for TLS session tickets is aes-256-cbc, but the implemented + default was aes-128-cbc. Note that TLS session ticket keys are + rotated after 1/2 hour, to limit the impact of attacks on session + ticket keys. + +------------------------------------------------------------------- +Thu Jun 2 12:26:17 UTC 2016 - schwab@suse.de + +- postfix-post-install.patch: remove empty patch + +------------------------------------------------------------------- +Sun May 29 16:45:30 UTC 2016 - chris@computersalat.de + +- fix Changelog cause of Factory decline + +------------------------------------------------------------------- +Tue May 24 13:18:55 UTC 2016 - varkoly@suse.com + +- Fix typo in config.postfix + +------------------------------------------------------------------- +Tue May 24 04:29:41 UTC 2016 - varkoly@suse.com + +- bnc#981097 config.postfix creates broken main.cf for tls client configuration +- bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete +- update to 3.1.1: +- The new address_verify_pending_request_limit + parameter introduces a safety limit for the number of address + verification probes in the active queue. The default limit is 1/4 + of the active queue maximum size. The queue manager enforces the + limit by tempfailing probe messages that exceed the limit. This + design avoids dependencies on global counters that get out of sync + after a process or system crash. +- Machine-readable, JSON-formatted queue listing with "postqueue -j" + (no "mailq" equivalent). +- The milter_macro_defaults feature provides an optional list of macro + name=value pairs. These specify default values for Milter macros when + no value is available from the SMTP session context. +- Support to enforce a destination-independent delay between email + deliveries. The following example inserts 20 seconds of delay + between all deliveries with the SMTP transport, limiting the delivery + rate to at most three messages per minute. + smtp_transport_rate_delay = 20s +- Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes + that a "not found" result from a DNSBL server will be valid for one + hour. This may have been adequate five years ago when postscreen + was first implemented, but nowadays, that one hour can result in + missed opportunities to block new spambots. + To address this, postscreen now respects the TTL of DNSBL "not + found" replies, as well as the TTL of DNSWL replies (both "found" + and "not found"). The TTL for a "not found" reply is determined + according to RFC 2308 (the TTL of an SOA record in the reply). + + Support for DNSBL or DNSWL reply TTL values is controlled by two + configuration parameters: + + postscreen_dnsbl_min_ttl (default: 60 seconds). + postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour) + + The postscreen_dnsbl_ttl parameter is now obsolete, and has become + the default value for the new postscreen_dnsbl_max_ttl parameter. +- New "smtpd_client_auth_rate_limit" feature, to + enforce an optional rate limit on AUTH commands per SMTP client IP + address. Similar to other smtpd_client_*_rate_limit features, this + enforces a limit on the number of requests per $anvil_rate_time_unit. +- New SMTPD policy service attribute "policy_context", + with a corresponding "smtpd_policy_service_policy_context" configuration + parameter. Originally, this was implemented to share the same SMTPD + policy service endpoint among multiple check_policy_service clients. +- A new "postfix tls" command to quickly enable opportunistic TLS + in the Postfix SMTP client or server, and to manage SMTP server keys + and certificates, including certificate signing requests and + TLSA DNS records for DANE. + +------------------------------------------------------------------- +Tue Apr 19 07:59:32 UTC 2016 - opensuse@dstoecker.de + +- build with working support for SMTPUTF8 + +------------------------------------------------------------------- +Sun Mar 20 14:11:27 UTC 2016 - mrueckert@suse.de + +- fix build on sle11 by pointing _libexecdir to /usr/lib all the + time. + +------------------------------------------------------------------- +Sun Mar 20 13:46:56 UTC 2016 - mrueckert@suse.de + +- some distros did not pull pkgconfig indirectly. pull it directly. + +------------------------------------------------------------------- +Sun Mar 20 08:19:23 UTC 2016 - mrueckert@suse.de + +- fix building the dynamic maps: the old build had postgresql e.g. + with missing symbols. + - convert to AUXLIBS_* instead of plain AUXLIBS which is needed + for proper dynamic maps. + - reordered the CCARGS and AUXLIBS* lines to group by feature + - use pkgconfig or *_config tools where possible +- picked up signed char from fedora spec file +- enable lmdb support: new BR lmdb-devel, new subpackage + postfix-lmdb. +- don't delete vmail user/groups + +------------------------------------------------------------------- +Wed Mar 9 13:06:35 UTC 2016 - varkoly@suse.com + +- update to 3.1.0 +- Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, + lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. + Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch + could be removed. +- Adapting all the patches to postfix 3.1.0 +- remove obsolete patches + * add_missed_library.patch + * postfix-opensslconfig.patch +- update vda patch + * remove postfix-vda-v13-2.10.0.patch + * add postfix-vda-v13-3.10.0.patch +- The patch postfix-db6.diff is not more neccessary + +- Backwards-compatibility safety net. + With NEW Postfix installs, you MUST install a main.cf file with + the setting "compatibility_level = 2". See conf/main.cf for an + example. + + With UPGRADES of existing Postfix systems, you MUST NOT change the + main.cf compatibility_level setting, nor add this setting if it + does not exist. + + Several Postfix default settings have changed with Postfix 3.0. To + avoid massive frustration with existing Postfix installations, + Postfix 3.0 comes with a safety net that forces Postfix to keep + running with backwards-compatible main.cf and master.cf default + settings. This safety net depends on the main.cf compatibility_level + setting (default: 0). Details are in COMPATIBILITY_README. + +- Major changes - tls +* [Feature 20160207] A new "postfix tls" command to quickly enable + opportunistic TLS in the Postfix SMTP client or server, and to + manage SMTP server keys and certificates, including certificate + signing requests and TLSA DNS records for DANE. +* As of the middle of 2015, all supported Postfix releases no longer + nable "export" grade ciphers for opportunistic TLS, and no longer + use the deprecated SSLv2 and SSLv3 protocols for mandatory or + opportunistic TLS. +* [Incompat 20150719] The default Diffie-Hellman non-export prime was + updated from 1024 to 2048 bits, because SMTP clients are starting + to reject TLS handshakes with primes smaller than 2048 bits. +* [Feature 20160103] The Postfix SMTP client by default enables DANE + policies when an MX host has a (DNSSEC) secure TLSA DNS record, + even if the MX DNS record was obtained with insecure lookups. The + existence of a secure TLSA record implies that the host wants to + talk TLS and not plaintext. For details see the + smtp_tls_dane_insecure_mx_policy configuration parameter. + +- Major changes - default settings + [Incompat 20141009] The default settings have changed for relay_domains + (new: empty, old: $mydestination) and mynetworks_style (new: host, + old: subnet). However the backwards-compatibility safety net will + prevent these changes from taking effect, giving the system + administrator the option to make an old default setting permanent + in main.cf or to adopt the new default setting, before turning off + backwards compatibility. See COMPATIBILITY_README for details. + + [Incompat 20141001] A new backwards-compatibility safety net forces + Postfix to run with backwards-compatible main.cf and master.cf + default settings after an upgrade to a newer but incompatible Postfix + version. See COMPATIBILITY_README for details. + + While the backwards-compatible default settings are in effect, + Postfix logs what services or what email would be affected by the + incompatible change. Based on this the administrator can make some + backwards-compatibility settings permanent in main.cf or master.cf, + before turning off backwards compatibility. + +- Major changes - address verification safety + [Feature 20151227] The new address_verify_pending_request_limit + parameter introduces a safety limit for the number of address + verification probes in the active queue. The default limit is 1/4 + of the active queue maximum size. The queue manager enforces the + limit by tempfailing probe messages that exceed the limit. This + design avoids dependencies on global counters that get out of sync + after a process or system crash. + + Tempfailing verify requests is not as bad as one might think. The + Postfix verify cache proactively updates active addresses weeks + before they expire. The address_verify_pending_request_limit affects + only unknown addresses, and inactive addresses that have expired + from the address verify cache (by default, after 31 days). + +- Major changes - json support + [Feature 20151129] Machine-readable, JSON-formatted queue listing + with "postqueue -j" (no "mailq" equivalent). The output is a stream + of JSON objects, one per queue file. To simplify parsing, each + JSON object is formatted as one text line followed by one newline + character. See the postqueue(1) manpage for a detailed description + of the output format. + +- Major changes - milter support + [Feature 20150523] The milter_macro_defaults feature provides an + optional list of macro name=value pairs. These specify default + values for Milter macros when no value is available from the SMTP + session context. + + For example, with "milter_macro_defaults = auth_type=TLS", the + Postfix SMTP server will send an auth_type of "TLS" to a Milter, + unless the remote client authenticates with SASL. + + This feature was originally implemented for a submission service + that may authenticate clients with a TLS certificate, without having + to make changes to the code that implements TLS support. + +- Major changes - output rate control + + [Feature 20150710] Destination-independent delivery rate delay + + Support to enforce a destination-independent delay between email + deliveries. The following example inserts 20 seconds of delay + between all deliveries with the SMTP transport, limiting the delivery + rate to at most three messages per minute. + + /etc/postfix/main.cf: + smtp_transport_rate_delay = 20s + + For details, see the description of default_transport_rate_delay + and transport_transport_rate_delay in the postconf(5) manpage. + +- Major changes - postscreen dnsbl + [Feature 20150710] postscreen support for the TTL of DNSBL and DNSWL + lookup results + + Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes + that a "not found" result from a DNSBL server will be valid for one + hour. This may have been adequate five years ago when postscreen + was first implemented, but nowadays, that one hour can result in + missed opportunities to block new spambots. + + To address this, postscreen now respects the TTL of DNSBL "not + found" replies, as well as the TTL of DNSWL replies (both "found" + and "not found"). The TTL for a "not found" reply is determined + according to RFC 2308 (the TTL of an SOA record in the reply). + + Support for DNSBL or DNSWL reply TTL values is controlled by two + configuration parameters: + + postscreen_dnsbl_min_ttl (default: 60 seconds). + + This parameter specifies a minimum for the amount of time that + a DNSBL or DNSWL result will be cached in the postscreen_cache_map. + This prevents an excessive number of postscreen cache updates + when a DNSBL or DNSWL server specifies a very small reply TTL. + + postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour) + + This parameter specifies a maximum for the amount of time that + a DNSBL or DNSWL result will be cached in the postscreen_cache_map. + This prevents cache pollution when a DNSBL or DNSWL server + specifies a very large reply TTL. + + The postscreen_dnsbl_ttl parameter is now obsolete, and has become + the default value for the new postscreen_dnsbl_max_ttl parameter. + +- Major changes - sasl auth safety + [Feature 20151031] New "smtpd_client_auth_rate_limit" feature, to + enforce an optional rate limit on AUTH commands per SMTP client IP + address. Similar to other smtpd_client_*_rate_limit features, this + enforces a limit on the number of requests per $anvil_rate_time_unit. + +- Major changes - smtpd policy + [Feature 20150913] New SMTPD policy service attribute "policy_context", + with a corresponding "smtpd_policy_service_policy_context" configuration + parameter. Originally, this was implemented to share the same SMTPD + policy service endpoint among multiple check_policy_service clients. + +------------------------------------------------------------------- +Wed Dec 9 14:05:22 UTC 2015 - varkoly@suse.com + +- bnc#958329 postfix fails to start when openslp is not installed + +------------------------------------------------------------------- +Mon Oct 12 20:49:27 UTC 2015 - michael@stroeder.com + +- upstream update postfix 2.11.7: + * The Postfix Milter client aborted with a panic while adding a + message header, after adding a short message header with the + header_checks PREPEND action. Fixed by invoking the header + output function while PREPENDing a message header. + * False alarms while scanning the Postfix queue. Fixed by resetting + errno before calling readdir(). This defect was introduced + 19970309. + * The postmulti command produced an incorrect error message. + * The postmulti command now refuses to create a new MTA instance + when the template main.cf or master.cf file are missing. This + is a common problem on Debian-like systems. + * Turning on Postfix SMTP server HAProxy support broke TLS + wrappermode. Fixed by temporarily using a 1-byte VSTREAM buffer + to read the HAProxy connection hand-off information. + * The xtext_unquote() function did not propagate error reports + from xtext_unquote_append(), causing the decoder to return + partial output, instead of rejecting malformed input. The Postfix + SMTP server uses this function to parse input for the ENVID and + ORCPT parameters, and for XFORWARD and XCLIENT command parameters. + +------------------------------------------------------------------- +Wed Aug 12 10:51:51 UTC 2015 - jkeil@suse.de + +- boo#934060: Remove quirky hostname logic from config.postfix + * /etc/hostname doesn't contain anything useful + * linux.local is no good either + * postfix will use `hostname`.localdomain as fallback + +------------------------------------------------------------------- +Tue Aug 4 09:09:04 UTC 2015 - meissner@suse.com + +- postfix-no-md5.patch: replace fingerprint defaults by sha1. bsc#928885 + +------------------------------------------------------------------- +Tue Aug 4 09:07:25 UTC 2015 - meissner@suse.com + +- %verifyscript is a new section, move it out of the %ifdef + so the fillups are run afterwards. + +------------------------------------------------------------------- +Wed Jul 22 16:44:44 UTC 2015 - michael@stroeder.com + +- upstream update postfix 2.11.6: + Default settings have been updated so that they no longer enable + export-grade ciphers, and no longer enable the SSLv2 and SSLv3 + protocols. +- removed postfix-2.11.5_linux4.patch because it's obsolete +- Bugfix (introduced: Postfix 2.11): with connection caching + enabled (the default), recipients could be given to the wrong + mail server. (bsc#944722) + +------------------------------------------------------------------- +Mon Jun 1 22:25:51 UTC 2015 - crrodriguez@opensuse.org + +- postfix-SuSE.tar.gz/postfix.service: None of + nss-lookup.target network.target local-fs.target time-sync.target + should be Wanted or Required except by the services + the implement the relevant functionality i.e network.target + is wanted/required by networkmanager, wicked, + systemd-network. other software must be ordered After them, + see systemd.special(7) + +------------------------------------------------------------------- +Sun May 17 18:41:52 UTC 2015 - mpluskal@suse.com + +- Fix library symlink generation (boo#928662) + +------------------------------------------------------------------- +Tue Apr 21 09:55:44 UTC 2015 - mrueckert@suse.de + +- added postfix-2.11.5_linux4.patch: + Allow building on kernel 4. Patch taken from: + https://groups.google.com/forum/#!topic/mailing.postfix.users/fufS22sMGWY + +------------------------------------------------------------------- +Sun Apr 19 23:03:25 UTC 2015 - mrueckert@suse.de + +- update to postfix 2.11.5 + - Bugfix (introduced: Postfix 2.6): + sender_dependent_relayhost_maps ignored the relayhost setting + in the case of a DUNNO lookup result. It would use the + recipient domain instead. Viktor Dukhovni. Wietse took the + pieces of code that enforce the precedence of a + sender-dependent relayhost, the global relayhost, and the + recipient domain, and put that code together in once place so + that it is easier to maintain. File: + trivial-rewrite/resolve.c. + - Bitrot: prepare for future changes in OpenSSL API. Viktor + Dukhovni. File: tls_dane.c. + - Incompatibility: specifying "make makefiles" with "CC=command" + will no longer override the default WARN setting. + +------------------------------------------------------------------- +Mon Feb 9 18:01:38 UTC 2015 - michael@stroeder.com + +- upstream update postfix 2.11.4: + +Postfix 2.11.4 only: + +* Fix a core dump when smtp_policy_maps specifies an invalid TLS + level. + +* Fix a missing " in \%s\", in postconf(1) fatal error messages, + which violated the C language spec. Reported by Iain Hibbert. + +All supported releases: + +* Stop excessive recursion in the cleanup server while recovering + from a virtual alias expansion loop. Problem found at Two Sigma. + +* Stop exponential memory allocation with virtual alias expansion + loops. This came to light after fixing the previous problem. + +------------------------------------------------------------------- +Sun Feb 8 13:08:36 UTC 2015 - varkoly@suse.com + +- correct pf_daemon_directory in spec. This must be /usr/lib/ + +------------------------------------------------------------------- +Thu Jan 22 09:36:09 UTC 2015 - varkoly@suse.com + +- bnc#914086 syntax error in config.postfix +- Adapt config.postfix to be able to run on SLE11 too. + +------------------------------------------------------------------- +Mon Jan 19 22:15:30 UTC 2015 - mpluskal@suse.com + +- Don't install sysvinit script when systemd is used +- Make explicit PreReq dependencies conditional only for older + systems +- Don't try to set explicit attributes to symlinks +- Cleanup spec file vith spec-cleaner + +------------------------------------------------------------------- +Tue Jan 13 07:04:52 UTC 2015 - varkoly@suse.com + +- bnc#912594 config.postfix creates config based on old options + +------------------------------------------------------------------- +Tue Jan 6 14:26:51 UTC 2015 - varkoly@suse.com + +- bnc#911806 config.postfix does not set up correct saslauthd socket directory for chroot +- bnc#910265 config.postfix does not upgrade the chroot +- bnc#908003 wrong access rights on /usr/sbin/postdrop causes + permission denied when trying to send a mail as non root user +- bnc#729154 wrong permissions for some postfix components + +------------------------------------------------------------------- +Fri Nov 21 14:49:19 UTC 2014 - tchvatal@suse.com + +- Remove keyring and things as it is md5 based one no longer + accepted by gpg 2.1 + +------------------------------------------------------------------- +Fri Nov 14 09:19:00 UTC 2014 - dimstar@opensuse.org + +- No longer perform gpg validation; osc source_validator does it + implicit: + + Drop gpg-offline BuildRequires. + + No longer execute gpg_verify. + +------------------------------------------------------------------- +Mon Oct 27 18:22:02 UTC 2014 - dmueller@suse.com + +- restore previously lost fix: + Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de + - Ignore errors in %pre/%post. + +------------------------------------------------------------------- +Mon Oct 20 07:52:39 UTC 2014 - michael@stroeder.com + +- postfix 2.11.3: + + * Fix for configurations that prepend message headers with Postfix + access maps, policy servers or Milter applications. Postfix now + hides its own Received: header from Milters and exposes prepended + headers to Milters, regardless of the mechanism used to prepend + a header. This fix reverts a partial solution that was released + on October 13, 2014, and replaces it with a complete solution. + * Portability fix for MacOS X 10.7.x (Darwin 11.x) build procedure. + +- postfix 2.11.2: + + * Fix for DMARC implementations based on SPF policy plus DKIM + Milter. The PREPEND access/policy action added headers ABOVE + Postfix's own Received: header, exposing Postfix's own Received: + header to Milters (protocol violation) and hiding the PREPENDed + header from Milters. PREPENDed headers are now added BELOW + Postfix's own Received: header and remain visible to Milters. + * The Postfix SMTP server logged an incorrect client name in + reject messages for check_reverse_client_hostname_access and + check_reverse_client_hostname_{mx,ns}_access. They replied with + the verified client name, instead of the name that was rejected. + * The qmqpd daemon crashed with null pointer bug when logging a + lost connection while not in a mail transaction. + +------------------------------------------------------------------- +Sun Sep 14 16:50:57 UTC 2014 - andreas.stieger@gmx.de + +- switch from md5 based signature to one using the SHA-512 digest + algorithm supplied by maintainer on ML to pass source_validator + +------------------------------------------------------------------- +Sat Sep 13 21:44:41 UTC 2014 - andreas.stieger@gmx.de + +- postfix 2.11.1: + * With connection caching enabled (the default), recipients could + be given to the wrong mail server. + * Enforce TLS when TLSA records exist, but all are unusable. + * Don't leak memory when TLSA records exist, but all are unusable. + * Prepend "-I. -I../../include" to the compiler command-line + options, to avoid name clashes with non-Postfix header files. + * documentation fixes + * logging fixes + +------------------------------------------------------------------- +Fri Aug 29 15:40:00 UTC 2014 - rusjako@rus.uni-stuttgart.de + +- fix dynamic_maps patch to enable memcache support, which does not + need any libraries + +------------------------------------------------------------------- +Thu Jul 31 12:44:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Fri Jun 27 23:16:21 UTC 2014 - chris@computersalat.de + +- fix typo in postfix-SuSE/update_chroot.systemd +- fix config.postfix + * 'insserv amavis' -> 'chkconfig amavis on' +- rework main.cf patch + * fix virtual stuff + * add some dovecot stuff +- rework master.cf patch + * add some dovecot stuff + +------------------------------------------------------------------- +Mon Jun 23 21:41:23 UTC 2014 - jamesp@vicidial.com + +- The included postfix-mysql.tar.bz2 was using a MySQL 4.1 style of + table engine specification. Modified so that the sql uses + 'ENGINE=' instead of 'TYPE=' for creating tables. + +------------------------------------------------------------------- +Mon Jun 23 15:17:52 UTC 2014 - varkoly@suse.com + +- bnc#816769 - config.postfix issues warnings about missing master.cf + +------------------------------------------------------------------- +Tue Jun 10 13:34:03 UTC 2014 - varkoly@suse.com + +- bnc#882033 - Package postfix has changed files according to rpm +- bnc#855688 - possible systemd bug: postfix & cifs dependency confict + +------------------------------------------------------------------- +Mon Jun 9 12:17:35 UTC 2014 - varkoly@suse.com + +- bnc#863350 - SuSEconfig.postfix complains about modified /etc/postfix/main.cf after updating postfix + +------------------------------------------------------------------- +Mon May 26 17:21:54 UTC 2014 - chris@computersalat.de + +- replace vda patch: + * add postfix-vda-v13-2.10.0.patch + * remove postfix-vda-v11-2.9.6.patch +- rebase patches +- config.postfix + * add master.cf support for submission (587) + * rework master.cf support for smtps + +------------------------------------------------------------------- +Wed Feb 12 15:10:27 UTC 2014 - varkoly@suse.com + +- bnc#862662 - Unable to configure postfix SMTP with forced TLS using YaST2 + +- Update to 2.11.0 + * TLS + o Support for PKI-less TLS server certificate verification, where + the CA public key or the server certificate is identified via DNSSEC lookup + * LMDB database support + * master + o The master_service_disable parameter value syntax has changed: + use "service/type" instead of "service.type". + * postconf: + o Support for advanced master.cf query and update operations. + This was implemented primarily to support automated system management tools. + o The postconf command produces more warnings + * relay safety + New smtpd_relay_restrictions parameter built-in default settings: + smtpd_relay_restrictions = + permit_mynetworks + permit_sasl_authenticated + defer_unauth_destination + * postscreen whitelisting + Allow a remote SMTP client to skip postscreen(8) tests based on + its postscreen_dnsbl_sites score. + +------------------------------------------------------------------- +Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de + +- Ignore errors in %pre/%post. + +------------------------------------------------------------------- +Thu Oct 3 02:47:54 UTC 2013 - crrodriguez@opensuse.org + +- two improvements for 13.1 and factory +* postfix-opensslconfig.patch call openSSL_config + so postfix respects the system's openssl configuration +* postfix-SuSE/postfix.service since a few months there + is no mail-transfer-agent.target, units must be ordered + after a list of smtpd implementations instead. + +------------------------------------------------------------------- +Fri Sep 20 04:48:08 UTC 2013 - varkoly@suse.com + +- Proc is not needed in chroot anymore + +------------------------------------------------------------------- +Tue Jul 30 14:34:01 UTC 2013 - schwab@suse.de + +- postfix-main.cf.patch: remove duplicate entry for inet_protocols + +------------------------------------------------------------------- +Mon Jun 17 10:50:08 UTC 2013 - chris@computersalat.de + +- fix for warning + * unused parameter: virtual_create_maildirsize=yes + * unused parameter: virtual_mailbox_extended=yes + * rework main.cf.patch +- fix rcpostfix for sysvinit systems + * /etc/postfix/system/update_postmaps: No such file or directory +- rebase patches + * vda-v11-2.9.5 -> vda-v11-2.9.6 +- fix file postfix-SuSE.tar.gz + * made a tar.gz + +------------------------------------------------------------------- +Sun Jun 16 02:12:07 UTC 2013 - jengelh@inai.de + +- postfix.spec forces the use of SSL and SASL libraries, + so make sure the BuildRequires are there + +------------------------------------------------------------------- +Fri Jun 14 01:33:52 UTC 2013 - jengelh@inai.de + +- Add postfix-db6.diff to fix compile abort with libdb-6.0 + +------------------------------------------------------------------- +Mon Apr 22 11:51:37 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/SourceUrls +- Add GPG verification + +------------------------------------------------------------------- +Sat Apr 20 05:46:00 UTC 2013 - crrodriguez@opensuse.org + +- postfix-SuSE/postfix.service do not Require or + order after syslog.target as it no longer exists + postfix will fail to start in the next systemd version. + +------------------------------------------------------------------- +Sat Feb 23 09:33:08 UTC 2013 - rmilasan@suse.com + +- Install postfix.service accordingly (/usr/lib/systemd for 12.3 + and up or /lib/systemd for older versions). + +------------------------------------------------------------------- +Wed Feb 6 19:56:57 UTC 2013 - varkoly@suse.com + +- update to 2,9.6 + Bugfix: the local(8) delivery agent dereferenced a null pointer + while delivering to null command (for example, "|" in a .forward file). + Bugfix: memory leak in program initialization. tls/tls_misc.c. + Bugfix: he undocumented OpenSSL X509_pubkey_digest() function is + unsuitable for computing certificate PUBLIC KEY fingerprints. + Postfix now provides a correct procedure that accounts for + the algorithm and parameters in addition to the key data. Specify + "tls_legacy_public_key_fingerprints = yes" if you need backwards compatibility. + +------------------------------------------------------------------- +Thu Jan 17 22:01:16 UTC 2013 - varkoly@suse.com + +- bnc#796162 - script to assign path elements not working in postfix install Build-0284(iso) + +------------------------------------------------------------------- +Thu Jan 10 18:23:56 UTC 2013 - chris@computersalat.de + +- rebase patches + * vda-v10-2.8.12 -> vda-v11-2.9.5 (and to be a p0) + * main, master, post-instal, ssl-release-buffers (remove version) + * dynamic_maps, dynamic_maps_pie, pointer_to_literals + +------------------------------------------------------------------- +Thu Jan 10 14:45:59 UTC 2013 - varkoly@suse.com + +- update to 2,9.5 + * tls support: + Support to turn off the TLSv1.1 and TLSv1.2 protocols: + To temporarily turn off problematic protocols globally: + /etc/postfix/main.cf: + smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 + smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 + However, it may be better to temporarily turn off problematic + protocols for broken sites only: + /etc/postfix/main.cf: + smtp_tls_policy_maps = hash:/etc/postfix/tls_policy + /etc/postfix/tls_policy: + example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2 + * 20111012 To simplify integration with third-party + applications, the Postfix sendmail command now always transforms + all input lines ending in into UNIX format (lines ending + in ). Specify "sendmail_fix_line_endings = strict" to restore + historical Postfix behavior (i.e. convert all input lines ending + in only if the first line ends in ). + * 20120114 Logfile-based alerting systems may need to be + updated to look for "error" messages in addition to "fatal" messages. + Specify "daemon_table_open_error_is_fatal = yes" to get the historical + behavior (immediate termination with "fatal" message). + * enable_long_queue_ids Postfix 2.9 introduces support for non-repeating queue IDs (also + used as queue file names). These names are encoded in a mix of upper + case, lower case and decimal digit characters. Long queue IDs are + disabled by default to avoid breaking tools that parse logfiles and + that expect queue IDs with the smaller [A-F0-9] character set. + * 20111209 memcache lookup and update support. This provides + a way to share postscreen(8) or verify(8) caches between Postfix + instances. See MEMCACHE_README and memcache_table(5) for details + and limitations. + * 20111218 To support external SASL authentication, e.g., + in an NGINX proxy daemon, the Postfix SMTP server now always checks + the smtpd_sender_login_maps table, even without having + "smtpd_sasl_auth_enable = yes" in main.cf. + * ipv6 + o The default inet_protocols value is now "all" instead of "ipv4", + meaning use both IPv4 and IPv6. + o The default smtp_address_preference value is now "any" instead + of "ipv6", meaning choose randomly between IPv6 and IPv4. With + this the Postfix SMTP client will have more success delivering + mail to sites that have problematic IPv6 configurations. + +------------------------------------------------------------------- +Sat Dec 15 16:33:24 UTC 2012 - chris@computersalat.de + +- update to 2.8.13 + * 20121029 + Workaround: strip datalink suffix from IPv6 addresses + returned by the system getaddrinfo() routine. Such suffixes + mess up the default mynetworks value, host name/address + verification and possibly more. This change obsoletes the + 20101108 change that removes datalink suffixes in the SMTP + and QMQP servers, but we leave that code alone. File: + util/myaddrinfo.c. + * 20121013 + Cleanup: to compute the LDAP connection cache lookup key, + join the numeric fields with null, just like string fields. + Viktor Dukhovni. File: global/dict_ldap.c. + * 20121010 + Bugfix (introduced: Postfix 2.5): memory leak in program + initialization. Reported by Coverity. File: tls/tls_misc.c. + Bugfix (introduced: Postfix 2.3): memory leak in the unused + oqmgr program. Reported by Coverity. File: oqmgr/qmgr_message.c. + * 20121003 + Bugfix: the postscreen_access_list feature was case-sensitive + in the first character of permit, reject, etc. Reported by + Feancis Picabia. File: global/server_acl.c. +- rebase dynamic_maps_pie patch +- rpmlint + * invalid-suse-version-check 1140 + * obsolete-suse-version-check 920 (changes file) + +------------------------------------------------------------------- +Fri Dec 14 06:03:42 UTC 2012 - varkoly@suse.com + +- bnc#790141 - Command SuSEconfig.postfix reports ERROR - + "can not find /lib/YaST/SuSEconfig.functions!!" + +------------------------------------------------------------------- +Thu Nov 8 11:33:33 UTC 2012 - varkoly@suse.com + +- bnc#782048 - postfix uses /sbin/conf.d +- bnc#784659 - remove SuSEconfig calls from yast2-mail + +------------------------------------------------------------------- +Fri Aug 10 18:56:59 UTC 2012 - chris@computersalat.de + +- update to 2.8.12 + * 20120730 + Bugfix (introduced: 20000314): AUTH is not allowed after + MAIL. Timo Sirainen. File: smtpd/smtpd_sasl_proto.c. + * 20120702 + Bugfix (introduced: 19990127): the BIFF client leaked an + unprivileged UDP socket. Fix by Jaroslav Skarvada. File: + local/biff_notify.c. + * 20120621 + Bugfix (introduced: Postfix 2.8): the unused "pass" trigger + client could close the wrong file descriptors. File: + util/unix_pass_trigger.c. +- fix for bnc#771303 + * add 'version = 3' to ldap_aliases.cf +- rebase patches + * main, master, post-install: 2.8.3 -> 2.8.12 + * ssl-release-buffers: 2.8.5 -> 2.8.12 + * vda-v10: 2.8.9 -> 2.8.12 + * dynamic_maps, dynamic_maps_pie, ipv6_disabled, pointer_to_literals +- fix changes file + +------------------------------------------------------------------- +Thu Jul 19 06:52:18 UTC 2012 - varkoly@suse.com + +- bnc#771811 - postfix update does not regenerate the maps + +------------------------------------------------------------------- +Mon Jun 11 09:51:22 UTC 2012 - varkoly@suse.com + +- update to 2.8.11 + * 20120520 + - Bugfix (introduced Postfix 2.4): the event_drain() function + was comparing bitmasks incorrectly causing the program to + always wait for the full time limit. This error affected + the unused postkick command, but only after s/fifo/unix/ + in master.cf. File: util/events.c. + - Cleanup: laptop users have always been able to avoid + unnecessary disk spin-up by doing s/fifo/unix/ in master.cf + (this is currently not supported on Solaris systems). + However, to make this work reliably, the "postqueue -f" + command must wait until its requests have reached the pickup + and qmgr servers before closing the UNIX-domain request + sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in. + +------------------------------------------------------------------- +Wed May 9 10:07:10 UTC 2012 - varkoly@suse.com + +- bnc#753910 - {name} instead of %{name} in postfix .spec +- bnc#756452 - VUL-1: postfix: VRFY allows enumerating users + +------------------------------------------------------------------- +Thu May 3 16:47:11 UTC 2012 - chris@computersalat.de + +- update to 2.8.10 + * 20120401 + Bitrot: shut up useless warnings about Cyrus SASL call-back + function pointer type mis-matches. Files: xsasl/xsasl_cyrus.h, + xsasl/xsasl_cyrus_server.c, xsasl/xsasl_client.c. + * 20120422 + Bit-rot: OpenSSL 1.0.1 introduces new protocols. Update the + known TLS protocol list so that protocols can be turned off + selectively to work around implementation bugs. Based on + a patch by Victor Duchovni. Files: proto/TLS_README.html, + proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c, + tls/tls_server.c. +- update to 2.8.9 + * 20120217 + Cleanup: missing #include statement for bugfix code added + 20111226. File: local/unknown.c. + * 20120214 + Bugfix (introduced: Postfix 2.4): extraneous null assignment + caused core dump when postlog emitted the "usage" message. + Reported by Kant (fnord.hammer). File: postlog/postlog.c. + * 20120202 + Bugfix (introduced: Postfix 2.3): the "change header" milter + request could replace the wrong header. A long header name + could match a shorter one, because a length check was done + on the wrong string. Reported by Vladimir Vassiliev. File: + cleanup/cleanup_milter.c. +- use latest VDA patch (2.8.9) + +------------------------------------------------------------------- +Thu Apr 12 08:15:06 UTC 2012 - varkoly@suse.com + +- bnc#756450 - postfix: remove version from banner + +------------------------------------------------------------------- +Mon Apr 9 16:13:28 UTC 2012 - bruno@ioda-net.ch + +- add port 587 smtp-auth submission to postfix-fw bnc#756289 + +------------------------------------------------------------------- +Mon Apr 2 22:09:00 CEST 2012 - dmueller@suse.de + +- set exit code explicitely in cond_slp, systemd checks for it + +------------------------------------------------------------------- +Tue Mar 13 13:35:13 UTC 2012 - varkoly@suse.com + +- Documentation for bnc#751994 - SuSEconfig module postfix does not exist + +------------------------------------------------------------------- +Wed Mar 7 06:31:05 UTC 2012 - varkoly@suse.com + +- rcpostfix now updates the aliases too + +------------------------------------------------------------------- +Mon Feb 27 16:35:56 UTC 2012 - chris@computersalat.de + +- update to 2.8.8 + Bugfixes: + tlsproxy(8) stored TLS sessions with a serverID of + "tlsproxy" instead of "smtpd", wasting an opportunity for + session reuse. File: tlsproxy/tlsproxy.c. + missing lookup table entry and terminator, causing + proxymap server segfault when postscreen(8) or verify(8) + attempted to access their cache via the proxymap server. + This could never have worked anyway, because the Postfix + 2.8 proxymap protocol does not support cache cleanup. File + util/dict.c. + the Postfix client sqlite + quoting routine returned the unquoted result instead of the + quoted text. The opportunities for misuse are limited, + because Postfix sqlite files are usually owned by root, and + Postfix daemons usually run with non-root privileges so + they can't corrupt the database. Problem reported by Rob + McGee (rob0). File: global/dict_sqlite.c. + the trace service did not + distinguish between notifications for a non-bounce or a + bounce message. This code pre-dates DSN support and should + have been updated when it was re-purposed to handle DSN + SUCCESS notifications. Problem reported by Sabahattin + Gucukoglu. File: bounce/bounce_trace_service.c. +- use latest VDA patch (2.8.5) + +------------------------------------------------------------------- +Wed Jan 25 15:12:38 UTC 2012 - varkoly@suse.com + +- bnc#743369 - yast2 mail module does not open the firewall +- Set MD5DIR in SuSEconfig.postfix to avoid warnings + +------------------------------------------------------------------- +Tue Jan 17 11:14:30 UTC 2012 - varkoly@suse.com + +- bnc738693 - upgrade from 11.4 enables mysql service for systemd + +------------------------------------------------------------------- +Thu Jan 12 12:18:17 UTC 2012 - varkoly@suse.com + +- Add postmap rebuild script to systemv init script too + +------------------------------------------------------------------- +Wed Jan 11 14:21:21 UTC 2012 - varkoly@suse.com + +- bnc#738900 - cyrus-imapd not receiving mail from postfix + +------------------------------------------------------------------- +Tue Dec 13 14:50:45 UTC 2011 - varkoly@suse.com + +- Move the post map rebuild script into the start script + +------------------------------------------------------------------- +Tue Dec 6 11:04:12 UTC 2011 - varkoly@suse.com + +- Fix the last change in %post + +------------------------------------------------------------------- +Fri Dec 2 06:44:28 UTC 2011 - varkoly@suse.com + +- bnc#728308 - warning output after update the postfix package + +------------------------------------------------------------------- +Wed Nov 9 20:05:38 UTC 2011 - varkoly@suse.com + +- update to 2.8.7 + Bugfixes: + smtpd(8) did not sanitize newline characters in cleanup(8) + REJECT messages, causing them to be sent out via SMTP as bare newline characters. + smtpd(8) sent multi-line responses from a before-queue content filter as text with + bare instead of . + Workaround: postscreen sent non-compliant SMTP responses (220- followed by 421) + when it could not give a connection to a real smtpd process, causing some + remote SMTP clients to bounce mail. + +------------------------------------------------------------------- +Thu Nov 3 15:56:23 UTC 2011 - varkoly@suse.com + +- Use the systemd macros in the spec file + +------------------------------------------------------------------- +Fri Oct 14 16:43:02 CEST 2011 - mhrusecky@suse.cz + +- only fix files that exists in %post + +------------------------------------------------------------------- +Sun Oct 9 04:30:54 UTC 2011 - crrodriguez@opensuse.org + + - Use SSL_MODE_RELEASE_BUFFERS if available, see + SSL_CTX_set_mode man page and + http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html + for the full details. + +------------------------------------------------------------------- +Tue Sep 6 14:49:47 UTC 2011 - chris@computersalat.de + +- update to 2.8.5 + * Bugfix: allow for Milters that send an SMTP server reply + without RFC 3463 enhanced status code. Reported by Vladimir + Vassiliev. File: milter/milter8.c. + +------------------------------------------------------------------- +Mon Aug 22 09:31:02 UTC 2011 - varkoly@novell.com + +- bnc#684304 - server:mail/postfix: Bugs in SuSEconfig chroot setup script +- Aplly SASL_SOCKET_DIR patch + +------------------------------------------------------------------- +Thu Aug 18 09:32:04 UTC 2011 - varkoly@novell.com + +- Move SuSEconfig.postfix into /usr/sbin/ + (FATE#311272: Do not rewrite postfix.cf via SuSEconfig) + SuSEconfig.postfix will be executed only once after installation + automaticaly. Afterwards only you can start it manually or via + yast2 mail module. + +------------------------------------------------------------------- +Fri Aug 12 16:40:40 UTC 2011 - werner@suse.de + +- Just the first strep forward to systemd, please test out + /etc/postfix/system/update_chroot + /etc/postfix/system/wait_qmgr + /etc/postfix/system/cond_slp + and + /lib/systemd/system/postfix.service + and also fill out the missing description. + +------------------------------------------------------------------- +Tue Aug 9 11:03:55 UTC 2011 - chris@computersalat.de + +- rework SuSE patch + * add missing SASL stuff in rc.postfix + +------------------------------------------------------------------- +Mon Jul 25 09:08:14 UTC 2011 - chris@computersalat.de + +- when chrooted and using SASL + o mount -o bind SASL_SOCKET_DIR into postfix CHROOT + +------------------------------------------------------------------- +Mon Jul 11 17:22:19 UTC 2011 - chris@computersalat.de + +- update to 2.8.4 + o Linux kernel version 3 support. + for more info see ChangeLog + +------------------------------------------------------------------- +Wed Jul 6 13:11:07 UTC 2011 - varkoly@novell.com + +- bnc#686436 - postfix bounces messages with improper use of 8-bit data in message body +- Apply patch + +------------------------------------------------------------------- +Fri Jul 1 12:35:59 UTC 2011 - chris@computersalat.de + +- rework master.cf patch + o fix receive_override_options line +- rework SuSE patch + o sysconfig: remove POSTFIX_WITH_POP_BEFORE_SMTP + o SuSEconfig: fix receive_override_options line + +------------------------------------------------------------------- +Thu Jun 30 20:15:40 UTC 2011 - chris@computersalat.de + +- replace vda patch + o 2.8.1 -> 2.8.3 +- fix files doc + o remove 'doc auxiliary' + instead cp to pf_docdir + +------------------------------------------------------------------- +Sat May 28 04:22:22 UTC 2011 - varkoly@novell.com + +- fix spec for building on all repos + +------------------------------------------------------------------- +Tue May 24 10:24:51 UTC 2011 - varkoly@novell.com + +- bnc#679187 - suseconfig/postfix: missing dependency + +------------------------------------------------------------------- +Tue May 17 22:31:46 UTC 2011 - chris@computersalat.de + +- fix master.cf + o fix missing + - amavis unix - - n - 4 smtp + - localhost:10025 inet n - n - - smtpd + o add master.cf patch +- rework patches + o main.cf (add two missing sasl vars) + o postfix-SuSE (SuSEconfig, cleanup those vars,...) + +------------------------------------------------------------------- +Sun May 15 14:16:03 UTC 2011 - chris@computersalat.de + +- rework TLS stuff + o reworked main.cf patch + o added postfix-SuSE patch + o added post-install patch + Editing /etc/postfix/master.cf, adding missing entry for tlsmgr service + add only if it really does not exist +- removed Author from description +- updated vda patch + o vda-2.7.1 > vda-v10-2.8.1 +- fix build for SLE_10 + o no fdupes ;) + +------------------------------------------------------------------- +Wed May 11 08:23:56 UTC 2011 - varkoly@novell.com + +- remove document paths from postfix-files to avoid error messages + when postfix-doc is not installed + +------------------------------------------------------------------- +Tue May 10 09:20:23 UTC 2011 - varkoly@novell.com + +- update to 2.8.3 - VUL-0: postfix memory corruption + +------------------------------------------------------------------- +Sun Apr 10 07:00:18 UTC 2011 - varkoly@novell.com + +- bnc#641271 - postfix-2.7.1: init script cannot properly stop + multi-instance configurations + +------------------------------------------------------------------- +Wed Mar 30 21:21:16 UTC 2011 - varkoly@novell.com + +- update to 2.8.2 + * DNSBL/DNSWL: + o Support for address patterns in DNS blacklist and whitelist lookup results. + o The Postfix SMTP server now supports DNS-based whitelisting with several safety features + * Support for read-only sqlite database access. + * Alias expansion: + o Postfix now reports a temporary delivery error when the result + of virtual alias expansion would exceed the virtual_alias_recursion_limit + or virtual_alias_expansion_limit. + o To avoid repeated delivery to mailing lists with pathological + nested alias configurations, the local(8) delivery agent now keeps + the owner-alias attribute of a parent alias, when delivering mail + to a child alias that does not have its own owner alias. + * The Postfix SMTP client no longer appends the local domain when + looking up a DNS name without ".". + * The SMTP server now supports contact information that is appended + to "reject" responses: smtpd_reject_footer + * Postfix by default no longer adds a "To: undisclosed-recipients:;" + header when no recipient specified in the message header. + * tls support: + o The Postfix SMTP server now always re-computes the SASL mechanism + list after successful completion of the STARTTLS command. + o The smtpd_starttls_timeout default value is now stress-dependent. + o Postfix no longer appends the system-supplied default CA certificates + to the lists specified with *_tls_CAfile or with *_tls_CApath. + * New feature: Prototype postscreen(8) server that runs a number + of time-consuming checks in parallel for all incoming SMTP connections, + before clients are allowed to talk to a real Postfix SMTP server. + It detects clients that start talking too soon, or clients that appear + on DNS blocklists, or clients that hang up without sending any command. + +------------------------------------------------------------------- +Thu Feb 10 11:43:28 UTC 2011 - varkoly@novell.com + +- bnc#667299 - Postfix LICENSE not marked as documentation + +------------------------------------------------------------------- +Mon Jan 17 09:56:32 UTC 2011 - chris@computersalat.de + +- add some min LDAP support for virtual LDAP-users + o sysconfig "WITH_LDAP" + o add ldap_aliases.cf + o SuSEconfig.postfix + virtual_alias_maps = ... ldap:/etc/postfix/ldap_aliases.cf + +------------------------------------------------------------------- +Tue Jan 4 12:14:06 UTC 2011 - chris@computersalat.de + +- update to 2.7.2 + * Bugfix (introduced Postfix 2.2): Postfix no longer appends + the system default CA certificates to the lists specified + with *_tls_CAfile or with *_tls_CApath. This prevents + third-party certificates from getting mail relay permission + with the permit_tls_all_clientcerts feature. Unfortunately + this may cause compatibility problems with configurations + that rely on certificate verification for other purposes. + To get the old behavior, specify "tls_append_default_CA = + yes". Files: tls/tls_certkey.c, tls/tls_misc.c, + global/mail_params.h. proto/postconf.proto, mantools/postlink. + * Compatibility with Postfix < 2.3: fix 20061207 was incomplete + (undoing the change to bounce instead of defer after + pipe-to-command delivery fails with a signal). Fix by Thomas + Arnett. File: global/pipe_command.c. + * Bugfix: the milter_header_checks parser provided only the + actions that change the message flow (reject, filter, + discard, redirect) but disabled the non-flow actions (warn, + replace, prepend, ignore, dunno, ok). File: + cleanup/cleanup_milter.c. + * Performance: fix for poor smtpd_proxy_filter TCP performance + over loopback (127.0.0.1) connections. Problem reported by + Mark Martinec. Files: smtpd/smtpd_proxy.c. + * Cleanup: don't apply reject_rhsbl_helo to non-domain forms + such as network addresses. This would cause false positives + with dbl.spamhaus.org. File: smtpd/smtpd_check.c. + * Bugfix: the "421" reply after Milter error was overruled + by Postfix 1.1 code that replied with "503" for RFC 2821 + compliance. We now make an exception for "final" replies, + as permitted by RFC. Solution by Victor Duchovni. File: + smtpd/smtpd.c. + +------------------------------------------------------------------- +Sat Dec 11 19:50:25 UTC 2010 - chris@computersalat.de + +- update vda patch + o remove 2.6.1-vda-ng.patch + o remove 2.6.1-vda-ng-64bit.patch + o add vda-2.7.1.patch +- rework main.cf.patch + o remove 2.2.9-main.cf.patch + o add 2.7.1-main.cf.patch + +------------------------------------------------------------------- +Tue Dec 7 22:02:56 UTC 2010 - coolo@novell.com + +- prereq init scripts network and syslog + +------------------------------------------------------------------- +Thu Aug 12 18:57:14 UTC 2010 - varkoly@novell.com + +- Remove obsolate postscripts +- bnc#625657 - SuSEconfig.postfix and smtp_use_tls +- bnc#622873 - postfix doesn't start if ipv6 is disabled + +------------------------------------------------------------------- +Tue Jul 6 15:04:30 UTC 2010 - chris@computersalat.de + +- reworked bnc#606251 stuff (not checked in to Factory) + o used my_print_defaults command for parsing of /etc/my.cnf + o using quotation marks: "$PF_CHROOT" + o added sysconfig option POSTFIX_MYSQL_CONN=(socket,tcp) + +------------------------------------------------------------------- +Wed Jun 16 23:39:09 UTC 2010 - chris@computersalat.de + +- bnc#606251 - postfix chrooted mysql.sock lost on mysql restart + o Now MYSQL_SOCK_DIR is mounted with '-o bind' to postfix CHROOT + +------------------------------------------------------------------- +Thu Jun 10 10:55:54 UTC 2010 - varkoly@novell.com + +- update to 2.7.1 + * Bugfix (introduced Postfix 2.6) in the XFORWARD implementation, + which sends remote SMTP client attributes through SMTP-based content filters. + The Postfix SMTP client did not skip "unknown" SMTP client attributes, + causing a syntax error when sending an "unknown" client PORT attribute. + * Robustness: skip LDAP queries with non-ASCII search strings, instead of failing with a database lookup error. + * Safety: Postfix processes now log a warning when a matchlist has + a #comment at the end of a line (for example mynetworks or relay_domains). + * Portability: OpenSSL 1.0.0 changes the priority of anonymous cyphers. + * Portability: Berkeley DB 5.x is now supported. + +------------------------------------------------------------------- +Thu May 20 17:08:26 UTC 2010 - chris@computersalat.de + +- fix obviously lost POSTFIX_MYHOSTNAME in SuSEconfig.postfix + +------------------------------------------------------------------- +Wed Apr 7 12:39:16 UTC 2010 - varkoly@novell.com + +- New file check_mail_queue. This script checks if there are some + mails in the queue and starts postfix if necessary. After delivering + the mails postfix will be stoped. + +------------------------------------------------------------------- +Thu Apr 1 10:28:09 UTC 2010 - varkoly@novell.com + +- bnc#559145 - Changed Domain name not reflected when sending mail + First /var/run/dhcp-hostname will be evaluated +- Now POSTFIX_SMTP_TLS_CLIENT is ternary : no yes must + +------------------------------------------------------------------- +Sun Feb 28 18:38:18 UTC 2010 - varkoly@novell.com +- update to 2.7.0 + * performance + - Periodic cache cleanup for the verify(8) cache database. + - Improved before-queue filter performance. + * sender reputation + - The FILTER action in access maps or header/body_checks now supports sender + reputation schemes that dynamically choose the SMTP source IP address. + * address verification + - The verify(8) service now uses a persistent cache by default. + * content filter + - The meaning of an empty filter next-hop destination has changed. + - The FILTER action in access maps or header/body_checks now supports sender + reputation schemes that dynamically choose the SMTP source IP address. + * milter + - Support for header checks on Milter-generated message headers. + Please read /usr/share/doc/packages/postfix/RELEASE_NOTES for details. +------------------------------------------------------------------- +Thu Feb 11 15:16:13 UTC 2010 - coolo@novell.com + +- revert the change to PreReq openldap-devel, this increases the + default installation several MBs + +------------------------------------------------------------------- +Tue Feb 2 15:45:26 UTC 2010 - varkoly@novell.com + +- bnc#567569 - Postfix: move ldap support to a separate package +- bnc#557239 - postfix delivers mail to user's home instead of /var/spool/mail + +------------------------------------------------------------------- +Tue Jan 5 23:28:12 UTC 2010 - chris@computersalat.de + +- rpmlint fixes + o init-script-undefined-dependency $network-remotefs +- fix for SuSEconfig.postfix + o if use_amavis eq "yes" + then content_filter "amavis:[127.0.0.1]:10024]" is defined, + so removed "-o content_filter=smtp:[127.0.0.1]:10024" for smtp +- s#ldconfig#/sbin/ldconfig# + +------------------------------------------------------------------- +Tue Dec 22 16:15:00 CEST 2009 - freespacer@gmx.de + +- Add support for dovecot as MDA to SuSEconfig. + +------------------------------------------------------------------- +Wed Dec 16 10:45:14 CET 2009 - jengelh@medozas.de + +- Package documentation as noarch + +------------------------------------------------------------------- +Tue Dec 10 13:15:15 CET 2009 - varkoly@suse.de + +- Remove postfixs update script. This does not work now. + +------------------------------------------------------------------- +Tue Dec 8 19:15:15 CET 2009 - varkoly@suse.de + +- Fix the %post section add missed %{fillup_only -an mail} + +------------------------------------------------------------------- +Mon Nov 16 17:14:39 CET 2009 - varkoly@suse.de + +- bnc#555814 – VUL-0: SMTPD_LISTEN_REMOTE="yes" by default +- bnc#555732 - Invalid $(hostname -i) usage SuSEconfig.postfix +- bnc#547928 – Postfix does not start during boot process +- Avoid append relay multiple times in POSTFIX_MAP_LIST + +------------------------------------------------------------------- +Mon Oct 26 14:36:55 CET 2009 - varkoly@suse.de + +- bnc#549612 – SuSEconfig.postfix + +------------------------------------------------------------------- +Mon Sep 28 09:22:54 CEST 2009 - varkoly@suse.de + +- bnc#540538 – postfix-2.6.1-10.1 installs new files in /etc/postfix and does not generate .db +- bnc#519438 - Postfix: Running chrooted lets qmgr loosing his syslog-socket +- remove obsolate version tests from SuSEconfig.postfix + +------------------------------------------------------------------- +Mon Sep 28 08:24:43 CEST 2009 - varkoly@suse.de + +- bnc#525825 - when using cyrus in a chroot environment Suseconfig does not + create socket /var/lib/imap/socket/lmtp + +------------------------------------------------------------------- +Mon Sep 14 11:34:41 UTC 2009 - chris@computersalat.de + +- spec + o fdupes if >= 1100 + +------------------------------------------------------------------- +Thu Sep 10 21:22:46 CEST 2009 - chris@computersalat.de + +- update to 2.6.1 + o merge home:varkoly:Factory and o:F +- spec mods + o use of getent +- rpmlint + o remove unneeded dists from examples/chroot-setup/ + o postin-without-ldconfig + o files-duplicate /usr/share/doc/packages/postfix-doc/html/ + o files-duplicate /usr/share/man/man? + +------------------------------------------------------------------- +Mon Apr 13 18:21:14 UTC 2009 - chris@computersalat.de + +- added VDA patch + o Mailbox / Maildir size limit, known also as "soft quota", + to avoid user take all you disk space + o Customizable "limit" message when the soft quota limit is reached. + NOTE: message is sent to senders, but NOT to the owner of the mailbox. + o Limit only 'INBOX', because some people use IMAP and don't want + the same limit in IMAP folder that are differents from INBOX. + o Support for 'Courier' style Maildir, usefull for people that + use courier as pop3/imap server and to get fast soft quota summary. + Note that it is also compatible with qmail maildir per default. + o Supports for Courier 'maildirsize' file in Maildir folder that + is used to read quotas quickly. Note that this option is not + actived per default and can be dangerous on some NFS client + implementation + (like for example Solaris that cache some filesystem operations). + o Customisable suffix for Maildir support, when share same external + dict between postfix and pop3/imap server sometime "Maildir/" suffix + is needed to avoid extra database handling (eg LDAP, MySQL...). +- some improvements of SuSEconfig.postfix + o POSTFIX_LISTEN: Comma separated list of IP's + o POSTFIX_INET_PROTO: ipv4, ipv6, all + o POSTFIX_MYHOSTNAME: define SMTPs FQHOSTNAME + o POSTFIX_WITH_MYSQL: when using MySQL as backend + o POSTFIX_BASIC_SPAM_PREVENTION: "custom" + you can now define your own rules + - POSTFIX_SMTPD_CLIENT_RESTRICTIONS + - POSTFIX_SMTPD_HELO_RESTRICTIONS + - POSTFIX_SMTPD_SENDER_RESTRICTIONS + - POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS +- added helo_access for helo checks +- added relay for relaying domain +- added MySQL stuff when using MySQL as backend (virtuser) + o you should consider postfixAdmin as mgmnt interface + o when runninng postfix chrooted: + you have to run SUSEconfig each time when you have restarted MySQL + because of linking mysql.sock + +------------------------------------------------------------------- +Sun Mar 29 15:18:52 CEST 2009 - varkoly@suse.de + +- bnc#439287 - not all POSTFIX_ADD_* values are properly handled + by SuSEconfig.postfix +- bnc#483208 - Postfix configuration trashed after update +- bnc#488268 - SuSEconfig.postfix chroot setup misses /etc/ssl/certs + +------------------------------------------------------------------- +Mon Jan 12 11:12:16 CET 2009 - varkoly@suse.de + +- bnc#465165 - postfix src package + +------------------------------------------------------------------- +Fri Jan 9 17:43:53 CET 2009 - varkoly@suse.de + +- bnc#464869 - SuSEconfig.postfix causes DNS lookup +- bnc#460442 - amavisd-new and Postfix need fqdn-hostname in "uname -n" + +------------------------------------------------------------------- +Mon Jan 5 13:54:11 CET 2009 - varkoly@suse.de + +- update to 2.5.6 + - The SMTP server did not ask for a client certificate + with "smtpd_tls_req_ccert = yes". Reported by Rob Foehl. + + - Avoid reduced TCP performance when reusing an SMTP connection + with a larger than 4096-byte TCP MSS value. In practice, this + could happen only with loopback (localhost) connections. + +------------------------------------------------------------------- +Sun Nov 16 12:16:03 CET 2008 - varkoly@suse.de + +- (bnc#442456) - chrooted postfix and saslauthd + +------------------------------------------------------------------- +Tue Nov 4 15:24:41 CET 2008 - ro@suse.de + +- fix build + +------------------------------------------------------------------- +Tue Nov 4 15:15:03 CET 2008 - varkoly@suse.de + +- upgrade must not be executed during installation + +------------------------------------------------------------------- +Tue Oct 14 11:16:21 CEST 2008 - varkoly@suse.de + +- (bnc#403976) - permissions on /var/lib/postfix changed +- (bnc#433916) - postfix should be splitted into postfix and postfix-doc + +------------------------------------------------------------------- +Thu Sep 11 14:34:22 CEST 2008 - varkoly@suse.de + +- (bnc#415216) - Postfix RPM Install Displays Multiple Warnings +- clean up spec file + +------------------------------------------------------------------- +Tue Sep 9 09:57:35 CEST 2008 - varkoly@suse.de + +- Update to Version 2.5 patchlevel 5 + * Bugfix (introduced Postfix 2.4): epoll file descriptor leak. + With Postfix >= 2.4 on Linux >= 2.6, Postfix has an epoll + file descriptor leak when it executes non-Postfix commands + in, for example, user-controlled $HOME/.forward files. + * Security: some systems have changed their link() semantics, + and will hardlink a symlink, contrary to POSIX and XPG4. + Sebastian Krahmer, SuSE. File: util/safe_open.c. + + The solution introduces the following incompatible change: + when the target of mail delivery is a symlink, the parent + directory of that symlink must now be writable by root only + (in addition to the already existing requirement that the + symlink itself is owned by root). This change will break + legitimate configurations that deliver mail to a symbolic + link in a directory with less restrictive permissions. + * Bugfix: dangling pointer in vstring_sprintf_prepend(). + File: util/vstring.c. + +------------------------------------------------------------------- +Mon Aug 25 18:45:03 CEST 2008 - mt@suse.de + +- init script: copy LSB *-Start tags to *-Stop +- spec file: removed obsolete rc.config update hooks + +------------------------------------------------------------------- +Wed Aug 6 13:33:01 CEST 2008 - varkoly@suse.de + +- (bnc#414959) postfix doesn't have any "Name: " tag in firewall definition +- (bnc#405900) SuSEconfig.postfix changes owner and permissions of + /tmp if smtpd_tls_CApath is not set + +- Update to Version 2.5 patchlevel 3 + * Cleanup of code + * defer delivery when a mailbox file is not owned by the recipient. + Requested by Sebastian Krahmer, SuSE. + Specify "strict_mailbox_ownership=no" to ignore ownership discrepancies. + * Bugfix: null-terminate CN comment string after sanitization. + * Bugfix (introduced Postfix 2.0): after "warn_if_reject + reject_unlisted_recipient/sender", the SMTP server mistakenly + remembered that recipient/sender validation was already done. + +------------------------------------------------------------------- +Wed Jul 9 15:07:46 CEST 2008 - varkoly@suse.de + +- (fate#305005) Enable SMTPS in postfix ootb + +------------------------------------------------------------------- +Tue Jun 17 12:27:10 CEST 2008 - varkoly@suse.de + +- (bnc#396985) sending of NUL character disallowed by RFC2822 +- (bnc#397127) without relay is silent about undeliverable mails + +------------------------------------------------------------------- +Tue May 13 18:17:09 CEST 2008 - varkoly@suse.de + +- (bnc#389670) - postfix generates invalid config + +------------------------------------------------------------------- +Tue Apr 1 16:17:31 CEST 2008 - mkoenig@suse.de + +- remove dir /usr/share/omc/svcinfo.d as it is provided now + by filesystem + +------------------------------------------------------------------- +Tue Feb 26 09:59:43 CET 2008 - varkoly@suse.de + +- Update to Version 2.5 patchlevel 1 + Changes: The Postfix 2.5 "postfix upgrade-configuration" command + now works even with Postfix 2.4 or earlier versions of the + postfix command. When installing Postfix 2.5.0 without upgrading + from an existing master.cf file, the new master.cf file had an + incorrect process limit for the proxywrite service. This service + is used only by the obscure "smtp_sasl_auth_cache_name" and + "lmtp_sasl_auth_cache_name" configuration parameters. Someone + needed multi-line support for header/body Milter replies. The + LDAP client's TLS support was broken in several ways. + +------------------------------------------------------------------- +Wed Feb 13 14:58:52 CET 2008 - varkoly@suse.de + +- #360572 - postfix %post script leaves lots of backup files in /etc/postfix/ + +------------------------------------------------------------------- +Wed Jan 30 12:20:53 CET 2008 - varkoly@suse.de + +- Update to Version 2.5 patchlevel 0 + + Major changes - critical + ------------------------ + + [Incompat 20071224] The protocol to send Milter information from + smtpd(8) to cleanup(8) processes was cleaned up. If you use the + Milter feature, and upgrade a live Postfix system, you may see an + "unexpected record type" warning from a cleanup(8) server process. + To prevent this, execute the command "postfix reload". The + incompatibility affects only systems that use the Milter feature. + It does not cause loss of mail, just a minor delay until the remote + SMTP client retries. + + [Incompat 20071212] The allow_min_user feature now applies to both + sender and recipient addresses in SMTP commands. With earlier Postfix + versions, only recipients were subject to the allow_min_user feature, + and the restriction took effect at mail delivery time, causing mail + to be bounced later instead of being rejected immediately. + + [Incompat 20071206] The "make install" and "make upgrade" procedures + now create a Postfix-owned directory for Postfix-writable data files + such as caches and random numbers. The location is specified with + the "data_directory" parameter (default: "/var/lib/postfix"), and + the ownership is specified with the "mail_owner" parameter. + + [Incompat 20071206] The tlsmgr(8) and verify(8) servers no longer + use root privileges when opening the address_verify_map, + *_tls_session_cache_database, and tls_random_exchange_name cache + files. This avoids a potential security loophole where the ownership + of a file (or directory) does not match the trust level of the + content of that file (or directory). + + [Incompat 20071206] The tlsmgr(8) and verify(8) cache files should + now be stored as Postfix-owned files under the Postfix-owned + data_directory. As a migration aid, attempts to open these files + under a non-Postfix directory are redirected to the Postfix-owned + data_directory, and a warning is logged. + + This is an example of the warning messages: + + Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: request + to update file /etc/postfix/prng_exch in non-postfix directory + /etc/postfix + + Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: redirecting + the request to postfix-owned data_directory /var/lib/postfix + + If you wish to continue using a pre-existing tls_random_exchange_name + or address_verify_map file, move it to the Postfix-owned data_directory + and change ownership from root to Postfix (that is, change ownership + to the account specified with the mail_owner configuration parameter). + + [Feature 20071205] The "make install" and "make upgrade" procedures + now create a Postfix-owned directory for Postfix-writable data files + such as caches and random numbers. The location is specified with + the "data_directory" parameter (default: "/var/lib/postfix"), and + the ownership is specified with the "mail_owner" parameter. + + [Incompat 20071203] The "make upgrade" procedure adds a new service + "proxywrite" to the master.cf file, for read/write lookup table + access. If you copy your old configuration file over the updated + one, you may see warnings in the maillog file like this: + + connect #xx to subsystem private/proxywrite: No such file or directory + + To recover, run "postfix upgrade-configuration" again. + + [Incompat 20070613] The pipe(8) delivery agent no longer allows + delivery with the same group ID as the main.cf postdrop group. + + Major changes - malware defense + ------------------------------- + + [Feature 20080107] New "pass" service type in master.cf. Written + years ago, this allows future front-end daemons to accept all + connections from the network, and to hand over connections from + well-behaved clients to Postfix. Since this feature uses file + descriptor passing, it imposes no overhead once a connection is + handed over to Postfix. See master(5) for a few details. + + [Feature 20070911] Stress-adaptive behavior. When a "public" network + service runs into an "all processes are busy" condition, the master(8) + daemon logs a warning, restarts the service, and runs it with "-o + stress=yes" on the command line (under normal conditions it runs + the service with "-o stress=" on the command line). This can be + used to make main.cf parameter settings stress dependent, for + example: + + /etc/postfix/main.cf: + smtpd_timeout = ${stress?10}${stress:300} + smtpd_hard_error_limit = ${stress?1}${stress:20} + + Translation: under conditions of stress, use an smtpd_timeout value + of 10 seconds instead of 300, and use smtpd_hard_error_limit of 1 + instead of 20. The syntax is explained in the postconf(5) manpage. + + The STRESS_README file gives examples of how to mitigate flooding + problems. + + Major changes - tls support + --------------------------- + + [Incompat 20080109] TLS logging output has changed to make it more + useful. Existing logfile parser regular expressions may need + adjustment. + + - More log entries include the "hostnamename[ipaddress]" of the + remote SMTP peer. + + - Certificate trust chain error reports show only the first + error certificate (closest to the trust chain root), and the + reporting is more human-readable for the most likely errors. + + - After the completion of the TLS handshake, the session is logged + with TLS loglevel >= 1 as either "Untrusted", "Trusted" or + "Verified" (SMTP client only). + - "Untrusted" means that the certificate trust chain is invalid, + or that the root CA is not trusted. + - "Trusted" means that the certificate trust chain is valid, and + that the root CA is trusted. + - "Verified" means that the certificate meets the SMTP client's + matching criteria for the destination: + - In the case of a destination name match, "Verified" also + implies "Trusted". + - In the case of a fingerprint match, CA trust is not applicable. + + - The logging of protocol states with TLS loglevel >= 2 no longer + reports bogus error conditions when OpenSSL asks Postfix to refill + (or flush) network I/O buffers. This loglevel is for debugging + only; use 0 or 1 in production configurations. + + [Feature 20080109] The Postfix SMTP client has a new "fingerprint" + security level. This avoids dependencies on CAs, and relies entirely + on bi-lateral exchange of public keys (really self-signed or private + CA signed X.509 public key certificates). Scalability is clearly + limited. For details, see the fingerprint discussion in TLS_README. + + [Feature 20080109] The Postfix SMTP server can now use SHA1 instead + of MD5 to compute remote SMTP client certificate fingerprints. For + backwards compatibility, the default algorithm is MD5. For details, + see the "smtpd_tls_fingerprint_digest" parameter in the postconf(5) + manual. + + [Feature 20080109] The maximum certificate trust chain depth + (verifydepth) is finally implemented in the Postfix TLS library. + Previously, the parameter had no effect. The default depth was + changed to 9 (the OpenSSL default) for backwards compatibility. + + If you have explicity limited the verification depth in main.cf, + check that the configured limit meets your needs. See the + "lmtp_tls_scert_verifydepth", "smtp_tls_scert_verifydepth" and + "smtpd_tls_ccert_verifydepth" parameters in the postconf(5) manual. + + [Feature 20080109] The selection of SSL/TLS protocols for mandatory + TLS can now use exclusion rather than inclusion. Either form is + acceptable; see the "lmtp_tls_mandatory_protocols", + "smtp_tls_mandatory_protocols" and "smtpd_tls_mandatory_protocols" + parameters in the postconf(5) manual. + + Major changes - scheduler + ------------------------- + + [Feature 20071130] Revised queue manager with separate mechanisms + for per-destination concurrency control and for dead destination + detection. The concurrency control supports less-than-1 feedback + to allow for more gradual concurrency adjustments, and uses hysteresis + to avoid rapid oscillations. A destination is declared "dead" after + a configurable number of pseudo-cohorts(*) reports connection or + handshake failure. + + (*) A pseudo-cohort is a number of delivery requests equal to a + destination's delivery concurrency. + + The drawbacks of the old +/-1 feedback scheduler are a) overshoot + due to exponential delivery concurrency growth with each pseudo-cohort(*) + (5-10-20...); b) throttling down to zero concurrency after a single + pseudo-cohort(*) failure. The latter was especially an issue with + low-concurrency channels where a single failure could be sufficient + to mark a destination as "dead", and suspend further deliveries. + + New configuration parameters: destination_concurrency_feedback_debug, + default_destination_concurrency_positive_feedback, + default_destination_concurrency_negative_feedback, + default_destination_concurrency_failed_cohort_limit, as well as + transport-specific versions of the same. + + The default parameter settings are backwards compatible with older + Postfix versions. This may change after better defaults are field + tested. + + The updated SCHEDULER_README document describes the theory behind + the new concurrency scheduler, as well as Patrik Rak's preemptive + job scheduler. See postconf(5) for more extensive descriptions of + the configuration parameters. + + Major changes - small/home office + --------------------------------- + + [Feature 20080115] Preliminary SOHO_README document that combines + bits and pieces from other document in one place, so that it is + easier to find. This document describes the "mail sending" side + only. + + [Feature 20071202] Output rate control in the queue manager. For + example, specify "smtp_destination_rate_delay = 5m", to pause five + minutes between message deliveries. More information in the postconf(5) + manual under "default_destination_rate_delay". + + Major changes - smtp client + --------------------------- + + [Incompat 20080114] The Postfix SMTP client now by default defers + mail after a remote SMTP server rejects a SASL authentication + attempt. Specify "smtp_sasl_auth_soft_bounce = no" for the old + behavior. + + [Feature 20080114] The Postfix SMTP client can now avoid making + repeated SASL login failures with the same server, username and + password. To enable this safety feature, specify for example + "smtp_sasl_auth_cache_name = proxy:btree:/var/lib/postfix/sasl_auth_cache" + (access through the proxy service is required). Instead of trying + to SASL authenticate, the Postfix SMTP client defers or bounces + mail as controlled with the new smtp_sasl_auth_soft_bounce configuration + parameter. + + [Feature 20071111] Header/body checks are now available in the SMTP + client, after the implementation was moved from the cleanup server + to a library module. The SMTP client provides only actions that + don't change the message delivery time or destination: warn, replace, + prepend, ignore, dunno, ok. + + [Incompat 20070614] By default, the Postfix Cyrus SASL client no + longer sends a SASL authoriZation ID (authzid); it sends only the + SASL authentiCation ID (authcid) plus the authcid's password. Specify + "send_cyrus_sasl_authzid = yes" to get the old behavior. + + Major changes - smtp server + --------------------------- + + [Feature 20070724] Not really major. New support for RFC 3848 + (Received: headers with ESMTPS, ESMTPA, or ESMTPSA); updated SASL + support according to RFC 4954, resulting in small changes to SMTP + reply codes and (DSN) enhanced status codes. + + Major changes - milter + ---------------------- + + [Incompat 20071224] The protocol to send Milter information from + smtpd(8) to cleanup(8) processes was cleaned up. If you use the + Milter feature, and upgrade a live Postfix system, you may see an + "unexpected record type" warning from a cleanup(8) server process. + To prevent this, execute the command "postfix reload". The + incompatibility affects only systems that use the Milter feature. + It does not cause loss of mail, just a minor delay until the remote + SMTP client retries. + + [Feature 20071221] Support for most of the Sendmail 8.14 Milter + protocol features. + + To enable the new features specify "milter_protocol = 6" and link + the filter application with a libmilter library from Sendmail 8.14 + or later. + + Sendmail 8.14 Milter features supported at this time: + + - NR_CONN, NR_HELO, NR_MAIL, NR_RCPT, NR_DATA, NR_UNKN, NR_HDR, + NR_EOH, NR_BODY: The filter can tell Postfix that it won't reply + to some of the SMTP events that Postfix sends. This makes the + protocol less chatty and improves performance. + + - SKIP: The filter can tell Postfix to skip sending the rest of + the message body, which also improves performance. + + - HDR_LEADSPC: The filter can request that Postfix does not delete + the first space character between header name and header value + when sending a header to the filter, and that Postfix does not + insert a space character between header name and header value + when receiving a header from the filter. This fixes a limitation + in the old Milter protocol that can break DKIM and DK signatures. + + - SETSYMLIST: The filter can override one or more of the main.cf + milter_xxx_macros parameter settings. + + Sendmail 8.14 Milter features not supported at this time: + + - RCPT_REJ: report rejected recipients to the mail filter. + + - CHGFROM: replace sender, with optional ESMTP command parameters. + + - ADDRCPT_PAR: add recipient, with optional ESMTP command parameters. + + It is unclear when (if ever) the missing features will be implemented. + SMFIP_RCPT_REJ requires invasive changes in the SMTP server recipient + processing and error handling. SMFIR_CHGFROM and SMFIR_ADDRCPT_PAR + require ESMTP command-line parsing in the cleanup server. Unfortunately, + Sendmail's documentation does not specify what ESMTP options are + supported, but only discusses examples of things that don't work. + + Major changes - address verification + ------------------------------------ + + [Incompat 20070514] The default sender address for address verification + probes was changed from "postmaster" to "double-bounce", so that + the Postfix SMTP server no longer causes surprising behavior by + excluding "postmaster" from SMTP server access controls. + + Major changes - ldap + -------------------- + + [Incompat 20071216] Due to an incompatible API change between + OpenLDAP 2.0.11 and 2.0.12, an LDAP client compiled for OpenLDAP + version <= 2.0.11 will refuse to work with an OpenLDAP library + version >= 2.0.12 and vice versa. + + Major changes - logging + ----------------------- + + [Incompat 20080109] TLS logging output has changed to make it more + useful. Existing logfile parser regular expressions may need + adjustment. + + - More log entries include the "hostnamename[ipaddress]" of the + remote SMTP peer. + + - Certificate trust chain error reports show only the first + error certificate (closest to the trust chain root), and the + reporting is more human-readable for the most likely errors. + + - After the completion of the TLS handshake, the session is logged + with TLS loglevel >= 1 as either "Untrusted", "Trusted" or + "Verified" (SMTP client only). + - "Untrusted" means that the certificate trust chain is invalid, + or that the root CA is not trusted. + - "Trusted" means that the certificate trust chain is valid, and + that the root CA is trusted. + - "Verified" means that the certificate meets the SMTP client's + matching criteria for the destination: + - In the case of a destination name match, "Verified" also + implies "Trusted". + - In the case of a fingerprint match, CA trust is not applicable. + + - The logging of protocol states with TLS loglevel >= 2 no longer + reports bogus error conditions when OpenSSL asks Postfix to refill + (or flush) network I/O buffers. This loglevel is for debugging + only; use 0 or 1 in production configurations. + + [Incompat 20071216] The SMTP "transcript of session" email now + includes the remote SMTP server TCP port number. + + Major changes - loop detection + ------------------------------ + + [Incompat 20070422] [Incompat 20070422] When the pipe(8) delivery + agent is configured to create the optional Delivered-To: header, + it now first checks if that same header is already present in the + message. If so, the message is returned as undeliverable. This test + should have been included with Postfix 2.0 when Delivered-To: support + was added to the pipe(8) delivery agent. + +------------------------------------------------------------------- +Tue Jan 8 10:00:12 CET 2008 - varkoly@suse.de + +- Remove previous fix + +------------------------------------------------------------------- +Sun Dec 30 19:58:02 CET 2007 - varkoly@suse.de + +- #301335 - [SuSEconfig]: Postfix module uses stderr + +------------------------------------------------------------------- +Tue Dec 4 09:02:19 CET 2007 - varkoly@suse.de + +- Update to Version 2.4 patchlevel 6 + Bugfix (introduced Postfix 2.2.11): TLS client certificate + with unparsable canonical name caused the SMTP server's + policy client to allocate zero-length memory, triggering + an assertion that it shouldn't do such things. File: + smtpd/smtpd_check.c. + + Bugfix (introduced Postfix 2.4) missing initialization of + event mask in the event_mask_drain() routine (used by the + obsolete postkick(1) command). Found by Coverity. File: + util/events.c. + + Workaround: the flush daemon forces an access time update + for the per-destination logfile, to prevent an excessive + rate of delivery attempts when the queue file system is + mounted with "noatime". File: flush/flush.c. + +- #330276 – /sbin/conf.d/SuSEconfig.postfix could copy certs into smtpd_tls_CApath + +------------------------------------------------------------------- +Mon Oct 22 17:38:19 CEST 2007 - sbrabec@suse.cz + +- Use correct SuSEfirewall2 rule directory. + +------------------------------------------------------------------- +Wed Oct 17 11:52:01 CEST 2007 - varkoly@suse.de + +- #333629 - saslauthd typo in SuSEconfig.postfix + +------------------------------------------------------------------- +Mon Oct 8 12:37:39 CEST 2007 - varkoly@suse.de + +- #331044 - Postfix uses receive_override_options in main.cf + +------------------------------------------------------------------- +Sun Sep 9 17:42:27 CEST 2007 - varkoly@suse.de + +- fix the last fix + +------------------------------------------------------------------- +Tue Sep 4 00:38:58 CEST 2007 - cthiel@suse.de + +- fix the last fix + +------------------------------------------------------------------- +Mon Sep 3 12:37:43 CEST 2007 - varkoly@suse.de + +- Fixing bug: #297622 - SMTPD_LISTEN_REMOTE has no effect + +------------------------------------------------------------------- +Mon Aug 6 00:26:31 CEST 2007 - mrueckert@suse.de + +- Update to Version 2.4 patchlevel 5 + Bugfix: the loopback TCP performance workaround was ineffective + due to a wetware bit-flip during code cleanup. File: + util/vstream_tweak.c. + + (patch level 4) + Bugfix: the Milter client assumed that a Milter application + does not modify the message header or envelope, after that + same Milter application has modified the message body of + that same email message. This is not a problem with updates + by different Milter applications. Problem was triggered + by Jose-Marcio Martins da Cruz. Also simplified the handling + of queue file update errors. File: milter/milter8.c. + + Workaround: some non-Cyrus SASL SMTP servers require SASL + login without authzid (authoriZation ID), i.e. the client + must send only the authcid (authentiCation ID) + the authcid's + password. In this case the server is supposed to derive + the authzid from the authcid. This works as expected when + authenticating to a Cyrus SASL SMTP server. To get the old + behavior specify "send_cyrus_sasl_authzid = yes", in which + case Postfix sends the (authzid, authcid, password), with + the authzid equal to the authcid. File: xsasl/xsasl_cyrus_client.c. + + Portability: /dev/poll support for Solaris chroot jail setup + scripts. Files: examples/chroot-setup/Solaris8, + examples/chroot-setup/Solaris10. + + Cleanup: Milter client error handling, so that the (Postfix + SMTP server's Milter client) does not get out of sync with + Milter applications after the (cleanup server's Milter + client) encounters some non-recoverable problem. Files: + milter/milter8.c, smtpd/smtpd.c. + + Performance: workaround for poor TCP performance on loopback + (127.0.0.1) connections. Problem reported by Mark Martinec. + Files: util/vstream_tweak.c, milter/milter8.c, smtp/smtp_connect.c, + smtpstone/*source.c. + + Bugfix: when a milter replied with ACCEPT at or before the + first RCPT command, the cleanup server would apply the + non_smtpd_milters setting as if the message was a local + submission. Problem reported by Jukka Salmi. Also, the + cleanup server would get out of sync with the milter when + a milter replied with ACCEPT at the DATA command. Files: + cleanup/cleanup_envelope.c, smtpd/smtpd.c, milter/milters.c. +- rediffed patches + +------------------------------------------------------------------- +Tue Jul 31 18:21:11 CEST 2007 - varkoly@suse.de + +- Update to Version 2.4 patchlevel 3 + (patch level 1) + Bugfix (introduced Postfix 2.3): segfault with HOLD action + in access/header_checks/body_checks on 64-bit platforms. + File: cleanup/cleanup_api.c. + + Portability (introduced 20070325): the fix for hardlinks + and symlinks in postfix-install forgot to work around shells + where "IFS=/ command" makes the IFS setting permanent. This + is allowed by some broken standard, and affects Solaris. + File: postfix-install. + + Portability (introduced 20070212): the workaround for + non-existent library bugs with descriptors >= FD_SETSIZE + broke with "fcntl F_DUPFD: Invalid argument" on 64-bit + Solaris. Files: master/multi_server.c, *qmgr/qmgr_transport.c. + + Cleanup: on (Linux) platforms that cripple signal handlers + with deadlock, "postfix stop" now forcefully stops all the + processes in the master's process group, not just the master + process alone. File: conf/postfix-script. + + (patch level 2) + Bugfix: don't falsely report "lost connection from + localhost[127.0.0.1]" when Postfix is being portscanned. + Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c. + + Robustness: recommend a "0" process limit for policy servers + to avoid "connection refused" problems when the smtpd process + limit exceeds the default process limit. File: + proto/SMTPD_POLICY_README.html. + + Safety: when IPv6 (or IPv4) is turned off, don't treat an + IPv6 (or IPv4) connection from e.g. inetd as if it comes + from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c, + qmqpd/qmqpd_peer.c. + + Bugfix: Content-Transfer-Encoding: attribute values are + case insensitive. File: src/cleanup/cleanup_message.c. + + Bugfix: mailbox_transport(_maps) and fallback_transport(_maps) + were broken when used with the error(8) or discard(8) + transports. Cause: insufficient documentation. Files: + error/error.c, discard/discard.c. + + Bugfix (problem introduced Postfix 2.3): when DSN support + was introduced it broke "agressive" recipient duplicate + elimination with "enable_original_recipient = no". File: + cleanup/cleanup_out_recipient.c. + + Bugfix (introduced Postfix 2.3): the sendmail/postdrop + commands would hang when trying to submit a message larger + than the per-message size limit. File: postdrop/postdrop.c. + + Sabotage the saboteur who insists on breaking Postfix by + adding gethostbyname() calls that cause maildir delivery + to fail when the machine name is not found in /etc/hosts, + or that cause Postfix processes to hang when the network + is down. + + (patch level 3) + Portability: Victor helpfully pointed out that change + 20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c, + qmqpd/qmqpd_peer.c. + +------------------------------------------------------------------- +Thu Jun 21 08:30:45 CEST 2007 - varkoly@suse.de + +- Bug 285553 amavisd inconsistency + +------------------------------------------------------------------- +Tue Jun 19 18:55:43 CEST 2007 - dmueller@suse.de + +- provide smtp meta-service as well + +------------------------------------------------------------------- +Mon Jun 11 21:32:53 CEST 2007 - lrupp@suse.de + +- don't PreRequire /sbin/ip: removed call in SuSEconfig.postfix + +------------------------------------------------------------------- +Thu May 3 12:09:13 CEST 2007 - varkoly@suse.de + +- dynamic_maps.patch: readded the chunk for dict_tcp and dict_pcre +- replaced prereq for postfix with a prereq on + %{name} = %{version} +- updated to postfix 2.4, patchlevel 0 + Major changes - safety + * As a safety measure, Postfix now by default creates mailbox dotlock + files on all systems. This prevents problems with GNU POP3D which + subverts kernel locking by creating a new mailbox file and deleting + the old one + + Major changes - Milter support + * The support for Milter header modification + requests was revised. With minimal change in the on-disk representation, + the code was greatly simplified, and regression tests were updated + to ensure that old errors were not re-introduced. The queue file + format is entirely backwards compatible with Postfix 2.3. + + * Support for Milter requests to replace the message + body. Postfix now implements all the header/body modification + requests that are available with Sendmail 8.13. + + * A new field is added to the queue file "size" + record that specifies the message content length. Postfix 2.3 and + older Postfix 2.4 snapshots will ignore this field, and will report + the message size as it was before the body was replaced. + + Major changes - TLS support + * The check_smtpd_policy client sends TLS certificate + attributes (client ccert_subject, ccert_issuer) only after successful + client certificate verification. The reason is that the certification + verification status itself is not available in the policy request. + + * The check_smtpd_policy client sends TLS certificate + fingerprint information even when the certificate itself was not + verified. + + * The remote SMTP client TLS certificate fingerprint + can be used for access control even when the certificate itself was + not verified. + + * The format of SMTP server TLS session cache + lookup keys has changed. The lookup key now includes the master.cf + service name. + + Major changes - performance + * Better support for systems that run thousands + of Postfix processes. Postfix now supports FreeBSD kqueue(2), + Solaris poll(7d) and Linux epoll(4) as more scalable alternatives + to the traditional select(2) system call, and uses poll(2) when + examining a single file descriptor for readability or writability. + These features are supported on sufficiently recent versions of + FreeBSD, NetBSD, OpenBSD, Solaris and Linux; support for other + systems will be added as evidence becomes available that usable + implementations exist. + + Major changes - delivery status notifications + * Small changes were made to the default bounce + message templates, to prevent HTML-aware software from hiding or + removing the text "", and producing misleading text. + + * Postfix no longer announces its name in delivery + status notifications. Users believe that Wietse provides a free + help desk service that solves all their email problems. + + Major changes - ETRN support + * More precise queue flushing with the ETRN, + "postqueue -s site", and "sendmail -qRsite" commands, after + minimization of race conditions. New per-queue-file flushing with + "postqueue -i queueid" and "sendmail -qIqueueid". + + Major changes - small office/home office support + * Postfix no longer requires a domain name. It + uses "localdomain" as the default Internet domain name when no + domain is specified via main.cf or via the machine's hostname. + + Major changes - SMTP access control + * The check_smtpd_policy client sends TLS certificate + attributes (client ccert_subject, ccert_issuer) only after successful + client certificate verification. The reason is that the certification + verification status itself is not available in the policy request. + + * The check_smtpd_policy client sends TLS certificate + fingerprint information even when the certificate itself was not + verified. + + * The remote SMTP client TLS certificate fingerprint can be used for + access control even when the certificate itself was not verified. + + * The Postfix installation procedure no longer + updates main.cf with "unknown_local_recipient_reject_code = 450". + Four years after the introduction of mandatory recipient validation, + this transitional tool is no longer neeed. + +------------------------------------------------------------------- +Thu Mar 29 14:33:03 CEST 2007 - rguenther@suse.de + +- Add pwdutils BuildRequires to allow postinst script to succeed. +- Add /usr/share/omc directory. + +------------------------------------------------------------------- +Mon Feb 26 10:32:36 CET 2007 - varkoly@suse.de + +- #247351 - postfix - Ports for SuSEfirewall added via packages + +- Move postfix.xml into the postfix-SuSE tarball + +- #228479 - Postfix is configured for inet_protocols=all if + selecting ipv4 only support during installation. + Now we set both inet_protocols and inet_interfaces to all. + This means the available interfaces and protocols will be used. + To avoid bogus warnings inet_proto.c was patched. + +- #251598 - postfix use pointers for literals + +------------------------------------------------------------------- +Mon Jan 15 13:14:07 CET 2007 - varkoly@suse.de + +- #144104 - postfix does not start + +- Implementing Fate #301840: Postfix XML Service Description Document + +- Enhancing /etc/sysconfig/postfix descripton to avoid problems + like Bug 228678 - Problems with setting up chroot environment if + /var/spool is not on same filesystem as /var + +------------------------------------------------------------------- +Wed Nov 22 03:03:18 CET 2006 - mrueckert@suse.de + +- moved the dict handling into a preun script instead of postun + and do not remove the dict entry on upgrade (#223176) +- removed duplicates in the filelists. + +------------------------------------------------------------------- +Fri Nov 10 11:43:00 CET 2006 - varkoly@suse.de + +- #218229 - Postfix SuSEconfig script increases the max_proc line each run in master.cf + +------------------------------------------------------------------- +Sat Oct 28 11:41:50 CEST 2006 - varkoly@suse.de + +- #206414 - /usr/lib/sasl2/smtpd.conf misplaced + +------------------------------------------------------------------- +Tue Oct 24 22:32:45 CEST 2006 - varkoly@suse.de + +- #202119 – SuSEconfig script for Postfix incomplete +- #202162 – Postfix 2.3.2 slightly incorrect, Cyrus SASL unavailable +- #203174 – /sbin/conf.d/SuSEconfig.postfix should configure a TLS session cache for postfix 2.2 +- #203575 – postfix-2.2.9-10 chokes without scache +- #213589 - No development package/headers for postfix + +------------------------------------------------------------------- +Wed Aug 16 01:24:20 CEST 2006 - ro@suse.de + +- also add libpostfix-milter.so* + +------------------------------------------------------------------- +Mon Aug 14 12:34:37 CEST 2006 - varkoly@suse.de + +- updated to postfix 2.3, patchlevel 2 +- Major changes + - Name server replies that contain a malformed hostname are now flagged + as permanent errors instead of transient errors. + - DSN support as described in RFC 3461 .. RFC 3464. + - The SMTP client now implements the LMTP protocol. + - Milter (mail filter) application support, compatible with Sendmail + version 8.13.6 and earlier. +- Major changes - SASL authentication + - Plug-in support for SASL authentication in the SMTP server and in the + SMTP/LMTP client. + - The Postfix-with-Cyrus-SASL build procedure has changed. + - Support for sender-dependent ISP accounts. +- Major changes - SMTP client + - The SMTP client now implements the LMTP protocol. + - This version addresses a performance stability problem with remote + SMTP servers. +- Major changes - SMTP server + - The Postfix SMTP server now refuses to receive mail from the network + if it isn't running with postfix mail_owner privileges. + - Optional suppression of remote SMTP client hostname lookup and hostname + verification. + - SMTPD Access control based on the existence of an address->name mapping +- Major changes - TLS + - New concept: TLS security levels ("none", "may", "encrypt", "verify" + or "secure") in the Postfix SMTP client. + - Both the Postfix SMTP client and server can be configured without a + client or server certificate. +- See + /usr/share/doc/packages/postfix/RELEASE_NOTES + /usr/share/doc/packages/postfix/TLS_CHANGES + /usr/share/doc/packages/postfix/README_FILES/SASL_README + for detailed informations. + +------------------------------------------------------------------- +Wed Aug 2 16:18:30 CEST 2006 - varkoly@suse.de + +- Only %{conf_backup_dir} is contained by the package not /var/adm/backup + +------------------------------------------------------------------- +Mon Jul 10 16:21:31 CEST 2006 - varkoly@suse.de + +- Bugfix: #190639 Default number of processes for postfix +- Bugfix: #190270 postfix-postgresql + +------------------------------------------------------------------- +Fri Jun 2 19:58:38 CEST 2006 - varkoly@suse.de + +- Bugfix: #98188 - SuSE.tar.gz filename collision in cyrus/postfix SRPMs + +------------------------------------------------------------------- +Mon Apr 24 17:14:40 CEST 2006 - varkoly@suse.de + +- Bugfix: #165786 - yast2-mail modul uses obsolate postfix attributes + +------------------------------------------------------------------- +Mon Mar 20 10:21:55 CET 2006 - varkoly@suse.de + +- updated to postfix 2.2, patchlevel 9. +- Reasons: + Bugfix: the LMTP client would reuse a session after negative + reply to the RSET command (which may happen when client and + server somehow get out of sync). + Bugfix: race condition in the connection caching protocol, + causing the SMTP delivery agent to hang after delivering + mail, while trying to save a connection. + Bugfix: the best_mx_transport, mailbox_transport and + fallback_transport features did not write a per-recipient + defer logfile record when the target delivery agent was + broken. + Bugfix: an EHLO I/O error after STARTTLS would be reported + as a STARTTLS I/O error. + Bugfix: the *SQL, proxy and LDAP maps were not defined in + user-land commands such as postqueue. + Bugfix: the anvil server would terminate after "max_idle" + seconds, even when this was less than the anvil_rate_time_unit + interval. + Portability: 64-bit support for LINUX chroot script by Keith + Owens. + Safety: new "smtp_cname_overrides_servername" parameter. + + Bugfix: mailbox_command_maps was not subject to $name + expansion. + Bugfix: don't ignore the per-site policy when SSL library + initialization fails. + Bugfix: a TLS per-site MUST_NOPEERMATCH policy could not + override a stronger main.cf policy, while a per-site NONE + policy could. + Bugfix: a combined TLS per-site (host, recipient) policy + of (NONE, MAY) changed a global MUST policy into NONE, and + a global MUST_NOPEERMATCH into MAY. The result is now NONE. + Problem found by exhaustive simulation. + Bugfix: an empty remote_header_rewrite_domain value caused + trivial-rewrite to dereference a null pointer, but only in + regression tests, not in production. Postfix rewrites + addresses in the remote rewriting context only when the + remote_header_rewrite_domain parameter value is non-empty. + Workaround: a malformed domain name lookup result (such as + null MX record) is now treated as a hard error, so that + Postfix will no longer repeatedly try to deliver mail until + the message expires in the queue. However, this will not + reject mail with reject_unknown_sender/recipient_domain. + That would require too much change for a stable release. + +------------------------------------------------------------------- +Fri Jan 27 02:19:42 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Tue Jan 24 09:11:46 CET 2006 - varkoly@suse.de + +- Fixing the spec-file +- Bugfix: ID#143682 - Spurious (obsoleted?) configuration variable in postfix's main.cf + +------------------------------------------------------------------- +Mon Jan 23 13:00:13 CET 2006 - varkoly@suse.de + +- Bugfix: ID#140173 postfix allows relaying on the whole subnet +- Bugfix: ID#144091 postfix doesn't start with the latest kernel + +------------------------------------------------------------------- +Fri Jan 20 11:56:24 CET 2006 - varkoly@suse.de + +- Bugfix: ID#144091 +- Postfix makes an entry in slp servre for smtp & smtps + +------------------------------------------------------------------- +Mon Jan 16 14:49:29 CET 2006 - varkoly@suse.de + +- removing openldap from "neededforbuild" + +------------------------------------------------------------------- +Wed Nov 30 11:11:16 CET 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 6 + +------------------------------------------------------------------- +Tue Oct 11 15:03:56 CEST 2005 - choeger@suse.de + +- added patch ldap_api_changes.patch: openldap2.3 enforces to use + "The C LDAP Application Program Interface" + +------------------------------------------------------------------- +Mon Aug 15 13:55:32 CEST 2005 - choeger@suse.de + +- Bugfix Bugzilla ID#104663 - consistent use of variables in postfix + init-script +- Bugfix Bugzilla ID#104568 - SuSEconfig.postfix doesnt set $PATH properly to + find all binaries. + +------------------------------------------------------------------- +Fri Aug 12 10:25:09 CEST 2005 - mmj@suse.de + +- Package the /usr/lib/sendmail -> /usr/sbin/sendmail link [#102947] + +------------------------------------------------------------------- +Tue Jul 26 11:05:29 CEST 2005 - choeger@suse.de + +- Bugfix Bugzilla ID#93884 - package postfix uses -fsigned-char + Remove -fsigned-char option for ppc and s390 archs + +------------------------------------------------------------------- +Mon Jul 25 11:52:18 CEST 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 5: + - Portability: the connection caching code broke on LP64 + systems (inherited from Stevens Network Programming). + Files: util/unix_send_fd.c, util/unix_recv_fd.c. This code + is back-ported from the Postfix 2.3 snapshot release. + - Robustness: the SMTP client now disables connection caching + when it is unable to communicate with the scache(8) server, + instead of looping forever and not delivering mail. File: + global/scache_clnt.c. This code is back-ported from the + Postfix 2.3 snapshot release. + - Portability: after sending a socket, the scache(8) server + now waits for an ACK from the connection cache client before + closing the socket that it just sent. Files: scache/scache.c, + global/scache_clnt.c. This code is back-ported from the + Postfix 2.3 snapshot release. + - Portability: on LP64 systems, integer expressions are int, + but sizeof() and pointer difference expressions are larger. + Point fixes for a few discrepancies with variadic functions + that expect int (the permanent fix is to change the receiving + modules, but that results in too much change, and is not + allowed in the stable release). Files: tls/tls_scache.c, + util/clean_env.c, util/vstring.h, smtpstone/qmqp-source.c. + +------------------------------------------------------------------- +Mon Jul 18 15:49:16 CEST 2005 - choeger@suse.de + +- force to set strict_8bitmime to "no" when POSTFIX_MDA != cyrus, + because once it is set to "yes", nobody sets it back. +- only install /etc/pam.d/smtp if suse_version > 920 +- use Prereq instead of Requires for mysql and postgresql subpackages + +------------------------------------------------------------------- +Wed Jul 13 16:59:14 CEST 2005 - choeger@suse.de + +- added /etc/pam.d/smtp configuration file + +------------------------------------------------------------------- +Thu Jul 7 16:44:05 CEST 2005 - choeger@suse.de + +- Fixed build on x86_64: use -fPIC for libraries and -fPIE for the + rest + +------------------------------------------------------------------- +Tue Jul 5 17:57:48 CEST 2005 - choeger@suse.de + +- applied dynamic maps patch of LaMont Jones at debian +- Fix to SuSEconfig.postfix: only touch tlsmgr line in master.cf, + if it is the new one using unix socket instead of fifo + +------------------------------------------------------------------- +Thu Jun 30 17:52:10 CEST 2005 - uli@suse.de + +- build with -fPIE (not -fpie) to avoid GOT overflow on s390x + +------------------------------------------------------------------- +Thu Jun 23 10:22:18 CEST 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 4 + +------------------------------------------------------------------- +Fri Jun 17 17:06:39 CEST 2005 - choeger@suse.de + +- fixed build using -pie/-fpie (hopefully) + +------------------------------------------------------------------- +Fri Jun 17 11:04:03 CEST 2005 - choeger@suse.de + +- Build using -pie + +------------------------------------------------------------------- +Fri May 13 18:24:50 CEST 2005 - choeger@suse.de + +- set strict_8bitmime parameter to yes when using cyrus mailbox + delivery + +------------------------------------------------------------------- +Wed May 4 15:54:33 CEST 2005 - choeger@suse.de + +- Bugfix ID#66325 - postfix: permissions + also ship a postfix.paranoid file with the package with all suid and sgid + bits disabled + +------------------------------------------------------------------- +Tue May 3 16:29:04 CEST 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 3 +- Bugfix ID#75717 - postfix init scripts reports success allthough postfix is + not running: + use checkproc again instead of "master -t", as "master -t" seems to be broken + +------------------------------------------------------------------- +Thu Apr 21 17:42:04 CEST 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 2 +- Bugfix ID#74712, problems with read-only mounting of $chroot/proc: + don't mount /var/spool/postfix/proc ro as that results in /proc also mounted + ro. +- Bugfix ID#74709, postfix configuration and USE_IPV6 in + sysconfig/network/config + +------------------------------------------------------------------- +Tue Mar 15 17:46:44 CET 2005 - choeger@suse.de + +- updated to postfix 2.2, patchlevel 1 + Postfix 2.2.1 solves four portability problems that surfaced in + the week since the 2.2.0 release, one harmless bug in the TLS + session cache cleaning code, and cleans up minor documentation + problems. + +------------------------------------------------------------------- +Thu Mar 10 10:18:45 CET 2005 - choeger@suse.de + +- 2.2.0 is out + +------------------------------------------------------------------- +Mon Mar 7 14:15:08 CET 2005 - choeger@suse.de + +- update to RC2 + +------------------------------------------------------------------- +Wed Mar 2 15:01:33 CET 2005 - choeger@suse.de + +- make it compile with gcc4 + +------------------------------------------------------------------- +Mon Feb 28 18:03:36 CET 2005 - choeger@suse.de + +- RC1 of 2.2 is out + +------------------------------------------------------------------- +Fri Feb 18 16:34:07 CET 2005 - choeger@suse.de + +- use "usr/sbin/postfix upgrade-configuration" now instead of + "etc/postfix/post-install upgrade-package" + +------------------------------------------------------------------- +Thu Feb 17 19:28:22 CET 2005 - choeger@suse.de + +- removed some @ chars (don't know how they slipped in) + +------------------------------------------------------------------- +Thu Feb 17 13:42:18 CET 2005 - choeger@suse.de + +- update to current pre 2.2 snapshot (2.2-20050216) + 2.2 release could happen next week + +------------------------------------------------------------------- +Thu Feb 10 09:08:18 CET 2005 - choeger@suse.de + +- added patch needed for the Kolab project (this patch is part of the upcoming + postfix 2-2 release), see + http://wiki.kolab.org/index.php/Kolab-major-app-patches + +------------------------------------------------------------------- +Thu Feb 3 10:00:38 CET 2005 - choeger@suse.de + +- s/X-UnitedLinux-Should-Start/Should-Start/ + +------------------------------------------------------------------- +Wed Feb 2 16:44:34 CET 2005 - choeger@suse.de + +- added long_header.patch + long lines piped into postfix sendmail can lead to errors. + +------------------------------------------------------------------- +Wed Feb 2 08:52:19 CET 2005 - choeger@suse.de + +- Bugfix ID#49307: faster postfix startup: don't use hashed directories if + possible: + - added patch empty_hash_queue_names.patch to be able to modify + hash_queue_names parameter. + - added check to %post to change hash_queue_names in case of + /var/spool/postfix residing on a reiserfs partition when doing + a fresh installation +- Bugfix ID#50386 - postfix must prereq /sbin/ip (iproute2) + +------------------------------------------------------------------- +Fri Jan 28 16:29:05 CET 2005 - choeger@suse.de + +- updated tls+ipv6 patchkit to v1.26 + - Bugfix: Incomplete error checking in getaddrinfo() could cause lmtpd to + crash with debug_peer_list defined. Carsten Hoeger, SuSE. File: + util/match_ops.c + - Linux workaround: When mynetworks isn't set, a chrooted process could not + read the IPv6 address information from /proc. We now invoke own_inet_addr() + before chrooting, while processing main.cf. [backported from 2.2-nonprod + snapshot] File: global/mail_params.c + - Safety: when IPv6 netmask can't be determined, mynetworks is not set and + mynetworks_style = subnet, assume /128 (host only). Until now, Tru64Unix + assumed /64 (good for real subnets, but not safe for tunnel ranges etc.). + File: util/inet_addr_local.c + +------------------------------------------------------------------- +Sat Jan 15 20:48:48 CET 2005 - schwab@suse.de + +- Use : in permissions file. + +------------------------------------------------------------------- +Thu Jan 13 16:16:41 CET 2005 - choeger@suse.de + +- Two fixes to ipv6-patch related bugs: + - Bugfix Bugzilla ID#49435 - VUL-0: Postfix, permit_mx_backup, IPv6, chroot + --> Open Relay! + - Bugfix Bugzilla ID#49695 - SEGV while lmtp delivery +- mount /proc into chroot jail to be able to access /proc/net/if_inet6 + +------------------------------------------------------------------- +Wed Nov 24 14:46:16 CET 2004 - schwab@suse.de + +- Put options first in find command line. + +------------------------------------------------------------------- +Tue Nov 9 09:20:27 CET 2004 - choeger@suse.de + +- setting LC_ALL=POSIX in SuSEconfig.postfix + +------------------------------------------------------------------- +Wed Sep 29 18:14:13 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#46462, postfix should switch biff off + +------------------------------------------------------------------- +Tue Sep 21 12:48:02 CEST 2004 - choeger@suse.de + +- updated to postfix 2.1, patchlevel 5 + (several small bugfixes) +- updated tls+ipv6 patchkit (there have been some small bugs) +- use v4 address 127.0.0.1 as amavisd-new local contact address + as amavisd is not listening on any v6 address + +------------------------------------------------------------------- +Mon Sep 20 09:51:25 CEST 2004 - choeger@suse.de + +- also chmod the .db file resulting of a postmap (related to + bugfix ID#39045 + +------------------------------------------------------------------- +Thu Sep 16 13:57:32 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#39045 - tls_per_site table updates in SuSEconfig.postfix + introduced POSTFIX_MAP_LIST in /etc/sysconfig/postfix where additional + maps maintained by SuSEconfig.postfix can be added + +------------------------------------------------------------------- +Thu Sep 16 10:34:58 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#45252 - rpm calls SuSEconfig.permissions which calls rpm + -> 3 minute timeout + Also don't call rpm from SuSEconfig.postfix +- Speedup: set timestamp of $TMPDIR/main.cf into the past to workaround + postconf safety which is not neccessary, because we do not touch the main.cf, + the postfix daemons are using. + +------------------------------------------------------------------- +Mon Sep 13 11:57:15 CEST 2004 - choeger@suse.de + +- added $time to Required-Start in init-script + +------------------------------------------------------------------- +Thu Aug 26 14:15:31 CEST 2004 - choeger@suse.de + +- do not filter locally delivered mail when USE_AMAVIS=yes + (don't set content_filter=vscan in main.cf) +- removed obsolete vscan service definition from master.cf + +------------------------------------------------------------------- +Fri Aug 20 12:47:52 CEST 2004 - choeger@suse.de + +- use "$MASTER_BIN -t" to check whether postfix is already running + in start section of init-script. That's more reliable then checkproc. + +------------------------------------------------------------------- +Wed Jul 14 17:48:29 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#42995 - SuSEconfig.postfix should ignore + .swp and other files in /etc/aliases.d + +------------------------------------------------------------------- +Tue Jul 13 16:22:02 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#42281, openssl ca segfaults: + added missing [ policy_anything ] configuration + options to openssl.cnf + +------------------------------------------------------------------- +Mon Jul 12 14:58:58 CEST 2004 - choeger@suse.de + +- updated to postfix 2.1, patchlevel 4 +- updated tls+ipv6 patchkit to v1.25 +- new feature POSTFIX_REGISTER_SLP in /etc/sysconfig/postfix + to be able to totally disable slptool from being started + +------------------------------------------------------------------- +Tue May 25 12:42:45 CEST 2004 - choeger@suse.de + +- updated tls+ipv6 patchkit to v1.24: + - Bugfix: Prefixlen non-null host portion validation (in CIDR maps for + example) yielded incorrect results sometimes because signed arithmetic was + used instad of unsigned. + - Patch correction: The TLS+IPv6 patch for Postfix 2.1.0 missed the master.cf + update (used for new installattions). Added it back. +- as tls and ipv6 patches have not been completely ported to postfix 2.1 + new documentation system, especially the new postconf(5) manpage is + missing the complete ipv6 and tls related configuration parameters, + readded the sample-* files from ipv6+tls to %doc/samples + +------------------------------------------------------------------- +Tue May 4 11:24:20 CEST 2004 - choeger@suse.de + +- update to postfix 2.1, patchlevel 1: + - Patch 01 fixes a signal 11 problem in the check_policy_service + feature when SASL support is compiled in but turned off in the + SMTP server (smtpd_sasl_auth_enable = no). + +------------------------------------------------------------------- +Wed Apr 28 10:46:55 CEST 2004 - choeger@suse.de + +- added now officially released tls patchkit 0.8.18-2.1.0-0.9.7d to + the source package for the user to be able to build a non-ipv6 + postfix package + +------------------------------------------------------------------- +Mon Apr 26 17:46:01 CEST 2004 - choeger@suse.de + +- official tls+ipv6 v1.23 patchkit released: + - Patch fixes: Several code fixes to make the patch compile and work + correctly when compiled without IPv6 support. + - Bugfix (Solaris only?): address family length was not updated + which could cause client hostname validation errors. File: + smtpd/smtpd_peer.c + - Portability: added support for Darwin 7.3+. This may need some + further testing. + - Cleanup: Restructure and redocument interface address retrieval + functions. (This reduced the number of preprocessor statements + from 99 to 93 ;) File: util/inet_addr_local.c + - Cleanup: make several explicit casts to have compilers shut their + pie holes about uninteresting things. + +------------------------------------------------------------------- +Fri Apr 23 11:22:35 CEST 2004 - choeger@suse.de + +- update to final postfix v2.1 + +------------------------------------------------------------------- +Wed Apr 21 17:35:26 CEST 2004 - choeger@suse.de + +- Bugfix: changed {main,master}.cf backup path in specfile, but not in + SuSEconfig script + +------------------------------------------------------------------- +Wed Apr 21 11:55:43 CEST 2004 - choeger@suse.de + +- update to postfix 2.1 RC5 + +------------------------------------------------------------------- +Mon Apr 19 14:23:19 CEST 2004 - choeger@suse.de + +- update to current postfix 2.1 release candidate (RC4) + +------------------------------------------------------------------- +Wed Apr 7 13:09:09 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#38569, exit SuSEconfig.postfix if + mktemp fails + +------------------------------------------------------------------- +Tue Mar 30 11:13:38 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#37409 + the saslauthd socket is not copied to chroot jail due to + a wrong test in SuSEconfig.postfix (used -L instead of -S) + +------------------------------------------------------------------- +Mon Mar 29 20:03:16 CEST 2004 - choeger@suse.de + +- only add ::1 to inet_interfaces when SMTPD_LISTEN_REMOTE=no + AND ipv6 is enabled + +------------------------------------------------------------------- +Mon Mar 29 11:03:56 CEST 2004 - choeger@suse.de + +- Bugfix Bug ID#37293, SuSEConfig complains POSTFIX_ADD_* parameters are + unknown (in turkish locale settings) + added LC_CTYPE=POSIX to SuSEconfig.postfix + +------------------------------------------------------------------- +Thu Mar 25 10:54:26 CET 2004 - choeger@suse.de + +- updated to tls+ipv6 version 1.22 (related to Bugzilla ID#35884) + - Feature: Support "inet_interfaces = IPv4:all" and "inet_interfaces = + IPv6:all", to restrict postfix to use either IPv4-only or IPv6-only. A more + complete implementation will be part of a future patch. (Slightly modified) + patch by Michal Ludvig, SuSE. Files: util/interfaces_to_af.[ch], + util/inet_addr_local.c, global/own_inet_addr.c, + global/wildcard_inet_addr.[ch], master/master_ent.ch + - Bugfix: In Postfix snapshots, a #define was misplaced with the effect that + IPv6 subnets were not included in auto- generated $mynetworks (i.e., + mynetworks not defined in main.cf, when also mynetworks_style=subnet) on + Linux 2.x systems. File: utils/sys_defs.h +- now adding ::1 to inet_interfaces when SMTPD_LISTEN_REMOTE=no + (related to Bugzilla ID#35884) +- enabled ipv6 again + +------------------------------------------------------------------- +Thu Mar 18 12:37:44 CET 2004 - choeger@suse.de + +- updated to most recent snapshot version 2.0.19-20040312: + Patch 19 fixes two low-priority problems: + + - When mail is submitted at a high rate with the Postfix sendmail + command, the pickup daemon is keps busy long enough that it it + terminated by the watchdog timer (a feature that prevents Postfix + from locking up permanently). + + - Malformed addresses in SMTP commands could result in table looks + with zero-length search strings, causing trouble with NIS lookups. + +------------------------------------------------------------------- +Wed Mar 17 16:51:00 CET 2004 - choeger@suse.de + +- disable IPv6 patch as it introduces problems for people + who do not use IPv6, see Bugzilla ID#35884, + "ipv6 mynetworks don't work" + +------------------------------------------------------------------- +Mon Mar 8 15:58:35 CET 2004 - choeger@suse.de + +- be a nice packager and strictly follow + http://www.porcupine.org/postfix-mirror/newdoc/PACKAGE_README.html + (added setgid_group=... to post-install upgrade-package) + +------------------------------------------------------------------- +Fri Feb 27 11:37:56 CET 2004 - choeger@suse.de + +- update to most recent version 2.0.18-20040209 + +------------------------------------------------------------------- +Mon Feb 23 15:25:20 CET 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#34817, SuSEconfig.postfix doesn't specify direct path to + "postconf" and generates errors if run via sudo by a non-root user. + +------------------------------------------------------------------- +Fri Feb 6 13:15:49 CET 2004 - choeger@suse.de + +- update to postfix 2.0.18-20040205 +- enabled tls+ipv6 patch as it is now available for latest + pre 2.1 snapshot + +------------------------------------------------------------------- +Mon Feb 2 13:22:54 CET 2004 - choeger@suse.de + +- finally, the official TLS patchkit of Lutz hit the ground + +------------------------------------------------------------------- +Mon Feb 2 11:02:16 CET 2004 - choeger@suse.de + +- additional fix for the TLS extensions patch + should also fix Bugzilla ID#34218 + +------------------------------------------------------------------- +Fri Jan 23 12:15:00 CET 2004 - choeger@suse.de + +- fixed the smtp segfault + +------------------------------------------------------------------- +Thu Jan 22 21:37:51 CET 2004 - choeger@suse.de + +- updated to postfix 2.0.18-20040122 +- added new feature for specfile usetls to en/dis-able TLS + support +- temporary removed TLS support (self adapted patch to most recent + postfix snapshot version) as it currently results in smtp segfaulting + +------------------------------------------------------------------- +Thu Jan 22 13:53:44 CET 2004 - choeger@suse.de + +- update to recent postfix snapshot version 2.0.17-20040120 + which will become the next official release 2.1 around + next week according to Wietse Venema. +- added possibility to compile using the combined IPV6/TLS patch + which can be downloaded from http://www.ipnet6.org/postfix/ + just set useipv6 to 1 at the top of the specfile. + +------------------------------------------------------------------- +Thu Jan 22 01:45:58 CET 2004 - ro@suse.de + +- remove call to ldap_enable_cache + (function has been removed from openldap and was already + obsolete before (warning was issued back then)) + +------------------------------------------------------------------- +Wed Jan 14 16:38:06 CET 2004 - choeger@suse.de + +- added openslp register/derigister calls to postfix init-script + +------------------------------------------------------------------- +Mon Jan 12 15:50:35 CET 2004 - choeger@suse.de + +- add postfix user to group mail in case of POSTFIX_MDA==cyrus + to let postfix lmtp access /var/lib/imap/socket/lmtp + +------------------------------------------------------------------- +Thu Jan 8 16:00:30 CET 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#33421, SMTP-Auth and relaying + added permit_sasl_authenticated also to smtpd_recipient_restrictions + in SuSEconfig.postfix + +------------------------------------------------------------------- +Mon Dec 1 14:51:06 CET 2003 - choeger@suse.de + +- always create temp files and always remove them later on + +------------------------------------------------------------------- +Mon Nov 17 12:51:09 CET 2003 - choeger@suse.de + +- some .spec improvements + +------------------------------------------------------------------- +Thu Oct 30 12:13:51 CET 2003 - mmj@suse.de + +- Run SuSEconfig after install + +------------------------------------------------------------------- +Wed Oct 29 20:23:44 CET 2003 - mmj@suse.de + +- Don't build as root +- Be nice and clean up after ourselves + +------------------------------------------------------------------- +Tue Oct 14 15:47:52 CEST 2003 - choeger@suse.de + +- update to postfix v2.0.16 +- update to tls extensions v0.8.16 +- Fix for Bugzilla ID#32114, fixed some if condition syntaxes + +------------------------------------------------------------------- +Tue Sep 16 10:29:25 CEST 2003 - choeger@suse.de + +- fixed example for POSTFIX_RELAYHOST, Bug ID#30756 + +------------------------------------------------------------------- +Mon Sep 8 09:49:49 CEST 2003 - choeger@suse.de + +- updated some sysconfig descriptions +- removed relays.osirosoft.com from the examples, Bug ID#30215 + +------------------------------------------------------------------- +Thu Sep 4 15:40:25 CEST 2003 - kukuk@suse.de + +- Fix next useradd call + +------------------------------------------------------------------- +Wed Sep 3 11:31:54 CEST 2003 - choeger@suse.de + +- conf/postfix-files as input for /etc/permissions.d/postfix (Bug ID#29915) +- generate better amavisd-new master.cf line: + limit maxproc to 2 and use brackets around localhost + (Bug ID#29917) + +------------------------------------------------------------------- +Mon Sep 1 13:08:33 CEST 2003 - choeger@suse.de + +- use conf/postfix-files as input for directories and permissions + for files/directories in/below $queue_directory and $command_directory +- use /var/lib/imap/socket/lmtp as lmtp socket in SuSEconfig.postfix + and change access modes of /var/lib/imap and /var/lib/imap/socket + to let postfix lmtp access the unix socket + +------------------------------------------------------------------- +Fri Aug 29 11:43:53 CEST 2003 - kukuk@suse.de + +- Create postfix user as system account [Bug #29611] + +------------------------------------------------------------------- +Fri Aug 29 08:48:52 CEST 2003 - kukuk@suse.de + +- Adjust sendmail permissions +- Create /var/spool/postfix/public with permissions postfix is + using + +------------------------------------------------------------------- +Fri Aug 29 00:27:03 CEST 2003 - mmj@suse.de + +- Add sendmail to /etc/sysconfig/mail + +------------------------------------------------------------------- +Thu Aug 14 18:41:19 CEST 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 14 +- Bugfix Bugzilla ID#28921: + missing activation metadata in sysconfig template + +------------------------------------------------------------------- +Wed Jul 30 11:48:21 CEST 2003 - choeger@suse.de + +- new macros for stop/restart of services on rpm update/removal + +------------------------------------------------------------------- +Mon Jul 21 13:33:53 CEST 2003 - choeger@suse.de + +- chown user:group instead of user.group + +------------------------------------------------------------------- +Fri Jul 11 11:23:05 CEST 2003 - choeger@suse.de + +- update to tls extensions 0.8.15-2.0.13-0.9.7b + +------------------------------------------------------------------- +Tue Jul 1 15:44:05 CEST 2003 - choeger@suse.de + +- updated SuSEconfig to use amavisd-new instead of amavis[d]-postfix + +------------------------------------------------------------------- +Mon Jun 30 17:43:20 CEST 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 13 +- After "postfix reload", the master daemon now warns when the + inet_interfaces parameter setting has changed, and ignores the + change, instead of passing incorrect information to the smtp + server. +- After the postdrop command change with Postfix 2.0.11, the postcat + command no longer recognized "maildrop" queue files as valid. +- Mail could bounce when two messages were delivered simultaneously + to a non-existent mailbox file. The safe_open() code that prevents + race condition exploits will now try a little harder when it + actually encounters a race condition. +- update to tls extensions 0.8.14-2.0.12-0.9.7b + +------------------------------------------------------------------- +Thu Jun 12 13:27:48 CEST 2003 - choeger@suse.de + +- also change path to smtpd.conf in sysconfig template parameter + description dependent on what %{_lib} is set to. + +------------------------------------------------------------------- +Thu Jun 12 09:51:33 CEST 2003 - choeger@suse.de + +- update to postfix 2.0, patchlevel 12 + +------------------------------------------------------------------- +Wed Jun 11 17:55:21 CEST 2003 - choeger@suse.de + +- mkdir -p $RPM_BUILD_ROOT/%{_libdir}/sasl2 instead of + $RPM_BUILD_ROOT/usr/lib/sasl2 + and we also can build on 64bit archs + +------------------------------------------------------------------- +Wed Jun 11 14:25:29 CEST 2003 - choeger@suse.de + +- package /usr/lib/sasl2/smtpd.conf using %{_libdir}/sasl2/smtpd.conf +- added /etc/postfix to filelist + +------------------------------------------------------------------- +Wed Jun 11 09:11:11 CEST 2003 - choeger@suse.de + +- update to postfix 2.0, patchlevel 11 +- update to tls extensions 0.8.13-2.0.10-0.9.7b + +------------------------------------------------------------------- +Fri May 23 14:33:01 CEST 2003 - choeger@suse.de + +- updated SuSE/master.cf toplevel comments + +------------------------------------------------------------------- +Fri May 23 14:19:43 CEST 2003 - choeger@suse.de + +- update to postfix 2.0, patchlevel 10 + +------------------------------------------------------------------- +Mon May 19 12:42:36 CEST 2003 - choeger@suse.de + +- remove installed (but unpackaged) file /etc/postfix/aliases + +------------------------------------------------------------------- +Mon May 19 10:12:52 CEST 2003 - choeger@suse.de + +- path to ca, certificate and key is relative to $POSTFIX_SSL_PATH, + added $POSTFIX_SSL_PATH/ to the relevant parts of SuSEconfig.postfix + +------------------------------------------------------------------- +Wed May 14 11:29:48 CEST 2003 - choeger@suse.de + +- correctly handle new POSTFIX_SMTP_TLS_CLIENT parameter in + SuSEconfig.postfix (activate/deactivate master.cf entries) + +------------------------------------------------------------------- +Wed May 14 11:05:36 CEST 2003 - choeger@suse.de + +- added libxcrypt to chroot jail, Bugzilla ID#25766 + +------------------------------------------------------------------- +Tue May 13 20:40:00 CEST 2003 - choeger@suse.de + +- added TLS_CLIENT support, Bugzilla ID#26647 + +------------------------------------------------------------------- +Wed Apr 23 13:43:02 CEST 2003 - choeger@suse.de + +- update to postfix 2.0, patchlevel 9 + +------------------------------------------------------------------- +Tue Apr 15 10:27:13 CEST 2003 - ro@suse.de + +- fixed neededforbuild + +------------------------------------------------------------------- +Mon Apr 7 12:58:01 CEST 2003 - choeger@suse.de + +- update to postfix 2.0, patchlevel 7 +- update to tls extensions 0.8.13-2.0.6-0.9.7a +- Bugfix Bugzilla ID#25905, do not restrict mailbox size per default + +------------------------------------------------------------------- +Sat Mar 8 15:56:26 CET 2003 - choeger@suse.de + +- use checkproc to check if there really is a postfix master + process running when there's a pid file lying around. + (Bugzilla ID#24910) + +------------------------------------------------------------------- +Thu Mar 6 11:02:12 CET 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 06 +- Postfix now truncates non-address information in message address + headers (comments, etc.) to 250 characters per address. This should + rarely present a problem. Reportedly, junk mail from poorly written + software can trigger the protection, but that is no great loss. +- Some little fixes to documentation. + +------------------------------------------------------------------- +Tue Mar 4 10:29:31 CET 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 05 +- The SMTP server's hard and soft error limits were off by one. + With "smtpd_hard_error_limit = 1", Postfix will now disconnect + after the first error, instead of the second one. +- The proxymap server could deadlock when the mydestination parameter + setting included a proxymapped lookup table. +- Some little fixes to documentation. + +------------------------------------------------------------------- +Sat Mar 1 16:41:10 CET 2003 - choeger@suse.de + +- when updating postfix, check whether post-install changed + main/master.cf and update md5sums to not confuse SuSEconfig +- when installing postfix on a fresh system, create md5sums + in %post to be able to let check_md5_and_move() detect + changes that a user might have done without running SuSEconfig + before. + +------------------------------------------------------------------- +Thu Feb 27 19:01:32 CET 2003 - choeger@suse.de + +- no longer remove md5sums of main.cf and master.cf during + postinstall, as SuSEconfig then no longer knows, whether + main.cf/master.cf had been modified by the user. + Disadvantage: as postfix permanently needs basic changes + to both main and master.cf, SuSEconfig.postfix will frequently + generate .SuSEconfig files although the user did not change anything + Bugzilla ID#24432 + +------------------------------------------------------------------- +Fri Feb 21 10:04:48 CET 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 04 + - The format of maildir filenames is synchronized with the present + version of the maildir definition document. This format was already + adopted by the 20030126 snapshot release. + - The time limit on delivery to external commands was not enforced. + This was broken probably some time before the first public Postfix + release. + - Duplicate elimination after virtual alias expansion works again. + This was broken with the introduction of the original recipient + attribute. + - The local pickup daemon dropped incomplete records from local + submissions. This was broken somewhere in the middle of 2002. + +------------------------------------------------------------------- +Sat Feb 15 14:59:54 CET 2003 - choeger@suse.de + +- Bugfix Bugzilla ID#23675: new service proxymap will not be + appended during update + +------------------------------------------------------------------- +Mon Feb 10 16:25:39 CET 2003 - choeger@suse.de + +- also check whether amavisd-postfix is installed and set up + filter section in master.cf + +------------------------------------------------------------------- +Thu Jan 30 11:43:03 CET 2003 - choeger@suse.de + +- update to Postfix 2.0 Patch 03 + - Postfix 2.0 broke relocated table lookup results with mail not + rejected at the SMTP port, causing "User has moved to" text to be + deleted. + - A widely used maildir filename generating algorithm was broken. + This affects all Postfix versions with maildir support. Instead of + TIME.PID_COUNT.HOST Postfix now uses TIME.DEVICE_INODE.HOST. + - Postfix 2.0 gave incorrect FILTER_README instructions for sites + that wish to disable virtual alias mapping before the content + filter. +- postfix-lib64.patch code now integrated in postfix + +------------------------------------------------------------------- +Fri Jan 24 11:52:17 CET 2003 - choeger@suse.de + +- changed SuSEconfig.postfix and smtpd.conf to use sasl2 + +------------------------------------------------------------------- +Thu Jan 23 13:07:17 CET 2003 - choeger@suse.de + +- forgot to add tlsmgr to master.cf + +------------------------------------------------------------------- +Thu Jan 23 11:43:24 CET 2003 - choeger@suse.de + +- Hmmm, just noticed, that suddenly 2.0.0.x became 2.0.x + must have missed something... +- updated SuSE/master.cf (new proxymap service) + +------------------------------------------------------------------- +Thu Jan 16 10:21:27 CET 2003 - choeger@suse.de + +- added POSTFIX_ADD_MESSAGE_SIZE_LIMIT as example to sysconfig.postfix + (Bugzilla ID#22907) + +------------------------------------------------------------------- +Tue Jan 14 12:51:56 CET 2003 - choeger@suse.de + +- build using sasl2 + +------------------------------------------------------------------- +Fri Jan 10 13:24:43 CET 2003 - choeger@suse.de + +- update to postfix v2 (version 2.0.0.2) + +------------------------------------------------------------------- +Wed Dec 11 11:44:51 CET 2002 - choeger@suse.de + +- added sysconfig metadata to sysconfig templates +- updated to new tls extensions + +------------------------------------------------------------------- +Fri Nov 29 13:16:42 CET 2002 - choeger@suse.de + +- Bugfix Bugzilla ID#21865: don't copy directories into + directories when updating chroot jail in cpifnewer() +- Update to version 1.11, pl12 + +------------------------------------------------------------------- +Tue Nov 19 14:29:36 CET 2002 - choeger@suse.de + +- new SuSEconfig.postfix features: + . SMTP-AUTH server + . SMTP-AUTH client + . TLS Server + +------------------------------------------------------------------- +Tue Nov 5 15:08:43 CET 2002 - choeger@suse.de + +- quote args of tr command + +------------------------------------------------------------------- +Mon Nov 4 13:52:51 CET 2002 - choeger@suse.de + +- new feature: POSTFIX_ADD_* command in sysconfig/postfix to + be able to add any regular postfix command via SuSEconfig +- Bugfix Bugzilla ID#21120 added POSTFIX_ADD_MAILBOX_SIZE_LIMIT + as example with value 0 (unlimited) +- added a header to main.cf explaining that many postfix + parameters have been added to the end of main.cf + +------------------------------------------------------------------- +Tue Oct 15 11:27:46 CEST 2002 - choeger@suse.de + +- Bugfix for Bugzilla ID#20754 + missed some parameters when restoring main.cf or master.cf + from scratch + +------------------------------------------------------------------- +Wed Oct 9 20:34:03 CEST 2002 - choeger@suse.de + +- NULLCLIENT did not work because SuSEconfig searches for the wrong + keyword + +------------------------------------------------------------------- +Mon Oct 7 17:47:56 CEST 2002 - choeger@suse.de + +- Bugfix related to Bugzilla IDs 20506, 18298, 19294: + masquerade_classes should not be extended by envelope_recipient + +------------------------------------------------------------------- +Fri Sep 6 17:04:57 CEST 2002 - choeger@suse.de + +- added ypbind to X-UnitedLinux-Should-Start in init-script + +------------------------------------------------------------------- +Wed Aug 28 11:37:38 CEST 2002 - choeger@suse.de + +- added restoration mechanism to restore master.cf and/or main.cf + if they got deleted by (intention or) accident to SuSEconfig.postfix +- added ldap to X-UnitedLinux-Should-Start + +------------------------------------------------------------------- +Mon Aug 26 11:11:26 CEST 2002 - choeger@suse.de + +- Bugfix Bugzilla ID#18298: when setting FROM_HEADER, also unqualified + envelope recipients should be qualified to FROM_HEADER, not to + myorigin, added envelope_recipient to masquerade_classes +- Bugfix Bugzilla ID#18297: %post touches main.cf and master.cf so it + may happen, that an update leaves .SuSEconfig files. + Remove /var/adm/SuSEconfig/md5/etc/postfix/main.cf and master.cf + in %post +- Bugfix Bugzilla ID#18301: sendmail and postfix have different + opinions on the usage of NULLCLIENT. Moved NULLCLIENT to + sysconfig.postfix.POSTFIX_NULLCLIENT +- added exim to Conflicts + +------------------------------------------------------------------- +Thu Aug 22 09:47:51 CEST 2002 - choeger@suse.de + +- wait for qmgr in the background for a maximum of 60 seconds + +------------------------------------------------------------------- +Wed Aug 21 17:07:39 CEST 2002 - choeger@suse.de + +- Bugfix for init-script: + wait for qmgr to be ready before calling postfix flush + +------------------------------------------------------------------- +Wed Aug 14 15:59:04 CEST 2002 - choeger@suse.de + +- added accidently removed line in master.cf for amavis, + Bugzilla ID#17732 + +------------------------------------------------------------------- +Tue Aug 13 10:08:47 CEST 2002 - choeger@suse.de + +- exclude .rpmsave and .rpmorig from /etc/aliases.d expansion + +------------------------------------------------------------------- +Wed Aug 7 11:55:55 CEST 2002 - choeger@suse.de + +- added netcfg to Prereq (/etc/aliases) + +------------------------------------------------------------------- +Tue Aug 6 11:28:56 CEST 2002 - choeger@suse.de + +- added pcre openldap2-client to prereq (Bugzilla ID#17447) + +------------------------------------------------------------------- +Mon Aug 5 16:38:49 CEST 2002 - choeger@suse.de + +- completed Prereq + +------------------------------------------------------------------- +Fri Jul 19 16:49:57 CEST 2002 - choeger@suse.de + +- Bugfix for the handling of POSTFIX_MASQUERADE_DOMAIN + and FROM_HEADER +- removed main.cf from SuSE.tar.gz +- added X-UnitedLinux-Should-Start: cyrus to init-script + +------------------------------------------------------------------- +Thu Jul 18 13:57:44 CEST 2002 - choeger@suse.de + +- set local as default MDA again + reason: postfix does not execute any external programs like procmail + with uid 0, so root mails will go to /var/mail/nobody, which + will confuse people +- remove setting of SUSE_RELEASE version in the (E)SMTP banner + +------------------------------------------------------------------- +Fri Jul 12 11:08:03 CEST 2002 - choeger@suse.de + +- removed /etc/aliases from filelist, it's now in netcfg + +------------------------------------------------------------------- +Thu Jul 11 14:16:25 CEST 2002 - choeger@suse.de + +- removed 'q' flag from vscan transport definition, because + current amavis versions have a rfc2821_mailbox_addr function +- remove old aliases.db files in %post +- do not use unset in %post + +------------------------------------------------------------------- +Mon Jul 8 15:14:00 CEST 2002 - choeger@suse.de + +- make procmail the default MDA + +------------------------------------------------------------------- +Fri Jul 5 17:11:03 CEST 2002 - choeger@suse.de + +- use %{_lib} macro to detect platforms with lib64 + directories + +------------------------------------------------------------------- +Fri Jul 5 16:34:38 CEST 2002 - choeger@suse.de + +- make chroot jail function lib64 aware + +------------------------------------------------------------------- +Thu Jul 4 13:53:40 CEST 2002 - uli@suse.de + +- fixed libnsl detection on lib64 systems + +------------------------------------------------------------------- +Thu Jul 4 10:34:26 CEST 2002 - choeger@suse.de + +- ldap_url_search_st is no longer available in OpenLDAP v2.1 + added a patch, that uses ldap_url_parse +- added new feature POSTFIX_MDA, Bugzilla ID#16720 + +------------------------------------------------------------------- +Fri Jun 7 13:34:09 CEST 2002 - choeger@suse.de + +- changed POSTFIX_BASIC_SPAM_PREVENTION. It can now be set to + either off(default), medium or hard +- cleaned up SuSEconfig.postfix +- prepared for /etc/aliases.d + +------------------------------------------------------------------- +Wed Jun 5 18:09:16 CEST 2002 - choeger@suse.de + +- new FEATURES: POSTFIX_RBL_HOSTS, POSTFIX_BASIC_SPAM_PREVENTION, + Bugzilla ID#16383 +- moved sample-*.cf files to %{_docdir}/postfix/samples + +------------------------------------------------------------------- +Wed Jun 5 11:14:29 CEST 2002 - choeger@suse.de + +- update to patchlevel 11, version 1.1.11 +- new FEATURE: POSTFIX_UPDATE_MAPS + +------------------------------------------------------------------- +Fri May 24 13:39:05 CEST 2002 - choeger@suse.de + +- update to patchlevel 10, version 1.1.10 +- create required users and groups in %pre install + +------------------------------------------------------------------- +Thu Apr 25 16:55:58 CEST 2002 - choeger@suse.de + +- removed provides of my own packagename... + +------------------------------------------------------------------- +Fri Apr 19 13:25:32 CEST 2002 - choeger@suse.de + +- Bugfix for README.SuSE: POSTFIX_CREATECF is now + MAIL_CREATE_CONFIG + +------------------------------------------------------------------- +Thu Apr 4 11:36:52 CEST 2002 - choeger@suse.de + +- update to patchlevel 7, version 1.1.7 +- introduced new feature POSTFIX_LAPTOP + +------------------------------------------------------------------- +Tue Mar 26 15:21:18 CET 2002 - choeger@suse.de + +- update to patchlevel 5, version 1.1.5 + +------------------------------------------------------------------- +Tue Mar 12 15:28:24 CET 2002 - choeger@suse.de + +- Bugfix: don't check whether POSTFIX_MASQUERADE_DOMAIN is empty + or not, because else we won't be able to clear it. + +------------------------------------------------------------------- +Thu Feb 28 10:21:36 CET 2002 - choeger@suse.de + +- added flags=q to amavis transport definition (link@suse.de): + [...] + If your postfix is older than snapshot 20010610, leave out the + "flags=q" part. However, amavis will not function properly with + envelope adresses that contain whitespace in the local-part. + This is quite rare, but has been observed a few times. + [...] + +------------------------------------------------------------------- +Mon Feb 25 13:58:05 CET 2002 - choeger@suse.de + +- update to version 1.1.4 (1.1, patchlevel 4) + Bugfix (excerpt from HISTORY): + .................................................................. + off-by-one error, causing a null byte to be + written outside dynamically allocated memory in + the queue manager with addresses of exactly 100 + bytes long, resulting in SIGSEGV on systems with + an "exact fit" malloc routine. + .................................................................. +- added new option SMTPD_LISTEN_REMOTE to /etc/sysconfig/mail + which has been introduced by the SuSE dist-team (excerpt): + .................................................................. + sendmail does have an option to listen only on the local port, + this should be the default. + A flag "SMTPD_LISTEN_REMOTE" in /etc/sysconfig/mail will be used + to decide if port 25 should be opened externally. + The sendmail package will send a mail to root explaining this + fact. sendmail updates will copy the value of START_SMTPD to this + new flag. + .................................................................. + As this is a totally different behaviour compared to old releases, + SMTPD_LISTEN_REMOTE will be set to "yes", if POSTFIX_CREATECF + (now MAIL_CREATE_CONFIG) had been set to "yes" before the update. + +------------------------------------------------------------------- +Thu Feb 21 12:39:55 CET 2002 - choeger@suse.de + +- fillup workaround + +------------------------------------------------------------------- +Thu Feb 21 11:23:52 CET 2002 - choeger@suse.de + +- hostname handling is still annoying + added some piece of code to SuSEconfig.postfix to + get a valid hostname + +------------------------------------------------------------------- +Mon Feb 18 16:03:40 CET 2002 - choeger@suse.de + +- %postinst cleanup: + . use rename_sysconfig_variable macro + . use remove_and_set macro + instead of directly calling fillup + +------------------------------------------------------------------- +Wed Feb 13 17:27:37 CET 2002 - choeger@suse.de + +- FQHOSTNAME has been removed from /etc/sysconfig/network/config + and is now set in /etc/HOSTNAME, which wasn't FQ in the past. + *Please, don't change it again* +- if POSTFIX_LOCALDOMAINS is set, do not append + "$myhostname, localhost.$mydomain" anymore + +------------------------------------------------------------------- +Tue Feb 12 16:31:14 CET 2002 - choeger@suse.de + +- Also take care of the localhost:10025 mailer definition when + setting up chroot options + +------------------------------------------------------------------- +Mon Feb 11 09:27:47 CET 2002 - choeger@suse.de + +- Do not set myorigin to FROM_HEADER + +------------------------------------------------------------------- +Thu Feb 7 10:10:55 CET 2002 - choeger@suse.de + +- Bugfix(SuSEconfig.postfix): typo in path to /etc/sysconfig/amavis + +------------------------------------------------------------------- +Mon Feb 4 11:25:51 CET 2002 - choeger@suse.de + +- SuSEconfig.postfix enhancement: get hostname from hostname -f + Bugfix: get FQHOSTNAME from /etc/sysconfig/network/config +- added -y to fillup_and_insserv to create startlinks + after installation +- changed company name to SuSE Linux AG in copyright headers + +------------------------------------------------------------------- +Mon Feb 4 09:44:45 CET 2002 - choeger@suse.de + +- update to postfix 1.1.3 and tls extensions 0.8.3 + minor bugfixes + http://groups.yahoo.com/group/postfix-users/message/52953 + +------------------------------------------------------------------- +Fri Feb 1 20:37:27 CET 2002 - choeger@suse.de + +- Bugfix: Forgot to assign a name to TMPDIR in SuSEconfig.postfix + +------------------------------------------------------------------- +Fri Feb 1 11:43:17 CET 2002 - choeger@suse.de + +- added resolve_local_panic.patch + http://groups.yahoo.com/group/postfix-users/message/52746 + +------------------------------------------------------------------- +Wed Jan 30 15:44:10 CET 2002 - choeger@suse.de + +- update of tls extensions to 0.8.2 + +------------------------------------------------------------------- +Mon Jan 28 15:00:07 CET 2002 - choeger@suse.de + +- update to version 1.1.2 +- sysconfig.mail changes + +------------------------------------------------------------------- +Tue Jan 22 12:08:43 CET 2002 - choeger@suse.de + +- renamed cleanup.fillup to sysconfig.postfix.cleanup +- added postqueue patch, see + http://groups.yahoo.com/group/postfix-users/message/51611 + for more details + +------------------------------------------------------------------- +Mon Jan 21 14:56:39 CET 2002 - choeger@suse.de + +- update to official release version 1.1.0 +- moved some stuff to /etc/sysconfig/mail +- cleaned up /etc/rc.config access +- added some safety checks to SuSEconfig.postfix + +------------------------------------------------------------------- +Wed Jan 16 16:58:53 CET 2002 - choeger@suse.de + +- update to version 20020115 (release candidate for Postfix + official release version 1.1) + +------------------------------------------------------------------- +Tue Jan 15 16:20:13 CET 2002 - choeger@suse.de + +- some improvements to SuSEconfig.postfix + +------------------------------------------------------------------- +Fri Jan 11 17:52:25 CET 2002 - choeger@suse.de + +- updated to version 20020107 +- added postinstall section to update from previous versions + of postfix + +------------------------------------------------------------------- +Tue Jan 8 20:11:07 CET 2002 - egmont@suselinux.hu + +- Changed /sbin/init.d to /etc/init.d in init script comment + +------------------------------------------------------------------- +Mon Jan 7 15:01:16 CET 2002 - choeger@suse.de + +- added sender_canonical_maps to SuSEconfig.postfix to let + the new YaST2 module setup this map similar to sendmails + genericstable + +------------------------------------------------------------------- +Thu Jan 3 13:51:45 CET 2002 - kukuk@suse.de + +- SuSEconfig.postfix shell script is no config file [Bug #12712] + +------------------------------------------------------------------- +Wed Dec 19 15:26:20 CET 2001 - choeger@suse.de + +- Made initscript more LSB compliant (status codes) +- Bugfix for Bugzilla ID#12672 (improve explanation + of POSTFIX_LOCALDOMAINS) +- robustness enhancement for SuSEconfig.postfix + +------------------------------------------------------------------- +Fri Dec 14 15:42:31 CET 2001 - choeger@suse.de + +- typo in specfile (master.cf installed as main.cf) + +------------------------------------------------------------------- +Thu Dec 13 11:25:44 CET 2001 - choeger@suse.de + +- update to version 20011210 +- some changes to SuSEconfig.postfix: + . added POSTFIX_UPDATE_CHROOT_JAIL variable, see README.SuSE + . some cleanups for chroot jail + . little bugfixes + +------------------------------------------------------------------- +Thu Dec 13 01:16:57 CET 2001 - ro@suse.de + +- moved rc.config.d -> sysconfig + +------------------------------------------------------------------- +Wed Nov 28 18:36:10 CET 2001 - choeger@suse.de + +- update to version 20011127 +- some changes to SuSEconfig.postfix: + . added more robustness (Jehova) + . do not chown -R postfix to /var/spool/postfix + . query for package cyrus-sasl instead of sasl + +------------------------------------------------------------------- +Tue Nov 20 16:13:00 CET 2001 - choeger@suse.de + +- update to version 20011115 + Bugfix for a memory exhaustion bug in smtpd + see http://groups.yahoo.com/group/postfix-users/message/46597 +- remove START_ variable + +------------------------------------------------------------------- +Fri Nov 9 14:54:24 CET 2001 - choeger@suse.de + +- some changes to specfile (thanks to Simon J Mudd from whom + I copied some code) + +------------------------------------------------------------------- +Tue Nov 6 15:19:18 CET 2001 - choeger@suse.de + +- fix some SuSEconfig.postfix bugs: + . master.cf chroot column can also contain '-' + . don't do anything if POSTFIX_CREATECF != yes + +------------------------------------------------------------------- +Fri Oct 26 13:11:17 CEST 2001 - choeger@suse.de + +- update to most recent snapshot version 20011008 + +------------------------------------------------------------------- +Thu Oct 25 14:36:47 CEST 2001 - choeger@suse.de + +- update to pl05 + +------------------------------------------------------------------- +Fri Oct 19 12:53:44 CEST 2001 - choeger@suse.de + +- Bugfix, Bugzilla ID#11914 + +------------------------------------------------------------------- +Wed Sep 26 09:33:34 CEST 2001 - choeger@suse.de + +- ALWAYS create master.cf, even is POSTFIX_CREATECF is set + to no, because else chroot mode may not work, Bugzilla ID#11359 + +------------------------------------------------------------------- +Thu Sep 13 14:34:06 CEST 2001 - choeger@suse.de + +- removed an obsolete echo in start section of init-script + +------------------------------------------------------------------- +Thu Sep 6 13:48:29 CEST 2001 - choeger@suse.de + +- Bugfix in init-script: redirect output of postfix start + to dev/null and do not use startproc to start postfix + +------------------------------------------------------------------- +Tue Sep 4 18:09:43 CEST 2001 - choeger@suse.de + +- update to tls-extensions v0.7.9 + see http://groups.yahoo.com/group/postfix-users/message/41094 + for details + +------------------------------------------------------------------- +Fri Aug 31 13:54:02 CEST 2001 - choeger@suse.de + +- update of tls-extensions to 0.7.8 +- update of postfix to pl04 +- Bugfix: - check if postfix spool is set up before starting postfix + - start postfix with postfix start, because postfix-script + wouldn't be executed, else. + +------------------------------------------------------------------- +Tue Jul 10 14:34:17 CEST 2001 - choeger@suse.de + +- update of tls-extensions to 0.7.3 + +------------------------------------------------------------------- +Thu Jun 28 13:06:47 CEST 2001 - choeger@suse.de + +- bugfix: remove libs from chroot jail, that are no longer + valid, Bugzilla ID#9133 +- bugfix: init script was not LSB compliant, Bugzilla ID#9063 + +------------------------------------------------------------------- +Fri Jun 15 09:44:49 CEST 2001 - choeger@suse.de + +- added cyrus to require start in init-script +- "bugfix": bootstrap problem cyrus-imapd <-> postfix: + cyrus-imapd must run before postfix, but fails to create + lmtp socket, because /var/spool/postfix/public directory + isn't present. FIX: add it to filelist + +------------------------------------------------------------------- +Wed Jun 13 15:08:33 CEST 2001 - choeger@suse.de + +- install postrop with special SGID modes + +------------------------------------------------------------------- +Tue Jun 12 13:29:36 CEST 2001 - choeger@suse.de + +- improved SuSEconfig.postfix + - better main.cf handling + - new feature: chroot or not chroot + +------------------------------------------------------------------- +Mon May 28 09:36:49 CEST 2001 - choeger@suse.de + +- major bugfix: memory leak in the LDAP client module +- minor bugfixes + +------------------------------------------------------------------- +Wed May 9 20:15:27 CEST 2001 - mfabian@suse.de + +- bzip2 sources + +------------------------------------------------------------------- +Wed May 2 09:44:29 CEST 2001 - choeger@suse.de + +- updated to pl02, bugfixrelease + +------------------------------------------------------------------- +Mon Apr 30 11:41:35 CEST 2001 - choeger@suse.de + +- Bugfix for SuSEconfig.postfix: + Handling of TIMEZONE variable if set to unappropriate or no + value +- Improvement: Warnings are printed out in bold + +------------------------------------------------------------------- +Tue Apr 17 16:28:41 CEST 2001 - kukuk@suse.de + +- Don't use a RPM macro for version number + +------------------------------------------------------------------- +Fri Mar 30 10:08:15 CEST 2001 - choeger@suse.de + +- update to pl01, bugfixrelease + +------------------------------------------------------------------- +Tue Mar 27 13:16:45 CEST 2001 - choeger@suse.de + +- added libcrack to chroot jail, because + it is needed by pam_pwcheck + +------------------------------------------------------------------- +Thu Mar 15 01:08:35 CET 2001 - ro@suse.de + +- fixed neededforbuild for openldap + +------------------------------------------------------------------- +Mon Mar 5 11:49:48 CET 2001 - choeger@suse.de + +- first non-beta of the next postfix generation +- v20010228 + +------------------------------------------------------------------- +Tue Feb 27 11:22:24 CET 2001 - ro@suse.de + +- added cyrus-sasl-devel to neededforbuild + +------------------------------------------------------------------- +Tue Feb 27 09:51:56 CET 2001 - choeger@suse.de + +- new version, 20010225 +- removed notification message + +------------------------------------------------------------------- +Tue Feb 20 14:16:30 CET 2001 - choeger@suse.de + +- bugfix: wrong permissions for maildrop directory + +------------------------------------------------------------------- +Wed Jan 31 10:53:04 CET 2001 - choeger@suse.de + +- update to version 20010128 +- now linked against ldaplib2 + +------------------------------------------------------------------- +Fri Jan 5 14:25:11 CET 2001 - choeger@suse.de + +- bugfix: maildrop must be owned by postfix.root + +------------------------------------------------------------------- +Mon Dec 18 14:47:53 CET 2000 - choeger@suse.de + +- update to version 20001212 +- bugfix: insserv +- bugfix: missed openssl in neededforbuilt +- renamed to postfix, because a non-crypto version + is no longer needed + +------------------------------------------------------------------- +Wed Dec 13 15:52:43 CET 2000 - choeger@suse.de + +- Bugfix: postfix-script was not executable + +------------------------------------------------------------------- +Tue Dec 12 15:13:40 CET 2000 - choeger@suse.de + +- Bugfixes: + Provides in initscript + Use /bin/bash in SuSEconfig.postfix +- Update to version 20001210 + +------------------------------------------------------------------- +Thu Nov 30 08:35:09 CET 2000 - ro@suse.de + +- startscript sbin -> etc + +------------------------------------------------------------------- +Thu Nov 23 09:55:37 CET 2000 - choeger@suse.de + +- new version +- fix for neededforbuild +- fix for master.cf + +------------------------------------------------------------------- +Wed Nov 22 13:06:54 CET 2000 - choeger@suse.de + +- adopted to new init scheme + +------------------------------------------------------------------- +Wed Nov 15 16:13:12 CET 2000 - choeger@suse.de + +- fixed neededforbuild + +------------------------------------------------------------------- +Tue Nov 14 15:19:40 CET 2000 - choeger@suse.de + +- update to version 20001030 + +------------------------------------------------------------------- +Thu Nov 9 17:14:48 CET 2000 - choeger@suse.de + +- long packagename +- added rpm buildroot + +------------------------------------------------------------------- +Wed Nov 8 15:59:41 CET 2000 - uli@suse.de + +- fixed neededforbuild + +------------------------------------------------------------------- +Fri Nov 3 18:12:57 CET 2000 - bk@suse.de + +- src/util/dict_ldap.c:dict_ldap_lookup(): fix missing **-termination. + +------------------------------------------------------------------- +Tue Oct 24 17:28:06 CEST 2000 - fober@suse.de + +- s390,ppc: added -fsigned-char compiler option, to fix obscure segfaults. + (code is not signed/unsigned-char-clean) + +------------------------------------------------------------------- +Thu Oct 12 18:24:54 CEST 2000 - choeger@suse.de + +- yet another SuSEconfig.postfix bug (incorrect link) + +------------------------------------------------------------------- +Wed Oct 11 16:47:35 CEST 2000 - choeger@suse.de + +- bugfix for SuSEconfig.postfix + +------------------------------------------------------------------- +Mon Oct 9 13:54:13 CEST 2000 - choeger@suse.de + +- bugfix: missed to install new flush service + +------------------------------------------------------------------- +Mon Oct 9 11:48:39 CEST 2000 - choeger@suse.de + +- inititial revision of pfixtls + diff --git a/postfix-bdb.spec b/postfix-bdb.spec new file mode 100644 index 0000000..1e05d1a --- /dev/null +++ b/postfix-bdb.spec @@ -0,0 +1,544 @@ +# +# spec file for package postfix-bdb +# +# Copyright (c) 2020 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define pf_docdir %{_docdir}/postfix-doc +%define pf_config_directory %{_sysconfdir}/postfix +%define pf_daemon_directory %{_prefix}/lib/postfix/bin/ +%define _libexecdir %{_prefix}/lib +%define pf_shlib_directory %{_prefix}/lib/postfix +%define pf_command_directory %{_sbindir} +%define pf_queue_directory var/spool/postfix +%define pf_sendmail_path %{_sbindir}/sendmail +%define pf_newaliases_path %{_bindir}/newaliases +%define pf_mailq_path %{_bindir}/mailq +%define pf_setgid_group maildrop +%define pf_readme_directory %{_docdir}/postfix-doc/README_FILES +%define pf_html_directory %{_docdir}/postfix-doc/html +%define pf_sample_directory %{_docdir}/postfix-doc/samples +%define pf_data_directory %{_localstatedir}/lib/postfix +%if 0%{?suse_version} < 1330 +%define pf_uid 51 +%define pf_gid 51 +%define maildrop_gid 59 +%define vmusr vmail +%define vmgid 303 +%define vmid 303 +%define vmdir /srv/maildirs +%endif +%define mail_group mail +%define conf_backup_dir %{_localstatedir}/adm/backup/postfix +%define unitdir %{_prefix}/lib/systemd +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir %{_localstatedir}/adm/fillup-templates +%endif +%if 0%{?suse_version} >= 1320 || ( 0%{?suse_version} == 1315 && 0%{?is_opensuse} ) +%bcond_without lmdb +%bcond_without libnsl +%else +%bcond_with lmdb +%bcond_with libnsl +%endif +%bcond_without ldap +Name: postfix-bdb +Version: 3.5.8 +Release: 0 +Summary: A fast, secure, and flexible mailer +License: IPL-1.0 OR EPL-2.0 +Group: Productivity/Networking/Email/Servers +URL: http://www.postfix.org +Source0: http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-%{version}.tar.gz +Source1: http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-%{version}.tar.gz.gpg2#/postfix-%{version}.tar.gz.asc +Source2: postfix-SUSE.tar.gz +Source3: postfix-mysql.tar.bz2 +#Source4: http://cdn.postfix.johnriley.me/mirrors/postfix-release/wietse.pgp#/postfix.keyring +Source4: postfix.keyring +Source10: postfix-rpmlintrc +Source11: check_mail_queue +Source12: postfix-user.conf +Source13: postfix-vmail-user.conf +Patch1: postfix-no-md5.patch +Patch2: pointer_to_literals.patch +Patch3: ipv6_disabled.patch +Patch4: postfix-bdb-main.cf.patch +Patch5: postfix-master.cf.patch +Patch6: postfix-linux45.patch +Patch7: postfix-ssl-release-buffers.patch +Patch8: postfix-vda-v14-3.0.3.patch +Patch9: fix-postfix-script.patch +Patch10: postfix-avoid-infinit-loop-if-no-permission.patch +BuildRequires: ca-certificates +BuildRequires: cyrus-sasl-devel +BuildRequires: db-devel +BuildRequires: diffutils +BuildRequires: fdupes +BuildRequires: libicu-devel +BuildRequires: libopenssl-devel +BuildRequires: m4 +BuildRequires: mysql-devel +%if %{with ldap} +BuildRequires: openldap2-devel +%endif +BuildRequires: pcre-devel +BuildRequires: pkgconfig +BuildRequires: postgresql-devel +BuildRequires: shadow +BuildRequires: zlib-devel +BuildRequires: pkgconfig(systemd) +Requires: iproute2 +Requires(post): permissions +Requires(pre): %fillup_prereq +Requires(pre): permissions +Conflicts: exim +Conflicts: sendmail +Conflicts: postfix +Provides: smtp_daemon +%{?systemd_ordering} +%if %{with lmdb} +BuildRequires: lmdb-devel +%endif +%if %{with libnsl} +BuildRequires: libnsl-devel +%endif +%if 0%{?suse_version} >= 1330 +BuildRequires: sysuser-tools +Requires: system-user-nobody +Requires: group(%{mail_group}) +Requires(pre): group(%{mail_group}) +%sysusers_requires +%else +Requires(pre): shadow +%endif + +%description +Postfix aims to be an alternative to the widely-used sendmail program with bdb support + +%if %{with lmdb} +%package lmdb +Summary: Postfix plugin to support LMDB maps +Group: Productivity/Networking/Email/Servers +Requires(pre): postfix-bdb = %{version} +Conflicts: postfix + +%description lmdb +Postfix plugin to support LMDB maps. This library will be loaded +by starting postfix if you'll access a postmap which is stored in +lmdb. +%endif + +%prep +%setup -n postfix-%{version} -a 2 -a 3 +%patch1 +%patch2 +%patch3 +%patch4 +%patch5 +%patch6 +%patch7 +%patch8 +%patch9 +%patch10 + +# --------------------------------------------------------------------------- + +%build +unset AUXLIBS AUXLIBS_LDAP AUXLIBS_PCRE AUXLIBS_MYSQL AUXLIBS_PGSQL AUXLIBS_SQLITE AUXLIBS_CDB + +export CCARGS="${CCARGS} %{optflags} -fcommon -Wno-comments -Wno-missing-braces -fPIC" +%ifarch s390 s390x ppc +export CCARGS="${CCARGS} -fsigned-char" +%endif +# +if pkg-config openssl ; then + export CCARGS="${CCARGS} -DUSE_TLS $(pkg-config --cflags openssl)" + export AUXLIBS="$AUXLIBS $(pkg-config --libs openssl)" +else + export CCARGS="${CCARGS} -DUSE_TLS" + export AUXLIBS="${AUXLIBS} -lssl -lcrypto" +fi +# +%if %{with ldap} +export CCARGS="${CCARGS} -DHAS_LDAP -DLDAP_DEPRECATED=1 -DUSE_LDAP_SASL" +export AUXLIBS_LDAP="-lldap -llber" +%endif +# +export CCARGS="${CCARGS} -DHAS_PCRE" +export AUXLIBS_PCRE="-lpcre" +# +export CCARGS="${CCARGS} -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I%{_includedir}/sasl" +if pkg-config libsasl2 ; then + export AUXLIBS="$AUXLIBS $(pkg-config --libs libsasl2)" +else + export AUXLIBS="$AUXLIBS -lsasl2" +fi +# +export CCARGS="${CCARGS} -DHAS_MYSQL $(mysql_config --cflags)" +export AUXLIBS_MYSQL="$(mysql_config --libs)" +# +if pkg-config --exists libpq ; then + export CCARGS="${CCARGS} -DHAS_PGSQL $(pkg-config libpq --cflags)" + export AUXLIBS_PGSQL="$(pkg-config libpq --libs)" +else + export CCARGS="${CCARGS} -DHAS_PGSQL -I$(pg_config --includedir)" + export AUXLIBS_PGSQL="-lpq" +fi +# +%if %{with lmdb} +export CCARGS="${CCARGS} -DHAS_LMDB -I/usr/local/include" \ +export AUXLIBS_LMDB="-llmdb" +%endif +# +# TODO +#export AUXLIBS_SQLITE +#export AUXLIBS_CDB +#export AUXLIBS_SDBM + +export PIE=-pie +# using SHLIB_RPATH to specify unrelated linker flags, because LDFLAGS is +# ignored +make makefiles pie=yes shared=yes dynamicmaps=yes \ + shlib_directory=%{_prefix}/lib/postfix \ + meta_directory=%{_prefix}/lib/postfix \ + config_directory=%{_sysconfdir}/postfix \ + SHLIB_RPATH="-Wl,-rpath,%{pf_shlib_directory} -Wl,-z,relro,-z,now" +make %{?_smp_mflags} +%if 0%{?suse_version} >= 1330 +# Create postfix user +%sysusers_generate_pre %{SOURCE12} postfix +%sysusers_generate_pre %{SOURCE13} vmail +%endif +# --------------------------------------------------------------------------- + +%install +mkdir -p %{buildroot}/%{_libdir} +mkdir -p %{buildroot}%{_sysconfdir}/postfix +cp conf/* %{buildroot}%{_sysconfdir}/postfix +# create our default postfix ssl DIR (/etc/postfix/ssl) +mkdir -p %{buildroot}%{_sysconfdir}/postfix/ssl/certs +# link cacerts to /etc/ssl/certs +ln -sf ../../ssl/certs %{buildroot}%{_sysconfdir}/postfix/ssl/cacerts +cp lib/libpostfix-* %{buildroot}/%{_libdir} +export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:%{buildroot}/%{_libdir} +sh postfix-install -non-interactive \ + install_root=%{buildroot} \ + config_directory=%{pf_config_directory} \ + daemon_directory=%{pf_daemon_directory} \ + command_directory=%{pf_command_directory} \ + queue_directory=/%{pf_queue_directory} \ + sendmail_path=%{pf_sendmail_path} \ + newaliases_path=%{pf_newaliases_path} \ + mailq_path=%{pf_mailq_path} \ + manpage_directory=%{_mandir} \ + setgid_group=%{pf_setgid_group} \ + readme_directory=%{pf_readme_directory} \ + data_directory=%{pf_data_directory} +ln -sf ../sbin/sendmail %{buildroot}%{_libexecdir}/sendmail +for i in qmqp-source smtp-sink smtp-source; do + install -m 755 bin/$i %{buildroot}%{_sbindir}/$i +done +mkdir -p %{buildroot}/sbin/conf.d +mkdir -p %{buildroot}%{_sysconfdir}/permissions.d +mkdir -p %{buildroot}/%{_libdir}/sasl2 +mkdir -p %{buildroot}%{_sbindir} +mkdir -p %{buildroot}/%{conf_backup_dir} +mkdir -p %{buildroot}/%{pf_sample_directory} +mkdir -p %{buildroot}/%{pf_html_directory} +mkdir -p %{buildroot}%{_includedir}/postfix +mkdir -p %{buildroot}%{_sysconfdir}/pam.d +install -m 644 postfix-SUSE/smtp %{buildroot}%{_sysconfdir}/pam.d/smtp +mkdir -p %{buildroot}%{_fillupdir} +sed -e 's;@lib@;%{_lib};g' postfix-SUSE/sysconfig.postfix > %{buildroot}%{_fillupdir}/sysconfig.postfix +install -m 644 postfix-SUSE/sysconfig.mail-postfix %{buildroot}%{_fillupdir}/sysconfig.mail-postfix +sed -e 's;@lib@;%{_lib};g' \ + -e 's;@conf_backup_dir@;%{conf_backup_dir};' \ + -e 's;@daemon_directory@;%{pf_daemon_directory};' \ + -e 's;@readme_directory@;%{pf_readme_directory};' \ + -e 's;@html_directory@;%{pf_html_directory};' \ + -e 's;@sendmail_path@;%{pf_sendmail_path};' \ + -e 's;@setgid_group@;%{pf_setgid_group};' \ + -e 's;@manpage_directory@;%{_mandir};' \ + -e 's;@newaliases_path@;%{pf_newaliases_path};' \ + -e 's;@sample_directory@;%{pf_sample_directory};' \ + -e 's;@mailq_path@;%{pf_mailq_path};' postfix-SUSE/config.postfix > %{buildroot}%{_sbindir}/config.postfix +chmod 755 %{buildroot}%{_sbindir}/config.postfix +install -m 644 postfix-SUSE/dynamicmaps.cf %{buildroot}%{_sysconfdir}/postfix/dynamicmaps.cf +install -m 644 postfix-SUSE/ldap_aliases.cf %{buildroot}%{_sysconfdir}/postfix/ldap_aliases.cf +install -m 644 postfix-SUSE/helo_access %{buildroot}%{_sysconfdir}/postfix/helo_access +install -m 644 postfix-SUSE/permissions %{buildroot}%{_sysconfdir}/permissions.d/postfix +install -m 644 postfix-SUSE/sender_canonical %{buildroot}%{_sysconfdir}/postfix/sender_canonical +install -m 644 postfix-SUSE/relay %{buildroot}%{_sysconfdir}/postfix/relay +install -m 644 postfix-SUSE/relay_ccerts %{buildroot}%{_sysconfdir}/postfix/relay_ccerts +install -m 600 postfix-SUSE/sasl_passwd %{buildroot}%{_sysconfdir}/postfix/sasl_passwd +mkdir -p %{buildroot}%{_sysconfdir}/sasl2 +install -m 600 postfix-SUSE/smtpd.conf %{buildroot}%{_sysconfdir}/sasl2/smtpd.conf +install -m 644 postfix-SUSE/openssl_postfix.conf.in %{buildroot}%{_sysconfdir}/postfix/openssl_postfix.conf.in +install -m 755 postfix-SUSE/mkpostfixcert %{buildroot}%{_sbindir}/mkpostfixcert +{ +cat< %{buildroot}%{_sysconfdir}/postfix/main.cf +%{buildroot}%{_sbindir}/postconf -c %{buildroot}%{_sysconfdir}/postfix \ + -e "manpage_directory = %{_mandir}" \ + "setgid_group = %{pf_setgid_group}" \ + "mailq_path = %{pf_mailq_path}" \ + "newaliases_path = %{pf_newaliases_path}" \ + "sendmail_path = %{pf_sendmail_path}" \ + "readme_directory = %{pf_readme_directory}" \ + "html_directory = %{pf_html_directory}" \ + "sample_directory = %{pf_sample_directory}" \ + "daemon_directory = %{pf_daemon_directory}" \ + "smtpd_helo_required = yes" \ + "smtpd_delay_reject = yes" \ + "disable_vrfy_command = yes" \ + 'smtpd_banner = $myhostname ESMTP' +#Set Permissions +install -m 644 postfix-SUSE/postfix-files %{buildroot}%{pf_shlib_directory}/postfix-files +# create paranoid permissions file +printf '%%-38s %%-18s %%s\n' %{_sbindir}/postdrop "root.%{pf_setgid_group}" "0755" >> %{buildroot}%{_sysconfdir}/permissions.d/postfix.paranoid +printf '%%-38s %%-18s %%s\n' %{_sbindir}/postqueue "root.%{pf_setgid_group}" "0755" >> %{buildroot}%{_sysconfdir}/permissions.d/postfix.paranoid +install -m 644 include/*.h %{buildroot}%{_includedir}/postfix/ +# some rpmlint stuff +# remove unneeded examples/chroot-setup +for example in AIX42 BSDI* F* HPUX* IRIX* NETBSD1 NEXTSTEP3 OPENSTEP4 OSF1 Solaris*; do + rm examples/chroot-setup/${example} +done +cp -a examples/* %{buildroot}%{pf_sample_directory} +cp -a html/* %{buildroot}%{pf_html_directory} +cp -a auxiliary %{buildroot}%{pf_docdir} +rm %{buildroot}%{pf_docdir}/README_FILES/INSTALL +# Fix build for Leap 42.3. +rm -f %{buildroot}%{_sysconfdir}/postfix/*.orig +mkdir -p %{buildroot}%{_unitdir} +mkdir -p %{buildroot}%{pf_shlib_directory}/systemd +install -m 0644 postfix-SUSE/postfix.service %{buildroot}%{_unitdir}/postfix.service +install -m 0755 postfix-SUSE/config_postfix.systemd %{buildroot}%{pf_shlib_directory}/systemd/config_postfix +install -m 0755 postfix-SUSE/update_chroot.systemd %{buildroot}%{pf_shlib_directory}/systemd/update_chroot +install -m 0755 postfix-SUSE/update_postmaps.systemd %{buildroot}%{pf_shlib_directory}/systemd/update_postmaps +install -m 0755 postfix-SUSE/wait_qmgr.systemd %{buildroot}%{pf_shlib_directory}/systemd/wait_qmgr +install -m 0755 postfix-SUSE/cond_slp.systemd %{buildroot}%{pf_shlib_directory}/systemd/cond_slp +ln -sv %{_sbindir}/service %{buildroot}%{_sbindir}/rcpostfix +%fdupes %{buildroot}%{pf_docdir} +%fdupes %{buildroot}%{_mandir} +for path in %{buildroot}%{pf_shlib_directory}/libpostfix-*.so +do + test -e "$path" || continue + name=${path##*/} + cmp "$path" %{buildroot}%{_libdir}/$name || continue + rm -vf $path + ln -sf %{_libdir}/$name $path +done +# --------------------------------------------------------------------------- +install -m 755 %{SOURCE11} %{buildroot}%{_sbindir}/ +%if 0%{?suse_version} >= 1330 +mkdir -p %{buildroot}%{_sysusersdir} +install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/ +install -m 644 %{SOURCE13} %{buildroot}%{_sysusersdir}/ +%endif + +#Clean up for postfix-bdb +rm -rf %{buildroot}/etc/postfix/ldap_aliases.cf +rm -rf %{buildroot}/usr/lib/debug/usr/lib/postfix/postfix-ldap.so-3.5.8-2.11.1.x86_64.debug +rm -rf %{buildroot}/usr/lib/debug/usr/lib/postfix/postfix-mysql.so-3.5.8-2.11.1.x86_64.debug +rm -rf %{buildroot}/usr/lib/debug/usr/lib/postfix/postfix-pgsql.so-3.5.8-2.11.1.x86_64.debug +rm -rf %{buildroot}/usr/lib/postfix/postfix-ldap.so +rm -rf %{buildroot}/usr/lib/postfix/postfix-mysql.so +rm -rf %{buildroot}/usr/lib/postfix/postfix-pgsql.so +rm -rf %{buildroot}/usr/lib/sysusers.d/postfix-vmail-user.conf +rm -rf %{buildroot}/usr/share/doc/packages/postfix-doc/ +rm -rf %{buildroot}/%{_includedir}/postfix/ + +%if 0%{?suse_version} >= 1330 +%pre -f postfix.pre +%else +%pre +getent group postfix >/dev/null || groupadd -g %{pf_gid} -o -r postfix +getent group maildrop >/dev/null || groupadd -g %{maildrop_gid} -o -r maildrop +getent passwd postfix >/dev/null || useradd -r -o -g postfix -u %{pf_uid} -s /bin/false -c "Postfix Daemon" -d /%{pf_queue_directory} postfix +usermod -a -G %{maildrop_gid},%{mail_group} postfix +%endif + +%service_add_pre postfix.service + +VERSIONTEST=$(test -x usr/sbin/postconf && usr/sbin/postconf proxy_read_maps 2>/dev/null || :) +if [ -z "$VERSIONTEST" -a -f %{pf_queue_directory}/pid/master.pid ]; then + if checkproc -p %{pf_queue_directory}/pid/master.pid usr/lib/postfix/master; then + echo "postfix is still running. You have to stop postfix in order to" + echo "install a newer version." + exit 1 + fi +fi +# --------------------------------------------------------------------------- + +%preun +%stop_on_removal postfix +%service_del_preun postfix.service +# --------------------------------------------------------------------------- + +%post +# We never have to run suseconfig for postfix after installation +# We only start postfix own upgrade-configuration by update +if [ ${1:-0} -gt 1 ]; then + touch %{_localstatedir}/adm/postfix.configured + echo "Executing upgrade-configuration." + %{_sbindir}/postfix set-permissions upgrade-configuration setgid_group=%{pf_setgid_group} || : + if [ "$(%{_sbindir}/postconf -h daemon_directory)" != "%{pf_daemon_directory}" ]; then + %{_sbindir}/postconf daemon_directory=%{pf_daemon_directory} + fi +fi + +%service_add_post postfix.service + +%set_permissions %{_sbindir}/postqueue +%set_permissions %{_sbindir}/postdrop +%set_permissions %{_sysconfdir}/postfix/sasl_passwd +%set_permissions %{_sbindir}/sendmail + +%{fillup_only postfix} +%{fillup_only -an mail} +/sbin/ldconfig + +%verifyscript +%verify_permissions -e %{_sbindir}/postqueue +%verify_permissions -e %{_sbindir}/postdrop +%verify_permissions -e %{_sysconfdir}/postfix/sasl_passwd +%verify_permissions -e %{_sbindir}/sendmail + +%postun +%service_del_postun postfix.service +/sbin/ldconfig + +# --------------------------------------------------------------------------- + +%files +%license LICENSE +%config %{_sysconfdir}/pam.d/* +%{_fillupdir}/sysconfig.postfix +%{_fillupdir}/sysconfig.mail-postfix +%{_sbindir}/config.postfix +%dir %{_sysconfdir}/postfix +%config %{_sysconfdir}/postfix/main.cf.default +%config(noreplace) %{_sysconfdir}/postfix/[^mysql]*[^mysql] +%config(noreplace) %{_sysconfdir}/postfix/access +%config(noreplace) %{_sysconfdir}/postfix/aliases +%config(noreplace) %{_sysconfdir}/postfix/canonical +%config(noreplace) %{_sysconfdir}/postfix/header_checks +%config(noreplace) %{_sysconfdir}/postfix/helo_access +%config(noreplace) %{_sysconfdir}/postfix/main.cf +%config(noreplace) %{_sysconfdir}/postfix/master.cf +%attr(0750,root,root) %config %{_sysconfdir}/postfix/post-install +%attr(0750,root,root) %config %{_sysconfdir}/postfix/postfix-tls-script +%attr(0750,root,root) %config %{_sysconfdir}/postfix/postfix-wrapper +%attr(0750,root,root) %config %{_sysconfdir}/postfix/postmulti-script +%config(noreplace) %{_sysconfdir}/postfix/postfix-files +%config(noreplace) %{_sysconfdir}/postfix/relay +%config(noreplace) %{_sysconfdir}/postfix/relay_ccerts +%config(noreplace) %{_sysconfdir}/postfix/sasl_passwd +%config(noreplace) %{_sysconfdir}/postfix/sender_canonical +%config(noreplace) %{_sysconfdir}/postfix/virtual + +%dir %{_sysconfdir}/sasl2 +%config(noreplace) %{_sysconfdir}/sasl2/smtpd.conf +%config %{_sysconfdir}/postfix/LICENSE +%config %{_sysconfdir}/postfix/TLS_LICENSE +%config %{_sysconfdir}/permissions.d/postfix +%config %{_sysconfdir}/permissions.d/postfix.paranoid +%attr(0644, root, root) %config %{_sysconfdir}/postfix/makedefs.out +%{pf_shlib_directory}/postfix-files +# create our default postfix ssl DIR (/etc/postfix/ssl) +%dir %{_sysconfdir}/postfix/ssl +%dir %{_sysconfdir}/postfix/ssl/certs +%{_sysconfdir}/postfix/ssl/cacerts +%dir %{pf_shlib_directory}/systemd +%attr(0755,root,root) %{pf_shlib_directory}/systemd/* +%{_unitdir}/postfix.service +%verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postdrop +%verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postqueue +%{_bindir}/mailq +%{_bindir}/newaliases +%attr(0755,root,root) %{_sbindir}/sendmail +%attr(0755,root,root) %{_sbindir}/postalias +%attr(0755,root,root) %{_sbindir}/postcat +%attr(0755,root,root) %{_sbindir}/postconf +%attr(0755,root,root) %{_sbindir}/postfix +%attr(0755,root,root) %{_sbindir}/postkick +%attr(0755,root,root) %{_sbindir}/postlock +%attr(0755,root,root) %{_sbindir}/postlog +%attr(0755,root,root) %{_sbindir}/postmap +%attr(0755,root,root) %{_sbindir}/postmulti +%attr(0755,root,root) %{_sbindir}/postsuper +%attr(0755,root,root) %{_sbindir}/qmqp-source +%attr(0755,root,root) %{_sbindir}/smtp-sink +%attr(0755,root,root) %{_sbindir}/smtp-source +%attr(0755,root,root) %{_sbindir}/mkpostfixcert +%attr(0755,root,root) %{_sbindir}/check_mail_queue +%attr(0755,root,root) %{_sbindir}/config.postfix +%{_sbindir}/rcpostfix +%{_libdir}/lib* +%{_libexecdir}/sendmail +%dir %{pf_shlib_directory} +%{pf_shlib_directory}/*[^.so] +%{pf_shlib_directory}/postfix-pcre.so +%{pf_shlib_directory}/libpostfix-dns.so +%{pf_shlib_directory}/libpostfix-global.so +%{pf_shlib_directory}/libpostfix-master.so +%{pf_shlib_directory}/libpostfix-tls.so +%{pf_shlib_directory}/libpostfix-util.so +%{pf_shlib_directory}/main.cf.proto +%{pf_shlib_directory}/master.cf.proto + +%{conf_backup_dir} +%dir %attr(0700,postfix,root) %{pf_data_directory} +%exclude %{_mandir}/man5/ldap_table.5* +%exclude %{_mandir}/man5/lmdb_table.5* +%exclude %{_mandir}/man5/mysql_table.5* +%exclude %{_mandir}/man5/pgsql_table.5* +%{_mandir}/man?/*%{?ext_man} +%dir %attr(0755,root,root) /%{pf_queue_directory} +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/active +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/bounce +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/corrupt +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/defer +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/deferred +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/flush +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/hold +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/incoming +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/private +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/saved +%dir %attr(0700,postfix,root) /%{pf_queue_directory}/trace +%dir %attr(0730,postfix,maildrop) /%{pf_queue_directory}/maildrop +%dir %attr(0710,postfix,maildrop) /%{pf_queue_directory}/public +%if 0%{?suse_version} >= 1330 +%{_sysusersdir}/postfix-user.conf +%endif + +%if %{with lmdb} +%files lmdb +%{pf_shlib_directory}/postfix-lmdb.so +%{_mandir}/man5/lmdb_table.5%{?ext_man} +%endif + +%changelog diff --git a/postfix-main.cf.patch b/postfix-main.cf.patch index dad7975..f1c6c0f 100644 --- a/postfix-main.cf.patch +++ b/postfix-main.cf.patch @@ -1,8 +1,46 @@ -Index: conf/main.cf -=================================================================== ---- conf/main.cf.orig -+++ conf/main.cf -@@ -567,6 +567,7 @@ unknown_local_recipient_reject_code = 55 +--- conf/main.cf-orig 2020-11-26 19:22:10.273349060 +0100 ++++ conf/main.cf 2020-11-26 19:22:57.917974110 +0100 +@@ -278,7 +278,7 @@ + # + #mynetworks = 168.100.189.0/28, 127.0.0.0/8 + #mynetworks = $config_directory/mynetworks +-#mynetworks = hash:/etc/postfix/network_table ++#mynetworks = lmdb:/etc/postfix/network_table + + # The relay_domains parameter restricts what destinations this system will + # relay mail to. See the smtpd_recipient_restrictions description in +@@ -343,7 +343,7 @@ + # In the left-hand side, specify an @domain.tld wild-card, or specify + # a user@domain.tld address. + # +-#relay_recipient_maps = hash:/etc/postfix/relay_recipients ++#relay_recipient_maps = lmdb:/etc/postfix/relay_recipients + + # INPUT RATE CONTROL + # +@@ -398,8 +398,8 @@ + # "postfix reload" to eliminate the delay. + # + #alias_maps = dbm:/etc/aliases +-#alias_maps = hash:/etc/aliases +-#alias_maps = hash:/etc/aliases, nis:mail.aliases ++#alias_maps = lmdb:/etc/aliases ++#alias_maps = lmdb:/etc/aliases, nis:mail.aliases + #alias_maps = netinfo:/aliases + + # The alias_database parameter specifies the alias database(s) that +@@ -409,8 +409,8 @@ + # + #alias_database = dbm:/etc/aliases + #alias_database = dbm:/etc/mail/aliases +-#alias_database = hash:/etc/aliases +-#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases ++#alias_database = lmdb:/etc/aliases ++#alias_database = lmdb:/etc/aliases, lmdb:/opt/majordomo/aliases + + # ADDRESS EXTENSIONS (e.g., user+foo) + # +@@ -567,6 +567,7 @@ # #smtpd_banner = $myhostname ESMTP $mail_name #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) @@ -10,7 +48,7 @@ Index: conf/main.cf # PARALLEL DELIVERY TO THE SAME DESTINATION # -@@ -673,4 +674,140 @@ sample_directory = +@@ -673,4 +674,140 @@ # readme_directory: The location of the Postfix README files. # readme_directory = @@ -97,7 +135,7 @@ Index: conf/main.cf +smtp_tls_CApath = +smtp_tls_cert_file = +smtp_tls_key_file = -+#smtp_tls_policy_maps = hash:/etc/postfix/tls_policy ++#smtp_tls_policy_maps = lmdb:/etc/postfix/tls_policy +#smtp_tls_session_cache_timeout = 3600s +smtp_tls_session_cache_database = + @@ -113,9 +151,9 @@ Index: conf/main.cf +############################################################ +# Start MySQL from postfixwiki.org +############################################################ -+relay_domains = $mydestination, hash:/etc/postfix/relay ++relay_domains = $mydestination, lmdb:/etc/postfix/relay +#virtual_alias_domains = -+#virtual_alias_maps = hash:/etc/postfix/virtual ++#virtual_alias_maps = lmdb:/etc/postfix/virtual +#virtual_uid_maps = static:303 +#virtual_gid_maps = static:303 +#virtual_minimum_uid = 303 @@ -131,9 +169,9 @@ Index: conf/main.cf +#virtual_mailbox_limit_override = yes +### Needs Maildir++ compatible IMAP servers, like Courier-IMAP +#virtual_maildir_filter = yes -+#virtual_maildir_filter_maps = hash:/etc/postfix/vfilter ++#virtual_maildir_filter_maps = lmdb:/etc/postfix/vfilter +#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later. -+#virtual_maildir_limit_message_maps = hash:/etc/postfix/vmsg ++#virtual_maildir_limit_message_maps = lmdb:/etc/postfix/vmsg +#virtual_overquota_bounce = yes +#virtual_trash_count = yes +#virtual_trash_name = ".Trash" diff --git a/postfix.changes b/postfix.changes index e19f562..d473aae 100644 --- a/postfix.changes +++ b/postfix.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Tue Dec 8 13:36:35 UTC 2020 - Peter Varkoly + +- bsc#1176650 L3: What is regularly triggering the "fillup" + command and changing modify-time of /etc/sysconfig/postfix? + o Remove miss placed fillup_only call from %verifyscript + +------------------------------------------------------------------- +Thu Nov 26 15:30:10 UTC 2020 - Peter Varkoly + +- Remove Berkeley DB dependency (JIRA#SLE-12191) + The pacakges postfix is build without Berkely DB support. + lmdb will be used instead of BDB. + The pacakges postfix-bdb is build with Berkely DB support. + o add patch for main.cf for postfix-bdb package + postfix-bdb-main.cf.patch + ------------------------------------------------------------------- Sun Nov 8 20:59:23 UTC 2020 - Michael Ströder diff --git a/postfix.spec b/postfix.spec index c050604..45f5f6e 100644 --- a/postfix.spec +++ b/postfix.spec @@ -48,10 +48,8 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif %if 0%{?suse_version} >= 1320 || ( 0%{?suse_version} == 1315 && 0%{?is_opensuse} ) -%bcond_without lmdb %bcond_without libnsl %else -%bcond_with lmdb %bcond_with libnsl %endif %bcond_without ldap @@ -68,6 +66,7 @@ Source2: %{name}-SUSE.tar.gz Source3: %{name}-mysql.tar.bz2 #Source4: http://cdn.postfix.johnriley.me/mirrors/postfix-release/wietse.pgp#/postfix.keyring Source4: postfix.keyring +Source5: convert-bdb-to-lmdb.sh Source10: %{name}-rpmlintrc Source11: check_mail_queue Source12: postfix-user.conf @@ -84,7 +83,7 @@ Patch9: fix-postfix-script.patch Patch10: %{name}-avoid-infinit-loop-if-no-permission.patch BuildRequires: ca-certificates BuildRequires: cyrus-sasl-devel -BuildRequires: db-devel +#BuildRequires: db-devel BuildRequires: diffutils BuildRequires: fdupes BuildRequires: libicu-devel @@ -94,6 +93,7 @@ BuildRequires: mysql-devel %if %{with ldap} BuildRequires: openldap2-devel %endif +BuildRequires: lmdb-devel BuildRequires: pcre-devel BuildRequires: pkgconfig BuildRequires: postgresql-devel @@ -106,11 +106,11 @@ Requires(pre): %fillup_prereq Requires(pre): permissions Conflicts: exim Conflicts: sendmail +Conflicts: postfix-bdb +Provides: postfix-lmdb = %{version}-%{release} +Obsoletes: postfix-lmdb < %{version}-%{release} Provides: smtp_daemon %{?systemd_ordering} -%if %{with lmdb} -BuildRequires: lmdb-devel -%endif %if %{with libnsl} BuildRequires: libnsl-devel %endif @@ -180,18 +180,6 @@ This provides support for LDAP maps in Postfix. If you plan to use LDAP maps with Postfix, you need this. %endif -%if %{with lmdb} -%package lmdb -Summary: Postfix plugin to support LMDB maps -Group: Productivity/Networking/Email/Servers -Requires(pre): %{name} = %{version} - -%description lmdb -Postfix plugin to support LMDB maps. This library will be loaded -by starting %{name} if you'll access a postmap which is stored in -PostgreSQL. -%endif - %prep %setup -q -a 2 -a 3 %patch1 @@ -249,15 +237,15 @@ else export AUXLIBS_PGSQL="-lpq" fi # -%if %{with lmdb} export CCARGS="${CCARGS} -DHAS_LMDB -I/usr/local/include" \ export AUXLIBS_LMDB="-llmdb" -%endif # # TODO #export AUXLIBS_SQLITE #export AUXLIBS_CDB #export AUXLIBS_SDBM +# Remove berkeley DB +export CCARGS="${CCARGS} -DNO_DB" export PIE=-pie # using SHLIB_RPATH to specify unrelated linker flags, because LDFLAGS is @@ -412,6 +400,9 @@ mkdir -p %{buildroot}%{_sysusersdir} install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/ install -m 644 %{SOURCE13} %{buildroot}%{_sysusersdir}/ %endif +%if 0%{?suse_version} >= 1520 +install -m 0755 %{SOURCE5} %{buildroot}%{pf_daemon_directory} +%endif %if 0%{?suse_version} >= 1330 %pre -f postfix.pre @@ -503,6 +494,10 @@ if [ ${1:-0} -gt 1 ]; then if [ "$(%{_sbindir}/postconf -h daemon_directory)" != "%{pf_daemon_directory}" ]; then %{_sbindir}/postconf daemon_directory=%{pf_daemon_directory} fi +%if 0%{?suse_version} >= 1520 + #Replace berkely db + /usr/lib/postfix/bin/convert-bdb-to-lmdb.sh +%endif fi %service_add_post %{name}.service @@ -521,7 +516,6 @@ fi %verify_permissions -e %{_sbindir}/postdrop %verify_permissions -e %{_sysconfdir}/%{name}/sasl_passwd %verify_permissions -e %{_sbindir}/sendmail -%{fillup_only postfix} %postun %service_del_postun %{name}.service @@ -614,6 +608,7 @@ fi %dir %{pf_shlib_directory} %{pf_shlib_directory}/*[^.so] %{pf_shlib_directory}/%{name}-pcre.so +%{pf_shlib_directory}/%{name}-lmdb.so %{pf_shlib_directory}/lib%{name}-dns.so %{pf_shlib_directory}/lib%{name}-global.so %{pf_shlib_directory}/lib%{name}-master.so @@ -625,7 +620,6 @@ fi %{conf_backup_dir} %dir %attr(0700,%{name},root) %{pf_data_directory} %exclude %{_mandir}/man5/ldap_table.5* -%exclude %{_mandir}/man5/lmdb_table.5* %exclude %{_mandir}/man5/mysql_table.5* %exclude %{_mandir}/man5/pgsql_table.5* %{_mandir}/man?/*%{?ext_man} @@ -675,10 +669,4 @@ fi %{_mandir}/man5/ldap_table.5%{?ext_man} %endif -%if %{with lmdb} -%files lmdb -%{pf_shlib_directory}/%{name}-lmdb.so -%{_mandir}/man5/lmdb_table.5%{?ext_man} -%endif - %changelog diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..5be1a61 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +echo -n "Generating postfix-bdb " + +cp postfix.changes postfix-bdb.changes +VERSION=$(awk '/^Version/ {print $2; exit;} {next;};' < postfix.spec) +perl -pi -e "s/^Version:.*/Version: $VERSION/" postfix-bdb.spec +echo "Done."