- update to 3.8.0
* Support to look up DNS SRV records in the Postfix SMTP/LMTP
client, Based on code by Tomas Korbar (Red Hat). For example,
with "use_srv_lookup = submission" and "relayhost =
example.com:submission", the Postfix SMTP client will look up
DNS SRV records for _submission._tcp.example.com, and will relay
email through the hosts and ports that are specified with those
records.
* TLS obsolescence: Postfix now treats the "export" and "low"
cipher grade settings as "medium". The "export" and "low" grades
are no longer supported in OpenSSL 1.1.1, the minimum version
required in Postfix 3.6.0 and later. Also, Postfix default
settings now exclude deprecated or unused ciphers (SEED, IDEA,
3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms
(DH, ECDH), and public key algorithm (DSS).
* Attack resistance: the Postfix SMTP server can now aggregate
smtpd_client_*_rate and smtpd_client_*_count statistics by
network block instead of by IP address, to raise the bar against
a memory exhaustion attack in the anvil(8) server; Postfix TLS
support unconditionally disables TLS renegotiation in the middle
of an SMTP connection, to avoid a CPU exhaustion attack.
* The PostgreSQL client encoding is now configurable with the
"encoding" Postfix configuration file attribute. The default
is "UTF8". Previously the encoding was hard-coded as "LATIN1",
which is not useful in the context of SMTP.
* The postconf command now warns for #comment in or after a Postfix
parameter value. Postfix programs do not support #comment after
other text, and treat that as input.
- rebase/refresh patches
* pointer_to_literals.patch
* postfix-linux45.patch
* postfix-master.cf.patch
* postfix-ssl-release-buffers.patch
* set-default-db-type.patch
OBS-URL: https://build.opensuse.org/request/show/1080180
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=454
- update to 3.1.0
- Since version 3.0 postfix supports dynamic loading of cdb:, ldap:,
lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients.
Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch
could be removed.
- Adapting all the patches to postfix 3.1.0
- The patch postfix-db6.diff is not more neccessary
- Backwards-compatibility safety net.
With NEW Postfix installs, you MUST install a main.cf file with
the setting "compatibility_level = 2". See conf/main.cf for an
example.
With UPGRADES of existing Postfix systems, you MUST NOT change the
main.cf compatibility_level setting, nor add this setting if it
does not exist.
Several Postfix default settings have changed with Postfix 3.0. To
avoid massive frustration with existing Postfix installations,
Postfix 3.0 comes with a safety net that forces Postfix to keep
running with backwards-compatible main.cf and master.cf default
settings. This safety net depends on the main.cf compatibility_level
setting (default: 0). Details are in COMPATIBILITY_README.
- Major changes - tls
* [Feature 20160207] A new "postfix tls" command to quickly enable
opportunistic TLS in the Postfix SMTP client or server, and to
manage SMTP server keys and certificates, including certificate
signing requests and TLSA DNS records for DANE.
* As of the middle of 2015, all supported Postfix releases no longer
nable "export" grade ciphers for opportunistic TLS, and no longer
use the deprecated SSLv2 and SSLv3 protocols for mandatory or
OBS-URL: https://build.opensuse.org/request/show/373635
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
* TLS
o Support for PKI-less TLS server certificate verification, where
the CA public key or the server certificate is identified via DNSSEC lookup
* LMDB database support
* master
o The master_service_disable parameter value syntax has changed:
use "service/type" instead of "service.type".
* postconf:
o Support for advanced master.cf query and update operations.
This was implemented primarily to support automated system management tools.
o The postconf command produces more warnings
* relay safety
New smtpd_relay_restrictions parameter built-in default settings:
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
defer_unauth_destination
* postscreen whitelisting
Allow a remote SMTP client to skip postscreen(8) tests based on
its postscreen_dnsbl_sites score.
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=180
* DNSBL/DNSWL:
o Support for address patterns in DNS blacklist and whitelist lookup results.
o The Postfix SMTP server now supports DNS-based whitelisting with several safety features
* Support for read-only sqlite database access.
* Alias expansion:
o Postfix now reports a temporary delivery error when the result
of virtual alias expansion would exceed the virtual_alias_recursion_limit
or virtual_alias_expansion_limit.
o To avoid repeated delivery to mailing lists with pathological
nested alias configurations, the local(8) delivery agent now keeps
the owner-alias attribute of a parent alias, when delivering mail
to a child alias that does not have its own owner alias.
* The Postfix SMTP client no longer appends the local domain when
looking up a DNS name without ".".
* The SMTP server now supports contact information that is appended
to "reject" responses: smtpd_reject_footer
* Postfix by default no longer adds a "To: undisclosed-recipients:;"
header when no recipient specified in the message header.
* tls support:
o The Postfix SMTP server now always re-computes the SASL mechanism
list after successful completion of the STARTTLS command.
o The smtpd_starttls_timeout default value is now stress-dependent.
o Postfix no longer appends the system-supplied default CA certificates
to the lists specified with *_tls_CAfile or with *_tls_CApath.
* New feature: Prototype postscreen(8) server that runs a number
of time-consuming checks in parallel for all incoming SMTP connections,
before clients are allowed to talk to a real Postfix SMTP server.
It detects clients that start talking too soon, or clients that appear
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=62
