- Update to 3.4.4
o Incompatible changes
- The Postfix SMTP server announces CHUNKING (BDAT
command) by default. In the unlikely case that this breaks some
important remote SMTP client, disable the feature as follows:
/etc/postfix/main.cf:
# The logging alternative:
smtpd_discard_ehlo_keywords = chunking
# The non-logging alternative:
smtpd_discard_ehlo_keywords = chunking, silent_discard
- This introduces a new master.cf service 'postlog'
with type 'unix-dgram' that is used by the new postlogd(8) daemon.
Before backing out to an older Postfix version, edit the master.cf
file and remove the postlog entry.
- Postfix 3.4 drops support for OpenSSL 1.0.1
- To avoid performance loss under load, the
tlsproxy(8) daemon now requires a zero process limit in master.cf
(this setting is provided with the default master.cf file). By
default, a tlsproxy(8) process will retire after several hours.
- To set the tlsproxy process limit to zero:
postconf -F tlsproxy/unix/process_limit=0
postfix reload
o Major changes
- Postfix SMTP server support for RFC 3030 CHUNKING
(the BDAT command) without BINARYMIME, in both smtpd(8) and
postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions,
and smtpd_proxy_filter. See BDAT_README for more.
- Support for logging to file or stdout, instead of using syslog.
- Logging to file solves a usability problem for MacOS, and
OBS-URL: https://build.opensuse.org/request/show/686001
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=328
- Refresh spec-file via spec-cleaner and manual optinizations.
* Add %license macro.
* Set license to IPL-1.0 OR EPL-2.0.
- Update to 3.3.0
* http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.0.RELEASE_NOTES
* Dual license: in addition to the historical IBM Public License
1.0, Postfix is now also distributed with the more recent Eclipse
Public License 2.0. Recipients can choose to take the software
under the license of their choice. Those who are more comfortable
with the IPL can continue with that license.
* The postconf command now warns about unknown parameter names
in a Postfix database configuration file. As with other unknown
parameter names, these warnings can help to find typos early.
* Container support: Postfix 3.3 will run in the foreground with
"postfix start-fg". This requires that Postfix multi-instance
support is disabled (the default). To collect Postfix syslog
information on the container's host, mount the host's /dev/log
socket into the container, for example with "docker run -v
/dev/log:/dev/log ...other options...", and specify a distinct
Postfix syslog_name setting in the container (for example with
"postconf syslog_name=the-name-here").
* Milter support: applications can now send RET and ENVID parameters
in SMFIR_CHGFROM (change envelope sender) requests.
* Postfix-generated From: headers with 'full name' information
are now formatted as "From: name <address>" by default. Specify
"header_from_format = obsolete" to get the earlier form "From:
address (name)".
* Interoperability: when Postfix IPv6 and IPv4 support are both
enabled, the Postfix SMTP client will now relax MX preferences
and attempt to schedule similar numbers of IPv4 and IPv6
addresses. This works around mail delivery problems when a
destination announces lots of primary MX addresses on IPv6, but
is reachable only over IPv4 (or vice versa). The new behavior
is controlled with the smtp_balance_mx_inet_protocols parameter.
* Compatibility safety net: with compatibility_level < 1, the
Postfix SMTP server now warns for mail that would be blocked
by the Postfix 2.10 smtpd_relay_restrictions feature, without
blocking that mail. There still is a steady trickle of sites
that upgrade from an earlier Postfix version.
OBS-URL: https://build.opensuse.org/request/show/585926
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=294
- update to 3.2.4
* DANE interoperability. Postfix builds with OpenSSL 1.0.0 or
1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS
records associated with an intermediate CA certificate. Problem
report and initial fix by Erwan Legrand.
* Missing dynamicmaps support in the Postfix sendmail command.
This broke authorized_submit_users settings that use a
dynamically-loaded map type. Problem reported by Ulrich Zehl.
OBS-URL: https://build.opensuse.org/request/show/537545
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=284
- update to 3.2.3
* Extension propagation was broken with "recipient_delimiter = .".
This change reverts a change that was trying to be too clever.
* The postqueue command would abort with a panic message after it
experienced an output write error while listing the mail queue.
This change restores a write error check that was lost with the
Postfix 3.2 rewrite of the vbuf_print formatter.
* Restored sanity checks for dynamically-specified width and precision
in format strings (%*, %.*, and %*.*). These checks were lost with
the Postfix 3.2 rewrite of the vbuf_print formatter.
OBS-URL: https://build.opensuse.org/request/show/528692
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=275
- update to 3.1.4
* The postscreen daemon did not merge the client test status information
for concurrent sessions from the same IP address.
* The Postfix SMTP server falsely rejected a sender address when validating
a sender address with "smtpd_reject_unlisted_recipient = yes" or with
"reject_unlisted_sender". Cause: the address validation code did not query sender_canonical_maps.
* The virtual delivery agent did not detect failure to skip to the end
of a mailbox file, so that mail would be delivered to the beginning of the file.
This could happen when a mailbox file was already larger than the virtual mailbox size limit.
* The postsuper logged an incorrect rename operation count after creating a missing directory.
* The Postfix SMTP server falsely rejected mail when a sender-dependent "error"
transport was configured. Cause: the SMTP server address validation code
was not updated when the sender_dependent_default_transport_maps feature
was introduced.
* The Postfix SMTP server falsely rejected an SMTPUTF8 sender address, when "smtpd_delay_reject = no".
* The "postfix tls deploy-server-cert" command used the wrong certificate
and key file. This was caused by a cut-and-paste error in the postfix-tls-script file.
OBS-URL: https://build.opensuse.org/request/show/448623
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=247
- bnc#981097 config.postfix creates broken main.cf for tls client configuration
- bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete
- update to 3.1.1:
- The new address_verify_pending_request_limit
parameter introduces a safety limit for the number of address
verification probes in the active queue. The default limit is 1/4
of the active queue maximum size. The queue manager enforces the
limit by tempfailing probe messages that exceed the limit. This
design avoids dependencies on global counters that get out of sync
after a process or system crash.
- Machine-readable, JSON-formatted queue listing with "postqueue -j"
(no "mailq" equivalent).
- The milter_macro_defaults feature provides an optional list of macro
name=value pairs. These specify default values for Milter macros when
no value is available from the SMTP session context.
- Support to enforce a destination-independent delay between email
deliveries. The following example inserts 20 seconds of delay
between all deliveries with the SMTP transport, limiting the delivery
rate to at most three messages per minute.
smtp_transport_rate_delay = 20s
- Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes
that a "not found" result from a DNSBL server will be valid for one
hour. This may have been adequate five years ago when postscreen
was first implemented, but nowadays, that one hour can result in
missed opportunities to block new spambots.
To address this, postscreen now respects the TTL of DNSBL "not
found" replies, as well as the TTL of DNSWL replies (both "found"
and "not found"). The TTL for a "not found" reply is determined
according to RFC 2308 (the TTL of an SOA record in the reply).
Support for DNSBL or DNSWL reply TTL values is controlled by two
OBS-URL: https://build.opensuse.org/request/show/397601
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=235
- fix build on sle11 by pointing _libexecdir to /usr/lib all the
time.
- some distros did not pull pkgconfig indirectly. pull it directly.
- fix building the dynamic maps: the old build had postgresql e.g.
with missing symbols.
- convert to AUXLIBS_* instead of plain AUXLIBS which is needed
for proper dynamic maps.
- reordered the CCARGS and AUXLIBS* lines to group by feature
- use pkgconfig or *_config tools where possible
- picked up signed char from fedora spec file
- enable lmdb support: new BR lmdb-devel, new subpackage
postfix-lmdb.
- don't delete vmail user/groups
OBS-URL: https://build.opensuse.org/request/show/376737
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=233
- update to 3.1.0
- Since version 3.0 postfix supports dynamic loading of cdb:, ldap:,
lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients.
Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch
could be removed.
- Adapting all the patches to postfix 3.1.0
- The patch postfix-db6.diff is not more neccessary
- Backwards-compatibility safety net.
With NEW Postfix installs, you MUST install a main.cf file with
the setting "compatibility_level = 2". See conf/main.cf for an
example.
With UPGRADES of existing Postfix systems, you MUST NOT change the
main.cf compatibility_level setting, nor add this setting if it
does not exist.
Several Postfix default settings have changed with Postfix 3.0. To
avoid massive frustration with existing Postfix installations,
Postfix 3.0 comes with a safety net that forces Postfix to keep
running with backwards-compatible main.cf and master.cf default
settings. This safety net depends on the main.cf compatibility_level
setting (default: 0). Details are in COMPATIBILITY_README.
- Major changes - tls
* [Feature 20160207] A new "postfix tls" command to quickly enable
opportunistic TLS in the Postfix SMTP client or server, and to
manage SMTP server keys and certificates, including certificate
signing requests and TLSA DNS records for DANE.
* As of the middle of 2015, all supported Postfix releases no longer
nable "export" grade ciphers for opportunistic TLS, and no longer
use the deprecated SSLv2 and SSLv3 protocols for mandatory or
OBS-URL: https://build.opensuse.org/request/show/373635
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
* Fix for DMARC implementations based on SPF policy plus DKIM Milter.
* The Postfix SMTP server logged an incorrect client name in reject
messages for check_reverse_client_hostname_access and check_reverse_client_hostname_{mx,ns}_access.
* The qmqpd daemon crashed with null pointer bug when logging a lost connection while not in a mail transaction.
* The TLS client logged that an anonymous TLS connection was "Untrusted", instead of "Anonymous".
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=230
- Bugfix (introduced: Postfix 2.6):
sender_dependent_relayhost_maps ignored the relayhost setting
in the case of a DUNNO lookup result. It would use the
recipient domain instead. Viktor Dukhovni. Wietse took the
pieces of code that enforce the precedence of a
sender-dependent relayhost, the global relayhost, and the
recipient domain, and put that code together in once place so
that it is easier to maintain. File:
trivial-rewrite/resolve.c.
- Bitrot: prepare for future changes in OpenSSL API. Viktor
Dukhovni. File: tls_dane.c.
- Incompatibility: specifying "make makefiles" with "CC=command"
will no longer override the default WARN setting.
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=216