SHA256
1
0
forked from pool/postfix
postfix/postfix.changes

5907 lines
247 KiB
Plaintext
Raw Normal View History

-------------------------------------------------------------------
Tue Jun 18 18:15:47 UTC 2024 - chris@computersalat.de
- fix for Invalid cross-device link
* failed to create hard link 'etc/localtime' => '/usr/share/zoneinfo/Etc/UTC'
-------------------------------------------------------------------
Tue Jun 11 11:57:53 UTC 2024 - Adam Majer <adam.majer@suse.de>
- Set built-in path values to suse values (bsc#1215689)
-------------------------------------------------------------------
Mon May 20 20:45:06 UTC 2024 - chris@computersalat.de
- Update update_chroot.systemd
* Add missing checks for DKIM (openDKIM)
- keep spec and changes files in sync
-------------------------------------------------------------------
Fri May 17 11:42:53 UTC 2024 - Peter Varkoly <varkoly@suse.com>
- config.postfix needs updating (bsc#1224207)
* chkconfig -> systemctl
* Link Cyrus lmtp only if this exsists
* /usr/lib64/sasl2 does not need to exist
* Fetch timezone via readlink from /etc/localtime
-------------------------------------------------------------------
Fri Apr 5 01:44:30 UTC 2024 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
- Move qshape(1) out of -doc, install it as a binary with the main package
Accepting request 1156371 from home:adkorte:branches:server:mail - update to 3.9.0 * As described in DEPRECATION_README, the SMTP server features "permit_naked_ip_address", "check_relay_domains", and "reject_maps_rbl" have been removed, after they have been logging a warning for some 20 years. These features now log a warning and return a "server configuration error" response. * The MySQL client no longer supports MySQL versions < 4.0. MySQL version 4.0 was released in 2003. * As covered in DEPRECATION_README, the configuration parameter "disable_dns_lookup" and about a dozen TLS-related parameters are now officially obsolete. These parameters still work, but the postconf command logs warnings that they will be removed from Postfix. * As covered in DEPRECATION_README, "permit_mx_backup" logs a warning that it will be removed from Postfix. * In message headers, Postfix now formats numerical days as two-digit days, i.e. days 1-9 have a leading zero instead of a leading space. This change was made because the RFC 5322 date and time specification recommends (i.e. SHOULD) that a single space be used in each place that folding white space appears. This change avoids a breaking change in the length of a date string. * The MySQL client default characterset is now configurable with the "charset" configuration file attribute. The default is "utf8mb4", consistent with the MySQL 8.0 built-in default, but different from earlier MySQL versions where the built-in default was "latin1". * Support to query MongoDB databases, contributed by Hamid Maadani, based on earlier code by Stephan Ferraro. See MONGODB_README and mongodb_table(5) * The RFC 3461 envelope ID is now exported in the local(8) delivery agent with the ENVID environment variable, and in the pipe(8) delivery agent with the ${envid} command-line attribute. * Configurable idle and retry timer settings in the mysql: and pgsql: clients. A shorter than default retry timer can sped up the recovery after error, when Postfix is configured with only one server in the "hosts" attribute. After the code was frozen for release, we have learned that Postfix can recover faster from some errors when the single server is specified multiple times in the "hosts" attribute. * Optional Postfix TLS support to request an RFC7250 raw public key instead of an X.509 public-key certificate. The configuration settings for raw key public support will be ignored when there is no raw public key support in the local TLS implementation (i.e. Postfix with OpenSSL versions before 3.2). See RELEASE_NOTES for more information. * Preliminary support for OpenSSL configuration files, primarily OpenSSL 1.1.1b and later. This introduces two new parameters "tls_config_file" and "tls_config_name", which can be used to limit collateral damage from OS distributions that crank up security to 11, increasing the number of plaintext email deliveries. Details are in the postconf(5) manpage under "tls_config_file" and "tls_config_name". * With "smtpd_forbid_unauth_pipelining = yes" (the default), Postfix defends against multiple "blind" SMTP attacks. This feature was back-ported to older stable releases but disabled by default. * With "smtpd_forbid_bare_newline = normalize" (the default) Postfix defends against SMTP smuggling attacks. See RELEASE_NOTES for details. This feature was back-ported to older stable releases but disabled by default. * Prevent outbound SMTP smuggling, where an attacker uses Postfix to send email containing a non-standard End-of-DATA sequence, to exploit inbound SMTP smuggling at a vulnerable remote SMTP server. With "cleanup_replace_stray_cr_lf = yes" (the default), the cleanup daemon replaces each stray <CR> or <LF> character in message content with a space character. This feature was back-ported to older stable releases with identical functionality. * The Postfix DNS client now limits the total size of DNS lookup results to 100 records; it drops the excess records, and logs a warning. This limit is 20x larger than the number of server addresses that the Postfix SMTP client is willing to consider when delivering mail, and is far below the number of records that could cause a tail recursion crash in dns_rr_append() as reported by Toshifumi Sakaguchi. This also introduces a similar limit on the number of DNS requests that a check_*_*_access restriction can make. All this was back-ported to older stable releases with identical functionality. - refreshed patch: % postfix-no-md5.patch - change obsoleted "disable_dns_lookups" to "smtp_dns_support_level" % postfix-SUSE.tar.gz % postfix-main.cf.patch % postfix-master.cf.patch OBS-URL: https://build.opensuse.org/request/show/1156371 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=481
2024-05-14 15:19:15 +02:00
-------------------------------------------------------------------
Thu Mar 7 18:42:30 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
- update to 3.9.0
* As described in DEPRECATION_README, the SMTP server features
"permit_naked_ip_address", "check_relay_domains", and
"reject_maps_rbl" have been removed, after they have been logging
a warning for some 20 years. These features now log a warning
and return a "server configuration error" response.
* The MySQL client no longer supports MySQL versions < 4.0. MySQL
version 4.0 was released in 2003.
* As covered in DEPRECATION_README, the configuration parameter
"disable_dns_lookup" and about a dozen TLS-related parameters
are now officially obsolete. These parameters still work, but
the postconf command logs warnings that they will be removed
from Postfix.
* As covered in DEPRECATION_README, "permit_mx_backup" logs a
warning that it will be removed from Postfix.
* In message headers, Postfix now formats numerical days as
two-digit days, i.e. days 1-9 have a leading zero instead of a
leading space. This change was made because the RFC 5322 date
and time specification recommends (i.e. SHOULD) that a single
space be used in each place that folding white space appears.
This change avoids a breaking change in the length of a date
string.
* The MySQL client default characterset is now configurable with
the "charset" configuration file attribute. The default is
"utf8mb4", consistent with the MySQL 8.0 built-in default, but
different from earlier MySQL versions where the built-in default
was "latin1".
* Support to query MongoDB databases, contributed by Hamid Maadani,
based on earlier code by Stephan Ferraro. See MONGODB_README
and mongodb_table(5)
* The RFC 3461 envelope ID is now exported in the local(8) delivery
agent with the ENVID environment variable, and in the pipe(8)
delivery agent with the ${envid} command-line attribute.
* Configurable idle and retry timer settings in the mysql: and
pgsql: clients. A shorter than default retry timer can sped up
the recovery after error, when Postfix is configured with only
one server in the "hosts" attribute. After the code was frozen
for release, we have learned that Postfix can recover faster
from some errors when the single server is specified multiple
times in the "hosts" attribute.
* Optional Postfix TLS support to request an RFC7250 raw public
key instead of an X.509 public-key certificate. The configuration
settings for raw key public support will be ignored when there
is no raw public key support in the local TLS implementation
(i.e. Postfix with OpenSSL versions before 3.2). See RELEASE_NOTES
for more information.
* Preliminary support for OpenSSL configuration files, primarily
OpenSSL 1.1.1b and later. This introduces two new parameters
"tls_config_file" and "tls_config_name", which can be used to
limit collateral damage from OS distributions that crank up
security to 11, increasing the number of plaintext email
deliveries. Details are in the postconf(5) manpage under
"tls_config_file" and "tls_config_name".
* With "smtpd_forbid_unauth_pipelining = yes" (the default),
Postfix defends against multiple "blind" SMTP attacks. This
feature was back-ported to older stable releases but disabled
by default.
* With "smtpd_forbid_bare_newline = normalize" (the default)
Postfix defends against SMTP smuggling attacks. See RELEASE_NOTES
for details. This feature was back-ported to older stable
releases but disabled by default.
* Prevent outbound SMTP smuggling, where an attacker uses Postfix
to send email containing a non-standard End-of-DATA sequence,
to exploit inbound SMTP smuggling at a vulnerable remote SMTP
server. With "cleanup_replace_stray_cr_lf = yes" (the default),
the cleanup daemon replaces each stray <CR> or <LF> character
in message content with a space character. This feature was
back-ported to older stable releases with identical functionality.
* The Postfix DNS client now limits the total size of DNS lookup
results to 100 records; it drops the excess records, and logs
a warning. This limit is 20x larger than the number of server
addresses that the Postfix SMTP client is willing to consider
when delivering mail, and is far below the number of records
that could cause a tail recursion crash in dns_rr_append() as
reported by Toshifumi Sakaguchi. This also introduces a similar
limit on the number of DNS requests that a check_*_*_access
restriction can make. All this was back-ported to older stable
releases with identical functionality.
- refreshed patch:
% postfix-no-md5.patch
- change obsoleted "disable_dns_lookups" to "smtp_dns_support_level"
% postfix-SUSE.tar.gz
% postfix-main.cf.patch
% postfix-master.cf.patch
Accepting request 1155290 from home:adkorte:branches:server:mail - update to 3.8.6 * Bugfix (defect introduced: Postfix 2.3, date 20051222): the Dovecot auth client did not reset the 'reason' from a previous Dovecot auth service response, before parsing the next Dovecot auth server response in the same SMTP session, resulting in a nonsensical "authentication failed" warning message. Reported by Stephan Bosch. * Bugfix (defect introduced: Postfix 3.1, date: 20151128): "postqueue -j" produced broken JSON when escaping a control character as \uXXXX. Found during code maintenance. * Cleanup: this fixes posttls-finger certificate match expectations for all TLS security levels, including warnings for levels that don't implement certificate matching. By Viktor Dukhovni. * Bugfix (defect introduced: Postfix 2.3): after prepending a header at the top of a message (with an access(5), header_checks(5) or Milter action), the Postfix Milter "delete header" or "update header" action was skipping the prepended header, instead of skipping the Postfix-generated Received: header. Problem report by Carlos Velasco. * Workaround: tlsmgr logfile spam. Reportedly, some OS lies under load: it says that a socket is readable, then it says that the socket has unread data, and then it says that read returns EOF, causing Postfix to spam the log with a warning message. * Bugfix (defect introduced: Postfix 3.4): the SMTP server's BDAT command handler could be tricked to read $message_size_limit bytes into memory. Found during code maintenance. * Safety: limit the total size of DNS lookup results to 100 records; drop the excess records, and log a warning. This limit is 20x larger than the number of server addresses that the Postfix SMTP client is willing to consider when delivering mail, and is far below the number of records that could cause a tail recursion crash in dns_rr_append() as reported by Toshifumi Sakaguchi. This fix also limits the number of DNS requests that a check_*_*_access restriction can make. * Performance, related to the previous problem: eliminate worst-case behavior where the queue manager could defer delivery to all destinations over a specific delivery transport, after only a single delivery agent crash. The scheduler now throttles deliveries to one destination, and allows other deliveries to keep making progress. - change to functioning mirror (http://cdn.postfix.johnriley.me/ has been dead for a while although it is still listed upstream) - make output of %setup less verbose by restoring -q option OBS-URL: https://build.opensuse.org/request/show/1155290 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=477
2024-03-06 15:51:10 +01:00
-------------------------------------------------------------------
Tue Mar 5 16:46:16 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
- update to 3.8.6
* Bugfix (defect introduced: Postfix 2.3, date 20051222): the
Dovecot auth client did not reset the 'reason' from a previous
Dovecot auth service response, before parsing the next Dovecot
auth server response in the same SMTP session, resulting in a
nonsensical "authentication failed" warning message. Reported
by Stephan Bosch.
* Bugfix (defect introduced: Postfix 3.1, date: 20151128):
"postqueue -j" produced broken JSON when escaping a control
character as \uXXXX. Found during code maintenance.
* Cleanup: this fixes posttls-finger certificate match expectations
for all TLS security levels, including warnings for levels that
don't implement certificate matching. By Viktor Dukhovni.
* Bugfix (defect introduced: Postfix 2.3): after prepending a
header at the top of a message (with an access(5), header_checks(5)
or Milter action), the Postfix Milter "delete header" or "update
header" action was skipping the prepended header, instead of
skipping the Postfix-generated Received: header. Problem report
by Carlos Velasco.
* Workaround: tlsmgr logfile spam. Reportedly, some OS lies under
load: it says that a socket is readable, then it says that the
socket has unread data, and then it says that read returns EOF,
causing Postfix to spam the log with a warning message.
* Bugfix (defect introduced: Postfix 3.4): the SMTP server's BDAT
command handler could be tricked to read $message_size_limit
bytes into memory. Found during code maintenance.
* Safety: limit the total size of DNS lookup results to 100
records; drop the excess records, and log a warning. This limit
is 20x larger than the number of server addresses that the
Postfix SMTP client is willing to consider when delivering mail,
and is far below the number of records that could cause a tail
recursion crash in dns_rr_append() as reported by Toshifumi
Sakaguchi. This fix also limits the number of DNS requests that
a check_*_*_access restriction can make.
* Performance, related to the previous problem: eliminate worst-case
behavior where the queue manager could defer delivery to all
destinations over a specific delivery transport, after only a
single delivery agent crash. The scheduler now throttles
deliveries to one destination, and allows other deliveries to
keep making progress.
- change to functioning mirror (http://cdn.postfix.johnriley.me/
has been dead for a while although it is still listed upstream)
- make output of %setup less verbose by restoring -q option
-------------------------------------------------------------------
Tue Mar 5 12:19:01 UTC 2024 - Peter Varkoly <varkoly@suse.com>
- %autosetup does not works with multiple -a.
https://github.com/rpm-software-management/rpm/issues/1204
-------------------------------------------------------------------
Thu Feb 29 14:40:38 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
-------------------------------------------------------------------
Tue Jan 23 18:24:16 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
- update to 3.8.5
* Security: this release improves support to defend against an email
spoofing attack (SMTP smuggling) on recipients at a Postfix server.
For background, see https://www.postfix.org/smtp-smuggling.html.
-------------------------------------------------------------------
Sat Jan 6 22:41:09 UTC 2024 - chris@computersalat.de
- rework fix for bsc#1192173: keep myhostname and mydestination
patched, but with upstream default to have them in correct place
when updated via config.postfix
- rework SMTP Smuggling defaults
* yes is now alias of 'normalize'
smtpd_forbid_bare_newline = normalize
* another new option is 'reject' wich should be used in connection
with
smtpd_forbid_bare_newline_reject_code = 521
- rework patches
* postfix-bdb-main.cf.patch
* postfix-main.cf.patch
- rebase patches
* postfix-linux45.patch
* postfix-ssl-release-buffers.patch
* postfix-vda-v14-3.0.3.patch
* set-default-db-type.patch
- sync changes files
* add missing entries in postfix-bdb.changes
-------------------------------------------------------------------
Thu Dec 28 07:57:23 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update default configuration to enable the long-term fix for
bsc#1218304, bsc#1218314 CVE-2023-51764, SMTP smuggling attack:
* smtpd_forbid_bare_newline = yes
* smtpd_forbid_bare_newline_exclusions = $mynetworks
-------------------------------------------------------------------
Fri Dec 22 17:57:57 UTC 2023 - Arjen de Korte <suse+build@de-korte.org>
- update to 3.8.4 (bsc#1218304, CVE-2023-51764):
* Security: this release adds support to defend
against an email spoofing attack (SMTP smuggling) on
recipients at a Postfix server. For background, see
https://www.postfix.org/smtp-smuggling.html
-------------------------------------------------------------------
Fri Nov 3 14:55:20 UTC 2023 - Arjen de Korte <suse+build@de-korte.org>
- update to 3.8.3
* Bugfix (defect introduced Postfix 2.5, date 20080104): the
Postfix SMTP server was waiting for a client command instead
of replying immediately, after a client certificate verification
error in TLS wrappermode. Reported by Andreas Kinzler.
* Usability: the Postfix SMTP server (finally) attempts to log
the SASL username after authentication failure. In Postfix
logging, this appends ", sasl_username=xxx" after the reason
for SASL authentication failure. The logging replaces an
unavailable reason with "(reason unavailable)", and replaces
an unavailable sasl_username with "(unavailable)". Based on
code by Jozsef Kadlecsik.
* Compatibility bugfix (defect introduced: Postfix 2.11, date
20130405): in forward_path, the expression ${recipient_delimiter}
would expand to an empty string when a recipient address had
no recipient delimiter. The compatibility fix is to use a
configured recipient delimiter value instead. Reported by Tod
A. Sandman.
-------------------------------------------------------------------
Mon Oct 23 07:43:31 UTC 2023 - Peter Varkoly <varkoly@suse.com>
- Syntax error in update_postmaps script (bsc#1216061)
-------------------------------------------------------------------
Mon Sep 18 12:38:19 UTC 2023 - Peter Varkoly <varkoly@suse.com>
- postfix: config.postfix causes too tight permission on main.cf
(bsc#1215372)
-------------------------------------------------------------------
Tue Aug 15 09:07:07 UTC 2023 - Peter Varkoly <varkoly@suse.com>
- CVE-2023-32182: postfix: config_postfix SUSE specific script
potentially bad /tmp file usage (bsc#1211196)
Use temp file created by mktemp
Accepting request 1091141 from home:adkorte:branches:server:mail - update to 3.8.1 * Optional: harden a Postfix SMTP server against remote SMTP clients that violate RFC 2920 (or 5321) command pipelining constraints. With "smtpd_forbid_unauth_pipelining = yes", the server disconnects a client immediately, after responding with "554 5.5.0 Error: SMTP protocol synchronization" and after logging "improper command pipelining" with the unexpected remote SMTP client input. This feature is disabled by default in Postfix 3.5-3.8 to avoid breaking home-grown utilities, but it is enabled by default in Postfix 3.9. A similar feature is enabled by default in the Exim SMTP server. * Optional: some OS distributions crank up TLS security to 11, and in doing so increase the number of plaintext email deliveries. This introduces basic OpenSSL configuration file support that may be used to override OS-level settings. Details are in the postconf(5) manpage under tls_config_file and tls_config_name. * Bugfix (defect introduced: Postfix 1.0): the command "postconf .. name=v1 .. name=v2 .." (multiple instances of the same parameter name) created multiple main.cf name=value entries with the same parameter name. It now logs a warning and skips the earlier name(s) and value(s). Found during code maintenance. * Bugfix (defect introduced: Postfix 3.3): the command "postconf -M name1/type1='name2 type2 ...'" died with a segmentation violation when the request matched multiple master.cf entries. The master.cf file was not damaged. Problem reported by SATOH Fumiyasu. * Bugfix (defect introduced: Postfix 2.11): the command "postconf -M name1/type1='name2 type2 ...'" could add a service definition to master.cf that conflicted with an already existing service definition. It now replaces all existing service definitions that match the service pattern 'name1/type1' or the service name and type in 'name2 type2 ...' with a single service definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu. * Bugfix (defect introduced: Postfix 3.8) the posttls-finger command could access uninitialized memory when reconnecting. This also fixes a malformed warning message when a destination contains ":service" information. Reported by Thomas Korbar. * Bugfix (defect introduced: Postfix 3.2): the MySQL client could return "not found" instead of "error" (for example, resulting in a 5XX SMTP status instead of 4XX) during the time that all MySQL server connections were turned down after error. Found during code maintenance. File: global/dict_mysql.c. This was already fixed in Postfix 3.4-3.7. - update to 3.8.1 * Optional: harden a Postfix SMTP server against remote SMTP clients that violate RFC 2920 (or 5321) command pipelining constraints. With "smtpd_forbid_unauth_pipelining = yes", the server disconnects a client immediately, after responding with "554 5.5.0 Error: SMTP protocol synchronization" and after logging "improper command pipelining" with the unexpected remote SMTP client input. This feature is disabled by default in Postfix 3.5-3.8 to avoid breaking home-grown utilities, but it is enabled by default in Postfix 3.9. A similar feature is enabled by default in the Exim SMTP server. * Optional: some OS distributions crank up TLS security to 11, and in doing so increase the number of plaintext email deliveries. This introduces basic OpenSSL configuration file support that may be used to override OS-level settings. Details are in the postconf(5) manpage under tls_config_file and tls_config_name. * Bugfix (defect introduced: Postfix 1.0): the command "postconf .. name=v1 .. name=v2 .." (multiple instances of the same parameter name) created multiple main.cf name=value entries with the same parameter name. It now logs a warning and skips the earlier name(s) and value(s). Found during code maintenance. * Bugfix (defect introduced: Postfix 3.3): the command "postconf -M name1/type1='name2 type2 ...'" died with a segmentation violation when the request matched multiple master.cf entries. The master.cf file was not damaged. Problem reported by SATOH Fumiyasu. * Bugfix (defect introduced: Postfix 2.11): the command "postconf -M name1/type1='name2 type2 ...'" could add a service definition to master.cf that conflicted with an already existing service definition. It now replaces all existing service definitions that match the service pattern 'name1/type1' or the service name and type in 'name2 type2 ...' with a single service definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu. * Bugfix (defect introduced: Postfix 3.8) the posttls-finger command could access uninitialized memory when reconnecting. This also fixes a malformed warning message when a destination contains ":service" information. Reported by Thomas Korbar. * Bugfix (defect introduced: Postfix 3.2): the MySQL client could return "not found" instead of "error" (for example, resulting in a 5XX SMTP status instead of 4XX) during the time that all MySQL server connections were turned down after error. Found during code maintenance. File: global/dict_mysql.c. This was already fixed in Postfix 3.4-3.7. OBS-URL: https://build.opensuse.org/request/show/1091141 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=456
2023-06-07 20:25:08 +02:00
-------------------------------------------------------------------
Tue Jun 6 18:37:03 UTC 2023 - Arjen de Korte <suse+build@de-korte.org>
- update to 3.8.1
* Optional: harden a Postfix SMTP server against remote SMTP
clients that violate RFC 2920 (or 5321) command pipelining
constraints. With "smtpd_forbid_unauth_pipelining = yes", the
server disconnects a client immediately, after responding with
"554 5.5.0 Error: SMTP protocol synchronization" and after
logging "improper command pipelining" with the unexpected remote
SMTP client input. This feature is disabled by default in Postfix
3.5-3.8 to avoid breaking home-grown utilities, but it is enabled
by default in Postfix 3.9. A similar feature is enabled by
default in the Exim SMTP server.
* Optional: some OS distributions crank up TLS security to 11,
and in doing so increase the number of plaintext email deliveries.
This introduces basic OpenSSL configuration file support that
may be used to override OS-level settings.
Details are in the postconf(5) manpage under tls_config_file
and tls_config_name.
* Bugfix (defect introduced: Postfix 1.0): the command "postconf
.. name=v1 .. name=v2 .." (multiple instances of the same
parameter name) created multiple main.cf name=value entries
with the same parameter name. It now logs a warning and skips
the earlier name(s) and value(s). Found during code maintenance.
* Bugfix (defect introduced: Postfix 3.3): the command "postconf
-M name1/type1='name2 type2 ...'" died with a segmentation
violation when the request matched multiple master.cf entries.
The master.cf file was not damaged. Problem reported by SATOH
Fumiyasu.
* Bugfix (defect introduced: Postfix 2.11): the command "postconf
-M name1/type1='name2 type2 ...'" could add a service definition
to master.cf that conflicted with an already existing service
definition. It now replaces all existing service definitions
that match the service pattern 'name1/type1' or the service
name and type in 'name2 type2 ...' with a single service
definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu.
* Bugfix (defect introduced: Postfix 3.8) the posttls-finger
command could access uninitialized memory when reconnecting.
This also fixes a malformed warning message when a destination
contains ":service" information. Reported by Thomas Korbar.
* Bugfix (defect introduced: Postfix 3.2): the MySQL client could
return "not found" instead of "error" (for example, resulting
in a 5XX SMTP status instead of 4XX) during the time that all
MySQL server connections were turned down after error. Found
during code maintenance. File: global/dict_mysql.c. This was
already fixed in Postfix 3.4-3.7.
-------------------------------------------------------------------
Thu May 4 11:23:41 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
- Add _multibuild to define 2nd spec file as additional flavor.
Eliminates the need for source package links in OBS.
Accepting request 1080180 from home:adkorte:branches:server:mail - update to 3.8.0 * Support to look up DNS SRV records in the Postfix SMTP/LMTP client, Based on code by Tomas Korbar (Red Hat). For example, with "use_srv_lookup = submission" and "relayhost = example.com:submission", the Postfix SMTP client will look up DNS SRV records for _submission._tcp.example.com, and will relay email through the hosts and ports that are specified with those records. * TLS obsolescence: Postfix now treats the "export" and "low" cipher grade settings as "medium". The "export" and "low" grades are no longer supported in OpenSSL 1.1.1, the minimum version required in Postfix 3.6.0 and later. Also, Postfix default settings now exclude deprecated or unused ciphers (SEED, IDEA, 3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms (DH, ECDH), and public key algorithm (DSS). * Attack resistance: the Postfix SMTP server can now aggregate smtpd_client_*_rate and smtpd_client_*_count statistics by network block instead of by IP address, to raise the bar against a memory exhaustion attack in the anvil(8) server; Postfix TLS support unconditionally disables TLS renegotiation in the middle of an SMTP connection, to avoid a CPU exhaustion attack. * The PostgreSQL client encoding is now configurable with the "encoding" Postfix configuration file attribute. The default is "UTF8". Previously the encoding was hard-coded as "LATIN1", which is not useful in the context of SMTP. * The postconf command now warns for #comment in or after a Postfix parameter value. Postfix programs do not support #comment after other text, and treat that as input. - rebase/refresh patches * pointer_to_literals.patch * postfix-linux45.patch * postfix-master.cf.patch * postfix-ssl-release-buffers.patch * set-default-db-type.patch OBS-URL: https://build.opensuse.org/request/show/1080180 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=454
2023-04-27 23:59:58 +02:00
-------------------------------------------------------------------
Tue Apr 18 18:14:49 UTC 2023 - Arjen de Korte <suse+build@de-korte.org>
- update to 3.8.0
* Support to look up DNS SRV records in the Postfix SMTP/LMTP
client, Based on code by Tomas Korbar (Red Hat). For example,
with "use_srv_lookup = submission" and "relayhost =
example.com:submission", the Postfix SMTP client will look up
DNS SRV records for _submission._tcp.example.com, and will relay
email through the hosts and ports that are specified with those
records.
* TLS obsolescence: Postfix now treats the "export" and "low"
cipher grade settings as "medium". The "export" and "low" grades
are no longer supported in OpenSSL 1.1.1, the minimum version
required in Postfix 3.6.0 and later. Also, Postfix default
settings now exclude deprecated or unused ciphers (SEED, IDEA,
3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms
(DH, ECDH), and public key algorithm (DSS).
* Attack resistance: the Postfix SMTP server can now aggregate
smtpd_client_*_rate and smtpd_client_*_count statistics by
network block instead of by IP address, to raise the bar against
a memory exhaustion attack in the anvil(8) server; Postfix TLS
support unconditionally disables TLS renegotiation in the middle
of an SMTP connection, to avoid a CPU exhaustion attack.
* The PostgreSQL client encoding is now configurable with the
"encoding" Postfix configuration file attribute. The default
is "UTF8". Previously the encoding was hard-coded as "LATIN1",
which is not useful in the context of SMTP.
* The postconf command now warns for #comment in or after a Postfix
parameter value. Postfix programs do not support #comment after
other text, and treat that as input.
- rebase/refresh patches
* pointer_to_literals.patch
* postfix-linux45.patch
* postfix-master.cf.patch
* postfix-ssl-release-buffers.patch
* set-default-db-type.patch
Accepting request 1067720 from home:ohollmann:branches:server:mail - update to 3.7.4 * Workaround: with OpenSSL 3 and later always turn on SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed opportunities for TLS session reuse. This is safe because the SMTP protocol implements application-level framing, and is therefore not affected by TLS truncation attacks. * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound handles for digest implementations. In sufficiently hostile configurations, Postfix could mistakenly believe that a digest algorithm is available, and fail when it is not. A similar workaround may be needed for EVP_get_cipherbyname(). * Bugfix (bug introduced in Postfix 2.11): the checkok() macro in tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate the argument only if there was no prior error. * Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation violation when postscreen_dnsbl_threshold < 1. It should reject such input with a fatal error instead. * Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions. * Portability: Linux 6 support. * Added missing documentation that cidr:, pcre: and regexp: tables support inline specification only in Postfix 3.7 and later. * Rebased postfix-linux45.patch - update to 3.7.4 * Workaround: with OpenSSL 3 and later always turn on SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed opportunities for TLS session reuse. This is safe because the SMTP protocol implements application-level framing, and is therefore not affected by TLS truncation attacks. * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound OBS-URL: https://build.opensuse.org/request/show/1067720 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=453
2023-03-06 15:29:24 +01:00
-------------------------------------------------------------------
Sat Feb 25 15:15:58 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- update to 3.7.4
* Workaround: with OpenSSL 3 and later always turn on
SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
opportunities for TLS session reuse. This is safe because the SMTP protocol
implements application-level framing, and is therefore not affected by TLS
truncation attacks.
* Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound
handles for digest implementations. In sufficiently hostile configurations,
Postfix could mistakenly believe that a digest algorithm is available, and
fail when it is not. A similar workaround may be needed for
EVP_get_cipherbyname().
* Bugfix (bug introduced in Postfix 2.11): the checkok() macro in
tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate
the argument only if there was no prior error.
* Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation
violation when postscreen_dnsbl_threshold < 1. It should reject such input
with a fatal error instead.
* Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions.
* Portability: Linux 6 support.
* Added missing documentation that cidr:, pcre: and regexp: tables support
inline specification only in Postfix 3.7 and later.
* Rebased postfix-linux45.patch
-------------------------------------------------------------------
Thu Feb 9 20:13:42 UTC 2023 - Peter Varkoly <varkoly@suse.com>
- SELinux: postfix denied to access /var/spool/postfix/pid/master.pid
(bsc#1207177) Apply proposed changes in postfix.service
- remove patch included into the source:
harden_postfix.service.patch
-------------------------------------------------------------------
Wed Jan 25 13:30:52 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
- Disable NIS support on Factory (deprecated and will be removed)
-------------------------------------------------------------------
Wed Jan 18 12:09:13 UTC 2023 - Hu <cathy.hu@suse.com>
- Fix SELinux labeling issue caused by /usr/sbin/config.postfix (bsc#1207227).
-------------------------------------------------------------------
Mon Nov 14 15:05:42 UTC 2022 - Peter Varkoly <varkoly@suse.com>
- postfix default main.cf myhostname default causes conflict
(bsc#1192173)
Use the postfix build in defaults for myhostname and mydestination
-------------------------------------------------------------------
Sun Oct 9 12:00:55 UTC 2022 - Michael Ströder <michael@stroeder.com>
- update to 3.7.3
* Fixed a bug where some messages were not delivered after
"warning: Unexpected record type 'X'. (bsc#1213515)
* Workaround: in a TLS server disable Postfix's 1-element internal session
cache, to work around an OpenSSL 3.0 regression that broke TLS handshakes.
* Code health: the fix for milter_header_checks (3.7.1, 3.6.6, 3.5.16, 3.4.26)
introduced a missing msg_panic() argument (in code that never executes).
* Code health: Postfix 3.3.0 introduced an uninitialized verify_append()
request status in case of a null original recipient address.
* Postfix 3.5.0 introduced debug logging noise in map_search_create().
-------------------------------------------------------------------
Tue Sep 6 09:17:20 UTC 2022 - Ludwig Nussel <lnussel@suse.de>
- own /var/spool/mail (boo#1179574)
-------------------------------------------------------------------
Thu Aug 4 19:09:34 UTC 2022 - chris@computersalat.de
- use correct source signature file (gpg2)
-------------------------------------------------------------------
Mon Jul 11 14:21:41 UTC 2022 - chris@computersalat.de
- update to 3.7.2
https://de.postfix.org/ftpmirror/official/postfix-3.7.2.RELEASE_NOTES
- rebase patches
* pointer_to_literals.patch
* postfix-linux45.patch
* postfix-main.cf.patch
* postfix-master.cf.patch
* postfix-no-md5.patch
* postfix-ssl-release-buffers.patch
* postfix-vda-v14-3.0.3.patch
* set-default-db-type.patch
- build against libpcre2
-------------------------------------------------------------------
Tue May 10 20:14:54 UTC 2022 - chris@computersalat.de
- remove *.swp from postfix-SUSE.tar.gz
-------------------------------------------------------------------
Tue May 3 20:16:49 UTC 2022 - chris@computersalat.de
- fix config.postfix 'hash' leftover with relay_recipients
- update postfix-main.cf.patch about
* smtp_tls_security_level (obsoletes smtp_use_tls, smtp_enforce_tls)
* smtpd_tls_security_level (obsoletes smtpd_use_tls, smtpd_enforce_tls)
- rebase/refresh patches
* harden_postfix.service.patch
* postfix-avoid-infinit-loop-if-no-permission.patch
* postfix-master.cf.patch
* postfix-vda-v14-3.0.3.patch
* set-default-db-type.patch
-------------------------------------------------------------------
Mon May 2 07:27:19 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
- Change ed requires to /usr/bin/ed: allow busybox-ed to be used
inside containers.
-------------------------------------------------------------------
Mon Apr 25 13:59:17 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
- add missing requires for config.postfix and the postfix
postinstall script: perl and ed
-------------------------------------------------------------------
Mon Apr 18 19:59:01 UTC 2022 - Michael Ströder <michael@stroeder.com>
- update to 3.6.6
* (problem introduced: Postfix 2.7) The milter_header_checks maps
are now opened before the cleanup(8) server enters the chroot
jail.
* In an internal client module, "host or service not found" was
a fatal error, causing the milter_default_action setting to be
ignored. It is now a non-fatal error, just like a failure to
connect.
* The proxy_read_maps default value was missing up to 27 parameter
names. The corresponding lookup tables were not automatically
authorized for use with the proxymap(8) service. The parameter
names were ending in _checks, _reply_footer, _reply_filter,
_command_filter, and _delivery_status_filter.
* (problem introduced: Postfix 3.0) With dynamic map loading
enabled, an attempt to create a map with "postmap regexp:path"
would result in a bogus error message "Is the postfix-regexp
package installed?" instead of "unsupported map type for this
operation". This happened with all non-dynamic map types (static,
cidr, etc.) that have no 'bulk create' support.
-------------------------------------------------------------------
Mon Apr 4 09:01:56 UTC 2022 - Peter Varkoly <varkoly@suse.com>
- config.postfix fails to set smtp_tls_security_level
(bsc#1192314)
-------------------------------------------------------------------
Tue Mar 29 10:12:29 UTC 2022 - Илья Индиго <ilya@ilya.cf>
- Refreshed spec-file via spec-cleaner and manual optimizated.
* Added -p flag to all install commands.
* Removed -f flag from all ln commands.
- Changed file harden_postfix.service.patch (boo#1191988).
-------------------------------------------------------------------
Fri Mar 18 20:29:34 UTC 2022 - Michael Ströder <michael@stroeder.com>
- update to 3.6.5
* Glibc 2.34 implements closefrom(). This was causing a conflict
with Postfix's implementation for systems that have no closefrom()
implementation.
* Support for Berkeley DB version 18.
- removed obsolete postfix-3.6.2-glibc-234-build-fix.patch
-------------------------------------------------------------------
Mon Mar 14 09:52:48 UTC 2022 - Peter Varkoly <varkoly@suse.com>
- Postfix on start don't run postalias /etc/postfix/aliases
(error open database /etc/postfix/aliases.lmdb). (bsc#1197041)
Apply proposed patch
-------------------------------------------------------------------
Wed Feb 9 09:22:41 UTC 2022 - Peter Varkoly <varkoly@suse.com>
- config.postfix can't handle symlink'd /etc/resolv.cof
(bsc#1195019)
Adapt proposed change: using "cp -afL" by copying.
-------------------------------------------------------------------
Tue Jan 18 23:32:41 UTC 2022 - Michael Ströder <michael@stroeder.com>
- Update to 3.6.4
* Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient
entries in postconf output. This was caused by an incomplete
fix to send SMTP session transcripts to $bounce_notice_recipient.
* Bug introduced in Postfix 3.0: the proxymap daemon did not
automatically authorize proxied maps inside pipemap (example:
pipemap:{proxy:maptype:mapname, ...}) or inside unionmap.
* Bug introduced in Postfix 2.5: off-by-one error while writing
a string terminator. This code passed all memory corruption
tests, presumably because it wrote over an alignment padding
byte, or over an adjacent character byte that was never read.
* The proxymap daemon did not automatically authorize map features
added after Postfix 3.3, caused by missing *_maps parameter
names in the proxy_read_maps default value. Found during code
maintenance.
-------------------------------------------------------------------
Mon Nov 8 10:26:56 UTC 2021 - Michael Ströder <michael@stroeder.com>
- Update to 3.6.3
* (problem introduced in Postfix 2.4, released in 2007): queue
file corruption after a Milter (for example, MIMEDefang) made
a request to replace the message body with a copy of that message
body plus additional text (for example, a SpamAssassin report).
* (problem introduced in Postfix 2.10, released in 2012): The
postconf "-x" option could produce incorrect output, because
multiple functions were implicitly sharing a buffer for
intermediate results. Problem report by raf, root cause analysis
by Viktor Dukhovni.
* (problem introduced in Postfix 2.11, released in 2013): The
check_ccert_access feature worked as expected, but produced a
spurious warning when Postfix was built without SASL support.
Fix by Brad Barden.
* Fix for a compiler warning due to a missing 'const' qualifier
when compiling Postfix with OpenSSL 3. Depending on compiler
settings this could cause the build to fail.
* The known_tcp_ports settings had no effect. It also wasn't fully
implemented. Problem report by Peter.
* Fix for missing space between a hostname and warning text.
-------------------------------------------------------------------
Fri Oct 22 09:45:40 UTC 2021 - Dirk Stoecker <opensuse@dstoecker.de>
- Ensure postfix can write to home directory or server side
filtering wont work (sieve)
-------------------------------------------------------------------
Fri Oct 22 08:46:19 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Ensure service can write to /etc/postfix
-------------------------------------------------------------------
Thu Oct 21 15:39:55 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service (bsc#1181400). Added
harden_postfix.service.patch
-------------------------------------------------------------------
Thu Oct 7 08:03:40 UTC 2021 - Peter Varkoly <varkoly@suse.com>
- config.postfix not updatet after lmdb switch
(bsc#1190945)
Adapt config.postfix
-------------------------------------------------------------------
Thu Aug 26 13:59:42 UTC 2021 - Peter Varkoly <varkoly@suse.com>
- postfix master.cf: to include "submissions" service
(bsc#1189684)
Adapt master.cf patch
-------------------------------------------------------------------
Tue Aug 24 09:55:42 UTC 2021 - Peter Varkoly <varkoly@suse.com>
- postfix fails with glibc 2.34
Define HAS_CLOSEFROM
(bsc#1189101)
add patch
- postfix-3.6.2-glibc-234-build-fix.patch
-------------------------------------------------------------------
Thu Aug 5 19:09:36 UTC 2021 - chris@computersalat.de
- fix config.postfix (follow up of bsc#1188477)
-------------------------------------------------------------------
Mon Jul 26 19:59:12 UTC 2021 - Peter Varkoly <varkoly@suse.com>
- Syntax error in config.postfix
(bsc#1188477)
-------------------------------------------------------------------
Sun Jul 25 23:22:23 UTC 2021 - Michael Ströder <michael@stroeder.com>
- Update to 3.6.2
* In Postfix 3.6, fixed a false "Result too large" (ERANGE) fatal
error in the compatibility_level parser, because there was no
'errno = 0' statement before an strtol() call.
* (problem introduced in Postfix 3.3) "Null pointer read" error
in the cleanup daemon when "header_from_format = standard" (the
default as of Postfix 3.3), and email was submitted with
/usr/sbin/sendmail without From: header, and an all-space full
name was specified in 1) the password file, 2) with "sendmail
-F", or 3) with the NAME environment variable. Found by Renaud
Metrich.
* (problem introduced in Postfix 2.4) False "too many reverse
jump" warnings in the showq daemon, because loop detection code
was comparing memory addresses instead of queue file names.
Reported by Mehmet Avcioglu.
* (problem introduced in 1999) The Postfix SMTP server was sending
all session transcripts to the error_notice_recipient (default:
postmaster), instead of sending transcripts of bounced mail to
the bounce_notice_recipient (default: postmaster). Reported by
Hans van Zijst.
* The texthash: map implementation broke tls_server_sni_maps,
because it did not support multi-file inputs. Reported by
Christopher Gurnee, who also found an instance of the missing
code in the "postmap -F" source code. File: util/dict_thash.c.
-------------------------------------------------------------------
Wed Jul 14 14:37:24 UTC 2021 - Peter Varkoly <varkoly@suse.com>
- spamd wants to start before mail-transfer-agent.target, but that target doesn't exist
(bsc#1066854)
-------------------------------------------------------------------
Tue Jul 6 22:23:17 UTC 2021 - Christian Wittmer <chris@computersalat.de>
- postfix-SUSE
* rework sysconfig.postfix, add
- POSTFIX_WITH_DKIM
- POSTFIX_DKIM_CONN
* rework config.postfix for main.cf
- with_dkim
- update postfix-main.cf.patch
* add OpenDKIM settings
-------------------------------------------------------------------
Wed Jun 23 22:28:52 UTC 2021 - Christian Wittmer <chris@computersalat.de>
- postfix-mysql
* add mysql_relay_recipient_maps.cf
- postfix-SUSE
* rework sysconfig.postfix, add
- POSTFIX_RELAY_RECIPIENTS
- POSTFIX_BACKUPMX
* add relay_recipients
* rework config.postfix for main.cf
- is_backupmx
- relay_recipient_maps
-------------------------------------------------------------------
Fri Jun 18 17:11:05 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Add now working CONFIG parameter to sysusers generator
- Remove unnecessary group line from postfix-vmail-user.conf
-------------------------------------------------------------------
Mon Jun 14 15:46:54 UTC 2021 - Michael Ströder <michael@stroeder.com>
- Update to 3.6.1
* Bugfix (introduced: Postfix 2.11): the command "postmap
lmdb:/file/name" (create LMDB database from textfile) handled
duplicate input keys ungracefully, discarding entries stored
up to and including the duplicate key, and causing a double
free() call with lmdb versions 0.9.17 and later. Reported by
Adi Prasaja; double free() root cause analysis by Howard Chu.
* Typo (introduced: Postfix 3.4): silent_discard should be
silent-discard in BDAT_README.
-------------------------------------------------------------------
Sun Jun 6 12:51:35 UTC 2021 - Christian Wittmer <chris@computersalat.de>
- fix postfix-master.cf.patch
* set correct indentation (again) for options of
- submission (needs 3 spaces)
- smtps (needs 4 spaces)
to make config.postfix work nicely again
-------------------------------------------------------------------
Wed Jun 2 00:26:36 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- Update to 3.6.0
- Major changes - internal protocol identification
Internal protocols have changed. You need to "postfix stop"
before updating, or before backing out to an earlier release,
otherwise long-running daemons (pickup, qmgr, verify, tlsproxy,
postscreen) may fail to communicate with the rest of Postfix,
causing mail delivery delays until Postfix is restarted.
For more see /usr/share/doc/packages/postfix/RELEASE_NOTES
- refreshed patches to apply cleanly again:
fix-postfix-script.patch
ipv6_disabled.patch
pointer_to_literals.patch
postfix-linux45.patch
postfix-main.cf.patch
postfix-master.cf.patch
postfix-no-md5.patch
postfix-ssl-release-buffers.patch
postfix-vda-v14-3.0.3.patch
set-default-db-type.patch
-------------------------------------------------------------------
Tue Jun 1 10:47:29 UTC 2021 - Peter Varkoly <varkoly@suse.com>
- (bsc#1186669) - postfix.service has "Requires=var-run.mount"
Remove bad requirements
-------------------------------------------------------------------
Mon Apr 12 09:00:22 UTC 2021 - Michael Ströder <michael@stroeder.com>
- Update to 3.5.10 with security fixes:
* Missing null pointer checks (introduced in Postfix 3.4) after
an internal I/O error during the smtp(8) to tlsproxy(8) handshake.
Found by Coverity, reported by Jaroslav Skarvada. Based on a
fix by Viktor Dukhovni.
* Null pointer bug (introduced in Postfix 3.0) and memory leak
(introduced in Postfix 3.4) after an inline: table syntax error
in main.cf or master.cf. Found by Coverity, reported by Jaroslav
Skarvada. Based on a fix by Viktor Dukhovni.
* Incomplete null pointer check (introduced: Postfix 2.10) after
truncated HaProxy version 1 handshake message. Found by Coverity,
reported by Jaroslav Skarvada. Fix by Viktor Dukhovni.
* Missing null pointer check (introduced: Postfix alpha) after
null argv[0] value.
-------------------------------------------------------------------
Wed Mar 10 15:12:11 UTC 2021 - Peter Varkoly <varkoly@suse.com>
- (bsc#1183305) - config.postfix uses db as suffix for postmaps
Depending on DEF_DB_TYPE uses lmdb or db
-------------------------------------------------------------------
Fri Mar 5 13:22:42 UTC 2021 - Peter Varkoly <varkoly@suse.com>
- (bsc#1182833) - /usr/share/fillup-templates/sysconfig.postfix
still refers to /etc/services
Use getent to detect if smtps is already defined.
-------------------------------------------------------------------
Fri Feb 5 17:51:49 UTC 2021 - Peter Varkoly <varkoly@suse.com>
- (bsc#1180473) [Build 20201230] postfix has invalid default config
(bsc#1181381) [Build 130.3] openQA test fails in mta, mutt -
postfix broken: "queue file write error" and "error: unsupported
dictionary type: hash"
Export DEF_DB_TYPE before starting the perl script.
-------------------------------------------------------------------
Wed Jan 27 15:14:50 UTC 2021 - Peter Varkoly <varkoly@suse.com>
- bsc#1180473 - [Build 20201230] postfix has invalid default config
Fixing config.postfix and sysconfig.postfix
-------------------------------------------------------------------
Mon Jan 25 10:28:26 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>
- Update to 3.5.9
* improves the reporting of DNSSEC problems that may affect
DANE security
-------------------------------------------------------------------
Thu Jan 7 12:26:08 UTC 2021 - Arjen de Korte <suse+build@de-korte.org>
- Only do the conversion from the hash/btree databases to lmdb when
the default database type changes from hash to lmdb and do not
stop and start the service (the old compiled databases can live
together with the new ones)
- convert-bdb-to-lmdb.sh
- Clean up the specfile
* Remove < 1330 conditional builds
* Use generated postfix-files instead of the obsolete one from
postfix-SUSE.tar.gz
* Use dynamicmaps.cf.d instead of modifying dynamicmaps.cf upon
(de)installation of optional mysql, pgsql and ldap subpackages
* Use default location for post-install, postfix-tls-script,
postfix-wrapper and postmulti-script
-------------------------------------------------------------------
Mon Jan 4 12:17:03 UTC 2021 - Peter Varkoly <varkoly@suse.com>
- Set lmdb to be the default db.
- Convert btree tables to lmdb too. Stop postfix before converting from
bdb to lmdb
- This package is without bdb support. That's why convert must be done
without any suse release condition.
o remove patch postfix-no-btree.patch
o add set-default-db-type.patch
-------------------------------------------------------------------
Fri Dec 25 20:32:04 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
- Set database type for address_verify_map and postscreen_cache_map
to lmdb (btree requires Berkeley DB)
o add postfix-no-btree.patch
-------------------------------------------------------------------
Fri Dec 25 10:28:30 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
- Set default database type to lmdb and fix update_postmaps script
-------------------------------------------------------------------
Thu Dec 24 14:09:32 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
- Use variable substition instead of sed to remove .db suffix and
substitute hash: for lmdb: in /etc/postfix/master.cf as well.
Check before substitution if there is something to do (to keep
rpmcheck happy).
-------------------------------------------------------------------
Tue Dec 8 13:36:35 UTC 2020 - Peter Varkoly <varkoly@suse.com>
- bsc#1176650 L3: What is regularly triggering the "fillup"
command and changing modify-time of /etc/sysconfig/postfix?
o Remove miss placed fillup_only call from %verifyscript
-------------------------------------------------------------------
Thu Nov 26 15:30:10 UTC 2020 - Peter Varkoly <varkoly@suse.com>
- Remove Berkeley DB dependency (JIRA#SLE-12191)
The pacakges postfix is build without Berkely DB support.
lmdb will be used instead of BDB.
The pacakges postfix-bdb is build with Berkely DB support.
o add patch for main.cf for postfix-bdb package
postfix-bdb-main.cf.patch
-------------------------------------------------------------------
Sun Nov 8 20:59:23 UTC 2020 - Michael Ströder <michael@stroeder.com>
- Update to 3.5.8
* The Postfix SMTP client inserted <CR><LF> into message headers longer
than $line_length_limit (default: 2048), causing all subsequent header
content to become message body content.
* The postscreen daemon did not save a copy of the
postscreen_dnsbl_reply_map lookup result. This has no effect when the
recommended texthash: look table is used, but it could result in stale
data with other lookup tables.
* After deleting a recipient with a Milter, the Postfix recipient
duplicate filter was not updated; the filter suppressed requests
to add the recipient back.
* Memory leak: the static: maps did not free their casefolding buffer.
* With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a
TLS handshake, after processing an XCLIENT command.
* The smtp_sasl_mechanism_filter implementation ignored table lookup
errors, treating them as 'not found'.
* The code that looks for Delivered-To: headers ignored headers longer
than $line_length_limit (default: 2048).
-------------------------------------------------------------------
Mon Aug 31 13:38:04 UTC 2020 - Michael Ströder <michael@stroeder.com>
- Update to 3.5.7
* Fixed random certificate verification failures with
"smtp_tls_connection_reuse = yes", because tlsproxy(8) was using
the wrong global TLS context for connections that use DANE or
non-DANE trust anchors.
-------------------------------------------------------------------
Tue Aug 25 13:54:40 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Move ldap into an own sub-package like all other databases
- Move manual pages to correct sub-package
-------------------------------------------------------------------
Fri Aug 21 08:44:22 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Use sysusers.d to create system accounts
- Remove wrong %config for systemd directory content
-------------------------------------------------------------------
Sun Aug 9 06:55:01 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
- Use the correct signature file for source verification
- Rename postfix-3.5.6.tar.gz.sig to postfix-3.5.6.tar.gz.asc (to
prevent confusion, as the signature file from upstream with .sig
extension is incompatible with the build service)
-------------------------------------------------------------------
Sun Jul 26 21:22:39 UTC 2020 - Michael Ströder <michael@stroeder.com>
- Update to 3.5.6 with following fixes:
* Workaround for unexpected TLS interoperability problems when Postfix
runs on OS distributions with system-wide OpenSSL configurations.
* Memory leaks in the Postfix TLS library, the largest one
involving multiple kBytes per peer certificate.
-------------------------------------------------------------------
Thu Jul 16 20:42:19 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
- Add source verification (add postfix.keyring)
-------------------------------------------------------------------
Fri Jul 3 14:06:53 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Use systemd_ordering instead of systemd_require.
- Move /etc/postfix/system to /usr/lib/postfix/systemd [bsc#1173688]
- Drop /var/adm/SuSEconfig from %post, it does nothing.
- Rename postfix-SuSE to postfix-SUSE
- Delete postfix-SUSE/README.SuSE, company name spelled wrong,
completly outdated and not used.
- Delete postfix-SUSE/SPAMASSASSIN+POSTFIX.SuSE, company name
spelled wrong, outdated and not used.
- sysconfig.mail-postfix: Fix description of MAIL_CREATE_CONFIG,
SuSEconfig is gone since ages.
- update_chroot.systemd: Remove advice to run SuSEconfig.
- Remove rc.postfix, not used, outdated.
- mkpostfixcert: Remove advice to run SuSEconfig.
-------------------------------------------------------------------
Mon Jun 29 18:44:13 UTC 2020 - Michael Ströder <michael@stroeder.com>
- Update to 3.5.4:
* The connection_reuse attribute in smtp_tls_policy_maps always
resulted in an "invalid attribute name" error.
* SMTP over TLS connection reuse always failed for Postfix SMTP
client configurations that specify explicit trust anchors (remote
SMTP server certificates or public keys).
* The Postfix SMTP client's DANE implementation would always send
an SNI option with the name in a destination's MX record, even
if the MX record pointed to a CNAME record. MX records that
point to CNAME records are not conformant with RFC5321, and so
are rare.
Based on the DANE survey of ~2 million hosts it was found that
with the corrected SMTP client behavior, sending SNI with the
CNAME-expanded name, the SMTP server would not send a different
certificate. This fix should therefore be safe.
-------------------------------------------------------------------
Mon Jun 15 16:09:57 UTC 2020 - Michael Ströder <michael@stroeder.com>
- Update to 3.5.3:
* TLS handshake failure in the Postfix SMTP server during SNI
processing, after the server-side TLS engine sent a TLSv1.3
HelloRetryRequest (HRR) to a remote SMTP client.
* The command "postfix tls deploy-server-cert" did not handle a
missing optional argument. This bug was introduced in Postfix
3.1.
-------------------------------------------------------------------
Sun May 17 19:57:57 UTC 2020 - Michael Ströder <michael@stroeder.com>
- Update to 3.5.2:
* A TLS error for a database client caused a false 'lost connection'
error for an SMTP over TLS session in the same Postfix process.
This bug was introduced with Postfix 2.2.
* The same bug existed in the tlsproxy(8) daemon, where a TLS
error for one TLS session could cause a false 'lost connection'
error for a concurrent TLS session in the same process. This
bug was introduced with Postfix 2.8.
* The Postfix build now disables DANE support on Linux systems
with libc-musl such as Alpine, because libc-musl provides no
indication whether DNS responses are authentic. This broke DANE
support without a clear explanation.
* Due to implementation changes in the ICU library, some Postfix
daemons reported file access errrors (U_FILE_ACCESS_ERROR) after
chroot(). This was fixed by initializing the ICU library before
making the chroot() call.
* Minor code changes to silence a compiler that special-cases
string literals.
* Segfault (null pointer) in the tlsproxy(8) client role when the
server role was disabled. This typically happened on systems
that do not receive mail, after configuring connection reuse
for outbound SMTP over TLS.
* The date portion of the maillog_file_rotate_suffix default value
used the minute (%M) instead of the month (%m).
-------------------------------------------------------------------
Mon May 11 20:07:40 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
- boo#1106004 fix incorrect locations for files in postfix-files
-------------------------------------------------------------------
Sun Apr 19 10:22:12 UTC 2020 - Michael Ströder <michael@stroeder.com>
- Dropped deprecated-RES_INSECURE1.patch to make DNSSEC-secured
lookups and DANE mail transport work again
- Update to 3.5.1:
* Support for the haproxy v2 protocol. The Postfix implementation
supports TCP over IPv4 and IPv6, as well as non-proxied
connections; the latter are typically used for heartbeat tests.
* Support to force-expire email messages. This introduces new
postsuper(1) command-line options to request expiration, and
additional information in mailq(1) or postqueue(1) output.
* The Postfix SMTP and LMTP client support a list of nexthop
destinations separated by comma or whitespace. These destinations
will be tried in the specified order.
* Incompatible changes:
* Logging: Postfix daemon processes now log the from= and to=
addresses in external (quoted) form in non-debug logging (info,
warning, etc.). This means that when an address localpart
contains spaces or other special characters, the localpart will
be quoted, for example:
from=<"name with spaces"@example.com>
Specify "info_log_address_format = internal" for backwards compatibility.
* Postfix now normalizes IP addresses received with XCLIENT,
XFORWARD, or with the HaProxy protocol, for consistency with
direct connections to Postfix. This may change the appearance
of logging, and the way that check_client_access will match
subnets of an IPv6 address.
-------------------------------------------------------------------
Fri Mar 13 14:29:32 UTC 2020 - Michael Ströder <michael@stroeder.com>
- Update to 3.4.10:
* Bug (introduced: Postfix 2.3): Postfix Milter client state
was not properly reset after one Milter in a multi-Milter
configuration failed during MAIL FROM, resulting in a Postfix
Milter client panic during the next MAIL FROM command in the
same SMTP session.
-------------------------------------------------------------------
Fri Feb 7 17:07:39 UTC 2020 - Peter Varkoly <varkoly@suse.com>
- bsc#1162891 server:mail/postfix: cond_slp bug on TW after
moving /etc/services to /usr/etc/services
-------------------------------------------------------------------
Wed Feb 5 12:27:07 UTC 2020 - Peter Varkoly <varkoly@suse.com>
- bsc#1160413 postfix fails with -fno-common
-------------------------------------------------------------------
Mon Feb 3 12:31:48 UTC 2020 - Michael Ströder <michael@stroeder.com>
- Update to 3.4.9:
* Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were
broken while adding support for negative DNS response caching
in postscreen. Postfix was inadvertently changed to call
res_query() instead of res_search().
* Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro
overrides from a Milter application. Postfix now evaluates the
Milter macros for an SMTP CONNECT event after the Postfix-to-Milter
connection is negotiated.
* Bug (introduced: Postfix 3.0): sanitize (remote) server responses
before storing them in the verify database, to avoid Postfix
warnings about malformed UTF8. Found during code maintenance.
-------------------------------------------------------------------
Wed Nov 27 19:55:30 UTC 2019 - Michael Ströder <michael@stroeder.com>
- Update to 3.4.8:
* Fix for an Exim interoperability problem when postscreen after-220
checks are enabled. Bug introduced in Postfix 3.4: the code
that detected "PIPELINING after BDAT" looked at the wrong
variable. The warning now says "BDAT without valid RCPT", and
the error is no longer treated as a command PIPELINING error,
thus allowing mail to be delivered. Meanwhile, Exim has been
fixed to stop sending BDAT commands when postscreen rejects all
RCPT commands.
* Usability bug, introduced in Postfix 3.4: the parser for
key/certificate chain files rejected inputs that contain an EC
PARAMETERS object. While this is technically correct (the
documentation says what types are allowed) this is surprising
behavior because the legacy cert/key parameters will accept
such inputs. For now, the parser skips object types that it
does not know about for usability, and logs a warning because
ignoring inputs is not kosher.
* Bug introduced in Postfix 2.8: don't gratuitously enable all
after-220 tests when only one such test is enabled. This made
selective tests impossible with 'good' clients. This will be
fixed in older Postfix versions at some later time.
-------------------------------------------------------------------
Tue Sep 24 07:59:04 UTC 2019 - Martin Liška <mliska@suse.cz>
- Backport deprecated-RES_INSECURE1.patch in order to fix
boo#1149705.
-------------------------------------------------------------------
Sun Sep 22 16:45:39 UTC 2019 - Michael Ströder <michael@stroeder.com>
- Update to 3.4.7:
* Robustness: the tlsproxy(8) daemon could go into a loop, logging
a flood of error messages. Problem reported by Andreas Schulze
after enabling SMTP/TLS connection reuse.
* Workaround: OpenSSL changed an SSL_Shutdown() non-error result
value into an error result value, causing logfile noise.
* Configuration: the new 'TLS fast shutdown' parameter name was
implemented incorrectly. The documentation said
"tls_fast_shutdown_enable", but the code said "tls_fast_shutdown".
This was fixed by changing the code, because no-one is expected
to override the default.
* Performance: workaround for poor TCP loopback performance on
LINUX, where getsockopt(..., TCP_MAXSEG, ...) reports a bogus
TCP maximal segment size that is 1/2 to 1/3 of the real MSS.
To avoid client-side Nagle delays or server-side delayed ACKs
caused by multiple smaller-than-MSS writes, Postfix chooses a
VSTREAM buffer size that is a small multiple of the reported
bogus MSS. This workaround increases the multiplier from 2x to
4x.
* Robustness: the Postfix Dovecot client could segfault (null
pointer read) or cause an SMTP server assertion to fail when
talking to a fake Dovecot server. The Postfix Dovecot client
now logs a proper error instead.
-------------------------------------------------------------------
Thu Sep 19 06:20:48 UTC 2019 - Peter Varkoly <varkoly@suse.com>
- bsc#1120757 L3: File Permissions->Paranoid can cause a system hang
Break loop if postfix has no permission in spool directory.
- add postfix-avoid-infinit-loop-if-no-permission.patch
-------------------------------------------------------------------
Fri Aug 9 14:50:12 UTC 2019 - chris@computersalat.de
- fix for boo#1144946
mydestination - missing default localhost
* update config.postfix
-------------------------------------------------------------------
Fri Jul 26 08:26:07 UTC 2019 - Peter Varkoly <varkoly@suse.com>
- bsc#1142881 - mkpostfixcert from Postfix still uses md
-------------------------------------------------------------------
Thu Jul 25 12:38:43 UTC 2019 - matthias.gerstner@suse.com
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
firewalld, see [1].
[1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
-------------------------------------------------------------------
Sun Jul 21 23:54:34 UTC 2019 - chris@computersalat.de
- update example POSTFIX_BASIC_SPAM_PREVENTION: permit_mynetworks for
* POSTFIX_SMTPD_HELO_RESTRICTIONS
* POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS
- fix for: Can't connect to local MySQL server through socket
'/run/mysql/mysql.sock'
* update config.postfix
* update update_chroot.systemd
-------------------------------------------------------------------
Wed Jul 3 08:43:58 UTC 2019 - Michael Ströder <michael@stroeder.com>
- Update to 3.4.6:
* Workaround for implementations that hang Postfix while shutting
down a TLS session, until Postfix times out. With
"tls_fast_shutdown_enable = yes" (the default), Postfix no
longer waits for the TLS peer to respond to a TLS 'close'
request. This is recommended with TLSv1.0 and later.
* Fixed a too-strict censoring filter that broke multiline Milter
responses for header/body events. Problem report by Andreas
Thienemann.
* The code to reset Postfix SMTP server command counts was not
called after a HaProxy handshake failure, causing stale numbers
to be reported. Problem report by Joseph Ward.
* postconf(5) documentation: tlsext_padding is not a tls_ssl_options
feature.
* smtp(8) documentation: updated the BUGS section text about
Postfix support to reuse open TLS connections.
* Portability: added "#undef sun" to util/unix_dgram_connect.c.
-------------------------------------------------------------------
Wed Jun 26 13:52:30 UTC 2019 - Peter Varkoly <varkoly@suse.com>
- Ensure that postfix is member of all groups as before.
-------------------------------------------------------------------
Wed Jun 12 14:30:34 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
shortcut the build queues by allowing usage of systemd-mini
-------------------------------------------------------------------
Thu Jun 6 09:29:34 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Drop the omc config fate#301838:
* it is obsolete since SLE11
-------------------------------------------------------------------
Wed May 8 09:27:51 UTC 2019 - Peter Varkoly <varkoly@suse.com>
- bsc#1104543 config.postfix does not start tlsmgr in master.cf
when using POSTFIX_SMTP_TLS_CLIENT="must". Applyed the proposed
patch.
-------------------------------------------------------------------
Sun Mar 31 09:08:58 UTC 2019 - Michael Ströder <michael@stroeder.com>
- Update to 3.4.5:
Bugfix (introduced: Postfix 3.0): LMTP connections over
UNIX-domain sockets were cached but not reused, due to a
cache lookup key mismatch. Therefore, idle cached connections
could exhaust LMTP server resources, resulting in two-second
pauses between email deliveries. This problem was investigated
by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
-------------------------------------------------------------------
Accepting request 686001 from home:varkoly:branches:server:mail - Update to 3.4.4 o Incompatible changes - The Postfix SMTP server announces CHUNKING (BDAT command) by default. In the unlikely case that this breaks some important remote SMTP client, disable the feature as follows: /etc/postfix/main.cf: # The logging alternative: smtpd_discard_ehlo_keywords = chunking # The non-logging alternative: smtpd_discard_ehlo_keywords = chunking, silent_discard - This introduces a new master.cf service 'postlog' with type 'unix-dgram' that is used by the new postlogd(8) daemon. Before backing out to an older Postfix version, edit the master.cf file and remove the postlog entry. - Postfix 3.4 drops support for OpenSSL 1.0.1 - To avoid performance loss under load, the tlsproxy(8) daemon now requires a zero process limit in master.cf (this setting is provided with the default master.cf file). By default, a tlsproxy(8) process will retire after several hours. - To set the tlsproxy process limit to zero: postconf -F tlsproxy/unix/process_limit=0 postfix reload o Major changes - Postfix SMTP server support for RFC 3030 CHUNKING (the BDAT command) without BINARYMIME, in both smtpd(8) and postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions, and smtpd_proxy_filter. See BDAT_README for more. - Support for logging to file or stdout, instead of using syslog. - Logging to file solves a usability problem for MacOS, and OBS-URL: https://build.opensuse.org/request/show/686001 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=328
2019-03-30 18:47:38 +01:00
Mon Mar 18 09:56:11 UTC 2019 - Peter Varkoly <varkoly@suse.com>
- Update to 3.4.4
o Incompatible changes
- The Postfix SMTP server announces CHUNKING (BDAT
command) by default. In the unlikely case that this breaks some
important remote SMTP client, disable the feature as follows:
Accepting request 686001 from home:varkoly:branches:server:mail - Update to 3.4.4 o Incompatible changes - The Postfix SMTP server announces CHUNKING (BDAT command) by default. In the unlikely case that this breaks some important remote SMTP client, disable the feature as follows: /etc/postfix/main.cf: # The logging alternative: smtpd_discard_ehlo_keywords = chunking # The non-logging alternative: smtpd_discard_ehlo_keywords = chunking, silent_discard - This introduces a new master.cf service 'postlog' with type 'unix-dgram' that is used by the new postlogd(8) daemon. Before backing out to an older Postfix version, edit the master.cf file and remove the postlog entry. - Postfix 3.4 drops support for OpenSSL 1.0.1 - To avoid performance loss under load, the tlsproxy(8) daemon now requires a zero process limit in master.cf (this setting is provided with the default master.cf file). By default, a tlsproxy(8) process will retire after several hours. - To set the tlsproxy process limit to zero: postconf -F tlsproxy/unix/process_limit=0 postfix reload o Major changes - Postfix SMTP server support for RFC 3030 CHUNKING (the BDAT command) without BINARYMIME, in both smtpd(8) and postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions, and smtpd_proxy_filter. See BDAT_README for more. - Support for logging to file or stdout, instead of using syslog. - Logging to file solves a usability problem for MacOS, and OBS-URL: https://build.opensuse.org/request/show/686001 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=328
2019-03-30 18:47:38 +01:00
/etc/postfix/main.cf:
# The logging alternative:
smtpd_discard_ehlo_keywords = chunking
# The non-logging alternative:
smtpd_discard_ehlo_keywords = chunking, silent_discard
- This introduces a new master.cf service 'postlog'
with type 'unix-dgram' that is used by the new postlogd(8) daemon.
Before backing out to an older Postfix version, edit the master.cf
file and remove the postlog entry.
- Postfix 3.4 drops support for OpenSSL 1.0.1
- To avoid performance loss under load, the
tlsproxy(8) daemon now requires a zero process limit in master.cf
(this setting is provided with the default master.cf file). By
default, a tlsproxy(8) process will retire after several hours.
- To set the tlsproxy process limit to zero:
postconf -F tlsproxy/unix/process_limit=0
postfix reload
o Major changes
Accepting request 686001 from home:varkoly:branches:server:mail - Update to 3.4.4 o Incompatible changes - The Postfix SMTP server announces CHUNKING (BDAT command) by default. In the unlikely case that this breaks some important remote SMTP client, disable the feature as follows: /etc/postfix/main.cf: # The logging alternative: smtpd_discard_ehlo_keywords = chunking # The non-logging alternative: smtpd_discard_ehlo_keywords = chunking, silent_discard - This introduces a new master.cf service 'postlog' with type 'unix-dgram' that is used by the new postlogd(8) daemon. Before backing out to an older Postfix version, edit the master.cf file and remove the postlog entry. - Postfix 3.4 drops support for OpenSSL 1.0.1 - To avoid performance loss under load, the tlsproxy(8) daemon now requires a zero process limit in master.cf (this setting is provided with the default master.cf file). By default, a tlsproxy(8) process will retire after several hours. - To set the tlsproxy process limit to zero: postconf -F tlsproxy/unix/process_limit=0 postfix reload o Major changes - Postfix SMTP server support for RFC 3030 CHUNKING (the BDAT command) without BINARYMIME, in both smtpd(8) and postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions, and smtpd_proxy_filter. See BDAT_README for more. - Support for logging to file or stdout, instead of using syslog. - Logging to file solves a usability problem for MacOS, and OBS-URL: https://build.opensuse.org/request/show/686001 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=328
2019-03-30 18:47:38 +01:00
- Postfix SMTP server support for RFC 3030 CHUNKING
(the BDAT command) without BINARYMIME, in both smtpd(8) and
postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions,
and smtpd_proxy_filter. See BDAT_README for more.
- Support for logging to file or stdout, instead of using syslog.
- Logging to file solves a usability problem for MacOS, and
eliminates multiple problems with systemd-based systems.
- Logging to stdout is useful when Postfix runs in a container, as
it eliminates a syslogd dependency.
- Better handling of undocumented(!) Linux behavior
whether or not signals are delivered to a PID=1 process.
- Support for (key, list of filenames) in map source text.
Currently, this feature is used only by tls_server_sni_maps.
- Automatic retirement: dnsblog(8) and tlsproxy(8) process
will now voluntarily retire after after max_idle*max_use, or some
sane limit if either limit is disabled. Without this, a process
could stay busy for days or more.
- Postfix SMTP client support for multiple deliveries
per TLS-encrypted connection. This is primarily to improve mail
delivery performance for destinations that throttle clients when
they don't combine deliveries.
This feature is enabled with "smtp_tls_connection_reuse=yes" in
main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps.
It supports all Postfix TLS security levels including dane and
dane-only.
- SNI support in the Postfix SMTP server, the
Postfix SMTP client, and in the tlsproxy(8) daemon (both server and
client roles). See the postconf(5) documentation for the new
tls_server_sni_maps and smtp_tls_servername parameters.
- Support for files that contain multiple (key, certificate, trust chain)
instances. This was required to implement
server-side SNI table lookups, but it also eliminates the need for
separate cert/key files for RSA, DSA, Elliptic Curve, and so on.
- Support for smtpd_reject_footer_maps (as well as the postscreen
variant postscreen_reject_footer_maps) for more informative reject
messages. This is indexed with the Postfix SMTP server response
text, and overrides the footer specified with smtpd_reject_footer.
One will want to use a pcre: or regexp: map with this.
o Bugfixes
- Andreas Schulze discovered that reject_multi_recipient_bounce
was producing false rejects with BDAT commands. This problem
already existed with Postfix 2.2 smtpd_end_of_data_restrictons.
Postfix 3.4.4 fixes both.
Accepting request 686001 from home:varkoly:branches:server:mail - Update to 3.4.4 o Incompatible changes - The Postfix SMTP server announces CHUNKING (BDAT command) by default. In the unlikely case that this breaks some important remote SMTP client, disable the feature as follows: /etc/postfix/main.cf: # The logging alternative: smtpd_discard_ehlo_keywords = chunking # The non-logging alternative: smtpd_discard_ehlo_keywords = chunking, silent_discard - This introduces a new master.cf service 'postlog' with type 'unix-dgram' that is used by the new postlogd(8) daemon. Before backing out to an older Postfix version, edit the master.cf file and remove the postlog entry. - Postfix 3.4 drops support for OpenSSL 1.0.1 - To avoid performance loss under load, the tlsproxy(8) daemon now requires a zero process limit in master.cf (this setting is provided with the default master.cf file). By default, a tlsproxy(8) process will retire after several hours. - To set the tlsproxy process limit to zero: postconf -F tlsproxy/unix/process_limit=0 postfix reload o Major changes - Postfix SMTP server support for RFC 3030 CHUNKING (the BDAT command) without BINARYMIME, in both smtpd(8) and postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions, and smtpd_proxy_filter. See BDAT_README for more. - Support for logging to file or stdout, instead of using syslog. - Logging to file solves a usability problem for MacOS, and OBS-URL: https://build.opensuse.org/request/show/686001 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=328
2019-03-30 18:47:38 +01:00
-------------------------------------------------------------------
Tue Mar 5 13:21:35 UTC 2019 - Jiri Slaby <jslaby@suse.com>
- postfix-linux45.patch: support also newer kernels -- pretend
we are still at kernel 3. Note that there are no conditionals for
LINUX3 or LINUX4. And LINUX5 was generated, but not tested in the
code which caused build failures.
-------------------------------------------------------------------
Mon Mar 4 14:43:05 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
- skip set -x and fix version update changes entry
-------------------------------------------------------------------
Sat Mar 2 19:26:21 UTC 2019 - Michael Ströder <michael@stroeder.com>
- Update to 3.3.3
* When the master daemon runs with PID=1 (init mode), it will now
reap child processes from non-Postfix code running in the same
container, instead of terminating with a panic.
* Bugfix (introduced: postfix-2.11): with posttls-finger,
connections to unix-domain servers always resulted in "Failed
to establish session" even after a connection was established.
Jaroslav Skarva. File: posttls-finger/posttls-finger.c.
* Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes,
table lookups could casefold the search string when searching
a lookup table that does not use fixed-string keys (regexp,
pcre, tcp, etc.). Historically, Postfix would not case-fold
the search string with such tables. File: util/dict_utf8.c.
-------------------------------------------------------------------
Fri Mar 1 16:23:13 UTC 2019 - Reinhard Max <max@suse.com>
- PostrgeSQL's pg_config is meant for linking server extensions,
use libpq's pkg-config instead, if available.
This is needed to fix build with PostgreSQL 11.
-------------------------------------------------------------------
Thu Feb 7 18:22:14 UTC 2019 - chris@computersalat.de
- rework config.postfix
* disable commenting of smtpd_sasl_path/smtpd_sasl_type
no need to comment, cause it is set to default anyway
and 'uncommenting' would place it at end of file then
which is not wanted
-------------------------------------------------------------------
Sat Jan 26 19:28:02 UTC 2019 - chris@computersalat.de
- rework postfix-main.cf.patch
* disable virtual_alias_domains cause (default: $virtual_alias_maps)
- rework config.postfix
* disable PCONF of virtual_alias_domains
virtual_alias_maps will be set anyway to the correct value
* extend virtual_alias_maps with
- mysql_virtual_alias_domain_maps.cf
- mysql_virtual_alias_domain_catchall_maps.cf
- rework postfix-mysql, added
* mysql_virtual_alias_domain_maps.cf
* mysql_virtual_alias_domain_catchall_maps.cf
needed for reject_unverified_recipient
-------------------------------------------------------------------
Thu Dec 13 10:20:31 UTC 2018 - malte.kraus@suse.com
- binary hardening: link with full RELRO
-------------------------------------------------------------------
Sun Nov 25 10:18:07 UTC 2018 - Michael Ströder <michael@stroeder.com>
- Update to 3.3.2
* Support for OpenSSL 1.1.1 and TLSv1.3.
* Bugfixes:
- smtpd_discard_ehlo_keywords could not disable "SMTPUTF8", because
some lookup table was using "EHLO_MASK_SMTPUTF8" instead.
- minor memory leak in DANE support when minting issuer certs.
- The Postfix build did not abort if the m4 command was not installed,
resulting in a broken postconf command.
-------------------------------------------------------------------
Sat Nov 24 17:08:30 UTC 2018 - chris@computersalat.de
- add POSTFIX_RELAY_DOMAINS
* more flexibility to add to relay_domains without breaking
config.postfix
* rework restriction examples in sysconf.postfix
based on postfix-buch.com (2. edtion by Hildebrandt, Koetter)
- disable weak cipher: RC4
after check with https://ssl-tools.net/mailservers
-------------------------------------------------------------------
Mon Oct 22 13:00:03 UTC 2018 - chris@computersalat.de
- update config.postfix
* don't reject mail from authenticated users even if
reject_unknown_client_hostname would match,
add permit_sasl_authenticated to all restrictions
requires smtpd_delay_reject = yes
- update postfix-main.cf.patch
* recover removed setting smtpd_sasl_path and smtpd_sasl_type,
set to default value
config.postfix will not 'enable' (remove #) var, but place
modified (enabled) var at end of file, far away from place
where it should be
- rebase patches
* fix-postfix-script.patch
* postfix-vda-v14-3.0.3.patch
* postfix-linux45.patch
* postfix-master.cf.patch
* pointer_to_literals.patch
* postfix-no-md5.patch
-------------------------------------------------------------------
Thu Oct 4 12:51:32 UTC 2018 - varkoly@suse.com
- bsc#1092939 - Postfixes postconf gives a lot of LDAP related warnings
o add m4 as buildrequires, as proposed.
-------------------------------------------------------------------
Mon Aug 27 09:38:29 UTC 2018 - tchvatal@suse.com
- Add zlib-devel as buildrequires, previously included from
openssl-devel
-------------------------------------------------------------------
Fri May 25 11:19:22 UTC 2018 - varkoly@suse.com
- bsc#1087471 Unreleased Postfix update breaks SUSE Manager
o Removing setting smtpd_sasl_path and smtpd_sasl_type to empty
-------------------------------------------------------------------
Mon May 21 16:31:57 UTC 2018 - michael@stroeder.com
- Update to 3.3.1
* Postfix did not support running as a PID=1 process, which
complicated Postfix deployment in containers. The "postfix
start-fg" command will now run the Postfix master daemon as a
PID=1 process if possible. Thanks for inputs from Andreas
Schulze, Eray Aslan, and Viktor Dukhovni.
* Segfault in the postconf(1) command after it could not open a
Postfix database configuration file due to a file permission
error (dereferencing a null pointer). Reported by Andreas
Hasenack, fixed by Viktor Dukhovni.
* The luser_relay feature became a black hole, when the luser_relay
parameter was set to a non-existent local address (i.e. mail
disappeared silently). Reported by J?rgen Thomsen.
* Missing error propagation in the tlsproxy(8) daemon could result
in a segfault after TLS handshake error (dereferencing a
0xffff...ffff pointer). This daemon handles the TLS protocol
when a non-whitelisted client sends a STARTTLS command to
postscreen(8).
-------------------------------------------------------------------
Wed May 9 09:02:12 UTC 2018 - lnussel@suse.de
- remove pre-requirements on sysvinit(network) and sysvinit(syslog).
There seems to be no good reason for that other than blowing up
the dependencies (bsc#1092408).
-------------------------------------------------------------------
Mon Apr 9 09:32:56 UTC 2018 - adam.majer@suse.de
- bsc#1071807 postfix-SuSE/config.postfix: only reload postfix
if the actual service is running. This prevents spurious
and irrelevant error messages in system logs.
-------------------------------------------------------------------
Thu Mar 22 14:20:20 UTC 2018 - varkoly@suse.com
- bsc#1082514 autoyast: postfix gets not set myhostname properly -
set to localhost
Accepting request 585926 from home:13ilya:branches:server:mail - Refresh spec-file via spec-cleaner and manual optinizations. * Add %license macro. * Set license to IPL-1.0 OR EPL-2.0. - Update to 3.3.0 * http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.0.RELEASE_NOTES * Dual license: in addition to the historical IBM Public License 1.0, Postfix is now also distributed with the more recent Eclipse Public License 2.0. Recipients can choose to take the software under the license of their choice. Those who are more comfortable with the IPL can continue with that license. * The postconf command now warns about unknown parameter names in a Postfix database configuration file. As with other unknown parameter names, these warnings can help to find typos early. * Container support: Postfix 3.3 will run in the foreground with "postfix start-fg". This requires that Postfix multi-instance support is disabled (the default). To collect Postfix syslog information on the container's host, mount the host's /dev/log socket into the container, for example with "docker run -v /dev/log:/dev/log ...other options...", and specify a distinct Postfix syslog_name setting in the container (for example with "postconf syslog_name=the-name-here"). * Milter support: applications can now send RET and ENVID parameters in SMFIR_CHGFROM (change envelope sender) requests. * Postfix-generated From: headers with 'full name' information are now formatted as "From: name <address>" by default. Specify "header_from_format = obsolete" to get the earlier form "From: address (name)". * Interoperability: when Postfix IPv6 and IPv4 support are both enabled, the Postfix SMTP client will now relax MX preferences and attempt to schedule similar numbers of IPv4 and IPv6 addresses. This works around mail delivery problems when a destination announces lots of primary MX addresses on IPv6, but is reachable only over IPv4 (or vice versa). The new behavior is controlled with the smtp_balance_mx_inet_protocols parameter. * Compatibility safety net: with compatibility_level < 1, the Postfix SMTP server now warns for mail that would be blocked by the Postfix 2.10 smtpd_relay_restrictions feature, without blocking that mail. There still is a steady trickle of sites that upgrade from an earlier Postfix version. OBS-URL: https://build.opensuse.org/request/show/585926 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=294
2018-03-13 08:02:46 +01:00
-------------------------------------------------------------------
Mon Mar 12 13:43:43 UTC 2018 - ilya@ilya.pp.ua
- Refresh spec-file via spec-cleaner and manual optinizations.
* Add %license macro.
* Set license to IPL-1.0 OR EPL-2.0.
- Update to 3.3.0
* http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.0.RELEASE_NOTES
* Dual license: in addition to the historical IBM Public License
1.0, Postfix is now also distributed with the more recent Eclipse
Public License 2.0. Recipients can choose to take the software
under the license of their choice. Those who are more comfortable
with the IPL can continue with that license.
* The postconf command now warns about unknown parameter names
in a Postfix database configuration file. As with other unknown
parameter names, these warnings can help to find typos early.
* Container support: Postfix 3.3 will run in the foreground with
"postfix start-fg". This requires that Postfix multi-instance
support is disabled (the default). To collect Postfix syslog
information on the container's host, mount the host's /dev/log
socket into the container, for example with "docker run -v
/dev/log:/dev/log ...other options...", and specify a distinct
Postfix syslog_name setting in the container (for example with
"postconf syslog_name=the-name-here").
* Milter support: applications can now send RET and ENVID parameters
in SMFIR_CHGFROM (change envelope sender) requests.
* Postfix-generated From: headers with 'full name' information
are now formatted as "From: name <address>" by default. Specify
"header_from_format = obsolete" to get the earlier form "From:
address (name)".
* Interoperability: when Postfix IPv6 and IPv4 support are both
enabled, the Postfix SMTP client will now relax MX preferences
and attempt to schedule similar numbers of IPv4 and IPv6
addresses. This works around mail delivery problems when a
destination announces lots of primary MX addresses on IPv6, but
is reachable only over IPv4 (or vice versa). The new behavior
is controlled with the smtp_balance_mx_inet_protocols parameter.
* Compatibility safety net: with compatibility_level < 1, the
Postfix SMTP server now warns for mail that would be blocked
by the Postfix 2.10 smtpd_relay_restrictions feature, without
blocking that mail. There still is a steady trickle of sites
that upgrade from an earlier Postfix version.
-------------------------------------------------------------------
Tue Feb 13 10:39:37 UTC 2018 - varkoly@suse.com
- bsc#1065411 Package postfix should require package system-user-nobody
- bsc#1080772 postfix smtpd throttle getting "hello" if no sasl auth
was configured
-------------------------------------------------------------------
Thu Dec 7 15:02:14 UTC 2017 - dimstar@opensuse.org
- Fix usage of fillup_only:-y is not a valid option to this macro.
-------------------------------------------------------------------
Thu Nov 23 13:43:17 UTC 2017 - rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
-------------------------------------------------------------------
Wed Nov 8 13:32:28 CET 2017 - kukuk@suse.de
- Don't mark postfix.service as config file, this is no config
file.
- Some of the Requires(pre) are needed for post-install and at
runtime, fix the requires.
-------------------------------------------------------------------
Mon Oct 30 12:12:08 UTC 2017 - michael@stroeder.com
- update to 3.2.4
* DANE interoperability. Postfix builds with OpenSSL 1.0.0 or
1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS
records associated with an intermediate CA certificate. Problem
report and initial fix by Erwan Legrand.
* Missing dynamicmaps support in the Postfix sendmail command.
This broke authorized_submit_users settings that use a
dynamically-loaded map type. Problem reported by Ulrich Zehl.
-------------------------------------------------------------------
Fri Oct 20 12:27:12 UTC 2017 - varkoly@suse.com
- bnc#1059512 L3: Postfix Problem
The applied changes breaks existing postfix configurations because
daemon_directory was not adapted to the new value.
-------------------------------------------------------------------
Sun Oct 15 22:47:29 UTC 2017 - chris@computersalat.de
- fix build for SLE
* nothing provides libnsl-devel
* add bcond_with libnsl
-------------------------------------------------------------------
Wed Oct 4 10:58:28 UTC 2017 - varkoly@suse.com
- bnc#1059512 L3: Postfix Problem
To manage multiple Postfix instances on a single host requires
that daemon_directory and shlib_directory is different to
avoid use of the shared directories also as per-instance directories.
For this reason daemon_directory was set to /usr/lib/postfix/bin/.
shlib_directory stands /usr/lib/postfix/.
-------------------------------------------------------------------
Thu Sep 28 08:44:41 UTC 2017 - varkoly@suse.com
- bnc#1016491 postfix raported to log "warning: group or other writable:"
on each symlink in config.
* Add fix-postfix-script.patch
-------------------------------------------------------------------
Mon Sep 25 16:25:05 UTC 2017 - michael@stroeder.com
- update to 3.2.3
* Extension propagation was broken with "recipient_delimiter = .".
This change reverts a change that was trying to be too clever.
* The postqueue command would abort with a panic message after it
experienced an output write error while listing the mail queue.
This change restores a write error check that was lost with the
Postfix 3.2 rewrite of the vbuf_print formatter.
* Restored sanity checks for dynamically-specified width and precision
in format strings (%*, %.*, and %*.*). These checks were lost with
the Postfix 3.2 rewrite of the vbuf_print formatter.
-------------------------------------------------------------------
Thu Aug 17 08:56:15 CEST 2017 - kukuk@suse.de
- Add libnsl-devel build requires for glibc obsoleting libnsl
-------------------------------------------------------------------
Thu Jul 27 10:31:01 UTC 2017 - varkoly@suse.com
- bnc#1045264 L3: postmap problem
* Applying proposed patch of leen.meyer@ziggo.nl in bnc#771811
-------------------------------------------------------------------
Fri Jun 16 17:45:55 UTC 2017 - michael@stroeder.com
- update to 3.2.2
* Security: Berkeley DB versions 2 and later try to read settings
from a file DB_CONFIG in the current directory. This undocumented
feature may introduce undisclosed vulnerabilities resulting in
privilege escalation with Postfix set-gid programs (postdrop,
postqueue) before they chdir to the Postfix queue directory,
and with the postmap and postalias commands depending on whether
the user's current directory is writable by other users. This
fix does not change Postfix behavior for Berkeley DB versions
< 3, but it does reduce postmap and postalias 'create' performance
with Berkeley DB versions 3.0 .. 4.6.
* The SMTP server receive_override_options were not restored at
the end of an SMTP session, after the options were modified by
an smtpd_milter_maps setting of "DISABLE". Milter support
remained disabled for the life time of the smtpd process.
* After the Postfix 3.2 address/domain table lookup overhaul, the
check_sender_access and check_recipient_access features ignored
a non-default parent_domain_matches_subdomains setting.
-------------------------------------------------------------------
Wed Apr 19 20:36:03 UTC 2017 - chris@computersalat.de
- revert changes of postfix-main.cf.patch from rev=261
* config.postfix will not 'enable' (remove #) var, but place
modified (enabled) var at end of file, far away from place
where it should be
* keep vars enabled but empty
-------------------------------------------------------------------
Thu Apr 13 09:18:45 UTC 2017 - werner@suse.de
- Some cleanups
* Fix SUSE postfix-files to avoid chown errors (anyway this file
seems to be obsolete)
* Avoid installing shared libraries twice
* Refresh patch postfix-linux45.patch
-------------------------------------------------------------------
Sat Apr 8 15:06:14 UTC 2017 - chris@computersalat.de
- update postfix-master.cf.patch
* recover lost (with 3.2.0 update) submission, smtps sections
* merge with upstream update
- update config.postfix
* update master.cf generation for submission
- rebase patches against 3.2.0
* pointer_to_literals.patch
* postfix-no-md5.patch
* postfix-ssl-release-buffers.patch
* postfix-vda-v14-3.0.3.patch
-------------------------------------------------------------------
Mon Mar 20 18:01:36 CET 2017 - kukuk@suse.de
- Require system group mail
- Use mail group name instead of GID
-------------------------------------------------------------------
Mon Mar 6 21:27:38 UTC 2017 - mrueckert@suse.de
- update to 3.2.0
- [Feature 20170128] Postfix 3.2 fixes the handling of address
extensions with email addresses that contain spaces. For
example, the virtual_alias_maps, canonical_maps, and
smtp_generic_maps features now correctly propagate an address
extension from "aa bb+ext"@example.com to "cc
dd+ext"@other.example, instead of producing broken output.
- [Feature 20161008] "PASS" and "STRIP" actions in
header/body_checks. "STRIP" is similar to "IGNORE" but also
logs the action, and "PASS" disables header, body, and Milter
inspection for the remainder of the message content.
Contributed by Hobbit.
- [Feature 20160330] The collate.pl script by Viktor Dukhovni for
grouping Postfix logfile records into "sessions" based on queue
ID and process ID information. It's in the auxiliary/collate
directory of the Postfix source tree.
- [Feature 20160527] Postfix 3.2 cidr tables support if/endif and
negation (by prepending ! to a pattern), just like regexp and
pcre tables. The primarily purpose is to improve readability
of complex tables. See the cidr_table(5) manpage for syntax
details.
- [Incompat 20160925] In the Postfix MySQL database client, the
default option_group value has changed to "client", to enable
reading of "client" option group settings in the MySQL options
file. This fixes a "not found" problem with Postfix queries
that contain UTF8-encoded non-ASCII text. Specify an empty
option_group value (option_group =) to get backwards-compatible
behavior.
- [Feature 20161217] Stored-procedure support for MySQL
databases. Contributed by John Fawcett. See mysql_table(5) for
instructions.
- [Feature 20170128] The postmap command, and the inline: and
texthash: maps now support spaces in left-hand field of the
lookup table "source text". Use double quotes (") around a
left-hand field that contains spaces, and use backslash (\) to
protect embedded quotes in a left-hand field. There is no
change in the processing of the right-hand field.
- [Feature 20160611] The Postfix SMTP server local IP address and
port are available in the policy delegation protocol (attribute
names: server_address, server_port), in the Milter protocol
(macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT
protocol (attribute names: DESTADDR, DESTPORT).
- [Feature 20161024] smtpd_milter_maps support for per-client
Milter configuration that overrides smtpd_milters, and that has
the same syntax. A lookup result of "DISABLE" turns off Milter
support. See MILTER_README.html for details.
- [Feature 20160611] The Postfix SMTP server local IP address and
port are available in the policy delegation protocol (attribute
names: server_address, server_port), in the Milter protocol
(macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT
protocol (attribute names: DESTADDR, DESTPORT).
- [Incompat 20170129] The postqueue command no longer forces all
message arrival times to be reported in UTC. To get the old
behavior, set TZ=UTC in main.cf:import_environment (this
override is not recommended, as it affects all Postfix utities
and daemons).
- [Incompat 20161227] For safety reasons, the sendmail -C option
must specify an authorized directory: the default configuration
directory, a directory that is listed in the default main.cf
file with alternate_config_directories or
multi_instance_directories, or the command must be invoked with
root privileges (UID 0 and EUID 0). This mitigates a recurring
problem with the PHP mail() function.
- [Feature 20160625] The Postfix SMTP server now passes remote
client and local server network address and port information to
the Cyrus SASL library. Build with ``make makefiles
"CCARGS=$CCARGS -DNO_IP_CYRUS_SASL_AUTH"'' for backwards
compatibility.
- [Feature 20161103] Postfix 3.2 disables the 'transitional'
compatibility between the IDNA2003 and IDNA2008 standards for
internationalized domain names (domain names beyond the limits
of US-ASCII).
This change makes Postfix behavior consistent with contemporary
web browsers. It affects the handling of some corner cases such
as German sz and Greek zeta. See
http://unicode.org/cldr/utility/idna.jsp for more examples.
Specify "enable_idna2003_compatibility = yes" to restore
historical behavior (but keep in mind that the rest of the
world may not make that same choice).
- [Feature 20160828] Fixes for deprecated OpenSSL 1.1.0 API
features, so that Postfix will build without depending on
backwards-compatibility support.
[Incompat 20161204] Postfix 3.2 removes tentative features that
were implemented before the DANE spec was finalized:
- Support for certificate usage PKIX-EE(1),
- The ability to disable digest agility (Postfix now behaves as
if "tls_dane_digest_agility = on"), and
- The ability to disable support for "TLSA 2 [01] [12]" records
that specify the digest of a trust anchor (Postfix now
behaves as if "tls_dane_trust_anchor_digest_enable = yes).
- [Feature 20161217] Postfix 3.2 enables elliptic curve
negotiation with OpenSSL >= 1.0.2. This changes the default
smtpd_tls_eecdh_grade setting to "auto", and introduces a new
parameter tls_eecdh_auto_curves with the names of curves that
may be negotiated.
The default tls_eecdh_auto_curves setting is determined at
compile time, and depends on the Postfix and OpenSSL versions.
At runtime, Postfix will skip curve names that aren't supported
by the OpenSSL library.
- [Feature 20160611] The Postfix SMTP server local IP address and
port are available in the policy delegation protocol (attribute
names: server_address, server_port), in the Milter protocol
(macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT
protocol (attribute names: DESTADDR, DESTPORT).
- refresh postfix-master.cf.patch
-------------------------------------------------------------------
Mon Mar 6 14:04:13 UTC 2017 - wr@rosenauer.org
- make sure that system users can be created in %pre
-------------------------------------------------------------------
Sat Feb 18 14:01:35 UTC 2017 - kukuk@suse.com
- Fix requires:
- shadow is needed for postfix-mysql pre-install section
- insserv is not needed if systemd is used
-------------------------------------------------------------------
Sat Jan 21 23:27:34 UTC 2017 - chris@computersalat.de
- update postfix-mysql
* update mysql_*.cf files
* update postfix-mysql.sql (INNODB, utf8)
- update postfix-main.cf.patch
* uncomment smtpd_sasl_path, smtpd_sasl_type
can be changed via POSTFIX_SMTP_AUTH_SERVICE=(cyrus,dovecot)
* add option for smtp_tls_policy_maps (commented)
- update postfix-master.cf.patch
* fix indentation of submission, smtps options for correct
enabling via config.postfix
- update config.postfix
* fix sync of CA certificates
* fix master.cf generation for submission, smtps
- rebase postfix-vda-v14-3.0.3.patch
-------------------------------------------------------------------
Wed Jan 11 14:07:35 UTC 2017 - varkoly@suse.com
- FATE#322322 Update postfix to version 3.X
Merging changes with SLES12-SP2
Removeved patches: add_missed_library.patch bnc#947707.diff dynamic_maps.patch postfix-db6.diff
postfix-opensslconfig.patch bnc#947519.diff dynamic_maps_pie.patch
postfix-post-install.patch
These are included in the new version of postfix
- Remove references to SuSEconfig.postfix from sysconfig docs.
(bsc#871575)
- bnc#947519 SuSEconfig.postfix should enforce umask 022
- bnc#947707 mail generated by Amavis being prevented from being re-adressed by /etc/postfix/virtual
- bnc#972346 /usr/sbin/SuSEconfig.postfix is wrong
- postfix-linux45.patch: handle Linux 4.x and Linux 5.x (used by aarch64)
(bsc#940289)
-------------------------------------------------------------------
Tue Jan 3 12:20:18 UTC 2017 - varkoly@suse.com
- update to 3.1.4
* The postscreen daemon did not merge the client test status information
for concurrent sessions from the same IP address.
* The Postfix SMTP server falsely rejected a sender address when validating
a sender address with "smtpd_reject_unlisted_recipient = yes" or with
"reject_unlisted_sender". Cause: the address validation code did not query sender_canonical_maps.
* The virtual delivery agent did not detect failure to skip to the end
of a mailbox file, so that mail would be delivered to the beginning of the file.
This could happen when a mailbox file was already larger than the virtual mailbox size limit.
* The postsuper logged an incorrect rename operation count after creating a missing directory.
* The Postfix SMTP server falsely rejected mail when a sender-dependent "error"
transport was configured. Cause: the SMTP server address validation code
was not updated when the sender_dependent_default_transport_maps feature
was introduced.
* The Postfix SMTP server falsely rejected an SMTPUTF8 sender address, when "smtpd_delay_reject = no".
* The "postfix tls deploy-server-cert" command used the wrong certificate
and key file. This was caused by a cut-and-paste error in the postfix-tls-script file.
-------------------------------------------------------------------
Sat Nov 26 15:43:57 UTC 2016 - chris@computersalat.de
- improve config.postfix
* improve SASL stuff
* add POSTFIX_SMTP_AUTH_SERVICE=(cyrus|dovecot)
-------------------------------------------------------------------
Mon Nov 14 21:53:18 UTC 2016 - chris@computersalat.de
- improve config.postfix
* improve with MySQL stuff
-------------------------------------------------------------------
Mon Nov 7 13:35:38 UTC 2016 - chris@computersalat.de
- update vda patch to latest available
* remove postfix-vda-v13-3.10.0.patch
* add postfix-vda-v14-3.0.3.patch
- rebase patches (and to be p0)
* pointer_to_literals.patch
* postfix-main.cf.patch
* postfix-master.cf.patch
* postfix-no-md5.patch
* postfix-ssl-release-buffers.patch
- add /etc/postfix/ssl as default DIR for SSL stuff
* cacerts -> ../../ssl/certs/
* certs/
- revert POSTFIX_SSL_PATH from '/etc/ssl' to '/etc/postfix/ssl'
- improve config.postfix
* revert smtpd_tls_CApath to POSTFIX_SSL_PATH/cacerts which is a
symlink to /etc/ssl/certs
Without reverting, 'gen_CA' would create files which would then be on
the previous defined 'sslpath(/etc/ssl)/certs' (smtpd_tls_CApath)
Cert reqs would be placed in 'sslpath(/etc/ssl)/certs/postfixreq.pem'
which is not a good idea.
* mkchroot: sync '/etc/postfix/ssl' to chroot
* improve PCONF for smtp{,d}_tls_{cert,key}_file, adding/removing from
main.cf, show warning if enabled and file is missing
-------------------------------------------------------------------
Sun Oct 9 20:11:34 UTC 2016 - michael@stroeder.com
- update to 3.1.3:
* The Postfix SMTP server did not reset a previous session's
failed/total command counts before rejecting a client that
exceeds request or concurrency rates. This resulted in incorrect
failed/total command counts being logged at the end of the
rejected session.
* The unionmap multi-table interface did not propagate table
lookup errors, resulting in false "user unknown" responses.
* The documentation was updated with a workaround for false "not
found" errors with MySQL map queries that contain UTF8-encoded
text. The workaround is to specify "option_group = client" in
Postfix MySQL configuration files. This will be the default
setting with Postfix 3.2 and later.
-------------------------------------------------------------------
Sun Sep 4 15:33:27 UTC 2016 - michael@stroeder.com
- update to 3.1.2:
* Changes to make Postfix build with OpenSSL 1.1.0.
* The makedefs script ignored readme_directory=pathname overrides.
Fix by Todd C. Olson.
* The tls_session_ticket_cipher documentation says that the default
cipher for TLS session tickets is aes-256-cbc, but the implemented
default was aes-128-cbc. Note that TLS session ticket keys are
rotated after 1/2 hour, to limit the impact of attacks on session
ticket keys.
-------------------------------------------------------------------
Thu Jun 2 12:26:17 UTC 2016 - schwab@suse.de
- postfix-post-install.patch: remove empty patch
-------------------------------------------------------------------
Sun May 29 16:45:30 UTC 2016 - chris@computersalat.de
- fix Changelog cause of Factory decline
-------------------------------------------------------------------
Tue May 24 13:18:55 UTC 2016 - varkoly@suse.com
- Fix typo in config.postfix
Accepting request 397601 from home:varkoly:branches:server:mail - bnc#981097 config.postfix creates broken main.cf for tls client configuration - bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete - update to 3.1.1: - The new address_verify_pending_request_limit parameter introduces a safety limit for the number of address verification probes in the active queue. The default limit is 1/4 of the active queue maximum size. The queue manager enforces the limit by tempfailing probe messages that exceed the limit. This design avoids dependencies on global counters that get out of sync after a process or system crash. - Machine-readable, JSON-formatted queue listing with "postqueue -j" (no "mailq" equivalent). - The milter_macro_defaults feature provides an optional list of macro name=value pairs. These specify default values for Milter macros when no value is available from the SMTP session context. - Support to enforce a destination-independent delay between email deliveries. The following example inserts 20 seconds of delay between all deliveries with the SMTP transport, limiting the delivery rate to at most three messages per minute. smtp_transport_rate_delay = 20s - Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes that a "not found" result from a DNSBL server will be valid for one hour. This may have been adequate five years ago when postscreen was first implemented, but nowadays, that one hour can result in missed opportunities to block new spambots. To address this, postscreen now respects the TTL of DNSBL "not found" replies, as well as the TTL of DNSWL replies (both "found" and "not found"). The TTL for a "not found" reply is determined according to RFC 2308 (the TTL of an SOA record in the reply). Support for DNSBL or DNSWL reply TTL values is controlled by two OBS-URL: https://build.opensuse.org/request/show/397601 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=235
2016-05-24 06:57:19 +02:00
-------------------------------------------------------------------
Tue May 24 04:29:41 UTC 2016 - varkoly@suse.com
- bnc#981097 config.postfix creates broken main.cf for tls client configuration
Accepting request 397601 from home:varkoly:branches:server:mail - bnc#981097 config.postfix creates broken main.cf for tls client configuration - bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete - update to 3.1.1: - The new address_verify_pending_request_limit parameter introduces a safety limit for the number of address verification probes in the active queue. The default limit is 1/4 of the active queue maximum size. The queue manager enforces the limit by tempfailing probe messages that exceed the limit. This design avoids dependencies on global counters that get out of sync after a process or system crash. - Machine-readable, JSON-formatted queue listing with "postqueue -j" (no "mailq" equivalent). - The milter_macro_defaults feature provides an optional list of macro name=value pairs. These specify default values for Milter macros when no value is available from the SMTP session context. - Support to enforce a destination-independent delay between email deliveries. The following example inserts 20 seconds of delay between all deliveries with the SMTP transport, limiting the delivery rate to at most three messages per minute. smtp_transport_rate_delay = 20s - Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes that a "not found" result from a DNSBL server will be valid for one hour. This may have been adequate five years ago when postscreen was first implemented, but nowadays, that one hour can result in missed opportunities to block new spambots. To address this, postscreen now respects the TTL of DNSBL "not found" replies, as well as the TTL of DNSWL replies (both "found" and "not found"). The TTL for a "not found" reply is determined according to RFC 2308 (the TTL of an SOA record in the reply). Support for DNSBL or DNSWL reply TTL values is controlled by two OBS-URL: https://build.opensuse.org/request/show/397601 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=235
2016-05-24 06:57:19 +02:00
- bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete
- update to 3.1.1:
- The new address_verify_pending_request_limit
parameter introduces a safety limit for the number of address
verification probes in the active queue. The default limit is 1/4
of the active queue maximum size. The queue manager enforces the
limit by tempfailing probe messages that exceed the limit. This
design avoids dependencies on global counters that get out of sync
after a process or system crash.
- Machine-readable, JSON-formatted queue listing with "postqueue -j"
(no "mailq" equivalent).
Accepting request 397601 from home:varkoly:branches:server:mail - bnc#981097 config.postfix creates broken main.cf for tls client configuration - bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete - update to 3.1.1: - The new address_verify_pending_request_limit parameter introduces a safety limit for the number of address verification probes in the active queue. The default limit is 1/4 of the active queue maximum size. The queue manager enforces the limit by tempfailing probe messages that exceed the limit. This design avoids dependencies on global counters that get out of sync after a process or system crash. - Machine-readable, JSON-formatted queue listing with "postqueue -j" (no "mailq" equivalent). - The milter_macro_defaults feature provides an optional list of macro name=value pairs. These specify default values for Milter macros when no value is available from the SMTP session context. - Support to enforce a destination-independent delay between email deliveries. The following example inserts 20 seconds of delay between all deliveries with the SMTP transport, limiting the delivery rate to at most three messages per minute. smtp_transport_rate_delay = 20s - Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes that a "not found" result from a DNSBL server will be valid for one hour. This may have been adequate five years ago when postscreen was first implemented, but nowadays, that one hour can result in missed opportunities to block new spambots. To address this, postscreen now respects the TTL of DNSBL "not found" replies, as well as the TTL of DNSWL replies (both "found" and "not found"). The TTL for a "not found" reply is determined according to RFC 2308 (the TTL of an SOA record in the reply). Support for DNSBL or DNSWL reply TTL values is controlled by two OBS-URL: https://build.opensuse.org/request/show/397601 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=235
2016-05-24 06:57:19 +02:00
- The milter_macro_defaults feature provides an optional list of macro
name=value pairs. These specify default values for Milter macros when
no value is available from the SMTP session context.
- Support to enforce a destination-independent delay between email
deliveries. The following example inserts 20 seconds of delay
between all deliveries with the SMTP transport, limiting the delivery
rate to at most three messages per minute.
smtp_transport_rate_delay = 20s
Accepting request 397601 from home:varkoly:branches:server:mail - bnc#981097 config.postfix creates broken main.cf for tls client configuration - bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete - update to 3.1.1: - The new address_verify_pending_request_limit parameter introduces a safety limit for the number of address verification probes in the active queue. The default limit is 1/4 of the active queue maximum size. The queue manager enforces the limit by tempfailing probe messages that exceed the limit. This design avoids dependencies on global counters that get out of sync after a process or system crash. - Machine-readable, JSON-formatted queue listing with "postqueue -j" (no "mailq" equivalent). - The milter_macro_defaults feature provides an optional list of macro name=value pairs. These specify default values for Milter macros when no value is available from the SMTP session context. - Support to enforce a destination-independent delay between email deliveries. The following example inserts 20 seconds of delay between all deliveries with the SMTP transport, limiting the delivery rate to at most three messages per minute. smtp_transport_rate_delay = 20s - Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes that a "not found" result from a DNSBL server will be valid for one hour. This may have been adequate five years ago when postscreen was first implemented, but nowadays, that one hour can result in missed opportunities to block new spambots. To address this, postscreen now respects the TTL of DNSBL "not found" replies, as well as the TTL of DNSWL replies (both "found" and "not found"). The TTL for a "not found" reply is determined according to RFC 2308 (the TTL of an SOA record in the reply). Support for DNSBL or DNSWL reply TTL values is controlled by two OBS-URL: https://build.opensuse.org/request/show/397601 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=235
2016-05-24 06:57:19 +02:00
- Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes
that a "not found" result from a DNSBL server will be valid for one
hour. This may have been adequate five years ago when postscreen
was first implemented, but nowadays, that one hour can result in
missed opportunities to block new spambots.
Accepting request 397601 from home:varkoly:branches:server:mail - bnc#981097 config.postfix creates broken main.cf for tls client configuration - bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete - update to 3.1.1: - The new address_verify_pending_request_limit parameter introduces a safety limit for the number of address verification probes in the active queue. The default limit is 1/4 of the active queue maximum size. The queue manager enforces the limit by tempfailing probe messages that exceed the limit. This design avoids dependencies on global counters that get out of sync after a process or system crash. - Machine-readable, JSON-formatted queue listing with "postqueue -j" (no "mailq" equivalent). - The milter_macro_defaults feature provides an optional list of macro name=value pairs. These specify default values for Milter macros when no value is available from the SMTP session context. - Support to enforce a destination-independent delay between email deliveries. The following example inserts 20 seconds of delay between all deliveries with the SMTP transport, limiting the delivery rate to at most three messages per minute. smtp_transport_rate_delay = 20s - Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes that a "not found" result from a DNSBL server will be valid for one hour. This may have been adequate five years ago when postscreen was first implemented, but nowadays, that one hour can result in missed opportunities to block new spambots. To address this, postscreen now respects the TTL of DNSBL "not found" replies, as well as the TTL of DNSWL replies (both "found" and "not found"). The TTL for a "not found" reply is determined according to RFC 2308 (the TTL of an SOA record in the reply). Support for DNSBL or DNSWL reply TTL values is controlled by two OBS-URL: https://build.opensuse.org/request/show/397601 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=235
2016-05-24 06:57:19 +02:00
To address this, postscreen now respects the TTL of DNSBL "not
found" replies, as well as the TTL of DNSWL replies (both "found"
and "not found"). The TTL for a "not found" reply is determined
according to RFC 2308 (the TTL of an SOA record in the reply).
Support for DNSBL or DNSWL reply TTL values is controlled by two
configuration parameters:
postscreen_dnsbl_min_ttl (default: 60 seconds).
postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour)
The postscreen_dnsbl_ttl parameter is now obsolete, and has become
the default value for the new postscreen_dnsbl_max_ttl parameter.
- New "smtpd_client_auth_rate_limit" feature, to
enforce an optional rate limit on AUTH commands per SMTP client IP
address. Similar to other smtpd_client_*_rate_limit features, this
enforces a limit on the number of requests per $anvil_rate_time_unit.
- New SMTPD policy service attribute "policy_context",
with a corresponding "smtpd_policy_service_policy_context" configuration
parameter. Originally, this was implemented to share the same SMTPD
policy service endpoint among multiple check_policy_service clients.
- A new "postfix tls" command to quickly enable opportunistic TLS
in the Postfix SMTP client or server, and to manage SMTP server keys
and certificates, including certificate signing requests and
Accepting request 397601 from home:varkoly:branches:server:mail - bnc#981097 config.postfix creates broken main.cf for tls client configuration - bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete - update to 3.1.1: - The new address_verify_pending_request_limit parameter introduces a safety limit for the number of address verification probes in the active queue. The default limit is 1/4 of the active queue maximum size. The queue manager enforces the limit by tempfailing probe messages that exceed the limit. This design avoids dependencies on global counters that get out of sync after a process or system crash. - Machine-readable, JSON-formatted queue listing with "postqueue -j" (no "mailq" equivalent). - The milter_macro_defaults feature provides an optional list of macro name=value pairs. These specify default values for Milter macros when no value is available from the SMTP session context. - Support to enforce a destination-independent delay between email deliveries. The following example inserts 20 seconds of delay between all deliveries with the SMTP transport, limiting the delivery rate to at most three messages per minute. smtp_transport_rate_delay = 20s - Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes that a "not found" result from a DNSBL server will be valid for one hour. This may have been adequate five years ago when postscreen was first implemented, but nowadays, that one hour can result in missed opportunities to block new spambots. To address this, postscreen now respects the TTL of DNSBL "not found" replies, as well as the TTL of DNSWL replies (both "found" and "not found"). The TTL for a "not found" reply is determined according to RFC 2308 (the TTL of an SOA record in the reply). Support for DNSBL or DNSWL reply TTL values is controlled by two OBS-URL: https://build.opensuse.org/request/show/397601 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=235
2016-05-24 06:57:19 +02:00
TLSA DNS records for DANE.
-------------------------------------------------------------------
Tue Apr 19 07:59:32 UTC 2016 - opensuse@dstoecker.de
- build with working support for SMTPUTF8
-------------------------------------------------------------------
Sun Mar 20 14:11:27 UTC 2016 - mrueckert@suse.de
- fix build on sle11 by pointing _libexecdir to /usr/lib all the
time.
-------------------------------------------------------------------
Sun Mar 20 13:46:56 UTC 2016 - mrueckert@suse.de
- some distros did not pull pkgconfig indirectly. pull it directly.
-------------------------------------------------------------------
Sun Mar 20 08:19:23 UTC 2016 - mrueckert@suse.de
- fix building the dynamic maps: the old build had postgresql e.g.
with missing symbols.
- convert to AUXLIBS_* instead of plain AUXLIBS which is needed
for proper dynamic maps.
- reordered the CCARGS and AUXLIBS* lines to group by feature
- use pkgconfig or *_config tools where possible
- picked up signed char from fedora spec file
- enable lmdb support: new BR lmdb-devel, new subpackage
postfix-lmdb.
- don't delete vmail user/groups
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
-------------------------------------------------------------------
Wed Mar 9 13:06:35 UTC 2016 - varkoly@suse.com
- update to 3.1.0
- Since version 3.0 postfix supports dynamic loading of cdb:, ldap:,
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients.
Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch
could be removed.
- Adapting all the patches to postfix 3.1.0
- remove obsolete patches
* add_missed_library.patch
* postfix-opensslconfig.patch
- update vda patch
* remove postfix-vda-v13-2.10.0.patch
* add postfix-vda-v13-3.10.0.patch
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
- The patch postfix-db6.diff is not more neccessary
- Backwards-compatibility safety net.
With NEW Postfix installs, you MUST install a main.cf file with
the setting "compatibility_level = 2". See conf/main.cf for an
example.
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
With UPGRADES of existing Postfix systems, you MUST NOT change the
main.cf compatibility_level setting, nor add this setting if it
does not exist.
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
Several Postfix default settings have changed with Postfix 3.0. To
avoid massive frustration with existing Postfix installations,
Postfix 3.0 comes with a safety net that forces Postfix to keep
running with backwards-compatible main.cf and master.cf default
settings. This safety net depends on the main.cf compatibility_level
setting (default: 0). Details are in COMPATIBILITY_README.
- Major changes - tls
* [Feature 20160207] A new "postfix tls" command to quickly enable
opportunistic TLS in the Postfix SMTP client or server, and to
manage SMTP server keys and certificates, including certificate
signing requests and TLSA DNS records for DANE.
* As of the middle of 2015, all supported Postfix releases no longer
nable "export" grade ciphers for opportunistic TLS, and no longer
use the deprecated SSLv2 and SSLv3 protocols for mandatory or
opportunistic TLS.
* [Incompat 20150719] The default Diffie-Hellman non-export prime was
updated from 1024 to 2048 bits, because SMTP clients are starting
to reject TLS handshakes with primes smaller than 2048 bits.
* [Feature 20160103] The Postfix SMTP client by default enables DANE
policies when an MX host has a (DNSSEC) secure TLSA DNS record,
even if the MX DNS record was obtained with insecure lookups. The
existence of a secure TLSA record implies that the host wants to
talk TLS and not plaintext. For details see the
smtp_tls_dane_insecure_mx_policy configuration parameter.
- Major changes - default settings
[Incompat 20141009] The default settings have changed for relay_domains
(new: empty, old: $mydestination) and mynetworks_style (new: host,
old: subnet). However the backwards-compatibility safety net will
prevent these changes from taking effect, giving the system
administrator the option to make an old default setting permanent
in main.cf or to adopt the new default setting, before turning off
backwards compatibility. See COMPATIBILITY_README for details.
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
[Incompat 20141001] A new backwards-compatibility safety net forces
Postfix to run with backwards-compatible main.cf and master.cf
default settings after an upgrade to a newer but incompatible Postfix
version. See COMPATIBILITY_README for details.
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
While the backwards-compatible default settings are in effect,
Postfix logs what services or what email would be affected by the
incompatible change. Based on this the administrator can make some
backwards-compatibility settings permanent in main.cf or master.cf,
before turning off backwards compatibility.
- Major changes - address verification safety
[Feature 20151227] The new address_verify_pending_request_limit
parameter introduces a safety limit for the number of address
verification probes in the active queue. The default limit is 1/4
of the active queue maximum size. The queue manager enforces the
limit by tempfailing probe messages that exceed the limit. This
design avoids dependencies on global counters that get out of sync
after a process or system crash.
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
Tempfailing verify requests is not as bad as one might think. The
Postfix verify cache proactively updates active addresses weeks
before they expire. The address_verify_pending_request_limit affects
only unknown addresses, and inactive addresses that have expired
from the address verify cache (by default, after 31 days).
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
- Major changes - json support
[Feature 20151129] Machine-readable, JSON-formatted queue listing
with "postqueue -j" (no "mailq" equivalent). The output is a stream
of JSON objects, one per queue file. To simplify parsing, each
JSON object is formatted as one text line followed by one newline
character. See the postqueue(1) manpage for a detailed description
of the output format.
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
- Major changes - milter support
[Feature 20150523] The milter_macro_defaults feature provides an
optional list of macro name=value pairs. These specify default
values for Milter macros when no value is available from the SMTP
session context.
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
For example, with "milter_macro_defaults = auth_type=TLS", the
Postfix SMTP server will send an auth_type of "TLS" to a Milter,
unless the remote client authenticates with SASL.
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
This feature was originally implemented for a submission service
that may authenticate clients with a TLS certificate, without having
to make changes to the code that implements TLS support.
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
- Major changes - output rate control
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
[Feature 20150710] Destination-independent delivery rate delay
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
Support to enforce a destination-independent delay between email
deliveries. The following example inserts 20 seconds of delay
between all deliveries with the SMTP transport, limiting the delivery
rate to at most three messages per minute.
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
/etc/postfix/main.cf:
smtp_transport_rate_delay = 20s
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
For details, see the description of default_transport_rate_delay
and transport_transport_rate_delay in the postconf(5) manpage.
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
- Major changes - postscreen dnsbl
[Feature 20150710] postscreen support for the TTL of DNSBL and DNSWL
lookup results
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes
that a "not found" result from a DNSBL server will be valid for one
hour. This may have been adequate five years ago when postscreen
was first implemented, but nowadays, that one hour can result in
missed opportunities to block new spambots.
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
To address this, postscreen now respects the TTL of DNSBL "not
found" replies, as well as the TTL of DNSWL replies (both "found"
and "not found"). The TTL for a "not found" reply is determined
according to RFC 2308 (the TTL of an SOA record in the reply).
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
Support for DNSBL or DNSWL reply TTL values is controlled by two
configuration parameters:
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
postscreen_dnsbl_min_ttl (default: 60 seconds).
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
This parameter specifies a minimum for the amount of time that
a DNSBL or DNSWL result will be cached in the postscreen_cache_map.
This prevents an excessive number of postscreen cache updates
when a DNSBL or DNSWL server specifies a very small reply TTL.
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour)
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
This parameter specifies a maximum for the amount of time that
a DNSBL or DNSWL result will be cached in the postscreen_cache_map.
This prevents cache pollution when a DNSBL or DNSWL server
specifies a very large reply TTL.
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
The postscreen_dnsbl_ttl parameter is now obsolete, and has become
the default value for the new postscreen_dnsbl_max_ttl parameter.
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
- Major changes - sasl auth safety
[Feature 20151031] New "smtpd_client_auth_rate_limit" feature, to
enforce an optional rate limit on AUTH commands per SMTP client IP
address. Similar to other smtpd_client_*_rate_limit features, this
enforces a limit on the number of requests per $anvil_rate_time_unit.
Accepting request 373635 from home:varkoly:branches:server:mail - update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or OBS-URL: https://build.opensuse.org/request/show/373635 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
2016-03-18 18:07:45 +01:00
- Major changes - smtpd policy
[Feature 20150913] New SMTPD policy service attribute "policy_context",
with a corresponding "smtpd_policy_service_policy_context" configuration
parameter. Originally, this was implemented to share the same SMTPD
policy service endpoint among multiple check_policy_service clients.
-------------------------------------------------------------------
Wed Dec 9 14:05:22 UTC 2015 - varkoly@suse.com
- bnc#958329 postfix fails to start when openslp is not installed
-------------------------------------------------------------------
Mon Oct 12 20:49:27 UTC 2015 - michael@stroeder.com
- upstream update postfix 2.11.7:
* The Postfix Milter client aborted with a panic while adding a
message header, after adding a short message header with the
header_checks PREPEND action. Fixed by invoking the header
output function while PREPENDing a message header.
* False alarms while scanning the Postfix queue. Fixed by resetting
errno before calling readdir(). This defect was introduced
19970309.
* The postmulti command produced an incorrect error message.
* The postmulti command now refuses to create a new MTA instance
when the template main.cf or master.cf file are missing. This
is a common problem on Debian-like systems.
* Turning on Postfix SMTP server HAProxy support broke TLS
wrappermode. Fixed by temporarily using a 1-byte VSTREAM buffer
to read the HAProxy connection hand-off information.
* The xtext_unquote() function did not propagate error reports
from xtext_unquote_append(), causing the decoder to return
partial output, instead of rejecting malformed input. The Postfix
SMTP server uses this function to parse input for the ENVID and
ORCPT parameters, and for XFORWARD and XCLIENT command parameters.
-------------------------------------------------------------------
Wed Aug 12 10:51:51 UTC 2015 - jkeil@suse.de
- boo#934060: Remove quirky hostname logic from config.postfix
* /etc/hostname doesn't contain anything useful
* linux.local is no good either
* postfix will use `hostname`.localdomain as fallback
-------------------------------------------------------------------
Tue Aug 4 09:09:04 UTC 2015 - meissner@suse.com
- postfix-no-md5.patch: replace fingerprint defaults by sha1. bsc#928885
-------------------------------------------------------------------
Tue Aug 4 09:07:25 UTC 2015 - meissner@suse.com
- %verifyscript is a new section, move it out of the %ifdef
so the fillups are run afterwards.
-------------------------------------------------------------------
Wed Jul 22 16:44:44 UTC 2015 - michael@stroeder.com
- upstream update postfix 2.11.6:
Default settings have been updated so that they no longer enable
export-grade ciphers, and no longer enable the SSLv2 and SSLv3
protocols.
- removed postfix-2.11.5_linux4.patch because it's obsolete
- Bugfix (introduced: Postfix 2.11): with connection caching
enabled (the default), recipients could be given to the wrong
mail server. (bsc#944722)
-------------------------------------------------------------------
Mon Jun 1 22:25:51 UTC 2015 - crrodriguez@opensuse.org
- postfix-SuSE.tar.gz/postfix.service: None of
nss-lookup.target network.target local-fs.target time-sync.target
should be Wanted or Required except by the services
the implement the relevant functionality i.e network.target
is wanted/required by networkmanager, wicked,
systemd-network. other software must be ordered After them,
see systemd.special(7)
-------------------------------------------------------------------
Sun May 17 18:41:52 UTC 2015 - mpluskal@suse.com
- Fix library symlink generation (boo#928662)
-------------------------------------------------------------------
Tue Apr 21 09:55:44 UTC 2015 - mrueckert@suse.de
- added postfix-2.11.5_linux4.patch:
Allow building on kernel 4. Patch taken from:
https://groups.google.com/forum/#!topic/mailing.postfix.users/fufS22sMGWY
-------------------------------------------------------------------
Sun Apr 19 23:03:25 UTC 2015 - mrueckert@suse.de
- update to postfix 2.11.5
- Bugfix (introduced: Postfix 2.6):
sender_dependent_relayhost_maps ignored the relayhost setting
in the case of a DUNNO lookup result. It would use the
recipient domain instead. Viktor Dukhovni. Wietse took the
pieces of code that enforce the precedence of a
sender-dependent relayhost, the global relayhost, and the
recipient domain, and put that code together in once place so
that it is easier to maintain. File:
trivial-rewrite/resolve.c.
- Bitrot: prepare for future changes in OpenSSL API. Viktor
Dukhovni. File: tls_dane.c.
- Incompatibility: specifying "make makefiles" with "CC=command"
will no longer override the default WARN setting.
-------------------------------------------------------------------
Mon Feb 9 18:01:38 UTC 2015 - michael@stroeder.com
- upstream update postfix 2.11.4:
Postfix 2.11.4 only:
* Fix a core dump when smtp_policy_maps specifies an invalid TLS
level.
* Fix a missing " in \%s\", in postconf(1) fatal error messages,
which violated the C language spec. Reported by Iain Hibbert.
All supported releases:
* Stop excessive recursion in the cleanup server while recovering
from a virtual alias expansion loop. Problem found at Two Sigma.
* Stop exponential memory allocation with virtual alias expansion
loops. This came to light after fixing the previous problem.
-------------------------------------------------------------------
Sun Feb 8 13:08:36 UTC 2015 - varkoly@suse.com
- correct pf_daemon_directory in spec. This must be /usr/lib/
-------------------------------------------------------------------
Thu Jan 22 09:36:09 UTC 2015 - varkoly@suse.com
- bnc#914086 syntax error in config.postfix
- Adapt config.postfix to be able to run on SLE11 too.
-------------------------------------------------------------------
Mon Jan 19 22:15:30 UTC 2015 - mpluskal@suse.com
- Don't install sysvinit script when systemd is used
- Make explicit PreReq dependencies conditional only for older
systems
- Don't try to set explicit attributes to symlinks
- Cleanup spec file vith spec-cleaner
-------------------------------------------------------------------
Tue Jan 13 07:04:52 UTC 2015 - varkoly@suse.com
- bnc#912594 config.postfix creates config based on old options
-------------------------------------------------------------------
Tue Jan 6 14:26:51 UTC 2015 - varkoly@suse.com
- bnc#911806 config.postfix does not set up correct saslauthd socket directory for chroot
- bnc#910265 config.postfix does not upgrade the chroot
- bnc#908003 wrong access rights on /usr/sbin/postdrop causes
permission denied when trying to send a mail as non root user
- bnc#729154 wrong permissions for some postfix components
-------------------------------------------------------------------
Fri Nov 21 14:49:19 UTC 2014 - tchvatal@suse.com
- Remove keyring and things as it is md5 based one no longer
accepted by gpg 2.1
-------------------------------------------------------------------
Fri Nov 14 09:19:00 UTC 2014 - dimstar@opensuse.org
- No longer perform gpg validation; osc source_validator does it
implicit:
+ Drop gpg-offline BuildRequires.
+ No longer execute gpg_verify.
-------------------------------------------------------------------
Mon Oct 27 18:22:02 UTC 2014 - dmueller@suse.com
- restore previously lost fix:
Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de
- Ignore errors in %pre/%post.
-------------------------------------------------------------------
Mon Oct 20 07:52:39 UTC 2014 - michael@stroeder.com
- postfix 2.11.3:
* Fix for configurations that prepend message headers with Postfix
access maps, policy servers or Milter applications. Postfix now
hides its own Received: header from Milters and exposes prepended
headers to Milters, regardless of the mechanism used to prepend
a header. This fix reverts a partial solution that was released
on October 13, 2014, and replaces it with a complete solution.
* Portability fix for MacOS X 10.7.x (Darwin 11.x) build procedure.
- postfix 2.11.2:
* Fix for DMARC implementations based on SPF policy plus DKIM
Milter. The PREPEND access/policy action added headers ABOVE
Postfix's own Received: header, exposing Postfix's own Received:
header to Milters (protocol violation) and hiding the PREPENDed
header from Milters. PREPENDed headers are now added BELOW
Postfix's own Received: header and remain visible to Milters.
* The Postfix SMTP server logged an incorrect client name in
reject messages for check_reverse_client_hostname_access and
check_reverse_client_hostname_{mx,ns}_access. They replied with
the verified client name, instead of the name that was rejected.
* The qmqpd daemon crashed with null pointer bug when logging a
lost connection while not in a mail transaction.
-------------------------------------------------------------------
Sun Sep 14 16:50:57 UTC 2014 - andreas.stieger@gmx.de
- switch from md5 based signature to one using the SHA-512 digest
algorithm supplied by maintainer on ML to pass source_validator
-------------------------------------------------------------------
Sat Sep 13 21:44:41 UTC 2014 - andreas.stieger@gmx.de
- postfix 2.11.1:
* With connection caching enabled (the default), recipients could
be given to the wrong mail server.
* Enforce TLS when TLSA records exist, but all are unusable.
* Don't leak memory when TLSA records exist, but all are unusable.
* Prepend "-I. -I../../include" to the compiler command-line
options, to avoid name clashes with non-Postfix header files.
* documentation fixes
* logging fixes
-------------------------------------------------------------------
Fri Aug 29 15:40:00 UTC 2014 - rusjako@rus.uni-stuttgart.de
- fix dynamic_maps patch to enable memcache support, which does not
need any libraries
-------------------------------------------------------------------
Thu Jul 31 12:44:59 UTC 2014 - dimstar@opensuse.org
- Rename rpmlintrc to %{name}-rpmlintrc.
Follow the packaging guidelines.
-------------------------------------------------------------------
Fri Jun 27 23:16:21 UTC 2014 - chris@computersalat.de
- fix typo in postfix-SuSE/update_chroot.systemd
- fix config.postfix
* 'insserv amavis' -> 'chkconfig amavis on'
- rework main.cf patch
* fix virtual stuff
* add some dovecot stuff
- rework master.cf patch
* add some dovecot stuff
-------------------------------------------------------------------
Mon Jun 23 21:41:23 UTC 2014 - jamesp@vicidial.com
- The included postfix-mysql.tar.bz2 was using a MySQL 4.1 style of
table engine specification. Modified so that the sql uses
'ENGINE=' instead of 'TYPE=' for creating tables.
-------------------------------------------------------------------
Mon Jun 23 15:17:52 UTC 2014 - varkoly@suse.com
- bnc#816769 - config.postfix issues warnings about missing master.cf
-------------------------------------------------------------------
Tue Jun 10 13:34:03 UTC 2014 - varkoly@suse.com
- bnc#882033 - Package postfix has changed files according to rpm
- bnc#855688 - possible systemd bug: postfix & cifs dependency confict
-------------------------------------------------------------------
Mon Jun 9 12:17:35 UTC 2014 - varkoly@suse.com
- bnc#863350 - SuSEconfig.postfix complains about modified /etc/postfix/main.cf after updating postfix
-------------------------------------------------------------------
Mon May 26 17:21:54 UTC 2014 - chris@computersalat.de
- replace vda patch:
* add postfix-vda-v13-2.10.0.patch
* remove postfix-vda-v11-2.9.6.patch
- rebase patches
- config.postfix
* add master.cf support for submission (587)
* rework master.cf support for smtps
-------------------------------------------------------------------
Wed Feb 12 15:10:27 UTC 2014 - varkoly@suse.com
- bnc#862662 - Unable to configure postfix SMTP with forced TLS using YaST2
- Update to 2.11.0
* TLS
o Support for PKI-less TLS server certificate verification, where
the CA public key or the server certificate is identified via DNSSEC lookup
* LMDB database support
* master
o The master_service_disable parameter value syntax has changed:
use "service/type" instead of "service.type".
* postconf:
o Support for advanced master.cf query and update operations.
This was implemented primarily to support automated system management tools.
o The postconf command produces more warnings
* relay safety
New smtpd_relay_restrictions parameter built-in default settings:
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
defer_unauth_destination
* postscreen whitelisting
Allow a remote SMTP client to skip postscreen(8) tests based on
its postscreen_dnsbl_sites score.
-------------------------------------------------------------------
Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de
- Ignore errors in %pre/%post.
-------------------------------------------------------------------
Thu Oct 3 02:47:54 UTC 2013 - crrodriguez@opensuse.org
- two improvements for 13.1 and factory
* postfix-opensslconfig.patch call openSSL_config
so postfix respects the system's openssl configuration
* postfix-SuSE/postfix.service since a few months there
is no mail-transfer-agent.target, units must be ordered
after a list of smtpd implementations instead.
-------------------------------------------------------------------
Fri Sep 20 04:48:08 UTC 2013 - varkoly@suse.com
- Proc is not needed in chroot anymore
-------------------------------------------------------------------
Tue Jul 30 14:34:01 UTC 2013 - schwab@suse.de
- postfix-main.cf.patch: remove duplicate entry for inet_protocols
-------------------------------------------------------------------
Mon Jun 17 10:50:08 UTC 2013 - chris@computersalat.de
- fix for warning
* unused parameter: virtual_create_maildirsize=yes
* unused parameter: virtual_mailbox_extended=yes
* rework main.cf.patch
- fix rcpostfix for sysvinit systems
* /etc/postfix/system/update_postmaps: No such file or directory
- rebase patches
* vda-v11-2.9.5 -> vda-v11-2.9.6
- fix file postfix-SuSE.tar.gz
* made a tar.gz
-------------------------------------------------------------------
Sun Jun 16 02:12:07 UTC 2013 - jengelh@inai.de
- postfix.spec forces the use of SSL and SASL libraries,
so make sure the BuildRequires are there
-------------------------------------------------------------------
Fri Jun 14 01:33:52 UTC 2013 - jengelh@inai.de
- Add postfix-db6.diff to fix compile abort with libdb-6.0
-------------------------------------------------------------------
Mon Apr 22 11:51:37 UTC 2013 - idonmez@suse.com
- Add Source URL, see https://en.opensuse.org/SourceUrls
- Add GPG verification
-------------------------------------------------------------------
Sat Apr 20 05:46:00 UTC 2013 - crrodriguez@opensuse.org
- postfix-SuSE/postfix.service do not Require or
order after syslog.target as it no longer exists
postfix will fail to start in the next systemd version.
-------------------------------------------------------------------
Sat Feb 23 09:33:08 UTC 2013 - rmilasan@suse.com
- Install postfix.service accordingly (/usr/lib/systemd for 12.3
and up or /lib/systemd for older versions).
-------------------------------------------------------------------
Wed Feb 6 19:56:57 UTC 2013 - varkoly@suse.com
- update to 2,9.6
Bugfix: the local(8) delivery agent dereferenced a null pointer
while delivering to null command (for example, "|" in a .forward file).
Bugfix: memory leak in program initialization. tls/tls_misc.c.
Bugfix: he undocumented OpenSSL X509_pubkey_digest() function is
unsuitable for computing certificate PUBLIC KEY fingerprints.
Postfix now provides a correct procedure that accounts for
the algorithm and parameters in addition to the key data. Specify
"tls_legacy_public_key_fingerprints = yes" if you need backwards compatibility.
-------------------------------------------------------------------
Thu Jan 17 22:01:16 UTC 2013 - varkoly@suse.com
- bnc#796162 - script to assign path elements not working in postfix install Build-0284(iso)
-------------------------------------------------------------------
Thu Jan 10 18:23:56 UTC 2013 - chris@computersalat.de
- rebase patches
* vda-v10-2.8.12 -> vda-v11-2.9.5 (and to be a p0)
* main, master, post-instal, ssl-release-buffers (remove version)
* dynamic_maps, dynamic_maps_pie, pointer_to_literals
- update to 2,9.4 * tls support: Support to turn off the TLSv1.1 and TLSv1.2 protocols: To temporarily turn off problematic protocols globally: /etc/postfix/main.cf: smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 However, it may be better to temporarily turn off problematic protocols for broken sites only: /etc/postfix/main.cf: smtp_tls_policy_maps = hash:/etc/postfix/tls_policy /etc/postfix/tls_policy: example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2 * 20111012 To simplify integration with third-party applications, the Postfix sendmail command now always transforms all input lines ending in <CR><LF> into UNIX format (lines ending in <LF>). Specify "sendmail_fix_line_endings = strict" to restore historical Postfix behavior (i.e. convert all input lines ending in <CR><LF> only if the first line ends in <CR><LF>). * 20120114 Logfile-based alerting systems may need to be updated to look for "error" messages in addition to "fatal" messages. Specify "daemon_table_open_error_is_fatal = yes" to get the historical behavior (immediate termination with "fatal" message). * enable_long_queue_ids Postfix 2.9 introduces support for non-repeating queue IDs (also used as queue file names). These names are encoded in a mix of upper case, lower case and decimal digit characters. Long queue IDs are disabled by default to avoid breaking tools that parse logfiles and that expect queue IDs with the smaller [A-F0-9] character set. * 20111209 memcache lookup and update support. This provides a way to share postscreen(8) or verify(8) caches between Postfix OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=154
2013-01-10 16:05:52 +01:00
-------------------------------------------------------------------
Thu Jan 10 14:45:59 UTC 2013 - varkoly@suse.com
- update to 2,9.5
- update to 2,9.4 * tls support: Support to turn off the TLSv1.1 and TLSv1.2 protocols: To temporarily turn off problematic protocols globally: /etc/postfix/main.cf: smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 However, it may be better to temporarily turn off problematic protocols for broken sites only: /etc/postfix/main.cf: smtp_tls_policy_maps = hash:/etc/postfix/tls_policy /etc/postfix/tls_policy: example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2 * 20111012 To simplify integration with third-party applications, the Postfix sendmail command now always transforms all input lines ending in <CR><LF> into UNIX format (lines ending in <LF>). Specify "sendmail_fix_line_endings = strict" to restore historical Postfix behavior (i.e. convert all input lines ending in <CR><LF> only if the first line ends in <CR><LF>). * 20120114 Logfile-based alerting systems may need to be updated to look for "error" messages in addition to "fatal" messages. Specify "daemon_table_open_error_is_fatal = yes" to get the historical behavior (immediate termination with "fatal" message). * enable_long_queue_ids Postfix 2.9 introduces support for non-repeating queue IDs (also used as queue file names). These names are encoded in a mix of upper case, lower case and decimal digit characters. Long queue IDs are disabled by default to avoid breaking tools that parse logfiles and that expect queue IDs with the smaller [A-F0-9] character set. * 20111209 memcache lookup and update support. This provides a way to share postscreen(8) or verify(8) caches between Postfix OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=154
2013-01-10 16:05:52 +01:00
* tls support:
Support to turn off the TLSv1.1 and TLSv1.2 protocols:
To temporarily turn off problematic protocols globally:
/etc/postfix/main.cf:
smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
However, it may be better to temporarily turn off problematic
protocols for broken sites only:
/etc/postfix/main.cf:
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
/etc/postfix/tls_policy:
example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2
* 20111012 To simplify integration with third-party
applications, the Postfix sendmail command now always transforms
all input lines ending in <CR><LF> into UNIX format (lines ending
in <LF>). Specify "sendmail_fix_line_endings = strict" to restore
historical Postfix behavior (i.e. convert all input lines ending
in <CR><LF> only if the first line ends in <CR><LF>).
* 20120114 Logfile-based alerting systems may need to be
updated to look for "error" messages in addition to "fatal" messages.
Specify "daemon_table_open_error_is_fatal = yes" to get the historical
behavior (immediate termination with "fatal" message).
* enable_long_queue_ids Postfix 2.9 introduces support for non-repeating queue IDs (also
used as queue file names). These names are encoded in a mix of upper
case, lower case and decimal digit characters. Long queue IDs are
disabled by default to avoid breaking tools that parse logfiles and
that expect queue IDs with the smaller [A-F0-9] character set.
* 20111209 memcache lookup and update support. This provides
a way to share postscreen(8) or verify(8) caches between Postfix
instances. See MEMCACHE_README and memcache_table(5) for details
and limitations.
* 20111218 To support external SASL authentication, e.g.,
in an NGINX proxy daemon, the Postfix SMTP server now always checks
the smtpd_sender_login_maps table, even without having
"smtpd_sasl_auth_enable = yes" in main.cf.
* ipv6
o The default inet_protocols value is now "all" instead of "ipv4",
meaning use both IPv4 and IPv6.
o The default smtp_address_preference value is now "any" instead
of "ipv6", meaning choose randomly between IPv6 and IPv4. With
this the Postfix SMTP client will have more success delivering
mail to sites that have problematic IPv6 configurations.
-------------------------------------------------------------------
Sat Dec 15 16:33:24 UTC 2012 - chris@computersalat.de
- update to 2.8.13
* 20121029
Workaround: strip datalink suffix from IPv6 addresses
returned by the system getaddrinfo() routine. Such suffixes
mess up the default mynetworks value, host name/address
verification and possibly more. This change obsoletes the
20101108 change that removes datalink suffixes in the SMTP
and QMQP servers, but we leave that code alone. File:
util/myaddrinfo.c.
* 20121013
Cleanup: to compute the LDAP connection cache lookup key,
join the numeric fields with null, just like string fields.
Viktor Dukhovni. File: global/dict_ldap.c.
* 20121010
Bugfix (introduced: Postfix 2.5): memory leak in program
initialization. Reported by Coverity. File: tls/tls_misc.c.
Bugfix (introduced: Postfix 2.3): memory leak in the unused
oqmgr program. Reported by Coverity. File: oqmgr/qmgr_message.c.
* 20121003
Bugfix: the postscreen_access_list feature was case-sensitive
in the first character of permit, reject, etc. Reported by
Feancis Picabia. File: global/server_acl.c.
- rebase dynamic_maps_pie patch
- rpmlint
* invalid-suse-version-check 1140
* obsolete-suse-version-check 920 (changes file)
-------------------------------------------------------------------
Fri Dec 14 06:03:42 UTC 2012 - varkoly@suse.com
- bnc#790141 - Command SuSEconfig.postfix reports ERROR -
"can not find /lib/YaST/SuSEconfig.functions!!"
-------------------------------------------------------------------
Thu Nov 8 11:33:33 UTC 2012 - varkoly@suse.com
- bnc#782048 - postfix uses /sbin/conf.d
- bnc#784659 - remove SuSEconfig calls from yast2-mail
-------------------------------------------------------------------
Fri Aug 10 18:56:59 UTC 2012 - chris@computersalat.de
- update to 2.8.12
* 20120730
Bugfix (introduced: 20000314): AUTH is not allowed after
MAIL. Timo Sirainen. File: smtpd/smtpd_sasl_proto.c.
* 20120702
Bugfix (introduced: 19990127): the BIFF client leaked an
unprivileged UDP socket. Fix by Jaroslav Skarvada. File:
local/biff_notify.c.
* 20120621
Bugfix (introduced: Postfix 2.8): the unused "pass" trigger
client could close the wrong file descriptors. File:
util/unix_pass_trigger.c.
- fix for bnc#771303
* add 'version = 3' to ldap_aliases.cf
- rebase patches
* main, master, post-install: 2.8.3 -> 2.8.12
* ssl-release-buffers: 2.8.5 -> 2.8.12
* vda-v10: 2.8.9 -> 2.8.12
* dynamic_maps, dynamic_maps_pie, ipv6_disabled, pointer_to_literals
- fix changes file
-------------------------------------------------------------------
Thu Jul 19 06:52:18 UTC 2012 - varkoly@suse.com
- bnc#771811 - postfix update does not regenerate the maps
-------------------------------------------------------------------
Mon Jun 11 09:51:22 UTC 2012 - varkoly@suse.com
- update to 2.8.11
* 20120520
- Bugfix (introduced Postfix 2.4): the event_drain() function
was comparing bitmasks incorrectly causing the program to
always wait for the full time limit. This error affected
the unused postkick command, but only after s/fifo/unix/
in master.cf. File: util/events.c.
- Cleanup: laptop users have always been able to avoid
unnecessary disk spin-up by doing s/fifo/unix/ in master.cf
(this is currently not supported on Solaris systems).
However, to make this work reliably, the "postqueue -f"
command must wait until its requests have reached the pickup
and qmgr servers before closing the UNIX-domain request
sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in.
-------------------------------------------------------------------
Wed May 9 10:07:10 UTC 2012 - varkoly@suse.com
- bnc#753910 - {name} instead of %{name} in postfix .spec
- bnc#756452 - VUL-1: postfix: VRFY allows enumerating users
-------------------------------------------------------------------
Thu May 3 16:47:11 UTC 2012 - chris@computersalat.de
- update to 2.8.10
* 20120401
Bitrot: shut up useless warnings about Cyrus SASL call-back
function pointer type mis-matches. Files: xsasl/xsasl_cyrus.h,
xsasl/xsasl_cyrus_server.c, xsasl/xsasl_client.c.
* 20120422
Bit-rot: OpenSSL 1.0.1 introduces new protocols. Update the
known TLS protocol list so that protocols can be turned off
selectively to work around implementation bugs. Based on
a patch by Victor Duchovni. Files: proto/TLS_README.html,
proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c,
tls/tls_server.c.
- update to 2.8.9
* 20120217
Cleanup: missing #include statement for bugfix code added
20111226. File: local/unknown.c.
* 20120214
Bugfix (introduced: Postfix 2.4): extraneous null assignment
caused core dump when postlog emitted the "usage" message.
Reported by Kant (fnord.hammer). File: postlog/postlog.c.
* 20120202
Bugfix (introduced: Postfix 2.3): the "change header" milter
request could replace the wrong header. A long header name
could match a shorter one, because a length check was done
on the wrong string. Reported by Vladimir Vassiliev. File:
cleanup/cleanup_milter.c.
- use latest VDA patch (2.8.9)
-------------------------------------------------------------------
Thu Apr 12 08:15:06 UTC 2012 - varkoly@suse.com
- bnc#756450 - postfix: remove version from banner
-------------------------------------------------------------------
Mon Apr 9 16:13:28 UTC 2012 - bruno@ioda-net.ch
- add port 587 smtp-auth submission to postfix-fw bnc#756289
-------------------------------------------------------------------
Mon Apr 2 22:09:00 CEST 2012 - dmueller@suse.de
- set exit code explicitely in cond_slp, systemd checks for it
-------------------------------------------------------------------
Tue Mar 13 13:35:13 UTC 2012 - varkoly@suse.com
- Documentation for bnc#751994 - SuSEconfig module postfix does not exist
-------------------------------------------------------------------
Wed Mar 7 06:31:05 UTC 2012 - varkoly@suse.com
- rcpostfix now updates the aliases too
-------------------------------------------------------------------
Mon Feb 27 16:35:56 UTC 2012 - chris@computersalat.de
- update to 2.8.8
Bugfixes:
tlsproxy(8) stored TLS sessions with a serverID of
"tlsproxy" instead of "smtpd", wasting an opportunity for
session reuse. File: tlsproxy/tlsproxy.c.
missing lookup table entry and terminator, causing
proxymap server segfault when postscreen(8) or verify(8)
attempted to access their cache via the proxymap server.
This could never have worked anyway, because the Postfix
2.8 proxymap protocol does not support cache cleanup. File
util/dict.c.
the Postfix client sqlite
quoting routine returned the unquoted result instead of the
quoted text. The opportunities for misuse are limited,
because Postfix sqlite files are usually owned by root, and
Postfix daemons usually run with non-root privileges so
they can't corrupt the database. Problem reported by Rob
McGee (rob0). File: global/dict_sqlite.c.
the trace service did not
distinguish between notifications for a non-bounce or a
bounce message. This code pre-dates DSN support and should
have been updated when it was re-purposed to handle DSN
SUCCESS notifications. Problem reported by Sabahattin
Gucukoglu. File: bounce/bounce_trace_service.c.
- use latest VDA patch (2.8.5)
-------------------------------------------------------------------
Wed Jan 25 15:12:38 UTC 2012 - varkoly@suse.com
- bnc#743369 - yast2 mail module does not open the firewall
- Set MD5DIR in SuSEconfig.postfix to avoid warnings
-------------------------------------------------------------------
Tue Jan 17 11:14:30 UTC 2012 - varkoly@suse.com
- bnc738693 - upgrade from 11.4 enables mysql service for systemd
-------------------------------------------------------------------
Thu Jan 12 12:18:17 UTC 2012 - varkoly@suse.com
- Add postmap rebuild script to systemv init script too
-------------------------------------------------------------------
Wed Jan 11 14:21:21 UTC 2012 - varkoly@suse.com
- bnc#738900 - cyrus-imapd not receiving mail from postfix
-------------------------------------------------------------------
Tue Dec 13 14:50:45 UTC 2011 - varkoly@suse.com
- Move the post map rebuild script into the start script
-------------------------------------------------------------------
Tue Dec 6 11:04:12 UTC 2011 - varkoly@suse.com
- Fix the last change in %post
-------------------------------------------------------------------
Fri Dec 2 06:44:28 UTC 2011 - varkoly@suse.com
- bnc#728308 - warning output after update the postfix package
-------------------------------------------------------------------
Wed Nov 9 20:05:38 UTC 2011 - varkoly@suse.com
- update to 2.8.7
Bugfixes:
smtpd(8) did not sanitize newline characters in cleanup(8)
REJECT messages, causing them to be sent out via SMTP as bare newline characters.
smtpd(8) sent multi-line responses from a before-queue content filter as text with
bare <LF> instead of <CR><LF>.
Workaround: postscreen sent non-compliant SMTP responses (220- followed by 421)
when it could not give a connection to a real smtpd process, causing some
remote SMTP clients to bounce mail.
-------------------------------------------------------------------
Thu Nov 3 15:56:23 UTC 2011 - varkoly@suse.com
- Use the systemd macros in the spec file
-------------------------------------------------------------------
Fri Oct 14 16:43:02 CEST 2011 - mhrusecky@suse.cz
- only fix files that exists in %post
-------------------------------------------------------------------
Sun Oct 9 04:30:54 UTC 2011 - crrodriguez@opensuse.org
- Use SSL_MODE_RELEASE_BUFFERS if available, see
SSL_CTX_set_mode man page and
http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
for the full details.
-------------------------------------------------------------------
Tue Sep 6 14:49:47 UTC 2011 - chris@computersalat.de
- update to 2.8.5
* Bugfix: allow for Milters that send an SMTP server reply
without RFC 3463 enhanced status code. Reported by Vladimir
Vassiliev. File: milter/milter8.c.
-------------------------------------------------------------------
Mon Aug 22 09:31:02 UTC 2011 - varkoly@novell.com
- bnc#684304 - server:mail/postfix: Bugs in SuSEconfig chroot setup script
- Aplly SASL_SOCKET_DIR patch
-------------------------------------------------------------------
Thu Aug 18 09:32:04 UTC 2011 - varkoly@novell.com
- Move SuSEconfig.postfix into /usr/sbin/
(FATE#311272: Do not rewrite postfix.cf via SuSEconfig)
SuSEconfig.postfix will be executed only once after installation
automaticaly. Afterwards only you can start it manually or via
yast2 mail module.
-------------------------------------------------------------------
Fri Aug 12 16:40:40 UTC 2011 - werner@suse.de
- Just the first strep forward to systemd, please test out
/etc/postfix/system/update_chroot
/etc/postfix/system/wait_qmgr
/etc/postfix/system/cond_slp
and
/lib/systemd/system/postfix.service
and also fill out the missing description.
-------------------------------------------------------------------
Tue Aug 9 11:03:55 UTC 2011 - chris@computersalat.de
- rework SuSE patch
* add missing SASL stuff in rc.postfix
-------------------------------------------------------------------
Mon Jul 25 09:08:14 UTC 2011 - chris@computersalat.de
- when chrooted and using SASL
o mount -o bind SASL_SOCKET_DIR into postfix CHROOT
-------------------------------------------------------------------
Mon Jul 11 17:22:19 UTC 2011 - chris@computersalat.de
- update to 2.8.4
o Linux kernel version 3 support.
for more info see ChangeLog
-------------------------------------------------------------------
Wed Jul 6 13:11:07 UTC 2011 - varkoly@novell.com
- bnc#686436 - postfix bounces messages with improper use of 8-bit data in message body
- Apply patch
-------------------------------------------------------------------
Fri Jul 1 12:35:59 UTC 2011 - chris@computersalat.de
- rework master.cf patch
o fix receive_override_options line
- rework SuSE patch
o sysconfig: remove POSTFIX_WITH_POP_BEFORE_SMTP
o SuSEconfig: fix receive_override_options line
-------------------------------------------------------------------
Thu Jun 30 20:15:40 UTC 2011 - chris@computersalat.de
- replace vda patch
o 2.8.1 -> 2.8.3
- fix files doc
o remove 'doc auxiliary'
instead cp to pf_docdir
-------------------------------------------------------------------
Sat May 28 04:22:22 UTC 2011 - varkoly@novell.com
- fix spec for building on all repos
-------------------------------------------------------------------
Tue May 24 10:24:51 UTC 2011 - varkoly@novell.com
- bnc#679187 - suseconfig/postfix: missing dependency
-------------------------------------------------------------------
Tue May 17 22:31:46 UTC 2011 - chris@computersalat.de
- fix master.cf
o fix missing
- amavis unix - - n - 4 smtp
- localhost:10025 inet n - n - - smtpd
o add master.cf patch
- rework patches
o main.cf (add two missing sasl vars)
o postfix-SuSE (SuSEconfig, cleanup those vars,...)
-------------------------------------------------------------------
Sun May 15 14:16:03 UTC 2011 - chris@computersalat.de
- rework TLS stuff
o reworked main.cf patch
o added postfix-SuSE patch
o added post-install patch
Editing /etc/postfix/master.cf, adding missing entry for tlsmgr service
add only if it really does not exist
- removed Author from description
- updated vda patch
o vda-2.7.1 > vda-v10-2.8.1
- fix build for SLE_10
o no fdupes ;)
-------------------------------------------------------------------
Wed May 11 08:23:56 UTC 2011 - varkoly@novell.com
- remove document paths from postfix-files to avoid error messages
when postfix-doc is not installed
-------------------------------------------------------------------
Tue May 10 09:20:23 UTC 2011 - varkoly@novell.com
- update to 2.8.3 - VUL-0: postfix memory corruption
-------------------------------------------------------------------
Sun Apr 10 07:00:18 UTC 2011 - varkoly@novell.com
- bnc#641271 - postfix-2.7.1: init script cannot properly stop
multi-instance configurations
- update to 2.8.2 * DNSBL/DNSWL: o Support for address patterns in DNS blacklist and whitelist lookup results. o The Postfix SMTP server now supports DNS-based whitelisting with several safety features * Support for read-only sqlite database access. * Alias expansion: o Postfix now reports a temporary delivery error when the result of virtual alias expansion would exceed the virtual_alias_recursion_limit or virtual_alias_expansion_limit. o To avoid repeated delivery to mailing lists with pathological nested alias configurations, the local(8) delivery agent now keeps the owner-alias attribute of a parent alias, when delivering mail to a child alias that does not have its own owner alias. * The Postfix SMTP client no longer appends the local domain when looking up a DNS name without ".". * The SMTP server now supports contact information that is appended to "reject" responses: smtpd_reject_footer * Postfix by default no longer adds a "To: undisclosed-recipients:;" header when no recipient specified in the message header. * tls support: o The Postfix SMTP server now always re-computes the SASL mechanism list after successful completion of the STARTTLS command. o The smtpd_starttls_timeout default value is now stress-dependent. o Postfix no longer appends the system-supplied default CA certificates to the lists specified with *_tls_CAfile or with *_tls_CApath. * New feature: Prototype postscreen(8) server that runs a number of time-consuming checks in parallel for all incoming SMTP connections, before clients are allowed to talk to a real Postfix SMTP server. It detects clients that start talking too soon, or clients that appear OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=62
2011-03-31 00:00:52 +02:00
-------------------------------------------------------------------
Wed Mar 30 21:21:16 UTC 2011 - varkoly@novell.com
- update to 2.8.2
* DNSBL/DNSWL:
o Support for address patterns in DNS blacklist and whitelist lookup results.
o The Postfix SMTP server now supports DNS-based whitelisting with several safety features
* Support for read-only sqlite database access.
* Alias expansion:
o Postfix now reports a temporary delivery error when the result
of virtual alias expansion would exceed the virtual_alias_recursion_limit
or virtual_alias_expansion_limit.
o To avoid repeated delivery to mailing lists with pathological
nested alias configurations, the local(8) delivery agent now keeps
the owner-alias attribute of a parent alias, when delivering mail
to a child alias that does not have its own owner alias.
* The Postfix SMTP client no longer appends the local domain when
looking up a DNS name without ".".
* The SMTP server now supports contact information that is appended
to "reject" responses: smtpd_reject_footer
* Postfix by default no longer adds a "To: undisclosed-recipients:;"
header when no recipient specified in the message header.
* tls support:
o The Postfix SMTP server now always re-computes the SASL mechanism
list after successful completion of the STARTTLS command.
o The smtpd_starttls_timeout default value is now stress-dependent.
o Postfix no longer appends the system-supplied default CA certificates
to the lists specified with *_tls_CAfile or with *_tls_CApath.
* New feature: Prototype postscreen(8) server that runs a number
of time-consuming checks in parallel for all incoming SMTP connections,
before clients are allowed to talk to a real Postfix SMTP server.
It detects clients that start talking too soon, or clients that appear
on DNS blocklists, or clients that hang up without sending any command.
-------------------------------------------------------------------
Thu Feb 10 11:43:28 UTC 2011 - varkoly@novell.com
- bnc#667299 - Postfix LICENSE not marked as documentation
-------------------------------------------------------------------
Mon Jan 17 09:56:32 UTC 2011 - chris@computersalat.de
- add some min LDAP support for virtual LDAP-users
o sysconfig "WITH_LDAP"
o add ldap_aliases.cf
o SuSEconfig.postfix
virtual_alias_maps = ... ldap:/etc/postfix/ldap_aliases.cf
-------------------------------------------------------------------
Tue Jan 4 12:14:06 UTC 2011 - chris@computersalat.de
- update to 2.7.2
* Bugfix (introduced Postfix 2.2): Postfix no longer appends
the system default CA certificates to the lists specified
with *_tls_CAfile or with *_tls_CApath. This prevents
third-party certificates from getting mail relay permission
with the permit_tls_all_clientcerts feature. Unfortunately
this may cause compatibility problems with configurations
that rely on certificate verification for other purposes.
To get the old behavior, specify "tls_append_default_CA =
yes". Files: tls/tls_certkey.c, tls/tls_misc.c,
global/mail_params.h. proto/postconf.proto, mantools/postlink.
* Compatibility with Postfix < 2.3: fix 20061207 was incomplete
(undoing the change to bounce instead of defer after
pipe-to-command delivery fails with a signal). Fix by Thomas
Arnett. File: global/pipe_command.c.
* Bugfix: the milter_header_checks parser provided only the
actions that change the message flow (reject, filter,
discard, redirect) but disabled the non-flow actions (warn,
replace, prepend, ignore, dunno, ok). File:
cleanup/cleanup_milter.c.
* Performance: fix for poor smtpd_proxy_filter TCP performance
over loopback (127.0.0.1) connections. Problem reported by
Mark Martinec. Files: smtpd/smtpd_proxy.c.
* Cleanup: don't apply reject_rhsbl_helo to non-domain forms
such as network addresses. This would cause false positives
with dbl.spamhaus.org. File: smtpd/smtpd_check.c.
* Bugfix: the "421" reply after Milter error was overruled
by Postfix 1.1 code that replied with "503" for RFC 2821
compliance. We now make an exception for "final" replies,
as permitted by RFC. Solution by Victor Duchovni. File:
smtpd/smtpd.c.
-------------------------------------------------------------------
Sat Dec 11 19:50:25 UTC 2010 - chris@computersalat.de
- update vda patch
o remove 2.6.1-vda-ng.patch
o remove 2.6.1-vda-ng-64bit.patch
o add vda-2.7.1.patch
- rework main.cf.patch
o remove 2.2.9-main.cf.patch
o add 2.7.1-main.cf.patch
-------------------------------------------------------------------
Tue Dec 7 22:02:56 UTC 2010 - coolo@novell.com
- prereq init scripts network and syslog
-------------------------------------------------------------------
Thu Aug 12 18:57:14 UTC 2010 - varkoly@novell.com
- Remove obsolate postscripts
- bnc#625657 - SuSEconfig.postfix and smtp_use_tls
- bnc#622873 - postfix doesn't start if ipv6 is disabled
-------------------------------------------------------------------
Tue Jul 6 15:04:30 UTC 2010 - chris@computersalat.de
- reworked bnc#606251 stuff (not checked in to Factory)
o used my_print_defaults command for parsing of /etc/my.cnf
o using quotation marks: "$PF_CHROOT"
o added sysconfig option POSTFIX_MYSQL_CONN=(socket,tcp)
-------------------------------------------------------------------
Wed Jun 16 23:39:09 UTC 2010 - chris@computersalat.de
- bnc#606251 - postfix chrooted mysql.sock lost on mysql restart
o Now MYSQL_SOCK_DIR is mounted with '-o bind' to postfix CHROOT
-------------------------------------------------------------------
Thu Jun 10 10:55:54 UTC 2010 - varkoly@novell.com
- update to 2.7.1
* Bugfix (introduced Postfix 2.6) in the XFORWARD implementation,
which sends remote SMTP client attributes through SMTP-based content filters.
The Postfix SMTP client did not skip "unknown" SMTP client attributes,
causing a syntax error when sending an "unknown" client PORT attribute.
* Robustness: skip LDAP queries with non-ASCII search strings, instead of failing with a database lookup error.
* Safety: Postfix processes now log a warning when a matchlist has
a #comment at the end of a line (for example mynetworks or relay_domains).
* Portability: OpenSSL 1.0.0 changes the priority of anonymous cyphers.
* Portability: Berkeley DB 5.x is now supported.
-------------------------------------------------------------------
Thu May 20 17:08:26 UTC 2010 - chris@computersalat.de
- fix obviously lost POSTFIX_MYHOSTNAME in SuSEconfig.postfix
-------------------------------------------------------------------
Wed Apr 7 12:39:16 UTC 2010 - varkoly@novell.com
- New file check_mail_queue. This script checks if there are some
mails in the queue and starts postfix if necessary. After delivering
the mails postfix will be stoped.
-------------------------------------------------------------------
Thu Apr 1 10:28:09 UTC 2010 - varkoly@novell.com
- bnc#559145 - Changed Domain name not reflected when sending mail
First /var/run/dhcp-hostname will be evaluated
- Now POSTFIX_SMTP_TLS_CLIENT is ternary : no yes must
- update to 2.7.0 * performance [Feature 20100101] Periodic cache cleanup for the verify(8) cache database. The time between cache cleanup runs is controlled with the address_verify_cache_cleanup_interval (default: 12h) parameter. Cache cleanup increases the database access latency, so this should not be run more often than necessary. [Feature 20091109] Improved before-queue filter performance. With "smtpd_proxy_options = speed_adjust", the Postfix SMTP server receives the entire message before it connects to a before-queue content filter. This means you can run more SMTP server processes with the same number of running content filter processes, and thus, handle more mail. This feature is off by default until it is proven to create no new problems. This addresses a concern of people in Europe who want to reject all bad mail with a before-queue filter. The alternative, an after-queue filter, means they would have to discard bad mail (which is illegal) or bounce bad mail (which violates good network citizenship). NOTE 1: When this feature is turned on, a filter cannot selectively reject recipients of a multi-recipient message. It is OK to reject all recipients of the same multi-recipient message, as is deferring or accepting all recipients of the same multi-recipient message. NOTE 2: This feature increases the minimum amount of free queue space by $message_size_limit. The extra space is needed to save the message to a temporary file. To keep the performance overhead low, the same temporary file is reused with successive mail transactions (the file is of course truncated before reuse, so there is no information leakage). * sender reputation [Feature 20100117] The FILTER action in access maps or header/body_checks now supports sender reputation schemes that dynamically choose the SMTP source IP address. Typically, mail is split into classes, and all mail in class X is sent out from an SMTP client IP address that is reserved for class X. This is implemented by specifying FILTER actions with empty next-hop destinations in access maps or header/body_checks, and by configuring in master.cf one Postfix SMTP client for each SMTP source IP address, where each client has its own "-o myhostname" and "-o smtp_bind_address" settings. [Feature 20091209] sender_dependent_default_transport_maps, a per-sender override for default_transport. The original motivation is to use different output channels (with different source IP addresses) for different sender addresses, in order to keep their IP-based reputations separate from each other. The result value syntax is that of default_transport, not transport_maps. Thus, sender_dependent_default_transport_maps does not support the special transport_maps result value syntax for null transport, null nexthop, or null email address. This feature makes sender_dependent_relayhost_maps pretty much redundant (though sender_dependent_relayhost_maps will often be easier to use because that is the only thing people want to override). * address verification [Incompat 20100101] The verify(8) service now uses a persistent cache by default (address_verify_map = btree:$data_directory/verify_cache). To disable, specify "address_verify_map =" in main.cf. When periodic cache cleanup is enabled (the default), the verify(8) server now requires that the cache database supports the "delete" and "sequence" operations. To disable periodic cache cleanup specify a zero address_verify_cache_cleanup_interval value. [Feature 20100101] Periodic cache cleanup for the verify(8) cache database. The time between cache cleanup runs is controlled with the address_verify_cache_cleanup_interval (default: 12h) parameter. Cache cleanup increases the database access latency, so this should not be run more often than necessary. * content filter [Incompat 20100117] The meaning of an empty filter next-hop destination has changed (for example, "content_filter = foo:" or "FILTER foo:"). Postfix now uses the recipient domain, instead of using $myhostname as in Postfix 2.6 and earlier. To restore the old behavior specify "default_filter_nexthop = $myhostname", or specify a non-empty next-hop content filter destination. This compatibility option is not needed with SMTP-based content filters, because these always have an explicit next-hop destination. With pipe-based filters that specify no next-hop destination, the compatibility option restores the FIFO order of deliveries. Without the compatibility option, the delivery order for filters without next-hop destination changes to round-robin domain selection. [Feature 20100117] The FILTER action in access maps or header/body_checks now supports sender reputation schemes that dynamically choose the SMTP source IP address. Typically, mail is split into classes, and all mail in class X is sent out from an SMTP client IP address that is reserved for class X. This is implemented by specifying FILTER actions with empty next-hop destinations in access maps or header/body_checks, and by configuring in master.cf one Postfix SMTP client for each SMTP source IP address, where each client has its own "-o myhostname" and "-o smtp_bind_address" settings. [Feature 20091109] Improved before-queue filter performance. With "smtpd_proxy_options = speed_adjust", the Postfix SMTP server receives the entire message before it connects to a before-queue content filter. This means you can run more SMTP server processes with the same number of running content filter processes, and thus, handle more mail. This feature is off by default until it is proven to create no new problems. This addresses a concern of people in Europe who want to reject all bad mail with a before-queue filter. The alternative, an after-queue filter, means they would have to discard bad mail (which is illegal) or bounce bad mail (which violates good network citizenship). NOTE 1: When this feature is turned on, a filter cannot selectively reject recipients of a multi-recipient message. It is OK to reject all recipients of the same multi-recipient message, as is deferring or accepting all recipients of the same multi-recipient message. NOTE 2: This feature increases the minimum amount of free queue space by $message_size_limit. The extra space is needed to save the message to a temporary file. To keep the performance overhead low, the same temporary file is reused with successive mail transactions (the file is of course truncated before reuse, so there is no information leakage). * milter [Feature 20090606] Support for header checks on Milter-generated message headers. This can be used, for example, to control mail flow with Milter-generated headers that carry indicators for badness or goodness. For details, see the postconf(5) section for "milter_header_checks". Currently, all header_checks features are implemented except PREPEND. * multi-instance support [Incompat 20090606] The "postmulti -e destroy" command no longer attempts to remove files that are created AFTER "postmulti -e create". It still works as expected immediately after creating an instance by mistake. Trying to automatically remove other files is too risky because Postfix-owned directories are by design not trusted. OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=33
2010-02-28 19:47:06 +01:00
-------------------------------------------------------------------
Sun Feb 28 18:38:18 UTC 2010 - varkoly@novell.com
- update to 2.7.0
* performance
- Periodic cache cleanup for the verify(8) cache database.
- Improved before-queue filter performance.
- update to 2.7.0 * performance [Feature 20100101] Periodic cache cleanup for the verify(8) cache database. The time between cache cleanup runs is controlled with the address_verify_cache_cleanup_interval (default: 12h) parameter. Cache cleanup increases the database access latency, so this should not be run more often than necessary. [Feature 20091109] Improved before-queue filter performance. With "smtpd_proxy_options = speed_adjust", the Postfix SMTP server receives the entire message before it connects to a before-queue content filter. This means you can run more SMTP server processes with the same number of running content filter processes, and thus, handle more mail. This feature is off by default until it is proven to create no new problems. This addresses a concern of people in Europe who want to reject all bad mail with a before-queue filter. The alternative, an after-queue filter, means they would have to discard bad mail (which is illegal) or bounce bad mail (which violates good network citizenship). NOTE 1: When this feature is turned on, a filter cannot selectively reject recipients of a multi-recipient message. It is OK to reject all recipients of the same multi-recipient message, as is deferring or accepting all recipients of the same multi-recipient message. NOTE 2: This feature increases the minimum amount of free queue space by $message_size_limit. The extra space is needed to save the message to a temporary file. To keep the performance overhead low, the same temporary file is reused with successive mail transactions (the file is of course truncated before reuse, so there is no information leakage). * sender reputation [Feature 20100117] The FILTER action in access maps or header/body_checks now supports sender reputation schemes that dynamically choose the SMTP source IP address. Typically, mail is split into classes, and all mail in class X is sent out from an SMTP client IP address that is reserved for class X. This is implemented by specifying FILTER actions with empty next-hop destinations in access maps or header/body_checks, and by configuring in master.cf one Postfix SMTP client for each SMTP source IP address, where each client has its own "-o myhostname" and "-o smtp_bind_address" settings. [Feature 20091209] sender_dependent_default_transport_maps, a per-sender override for default_transport. The original motivation is to use different output channels (with different source IP addresses) for different sender addresses, in order to keep their IP-based reputations separate from each other. The result value syntax is that of default_transport, not transport_maps. Thus, sender_dependent_default_transport_maps does not support the special transport_maps result value syntax for null transport, null nexthop, or null email address. This feature makes sender_dependent_relayhost_maps pretty much redundant (though sender_dependent_relayhost_maps will often be easier to use because that is the only thing people want to override). * address verification [Incompat 20100101] The verify(8) service now uses a persistent cache by default (address_verify_map = btree:$data_directory/verify_cache). To disable, specify "address_verify_map =" in main.cf. When periodic cache cleanup is enabled (the default), the verify(8) server now requires that the cache database supports the "delete" and "sequence" operations. To disable periodic cache cleanup specify a zero address_verify_cache_cleanup_interval value. [Feature 20100101] Periodic cache cleanup for the verify(8) cache database. The time between cache cleanup runs is controlled with the address_verify_cache_cleanup_interval (default: 12h) parameter. Cache cleanup increases the database access latency, so this should not be run more often than necessary. * content filter [Incompat 20100117] The meaning of an empty filter next-hop destination has changed (for example, "content_filter = foo:" or "FILTER foo:"). Postfix now uses the recipient domain, instead of using $myhostname as in Postfix 2.6 and earlier. To restore the old behavior specify "default_filter_nexthop = $myhostname", or specify a non-empty next-hop content filter destination. This compatibility option is not needed with SMTP-based content filters, because these always have an explicit next-hop destination. With pipe-based filters that specify no next-hop destination, the compatibility option restores the FIFO order of deliveries. Without the compatibility option, the delivery order for filters without next-hop destination changes to round-robin domain selection. [Feature 20100117] The FILTER action in access maps or header/body_checks now supports sender reputation schemes that dynamically choose the SMTP source IP address. Typically, mail is split into classes, and all mail in class X is sent out from an SMTP client IP address that is reserved for class X. This is implemented by specifying FILTER actions with empty next-hop destinations in access maps or header/body_checks, and by configuring in master.cf one Postfix SMTP client for each SMTP source IP address, where each client has its own "-o myhostname" and "-o smtp_bind_address" settings. [Feature 20091109] Improved before-queue filter performance. With "smtpd_proxy_options = speed_adjust", the Postfix SMTP server receives the entire message before it connects to a before-queue content filter. This means you can run more SMTP server processes with the same number of running content filter processes, and thus, handle more mail. This feature is off by default until it is proven to create no new problems. This addresses a concern of people in Europe who want to reject all bad mail with a before-queue filter. The alternative, an after-queue filter, means they would have to discard bad mail (which is illegal) or bounce bad mail (which violates good network citizenship). NOTE 1: When this feature is turned on, a filter cannot selectively reject recipients of a multi-recipient message. It is OK to reject all recipients of the same multi-recipient message, as is deferring or accepting all recipients of the same multi-recipient message. NOTE 2: This feature increases the minimum amount of free queue space by $message_size_limit. The extra space is needed to save the message to a temporary file. To keep the performance overhead low, the same temporary file is reused with successive mail transactions (the file is of course truncated before reuse, so there is no information leakage). * milter [Feature 20090606] Support for header checks on Milter-generated message headers. This can be used, for example, to control mail flow with Milter-generated headers that carry indicators for badness or goodness. For details, see the postconf(5) section for "milter_header_checks". Currently, all header_checks features are implemented except PREPEND. * multi-instance support [Incompat 20090606] The "postmulti -e destroy" command no longer attempts to remove files that are created AFTER "postmulti -e create". It still works as expected immediately after creating an instance by mistake. Trying to automatically remove other files is too risky because Postfix-owned directories are by design not trusted. OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=33
2010-02-28 19:47:06 +01:00
* sender reputation
- The FILTER action in access maps or header/body_checks now supports sender
reputation schemes that dynamically choose the SMTP source IP address.
- update to 2.7.0 * performance [Feature 20100101] Periodic cache cleanup for the verify(8) cache database. The time between cache cleanup runs is controlled with the address_verify_cache_cleanup_interval (default: 12h) parameter. Cache cleanup increases the database access latency, so this should not be run more often than necessary. [Feature 20091109] Improved before-queue filter performance. With "smtpd_proxy_options = speed_adjust", the Postfix SMTP server receives the entire message before it connects to a before-queue content filter. This means you can run more SMTP server processes with the same number of running content filter processes, and thus, handle more mail. This feature is off by default until it is proven to create no new problems. This addresses a concern of people in Europe who want to reject all bad mail with a before-queue filter. The alternative, an after-queue filter, means they would have to discard bad mail (which is illegal) or bounce bad mail (which violates good network citizenship). NOTE 1: When this feature is turned on, a filter cannot selectively reject recipients of a multi-recipient message. It is OK to reject all recipients of the same multi-recipient message, as is deferring or accepting all recipients of the same multi-recipient message. NOTE 2: This feature increases the minimum amount of free queue space by $message_size_limit. The extra space is needed to save the message to a temporary file. To keep the performance overhead low, the same temporary file is reused with successive mail transactions (the file is of course truncated before reuse, so there is no information leakage). * sender reputation [Feature 20100117] The FILTER action in access maps or header/body_checks now supports sender reputation schemes that dynamically choose the SMTP source IP address. Typically, mail is split into classes, and all mail in class X is sent out from an SMTP client IP address that is reserved for class X. This is implemented by specifying FILTER actions with empty next-hop destinations in access maps or header/body_checks, and by configuring in master.cf one Postfix SMTP client for each SMTP source IP address, where each client has its own "-o myhostname" and "-o smtp_bind_address" settings. [Feature 20091209] sender_dependent_default_transport_maps, a per-sender override for default_transport. The original motivation is to use different output channels (with different source IP addresses) for different sender addresses, in order to keep their IP-based reputations separate from each other. The result value syntax is that of default_transport, not transport_maps. Thus, sender_dependent_default_transport_maps does not support the special transport_maps result value syntax for null transport, null nexthop, or null email address. This feature makes sender_dependent_relayhost_maps pretty much redundant (though sender_dependent_relayhost_maps will often be easier to use because that is the only thing people want to override). * address verification [Incompat 20100101] The verify(8) service now uses a persistent cache by default (address_verify_map = btree:$data_directory/verify_cache). To disable, specify "address_verify_map =" in main.cf. When periodic cache cleanup is enabled (the default), the verify(8) server now requires that the cache database supports the "delete" and "sequence" operations. To disable periodic cache cleanup specify a zero address_verify_cache_cleanup_interval value. [Feature 20100101] Periodic cache cleanup for the verify(8) cache database. The time between cache cleanup runs is controlled with the address_verify_cache_cleanup_interval (default: 12h) parameter. Cache cleanup increases the database access latency, so this should not be run more often than necessary. * content filter [Incompat 20100117] The meaning of an empty filter next-hop destination has changed (for example, "content_filter = foo:" or "FILTER foo:"). Postfix now uses the recipient domain, instead of using $myhostname as in Postfix 2.6 and earlier. To restore the old behavior specify "default_filter_nexthop = $myhostname", or specify a non-empty next-hop content filter destination. This compatibility option is not needed with SMTP-based content filters, because these always have an explicit next-hop destination. With pipe-based filters that specify no next-hop destination, the compatibility option restores the FIFO order of deliveries. Without the compatibility option, the delivery order for filters without next-hop destination changes to round-robin domain selection. [Feature 20100117] The FILTER action in access maps or header/body_checks now supports sender reputation schemes that dynamically choose the SMTP source IP address. Typically, mail is split into classes, and all mail in class X is sent out from an SMTP client IP address that is reserved for class X. This is implemented by specifying FILTER actions with empty next-hop destinations in access maps or header/body_checks, and by configuring in master.cf one Postfix SMTP client for each SMTP source IP address, where each client has its own "-o myhostname" and "-o smtp_bind_address" settings. [Feature 20091109] Improved before-queue filter performance. With "smtpd_proxy_options = speed_adjust", the Postfix SMTP server receives the entire message before it connects to a before-queue content filter. This means you can run more SMTP server processes with the same number of running content filter processes, and thus, handle more mail. This feature is off by default until it is proven to create no new problems. This addresses a concern of people in Europe who want to reject all bad mail with a before-queue filter. The alternative, an after-queue filter, means they would have to discard bad mail (which is illegal) or bounce bad mail (which violates good network citizenship). NOTE 1: When this feature is turned on, a filter cannot selectively reject recipients of a multi-recipient message. It is OK to reject all recipients of the same multi-recipient message, as is deferring or accepting all recipients of the same multi-recipient message. NOTE 2: This feature increases the minimum amount of free queue space by $message_size_limit. The extra space is needed to save the message to a temporary file. To keep the performance overhead low, the same temporary file is reused with successive mail transactions (the file is of course truncated before reuse, so there is no information leakage). * milter [Feature 20090606] Support for header checks on Milter-generated message headers. This can be used, for example, to control mail flow with Milter-generated headers that carry indicators for badness or goodness. For details, see the postconf(5) section for "milter_header_checks". Currently, all header_checks features are implemented except PREPEND. * multi-instance support [Incompat 20090606] The "postmulti -e destroy" command no longer attempts to remove files that are created AFTER "postmulti -e create". It still works as expected immediately after creating an instance by mistake. Trying to automatically remove other files is too risky because Postfix-owned directories are by design not trusted. OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=33
2010-02-28 19:47:06 +01:00
* address verification
- The verify(8) service now uses a persistent cache by default.
- update to 2.7.0 * performance [Feature 20100101] Periodic cache cleanup for the verify(8) cache database. The time between cache cleanup runs is controlled with the address_verify_cache_cleanup_interval (default: 12h) parameter. Cache cleanup increases the database access latency, so this should not be run more often than necessary. [Feature 20091109] Improved before-queue filter performance. With "smtpd_proxy_options = speed_adjust", the Postfix SMTP server receives the entire message before it connects to a before-queue content filter. This means you can run more SMTP server processes with the same number of running content filter processes, and thus, handle more mail. This feature is off by default until it is proven to create no new problems. This addresses a concern of people in Europe who want to reject all bad mail with a before-queue filter. The alternative, an after-queue filter, means they would have to discard bad mail (which is illegal) or bounce bad mail (which violates good network citizenship). NOTE 1: When this feature is turned on, a filter cannot selectively reject recipients of a multi-recipient message. It is OK to reject all recipients of the same multi-recipient message, as is deferring or accepting all recipients of the same multi-recipient message. NOTE 2: This feature increases the minimum amount of free queue space by $message_size_limit. The extra space is needed to save the message to a temporary file. To keep the performance overhead low, the same temporary file is reused with successive mail transactions (the file is of course truncated before reuse, so there is no information leakage). * sender reputation [Feature 20100117] The FILTER action in access maps or header/body_checks now supports sender reputation schemes that dynamically choose the SMTP source IP address. Typically, mail is split into classes, and all mail in class X is sent out from an SMTP client IP address that is reserved for class X. This is implemented by specifying FILTER actions with empty next-hop destinations in access maps or header/body_checks, and by configuring in master.cf one Postfix SMTP client for each SMTP source IP address, where each client has its own "-o myhostname" and "-o smtp_bind_address" settings. [Feature 20091209] sender_dependent_default_transport_maps, a per-sender override for default_transport. The original motivation is to use different output channels (with different source IP addresses) for different sender addresses, in order to keep their IP-based reputations separate from each other. The result value syntax is that of default_transport, not transport_maps. Thus, sender_dependent_default_transport_maps does not support the special transport_maps result value syntax for null transport, null nexthop, or null email address. This feature makes sender_dependent_relayhost_maps pretty much redundant (though sender_dependent_relayhost_maps will often be easier to use because that is the only thing people want to override). * address verification [Incompat 20100101] The verify(8) service now uses a persistent cache by default (address_verify_map = btree:$data_directory/verify_cache). To disable, specify "address_verify_map =" in main.cf. When periodic cache cleanup is enabled (the default), the verify(8) server now requires that the cache database supports the "delete" and "sequence" operations. To disable periodic cache cleanup specify a zero address_verify_cache_cleanup_interval value. [Feature 20100101] Periodic cache cleanup for the verify(8) cache database. The time between cache cleanup runs is controlled with the address_verify_cache_cleanup_interval (default: 12h) parameter. Cache cleanup increases the database access latency, so this should not be run more often than necessary. * content filter [Incompat 20100117] The meaning of an empty filter next-hop destination has changed (for example, "content_filter = foo:" or "FILTER foo:"). Postfix now uses the recipient domain, instead of using $myhostname as in Postfix 2.6 and earlier. To restore the old behavior specify "default_filter_nexthop = $myhostname", or specify a non-empty next-hop content filter destination. This compatibility option is not needed with SMTP-based content filters, because these always have an explicit next-hop destination. With pipe-based filters that specify no next-hop destination, the compatibility option restores the FIFO order of deliveries. Without the compatibility option, the delivery order for filters without next-hop destination changes to round-robin domain selection. [Feature 20100117] The FILTER action in access maps or header/body_checks now supports sender reputation schemes that dynamically choose the SMTP source IP address. Typically, mail is split into classes, and all mail in class X is sent out from an SMTP client IP address that is reserved for class X. This is implemented by specifying FILTER actions with empty next-hop destinations in access maps or header/body_checks, and by configuring in master.cf one Postfix SMTP client for each SMTP source IP address, where each client has its own "-o myhostname" and "-o smtp_bind_address" settings. [Feature 20091109] Improved before-queue filter performance. With "smtpd_proxy_options = speed_adjust", the Postfix SMTP server receives the entire message before it connects to a before-queue content filter. This means you can run more SMTP server processes with the same number of running content filter processes, and thus, handle more mail. This feature is off by default until it is proven to create no new problems. This addresses a concern of people in Europe who want to reject all bad mail with a before-queue filter. The alternative, an after-queue filter, means they would have to discard bad mail (which is illegal) or bounce bad mail (which violates good network citizenship). NOTE 1: When this feature is turned on, a filter cannot selectively reject recipients of a multi-recipient message. It is OK to reject all recipients of the same multi-recipient message, as is deferring or accepting all recipients of the same multi-recipient message. NOTE 2: This feature increases the minimum amount of free queue space by $message_size_limit. The extra space is needed to save the message to a temporary file. To keep the performance overhead low, the same temporary file is reused with successive mail transactions (the file is of course truncated before reuse, so there is no information leakage). * milter [Feature 20090606] Support for header checks on Milter-generated message headers. This can be used, for example, to control mail flow with Milter-generated headers that carry indicators for badness or goodness. For details, see the postconf(5) section for "milter_header_checks". Currently, all header_checks features are implemented except PREPEND. * multi-instance support [Incompat 20090606] The "postmulti -e destroy" command no longer attempts to remove files that are created AFTER "postmulti -e create". It still works as expected immediately after creating an instance by mistake. Trying to automatically remove other files is too risky because Postfix-owned directories are by design not trusted. OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=33
2010-02-28 19:47:06 +01:00
* content filter
- The meaning of an empty filter next-hop destination has changed.
- The FILTER action in access maps or header/body_checks now supports sender
reputation schemes that dynamically choose the SMTP source IP address.
- update to 2.7.0 * performance [Feature 20100101] Periodic cache cleanup for the verify(8) cache database. The time between cache cleanup runs is controlled with the address_verify_cache_cleanup_interval (default: 12h) parameter. Cache cleanup increases the database access latency, so this should not be run more often than necessary. [Feature 20091109] Improved before-queue filter performance. With "smtpd_proxy_options = speed_adjust", the Postfix SMTP server receives the entire message before it connects to a before-queue content filter. This means you can run more SMTP server processes with the same number of running content filter processes, and thus, handle more mail. This feature is off by default until it is proven to create no new problems. This addresses a concern of people in Europe who want to reject all bad mail with a before-queue filter. The alternative, an after-queue filter, means they would have to discard bad mail (which is illegal) or bounce bad mail (which violates good network citizenship). NOTE 1: When this feature is turned on, a filter cannot selectively reject recipients of a multi-recipient message. It is OK to reject all recipients of the same multi-recipient message, as is deferring or accepting all recipients of the same multi-recipient message. NOTE 2: This feature increases the minimum amount of free queue space by $message_size_limit. The extra space is needed to save the message to a temporary file. To keep the performance overhead low, the same temporary file is reused with successive mail transactions (the file is of course truncated before reuse, so there is no information leakage). * sender reputation [Feature 20100117] The FILTER action in access maps or header/body_checks now supports sender reputation schemes that dynamically choose the SMTP source IP address. Typically, mail is split into classes, and all mail in class X is sent out from an SMTP client IP address that is reserved for class X. This is implemented by specifying FILTER actions with empty next-hop destinations in access maps or header/body_checks, and by configuring in master.cf one Postfix SMTP client for each SMTP source IP address, where each client has its own "-o myhostname" and "-o smtp_bind_address" settings. [Feature 20091209] sender_dependent_default_transport_maps, a per-sender override for default_transport. The original motivation is to use different output channels (with different source IP addresses) for different sender addresses, in order to keep their IP-based reputations separate from each other. The result value syntax is that of default_transport, not transport_maps. Thus, sender_dependent_default_transport_maps does not support the special transport_maps result value syntax for null transport, null nexthop, or null email address. This feature makes sender_dependent_relayhost_maps pretty much redundant (though sender_dependent_relayhost_maps will often be easier to use because that is the only thing people want to override). * address verification [Incompat 20100101] The verify(8) service now uses a persistent cache by default (address_verify_map = btree:$data_directory/verify_cache). To disable, specify "address_verify_map =" in main.cf. When periodic cache cleanup is enabled (the default), the verify(8) server now requires that the cache database supports the "delete" and "sequence" operations. To disable periodic cache cleanup specify a zero address_verify_cache_cleanup_interval value. [Feature 20100101] Periodic cache cleanup for the verify(8) cache database. The time between cache cleanup runs is controlled with the address_verify_cache_cleanup_interval (default: 12h) parameter. Cache cleanup increases the database access latency, so this should not be run more often than necessary. * content filter [Incompat 20100117] The meaning of an empty filter next-hop destination has changed (for example, "content_filter = foo:" or "FILTER foo:"). Postfix now uses the recipient domain, instead of using $myhostname as in Postfix 2.6 and earlier. To restore the old behavior specify "default_filter_nexthop = $myhostname", or specify a non-empty next-hop content filter destination. This compatibility option is not needed with SMTP-based content filters, because these always have an explicit next-hop destination. With pipe-based filters that specify no next-hop destination, the compatibility option restores the FIFO order of deliveries. Without the compatibility option, the delivery order for filters without next-hop destination changes to round-robin domain selection. [Feature 20100117] The FILTER action in access maps or header/body_checks now supports sender reputation schemes that dynamically choose the SMTP source IP address. Typically, mail is split into classes, and all mail in class X is sent out from an SMTP client IP address that is reserved for class X. This is implemented by specifying FILTER actions with empty next-hop destinations in access maps or header/body_checks, and by configuring in master.cf one Postfix SMTP client for each SMTP source IP address, where each client has its own "-o myhostname" and "-o smtp_bind_address" settings. [Feature 20091109] Improved before-queue filter performance. With "smtpd_proxy_options = speed_adjust", the Postfix SMTP server receives the entire message before it connects to a before-queue content filter. This means you can run more SMTP server processes with the same number of running content filter processes, and thus, handle more mail. This feature is off by default until it is proven to create no new problems. This addresses a concern of people in Europe who want to reject all bad mail with a before-queue filter. The alternative, an after-queue filter, means they would have to discard bad mail (which is illegal) or bounce bad mail (which violates good network citizenship). NOTE 1: When this feature is turned on, a filter cannot selectively reject recipients of a multi-recipient message. It is OK to reject all recipients of the same multi-recipient message, as is deferring or accepting all recipients of the same multi-recipient message. NOTE 2: This feature increases the minimum amount of free queue space by $message_size_limit. The extra space is needed to save the message to a temporary file. To keep the performance overhead low, the same temporary file is reused with successive mail transactions (the file is of course truncated before reuse, so there is no information leakage). * milter [Feature 20090606] Support for header checks on Milter-generated message headers. This can be used, for example, to control mail flow with Milter-generated headers that carry indicators for badness or goodness. For details, see the postconf(5) section for "milter_header_checks". Currently, all header_checks features are implemented except PREPEND. * multi-instance support [Incompat 20090606] The "postmulti -e destroy" command no longer attempts to remove files that are created AFTER "postmulti -e create". It still works as expected immediately after creating an instance by mistake. Trying to automatically remove other files is too risky because Postfix-owned directories are by design not trusted. OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=33
2010-02-28 19:47:06 +01:00
* milter
- Support for header checks on Milter-generated message headers.
Please read /usr/share/doc/packages/postfix/RELEASE_NOTES for details.
-------------------------------------------------------------------
Thu Feb 11 15:16:13 UTC 2010 - coolo@novell.com
- revert the change to PreReq openldap-devel, this increases the
default installation several MBs
-------------------------------------------------------------------
Tue Feb 2 15:45:26 UTC 2010 - varkoly@novell.com
- bnc#567569 - Postfix: move ldap support to a separate package
- bnc#557239 - postfix delivers mail to user's home instead of /var/spool/mail
-------------------------------------------------------------------
Tue Jan 5 23:28:12 UTC 2010 - chris@computersalat.de
- rpmlint fixes
o init-script-undefined-dependency $network-remotefs
- fix for SuSEconfig.postfix
o if use_amavis eq "yes"
then content_filter "amavis:[127.0.0.1]:10024]" is defined,
so removed "-o content_filter=smtp:[127.0.0.1]:10024" for smtp
- s#ldconfig#/sbin/ldconfig#
-------------------------------------------------------------------
Tue Dec 22 16:15:00 CEST 2009 - freespacer@gmx.de
- Add support for dovecot as MDA to SuSEconfig.
-------------------------------------------------------------------
Wed Dec 16 10:45:14 CET 2009 - jengelh@medozas.de
- Package documentation as noarch
-------------------------------------------------------------------
Tue Dec 10 13:15:15 CET 2009 - varkoly@suse.de
- Remove postfixs update script. This does not work now.
-------------------------------------------------------------------
Tue Dec 8 19:15:15 CET 2009 - varkoly@suse.de
- Fix the %post section add missed %{fillup_only -an mail}
-------------------------------------------------------------------
Mon Nov 16 17:14:39 CET 2009 - varkoly@suse.de
- bnc#555814 VUL-0: SMTPD_LISTEN_REMOTE="yes" by default
- bnc#555732 - Invalid $(hostname -i) usage SuSEconfig.postfix
- bnc#547928 Postfix does not start during boot process
- Avoid append relay multiple times in POSTFIX_MAP_LIST
-------------------------------------------------------------------
Mon Oct 26 14:36:55 CET 2009 - varkoly@suse.de
- bnc#549612 SuSEconfig.postfix
-------------------------------------------------------------------
Mon Sep 28 09:22:54 CEST 2009 - varkoly@suse.de
- bnc#540538 postfix-2.6.1-10.1 installs new files in /etc/postfix and does not generate <file>.db
- bnc#519438 - Postfix: Running chrooted lets qmgr loosing his syslog-socket
- remove obsolate version tests from SuSEconfig.postfix
-------------------------------------------------------------------
Mon Sep 28 08:24:43 CEST 2009 - varkoly@suse.de
- bnc#525825 - when using cyrus in a chroot environment Suseconfig does not
create socket /var/lib/imap/socket/lmtp
-------------------------------------------------------------------
Mon Sep 14 11:34:41 UTC 2009 - chris@computersalat.de
- spec
o fdupes if >= 1100
-------------------------------------------------------------------
Thu Sep 10 21:22:46 CEST 2009 - chris@computersalat.de
- update to 2.6.1
o merge home:varkoly:Factory and o:F
- spec mods
o use of getent
- rpmlint
o remove unneeded dists from examples/chroot-setup/
o postin-without-ldconfig
o files-duplicate /usr/share/doc/packages/postfix-doc/html/
o files-duplicate /usr/share/man/man?
-------------------------------------------------------------------
Mon Apr 13 18:21:14 UTC 2009 - chris@computersalat.de
- added VDA patch
o Mailbox / Maildir size limit, known also as "soft quota",
to avoid user take all you disk space
o Customizable "limit" message when the soft quota limit is reached.
NOTE: message is sent to senders, but NOT to the owner of the mailbox.
o Limit only 'INBOX', because some people use IMAP and don't want
the same limit in IMAP folder that are differents from INBOX.
o Support for 'Courier' style Maildir, usefull for people that
use courier as pop3/imap server and to get fast soft quota summary.
Note that it is also compatible with qmail maildir per default.
o Supports for Courier 'maildirsize' file in Maildir folder that
is used to read quotas quickly. Note that this option is not
actived per default and can be dangerous on some NFS client
implementation
(like for example Solaris that cache some filesystem operations).
o Customisable suffix for Maildir support, when share same external
dict between postfix and pop3/imap server sometime "Maildir/" suffix
is needed to avoid extra database handling (eg LDAP, MySQL...).
- some improvements of SuSEconfig.postfix
o POSTFIX_LISTEN: Comma separated list of IP's
o POSTFIX_INET_PROTO: ipv4, ipv6, all
o POSTFIX_MYHOSTNAME: define SMTPs FQHOSTNAME
o POSTFIX_WITH_MYSQL: when using MySQL as backend
o POSTFIX_BASIC_SPAM_PREVENTION: "custom"
you can now define your own rules
- POSTFIX_SMTPD_CLIENT_RESTRICTIONS
- POSTFIX_SMTPD_HELO_RESTRICTIONS
- POSTFIX_SMTPD_SENDER_RESTRICTIONS
- POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS
- added helo_access for helo checks
- added relay for relaying domain
- added MySQL stuff when using MySQL as backend (virtuser)
o you should consider postfixAdmin as mgmnt interface
o when runninng postfix chrooted:
you have to run SUSEconfig each time when you have restarted MySQL
because of linking mysql.sock
-------------------------------------------------------------------
Sun Mar 29 15:18:52 CEST 2009 - varkoly@suse.de
- bnc#439287 - not all POSTFIX_ADD_* values are properly handled
by SuSEconfig.postfix
- bnc#483208 - Postfix configuration trashed after update
- bnc#488268 - SuSEconfig.postfix chroot setup misses /etc/ssl/certs
-------------------------------------------------------------------
Mon Jan 12 11:12:16 CET 2009 - varkoly@suse.de
- bnc#465165 - postfix src package
-------------------------------------------------------------------
Fri Jan 9 17:43:53 CET 2009 - varkoly@suse.de
- bnc#464869 - SuSEconfig.postfix causes DNS lookup
- bnc#460442 - amavisd-new and Postfix need fqdn-hostname in "uname -n"
-------------------------------------------------------------------
Mon Jan 5 13:54:11 CET 2009 - varkoly@suse.de
- update to 2.5.6
- The SMTP server did not ask for a client certificate
with "smtpd_tls_req_ccert = yes". Reported by Rob Foehl.
- Avoid reduced TCP performance when reusing an SMTP connection
with a larger than 4096-byte TCP MSS value. In practice, this
could happen only with loopback (localhost) connections.
-------------------------------------------------------------------
Sun Nov 16 12:16:03 CET 2008 - varkoly@suse.de
- (bnc#442456) - chrooted postfix and saslauthd
-------------------------------------------------------------------
Tue Nov 4 15:24:41 CET 2008 - ro@suse.de
- fix build
-------------------------------------------------------------------
Tue Nov 4 15:15:03 CET 2008 - varkoly@suse.de
- upgrade must not be executed during installation
-------------------------------------------------------------------
Tue Oct 14 11:16:21 CEST 2008 - varkoly@suse.de
- (bnc#403976) - permissions on /var/lib/postfix changed
- (bnc#433916) - postfix should be splitted into postfix and postfix-doc
-------------------------------------------------------------------
Thu Sep 11 14:34:22 CEST 2008 - varkoly@suse.de
- (bnc#415216) - Postfix RPM Install Displays Multiple Warnings
- clean up spec file
-------------------------------------------------------------------
Tue Sep 9 09:57:35 CEST 2008 - varkoly@suse.de
- Update to Version 2.5 patchlevel 5
* Bugfix (introduced Postfix 2.4): epoll file descriptor leak.
With Postfix >= 2.4 on Linux >= 2.6, Postfix has an epoll
file descriptor leak when it executes non-Postfix commands
in, for example, user-controlled $HOME/.forward files.
* Security: some systems have changed their link() semantics,
and will hardlink a symlink, contrary to POSIX and XPG4.
Sebastian Krahmer, SuSE. File: util/safe_open.c.
The solution introduces the following incompatible change:
when the target of mail delivery is a symlink, the parent
directory of that symlink must now be writable by root only
(in addition to the already existing requirement that the
symlink itself is owned by root). This change will break
legitimate configurations that deliver mail to a symbolic
link in a directory with less restrictive permissions.
* Bugfix: dangling pointer in vstring_sprintf_prepend().
File: util/vstring.c.
-------------------------------------------------------------------
Mon Aug 25 18:45:03 CEST 2008 - mt@suse.de
- init script: copy LSB *-Start tags to *-Stop
- spec file: removed obsolete rc.config update hooks
-------------------------------------------------------------------
Wed Aug 6 13:33:01 CEST 2008 - varkoly@suse.de
- (bnc#414959) postfix doesn't have any "Name: " tag in firewall definition
- (bnc#405900) SuSEconfig.postfix changes owner and permissions of
/tmp if smtpd_tls_CApath is not set
- Update to Version 2.5 patchlevel 3
* Cleanup of code
* defer delivery when a mailbox file is not owned by the recipient.
Requested by Sebastian Krahmer, SuSE.
Specify "strict_mailbox_ownership=no" to ignore ownership discrepancies.
* Bugfix: null-terminate CN comment string after sanitization.
* Bugfix (introduced Postfix 2.0): after "warn_if_reject
reject_unlisted_recipient/sender", the SMTP server mistakenly
remembered that recipient/sender validation was already done.
-------------------------------------------------------------------
Wed Jul 9 15:07:46 CEST 2008 - varkoly@suse.de
- (fate#305005) Enable SMTPS in postfix ootb
-------------------------------------------------------------------
Tue Jun 17 12:27:10 CEST 2008 - varkoly@suse.de
- (bnc#396985) sending of NUL character disallowed by RFC2822
- (bnc#397127) without relay is silent about undeliverable mails
-------------------------------------------------------------------
Tue May 13 18:17:09 CEST 2008 - varkoly@suse.de
- (bnc#389670) - postfix generates invalid config
-------------------------------------------------------------------
Tue Apr 1 16:17:31 CEST 2008 - mkoenig@suse.de
- remove dir /usr/share/omc/svcinfo.d as it is provided now
by filesystem
-------------------------------------------------------------------
Tue Feb 26 09:59:43 CET 2008 - varkoly@suse.de
- Update to Version 2.5 patchlevel 1
Changes: The Postfix 2.5 "postfix upgrade-configuration" command
now works even with Postfix 2.4 or earlier versions of the
postfix command. When installing Postfix 2.5.0 without upgrading
from an existing master.cf file, the new master.cf file had an
incorrect process limit for the proxywrite service. This service
is used only by the obscure "smtp_sasl_auth_cache_name" and
"lmtp_sasl_auth_cache_name" configuration parameters. Someone
needed multi-line support for header/body Milter replies. The
LDAP client's TLS support was broken in several ways.
-------------------------------------------------------------------
Wed Feb 13 14:58:52 CET 2008 - varkoly@suse.de
- #360572 - postfix %post script leaves lots of backup files in /etc/postfix/
-------------------------------------------------------------------
Wed Jan 30 12:20:53 CET 2008 - varkoly@suse.de
- Update to Version 2.5 patchlevel 0
Major changes - critical
------------------------
[Incompat 20071224] The protocol to send Milter information from
smtpd(8) to cleanup(8) processes was cleaned up. If you use the
Milter feature, and upgrade a live Postfix system, you may see an
"unexpected record type" warning from a cleanup(8) server process.
To prevent this, execute the command "postfix reload". The
incompatibility affects only systems that use the Milter feature.
It does not cause loss of mail, just a minor delay until the remote
SMTP client retries.
[Incompat 20071212] The allow_min_user feature now applies to both
sender and recipient addresses in SMTP commands. With earlier Postfix
versions, only recipients were subject to the allow_min_user feature,
and the restriction took effect at mail delivery time, causing mail
to be bounced later instead of being rejected immediately.
[Incompat 20071206] The "make install" and "make upgrade" procedures
now create a Postfix-owned directory for Postfix-writable data files
such as caches and random numbers. The location is specified with
the "data_directory" parameter (default: "/var/lib/postfix"), and
the ownership is specified with the "mail_owner" parameter.
[Incompat 20071206] The tlsmgr(8) and verify(8) servers no longer
use root privileges when opening the address_verify_map,
*_tls_session_cache_database, and tls_random_exchange_name cache
files. This avoids a potential security loophole where the ownership
of a file (or directory) does not match the trust level of the
content of that file (or directory).
[Incompat 20071206] The tlsmgr(8) and verify(8) cache files should
now be stored as Postfix-owned files under the Postfix-owned
data_directory. As a migration aid, attempts to open these files
under a non-Postfix directory are redirected to the Postfix-owned
data_directory, and a warning is logged.
This is an example of the warning messages:
Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: request
to update file /etc/postfix/prng_exch in non-postfix directory
/etc/postfix
Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: redirecting
the request to postfix-owned data_directory /var/lib/postfix
If you wish to continue using a pre-existing tls_random_exchange_name
or address_verify_map file, move it to the Postfix-owned data_directory
and change ownership from root to Postfix (that is, change ownership
to the account specified with the mail_owner configuration parameter).
[Feature 20071205] The "make install" and "make upgrade" procedures
now create a Postfix-owned directory for Postfix-writable data files
such as caches and random numbers. The location is specified with
the "data_directory" parameter (default: "/var/lib/postfix"), and
the ownership is specified with the "mail_owner" parameter.
[Incompat 20071203] The "make upgrade" procedure adds a new service
"proxywrite" to the master.cf file, for read/write lookup table
access. If you copy your old configuration file over the updated
one, you may see warnings in the maillog file like this:
connect #xx to subsystem private/proxywrite: No such file or directory
To recover, run "postfix upgrade-configuration" again.
[Incompat 20070613] The pipe(8) delivery agent no longer allows
delivery with the same group ID as the main.cf postdrop group.
Major changes - malware defense
-------------------------------
[Feature 20080107] New "pass" service type in master.cf. Written
years ago, this allows future front-end daemons to accept all
connections from the network, and to hand over connections from
well-behaved clients to Postfix. Since this feature uses file
descriptor passing, it imposes no overhead once a connection is
handed over to Postfix. See master(5) for a few details.
[Feature 20070911] Stress-adaptive behavior. When a "public" network
service runs into an "all processes are busy" condition, the master(8)
daemon logs a warning, restarts the service, and runs it with "-o
stress=yes" on the command line (under normal conditions it runs
the service with "-o stress=" on the command line). This can be
used to make main.cf parameter settings stress dependent, for
example:
/etc/postfix/main.cf:
smtpd_timeout = ${stress?10}${stress:300}
smtpd_hard_error_limit = ${stress?1}${stress:20}
Translation: under conditions of stress, use an smtpd_timeout value
of 10 seconds instead of 300, and use smtpd_hard_error_limit of 1
instead of 20. The syntax is explained in the postconf(5) manpage.
The STRESS_README file gives examples of how to mitigate flooding
problems.
Major changes - tls support
---------------------------
[Incompat 20080109] TLS logging output has changed to make it more
useful. Existing logfile parser regular expressions may need
adjustment.
- More log entries include the "hostnamename[ipaddress]" of the
remote SMTP peer.
- Certificate trust chain error reports show only the first
error certificate (closest to the trust chain root), and the
reporting is more human-readable for the most likely errors.
- After the completion of the TLS handshake, the session is logged
with TLS loglevel >= 1 as either "Untrusted", "Trusted" or
"Verified" (SMTP client only).
- "Untrusted" means that the certificate trust chain is invalid,
or that the root CA is not trusted.
- "Trusted" means that the certificate trust chain is valid, and
that the root CA is trusted.
- "Verified" means that the certificate meets the SMTP client's
matching criteria for the destination:
- In the case of a destination name match, "Verified" also
implies "Trusted".
- In the case of a fingerprint match, CA trust is not applicable.
- The logging of protocol states with TLS loglevel >= 2 no longer
reports bogus error conditions when OpenSSL asks Postfix to refill
(or flush) network I/O buffers. This loglevel is for debugging
only; use 0 or 1 in production configurations.
[Feature 20080109] The Postfix SMTP client has a new "fingerprint"
security level. This avoids dependencies on CAs, and relies entirely
on bi-lateral exchange of public keys (really self-signed or private
CA signed X.509 public key certificates). Scalability is clearly
limited. For details, see the fingerprint discussion in TLS_README.
[Feature 20080109] The Postfix SMTP server can now use SHA1 instead
of MD5 to compute remote SMTP client certificate fingerprints. For
backwards compatibility, the default algorithm is MD5. For details,
see the "smtpd_tls_fingerprint_digest" parameter in the postconf(5)
manual.
[Feature 20080109] The maximum certificate trust chain depth
(verifydepth) is finally implemented in the Postfix TLS library.
Previously, the parameter had no effect. The default depth was
changed to 9 (the OpenSSL default) for backwards compatibility.
If you have explicity limited the verification depth in main.cf,
check that the configured limit meets your needs. See the
"lmtp_tls_scert_verifydepth", "smtp_tls_scert_verifydepth" and
"smtpd_tls_ccert_verifydepth" parameters in the postconf(5) manual.
[Feature 20080109] The selection of SSL/TLS protocols for mandatory
TLS can now use exclusion rather than inclusion. Either form is
acceptable; see the "lmtp_tls_mandatory_protocols",
"smtp_tls_mandatory_protocols" and "smtpd_tls_mandatory_protocols"
parameters in the postconf(5) manual.
Major changes - scheduler
-------------------------
[Feature 20071130] Revised queue manager with separate mechanisms
for per-destination concurrency control and for dead destination
detection. The concurrency control supports less-than-1 feedback
to allow for more gradual concurrency adjustments, and uses hysteresis
to avoid rapid oscillations. A destination is declared "dead" after
a configurable number of pseudo-cohorts(*) reports connection or
handshake failure.
(*) A pseudo-cohort is a number of delivery requests equal to a
destination's delivery concurrency.
The drawbacks of the old +/-1 feedback scheduler are a) overshoot
due to exponential delivery concurrency growth with each pseudo-cohort(*)
(5-10-20...); b) throttling down to zero concurrency after a single
pseudo-cohort(*) failure. The latter was especially an issue with
low-concurrency channels where a single failure could be sufficient
to mark a destination as "dead", and suspend further deliveries.
New configuration parameters: destination_concurrency_feedback_debug,
default_destination_concurrency_positive_feedback,
default_destination_concurrency_negative_feedback,
default_destination_concurrency_failed_cohort_limit, as well as
transport-specific versions of the same.
The default parameter settings are backwards compatible with older
Postfix versions. This may change after better defaults are field
tested.
The updated SCHEDULER_README document describes the theory behind
the new concurrency scheduler, as well as Patrik Rak's preemptive
job scheduler. See postconf(5) for more extensive descriptions of
the configuration parameters.
Major changes - small/home office
---------------------------------
[Feature 20080115] Preliminary SOHO_README document that combines
bits and pieces from other document in one place, so that it is
easier to find. This document describes the "mail sending" side
only.
[Feature 20071202] Output rate control in the queue manager. For
example, specify "smtp_destination_rate_delay = 5m", to pause five
minutes between message deliveries. More information in the postconf(5)
manual under "default_destination_rate_delay".
Major changes - smtp client
---------------------------
[Incompat 20080114] The Postfix SMTP client now by default defers
mail after a remote SMTP server rejects a SASL authentication
attempt. Specify "smtp_sasl_auth_soft_bounce = no" for the old
behavior.
[Feature 20080114] The Postfix SMTP client can now avoid making
repeated SASL login failures with the same server, username and
password. To enable this safety feature, specify for example
"smtp_sasl_auth_cache_name = proxy:btree:/var/lib/postfix/sasl_auth_cache"
(access through the proxy service is required). Instead of trying
to SASL authenticate, the Postfix SMTP client defers or bounces
mail as controlled with the new smtp_sasl_auth_soft_bounce configuration
parameter.
[Feature 20071111] Header/body checks are now available in the SMTP
client, after the implementation was moved from the cleanup server
to a library module. The SMTP client provides only actions that
don't change the message delivery time or destination: warn, replace,
prepend, ignore, dunno, ok.
[Incompat 20070614] By default, the Postfix Cyrus SASL client no
longer sends a SASL authoriZation ID (authzid); it sends only the
SASL authentiCation ID (authcid) plus the authcid's password. Specify
"send_cyrus_sasl_authzid = yes" to get the old behavior.
Major changes - smtp server
---------------------------
[Feature 20070724] Not really major. New support for RFC 3848
(Received: headers with ESMTPS, ESMTPA, or ESMTPSA); updated SASL
support according to RFC 4954, resulting in small changes to SMTP
reply codes and (DSN) enhanced status codes.
Major changes - milter
----------------------
[Incompat 20071224] The protocol to send Milter information from
smtpd(8) to cleanup(8) processes was cleaned up. If you use the
Milter feature, and upgrade a live Postfix system, you may see an
"unexpected record type" warning from a cleanup(8) server process.
To prevent this, execute the command "postfix reload". The
incompatibility affects only systems that use the Milter feature.
It does not cause loss of mail, just a minor delay until the remote
SMTP client retries.
[Feature 20071221] Support for most of the Sendmail 8.14 Milter
protocol features.
To enable the new features specify "milter_protocol = 6" and link
the filter application with a libmilter library from Sendmail 8.14
or later.
Sendmail 8.14 Milter features supported at this time:
- NR_CONN, NR_HELO, NR_MAIL, NR_RCPT, NR_DATA, NR_UNKN, NR_HDR,
NR_EOH, NR_BODY: The filter can tell Postfix that it won't reply
to some of the SMTP events that Postfix sends. This makes the
protocol less chatty and improves performance.
- SKIP: The filter can tell Postfix to skip sending the rest of
the message body, which also improves performance.
- HDR_LEADSPC: The filter can request that Postfix does not delete
the first space character between header name and header value
when sending a header to the filter, and that Postfix does not
insert a space character between header name and header value
when receiving a header from the filter. This fixes a limitation
in the old Milter protocol that can break DKIM and DK signatures.
- SETSYMLIST: The filter can override one or more of the main.cf
milter_xxx_macros parameter settings.
Sendmail 8.14 Milter features not supported at this time:
- RCPT_REJ: report rejected recipients to the mail filter.
- CHGFROM: replace sender, with optional ESMTP command parameters.
- ADDRCPT_PAR: add recipient, with optional ESMTP command parameters.
It is unclear when (if ever) the missing features will be implemented.
SMFIP_RCPT_REJ requires invasive changes in the SMTP server recipient
processing and error handling. SMFIR_CHGFROM and SMFIR_ADDRCPT_PAR
require ESMTP command-line parsing in the cleanup server. Unfortunately,
Sendmail's documentation does not specify what ESMTP options are
supported, but only discusses examples of things that don't work.
Major changes - address verification
------------------------------------
[Incompat 20070514] The default sender address for address verification
probes was changed from "postmaster" to "double-bounce", so that
the Postfix SMTP server no longer causes surprising behavior by
excluding "postmaster" from SMTP server access controls.
Major changes - ldap
--------------------
[Incompat 20071216] Due to an incompatible API change between
OpenLDAP 2.0.11 and 2.0.12, an LDAP client compiled for OpenLDAP
version <= 2.0.11 will refuse to work with an OpenLDAP library
version >= 2.0.12 and vice versa.
Major changes - logging
-----------------------
[Incompat 20080109] TLS logging output has changed to make it more
useful. Existing logfile parser regular expressions may need
adjustment.
- More log entries include the "hostnamename[ipaddress]" of the
remote SMTP peer.
- Certificate trust chain error reports show only the first
error certificate (closest to the trust chain root), and the
reporting is more human-readable for the most likely errors.
- After the completion of the TLS handshake, the session is logged
with TLS loglevel >= 1 as either "Untrusted", "Trusted" or
"Verified" (SMTP client only).
- "Untrusted" means that the certificate trust chain is invalid,
or that the root CA is not trusted.
- "Trusted" means that the certificate trust chain is valid, and
that the root CA is trusted.
- "Verified" means that the certificate meets the SMTP client's
matching criteria for the destination:
- In the case of a destination name match, "Verified" also
implies "Trusted".
- In the case of a fingerprint match, CA trust is not applicable.
- The logging of protocol states with TLS loglevel >= 2 no longer
reports bogus error conditions when OpenSSL asks Postfix to refill
(or flush) network I/O buffers. This loglevel is for debugging
only; use 0 or 1 in production configurations.
[Incompat 20071216] The SMTP "transcript of session" email now
includes the remote SMTP server TCP port number.
Major changes - loop detection
------------------------------
[Incompat 20070422] [Incompat 20070422] When the pipe(8) delivery
agent is configured to create the optional Delivered-To: header,
it now first checks if that same header is already present in the
message. If so, the message is returned as undeliverable. This test
should have been included with Postfix 2.0 when Delivered-To: support
was added to the pipe(8) delivery agent.
-------------------------------------------------------------------
Tue Jan 8 10:00:12 CET 2008 - varkoly@suse.de
- Remove previous fix
-------------------------------------------------------------------
Sun Dec 30 19:58:02 CET 2007 - varkoly@suse.de
- #301335 - [SuSEconfig]: Postfix module uses stderr
-------------------------------------------------------------------
Tue Dec 4 09:02:19 CET 2007 - varkoly@suse.de
- Update to Version 2.4 patchlevel 6
Bugfix (introduced Postfix 2.2.11): TLS client certificate
with unparsable canonical name caused the SMTP server's
policy client to allocate zero-length memory, triggering
an assertion that it shouldn't do such things. File:
smtpd/smtpd_check.c.
Bugfix (introduced Postfix 2.4) missing initialization of
event mask in the event_mask_drain() routine (used by the
obsolete postkick(1) command). Found by Coverity. File:
util/events.c.
Workaround: the flush daemon forces an access time update
for the per-destination logfile, to prevent an excessive
rate of delivery attempts when the queue file system is
mounted with "noatime". File: flush/flush.c.
- #330276 /sbin/conf.d/SuSEconfig.postfix could copy certs into smtpd_tls_CApath
-------------------------------------------------------------------
Mon Oct 22 17:38:19 CEST 2007 - sbrabec@suse.cz
- Use correct SuSEfirewall2 rule directory.
-------------------------------------------------------------------
Wed Oct 17 11:52:01 CEST 2007 - varkoly@suse.de
- #333629 - saslauthd typo in SuSEconfig.postfix
-------------------------------------------------------------------
Mon Oct 8 12:37:39 CEST 2007 - varkoly@suse.de
- #331044 - Postfix uses receive_override_options in main.cf
-------------------------------------------------------------------
Sun Sep 9 17:42:27 CEST 2007 - varkoly@suse.de
- fix the last fix
-------------------------------------------------------------------
Tue Sep 4 00:38:58 CEST 2007 - cthiel@suse.de
- fix the last fix
-------------------------------------------------------------------
Mon Sep 3 12:37:43 CEST 2007 - varkoly@suse.de
- Fixing bug: #297622 - SMTPD_LISTEN_REMOTE has no effect
-------------------------------------------------------------------
Mon Aug 6 00:26:31 CEST 2007 - mrueckert@suse.de
- Update to Version 2.4 patchlevel 5
Bugfix: the loopback TCP performance workaround was ineffective
due to a wetware bit-flip during code cleanup. File:
util/vstream_tweak.c.
(patch level 4)
Bugfix: the Milter client assumed that a Milter application
does not modify the message header or envelope, after that
same Milter application has modified the message body of
that same email message. This is not a problem with updates
by different Milter applications. Problem was triggered
by Jose-Marcio Martins da Cruz. Also simplified the handling
of queue file update errors. File: milter/milter8.c.
Workaround: some non-Cyrus SASL SMTP servers require SASL
login without authzid (authoriZation ID), i.e. the client
must send only the authcid (authentiCation ID) + the authcid's
password. In this case the server is supposed to derive
the authzid from the authcid. This works as expected when
authenticating to a Cyrus SASL SMTP server. To get the old
behavior specify "send_cyrus_sasl_authzid = yes", in which
case Postfix sends the (authzid, authcid, password), with
the authzid equal to the authcid. File: xsasl/xsasl_cyrus_client.c.
Portability: /dev/poll support for Solaris chroot jail setup
scripts. Files: examples/chroot-setup/Solaris8,
examples/chroot-setup/Solaris10.
Cleanup: Milter client error handling, so that the (Postfix
SMTP server's Milter client) does not get out of sync with
Milter applications after the (cleanup server's Milter
client) encounters some non-recoverable problem. Files:
milter/milter8.c, smtpd/smtpd.c.
Performance: workaround for poor TCP performance on loopback
(127.0.0.1) connections. Problem reported by Mark Martinec.
Files: util/vstream_tweak.c, milter/milter8.c, smtp/smtp_connect.c,
smtpstone/*source.c.
Bugfix: when a milter replied with ACCEPT at or before the
first RCPT command, the cleanup server would apply the
non_smtpd_milters setting as if the message was a local
submission. Problem reported by Jukka Salmi. Also, the
cleanup server would get out of sync with the milter when
a milter replied with ACCEPT at the DATA command. Files:
cleanup/cleanup_envelope.c, smtpd/smtpd.c, milter/milters.c.
- rediffed patches
-------------------------------------------------------------------
Tue Jul 31 18:21:11 CEST 2007 - varkoly@suse.de
- Update to Version 2.4 patchlevel 3
(patch level 1)
Bugfix (introduced Postfix 2.3): segfault with HOLD action
in access/header_checks/body_checks on 64-bit platforms.
File: cleanup/cleanup_api.c.
Portability (introduced 20070325): the fix for hardlinks
and symlinks in postfix-install forgot to work around shells
where "IFS=/ command" makes the IFS setting permanent. This
is allowed by some broken standard, and affects Solaris.
File: postfix-install.
Portability (introduced 20070212): the workaround for
non-existent library bugs with descriptors >= FD_SETSIZE
broke with "fcntl F_DUPFD: Invalid argument" on 64-bit
Solaris. Files: master/multi_server.c, *qmgr/qmgr_transport.c.
Cleanup: on (Linux) platforms that cripple signal handlers
with deadlock, "postfix stop" now forcefully stops all the
processes in the master's process group, not just the master
process alone. File: conf/postfix-script.
(patch level 2)
Bugfix: don't falsely report "lost connection from
localhost[127.0.0.1]" when Postfix is being portscanned.
Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.
Robustness: recommend a "0" process limit for policy servers
to avoid "connection refused" problems when the smtpd process
limit exceeds the default process limit. File:
proto/SMTPD_POLICY_README.html.
Safety: when IPv6 (or IPv4) is turned off, don't treat an
IPv6 (or IPv4) connection from e.g. inetd as if it comes
from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c,
qmqpd/qmqpd_peer.c.
Bugfix: Content-Transfer-Encoding: attribute values are
case insensitive. File: src/cleanup/cleanup_message.c.
Bugfix: mailbox_transport(_maps) and fallback_transport(_maps)
were broken when used with the error(8) or discard(8)
transports. Cause: insufficient documentation. Files:
error/error.c, discard/discard.c.
Bugfix (problem introduced Postfix 2.3): when DSN support
was introduced it broke "agressive" recipient duplicate
elimination with "enable_original_recipient = no". File:
cleanup/cleanup_out_recipient.c.
Bugfix (introduced Postfix 2.3): the sendmail/postdrop
commands would hang when trying to submit a message larger
than the per-message size limit. File: postdrop/postdrop.c.
Sabotage the saboteur who insists on breaking Postfix by
adding gethostbyname() calls that cause maildir delivery
to fail when the machine name is not found in /etc/hosts,
or that cause Postfix processes to hang when the network
is down.
(patch level 3)
Portability: Victor helpfully pointed out that change
20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c,
qmqpd/qmqpd_peer.c.
-------------------------------------------------------------------
Thu Jun 21 08:30:45 CEST 2007 - varkoly@suse.de
- Bug 285553 amavisd inconsistency
-------------------------------------------------------------------
Tue Jun 19 18:55:43 CEST 2007 - dmueller@suse.de
- provide smtp meta-service as well
-------------------------------------------------------------------
Mon Jun 11 21:32:53 CEST 2007 - lrupp@suse.de
- don't PreRequire /sbin/ip: removed call in SuSEconfig.postfix
-------------------------------------------------------------------
Thu May 3 12:09:13 CEST 2007 - varkoly@suse.de
- dynamic_maps.patch: readded the chunk for dict_tcp and dict_pcre
- replaced prereq for postfix with a prereq on
%{name} = %{version}
- updated to postfix 2.4, patchlevel 0
Major changes - safety
* As a safety measure, Postfix now by default creates mailbox dotlock
files on all systems. This prevents problems with GNU POP3D which
subverts kernel locking by creating a new mailbox file and deleting
the old one
Major changes - Milter support
* The support for Milter header modification
requests was revised. With minimal change in the on-disk representation,
the code was greatly simplified, and regression tests were updated
to ensure that old errors were not re-introduced. The queue file
format is entirely backwards compatible with Postfix 2.3.
* Support for Milter requests to replace the message
body. Postfix now implements all the header/body modification
requests that are available with Sendmail 8.13.
* A new field is added to the queue file "size"
record that specifies the message content length. Postfix 2.3 and
older Postfix 2.4 snapshots will ignore this field, and will report
the message size as it was before the body was replaced.
Major changes - TLS support
* The check_smtpd_policy client sends TLS certificate
attributes (client ccert_subject, ccert_issuer) only after successful
client certificate verification. The reason is that the certification
verification status itself is not available in the policy request.
* The check_smtpd_policy client sends TLS certificate
fingerprint information even when the certificate itself was not
verified.
* The remote SMTP client TLS certificate fingerprint
can be used for access control even when the certificate itself was
not verified.
* The format of SMTP server TLS session cache
lookup keys has changed. The lookup key now includes the master.cf
service name.
Major changes - performance
* Better support for systems that run thousands
of Postfix processes. Postfix now supports FreeBSD kqueue(2),
Solaris poll(7d) and Linux epoll(4) as more scalable alternatives
to the traditional select(2) system call, and uses poll(2) when
examining a single file descriptor for readability or writability.
These features are supported on sufficiently recent versions of
FreeBSD, NetBSD, OpenBSD, Solaris and Linux; support for other
systems will be added as evidence becomes available that usable
implementations exist.
Major changes - delivery status notifications
* Small changes were made to the default bounce
message templates, to prevent HTML-aware software from hiding or
removing the text "<postmaster>", and producing misleading text.
* Postfix no longer announces its name in delivery
status notifications. Users believe that Wietse provides a free
help desk service that solves all their email problems.
Major changes - ETRN support
* More precise queue flushing with the ETRN,
"postqueue -s site", and "sendmail -qRsite" commands, after
minimization of race conditions. New per-queue-file flushing with
"postqueue -i queueid" and "sendmail -qIqueueid".
Major changes - small office/home office support
* Postfix no longer requires a domain name. It
uses "localdomain" as the default Internet domain name when no
domain is specified via main.cf or via the machine's hostname.
Major changes - SMTP access control
* The check_smtpd_policy client sends TLS certificate
attributes (client ccert_subject, ccert_issuer) only after successful
client certificate verification. The reason is that the certification
verification status itself is not available in the policy request.
* The check_smtpd_policy client sends TLS certificate
fingerprint information even when the certificate itself was not
verified.
* The remote SMTP client TLS certificate fingerprint can be used for
access control even when the certificate itself was not verified.
* The Postfix installation procedure no longer
updates main.cf with "unknown_local_recipient_reject_code = 450".
Four years after the introduction of mandatory recipient validation,
this transitional tool is no longer neeed.
-------------------------------------------------------------------
Thu Mar 29 14:33:03 CEST 2007 - rguenther@suse.de
- Add pwdutils BuildRequires to allow postinst script to succeed.
- Add /usr/share/omc directory.
-------------------------------------------------------------------
Mon Feb 26 10:32:36 CET 2007 - varkoly@suse.de
- #247351 - postfix - Ports for SuSEfirewall added via packages
- Move postfix.xml into the postfix-SuSE tarball
- #228479 - Postfix is configured for inet_protocols=all if
selecting ipv4 only support during installation.
Now we set both inet_protocols and inet_interfaces to all.
This means the available interfaces and protocols will be used.
To avoid bogus warnings inet_proto.c was patched.
- #251598 - postfix use pointers for literals
-------------------------------------------------------------------
Mon Jan 15 13:14:07 CET 2007 - varkoly@suse.de
- #144104 - postfix does not start
- Implementing Fate #301840: Postfix XML Service Description Document
- Enhancing /etc/sysconfig/postfix descripton to avoid problems
like Bug 228678 - Problems with setting up chroot environment if
/var/spool is not on same filesystem as /var
-------------------------------------------------------------------
Wed Nov 22 03:03:18 CET 2006 - mrueckert@suse.de
- moved the dict handling into a preun script instead of postun
and do not remove the dict entry on upgrade (#223176)
- removed duplicates in the filelists.
-------------------------------------------------------------------
Fri Nov 10 11:43:00 CET 2006 - varkoly@suse.de
- #218229 - Postfix SuSEconfig script increases the max_proc line each run in master.cf
-------------------------------------------------------------------
Sat Oct 28 11:41:50 CEST 2006 - varkoly@suse.de
- #206414 - /usr/lib/sasl2/smtpd.conf misplaced
-------------------------------------------------------------------
Tue Oct 24 22:32:45 CEST 2006 - varkoly@suse.de
- #202119 SuSEconfig script for Postfix incomplete
- #202162 Postfix 2.3.2 slightly incorrect, Cyrus SASL unavailable
- #203174 /sbin/conf.d/SuSEconfig.postfix should configure a TLS session cache for postfix 2.2
- #203575 postfix-2.2.9-10 chokes without scache
- #213589 - No development package/headers for postfix
-------------------------------------------------------------------
Wed Aug 16 01:24:20 CEST 2006 - ro@suse.de
- also add libpostfix-milter.so*
-------------------------------------------------------------------
Mon Aug 14 12:34:37 CEST 2006 - varkoly@suse.de
- updated to postfix 2.3, patchlevel 2
- Major changes
- Name server replies that contain a malformed hostname are now flagged
as permanent errors instead of transient errors.
- DSN support as described in RFC 3461 .. RFC 3464.
- The SMTP client now implements the LMTP protocol.
- Milter (mail filter) application support, compatible with Sendmail
version 8.13.6 and earlier.
- Major changes - SASL authentication
- Plug-in support for SASL authentication in the SMTP server and in the
SMTP/LMTP client.
- The Postfix-with-Cyrus-SASL build procedure has changed.
- Support for sender-dependent ISP accounts.
- Major changes - SMTP client
- The SMTP client now implements the LMTP protocol.
- This version addresses a performance stability problem with remote
SMTP servers.
- Major changes - SMTP server
- The Postfix SMTP server now refuses to receive mail from the network
if it isn't running with postfix mail_owner privileges.
- Optional suppression of remote SMTP client hostname lookup and hostname
verification.
- SMTPD Access control based on the existence of an address->name mapping
- Major changes - TLS
- New concept: TLS security levels ("none", "may", "encrypt", "verify"
or "secure") in the Postfix SMTP client.
- Both the Postfix SMTP client and server can be configured without a
client or server certificate.
- See
/usr/share/doc/packages/postfix/RELEASE_NOTES
/usr/share/doc/packages/postfix/TLS_CHANGES
/usr/share/doc/packages/postfix/README_FILES/SASL_README
for detailed informations.
-------------------------------------------------------------------
Wed Aug 2 16:18:30 CEST 2006 - varkoly@suse.de
- Only %{conf_backup_dir} is contained by the package not /var/adm/backup
-------------------------------------------------------------------
Mon Jul 10 16:21:31 CEST 2006 - varkoly@suse.de
- Bugfix: #190639 Default number of processes for postfix
- Bugfix: #190270 postfix-postgresql
-------------------------------------------------------------------
Fri Jun 2 19:58:38 CEST 2006 - varkoly@suse.de
- Bugfix: #98188 - SuSE.tar.gz filename collision in cyrus/postfix SRPMs
-------------------------------------------------------------------
Mon Apr 24 17:14:40 CEST 2006 - varkoly@suse.de
- Bugfix: #165786 - yast2-mail modul uses obsolate postfix attributes
-------------------------------------------------------------------
Mon Mar 20 10:21:55 CET 2006 - varkoly@suse.de
- updated to postfix 2.2, patchlevel 9.
- Reasons:
Bugfix: the LMTP client would reuse a session after negative
reply to the RSET command (which may happen when client and
server somehow get out of sync).
Bugfix: race condition in the connection caching protocol,
causing the SMTP delivery agent to hang after delivering
mail, while trying to save a connection.
Bugfix: the best_mx_transport, mailbox_transport and
fallback_transport features did not write a per-recipient
defer logfile record when the target delivery agent was
broken.
Bugfix: an EHLO I/O error after STARTTLS would be reported
as a STARTTLS I/O error.
Bugfix: the *SQL, proxy and LDAP maps were not defined in
user-land commands such as postqueue.
Bugfix: the anvil server would terminate after "max_idle"
seconds, even when this was less than the anvil_rate_time_unit
interval.
Portability: 64-bit support for LINUX chroot script by Keith
Owens.
Safety: new "smtp_cname_overrides_servername" parameter.
Bugfix: mailbox_command_maps was not subject to $name
expansion.
Bugfix: don't ignore the per-site policy when SSL library
initialization fails.
Bugfix: a TLS per-site MUST_NOPEERMATCH policy could not
override a stronger main.cf policy, while a per-site NONE
policy could.
Bugfix: a combined TLS per-site (host, recipient) policy
of (NONE, MAY) changed a global MUST policy into NONE, and
a global MUST_NOPEERMATCH into MAY. The result is now NONE.
Problem found by exhaustive simulation.
Bugfix: an empty remote_header_rewrite_domain value caused
trivial-rewrite to dereference a null pointer, but only in
regression tests, not in production. Postfix rewrites
addresses in the remote rewriting context only when the
remote_header_rewrite_domain parameter value is non-empty.
Workaround: a malformed domain name lookup result (such as
null MX record) is now treated as a hard error, so that
Postfix will no longer repeatedly try to deliver mail until
the message expires in the queue. However, this will not
reject mail with reject_unknown_sender/recipient_domain.
That would require too much change for a stable release.
-------------------------------------------------------------------
Fri Jan 27 02:19:42 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Tue Jan 24 09:11:46 CET 2006 - varkoly@suse.de
- Fixing the spec-file
- Bugfix: ID#143682 - Spurious (obsoleted?) configuration variable in postfix's main.cf
-------------------------------------------------------------------
Mon Jan 23 13:00:13 CET 2006 - varkoly@suse.de
- Bugfix: ID#140173 postfix allows relaying on the whole subnet
- Bugfix: ID#144091 postfix doesn't start with the latest kernel
-------------------------------------------------------------------
Fri Jan 20 11:56:24 CET 2006 - varkoly@suse.de
- Bugfix: ID#144091
- Postfix makes an entry in slp servre for smtp & smtps
-------------------------------------------------------------------
Mon Jan 16 14:49:29 CET 2006 - varkoly@suse.de
- removing openldap from "neededforbuild"
-------------------------------------------------------------------
Wed Nov 30 11:11:16 CET 2005 - choeger@suse.de
- updated to postfix 2.2, patchlevel 6
-------------------------------------------------------------------
Tue Oct 11 15:03:56 CEST 2005 - choeger@suse.de
- added patch ldap_api_changes.patch: openldap2.3 enforces to use
"The C LDAP Application Program Interface"
-------------------------------------------------------------------
Mon Aug 15 13:55:32 CEST 2005 - choeger@suse.de
- Bugfix Bugzilla ID#104663 - consistent use of variables in postfix
init-script
- Bugfix Bugzilla ID#104568 - SuSEconfig.postfix doesnt set $PATH properly to
find all binaries.
-------------------------------------------------------------------
Fri Aug 12 10:25:09 CEST 2005 - mmj@suse.de
- Package the /usr/lib/sendmail -> /usr/sbin/sendmail link [#102947]
-------------------------------------------------------------------
Tue Jul 26 11:05:29 CEST 2005 - choeger@suse.de
- Bugfix Bugzilla ID#93884 - package postfix uses -fsigned-char
Remove -fsigned-char option for ppc and s390 archs
-------------------------------------------------------------------
Mon Jul 25 11:52:18 CEST 2005 - choeger@suse.de
- updated to postfix 2.2, patchlevel 5:
- Portability: the connection caching code broke on LP64
systems (inherited from Stevens Network Programming).
Files: util/unix_send_fd.c, util/unix_recv_fd.c. This code
is back-ported from the Postfix 2.3 snapshot release.
- Robustness: the SMTP client now disables connection caching
when it is unable to communicate with the scache(8) server,
instead of looping forever and not delivering mail. File:
global/scache_clnt.c. This code is back-ported from the
Postfix 2.3 snapshot release.
- Portability: after sending a socket, the scache(8) server
now waits for an ACK from the connection cache client before
closing the socket that it just sent. Files: scache/scache.c,
global/scache_clnt.c. This code is back-ported from the
Postfix 2.3 snapshot release.
- Portability: on LP64 systems, integer expressions are int,
but sizeof() and pointer difference expressions are larger.
Point fixes for a few discrepancies with variadic functions
that expect int (the permanent fix is to change the receiving
modules, but that results in too much change, and is not
allowed in the stable release). Files: tls/tls_scache.c,
util/clean_env.c, util/vstring.h, smtpstone/qmqp-source.c.
-------------------------------------------------------------------
Mon Jul 18 15:49:16 CEST 2005 - choeger@suse.de
- force to set strict_8bitmime to "no" when POSTFIX_MDA != cyrus,
because once it is set to "yes", nobody sets it back.
- only install /etc/pam.d/smtp if suse_version > 920
- use Prereq instead of Requires for mysql and postgresql subpackages
-------------------------------------------------------------------
Wed Jul 13 16:59:14 CEST 2005 - choeger@suse.de
- added /etc/pam.d/smtp configuration file
-------------------------------------------------------------------
Thu Jul 7 16:44:05 CEST 2005 - choeger@suse.de
- Fixed build on x86_64: use -fPIC for libraries and -fPIE for the
rest
-------------------------------------------------------------------
Tue Jul 5 17:57:48 CEST 2005 - choeger@suse.de
- applied dynamic maps patch of LaMont Jones at debian
- Fix to SuSEconfig.postfix: only touch tlsmgr line in master.cf,
if it is the new one using unix socket instead of fifo
-------------------------------------------------------------------
Thu Jun 30 17:52:10 CEST 2005 - uli@suse.de
- build with -fPIE (not -fpie) to avoid GOT overflow on s390x
-------------------------------------------------------------------
Thu Jun 23 10:22:18 CEST 2005 - choeger@suse.de
- updated to postfix 2.2, patchlevel 4
-------------------------------------------------------------------
Fri Jun 17 17:06:39 CEST 2005 - choeger@suse.de
- fixed build using -pie/-fpie (hopefully)
-------------------------------------------------------------------
Fri Jun 17 11:04:03 CEST 2005 - choeger@suse.de
- Build using -pie
-------------------------------------------------------------------
Fri May 13 18:24:50 CEST 2005 - choeger@suse.de
- set strict_8bitmime parameter to yes when using cyrus mailbox
delivery
-------------------------------------------------------------------
Wed May 4 15:54:33 CEST 2005 - choeger@suse.de
- Bugfix ID#66325 - postfix: permissions
also ship a postfix.paranoid file with the package with all suid and sgid
bits disabled
-------------------------------------------------------------------
Tue May 3 16:29:04 CEST 2005 - choeger@suse.de
- updated to postfix 2.2, patchlevel 3
- Bugfix ID#75717 - postfix init scripts reports success allthough postfix is
not running:
use checkproc again instead of "master -t", as "master -t" seems to be broken
-------------------------------------------------------------------
Thu Apr 21 17:42:04 CEST 2005 - choeger@suse.de
- updated to postfix 2.2, patchlevel 2
- Bugfix ID#74712, problems with read-only mounting of $chroot/proc:
don't mount /var/spool/postfix/proc ro as that results in /proc also mounted
ro.
- Bugfix ID#74709, postfix configuration and USE_IPV6 in
sysconfig/network/config
-------------------------------------------------------------------
Tue Mar 15 17:46:44 CET 2005 - choeger@suse.de
- updated to postfix 2.2, patchlevel 1
Postfix 2.2.1 solves four portability problems that surfaced in
the week since the 2.2.0 release, one harmless bug in the TLS
session cache cleaning code, and cleans up minor documentation
problems.
-------------------------------------------------------------------
Thu Mar 10 10:18:45 CET 2005 - choeger@suse.de
- 2.2.0 is out
-------------------------------------------------------------------
Mon Mar 7 14:15:08 CET 2005 - choeger@suse.de
- update to RC2
-------------------------------------------------------------------
Wed Mar 2 15:01:33 CET 2005 - choeger@suse.de
- make it compile with gcc4
-------------------------------------------------------------------
Mon Feb 28 18:03:36 CET 2005 - choeger@suse.de
- RC1 of 2.2 is out
-------------------------------------------------------------------
Fri Feb 18 16:34:07 CET 2005 - choeger@suse.de
- use "usr/sbin/postfix upgrade-configuration" now instead of
"etc/postfix/post-install upgrade-package"
-------------------------------------------------------------------
Thu Feb 17 19:28:22 CET 2005 - choeger@suse.de
- removed some @ chars (don't know how they slipped in)
-------------------------------------------------------------------
Thu Feb 17 13:42:18 CET 2005 - choeger@suse.de
- update to current pre 2.2 snapshot (2.2-20050216)
2.2 release could happen next week
-------------------------------------------------------------------
Thu Feb 10 09:08:18 CET 2005 - choeger@suse.de
- added patch needed for the Kolab project (this patch is part of the upcoming
postfix 2-2 release), see
http://wiki.kolab.org/index.php/Kolab-major-app-patches
-------------------------------------------------------------------
Thu Feb 3 10:00:38 CET 2005 - choeger@suse.de
- s/X-UnitedLinux-Should-Start/Should-Start/
-------------------------------------------------------------------
Wed Feb 2 16:44:34 CET 2005 - choeger@suse.de
- added long_header.patch
long lines piped into postfix sendmail can lead to errors.
-------------------------------------------------------------------
Wed Feb 2 08:52:19 CET 2005 - choeger@suse.de
- Bugfix ID#49307: faster postfix startup: don't use hashed directories if
possible:
- added patch empty_hash_queue_names.patch to be able to modify
hash_queue_names parameter.
- added check to %post to change hash_queue_names in case of
/var/spool/postfix residing on a reiserfs partition when doing
a fresh installation
- Bugfix ID#50386 - postfix must prereq /sbin/ip (iproute2)
-------------------------------------------------------------------
Fri Jan 28 16:29:05 CET 2005 - choeger@suse.de
- updated tls+ipv6 patchkit to v1.26
- Bugfix: Incomplete error checking in getaddrinfo() could cause lmtpd to
crash with debug_peer_list defined. Carsten Hoeger, SuSE. File:
util/match_ops.c
- Linux workaround: When mynetworks isn't set, a chrooted process could not
read the IPv6 address information from /proc. We now invoke own_inet_addr()
before chrooting, while processing main.cf. [backported from 2.2-nonprod
snapshot] File: global/mail_params.c
- Safety: when IPv6 netmask can't be determined, mynetworks is not set and
mynetworks_style = subnet, assume /128 (host only). Until now, Tru64Unix
assumed /64 (good for real subnets, but not safe for tunnel ranges etc.).
File: util/inet_addr_local.c
-------------------------------------------------------------------
Sat Jan 15 20:48:48 CET 2005 - schwab@suse.de
- Use <owner>:<group> in permissions file.
-------------------------------------------------------------------
Thu Jan 13 16:16:41 CET 2005 - choeger@suse.de
- Two fixes to ipv6-patch related bugs:
- Bugfix Bugzilla ID#49435 - VUL-0: Postfix, permit_mx_backup, IPv6, chroot
--> Open Relay!
- Bugfix Bugzilla ID#49695 - SEGV while lmtp delivery
- mount /proc into chroot jail to be able to access /proc/net/if_inet6
-------------------------------------------------------------------
Wed Nov 24 14:46:16 CET 2004 - schwab@suse.de
- Put options first in find command line.
-------------------------------------------------------------------
Tue Nov 9 09:20:27 CET 2004 - choeger@suse.de
- setting LC_ALL=POSIX in SuSEconfig.postfix
-------------------------------------------------------------------
Wed Sep 29 18:14:13 CEST 2004 - choeger@suse.de
- Bugfix Bugzilla ID#46462, postfix should switch biff off
-------------------------------------------------------------------
Tue Sep 21 12:48:02 CEST 2004 - choeger@suse.de
- updated to postfix 2.1, patchlevel 5
(several small bugfixes)
- updated tls+ipv6 patchkit (there have been some small bugs)
- use v4 address 127.0.0.1 as amavisd-new local contact address
as amavisd is not listening on any v6 address
-------------------------------------------------------------------
Mon Sep 20 09:51:25 CEST 2004 - choeger@suse.de
- also chmod the .db file resulting of a postmap (related to
bugfix ID#39045
-------------------------------------------------------------------
Thu Sep 16 13:57:32 CEST 2004 - choeger@suse.de
- Bugfix Bugzilla ID#39045 - tls_per_site table updates in SuSEconfig.postfix
introduced POSTFIX_MAP_LIST in /etc/sysconfig/postfix where additional
maps maintained by SuSEconfig.postfix can be added
-------------------------------------------------------------------
Thu Sep 16 10:34:58 CEST 2004 - choeger@suse.de
- Bugfix Bugzilla ID#45252 - rpm calls SuSEconfig.permissions which calls rpm
-> 3 minute timeout
Also don't call rpm from SuSEconfig.postfix
- Speedup: set timestamp of $TMPDIR/main.cf into the past to workaround
postconf safety which is not neccessary, because we do not touch the main.cf,
the postfix daemons are using.
-------------------------------------------------------------------
Mon Sep 13 11:57:15 CEST 2004 - choeger@suse.de
- added $time to Required-Start in init-script
-------------------------------------------------------------------
Thu Aug 26 14:15:31 CEST 2004 - choeger@suse.de
- do not filter locally delivered mail when USE_AMAVIS=yes
(don't set content_filter=vscan in main.cf)
- removed obsolete vscan service definition from master.cf
-------------------------------------------------------------------
Fri Aug 20 12:47:52 CEST 2004 - choeger@suse.de
- use "$MASTER_BIN -t" to check whether postfix is already running
in start section of init-script. That's more reliable then checkproc.
-------------------------------------------------------------------
Wed Jul 14 17:48:29 CEST 2004 - choeger@suse.de
- Bugfix Bugzilla ID#42995 - SuSEconfig.postfix should ignore
.swp and other files in /etc/aliases.d
-------------------------------------------------------------------
Tue Jul 13 16:22:02 CEST 2004 - choeger@suse.de
- Bugfix Bugzilla ID#42281, openssl ca segfaults:
added missing [ policy_anything ] configuration
options to openssl.cnf
-------------------------------------------------------------------
Mon Jul 12 14:58:58 CEST 2004 - choeger@suse.de
- updated to postfix 2.1, patchlevel 4
- updated tls+ipv6 patchkit to v1.25
- new feature POSTFIX_REGISTER_SLP in /etc/sysconfig/postfix
to be able to totally disable slptool from being started
-------------------------------------------------------------------
Tue May 25 12:42:45 CEST 2004 - choeger@suse.de
- updated tls+ipv6 patchkit to v1.24:
- Bugfix: Prefixlen non-null host portion validation (in CIDR maps for
example) yielded incorrect results sometimes because signed arithmetic was
used instad of unsigned.
- Patch correction: The TLS+IPv6 patch for Postfix 2.1.0 missed the master.cf
update (used for new installattions). Added it back.
- as tls and ipv6 patches have not been completely ported to postfix 2.1
new documentation system, especially the new postconf(5) manpage is
missing the complete ipv6 and tls related configuration parameters,
readded the sample-* files from ipv6+tls to %doc/samples
-------------------------------------------------------------------
Tue May 4 11:24:20 CEST 2004 - choeger@suse.de
- update to postfix 2.1, patchlevel 1:
- Patch 01 fixes a signal 11 problem in the check_policy_service
feature when SASL support is compiled in but turned off in the
SMTP server (smtpd_sasl_auth_enable = no).
-------------------------------------------------------------------
Wed Apr 28 10:46:55 CEST 2004 - choeger@suse.de
- added now officially released tls patchkit 0.8.18-2.1.0-0.9.7d to
the source package for the user to be able to build a non-ipv6
postfix package
-------------------------------------------------------------------
Mon Apr 26 17:46:01 CEST 2004 - choeger@suse.de
- official tls+ipv6 v1.23 patchkit released:
- Patch fixes: Several code fixes to make the patch compile and work
correctly when compiled without IPv6 support.
- Bugfix (Solaris only?): address family length was not updated
which could cause client hostname validation errors. File:
smtpd/smtpd_peer.c
- Portability: added support for Darwin 7.3+. This may need some
further testing.
- Cleanup: Restructure and redocument interface address retrieval
functions. (This reduced the number of preprocessor statements
from 99 to 93 ;) File: util/inet_addr_local.c
- Cleanup: make several explicit casts to have compilers shut their
pie holes about uninteresting things.
-------------------------------------------------------------------
Fri Apr 23 11:22:35 CEST 2004 - choeger@suse.de
- update to final postfix v2.1
-------------------------------------------------------------------
Wed Apr 21 17:35:26 CEST 2004 - choeger@suse.de
- Bugfix: changed {main,master}.cf backup path in specfile, but not in
SuSEconfig script
-------------------------------------------------------------------
Wed Apr 21 11:55:43 CEST 2004 - choeger@suse.de
- update to postfix 2.1 RC5
-------------------------------------------------------------------
Mon Apr 19 14:23:19 CEST 2004 - choeger@suse.de
- update to current postfix 2.1 release candidate (RC4)
-------------------------------------------------------------------
Wed Apr 7 13:09:09 CEST 2004 - choeger@suse.de
- Bugfix Bugzilla ID#38569, exit SuSEconfig.postfix if
mktemp fails
-------------------------------------------------------------------
Tue Mar 30 11:13:38 CEST 2004 - choeger@suse.de
- Bugfix Bugzilla ID#37409
the saslauthd socket is not copied to chroot jail due to
a wrong test in SuSEconfig.postfix (used -L instead of -S)
-------------------------------------------------------------------
Mon Mar 29 20:03:16 CEST 2004 - choeger@suse.de
- only add ::1 to inet_interfaces when SMTPD_LISTEN_REMOTE=no
AND ipv6 is enabled
-------------------------------------------------------------------
Mon Mar 29 11:03:56 CEST 2004 - choeger@suse.de
- Bugfix Bug ID#37293, SuSEConfig complains POSTFIX_ADD_* parameters are
unknown (in turkish locale settings)
added LC_CTYPE=POSIX to SuSEconfig.postfix
-------------------------------------------------------------------
Thu Mar 25 10:54:26 CET 2004 - choeger@suse.de
- updated to tls+ipv6 version 1.22 (related to Bugzilla ID#35884)
- Feature: Support "inet_interfaces = IPv4:all" and "inet_interfaces =
IPv6:all", to restrict postfix to use either IPv4-only or IPv6-only. A more
complete implementation will be part of a future patch. (Slightly modified)
patch by Michal Ludvig, SuSE. Files: util/interfaces_to_af.[ch],
util/inet_addr_local.c, global/own_inet_addr.c,
global/wildcard_inet_addr.[ch], master/master_ent.ch
- Bugfix: In Postfix snapshots, a #define was misplaced with the effect that
IPv6 subnets were not included in auto- generated $mynetworks (i.e.,
mynetworks not defined in main.cf, when also mynetworks_style=subnet) on
Linux 2.x systems. File: utils/sys_defs.h
- now adding ::1 to inet_interfaces when SMTPD_LISTEN_REMOTE=no
(related to Bugzilla ID#35884)
- enabled ipv6 again
-------------------------------------------------------------------
Thu Mar 18 12:37:44 CET 2004 - choeger@suse.de
- updated to most recent snapshot version 2.0.19-20040312:
Patch 19 fixes two low-priority problems:
- When mail is submitted at a high rate with the Postfix sendmail
command, the pickup daemon is keps busy long enough that it it
terminated by the watchdog timer (a feature that prevents Postfix
from locking up permanently).
- Malformed addresses in SMTP commands could result in table looks
with zero-length search strings, causing trouble with NIS lookups.
-------------------------------------------------------------------
Wed Mar 17 16:51:00 CET 2004 - choeger@suse.de
- disable IPv6 patch as it introduces problems for people
who do not use IPv6, see Bugzilla ID#35884,
"ipv6 mynetworks don't work"
-------------------------------------------------------------------
Mon Mar 8 15:58:35 CET 2004 - choeger@suse.de
- be a nice packager and strictly follow
http://www.porcupine.org/postfix-mirror/newdoc/PACKAGE_README.html
(added setgid_group=... to post-install upgrade-package)
-------------------------------------------------------------------
Fri Feb 27 11:37:56 CET 2004 - choeger@suse.de
- update to most recent version 2.0.18-20040209
-------------------------------------------------------------------
Mon Feb 23 15:25:20 CET 2004 - choeger@suse.de
- Bugfix Bugzilla ID#34817, SuSEconfig.postfix doesn't specify direct path to
"postconf" and generates errors if run via sudo by a non-root user.
-------------------------------------------------------------------
Fri Feb 6 13:15:49 CET 2004 - choeger@suse.de
- update to postfix 2.0.18-20040205
- enabled tls+ipv6 patch as it is now available for latest
pre 2.1 snapshot
-------------------------------------------------------------------
Mon Feb 2 13:22:54 CET 2004 - choeger@suse.de
- finally, the official TLS patchkit of Lutz hit the ground
-------------------------------------------------------------------
Mon Feb 2 11:02:16 CET 2004 - choeger@suse.de
- additional fix for the TLS extensions patch
should also fix Bugzilla ID#34218
-------------------------------------------------------------------
Fri Jan 23 12:15:00 CET 2004 - choeger@suse.de
- fixed the smtp segfault
-------------------------------------------------------------------
Thu Jan 22 21:37:51 CET 2004 - choeger@suse.de
- updated to postfix 2.0.18-20040122
- added new feature for specfile usetls to en/dis-able TLS
support
- temporary removed TLS support (self adapted patch to most recent
postfix snapshot version) as it currently results in smtp segfaulting
-------------------------------------------------------------------
Thu Jan 22 13:53:44 CET 2004 - choeger@suse.de
- update to recent postfix snapshot version 2.0.17-20040120
which will become the next official release 2.1 around
next week according to Wietse Venema.
- added possibility to compile using the combined IPV6/TLS patch
which can be downloaded from http://www.ipnet6.org/postfix/
just set useipv6 to 1 at the top of the specfile.
-------------------------------------------------------------------
Thu Jan 22 01:45:58 CET 2004 - ro@suse.de
- remove call to ldap_enable_cache
(function has been removed from openldap and was already
obsolete before (warning was issued back then))
-------------------------------------------------------------------
Wed Jan 14 16:38:06 CET 2004 - choeger@suse.de
- added openslp register/derigister calls to postfix init-script
-------------------------------------------------------------------
Mon Jan 12 15:50:35 CET 2004 - choeger@suse.de
- add postfix user to group mail in case of POSTFIX_MDA==cyrus
to let postfix lmtp access /var/lib/imap/socket/lmtp
-------------------------------------------------------------------
Thu Jan 8 16:00:30 CET 2004 - choeger@suse.de
- Bugfix Bugzilla ID#33421, SMTP-Auth and relaying
added permit_sasl_authenticated also to smtpd_recipient_restrictions
in SuSEconfig.postfix
-------------------------------------------------------------------
Mon Dec 1 14:51:06 CET 2003 - choeger@suse.de
- always create temp files and always remove them later on
-------------------------------------------------------------------
Mon Nov 17 12:51:09 CET 2003 - choeger@suse.de
- some .spec improvements
-------------------------------------------------------------------
Thu Oct 30 12:13:51 CET 2003 - mmj@suse.de
- Run SuSEconfig after install
-------------------------------------------------------------------
Wed Oct 29 20:23:44 CET 2003 - mmj@suse.de
- Don't build as root
- Be nice and clean up after ourselves
-------------------------------------------------------------------
Tue Oct 14 15:47:52 CEST 2003 - choeger@suse.de
- update to postfix v2.0.16
- update to tls extensions v0.8.16
- Fix for Bugzilla ID#32114, fixed some if condition syntaxes
-------------------------------------------------------------------
Tue Sep 16 10:29:25 CEST 2003 - choeger@suse.de
- fixed example for POSTFIX_RELAYHOST, Bug ID#30756
-------------------------------------------------------------------
Mon Sep 8 09:49:49 CEST 2003 - choeger@suse.de
- updated some sysconfig descriptions
- removed relays.osirosoft.com from the examples, Bug ID#30215
-------------------------------------------------------------------
Thu Sep 4 15:40:25 CEST 2003 - kukuk@suse.de
- Fix next useradd call
-------------------------------------------------------------------
Wed Sep 3 11:31:54 CEST 2003 - choeger@suse.de
- conf/postfix-files as input for /etc/permissions.d/postfix (Bug ID#29915)
- generate better amavisd-new master.cf line:
limit maxproc to 2 and use brackets around localhost
(Bug ID#29917)
-------------------------------------------------------------------
Mon Sep 1 13:08:33 CEST 2003 - choeger@suse.de
- use conf/postfix-files as input for directories and permissions
for files/directories in/below $queue_directory and $command_directory
- use /var/lib/imap/socket/lmtp as lmtp socket in SuSEconfig.postfix
and change access modes of /var/lib/imap and /var/lib/imap/socket
to let postfix lmtp access the unix socket
-------------------------------------------------------------------
Fri Aug 29 11:43:53 CEST 2003 - kukuk@suse.de
- Create postfix user as system account [Bug #29611]
-------------------------------------------------------------------
Fri Aug 29 08:48:52 CEST 2003 - kukuk@suse.de
- Adjust sendmail permissions
- Create /var/spool/postfix/public with permissions postfix is
using
-------------------------------------------------------------------
Fri Aug 29 00:27:03 CEST 2003 - mmj@suse.de
- Add sendmail to /etc/sysconfig/mail
-------------------------------------------------------------------
Thu Aug 14 18:41:19 CEST 2003 - choeger@suse.de
- update to Postfix 2.0 Patch 14
- Bugfix Bugzilla ID#28921:
missing activation metadata in sysconfig template
-------------------------------------------------------------------
Wed Jul 30 11:48:21 CEST 2003 - choeger@suse.de
- new macros for stop/restart of services on rpm update/removal
-------------------------------------------------------------------
Mon Jul 21 13:33:53 CEST 2003 - choeger@suse.de
- chown user:group instead of user.group
-------------------------------------------------------------------
Fri Jul 11 11:23:05 CEST 2003 - choeger@suse.de
- update to tls extensions 0.8.15-2.0.13-0.9.7b
-------------------------------------------------------------------
Tue Jul 1 15:44:05 CEST 2003 - choeger@suse.de
- updated SuSEconfig to use amavisd-new instead of amavis[d]-postfix
-------------------------------------------------------------------
Mon Jun 30 17:43:20 CEST 2003 - choeger@suse.de
- update to Postfix 2.0 Patch 13
- After "postfix reload", the master daemon now warns when the
inet_interfaces parameter setting has changed, and ignores the
change, instead of passing incorrect information to the smtp
server.
- After the postdrop command change with Postfix 2.0.11, the postcat
command no longer recognized "maildrop" queue files as valid.
- Mail could bounce when two messages were delivered simultaneously
to a non-existent mailbox file. The safe_open() code that prevents
race condition exploits will now try a little harder when it
actually encounters a race condition.
- update to tls extensions 0.8.14-2.0.12-0.9.7b
-------------------------------------------------------------------
Thu Jun 12 13:27:48 CEST 2003 - choeger@suse.de
- also change path to smtpd.conf in sysconfig template parameter
description dependent on what %{_lib} is set to.
-------------------------------------------------------------------
Thu Jun 12 09:51:33 CEST 2003 - choeger@suse.de
- update to postfix 2.0, patchlevel 12
-------------------------------------------------------------------
Wed Jun 11 17:55:21 CEST 2003 - choeger@suse.de
- mkdir -p $RPM_BUILD_ROOT/%{_libdir}/sasl2 instead of
$RPM_BUILD_ROOT/usr/lib/sasl2
and we also can build on 64bit archs
-------------------------------------------------------------------
Wed Jun 11 14:25:29 CEST 2003 - choeger@suse.de
- package /usr/lib/sasl2/smtpd.conf using %{_libdir}/sasl2/smtpd.conf
- added /etc/postfix to filelist
-------------------------------------------------------------------
Wed Jun 11 09:11:11 CEST 2003 - choeger@suse.de
- update to postfix 2.0, patchlevel 11
- update to tls extensions 0.8.13-2.0.10-0.9.7b
-------------------------------------------------------------------
Fri May 23 14:33:01 CEST 2003 - choeger@suse.de
- updated SuSE/master.cf toplevel comments
-------------------------------------------------------------------
Fri May 23 14:19:43 CEST 2003 - choeger@suse.de
- update to postfix 2.0, patchlevel 10
-------------------------------------------------------------------
Mon May 19 12:42:36 CEST 2003 - choeger@suse.de
- remove installed (but unpackaged) file /etc/postfix/aliases
-------------------------------------------------------------------
Mon May 19 10:12:52 CEST 2003 - choeger@suse.de
- path to ca, certificate and key is relative to $POSTFIX_SSL_PATH,
added $POSTFIX_SSL_PATH/ to the relevant parts of SuSEconfig.postfix
-------------------------------------------------------------------
Wed May 14 11:29:48 CEST 2003 - choeger@suse.de
- correctly handle new POSTFIX_SMTP_TLS_CLIENT parameter in
SuSEconfig.postfix (activate/deactivate master.cf entries)
-------------------------------------------------------------------
Wed May 14 11:05:36 CEST 2003 - choeger@suse.de
- added libxcrypt to chroot jail, Bugzilla ID#25766
-------------------------------------------------------------------
Tue May 13 20:40:00 CEST 2003 - choeger@suse.de
- added TLS_CLIENT support, Bugzilla ID#26647
-------------------------------------------------------------------
Wed Apr 23 13:43:02 CEST 2003 - choeger@suse.de
- update to postfix 2.0, patchlevel 9
-------------------------------------------------------------------
Tue Apr 15 10:27:13 CEST 2003 - ro@suse.de
- fixed neededforbuild
-------------------------------------------------------------------
Mon Apr 7 12:58:01 CEST 2003 - choeger@suse.de
- update to postfix 2.0, patchlevel 7
- update to tls extensions 0.8.13-2.0.6-0.9.7a
- Bugfix Bugzilla ID#25905, do not restrict mailbox size per default
-------------------------------------------------------------------
Sat Mar 8 15:56:26 CET 2003 - choeger@suse.de
- use checkproc to check if there really is a postfix master
process running when there's a pid file lying around.
(Bugzilla ID#24910)
-------------------------------------------------------------------
Thu Mar 6 11:02:12 CET 2003 - choeger@suse.de
- update to Postfix 2.0 Patch 06
- Postfix now truncates non-address information in message address
headers (comments, etc.) to 250 characters per address. This should
rarely present a problem. Reportedly, junk mail from poorly written
software can trigger the protection, but that is no great loss.
- Some little fixes to documentation.
-------------------------------------------------------------------
Tue Mar 4 10:29:31 CET 2003 - choeger@suse.de
- update to Postfix 2.0 Patch 05
- The SMTP server's hard and soft error limits were off by one.
With "smtpd_hard_error_limit = 1", Postfix will now disconnect
after the first error, instead of the second one.
- The proxymap server could deadlock when the mydestination parameter
setting included a proxymapped lookup table.
- Some little fixes to documentation.
-------------------------------------------------------------------
Sat Mar 1 16:41:10 CET 2003 - choeger@suse.de
- when updating postfix, check whether post-install changed
main/master.cf and update md5sums to not confuse SuSEconfig
- when installing postfix on a fresh system, create md5sums
in %post to be able to let check_md5_and_move() detect
changes that a user might have done without running SuSEconfig
before.
-------------------------------------------------------------------
Thu Feb 27 19:01:32 CET 2003 - choeger@suse.de
- no longer remove md5sums of main.cf and master.cf during
postinstall, as SuSEconfig then no longer knows, whether
main.cf/master.cf had been modified by the user.
Disadvantage: as postfix permanently needs basic changes
to both main and master.cf, SuSEconfig.postfix will frequently
generate .SuSEconfig files although the user did not change anything
Bugzilla ID#24432
-------------------------------------------------------------------
Fri Feb 21 10:04:48 CET 2003 - choeger@suse.de
- update to Postfix 2.0 Patch 04
- The format of maildir filenames is synchronized with the present
version of the maildir definition document. This format was already
adopted by the 20030126 snapshot release.
- The time limit on delivery to external commands was not enforced.
This was broken probably some time before the first public Postfix
release.
- Duplicate elimination after virtual alias expansion works again.
This was broken with the introduction of the original recipient
attribute.
- The local pickup daemon dropped incomplete records from local
submissions. This was broken somewhere in the middle of 2002.
-------------------------------------------------------------------
Sat Feb 15 14:59:54 CET 2003 - choeger@suse.de
- Bugfix Bugzilla ID#23675: new service proxymap will not be
appended during update
-------------------------------------------------------------------
Mon Feb 10 16:25:39 CET 2003 - choeger@suse.de
- also check whether amavisd-postfix is installed and set up
filter section in master.cf
-------------------------------------------------------------------
Thu Jan 30 11:43:03 CET 2003 - choeger@suse.de
- update to Postfix 2.0 Patch 03
- Postfix 2.0 broke relocated table lookup results with mail not
rejected at the SMTP port, causing "User has moved to" text to be
deleted.
- A widely used maildir filename generating algorithm was broken.
This affects all Postfix versions with maildir support. Instead of
TIME.PID_COUNT.HOST Postfix now uses TIME.DEVICE_INODE.HOST.
- Postfix 2.0 gave incorrect FILTER_README instructions for sites
that wish to disable virtual alias mapping before the content
filter.
- postfix-lib64.patch code now integrated in postfix
-------------------------------------------------------------------
Fri Jan 24 11:52:17 CET 2003 - choeger@suse.de
- changed SuSEconfig.postfix and smtpd.conf to use sasl2
-------------------------------------------------------------------
Thu Jan 23 13:07:17 CET 2003 - choeger@suse.de
- forgot to add tlsmgr to master.cf
-------------------------------------------------------------------
Thu Jan 23 11:43:24 CET 2003 - choeger@suse.de
- Hmmm, just noticed, that suddenly 2.0.0.x became 2.0.x
must have missed something...
- updated SuSE/master.cf (new proxymap service)
-------------------------------------------------------------------
Thu Jan 16 10:21:27 CET 2003 - choeger@suse.de
- added POSTFIX_ADD_MESSAGE_SIZE_LIMIT as example to sysconfig.postfix
(Bugzilla ID#22907)
-------------------------------------------------------------------
Tue Jan 14 12:51:56 CET 2003 - choeger@suse.de
- build using sasl2
-------------------------------------------------------------------
Fri Jan 10 13:24:43 CET 2003 - choeger@suse.de
- update to postfix v2 (version 2.0.0.2)
-------------------------------------------------------------------
Wed Dec 11 11:44:51 CET 2002 - choeger@suse.de
- added sysconfig metadata to sysconfig templates
- updated to new tls extensions
-------------------------------------------------------------------
Fri Nov 29 13:16:42 CET 2002 - choeger@suse.de
- Bugfix Bugzilla ID#21865: don't copy directories into
directories when updating chroot jail in cpifnewer()
- Update to version 1.11, pl12
-------------------------------------------------------------------
Tue Nov 19 14:29:36 CET 2002 - choeger@suse.de
- new SuSEconfig.postfix features:
. SMTP-AUTH server
. SMTP-AUTH client
. TLS Server
-------------------------------------------------------------------
Tue Nov 5 15:08:43 CET 2002 - choeger@suse.de
- quote args of tr command
-------------------------------------------------------------------
Mon Nov 4 13:52:51 CET 2002 - choeger@suse.de
- new feature: POSTFIX_ADD_* command in sysconfig/postfix to
be able to add any regular postfix command via SuSEconfig
- Bugfix Bugzilla ID#21120 added POSTFIX_ADD_MAILBOX_SIZE_LIMIT
as example with value 0 (unlimited)
- added a header to main.cf explaining that many postfix
parameters have been added to the end of main.cf
-------------------------------------------------------------------
Tue Oct 15 11:27:46 CEST 2002 - choeger@suse.de
- Bugfix for Bugzilla ID#20754
missed some parameters when restoring main.cf or master.cf
from scratch
-------------------------------------------------------------------
Wed Oct 9 20:34:03 CEST 2002 - choeger@suse.de
- NULLCLIENT did not work because SuSEconfig searches for the wrong
keyword
-------------------------------------------------------------------
Mon Oct 7 17:47:56 CEST 2002 - choeger@suse.de
- Bugfix related to Bugzilla IDs 20506, 18298, 19294:
masquerade_classes should not be extended by envelope_recipient
-------------------------------------------------------------------
Fri Sep 6 17:04:57 CEST 2002 - choeger@suse.de
- added ypbind to X-UnitedLinux-Should-Start in init-script
-------------------------------------------------------------------
Wed Aug 28 11:37:38 CEST 2002 - choeger@suse.de
- added restoration mechanism to restore master.cf and/or main.cf
if they got deleted by (intention or) accident to SuSEconfig.postfix
- added ldap to X-UnitedLinux-Should-Start
-------------------------------------------------------------------
Mon Aug 26 11:11:26 CEST 2002 - choeger@suse.de
- Bugfix Bugzilla ID#18298: when setting FROM_HEADER, also unqualified
envelope recipients should be qualified to FROM_HEADER, not to
myorigin, added envelope_recipient to masquerade_classes
- Bugfix Bugzilla ID#18297: %post touches main.cf and master.cf so it
may happen, that an update leaves .SuSEconfig files.
Remove /var/adm/SuSEconfig/md5/etc/postfix/main.cf and master.cf
in %post
- Bugfix Bugzilla ID#18301: sendmail and postfix have different
opinions on the usage of NULLCLIENT. Moved NULLCLIENT to
sysconfig.postfix.POSTFIX_NULLCLIENT
- added exim to Conflicts
-------------------------------------------------------------------
Thu Aug 22 09:47:51 CEST 2002 - choeger@suse.de
- wait for qmgr in the background for a maximum of 60 seconds
-------------------------------------------------------------------
Wed Aug 21 17:07:39 CEST 2002 - choeger@suse.de
- Bugfix for init-script:
wait for qmgr to be ready before calling postfix flush
-------------------------------------------------------------------
Wed Aug 14 15:59:04 CEST 2002 - choeger@suse.de
- added accidently removed line in master.cf for amavis,
Bugzilla ID#17732
-------------------------------------------------------------------
Tue Aug 13 10:08:47 CEST 2002 - choeger@suse.de
- exclude .rpmsave and .rpmorig from /etc/aliases.d expansion
-------------------------------------------------------------------
Wed Aug 7 11:55:55 CEST 2002 - choeger@suse.de
- added netcfg to Prereq (/etc/aliases)
-------------------------------------------------------------------
Tue Aug 6 11:28:56 CEST 2002 - choeger@suse.de
- added pcre openldap2-client to prereq (Bugzilla ID#17447)
-------------------------------------------------------------------
Mon Aug 5 16:38:49 CEST 2002 - choeger@suse.de
- completed Prereq
-------------------------------------------------------------------
Fri Jul 19 16:49:57 CEST 2002 - choeger@suse.de
- Bugfix for the handling of POSTFIX_MASQUERADE_DOMAIN
and FROM_HEADER
- removed main.cf from SuSE.tar.gz
- added X-UnitedLinux-Should-Start: cyrus to init-script
-------------------------------------------------------------------
Thu Jul 18 13:57:44 CEST 2002 - choeger@suse.de
- set local as default MDA again
reason: postfix does not execute any external programs like procmail
with uid 0, so root mails will go to /var/mail/nobody, which
will confuse people
- remove setting of SUSE_RELEASE version in the (E)SMTP banner
-------------------------------------------------------------------
Fri Jul 12 11:08:03 CEST 2002 - choeger@suse.de
- removed /etc/aliases from filelist, it's now in netcfg
-------------------------------------------------------------------
Thu Jul 11 14:16:25 CEST 2002 - choeger@suse.de
- removed 'q' flag from vscan transport definition, because
current amavis versions have a rfc2821_mailbox_addr function
- remove old aliases.db files in %post
- do not use unset in %post
-------------------------------------------------------------------
Mon Jul 8 15:14:00 CEST 2002 - choeger@suse.de
- make procmail the default MDA
-------------------------------------------------------------------
Fri Jul 5 17:11:03 CEST 2002 - choeger@suse.de
- use %{_lib} macro to detect platforms with lib64
directories
-------------------------------------------------------------------
Fri Jul 5 16:34:38 CEST 2002 - choeger@suse.de
- make chroot jail function lib64 aware
-------------------------------------------------------------------
Thu Jul 4 13:53:40 CEST 2002 - uli@suse.de
- fixed libnsl detection on lib64 systems
-------------------------------------------------------------------
Thu Jul 4 10:34:26 CEST 2002 - choeger@suse.de
- ldap_url_search_st is no longer available in OpenLDAP v2.1
added a patch, that uses ldap_url_parse
- added new feature POSTFIX_MDA, Bugzilla ID#16720
-------------------------------------------------------------------
Fri Jun 7 13:34:09 CEST 2002 - choeger@suse.de
- changed POSTFIX_BASIC_SPAM_PREVENTION. It can now be set to
either off(default), medium or hard
- cleaned up SuSEconfig.postfix
- prepared for /etc/aliases.d
-------------------------------------------------------------------
Wed Jun 5 18:09:16 CEST 2002 - choeger@suse.de
- new FEATURES: POSTFIX_RBL_HOSTS, POSTFIX_BASIC_SPAM_PREVENTION,
Bugzilla ID#16383
- moved sample-*.cf files to %{_docdir}/postfix/samples
-------------------------------------------------------------------
Wed Jun 5 11:14:29 CEST 2002 - choeger@suse.de
- update to patchlevel 11, version 1.1.11
- new FEATURE: POSTFIX_UPDATE_MAPS
-------------------------------------------------------------------
Fri May 24 13:39:05 CEST 2002 - choeger@suse.de
- update to patchlevel 10, version 1.1.10
- create required users and groups in %pre install
-------------------------------------------------------------------
Thu Apr 25 16:55:58 CEST 2002 - choeger@suse.de
- removed provides of my own packagename...
-------------------------------------------------------------------
Fri Apr 19 13:25:32 CEST 2002 - choeger@suse.de
- Bugfix for README.SuSE: POSTFIX_CREATECF is now
MAIL_CREATE_CONFIG
-------------------------------------------------------------------
Thu Apr 4 11:36:52 CEST 2002 - choeger@suse.de
- update to patchlevel 7, version 1.1.7
- introduced new feature POSTFIX_LAPTOP
-------------------------------------------------------------------
Tue Mar 26 15:21:18 CET 2002 - choeger@suse.de
- update to patchlevel 5, version 1.1.5
-------------------------------------------------------------------
Tue Mar 12 15:28:24 CET 2002 - choeger@suse.de
- Bugfix: don't check whether POSTFIX_MASQUERADE_DOMAIN is empty
or not, because else we won't be able to clear it.
-------------------------------------------------------------------
Thu Feb 28 10:21:36 CET 2002 - choeger@suse.de
- added flags=q to amavis transport definition (link@suse.de):
[...]
If your postfix is older than snapshot 20010610, leave out the
"flags=q" part. However, amavis will not function properly with
envelope adresses that contain whitespace in the local-part.
This is quite rare, but has been observed a few times.
[...]
-------------------------------------------------------------------
Mon Feb 25 13:58:05 CET 2002 - choeger@suse.de
- update to version 1.1.4 (1.1, patchlevel 4)
Bugfix (excerpt from HISTORY):
..................................................................
off-by-one error, causing a null byte to be
written outside dynamically allocated memory in
the queue manager with addresses of exactly 100
bytes long, resulting in SIGSEGV on systems with
an "exact fit" malloc routine.
..................................................................
- added new option SMTPD_LISTEN_REMOTE to /etc/sysconfig/mail
which has been introduced by the SuSE dist-team (excerpt):
..................................................................
sendmail does have an option to listen only on the local port,
this should be the default.
A flag "SMTPD_LISTEN_REMOTE" in /etc/sysconfig/mail will be used
to decide if port 25 should be opened externally.
The sendmail package will send a mail to root explaining this
fact. sendmail updates will copy the value of START_SMTPD to this
new flag.
..................................................................
As this is a totally different behaviour compared to old releases,
SMTPD_LISTEN_REMOTE will be set to "yes", if POSTFIX_CREATECF
(now MAIL_CREATE_CONFIG) had been set to "yes" before the update.
-------------------------------------------------------------------
Thu Feb 21 12:39:55 CET 2002 - choeger@suse.de
- fillup workaround
-------------------------------------------------------------------
Thu Feb 21 11:23:52 CET 2002 - choeger@suse.de
- hostname handling is still annoying
added some piece of code to SuSEconfig.postfix to
get a valid hostname
-------------------------------------------------------------------
Mon Feb 18 16:03:40 CET 2002 - choeger@suse.de
- %postinst cleanup:
. use rename_sysconfig_variable macro
. use remove_and_set macro
instead of directly calling fillup
-------------------------------------------------------------------
Wed Feb 13 17:27:37 CET 2002 - choeger@suse.de
- FQHOSTNAME has been removed from /etc/sysconfig/network/config
and is now set in /etc/HOSTNAME, which wasn't FQ in the past.
*Please, don't change it again*
- if POSTFIX_LOCALDOMAINS is set, do not append
"$myhostname, localhost.$mydomain" anymore
-------------------------------------------------------------------
Tue Feb 12 16:31:14 CET 2002 - choeger@suse.de
- Also take care of the localhost:10025 mailer definition when
setting up chroot options
-------------------------------------------------------------------
Mon Feb 11 09:27:47 CET 2002 - choeger@suse.de
- Do not set myorigin to FROM_HEADER
-------------------------------------------------------------------
Thu Feb 7 10:10:55 CET 2002 - choeger@suse.de
- Bugfix(SuSEconfig.postfix): typo in path to /etc/sysconfig/amavis
-------------------------------------------------------------------
Mon Feb 4 11:25:51 CET 2002 - choeger@suse.de
- SuSEconfig.postfix enhancement: get hostname from hostname -f
Bugfix: get FQHOSTNAME from /etc/sysconfig/network/config
- added -y to fillup_and_insserv to create startlinks
after installation
- changed company name to SuSE Linux AG in copyright headers
-------------------------------------------------------------------
Mon Feb 4 09:44:45 CET 2002 - choeger@suse.de
- update to postfix 1.1.3 and tls extensions 0.8.3
minor bugfixes
http://groups.yahoo.com/group/postfix-users/message/52953
-------------------------------------------------------------------
Fri Feb 1 20:37:27 CET 2002 - choeger@suse.de
- Bugfix: Forgot to assign a name to TMPDIR in SuSEconfig.postfix
-------------------------------------------------------------------
Fri Feb 1 11:43:17 CET 2002 - choeger@suse.de
- added resolve_local_panic.patch
http://groups.yahoo.com/group/postfix-users/message/52746
-------------------------------------------------------------------
Wed Jan 30 15:44:10 CET 2002 - choeger@suse.de
- update of tls extensions to 0.8.2
-------------------------------------------------------------------
Mon Jan 28 15:00:07 CET 2002 - choeger@suse.de
- update to version 1.1.2
- sysconfig.mail changes
-------------------------------------------------------------------
Tue Jan 22 12:08:43 CET 2002 - choeger@suse.de
- renamed cleanup.fillup to sysconfig.postfix.cleanup
- added postqueue patch, see
http://groups.yahoo.com/group/postfix-users/message/51611
for more details
-------------------------------------------------------------------
Mon Jan 21 14:56:39 CET 2002 - choeger@suse.de
- update to official release version 1.1.0
- moved some stuff to /etc/sysconfig/mail
- cleaned up /etc/rc.config access
- added some safety checks to SuSEconfig.postfix
-------------------------------------------------------------------
Wed Jan 16 16:58:53 CET 2002 - choeger@suse.de
- update to version 20020115 (release candidate for Postfix
official release version 1.1)
-------------------------------------------------------------------
Tue Jan 15 16:20:13 CET 2002 - choeger@suse.de
- some improvements to SuSEconfig.postfix
-------------------------------------------------------------------
Fri Jan 11 17:52:25 CET 2002 - choeger@suse.de
- updated to version 20020107
- added postinstall section to update from previous versions
of postfix
-------------------------------------------------------------------
Tue Jan 8 20:11:07 CET 2002 - egmont@suselinux.hu
- Changed /sbin/init.d to /etc/init.d in init script comment
-------------------------------------------------------------------
Mon Jan 7 15:01:16 CET 2002 - choeger@suse.de
- added sender_canonical_maps to SuSEconfig.postfix to let
the new YaST2 module setup this map similar to sendmails
genericstable
-------------------------------------------------------------------
Thu Jan 3 13:51:45 CET 2002 - kukuk@suse.de
- SuSEconfig.postfix shell script is no config file [Bug #12712]
-------------------------------------------------------------------
Wed Dec 19 15:26:20 CET 2001 - choeger@suse.de
- Made initscript more LSB compliant (status codes)
- Bugfix for Bugzilla ID#12672 (improve explanation
of POSTFIX_LOCALDOMAINS)
- robustness enhancement for SuSEconfig.postfix
-------------------------------------------------------------------
Fri Dec 14 15:42:31 CET 2001 - choeger@suse.de
- typo in specfile (master.cf installed as main.cf)
-------------------------------------------------------------------
Thu Dec 13 11:25:44 CET 2001 - choeger@suse.de
- update to version 20011210
- some changes to SuSEconfig.postfix:
. added POSTFIX_UPDATE_CHROOT_JAIL variable, see README.SuSE
. some cleanups for chroot jail
. little bugfixes
-------------------------------------------------------------------
Thu Dec 13 01:16:57 CET 2001 - ro@suse.de
- moved rc.config.d -> sysconfig
-------------------------------------------------------------------
Wed Nov 28 18:36:10 CET 2001 - choeger@suse.de
- update to version 20011127
- some changes to SuSEconfig.postfix:
. added more robustness (Jehova)
. do not chown -R postfix to /var/spool/postfix
. query for package cyrus-sasl instead of sasl
-------------------------------------------------------------------
Tue Nov 20 16:13:00 CET 2001 - choeger@suse.de
- update to version 20011115
Bugfix for a memory exhaustion bug in smtpd
see http://groups.yahoo.com/group/postfix-users/message/46597
- remove START_ variable
-------------------------------------------------------------------
Fri Nov 9 14:54:24 CET 2001 - choeger@suse.de
- some changes to specfile (thanks to Simon J Mudd from whom
I copied some code)
-------------------------------------------------------------------
Tue Nov 6 15:19:18 CET 2001 - choeger@suse.de
- fix some SuSEconfig.postfix bugs:
. master.cf chroot column can also contain '-'
. don't do anything if POSTFIX_CREATECF != yes
-------------------------------------------------------------------
Fri Oct 26 13:11:17 CEST 2001 - choeger@suse.de
- update to most recent snapshot version 20011008
-------------------------------------------------------------------
Thu Oct 25 14:36:47 CEST 2001 - choeger@suse.de
- update to pl05
-------------------------------------------------------------------
Fri Oct 19 12:53:44 CEST 2001 - choeger@suse.de
- Bugfix, Bugzilla ID#11914
-------------------------------------------------------------------
Wed Sep 26 09:33:34 CEST 2001 - choeger@suse.de
- ALWAYS create master.cf, even is POSTFIX_CREATECF is set
to no, because else chroot mode may not work, Bugzilla ID#11359
-------------------------------------------------------------------
Thu Sep 13 14:34:06 CEST 2001 - choeger@suse.de
- removed an obsolete echo in start section of init-script
-------------------------------------------------------------------
Thu Sep 6 13:48:29 CEST 2001 - choeger@suse.de
- Bugfix in init-script: redirect output of postfix start
to dev/null and do not use startproc to start postfix
-------------------------------------------------------------------
Tue Sep 4 18:09:43 CEST 2001 - choeger@suse.de
- update to tls-extensions v0.7.9
see http://groups.yahoo.com/group/postfix-users/message/41094
for details
-------------------------------------------------------------------
Fri Aug 31 13:54:02 CEST 2001 - choeger@suse.de
- update of tls-extensions to 0.7.8
- update of postfix to pl04
- Bugfix: - check if postfix spool is set up before starting postfix
- start postfix with postfix start, because postfix-script
wouldn't be executed, else.
-------------------------------------------------------------------
Tue Jul 10 14:34:17 CEST 2001 - choeger@suse.de
- update of tls-extensions to 0.7.3
-------------------------------------------------------------------
Thu Jun 28 13:06:47 CEST 2001 - choeger@suse.de
- bugfix: remove libs from chroot jail, that are no longer
valid, Bugzilla ID#9133
- bugfix: init script was not LSB compliant, Bugzilla ID#9063
-------------------------------------------------------------------
Fri Jun 15 09:44:49 CEST 2001 - choeger@suse.de
- added cyrus to require start in init-script
- "bugfix": bootstrap problem cyrus-imapd <-> postfix:
cyrus-imapd must run before postfix, but fails to create
lmtp socket, because /var/spool/postfix/public directory
isn't present. FIX: add it to filelist
-------------------------------------------------------------------
Wed Jun 13 15:08:33 CEST 2001 - choeger@suse.de
- install postrop with special SGID modes
-------------------------------------------------------------------
Tue Jun 12 13:29:36 CEST 2001 - choeger@suse.de
- improved SuSEconfig.postfix
- better main.cf handling
- new feature: chroot or not chroot
-------------------------------------------------------------------
Mon May 28 09:36:49 CEST 2001 - choeger@suse.de
- major bugfix: memory leak in the LDAP client module
- minor bugfixes
-------------------------------------------------------------------
Wed May 9 20:15:27 CEST 2001 - mfabian@suse.de
- bzip2 sources
-------------------------------------------------------------------
Wed May 2 09:44:29 CEST 2001 - choeger@suse.de
- updated to pl02, bugfixrelease
-------------------------------------------------------------------
Mon Apr 30 11:41:35 CEST 2001 - choeger@suse.de
- Bugfix for SuSEconfig.postfix:
Handling of TIMEZONE variable if set to unappropriate or no
value
- Improvement: Warnings are printed out in bold
-------------------------------------------------------------------
Tue Apr 17 16:28:41 CEST 2001 - kukuk@suse.de
- Don't use a RPM macro for version number
-------------------------------------------------------------------
Fri Mar 30 10:08:15 CEST 2001 - choeger@suse.de
- update to pl01, bugfixrelease
-------------------------------------------------------------------
Tue Mar 27 13:16:45 CEST 2001 - choeger@suse.de
- added libcrack to chroot jail, because
it is needed by pam_pwcheck
-------------------------------------------------------------------
Thu Mar 15 01:08:35 CET 2001 - ro@suse.de
- fixed neededforbuild for openldap
-------------------------------------------------------------------
Mon Mar 5 11:49:48 CET 2001 - choeger@suse.de
- first non-beta of the next postfix generation
- v20010228
-------------------------------------------------------------------
Tue Feb 27 11:22:24 CET 2001 - ro@suse.de
- added cyrus-sasl-devel to neededforbuild
-------------------------------------------------------------------
Tue Feb 27 09:51:56 CET 2001 - choeger@suse.de
- new version, 20010225
- removed notification message
-------------------------------------------------------------------
Tue Feb 20 14:16:30 CET 2001 - choeger@suse.de
- bugfix: wrong permissions for maildrop directory
-------------------------------------------------------------------
Wed Jan 31 10:53:04 CET 2001 - choeger@suse.de
- update to version 20010128
- now linked against ldaplib2
-------------------------------------------------------------------
Fri Jan 5 14:25:11 CET 2001 - choeger@suse.de
- bugfix: maildrop must be owned by postfix.root
-------------------------------------------------------------------
Mon Dec 18 14:47:53 CET 2000 - choeger@suse.de
- update to version 20001212
- bugfix: insserv
- bugfix: missed openssl in neededforbuilt
- renamed to postfix, because a non-crypto version
is no longer needed
-------------------------------------------------------------------
Wed Dec 13 15:52:43 CET 2000 - choeger@suse.de
- Bugfix: postfix-script was not executable
-------------------------------------------------------------------
Tue Dec 12 15:13:40 CET 2000 - choeger@suse.de
- Bugfixes:
Provides in initscript
Use /bin/bash in SuSEconfig.postfix
- Update to version 20001210
-------------------------------------------------------------------
Thu Nov 30 08:35:09 CET 2000 - ro@suse.de
- startscript sbin -> etc
-------------------------------------------------------------------
Thu Nov 23 09:55:37 CET 2000 - choeger@suse.de
- new version
- fix for neededforbuild
- fix for master.cf
-------------------------------------------------------------------
Wed Nov 22 13:06:54 CET 2000 - choeger@suse.de
- adopted to new init scheme
-------------------------------------------------------------------
Wed Nov 15 16:13:12 CET 2000 - choeger@suse.de
- fixed neededforbuild
-------------------------------------------------------------------
Tue Nov 14 15:19:40 CET 2000 - choeger@suse.de
- update to version 20001030
-------------------------------------------------------------------
Thu Nov 9 17:14:48 CET 2000 - choeger@suse.de
- long packagename
- added rpm buildroot
-------------------------------------------------------------------
Wed Nov 8 15:59:41 CET 2000 - uli@suse.de
- fixed neededforbuild
-------------------------------------------------------------------
Fri Nov 3 18:12:57 CET 2000 - bk@suse.de
- src/util/dict_ldap.c:dict_ldap_lookup(): fix missing **-termination.
-------------------------------------------------------------------
Tue Oct 24 17:28:06 CEST 2000 - fober@suse.de
- s390,ppc: added -fsigned-char compiler option, to fix obscure segfaults.
(code is not signed/unsigned-char-clean)
-------------------------------------------------------------------
Thu Oct 12 18:24:54 CEST 2000 - choeger@suse.de
- yet another SuSEconfig.postfix bug (incorrect link)
-------------------------------------------------------------------
Wed Oct 11 16:47:35 CEST 2000 - choeger@suse.de
- bugfix for SuSEconfig.postfix
-------------------------------------------------------------------
Mon Oct 9 13:54:13 CEST 2000 - choeger@suse.de
- bugfix: missed to install new flush service
-------------------------------------------------------------------
Mon Oct 9 11:48:39 CEST 2000 - choeger@suse.de
- inititial revision of pfixtls