2021-01-27 16:17:30 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jan 27 15:14:50 UTC 2021 - Peter Varkoly <varkoly@suse.com>
|
|
|
|
|
|
|
|
|
|
- bsc#1180473 - [Build 20201230] postfix has invalid default config
|
|
|
|
|
Fixing config.postfix and sysconfig.postfix
|
|
|
|
|
|
2021-01-25 11:42:59 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jan 25 10:31:03 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>
|
|
|
|
|
|
|
|
|
|
- Update to 3.5.9:
|
|
|
|
|
* improves the reporting of DNSSEC problems that may affect
|
|
|
|
|
DANE security
|
|
|
|
|
|
2021-01-20 16:19:40 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jan 20 15:19:13 UTC 2021 - Peter Varkoly <varkoly@suse.com>
|
|
|
|
|
|
|
|
|
|
- postfix-bdb-lmdb should provide postfix-lmdb
|
|
|
|
|
|
2020-12-24 08:17:02 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Dec 8 13:36:35 UTC 2020 - Peter Varkoly <varkoly@suse.com>
|
|
|
|
|
|
|
|
|
|
- bsc#1176650 L3: What is regularly triggering the "fillup"
|
|
|
|
|
command and changing modify-time of /etc/sysconfig/postfix?
|
|
|
|
|
o Remove miss placed fillup_only call from %verifyscript
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Nov 26 15:30:10 UTC 2020 - Peter Varkoly <varkoly@suse.com>
|
|
|
|
|
|
|
|
|
|
- Remove Berkeley DB dependency (JIRA#SLE-12191)
|
|
|
|
|
The pacakges postfix is build without Berkely DB support.
|
|
|
|
|
lmdb will be used instead of BDB.
|
|
|
|
|
The pacakges postfix-bdb is build with Berkely DB support.
|
|
|
|
|
o add patch for main.cf for postfix-bdb package
|
|
|
|
|
postfix-bdb-main.cf.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Nov 8 20:59:23 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
|
|
|
|
|
|
|
|
|
- Update to 3.5.8
|
|
|
|
|
* The Postfix SMTP client inserted <CR><LF> into message headers longer
|
|
|
|
|
than $line_length_limit (default: 2048), causing all subsequent header
|
|
|
|
|
content to become message body content.
|
|
|
|
|
* The postscreen daemon did not save a copy of the
|
|
|
|
|
postscreen_dnsbl_reply_map lookup result. This has no effect when the
|
|
|
|
|
recommended texthash: look table is used, but it could result in stale
|
|
|
|
|
data with other lookup tables.
|
|
|
|
|
* After deleting a recipient with a Milter, the Postfix recipient
|
|
|
|
|
duplicate filter was not updated; the filter suppressed requests
|
|
|
|
|
to add the recipient back.
|
|
|
|
|
* Memory leak: the static: maps did not free their casefolding buffer.
|
|
|
|
|
* With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a
|
|
|
|
|
TLS handshake, after processing an XCLIENT command.
|
|
|
|
|
* The smtp_sasl_mechanism_filter implementation ignored table lookup
|
|
|
|
|
errors, treating them as 'not found'.
|
|
|
|
|
* The code that looks for Delivered-To: headers ignored headers longer
|
|
|
|
|
than $line_length_limit (default: 2048).
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Aug 31 13:38:04 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
|
|
|
|
|
|
|
|
|
- Update to 3.5.7
|
|
|
|
|
* Fixed random certificate verification failures with
|
|
|
|
|
"smtp_tls_connection_reuse = yes", because tlsproxy(8) was using
|
|
|
|
|
the wrong global TLS context for connections that use DANE or
|
|
|
|
|
non-DANE trust anchors.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Aug 25 13:54:40 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
|
|
|
|
|
|
|
|
|
|
- Move ldap into an own sub-package like all other databases
|
|
|
|
|
- Move manual pages to correct sub-package
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 21 08:44:22 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
|
|
|
|
|
|
|
|
|
|
- Use sysusers.d to create system accounts
|
|
|
|
|
- Remove wrong %config for systemd directory content
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Aug 9 06:55:01 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
|
|
|
|
|
|
|
|
|
|
- Use the correct signature file for source verification
|
|
|
|
|
- Rename postfix-3.5.6.tar.gz.sig to postfix-3.5.6.tar.gz.asc (to
|
|
|
|
|
prevent confusion, as the signature file from upstream with .sig
|
|
|
|
|
extension is incompatible with the build service)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Jul 26 21:22:39 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
|
|
|
|
|
|
|
|
|
- Update to 3.5.6 with following fixes:
|
|
|
|
|
* Workaround for unexpected TLS interoperability problems when Postfix
|
|
|
|
|
runs on OS distributions with system-wide OpenSSL configurations.
|
|
|
|
|
* Memory leaks in the Postfix TLS library, the largest one
|
|
|
|
|
involving multiple kBytes per peer certificate.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jul 16 20:42:19 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
|
|
|
|
|
|
|
|
|
|
- Add source verification (add postfix.keyring)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jul 3 14:06:53 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
|
|
|
|
|
|
|
|
|
|
- Use systemd_ordering instead of systemd_require.
|
|
|
|
|
- Move /etc/postfix/system to /usr/lib/postfix/systemd [bsc#1173688]
|
|
|
|
|
- Drop /var/adm/SuSEconfig from %post, it does nothing.
|
|
|
|
|
- Rename postfix-SuSE to postfix-SUSE
|
|
|
|
|
- Delete postfix-SUSE/README.SuSE, company name spelled wrong,
|
|
|
|
|
completly outdated and not used.
|
|
|
|
|
- Delete postfix-SUSE/SPAMASSASSIN+POSTFIX.SuSE, company name
|
|
|
|
|
spelled wrong, outdated and not used.
|
|
|
|
|
- sysconfig.mail-postfix: Fix description of MAIL_CREATE_CONFIG,
|
|
|
|
|
SuSEconfig is gone since ages.
|
|
|
|
|
- update_chroot.systemd: Remove advice to run SuSEconfig.
|
|
|
|
|
- Remove rc.postfix, not used, outdated.
|
|
|
|
|
- mkpostfixcert: Remove advice to run SuSEconfig.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 29 18:44:13 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
|
|
|
|
|
|
|
|
|
- Update to 3.5.4:
|
|
|
|
|
* The connection_reuse attribute in smtp_tls_policy_maps always
|
|
|
|
|
resulted in an "invalid attribute name" error.
|
|
|
|
|
* SMTP over TLS connection reuse always failed for Postfix SMTP
|
|
|
|
|
client configurations that specify explicit trust anchors (remote
|
|
|
|
|
SMTP server certificates or public keys).
|
|
|
|
|
* The Postfix SMTP client's DANE implementation would always send
|
|
|
|
|
an SNI option with the name in a destination's MX record, even
|
|
|
|
|
if the MX record pointed to a CNAME record. MX records that
|
|
|
|
|
point to CNAME records are not conformant with RFC5321, and so
|
|
|
|
|
are rare.
|
|
|
|
|
Based on the DANE survey of ~2 million hosts it was found that
|
|
|
|
|
with the corrected SMTP client behavior, sending SNI with the
|
|
|
|
|
CNAME-expanded name, the SMTP server would not send a different
|
|
|
|
|
certificate. This fix should therefore be safe.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 15 16:09:57 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
|
|
|
|
|
|
|
|
|
- Update to 3.5.3:
|
|
|
|
|
* TLS handshake failure in the Postfix SMTP server during SNI
|
|
|
|
|
processing, after the server-side TLS engine sent a TLSv1.3
|
|
|
|
|
HelloRetryRequest (HRR) to a remote SMTP client.
|
|
|
|
|
* The command "postfix tls deploy-server-cert" did not handle a
|
|
|
|
|
missing optional argument. This bug was introduced in Postfix
|
|
|
|
|
3.1.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun May 17 19:57:57 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
|
|
|
|
|
|
|
|
|
- Update to 3.5.2:
|
|
|
|
|
* A TLS error for a database client caused a false 'lost connection'
|
|
|
|
|
error for an SMTP over TLS session in the same Postfix process.
|
|
|
|
|
This bug was introduced with Postfix 2.2.
|
|
|
|
|
* The same bug existed in the tlsproxy(8) daemon, where a TLS
|
|
|
|
|
error for one TLS session could cause a false 'lost connection'
|
|
|
|
|
error for a concurrent TLS session in the same process. This
|
|
|
|
|
bug was introduced with Postfix 2.8.
|
|
|
|
|
* The Postfix build now disables DANE support on Linux systems
|
|
|
|
|
with libc-musl such as Alpine, because libc-musl provides no
|
|
|
|
|
indication whether DNS responses are authentic. This broke DANE
|
|
|
|
|
support without a clear explanation.
|
|
|
|
|
* Due to implementation changes in the ICU library, some Postfix
|
|
|
|
|
daemons reported file access errrors (U_FILE_ACCESS_ERROR) after
|
|
|
|
|
chroot(). This was fixed by initializing the ICU library before
|
|
|
|
|
making the chroot() call.
|
|
|
|
|
* Minor code changes to silence a compiler that special-cases
|
|
|
|
|
string literals.
|
|
|
|
|
* Segfault (null pointer) in the tlsproxy(8) client role when the
|
|
|
|
|
server role was disabled. This typically happened on systems
|
|
|
|
|
that do not receive mail, after configuring connection reuse
|
|
|
|
|
for outbound SMTP over TLS.
|
|
|
|
|
* The date portion of the maillog_file_rotate_suffix default value
|
|
|
|
|
used the minute (%M) instead of the month (%m).
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon May 11 20:07:40 UTC 2020 - Arjen de Korte <suse+build@de-korte.org>
|
|
|
|
|
|
|
|
|
|
- boo#1106004 fix incorrect locations for files in postfix-files
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Apr 19 10:22:12 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
|
|
|
|
|
|
|
|
|
- Dropped deprecated-RES_INSECURE1.patch to make DNSSEC-secured
|
|
|
|
|
lookups and DANE mail transport work again
|
|
|
|
|
- Update to 3.5.1:
|
|
|
|
|
* Support for the haproxy v2 protocol. The Postfix implementation
|
|
|
|
|
supports TCP over IPv4 and IPv6, as well as non-proxied
|
|
|
|
|
connections; the latter are typically used for heartbeat tests.
|
|
|
|
|
* Support to force-expire email messages. This introduces new
|
|
|
|
|
postsuper(1) command-line options to request expiration, and
|
|
|
|
|
additional information in mailq(1) or postqueue(1) output.
|
|
|
|
|
* The Postfix SMTP and LMTP client support a list of nexthop
|
|
|
|
|
destinations separated by comma or whitespace. These destinations
|
|
|
|
|
will be tried in the specified order.
|
|
|
|
|
* Incompatible changes:
|
|
|
|
|
* Logging: Postfix daemon processes now log the from= and to=
|
|
|
|
|
addresses in external (quoted) form in non-debug logging (info,
|
|
|
|
|
warning, etc.). This means that when an address localpart
|
|
|
|
|
contains spaces or other special characters, the localpart will
|
|
|
|
|
be quoted, for example:
|
|
|
|
|
from=<"name with spaces"@example.com>
|
|
|
|
|
Specify "info_log_address_format = internal" for backwards compatibility.
|
|
|
|
|
* Postfix now normalizes IP addresses received with XCLIENT,
|
|
|
|
|
XFORWARD, or with the HaProxy protocol, for consistency with
|
|
|
|
|
direct connections to Postfix. This may change the appearance
|
|
|
|
|
of logging, and the way that check_client_access will match
|
|
|
|
|
subnets of an IPv6 address.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Mar 13 14:29:32 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
|
|
|
|
|
|
|
|
|
- Update to 3.4.10:
|
|
|
|
|
* Bug (introduced: Postfix 2.3): Postfix Milter client state
|
|
|
|
|
was not properly reset after one Milter in a multi-Milter
|
|
|
|
|
configuration failed during MAIL FROM, resulting in a Postfix
|
|
|
|
|
Milter client panic during the next MAIL FROM command in the
|
|
|
|
|
same SMTP session.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Feb 7 17:07:39 UTC 2020 - Peter Varkoly <varkoly@suse.com>
|
|
|
|
|
|
|
|
|
|
- bsc#1162891 server:mail/postfix: cond_slp bug on TW after
|
|
|
|
|
moving /etc/services to /usr/etc/services
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Feb 5 12:27:07 UTC 2020 - Peter Varkoly <varkoly@suse.com>
|
|
|
|
|
|
|
|
|
|
- bsc#1160413 postfix fails with -fno-common
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 3 12:31:48 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
|
|
|
|
|
|
|
|
|
- Update to 3.4.9:
|
|
|
|
|
* Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were
|
|
|
|
|
broken while adding support for negative DNS response caching
|
|
|
|
|
in postscreen. Postfix was inadvertently changed to call
|
|
|
|
|
res_query() instead of res_search().
|
|
|
|
|
* Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro
|
|
|
|
|
overrides from a Milter application. Postfix now evaluates the
|
|
|
|
|
Milter macros for an SMTP CONNECT event after the Postfix-to-Milter
|
|
|
|
|
connection is negotiated.
|
|
|
|
|
* Bug (introduced: Postfix 3.0): sanitize (remote) server responses
|
|
|
|
|
before storing them in the verify database, to avoid Postfix
|
|
|
|
|
warnings about malformed UTF8. Found during code maintenance.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Nov 27 19:55:30 UTC 2019 - Michael Ströder <michael@stroeder.com>
|
|
|
|
|
|
|
|
|
|
- Update to 3.4.8:
|
|
|
|
|
* Fix for an Exim interoperability problem when postscreen after-220
|
|
|
|
|
checks are enabled. Bug introduced in Postfix 3.4: the code
|
|
|
|
|
that detected "PIPELINING after BDAT" looked at the wrong
|
|
|
|
|
variable. The warning now says "BDAT without valid RCPT", and
|
|
|
|
|
the error is no longer treated as a command PIPELINING error,
|
|
|
|
|
thus allowing mail to be delivered. Meanwhile, Exim has been
|
|
|
|
|
fixed to stop sending BDAT commands when postscreen rejects all
|
|
|
|
|
RCPT commands.
|
|
|
|
|
* Usability bug, introduced in Postfix 3.4: the parser for
|
|
|
|
|
key/certificate chain files rejected inputs that contain an EC
|
|
|
|
|
PARAMETERS object. While this is technically correct (the
|
|
|
|
|
documentation says what types are allowed) this is surprising
|
|
|
|
|
behavior because the legacy cert/key parameters will accept
|
|
|
|
|
such inputs. For now, the parser skips object types that it
|
|
|
|
|
does not know about for usability, and logs a warning because
|
|
|
|
|
ignoring inputs is not kosher.
|
|
|
|
|
* Bug introduced in Postfix 2.8: don't gratuitously enable all
|
|
|
|
|
after-220 tests when only one such test is enabled. This made
|
|
|
|
|
selective tests impossible with 'good' clients. This will be
|
|
|
|
|
fixed in older Postfix versions at some later time.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 24 07:59:04 UTC 2019 - Martin Liška <mliska@suse.cz>
|
|
|
|
|
|
|
|
|
|
- Backport deprecated-RES_INSECURE1.patch in order to fix
|
|
|
|
|
boo#1149705.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Sep 22 16:45:39 UTC 2019 - Michael Ströder <michael@stroeder.com>
|
|
|
|
|
|
|
|
|
|
- Update to 3.4.7:
|
|
|
|
|
* Robustness: the tlsproxy(8) daemon could go into a loop, logging
|
|
|
|
|
a flood of error messages. Problem reported by Andreas Schulze
|
|
|
|
|
after enabling SMTP/TLS connection reuse.
|
|
|
|
|
* Workaround: OpenSSL changed an SSL_Shutdown() non-error result
|
|
|
|
|
value into an error result value, causing logfile noise.
|
|
|
|
|
* Configuration: the new 'TLS fast shutdown' parameter name was
|
|
|
|
|
implemented incorrectly. The documentation said
|
|
|
|
|
"tls_fast_shutdown_enable", but the code said "tls_fast_shutdown".
|
|
|
|
|
This was fixed by changing the code, because no-one is expected
|
|
|
|
|
to override the default.
|
|
|
|
|
* Performance: workaround for poor TCP loopback performance on
|
|
|
|
|
LINUX, where getsockopt(..., TCP_MAXSEG, ...) reports a bogus
|
|
|
|
|
TCP maximal segment size that is 1/2 to 1/3 of the real MSS.
|
|
|
|
|
To avoid client-side Nagle delays or server-side delayed ACKs
|
|
|
|
|
caused by multiple smaller-than-MSS writes, Postfix chooses a
|
|
|
|
|
VSTREAM buffer size that is a small multiple of the reported
|
|
|
|
|
bogus MSS. This workaround increases the multiplier from 2x to
|
|
|
|
|
4x.
|
|
|
|
|
* Robustness: the Postfix Dovecot client could segfault (null
|
|
|
|
|
pointer read) or cause an SMTP server assertion to fail when
|
|
|
|
|
talking to a fake Dovecot server. The Postfix Dovecot client
|
|
|
|
|
now logs a proper error instead.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 19 06:20:48 UTC 2019 - Peter Varkoly <varkoly@suse.com>
|
|
|
|
|
|
|
|
|
|
- bsc#1120757 L3: File Permissions->Paranoid can cause a system hang
|
|
|
|
|
Break loop if postfix has no permission in spool directory.
|
|
|
|
|
- add postfix-avoid-infinit-loop-if-no-permission.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 9 14:50:12 UTC 2019 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- fix for boo#1144946
|
|
|
|
|
mydestination - missing default localhost
|
|
|
|
|
* update config.postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jul 26 08:26:07 UTC 2019 - Peter Varkoly <varkoly@suse.com>
|
|
|
|
|
|
|
|
|
|
- bsc#1142881 - mkpostfixcert from Postfix still uses md
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jul 25 12:38:43 UTC 2019 - matthias.gerstner@suse.com
|
|
|
|
|
|
|
|
|
|
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
|
|
|
|
|
firewalld, see [1].
|
|
|
|
|
|
|
|
|
|
[1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Jul 21 23:54:34 UTC 2019 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- update example POSTFIX_BASIC_SPAM_PREVENTION: permit_mynetworks for
|
|
|
|
|
* POSTFIX_SMTPD_HELO_RESTRICTIONS
|
|
|
|
|
* POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS
|
|
|
|
|
- fix for: Can't connect to local MySQL server through socket
|
|
|
|
|
'/run/mysql/mysql.sock'
|
|
|
|
|
* update config.postfix
|
|
|
|
|
* update update_chroot.systemd
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jul 3 08:43:58 UTC 2019 - Michael Ströder <michael@stroeder.com>
|
|
|
|
|
|
|
|
|
|
- Update to 3.4.6:
|
|
|
|
|
* Workaround for implementations that hang Postfix while shutting
|
|
|
|
|
down a TLS session, until Postfix times out. With
|
|
|
|
|
"tls_fast_shutdown_enable = yes" (the default), Postfix no
|
|
|
|
|
longer waits for the TLS peer to respond to a TLS 'close'
|
|
|
|
|
request. This is recommended with TLSv1.0 and later.
|
|
|
|
|
* Fixed a too-strict censoring filter that broke multiline Milter
|
|
|
|
|
responses for header/body events. Problem report by Andreas
|
|
|
|
|
Thienemann.
|
|
|
|
|
* The code to reset Postfix SMTP server command counts was not
|
|
|
|
|
called after a HaProxy handshake failure, causing stale numbers
|
|
|
|
|
to be reported. Problem report by Joseph Ward.
|
|
|
|
|
* postconf(5) documentation: tlsext_padding is not a tls_ssl_options
|
|
|
|
|
feature.
|
|
|
|
|
* smtp(8) documentation: updated the BUGS section text about
|
|
|
|
|
Postfix support to reuse open TLS connections.
|
|
|
|
|
* Portability: added "#undef sun" to util/unix_dgram_connect.c.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 26 13:52:30 UTC 2019 - Peter Varkoly <varkoly@suse.com>
|
|
|
|
|
|
|
|
|
|
- Ensure that postfix is member of all groups as before.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 12 14:30:34 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
|
|
|
|
|
|
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
|
|
|
|
|
shortcut the build queues by allowing usage of systemd-mini
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 6 09:29:34 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
|
|
|
|
|
|
|
|
|
- Drop the omc config fate#301838:
|
|
|
|
|
* it is obsolete since SLE11
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 8 09:27:51 UTC 2019 - Peter Varkoly <varkoly@suse.com>
|
|
|
|
|
|
|
|
|
|
- bsc#1104543 config.postfix does not start tlsmgr in master.cf
|
|
|
|
|
when using POSTFIX_SMTP_TLS_CLIENT="must". Applyed the proposed
|
|
|
|
|
patch.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Mar 31 09:08:58 UTC 2019 - Michael Ströder <michael@stroeder.com>
|
|
|
|
|
|
|
|
|
|
- Update to 3.4.5:
|
|
|
|
|
Bugfix (introduced: Postfix 3.0): LMTP connections over
|
|
|
|
|
UNIX-domain sockets were cached but not reused, due to a
|
|
|
|
|
cache lookup key mismatch. Therefore, idle cached connections
|
|
|
|
|
could exhaust LMTP server resources, resulting in two-second
|
|
|
|
|
pauses between email deliveries. This problem was investigated
|
|
|
|
|
by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 18 09:56:11 UTC 2019 - Peter Varkoly <varkoly@suse.com>
|
|
|
|
|
|
|
|
|
|
- Update to 3.4.4
|
|
|
|
|
|
|
|
|
|
o Incompatible changes
|
|
|
|
|
- The Postfix SMTP server announces CHUNKING (BDAT
|
|
|
|
|
command) by default. In the unlikely case that this breaks some
|
|
|
|
|
important remote SMTP client, disable the feature as follows:
|
|
|
|
|
|
|
|
|
|
/etc/postfix/main.cf:
|
|
|
|
|
# The logging alternative:
|
|
|
|
|
smtpd_discard_ehlo_keywords = chunking
|
|
|
|
|
# The non-logging alternative:
|
|
|
|
|
smtpd_discard_ehlo_keywords = chunking, silent_discard
|
|
|
|
|
- This introduces a new master.cf service 'postlog'
|
|
|
|
|
with type 'unix-dgram' that is used by the new postlogd(8) daemon.
|
|
|
|
|
Before backing out to an older Postfix version, edit the master.cf
|
|
|
|
|
file and remove the postlog entry.
|
|
|
|
|
- Postfix 3.4 drops support for OpenSSL 1.0.1
|
|
|
|
|
- To avoid performance loss under load, the
|
|
|
|
|
tlsproxy(8) daemon now requires a zero process limit in master.cf
|
|
|
|
|
(this setting is provided with the default master.cf file). By
|
|
|
|
|
default, a tlsproxy(8) process will retire after several hours.
|
|
|
|
|
- To set the tlsproxy process limit to zero:
|
|
|
|
|
postconf -F tlsproxy/unix/process_limit=0
|
|
|
|
|
postfix reload
|
|
|
|
|
o Major changes
|
|
|
|
|
- Postfix SMTP server support for RFC 3030 CHUNKING
|
|
|
|
|
(the BDAT command) without BINARYMIME, in both smtpd(8) and
|
|
|
|
|
postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions,
|
|
|
|
|
and smtpd_proxy_filter. See BDAT_README for more.
|
|
|
|
|
- Support for logging to file or stdout, instead of using syslog.
|
|
|
|
|
- Logging to file solves a usability problem for MacOS, and
|
|
|
|
|
eliminates multiple problems with systemd-based systems.
|
|
|
|
|
- Logging to stdout is useful when Postfix runs in a container, as
|
|
|
|
|
it eliminates a syslogd dependency.
|
|
|
|
|
- Better handling of undocumented(!) Linux behavior
|
|
|
|
|
whether or not signals are delivered to a PID=1 process.
|
|
|
|
|
- Support for (key, list of filenames) in map source text.
|
|
|
|
|
Currently, this feature is used only by tls_server_sni_maps.
|
|
|
|
|
- Automatic retirement: dnsblog(8) and tlsproxy(8) process
|
|
|
|
|
will now voluntarily retire after after max_idle*max_use, or some
|
|
|
|
|
sane limit if either limit is disabled. Without this, a process
|
|
|
|
|
could stay busy for days or more.
|
|
|
|
|
- Postfix SMTP client support for multiple deliveries
|
|
|
|
|
per TLS-encrypted connection. This is primarily to improve mail
|
|
|
|
|
delivery performance for destinations that throttle clients when
|
|
|
|
|
they don't combine deliveries.
|
|
|
|
|
This feature is enabled with "smtp_tls_connection_reuse=yes" in
|
|
|
|
|
main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps.
|
|
|
|
|
It supports all Postfix TLS security levels including dane and
|
|
|
|
|
dane-only.
|
|
|
|
|
- SNI support in the Postfix SMTP server, the
|
|
|
|
|
Postfix SMTP client, and in the tlsproxy(8) daemon (both server and
|
|
|
|
|
client roles). See the postconf(5) documentation for the new
|
|
|
|
|
tls_server_sni_maps and smtp_tls_servername parameters.
|
|
|
|
|
- Support for files that contain multiple (key, certificate, trust chain)
|
|
|
|
|
instances. This was required to implement
|
|
|
|
|
server-side SNI table lookups, but it also eliminates the need for
|
|
|
|
|
separate cert/key files for RSA, DSA, Elliptic Curve, and so on.
|
|
|
|
|
- Support for smtpd_reject_footer_maps (as well as the postscreen
|
|
|
|
|
variant postscreen_reject_footer_maps) for more informative reject
|
|
|
|
|
messages. This is indexed with the Postfix SMTP server response
|
|
|
|
|
text, and overrides the footer specified with smtpd_reject_footer.
|
|
|
|
|
One will want to use a pcre: or regexp: map with this.
|
|
|
|
|
o Bugfixes
|
|
|
|
|
- Andreas Schulze discovered that reject_multi_recipient_bounce
|
|
|
|
|
was producing false rejects with BDAT commands. This problem
|
|
|
|
|
already existed with Postfix 2.2 smtpd_end_of_data_restrictons.
|
|
|
|
|
Postfix 3.4.4 fixes both.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Mar 5 13:21:35 UTC 2019 - Jiri Slaby <jslaby@suse.com>
|
|
|
|
|
|
|
|
|
|
- postfix-linux45.patch: support also newer kernels -- pretend
|
|
|
|
|
we are still at kernel 3. Note that there are no conditionals for
|
|
|
|
|
LINUX3 or LINUX4. And LINUX5 was generated, but not tested in the
|
|
|
|
|
code which caused build failures.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 4 14:43:05 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
|
|
|
|
|
|
- skip set -x and fix version update changes entry
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Mar 2 19:26:21 UTC 2019 - Michael Ströder <michael@stroeder.com>
|
|
|
|
|
|
|
|
|
|
- Update to 3.3.3
|
|
|
|
|
* When the master daemon runs with PID=1 (init mode), it will now
|
|
|
|
|
reap child processes from non-Postfix code running in the same
|
|
|
|
|
container, instead of terminating with a panic.
|
|
|
|
|
* Bugfix (introduced: postfix-2.11): with posttls-finger,
|
|
|
|
|
connections to unix-domain servers always resulted in "Failed
|
|
|
|
|
to establish session" even after a connection was established.
|
|
|
|
|
Jaroslav Skarva. File: posttls-finger/posttls-finger.c.
|
|
|
|
|
* Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes,
|
|
|
|
|
table lookups could casefold the search string when searching
|
|
|
|
|
a lookup table that does not use fixed-string keys (regexp,
|
|
|
|
|
pcre, tcp, etc.). Historically, Postfix would not case-fold
|
|
|
|
|
the search string with such tables. File: util/dict_utf8.c.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Mar 1 16:23:13 UTC 2019 - Reinhard Max <max@suse.com>
|
|
|
|
|
|
|
|
|
|
- PostrgeSQL's pg_config is meant for linking server extensions,
|
|
|
|
|
use libpq's pkg-config instead, if available.
|
|
|
|
|
This is needed to fix build with PostgreSQL 11.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 7 18:22:14 UTC 2019 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- rework config.postfix
|
|
|
|
|
* disable commenting of smtpd_sasl_path/smtpd_sasl_type
|
|
|
|
|
no need to comment, cause it is set to default anyway
|
|
|
|
|
and 'uncommenting' would place it at end of file then
|
|
|
|
|
which is not wanted
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Jan 26 19:28:02 UTC 2019 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- rework postfix-main.cf.patch
|
|
|
|
|
* disable virtual_alias_domains cause (default: $virtual_alias_maps)
|
|
|
|
|
- rework config.postfix
|
|
|
|
|
* disable PCONF of virtual_alias_domains
|
|
|
|
|
virtual_alias_maps will be set anyway to the correct value
|
|
|
|
|
* extend virtual_alias_maps with
|
|
|
|
|
- mysql_virtual_alias_domain_maps.cf
|
|
|
|
|
- mysql_virtual_alias_domain_catchall_maps.cf
|
|
|
|
|
- rework postfix-mysql, added
|
|
|
|
|
* mysql_virtual_alias_domain_maps.cf
|
|
|
|
|
* mysql_virtual_alias_domain_catchall_maps.cf
|
|
|
|
|
needed for reject_unverified_recipient
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Dec 13 10:20:31 UTC 2018 - malte.kraus@suse.com
|
|
|
|
|
|
|
|
|
|
- binary hardening: link with full RELRO
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Nov 25 10:18:07 UTC 2018 - Michael Ströder <michael@stroeder.com>
|
|
|
|
|
|
|
|
|
|
- Update to 3.3.2
|
|
|
|
|
* Support for OpenSSL 1.1.1 and TLSv1.3.
|
|
|
|
|
* Bugfixes:
|
|
|
|
|
- smtpd_discard_ehlo_keywords could not disable "SMTPUTF8", because
|
|
|
|
|
some lookup table was using "EHLO_MASK_SMTPUTF8" instead.
|
|
|
|
|
- minor memory leak in DANE support when minting issuer certs.
|
|
|
|
|
- The Postfix build did not abort if the m4 command was not installed,
|
|
|
|
|
resulting in a broken postconf command.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Nov 24 17:08:30 UTC 2018 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- add POSTFIX_RELAY_DOMAINS
|
|
|
|
|
* more flexibility to add to relay_domains without breaking
|
|
|
|
|
config.postfix
|
|
|
|
|
* rework restriction examples in sysconf.postfix
|
|
|
|
|
based on postfix-buch.com (2. edtion by Hildebrandt, Koetter)
|
|
|
|
|
- disable weak cipher: RC4
|
|
|
|
|
after check with https://ssl-tools.net/mailservers
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Oct 22 13:00:03 UTC 2018 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- update config.postfix
|
|
|
|
|
* don't reject mail from authenticated users even if
|
|
|
|
|
reject_unknown_client_hostname would match,
|
|
|
|
|
add permit_sasl_authenticated to all restrictions
|
|
|
|
|
requires smtpd_delay_reject = yes
|
|
|
|
|
- update postfix-main.cf.patch
|
|
|
|
|
* recover removed setting smtpd_sasl_path and smtpd_sasl_type,
|
|
|
|
|
set to default value
|
|
|
|
|
config.postfix will not 'enable' (remove #) var, but place
|
|
|
|
|
modified (enabled) var at end of file, far away from place
|
|
|
|
|
where it should be
|
|
|
|
|
- rebase patches
|
|
|
|
|
* fix-postfix-script.patch
|
|
|
|
|
* postfix-vda-v14-3.0.3.patch
|
|
|
|
|
* postfix-linux45.patch
|
|
|
|
|
* postfix-master.cf.patch
|
|
|
|
|
* pointer_to_literals.patch
|
|
|
|
|
* postfix-no-md5.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Oct 4 12:51:32 UTC 2018 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bsc#1092939 - Postfixes postconf gives a lot of LDAP related warnings
|
|
|
|
|
o add m4 as buildrequires, as proposed.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Aug 27 09:38:29 UTC 2018 - tchvatal@suse.com
|
|
|
|
|
|
|
|
|
|
- Add zlib-devel as buildrequires, previously included from
|
|
|
|
|
openssl-devel
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri May 25 11:19:22 UTC 2018 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bsc#1087471 Unreleased Postfix update breaks SUSE Manager
|
|
|
|
|
o Removing setting smtpd_sasl_path and smtpd_sasl_type to empty
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon May 21 16:31:57 UTC 2018 - michael@stroeder.com
|
|
|
|
|
|
|
|
|
|
- Update to 3.3.1
|
|
|
|
|
* Postfix did not support running as a PID=1 process, which
|
|
|
|
|
complicated Postfix deployment in containers. The "postfix
|
|
|
|
|
start-fg" command will now run the Postfix master daemon as a
|
|
|
|
|
PID=1 process if possible. Thanks for inputs from Andreas
|
|
|
|
|
Schulze, Eray Aslan, and Viktor Dukhovni.
|
|
|
|
|
* Segfault in the postconf(1) command after it could not open a
|
|
|
|
|
Postfix database configuration file due to a file permission
|
|
|
|
|
error (dereferencing a null pointer). Reported by Andreas
|
|
|
|
|
Hasenack, fixed by Viktor Dukhovni.
|
|
|
|
|
* The luser_relay feature became a black hole, when the luser_relay
|
|
|
|
|
parameter was set to a non-existent local address (i.e. mail
|
|
|
|
|
disappeared silently). Reported by J?rgen Thomsen.
|
|
|
|
|
* Missing error propagation in the tlsproxy(8) daemon could result
|
|
|
|
|
in a segfault after TLS handshake error (dereferencing a
|
|
|
|
|
0xffff...ffff pointer). This daemon handles the TLS protocol
|
|
|
|
|
when a non-whitelisted client sends a STARTTLS command to
|
|
|
|
|
postscreen(8).
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 9 09:02:12 UTC 2018 - lnussel@suse.de
|
|
|
|
|
|
|
|
|
|
- remove pre-requirements on sysvinit(network) and sysvinit(syslog).
|
|
|
|
|
There seems to be no good reason for that other than blowing up
|
|
|
|
|
the dependencies (bsc#1092408).
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Apr 9 09:32:56 UTC 2018 - adam.majer@suse.de
|
|
|
|
|
|
|
|
|
|
- bsc#1071807 postfix-SuSE/config.postfix: only reload postfix
|
|
|
|
|
if the actual service is running. This prevents spurious
|
|
|
|
|
and irrelevant error messages in system logs.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Mar 22 14:20:20 UTC 2018 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bsc#1082514 autoyast: postfix gets not set myhostname properly -
|
|
|
|
|
set to localhost
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 12 13:43:43 UTC 2018 - ilya@ilya.pp.ua
|
|
|
|
|
|
|
|
|
|
- Refresh spec-file via spec-cleaner and manual optinizations.
|
|
|
|
|
* Add %license macro.
|
|
|
|
|
* Set license to IPL-1.0 OR EPL-2.0.
|
|
|
|
|
- Update to 3.3.0
|
|
|
|
|
* http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.0.RELEASE_NOTES
|
|
|
|
|
* Dual license: in addition to the historical IBM Public License
|
|
|
|
|
1.0, Postfix is now also distributed with the more recent Eclipse
|
|
|
|
|
Public License 2.0. Recipients can choose to take the software
|
|
|
|
|
under the license of their choice. Those who are more comfortable
|
|
|
|
|
with the IPL can continue with that license.
|
|
|
|
|
* The postconf command now warns about unknown parameter names
|
|
|
|
|
in a Postfix database configuration file. As with other unknown
|
|
|
|
|
parameter names, these warnings can help to find typos early.
|
|
|
|
|
* Container support: Postfix 3.3 will run in the foreground with
|
|
|
|
|
"postfix start-fg". This requires that Postfix multi-instance
|
|
|
|
|
support is disabled (the default). To collect Postfix syslog
|
|
|
|
|
information on the container's host, mount the host's /dev/log
|
|
|
|
|
socket into the container, for example with "docker run -v
|
|
|
|
|
/dev/log:/dev/log ...other options...", and specify a distinct
|
|
|
|
|
Postfix syslog_name setting in the container (for example with
|
|
|
|
|
"postconf syslog_name=the-name-here").
|
|
|
|
|
* Milter support: applications can now send RET and ENVID parameters
|
|
|
|
|
in SMFIR_CHGFROM (change envelope sender) requests.
|
|
|
|
|
* Postfix-generated From: headers with 'full name' information
|
|
|
|
|
are now formatted as "From: name <address>" by default. Specify
|
|
|
|
|
"header_from_format = obsolete" to get the earlier form "From:
|
|
|
|
|
address (name)".
|
|
|
|
|
* Interoperability: when Postfix IPv6 and IPv4 support are both
|
|
|
|
|
enabled, the Postfix SMTP client will now relax MX preferences
|
|
|
|
|
and attempt to schedule similar numbers of IPv4 and IPv6
|
|
|
|
|
addresses. This works around mail delivery problems when a
|
|
|
|
|
destination announces lots of primary MX addresses on IPv6, but
|
|
|
|
|
is reachable only over IPv4 (or vice versa). The new behavior
|
|
|
|
|
is controlled with the smtp_balance_mx_inet_protocols parameter.
|
|
|
|
|
* Compatibility safety net: with compatibility_level < 1, the
|
|
|
|
|
Postfix SMTP server now warns for mail that would be blocked
|
|
|
|
|
by the Postfix 2.10 smtpd_relay_restrictions feature, without
|
|
|
|
|
blocking that mail. There still is a steady trickle of sites
|
|
|
|
|
that upgrade from an earlier Postfix version.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Feb 13 10:39:37 UTC 2018 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bsc#1065411 Package postfix should require package system-user-nobody
|
|
|
|
|
- bsc#1080772 postfix smtpd throttle getting "hello" if no sasl auth
|
|
|
|
|
was configured
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Dec 7 15:02:14 UTC 2017 - dimstar@opensuse.org
|
|
|
|
|
|
|
|
|
|
- Fix usage of fillup_only:-y is not a valid option to this macro.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Nov 23 13:43:17 UTC 2017 - rbrown@suse.com
|
|
|
|
|
|
|
|
|
|
- Replace references to /var/adm/fillup-templates with new
|
|
|
|
|
%_fillupdir macro (boo#1069468)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Nov 8 13:32:28 CET 2017 - kukuk@suse.de
|
|
|
|
|
|
|
|
|
|
- Don't mark postfix.service as config file, this is no config
|
|
|
|
|
file.
|
|
|
|
|
- Some of the Requires(pre) are needed for post-install and at
|
|
|
|
|
runtime, fix the requires.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Oct 30 12:12:08 UTC 2017 - michael@stroeder.com
|
|
|
|
|
|
|
|
|
|
- update to 3.2.4
|
|
|
|
|
* DANE interoperability. Postfix builds with OpenSSL 1.0.0 or
|
|
|
|
|
1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS
|
|
|
|
|
records associated with an intermediate CA certificate. Problem
|
|
|
|
|
report and initial fix by Erwan Legrand.
|
|
|
|
|
* Missing dynamicmaps support in the Postfix sendmail command.
|
|
|
|
|
This broke authorized_submit_users settings that use a
|
|
|
|
|
dynamically-loaded map type. Problem reported by Ulrich Zehl.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Oct 20 12:27:12 UTC 2017 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#1059512 L3: Postfix Problem
|
|
|
|
|
The applied changes breaks existing postfix configurations because
|
|
|
|
|
daemon_directory was not adapted to the new value.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Oct 15 22:47:29 UTC 2017 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- fix build for SLE
|
|
|
|
|
* nothing provides libnsl-devel
|
|
|
|
|
* add bcond_with libnsl
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Oct 4 10:58:28 UTC 2017 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#1059512 L3: Postfix Problem
|
|
|
|
|
To manage multiple Postfix instances on a single host requires
|
|
|
|
|
that daemon_directory and shlib_directory is different to
|
|
|
|
|
avoid use of the shared directories also as per-instance directories.
|
|
|
|
|
For this reason daemon_directory was set to /usr/lib/postfix/bin/.
|
|
|
|
|
shlib_directory stands /usr/lib/postfix/.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 28 08:44:41 UTC 2017 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#1016491 postfix raported to log "warning: group or other writable:"
|
|
|
|
|
on each symlink in config.
|
|
|
|
|
* Add fix-postfix-script.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Sep 25 16:25:05 UTC 2017 - michael@stroeder.com
|
|
|
|
|
|
|
|
|
|
- update to 3.2.3
|
|
|
|
|
* Extension propagation was broken with "recipient_delimiter = .".
|
|
|
|
|
This change reverts a change that was trying to be too clever.
|
|
|
|
|
* The postqueue command would abort with a panic message after it
|
|
|
|
|
experienced an output write error while listing the mail queue.
|
|
|
|
|
This change restores a write error check that was lost with the
|
|
|
|
|
Postfix 3.2 rewrite of the vbuf_print formatter.
|
|
|
|
|
* Restored sanity checks for dynamically-specified width and precision
|
|
|
|
|
in format strings (%*, %.*, and %*.*). These checks were lost with
|
|
|
|
|
the Postfix 3.2 rewrite of the vbuf_print formatter.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 17 08:56:15 CEST 2017 - kukuk@suse.de
|
|
|
|
|
|
|
|
|
|
- Add libnsl-devel build requires for glibc obsoleting libnsl
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jul 27 10:31:01 UTC 2017 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#1045264 L3: postmap problem
|
|
|
|
|
* Applying proposed patch of leen.meyer@ziggo.nl in bnc#771811
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jun 16 17:45:55 UTC 2017 - michael@stroeder.com
|
|
|
|
|
|
|
|
|
|
- update to 3.2.2
|
|
|
|
|
* Security: Berkeley DB versions 2 and later try to read settings
|
|
|
|
|
from a file DB_CONFIG in the current directory. This undocumented
|
|
|
|
|
feature may introduce undisclosed vulnerabilities resulting in
|
|
|
|
|
privilege escalation with Postfix set-gid programs (postdrop,
|
|
|
|
|
postqueue) before they chdir to the Postfix queue directory,
|
|
|
|
|
and with the postmap and postalias commands depending on whether
|
|
|
|
|
the user's current directory is writable by other users. This
|
|
|
|
|
fix does not change Postfix behavior for Berkeley DB versions
|
|
|
|
|
< 3, but it does reduce postmap and postalias 'create' performance
|
|
|
|
|
with Berkeley DB versions 3.0 .. 4.6.
|
|
|
|
|
* The SMTP server receive_override_options were not restored at
|
|
|
|
|
the end of an SMTP session, after the options were modified by
|
|
|
|
|
an smtpd_milter_maps setting of "DISABLE". Milter support
|
|
|
|
|
remained disabled for the life time of the smtpd process.
|
|
|
|
|
* After the Postfix 3.2 address/domain table lookup overhaul, the
|
|
|
|
|
check_sender_access and check_recipient_access features ignored
|
|
|
|
|
a non-default parent_domain_matches_subdomains setting.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Apr 19 20:36:03 UTC 2017 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- revert changes of postfix-main.cf.patch from rev=261
|
|
|
|
|
* config.postfix will not 'enable' (remove #) var, but place
|
|
|
|
|
modified (enabled) var at end of file, far away from place
|
|
|
|
|
where it should be
|
|
|
|
|
* keep vars enabled but empty
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Apr 13 09:18:45 UTC 2017 - werner@suse.de
|
|
|
|
|
|
|
|
|
|
- Some cleanups
|
|
|
|
|
* Fix SUSE postfix-files to avoid chown errors (anyway this file
|
|
|
|
|
seems to be obsolete)
|
|
|
|
|
* Avoid installing shared libraries twice
|
|
|
|
|
* Refresh patch postfix-linux45.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Apr 8 15:06:14 UTC 2017 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- update postfix-master.cf.patch
|
|
|
|
|
* recover lost (with 3.2.0 update) submission, smtps sections
|
|
|
|
|
* merge with upstream update
|
|
|
|
|
- update config.postfix
|
|
|
|
|
* update master.cf generation for submission
|
|
|
|
|
- rebase patches against 3.2.0
|
|
|
|
|
* pointer_to_literals.patch
|
|
|
|
|
* postfix-no-md5.patch
|
|
|
|
|
* postfix-ssl-release-buffers.patch
|
|
|
|
|
* postfix-vda-v14-3.0.3.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 20 18:01:36 CET 2017 - kukuk@suse.de
|
|
|
|
|
|
|
|
|
|
- Require system group mail
|
|
|
|
|
- Use mail group name instead of GID
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 6 21:27:38 UTC 2017 - mrueckert@suse.de
|
|
|
|
|
|
|
|
|
|
- update to 3.2.0
|
|
|
|
|
- [Feature 20170128] Postfix 3.2 fixes the handling of address
|
|
|
|
|
extensions with email addresses that contain spaces. For
|
|
|
|
|
example, the virtual_alias_maps, canonical_maps, and
|
|
|
|
|
smtp_generic_maps features now correctly propagate an address
|
|
|
|
|
extension from "aa bb+ext"@example.com to "cc
|
|
|
|
|
dd+ext"@other.example, instead of producing broken output.
|
|
|
|
|
- [Feature 20161008] "PASS" and "STRIP" actions in
|
|
|
|
|
header/body_checks. "STRIP" is similar to "IGNORE" but also
|
|
|
|
|
logs the action, and "PASS" disables header, body, and Milter
|
|
|
|
|
inspection for the remainder of the message content.
|
|
|
|
|
Contributed by Hobbit.
|
|
|
|
|
- [Feature 20160330] The collate.pl script by Viktor Dukhovni for
|
|
|
|
|
grouping Postfix logfile records into "sessions" based on queue
|
|
|
|
|
ID and process ID information. It's in the auxiliary/collate
|
|
|
|
|
directory of the Postfix source tree.
|
|
|
|
|
- [Feature 20160527] Postfix 3.2 cidr tables support if/endif and
|
|
|
|
|
negation (by prepending ! to a pattern), just like regexp and
|
|
|
|
|
pcre tables. The primarily purpose is to improve readability
|
|
|
|
|
of complex tables. See the cidr_table(5) manpage for syntax
|
|
|
|
|
details.
|
|
|
|
|
- [Incompat 20160925] In the Postfix MySQL database client, the
|
|
|
|
|
default option_group value has changed to "client", to enable
|
|
|
|
|
reading of "client" option group settings in the MySQL options
|
|
|
|
|
file. This fixes a "not found" problem with Postfix queries
|
|
|
|
|
that contain UTF8-encoded non-ASCII text. Specify an empty
|
|
|
|
|
option_group value (option_group =) to get backwards-compatible
|
|
|
|
|
behavior.
|
|
|
|
|
- [Feature 20161217] Stored-procedure support for MySQL
|
|
|
|
|
databases. Contributed by John Fawcett. See mysql_table(5) for
|
|
|
|
|
instructions.
|
|
|
|
|
- [Feature 20170128] The postmap command, and the inline: and
|
|
|
|
|
texthash: maps now support spaces in left-hand field of the
|
|
|
|
|
lookup table "source text". Use double quotes (") around a
|
|
|
|
|
left-hand field that contains spaces, and use backslash (\) to
|
|
|
|
|
protect embedded quotes in a left-hand field. There is no
|
|
|
|
|
change in the processing of the right-hand field.
|
|
|
|
|
- [Feature 20160611] The Postfix SMTP server local IP address and
|
|
|
|
|
port are available in the policy delegation protocol (attribute
|
|
|
|
|
names: server_address, server_port), in the Milter protocol
|
|
|
|
|
(macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT
|
|
|
|
|
protocol (attribute names: DESTADDR, DESTPORT).
|
|
|
|
|
- [Feature 20161024] smtpd_milter_maps support for per-client
|
|
|
|
|
Milter configuration that overrides smtpd_milters, and that has
|
|
|
|
|
the same syntax. A lookup result of "DISABLE" turns off Milter
|
|
|
|
|
support. See MILTER_README.html for details.
|
|
|
|
|
- [Feature 20160611] The Postfix SMTP server local IP address and
|
|
|
|
|
port are available in the policy delegation protocol (attribute
|
|
|
|
|
names: server_address, server_port), in the Milter protocol
|
|
|
|
|
(macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT
|
|
|
|
|
protocol (attribute names: DESTADDR, DESTPORT).
|
|
|
|
|
- [Incompat 20170129] The postqueue command no longer forces all
|
|
|
|
|
message arrival times to be reported in UTC. To get the old
|
|
|
|
|
behavior, set TZ=UTC in main.cf:import_environment (this
|
|
|
|
|
override is not recommended, as it affects all Postfix utities
|
|
|
|
|
and daemons).
|
|
|
|
|
- [Incompat 20161227] For safety reasons, the sendmail -C option
|
|
|
|
|
must specify an authorized directory: the default configuration
|
|
|
|
|
directory, a directory that is listed in the default main.cf
|
|
|
|
|
file with alternate_config_directories or
|
|
|
|
|
multi_instance_directories, or the command must be invoked with
|
|
|
|
|
root privileges (UID 0 and EUID 0). This mitigates a recurring
|
|
|
|
|
problem with the PHP mail() function.
|
|
|
|
|
- [Feature 20160625] The Postfix SMTP server now passes remote
|
|
|
|
|
client and local server network address and port information to
|
|
|
|
|
the Cyrus SASL library. Build with ``make makefiles
|
|
|
|
|
"CCARGS=$CCARGS -DNO_IP_CYRUS_SASL_AUTH"'' for backwards
|
|
|
|
|
compatibility.
|
|
|
|
|
- [Feature 20161103] Postfix 3.2 disables the 'transitional'
|
|
|
|
|
compatibility between the IDNA2003 and IDNA2008 standards for
|
|
|
|
|
internationalized domain names (domain names beyond the limits
|
|
|
|
|
of US-ASCII).
|
|
|
|
|
|
|
|
|
|
This change makes Postfix behavior consistent with contemporary
|
|
|
|
|
web browsers. It affects the handling of some corner cases such
|
|
|
|
|
as German sz and Greek zeta. See
|
|
|
|
|
http://unicode.org/cldr/utility/idna.jsp for more examples.
|
|
|
|
|
|
|
|
|
|
Specify "enable_idna2003_compatibility = yes" to restore
|
|
|
|
|
historical behavior (but keep in mind that the rest of the
|
|
|
|
|
world may not make that same choice).
|
|
|
|
|
- [Feature 20160828] Fixes for deprecated OpenSSL 1.1.0 API
|
|
|
|
|
features, so that Postfix will build without depending on
|
|
|
|
|
backwards-compatibility support.
|
|
|
|
|
|
|
|
|
|
[Incompat 20161204] Postfix 3.2 removes tentative features that
|
|
|
|
|
were implemented before the DANE spec was finalized:
|
|
|
|
|
|
|
|
|
|
- Support for certificate usage PKIX-EE(1),
|
|
|
|
|
|
|
|
|
|
- The ability to disable digest agility (Postfix now behaves as
|
|
|
|
|
if "tls_dane_digest_agility = on"), and
|
|
|
|
|
|
|
|
|
|
- The ability to disable support for "TLSA 2 [01] [12]" records
|
|
|
|
|
that specify the digest of a trust anchor (Postfix now
|
|
|
|
|
behaves as if "tls_dane_trust_anchor_digest_enable = yes).
|
|
|
|
|
- [Feature 20161217] Postfix 3.2 enables elliptic curve
|
|
|
|
|
negotiation with OpenSSL >= 1.0.2. This changes the default
|
|
|
|
|
smtpd_tls_eecdh_grade setting to "auto", and introduces a new
|
|
|
|
|
parameter tls_eecdh_auto_curves with the names of curves that
|
|
|
|
|
may be negotiated.
|
|
|
|
|
|
|
|
|
|
The default tls_eecdh_auto_curves setting is determined at
|
|
|
|
|
compile time, and depends on the Postfix and OpenSSL versions.
|
|
|
|
|
At runtime, Postfix will skip curve names that aren't supported
|
|
|
|
|
by the OpenSSL library.
|
|
|
|
|
- [Feature 20160611] The Postfix SMTP server local IP address and
|
|
|
|
|
port are available in the policy delegation protocol (attribute
|
|
|
|
|
names: server_address, server_port), in the Milter protocol
|
|
|
|
|
(macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT
|
|
|
|
|
protocol (attribute names: DESTADDR, DESTPORT).
|
|
|
|
|
- refresh postfix-master.cf.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 6 14:04:13 UTC 2017 - wr@rosenauer.org
|
|
|
|
|
|
|
|
|
|
- make sure that system users can be created in %pre
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Feb 18 14:01:35 UTC 2017 - kukuk@suse.com
|
|
|
|
|
|
|
|
|
|
- Fix requires:
|
|
|
|
|
- shadow is needed for postfix-mysql pre-install section
|
|
|
|
|
- insserv is not needed if systemd is used
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Jan 21 23:27:34 UTC 2017 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- update postfix-mysql
|
|
|
|
|
* update mysql_*.cf files
|
|
|
|
|
* update postfix-mysql.sql (INNODB, utf8)
|
|
|
|
|
- update postfix-main.cf.patch
|
|
|
|
|
* uncomment smtpd_sasl_path, smtpd_sasl_type
|
|
|
|
|
can be changed via POSTFIX_SMTP_AUTH_SERVICE=(cyrus,dovecot)
|
|
|
|
|
* add option for smtp_tls_policy_maps (commented)
|
|
|
|
|
- update postfix-master.cf.patch
|
|
|
|
|
* fix indentation of submission, smtps options for correct
|
|
|
|
|
enabling via config.postfix
|
|
|
|
|
- update config.postfix
|
|
|
|
|
* fix sync of CA certificates
|
|
|
|
|
* fix master.cf generation for submission, smtps
|
|
|
|
|
- rebase postfix-vda-v14-3.0.3.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jan 11 14:07:35 UTC 2017 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- FATE#322322 Update postfix to version 3.X
|
|
|
|
|
Merging changes with SLES12-SP2
|
|
|
|
|
Removeved patches: add_missed_library.patch bnc#947707.diff dynamic_maps.patch postfix-db6.diff
|
|
|
|
|
postfix-opensslconfig.patch bnc#947519.diff dynamic_maps_pie.patch
|
|
|
|
|
postfix-post-install.patch
|
|
|
|
|
These are included in the new version of postfix
|
|
|
|
|
- Remove references to SuSEconfig.postfix from sysconfig docs.
|
|
|
|
|
(bsc#871575)
|
|
|
|
|
- bnc#947519 SuSEconfig.postfix should enforce umask 022
|
|
|
|
|
- bnc#947707 mail generated by Amavis being prevented from being re-adressed by /etc/postfix/virtual
|
|
|
|
|
- bnc#972346 /usr/sbin/SuSEconfig.postfix is wrong
|
|
|
|
|
- postfix-linux45.patch: handle Linux 4.x and Linux 5.x (used by aarch64)
|
|
|
|
|
(bsc#940289)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 3 12:20:18 UTC 2017 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- update to 3.1.4
|
|
|
|
|
* The postscreen daemon did not merge the client test status information
|
|
|
|
|
for concurrent sessions from the same IP address.
|
|
|
|
|
* The Postfix SMTP server falsely rejected a sender address when validating
|
|
|
|
|
a sender address with "smtpd_reject_unlisted_recipient = yes" or with
|
|
|
|
|
"reject_unlisted_sender". Cause: the address validation code did not query sender_canonical_maps.
|
|
|
|
|
* The virtual delivery agent did not detect failure to skip to the end
|
|
|
|
|
of a mailbox file, so that mail would be delivered to the beginning of the file.
|
|
|
|
|
This could happen when a mailbox file was already larger than the virtual mailbox size limit.
|
|
|
|
|
* The postsuper logged an incorrect rename operation count after creating a missing directory.
|
|
|
|
|
* The Postfix SMTP server falsely rejected mail when a sender-dependent "error"
|
|
|
|
|
transport was configured. Cause: the SMTP server address validation code
|
|
|
|
|
was not updated when the sender_dependent_default_transport_maps feature
|
|
|
|
|
was introduced.
|
|
|
|
|
* The Postfix SMTP server falsely rejected an SMTPUTF8 sender address, when "smtpd_delay_reject = no".
|
|
|
|
|
* The "postfix tls deploy-server-cert" command used the wrong certificate
|
|
|
|
|
and key file. This was caused by a cut-and-paste error in the postfix-tls-script file.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Nov 26 15:43:57 UTC 2016 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- improve config.postfix
|
|
|
|
|
* improve SASL stuff
|
|
|
|
|
* add POSTFIX_SMTP_AUTH_SERVICE=(cyrus|dovecot)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Nov 14 21:53:18 UTC 2016 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- improve config.postfix
|
|
|
|
|
* improve with MySQL stuff
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Nov 7 13:35:38 UTC 2016 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- update vda patch to latest available
|
|
|
|
|
* remove postfix-vda-v13-3.10.0.patch
|
|
|
|
|
* add postfix-vda-v14-3.0.3.patch
|
|
|
|
|
- rebase patches (and to be p0)
|
|
|
|
|
* pointer_to_literals.patch
|
|
|
|
|
* postfix-main.cf.patch
|
|
|
|
|
* postfix-master.cf.patch
|
|
|
|
|
* postfix-no-md5.patch
|
|
|
|
|
* postfix-ssl-release-buffers.patch
|
|
|
|
|
- add /etc/postfix/ssl as default DIR for SSL stuff
|
|
|
|
|
* cacerts -> ../../ssl/certs/
|
|
|
|
|
* certs/
|
|
|
|
|
- revert POSTFIX_SSL_PATH from '/etc/ssl' to '/etc/postfix/ssl'
|
|
|
|
|
- improve config.postfix
|
|
|
|
|
* revert smtpd_tls_CApath to POSTFIX_SSL_PATH/cacerts which is a
|
|
|
|
|
symlink to /etc/ssl/certs
|
|
|
|
|
Without reverting, 'gen_CA' would create files which would then be on
|
|
|
|
|
the previous defined 'sslpath(/etc/ssl)/certs' (smtpd_tls_CApath)
|
|
|
|
|
Cert reqs would be placed in 'sslpath(/etc/ssl)/certs/postfixreq.pem'
|
|
|
|
|
which is not a good idea.
|
|
|
|
|
* mkchroot: sync '/etc/postfix/ssl' to chroot
|
|
|
|
|
* improve PCONF for smtp{,d}_tls_{cert,key}_file, adding/removing from
|
|
|
|
|
main.cf, show warning if enabled and file is missing
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Oct 9 20:11:34 UTC 2016 - michael@stroeder.com
|
|
|
|
|
|
|
|
|
|
- update to 3.1.3:
|
|
|
|
|
* The Postfix SMTP server did not reset a previous session's
|
|
|
|
|
failed/total command counts before rejecting a client that
|
|
|
|
|
exceeds request or concurrency rates. This resulted in incorrect
|
|
|
|
|
failed/total command counts being logged at the end of the
|
|
|
|
|
rejected session.
|
|
|
|
|
* The unionmap multi-table interface did not propagate table
|
|
|
|
|
lookup errors, resulting in false "user unknown" responses.
|
|
|
|
|
* The documentation was updated with a workaround for false "not
|
|
|
|
|
found" errors with MySQL map queries that contain UTF8-encoded
|
|
|
|
|
text. The workaround is to specify "option_group = client" in
|
|
|
|
|
Postfix MySQL configuration files. This will be the default
|
|
|
|
|
setting with Postfix 3.2 and later.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Sep 4 15:33:27 UTC 2016 - michael@stroeder.com
|
|
|
|
|
|
|
|
|
|
- update to 3.1.2:
|
|
|
|
|
* Changes to make Postfix build with OpenSSL 1.1.0.
|
|
|
|
|
* The makedefs script ignored readme_directory=pathname overrides.
|
|
|
|
|
Fix by Todd C. Olson.
|
|
|
|
|
* The tls_session_ticket_cipher documentation says that the default
|
|
|
|
|
cipher for TLS session tickets is aes-256-cbc, but the implemented
|
|
|
|
|
default was aes-128-cbc. Note that TLS session ticket keys are
|
|
|
|
|
rotated after 1/2 hour, to limit the impact of attacks on session
|
|
|
|
|
ticket keys.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 2 12:26:17 UTC 2016 - schwab@suse.de
|
|
|
|
|
|
|
|
|
|
- postfix-post-install.patch: remove empty patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun May 29 16:45:30 UTC 2016 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- fix Changelog cause of Factory decline
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue May 24 13:18:55 UTC 2016 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- Fix typo in config.postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue May 24 04:29:41 UTC 2016 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#981097 config.postfix creates broken main.cf for tls client configuration
|
|
|
|
|
- bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete
|
|
|
|
|
- update to 3.1.1:
|
|
|
|
|
- The new address_verify_pending_request_limit
|
|
|
|
|
parameter introduces a safety limit for the number of address
|
|
|
|
|
verification probes in the active queue. The default limit is 1/4
|
|
|
|
|
of the active queue maximum size. The queue manager enforces the
|
|
|
|
|
limit by tempfailing probe messages that exceed the limit. This
|
|
|
|
|
design avoids dependencies on global counters that get out of sync
|
|
|
|
|
after a process or system crash.
|
|
|
|
|
- Machine-readable, JSON-formatted queue listing with "postqueue -j"
|
|
|
|
|
(no "mailq" equivalent).
|
|
|
|
|
- The milter_macro_defaults feature provides an optional list of macro
|
|
|
|
|
name=value pairs. These specify default values for Milter macros when
|
|
|
|
|
no value is available from the SMTP session context.
|
|
|
|
|
- Support to enforce a destination-independent delay between email
|
|
|
|
|
deliveries. The following example inserts 20 seconds of delay
|
|
|
|
|
between all deliveries with the SMTP transport, limiting the delivery
|
|
|
|
|
rate to at most three messages per minute.
|
|
|
|
|
smtp_transport_rate_delay = 20s
|
|
|
|
|
- Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes
|
|
|
|
|
that a "not found" result from a DNSBL server will be valid for one
|
|
|
|
|
hour. This may have been adequate five years ago when postscreen
|
|
|
|
|
was first implemented, but nowadays, that one hour can result in
|
|
|
|
|
missed opportunities to block new spambots.
|
|
|
|
|
To address this, postscreen now respects the TTL of DNSBL "not
|
|
|
|
|
found" replies, as well as the TTL of DNSWL replies (both "found"
|
|
|
|
|
and "not found"). The TTL for a "not found" reply is determined
|
|
|
|
|
according to RFC 2308 (the TTL of an SOA record in the reply).
|
|
|
|
|
|
|
|
|
|
Support for DNSBL or DNSWL reply TTL values is controlled by two
|
|
|
|
|
configuration parameters:
|
|
|
|
|
|
|
|
|
|
postscreen_dnsbl_min_ttl (default: 60 seconds).
|
|
|
|
|
postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour)
|
|
|
|
|
|
|
|
|
|
The postscreen_dnsbl_ttl parameter is now obsolete, and has become
|
|
|
|
|
the default value for the new postscreen_dnsbl_max_ttl parameter.
|
|
|
|
|
- New "smtpd_client_auth_rate_limit" feature, to
|
|
|
|
|
enforce an optional rate limit on AUTH commands per SMTP client IP
|
|
|
|
|
address. Similar to other smtpd_client_*_rate_limit features, this
|
|
|
|
|
enforces a limit on the number of requests per $anvil_rate_time_unit.
|
|
|
|
|
- New SMTPD policy service attribute "policy_context",
|
|
|
|
|
with a corresponding "smtpd_policy_service_policy_context" configuration
|
|
|
|
|
parameter. Originally, this was implemented to share the same SMTPD
|
|
|
|
|
policy service endpoint among multiple check_policy_service clients.
|
|
|
|
|
- A new "postfix tls" command to quickly enable opportunistic TLS
|
|
|
|
|
in the Postfix SMTP client or server, and to manage SMTP server keys
|
|
|
|
|
and certificates, including certificate signing requests and
|
|
|
|
|
TLSA DNS records for DANE.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Apr 19 07:59:32 UTC 2016 - opensuse@dstoecker.de
|
|
|
|
|
|
|
|
|
|
- build with working support for SMTPUTF8
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Mar 20 14:11:27 UTC 2016 - mrueckert@suse.de
|
|
|
|
|
|
|
|
|
|
- fix build on sle11 by pointing _libexecdir to /usr/lib all the
|
|
|
|
|
time.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Mar 20 13:46:56 UTC 2016 - mrueckert@suse.de
|
|
|
|
|
|
|
|
|
|
- some distros did not pull pkgconfig indirectly. pull it directly.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Mar 20 08:19:23 UTC 2016 - mrueckert@suse.de
|
|
|
|
|
|
|
|
|
|
- fix building the dynamic maps: the old build had postgresql e.g.
|
|
|
|
|
with missing symbols.
|
|
|
|
|
- convert to AUXLIBS_* instead of plain AUXLIBS which is needed
|
|
|
|
|
for proper dynamic maps.
|
|
|
|
|
- reordered the CCARGS and AUXLIBS* lines to group by feature
|
|
|
|
|
- use pkgconfig or *_config tools where possible
|
|
|
|
|
- picked up signed char from fedora spec file
|
|
|
|
|
- enable lmdb support: new BR lmdb-devel, new subpackage
|
|
|
|
|
postfix-lmdb.
|
|
|
|
|
- don't delete vmail user/groups
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Mar 9 13:06:35 UTC 2016 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- update to 3.1.0
|
|
|
|
|
- Since version 3.0 postfix supports dynamic loading of cdb:, ldap:,
|
|
|
|
|
lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients.
|
|
|
|
|
Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch
|
|
|
|
|
could be removed.
|
|
|
|
|
- Adapting all the patches to postfix 3.1.0
|
|
|
|
|
- remove obsolete patches
|
|
|
|
|
* add_missed_library.patch
|
|
|
|
|
* postfix-opensslconfig.patch
|
|
|
|
|
- update vda patch
|
|
|
|
|
* remove postfix-vda-v13-2.10.0.patch
|
|
|
|
|
* add postfix-vda-v13-3.10.0.patch
|
|
|
|
|
- The patch postfix-db6.diff is not more neccessary
|
|
|
|
|
|
|
|
|
|
- Backwards-compatibility safety net.
|
|
|
|
|
With NEW Postfix installs, you MUST install a main.cf file with
|
|
|
|
|
the setting "compatibility_level = 2". See conf/main.cf for an
|
|
|
|
|
example.
|
|
|
|
|
|
|
|
|
|
With UPGRADES of existing Postfix systems, you MUST NOT change the
|
|
|
|
|
main.cf compatibility_level setting, nor add this setting if it
|
|
|
|
|
does not exist.
|
|
|
|
|
|
|
|
|
|
Several Postfix default settings have changed with Postfix 3.0. To
|
|
|
|
|
avoid massive frustration with existing Postfix installations,
|
|
|
|
|
Postfix 3.0 comes with a safety net that forces Postfix to keep
|
|
|
|
|
running with backwards-compatible main.cf and master.cf default
|
|
|
|
|
settings. This safety net depends on the main.cf compatibility_level
|
|
|
|
|
setting (default: 0). Details are in COMPATIBILITY_README.
|
|
|
|
|
|
|
|
|
|
- Major changes - tls
|
|
|
|
|
* [Feature 20160207] A new "postfix tls" command to quickly enable
|
|
|
|
|
opportunistic TLS in the Postfix SMTP client or server, and to
|
|
|
|
|
manage SMTP server keys and certificates, including certificate
|
|
|
|
|
signing requests and TLSA DNS records for DANE.
|
|
|
|
|
* As of the middle of 2015, all supported Postfix releases no longer
|
|
|
|
|
nable "export" grade ciphers for opportunistic TLS, and no longer
|
|
|
|
|
use the deprecated SSLv2 and SSLv3 protocols for mandatory or
|
|
|
|
|
opportunistic TLS.
|
|
|
|
|
* [Incompat 20150719] The default Diffie-Hellman non-export prime was
|
|
|
|
|
updated from 1024 to 2048 bits, because SMTP clients are starting
|
|
|
|
|
to reject TLS handshakes with primes smaller than 2048 bits.
|
|
|
|
|
* [Feature 20160103] The Postfix SMTP client by default enables DANE
|
|
|
|
|
policies when an MX host has a (DNSSEC) secure TLSA DNS record,
|
|
|
|
|
even if the MX DNS record was obtained with insecure lookups. The
|
|
|
|
|
existence of a secure TLSA record implies that the host wants to
|
|
|
|
|
talk TLS and not plaintext. For details see the
|
|
|
|
|
smtp_tls_dane_insecure_mx_policy configuration parameter.
|
|
|
|
|
|
|
|
|
|
- Major changes - default settings
|
|
|
|
|
[Incompat 20141009] The default settings have changed for relay_domains
|
|
|
|
|
(new: empty, old: $mydestination) and mynetworks_style (new: host,
|
|
|
|
|
old: subnet). However the backwards-compatibility safety net will
|
|
|
|
|
prevent these changes from taking effect, giving the system
|
|
|
|
|
administrator the option to make an old default setting permanent
|
|
|
|
|
in main.cf or to adopt the new default setting, before turning off
|
|
|
|
|
backwards compatibility. See COMPATIBILITY_README for details.
|
|
|
|
|
|
|
|
|
|
[Incompat 20141001] A new backwards-compatibility safety net forces
|
|
|
|
|
Postfix to run with backwards-compatible main.cf and master.cf
|
|
|
|
|
default settings after an upgrade to a newer but incompatible Postfix
|
|
|
|
|
version. See COMPATIBILITY_README for details.
|
|
|
|
|
|
|
|
|
|
While the backwards-compatible default settings are in effect,
|
|
|
|
|
Postfix logs what services or what email would be affected by the
|
|
|
|
|
incompatible change. Based on this the administrator can make some
|
|
|
|
|
backwards-compatibility settings permanent in main.cf or master.cf,
|
|
|
|
|
before turning off backwards compatibility.
|
|
|
|
|
|
|
|
|
|
- Major changes - address verification safety
|
|
|
|
|
[Feature 20151227] The new address_verify_pending_request_limit
|
|
|
|
|
parameter introduces a safety limit for the number of address
|
|
|
|
|
verification probes in the active queue. The default limit is 1/4
|
|
|
|
|
of the active queue maximum size. The queue manager enforces the
|
|
|
|
|
limit by tempfailing probe messages that exceed the limit. This
|
|
|
|
|
design avoids dependencies on global counters that get out of sync
|
|
|
|
|
after a process or system crash.
|
|
|
|
|
|
|
|
|
|
Tempfailing verify requests is not as bad as one might think. The
|
|
|
|
|
Postfix verify cache proactively updates active addresses weeks
|
|
|
|
|
before they expire. The address_verify_pending_request_limit affects
|
|
|
|
|
only unknown addresses, and inactive addresses that have expired
|
|
|
|
|
from the address verify cache (by default, after 31 days).
|
|
|
|
|
|
|
|
|
|
- Major changes - json support
|
|
|
|
|
[Feature 20151129] Machine-readable, JSON-formatted queue listing
|
|
|
|
|
with "postqueue -j" (no "mailq" equivalent). The output is a stream
|
|
|
|
|
of JSON objects, one per queue file. To simplify parsing, each
|
|
|
|
|
JSON object is formatted as one text line followed by one newline
|
|
|
|
|
character. See the postqueue(1) manpage for a detailed description
|
|
|
|
|
of the output format.
|
|
|
|
|
|
|
|
|
|
- Major changes - milter support
|
|
|
|
|
[Feature 20150523] The milter_macro_defaults feature provides an
|
|
|
|
|
optional list of macro name=value pairs. These specify default
|
|
|
|
|
values for Milter macros when no value is available from the SMTP
|
|
|
|
|
session context.
|
|
|
|
|
|
|
|
|
|
For example, with "milter_macro_defaults = auth_type=TLS", the
|
|
|
|
|
Postfix SMTP server will send an auth_type of "TLS" to a Milter,
|
|
|
|
|
unless the remote client authenticates with SASL.
|
|
|
|
|
|
|
|
|
|
This feature was originally implemented for a submission service
|
|
|
|
|
that may authenticate clients with a TLS certificate, without having
|
|
|
|
|
to make changes to the code that implements TLS support.
|
|
|
|
|
|
|
|
|
|
- Major changes - output rate control
|
|
|
|
|
|
|
|
|
|
[Feature 20150710] Destination-independent delivery rate delay
|
|
|
|
|
|
|
|
|
|
Support to enforce a destination-independent delay between email
|
|
|
|
|
deliveries. The following example inserts 20 seconds of delay
|
|
|
|
|
between all deliveries with the SMTP transport, limiting the delivery
|
|
|
|
|
rate to at most three messages per minute.
|
|
|
|
|
|
|
|
|
|
/etc/postfix/main.cf:
|
|
|
|
|
smtp_transport_rate_delay = 20s
|
|
|
|
|
|
|
|
|
|
For details, see the description of default_transport_rate_delay
|
|
|
|
|
and transport_transport_rate_delay in the postconf(5) manpage.
|
|
|
|
|
|
|
|
|
|
- Major changes - postscreen dnsbl
|
|
|
|
|
[Feature 20150710] postscreen support for the TTL of DNSBL and DNSWL
|
|
|
|
|
lookup results
|
|
|
|
|
|
|
|
|
|
Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes
|
|
|
|
|
that a "not found" result from a DNSBL server will be valid for one
|
|
|
|
|
hour. This may have been adequate five years ago when postscreen
|
|
|
|
|
was first implemented, but nowadays, that one hour can result in
|
|
|
|
|
missed opportunities to block new spambots.
|
|
|
|
|
|
|
|
|
|
To address this, postscreen now respects the TTL of DNSBL "not
|
|
|
|
|
found" replies, as well as the TTL of DNSWL replies (both "found"
|
|
|
|
|
and "not found"). The TTL for a "not found" reply is determined
|
|
|
|
|
according to RFC 2308 (the TTL of an SOA record in the reply).
|
|
|
|
|
|
|
|
|
|
Support for DNSBL or DNSWL reply TTL values is controlled by two
|
|
|
|
|
configuration parameters:
|
|
|
|
|
|
|
|
|
|
postscreen_dnsbl_min_ttl (default: 60 seconds).
|
|
|
|
|
|
|
|
|
|
This parameter specifies a minimum for the amount of time that
|
|
|
|
|
a DNSBL or DNSWL result will be cached in the postscreen_cache_map.
|
|
|
|
|
This prevents an excessive number of postscreen cache updates
|
|
|
|
|
when a DNSBL or DNSWL server specifies a very small reply TTL.
|
|
|
|
|
|
|
|
|
|
postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour)
|
|
|
|
|
|
|
|
|
|
This parameter specifies a maximum for the amount of time that
|
|
|
|
|
a DNSBL or DNSWL result will be cached in the postscreen_cache_map.
|
|
|
|
|
This prevents cache pollution when a DNSBL or DNSWL server
|
|
|
|
|
specifies a very large reply TTL.
|
|
|
|
|
|
|
|
|
|
The postscreen_dnsbl_ttl parameter is now obsolete, and has become
|
|
|
|
|
the default value for the new postscreen_dnsbl_max_ttl parameter.
|
|
|
|
|
|
|
|
|
|
- Major changes - sasl auth safety
|
|
|
|
|
[Feature 20151031] New "smtpd_client_auth_rate_limit" feature, to
|
|
|
|
|
enforce an optional rate limit on AUTH commands per SMTP client IP
|
|
|
|
|
address. Similar to other smtpd_client_*_rate_limit features, this
|
|
|
|
|
enforces a limit on the number of requests per $anvil_rate_time_unit.
|
|
|
|
|
|
|
|
|
|
- Major changes - smtpd policy
|
|
|
|
|
[Feature 20150913] New SMTPD policy service attribute "policy_context",
|
|
|
|
|
with a corresponding "smtpd_policy_service_policy_context" configuration
|
|
|
|
|
parameter. Originally, this was implemented to share the same SMTPD
|
|
|
|
|
policy service endpoint among multiple check_policy_service clients.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Dec 9 14:05:22 UTC 2015 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#958329 postfix fails to start when openslp is not installed
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Oct 12 20:49:27 UTC 2015 - michael@stroeder.com
|
|
|
|
|
|
|
|
|
|
- upstream update postfix 2.11.7:
|
|
|
|
|
* The Postfix Milter client aborted with a panic while adding a
|
|
|
|
|
message header, after adding a short message header with the
|
|
|
|
|
header_checks PREPEND action. Fixed by invoking the header
|
|
|
|
|
output function while PREPENDing a message header.
|
|
|
|
|
* False alarms while scanning the Postfix queue. Fixed by resetting
|
|
|
|
|
errno before calling readdir(). This defect was introduced
|
|
|
|
|
19970309.
|
|
|
|
|
* The postmulti command produced an incorrect error message.
|
|
|
|
|
* The postmulti command now refuses to create a new MTA instance
|
|
|
|
|
when the template main.cf or master.cf file are missing. This
|
|
|
|
|
is a common problem on Debian-like systems.
|
|
|
|
|
* Turning on Postfix SMTP server HAProxy support broke TLS
|
|
|
|
|
wrappermode. Fixed by temporarily using a 1-byte VSTREAM buffer
|
|
|
|
|
to read the HAProxy connection hand-off information.
|
|
|
|
|
* The xtext_unquote() function did not propagate error reports
|
|
|
|
|
from xtext_unquote_append(), causing the decoder to return
|
|
|
|
|
partial output, instead of rejecting malformed input. The Postfix
|
|
|
|
|
SMTP server uses this function to parse input for the ENVID and
|
|
|
|
|
ORCPT parameters, and for XFORWARD and XCLIENT command parameters.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Aug 12 10:51:51 UTC 2015 - jkeil@suse.de
|
|
|
|
|
|
|
|
|
|
- boo#934060: Remove quirky hostname logic from config.postfix
|
|
|
|
|
* /etc/hostname doesn't contain anything useful
|
|
|
|
|
* linux.local is no good either
|
|
|
|
|
* postfix will use `hostname`.localdomain as fallback
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Aug 4 09:09:04 UTC 2015 - meissner@suse.com
|
|
|
|
|
|
|
|
|
|
- postfix-no-md5.patch: replace fingerprint defaults by sha1. bsc#928885
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Aug 4 09:07:25 UTC 2015 - meissner@suse.com
|
|
|
|
|
|
|
|
|
|
- %verifyscript is a new section, move it out of the %ifdef
|
|
|
|
|
so the fillups are run afterwards.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jul 22 16:44:44 UTC 2015 - michael@stroeder.com
|
|
|
|
|
|
|
|
|
|
- upstream update postfix 2.11.6:
|
|
|
|
|
Default settings have been updated so that they no longer enable
|
|
|
|
|
export-grade ciphers, and no longer enable the SSLv2 and SSLv3
|
|
|
|
|
protocols.
|
|
|
|
|
- removed postfix-2.11.5_linux4.patch because it's obsolete
|
|
|
|
|
- Bugfix (introduced: Postfix 2.11): with connection caching
|
|
|
|
|
enabled (the default), recipients could be given to the wrong
|
|
|
|
|
mail server. (bsc#944722)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 1 22:25:51 UTC 2015 - crrodriguez@opensuse.org
|
|
|
|
|
|
|
|
|
|
- postfix-SuSE.tar.gz/postfix.service: None of
|
|
|
|
|
nss-lookup.target network.target local-fs.target time-sync.target
|
|
|
|
|
should be Wanted or Required except by the services
|
|
|
|
|
the implement the relevant functionality i.e network.target
|
|
|
|
|
is wanted/required by networkmanager, wicked,
|
|
|
|
|
systemd-network. other software must be ordered After them,
|
|
|
|
|
see systemd.special(7)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun May 17 18:41:52 UTC 2015 - mpluskal@suse.com
|
|
|
|
|
|
|
|
|
|
- Fix library symlink generation (boo#928662)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Apr 21 09:55:44 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
|
|
- added postfix-2.11.5_linux4.patch:
|
|
|
|
|
Allow building on kernel 4. Patch taken from:
|
|
|
|
|
https://groups.google.com/forum/#!topic/mailing.postfix.users/fufS22sMGWY
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Apr 19 23:03:25 UTC 2015 - mrueckert@suse.de
|
|
|
|
|
|
|
|
|
|
- update to postfix 2.11.5
|
|
|
|
|
- Bugfix (introduced: Postfix 2.6):
|
|
|
|
|
sender_dependent_relayhost_maps ignored the relayhost setting
|
|
|
|
|
in the case of a DUNNO lookup result. It would use the
|
|
|
|
|
recipient domain instead. Viktor Dukhovni. Wietse took the
|
|
|
|
|
pieces of code that enforce the precedence of a
|
|
|
|
|
sender-dependent relayhost, the global relayhost, and the
|
|
|
|
|
recipient domain, and put that code together in once place so
|
|
|
|
|
that it is easier to maintain. File:
|
|
|
|
|
trivial-rewrite/resolve.c.
|
|
|
|
|
- Bitrot: prepare for future changes in OpenSSL API. Viktor
|
|
|
|
|
Dukhovni. File: tls_dane.c.
|
|
|
|
|
- Incompatibility: specifying "make makefiles" with "CC=command"
|
|
|
|
|
will no longer override the default WARN setting.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 9 18:01:38 UTC 2015 - michael@stroeder.com
|
|
|
|
|
|
|
|
|
|
- upstream update postfix 2.11.4:
|
|
|
|
|
|
|
|
|
|
Postfix 2.11.4 only:
|
|
|
|
|
|
|
|
|
|
* Fix a core dump when smtp_policy_maps specifies an invalid TLS
|
|
|
|
|
level.
|
|
|
|
|
|
|
|
|
|
* Fix a missing " in \%s\", in postconf(1) fatal error messages,
|
|
|
|
|
which violated the C language spec. Reported by Iain Hibbert.
|
|
|
|
|
|
|
|
|
|
All supported releases:
|
|
|
|
|
|
|
|
|
|
* Stop excessive recursion in the cleanup server while recovering
|
|
|
|
|
from a virtual alias expansion loop. Problem found at Two Sigma.
|
|
|
|
|
|
|
|
|
|
* Stop exponential memory allocation with virtual alias expansion
|
|
|
|
|
loops. This came to light after fixing the previous problem.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Feb 8 13:08:36 UTC 2015 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- correct pf_daemon_directory in spec. This must be /usr/lib/
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 22 09:36:09 UTC 2015 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#914086 syntax error in config.postfix
|
|
|
|
|
- Adapt config.postfix to be able to run on SLE11 too.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jan 19 22:15:30 UTC 2015 - mpluskal@suse.com
|
|
|
|
|
|
|
|
|
|
- Don't install sysvinit script when systemd is used
|
|
|
|
|
- Make explicit PreReq dependencies conditional only for older
|
|
|
|
|
systems
|
|
|
|
|
- Don't try to set explicit attributes to symlinks
|
|
|
|
|
- Cleanup spec file vith spec-cleaner
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 13 07:04:52 UTC 2015 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#912594 config.postfix creates config based on old options
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 6 14:26:51 UTC 2015 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#911806 config.postfix does not set up correct saslauthd socket directory for chroot
|
|
|
|
|
- bnc#910265 config.postfix does not upgrade the chroot
|
|
|
|
|
- bnc#908003 wrong access rights on /usr/sbin/postdrop causes
|
|
|
|
|
permission denied when trying to send a mail as non root user
|
|
|
|
|
- bnc#729154 wrong permissions for some postfix components
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Nov 21 14:49:19 UTC 2014 - tchvatal@suse.com
|
|
|
|
|
|
|
|
|
|
- Remove keyring and things as it is md5 based one no longer
|
|
|
|
|
accepted by gpg 2.1
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Nov 14 09:19:00 UTC 2014 - dimstar@opensuse.org
|
|
|
|
|
|
|
|
|
|
- No longer perform gpg validation; osc source_validator does it
|
|
|
|
|
implicit:
|
|
|
|
|
+ Drop gpg-offline BuildRequires.
|
|
|
|
|
+ No longer execute gpg_verify.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Oct 27 18:22:02 UTC 2014 - dmueller@suse.com
|
|
|
|
|
|
|
|
|
|
- restore previously lost fix:
|
|
|
|
|
Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de
|
|
|
|
|
- Ignore errors in %pre/%post.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Oct 20 07:52:39 UTC 2014 - michael@stroeder.com
|
|
|
|
|
|
|
|
|
|
- postfix 2.11.3:
|
|
|
|
|
|
|
|
|
|
* Fix for configurations that prepend message headers with Postfix
|
|
|
|
|
access maps, policy servers or Milter applications. Postfix now
|
|
|
|
|
hides its own Received: header from Milters and exposes prepended
|
|
|
|
|
headers to Milters, regardless of the mechanism used to prepend
|
|
|
|
|
a header. This fix reverts a partial solution that was released
|
|
|
|
|
on October 13, 2014, and replaces it with a complete solution.
|
|
|
|
|
* Portability fix for MacOS X 10.7.x (Darwin 11.x) build procedure.
|
|
|
|
|
|
|
|
|
|
- postfix 2.11.2:
|
|
|
|
|
|
|
|
|
|
* Fix for DMARC implementations based on SPF policy plus DKIM
|
|
|
|
|
Milter. The PREPEND access/policy action added headers ABOVE
|
|
|
|
|
Postfix's own Received: header, exposing Postfix's own Received:
|
|
|
|
|
header to Milters (protocol violation) and hiding the PREPENDed
|
|
|
|
|
header from Milters. PREPENDed headers are now added BELOW
|
|
|
|
|
Postfix's own Received: header and remain visible to Milters.
|
|
|
|
|
* The Postfix SMTP server logged an incorrect client name in
|
|
|
|
|
reject messages for check_reverse_client_hostname_access and
|
|
|
|
|
check_reverse_client_hostname_{mx,ns}_access. They replied with
|
|
|
|
|
the verified client name, instead of the name that was rejected.
|
|
|
|
|
* The qmqpd daemon crashed with null pointer bug when logging a
|
|
|
|
|
lost connection while not in a mail transaction.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Sep 14 16:50:57 UTC 2014 - andreas.stieger@gmx.de
|
|
|
|
|
|
|
|
|
|
- switch from md5 based signature to one using the SHA-512 digest
|
|
|
|
|
algorithm supplied by maintainer on ML to pass source_validator
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Sep 13 21:44:41 UTC 2014 - andreas.stieger@gmx.de
|
|
|
|
|
|
|
|
|
|
- postfix 2.11.1:
|
|
|
|
|
* With connection caching enabled (the default), recipients could
|
|
|
|
|
be given to the wrong mail server.
|
|
|
|
|
* Enforce TLS when TLSA records exist, but all are unusable.
|
|
|
|
|
* Don't leak memory when TLSA records exist, but all are unusable.
|
|
|
|
|
* Prepend "-I. -I../../include" to the compiler command-line
|
|
|
|
|
options, to avoid name clashes with non-Postfix header files.
|
|
|
|
|
* documentation fixes
|
|
|
|
|
* logging fixes
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 29 15:40:00 UTC 2014 - rusjako@rus.uni-stuttgart.de
|
|
|
|
|
|
|
|
|
|
- fix dynamic_maps patch to enable memcache support, which does not
|
|
|
|
|
need any libraries
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jul 31 12:44:59 UTC 2014 - dimstar@opensuse.org
|
|
|
|
|
|
|
|
|
|
- Rename rpmlintrc to %{name}-rpmlintrc.
|
|
|
|
|
Follow the packaging guidelines.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jun 27 23:16:21 UTC 2014 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- fix typo in postfix-SuSE/update_chroot.systemd
|
|
|
|
|
- fix config.postfix
|
|
|
|
|
* 'insserv amavis' -> 'chkconfig amavis on'
|
|
|
|
|
- rework main.cf patch
|
|
|
|
|
* fix virtual stuff
|
|
|
|
|
* add some dovecot stuff
|
|
|
|
|
- rework master.cf patch
|
|
|
|
|
* add some dovecot stuff
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 23 21:41:23 UTC 2014 - jamesp@vicidial.com
|
|
|
|
|
|
|
|
|
|
- The included postfix-mysql.tar.bz2 was using a MySQL 4.1 style of
|
|
|
|
|
table engine specification. Modified so that the sql uses
|
|
|
|
|
'ENGINE=' instead of 'TYPE=' for creating tables.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 23 15:17:52 UTC 2014 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#816769 - config.postfix issues warnings about missing master.cf
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jun 10 13:34:03 UTC 2014 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#882033 - Package postfix has changed files according to rpm
|
|
|
|
|
- bnc#855688 - possible systemd bug: postfix & cifs dependency confict
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 9 12:17:35 UTC 2014 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#863350 - SuSEconfig.postfix complains about modified /etc/postfix/main.cf after updating postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon May 26 17:21:54 UTC 2014 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- replace vda patch:
|
|
|
|
|
* add postfix-vda-v13-2.10.0.patch
|
|
|
|
|
* remove postfix-vda-v11-2.9.6.patch
|
|
|
|
|
- rebase patches
|
|
|
|
|
- config.postfix
|
|
|
|
|
* add master.cf support for submission (587)
|
|
|
|
|
* rework master.cf support for smtps
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Feb 12 15:10:27 UTC 2014 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#862662 - Unable to configure postfix SMTP with forced TLS using YaST2
|
|
|
|
|
|
|
|
|
|
- Update to 2.11.0
|
|
|
|
|
* TLS
|
|
|
|
|
o Support for PKI-less TLS server certificate verification, where
|
|
|
|
|
the CA public key or the server certificate is identified via DNSSEC lookup
|
|
|
|
|
* LMDB database support
|
|
|
|
|
* master
|
|
|
|
|
o The master_service_disable parameter value syntax has changed:
|
|
|
|
|
use "service/type" instead of "service.type".
|
|
|
|
|
* postconf:
|
|
|
|
|
o Support for advanced master.cf query and update operations.
|
|
|
|
|
This was implemented primarily to support automated system management tools.
|
|
|
|
|
o The postconf command produces more warnings
|
|
|
|
|
* relay safety
|
|
|
|
|
New smtpd_relay_restrictions parameter built-in default settings:
|
|
|
|
|
smtpd_relay_restrictions =
|
|
|
|
|
permit_mynetworks
|
|
|
|
|
permit_sasl_authenticated
|
|
|
|
|
defer_unauth_destination
|
|
|
|
|
* postscreen whitelisting
|
|
|
|
|
Allow a remote SMTP client to skip postscreen(8) tests based on
|
|
|
|
|
its postscreen_dnsbl_sites score.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de
|
|
|
|
|
|
|
|
|
|
- Ignore errors in %pre/%post.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Oct 3 02:47:54 UTC 2013 - crrodriguez@opensuse.org
|
|
|
|
|
|
|
|
|
|
- two improvements for 13.1 and factory
|
|
|
|
|
* postfix-opensslconfig.patch call openSSL_config
|
|
|
|
|
so postfix respects the system's openssl configuration
|
|
|
|
|
* postfix-SuSE/postfix.service since a few months there
|
|
|
|
|
is no mail-transfer-agent.target, units must be ordered
|
|
|
|
|
after a list of smtpd implementations instead.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Sep 20 04:48:08 UTC 2013 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- Proc is not needed in chroot anymore
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jul 30 14:34:01 UTC 2013 - schwab@suse.de
|
|
|
|
|
|
|
|
|
|
- postfix-main.cf.patch: remove duplicate entry for inet_protocols
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 17 10:50:08 UTC 2013 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- fix for warning
|
|
|
|
|
* unused parameter: virtual_create_maildirsize=yes
|
|
|
|
|
* unused parameter: virtual_mailbox_extended=yes
|
|
|
|
|
* rework main.cf.patch
|
|
|
|
|
- fix rcpostfix for sysvinit systems
|
|
|
|
|
* /etc/postfix/system/update_postmaps: No such file or directory
|
|
|
|
|
- rebase patches
|
|
|
|
|
* vda-v11-2.9.5 -> vda-v11-2.9.6
|
|
|
|
|
- fix file postfix-SuSE.tar.gz
|
|
|
|
|
* made a tar.gz
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Jun 16 02:12:07 UTC 2013 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
- postfix.spec forces the use of SSL and SASL libraries,
|
|
|
|
|
so make sure the BuildRequires are there
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jun 14 01:33:52 UTC 2013 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
- Add postfix-db6.diff to fix compile abort with libdb-6.0
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Apr 22 11:51:37 UTC 2013 - idonmez@suse.com
|
|
|
|
|
|
|
|
|
|
- Add Source URL, see https://en.opensuse.org/SourceUrls
|
|
|
|
|
- Add GPG verification
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Apr 20 05:46:00 UTC 2013 - crrodriguez@opensuse.org
|
|
|
|
|
|
|
|
|
|
- postfix-SuSE/postfix.service do not Require or
|
|
|
|
|
order after syslog.target as it no longer exists
|
|
|
|
|
postfix will fail to start in the next systemd version.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Feb 23 09:33:08 UTC 2013 - rmilasan@suse.com
|
|
|
|
|
|
|
|
|
|
- Install postfix.service accordingly (/usr/lib/systemd for 12.3
|
|
|
|
|
and up or /lib/systemd for older versions).
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Feb 6 19:56:57 UTC 2013 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- update to 2,9.6
|
|
|
|
|
Bugfix: the local(8) delivery agent dereferenced a null pointer
|
|
|
|
|
while delivering to null command (for example, "|" in a .forward file).
|
|
|
|
|
Bugfix: memory leak in program initialization. tls/tls_misc.c.
|
|
|
|
|
Bugfix: he undocumented OpenSSL X509_pubkey_digest() function is
|
|
|
|
|
unsuitable for computing certificate PUBLIC KEY fingerprints.
|
|
|
|
|
Postfix now provides a correct procedure that accounts for
|
|
|
|
|
the algorithm and parameters in addition to the key data. Specify
|
|
|
|
|
"tls_legacy_public_key_fingerprints = yes" if you need backwards compatibility.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 17 22:01:16 UTC 2013 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#796162 - script to assign path elements not working in postfix install Build-0284(iso)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 10 18:23:56 UTC 2013 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- rebase patches
|
|
|
|
|
* vda-v10-2.8.12 -> vda-v11-2.9.5 (and to be a p0)
|
|
|
|
|
* main, master, post-instal, ssl-release-buffers (remove version)
|
|
|
|
|
* dynamic_maps, dynamic_maps_pie, pointer_to_literals
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 10 14:45:59 UTC 2013 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- update to 2,9.5
|
|
|
|
|
* tls support:
|
|
|
|
|
Support to turn off the TLSv1.1 and TLSv1.2 protocols:
|
|
|
|
|
To temporarily turn off problematic protocols globally:
|
|
|
|
|
/etc/postfix/main.cf:
|
|
|
|
|
smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
|
|
|
|
|
smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
|
|
|
|
|
However, it may be better to temporarily turn off problematic
|
|
|
|
|
protocols for broken sites only:
|
|
|
|
|
/etc/postfix/main.cf:
|
|
|
|
|
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
|
|
|
|
|
/etc/postfix/tls_policy:
|
|
|
|
|
example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2
|
|
|
|
|
* 20111012 To simplify integration with third-party
|
|
|
|
|
applications, the Postfix sendmail command now always transforms
|
|
|
|
|
all input lines ending in <CR><LF> into UNIX format (lines ending
|
|
|
|
|
in <LF>). Specify "sendmail_fix_line_endings = strict" to restore
|
|
|
|
|
historical Postfix behavior (i.e. convert all input lines ending
|
|
|
|
|
in <CR><LF> only if the first line ends in <CR><LF>).
|
|
|
|
|
* 20120114 Logfile-based alerting systems may need to be
|
|
|
|
|
updated to look for "error" messages in addition to "fatal" messages.
|
|
|
|
|
Specify "daemon_table_open_error_is_fatal = yes" to get the historical
|
|
|
|
|
behavior (immediate termination with "fatal" message).
|
|
|
|
|
* enable_long_queue_ids Postfix 2.9 introduces support for non-repeating queue IDs (also
|
|
|
|
|
used as queue file names). These names are encoded in a mix of upper
|
|
|
|
|
case, lower case and decimal digit characters. Long queue IDs are
|
|
|
|
|
disabled by default to avoid breaking tools that parse logfiles and
|
|
|
|
|
that expect queue IDs with the smaller [A-F0-9] character set.
|
|
|
|
|
* 20111209 memcache lookup and update support. This provides
|
|
|
|
|
a way to share postscreen(8) or verify(8) caches between Postfix
|
|
|
|
|
instances. See MEMCACHE_README and memcache_table(5) for details
|
|
|
|
|
and limitations.
|
|
|
|
|
* 20111218 To support external SASL authentication, e.g.,
|
|
|
|
|
in an NGINX proxy daemon, the Postfix SMTP server now always checks
|
|
|
|
|
the smtpd_sender_login_maps table, even without having
|
|
|
|
|
"smtpd_sasl_auth_enable = yes" in main.cf.
|
|
|
|
|
* ipv6
|
|
|
|
|
o The default inet_protocols value is now "all" instead of "ipv4",
|
|
|
|
|
meaning use both IPv4 and IPv6.
|
|
|
|
|
o The default smtp_address_preference value is now "any" instead
|
|
|
|
|
of "ipv6", meaning choose randomly between IPv6 and IPv4. With
|
|
|
|
|
this the Postfix SMTP client will have more success delivering
|
|
|
|
|
mail to sites that have problematic IPv6 configurations.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Dec 15 16:33:24 UTC 2012 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- update to 2.8.13
|
|
|
|
|
* 20121029
|
|
|
|
|
Workaround: strip datalink suffix from IPv6 addresses
|
|
|
|
|
returned by the system getaddrinfo() routine. Such suffixes
|
|
|
|
|
mess up the default mynetworks value, host name/address
|
|
|
|
|
verification and possibly more. This change obsoletes the
|
|
|
|
|
20101108 change that removes datalink suffixes in the SMTP
|
|
|
|
|
and QMQP servers, but we leave that code alone. File:
|
|
|
|
|
util/myaddrinfo.c.
|
|
|
|
|
* 20121013
|
|
|
|
|
Cleanup: to compute the LDAP connection cache lookup key,
|
|
|
|
|
join the numeric fields with null, just like string fields.
|
|
|
|
|
Viktor Dukhovni. File: global/dict_ldap.c.
|
|
|
|
|
* 20121010
|
|
|
|
|
Bugfix (introduced: Postfix 2.5): memory leak in program
|
|
|
|
|
initialization. Reported by Coverity. File: tls/tls_misc.c.
|
|
|
|
|
Bugfix (introduced: Postfix 2.3): memory leak in the unused
|
|
|
|
|
oqmgr program. Reported by Coverity. File: oqmgr/qmgr_message.c.
|
|
|
|
|
* 20121003
|
|
|
|
|
Bugfix: the postscreen_access_list feature was case-sensitive
|
|
|
|
|
in the first character of permit, reject, etc. Reported by
|
|
|
|
|
Feancis Picabia. File: global/server_acl.c.
|
|
|
|
|
- rebase dynamic_maps_pie patch
|
|
|
|
|
- rpmlint
|
|
|
|
|
* invalid-suse-version-check 1140
|
|
|
|
|
* obsolete-suse-version-check 920 (changes file)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Dec 14 06:03:42 UTC 2012 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#790141 - Command SuSEconfig.postfix reports ERROR -
|
|
|
|
|
"can not find /lib/YaST/SuSEconfig.functions!!"
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Nov 8 11:33:33 UTC 2012 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#782048 - postfix uses /sbin/conf.d
|
|
|
|
|
- bnc#784659 - remove SuSEconfig calls from yast2-mail
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 10 18:56:59 UTC 2012 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- update to 2.8.12
|
|
|
|
|
* 20120730
|
|
|
|
|
Bugfix (introduced: 20000314): AUTH is not allowed after
|
|
|
|
|
MAIL. Timo Sirainen. File: smtpd/smtpd_sasl_proto.c.
|
|
|
|
|
* 20120702
|
|
|
|
|
Bugfix (introduced: 19990127): the BIFF client leaked an
|
|
|
|
|
unprivileged UDP socket. Fix by Jaroslav Skarvada. File:
|
|
|
|
|
local/biff_notify.c.
|
|
|
|
|
* 20120621
|
|
|
|
|
Bugfix (introduced: Postfix 2.8): the unused "pass" trigger
|
|
|
|
|
client could close the wrong file descriptors. File:
|
|
|
|
|
util/unix_pass_trigger.c.
|
|
|
|
|
- fix for bnc#771303
|
|
|
|
|
* add 'version = 3' to ldap_aliases.cf
|
|
|
|
|
- rebase patches
|
|
|
|
|
* main, master, post-install: 2.8.3 -> 2.8.12
|
|
|
|
|
* ssl-release-buffers: 2.8.5 -> 2.8.12
|
|
|
|
|
* vda-v10: 2.8.9 -> 2.8.12
|
|
|
|
|
* dynamic_maps, dynamic_maps_pie, ipv6_disabled, pointer_to_literals
|
|
|
|
|
- fix changes file
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jul 19 06:52:18 UTC 2012 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#771811 - postfix update does not regenerate the maps
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 11 09:51:22 UTC 2012 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- update to 2.8.11
|
|
|
|
|
* 20120520
|
|
|
|
|
- Bugfix (introduced Postfix 2.4): the event_drain() function
|
|
|
|
|
was comparing bitmasks incorrectly causing the program to
|
|
|
|
|
always wait for the full time limit. This error affected
|
|
|
|
|
the unused postkick command, but only after s/fifo/unix/
|
|
|
|
|
in master.cf. File: util/events.c.
|
|
|
|
|
- Cleanup: laptop users have always been able to avoid
|
|
|
|
|
unnecessary disk spin-up by doing s/fifo/unix/ in master.cf
|
|
|
|
|
(this is currently not supported on Solaris systems).
|
|
|
|
|
However, to make this work reliably, the "postqueue -f"
|
|
|
|
|
command must wait until its requests have reached the pickup
|
|
|
|
|
and qmgr servers before closing the UNIX-domain request
|
|
|
|
|
sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 9 10:07:10 UTC 2012 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#753910 - {name} instead of %{name} in postfix .spec
|
|
|
|
|
- bnc#756452 - VUL-1: postfix: VRFY allows enumerating users
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu May 3 16:47:11 UTC 2012 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- update to 2.8.10
|
|
|
|
|
* 20120401
|
|
|
|
|
Bitrot: shut up useless warnings about Cyrus SASL call-back
|
|
|
|
|
function pointer type mis-matches. Files: xsasl/xsasl_cyrus.h,
|
|
|
|
|
xsasl/xsasl_cyrus_server.c, xsasl/xsasl_client.c.
|
|
|
|
|
* 20120422
|
|
|
|
|
Bit-rot: OpenSSL 1.0.1 introduces new protocols. Update the
|
|
|
|
|
known TLS protocol list so that protocols can be turned off
|
|
|
|
|
selectively to work around implementation bugs. Based on
|
|
|
|
|
a patch by Victor Duchovni. Files: proto/TLS_README.html,
|
|
|
|
|
proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c,
|
|
|
|
|
tls/tls_server.c.
|
|
|
|
|
- update to 2.8.9
|
|
|
|
|
* 20120217
|
|
|
|
|
Cleanup: missing #include statement for bugfix code added
|
|
|
|
|
20111226. File: local/unknown.c.
|
|
|
|
|
* 20120214
|
|
|
|
|
Bugfix (introduced: Postfix 2.4): extraneous null assignment
|
|
|
|
|
caused core dump when postlog emitted the "usage" message.
|
|
|
|
|
Reported by Kant (fnord.hammer). File: postlog/postlog.c.
|
|
|
|
|
* 20120202
|
|
|
|
|
Bugfix (introduced: Postfix 2.3): the "change header" milter
|
|
|
|
|
request could replace the wrong header. A long header name
|
|
|
|
|
could match a shorter one, because a length check was done
|
|
|
|
|
on the wrong string. Reported by Vladimir Vassiliev. File:
|
|
|
|
|
cleanup/cleanup_milter.c.
|
|
|
|
|
- use latest VDA patch (2.8.9)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Apr 12 08:15:06 UTC 2012 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#756450 - postfix: remove version from banner
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Apr 9 16:13:28 UTC 2012 - bruno@ioda-net.ch
|
|
|
|
|
|
|
|
|
|
- add port 587 smtp-auth submission to postfix-fw bnc#756289
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Apr 2 22:09:00 CEST 2012 - dmueller@suse.de
|
|
|
|
|
|
|
|
|
|
- set exit code explicitely in cond_slp, systemd checks for it
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Mar 13 13:35:13 UTC 2012 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- Documentation for bnc#751994 - SuSEconfig module postfix does not exist
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Mar 7 06:31:05 UTC 2012 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- rcpostfix now updates the aliases too
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 27 16:35:56 UTC 2012 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- update to 2.8.8
|
|
|
|
|
Bugfixes:
|
|
|
|
|
tlsproxy(8) stored TLS sessions with a serverID of
|
|
|
|
|
"tlsproxy" instead of "smtpd", wasting an opportunity for
|
|
|
|
|
session reuse. File: tlsproxy/tlsproxy.c.
|
|
|
|
|
missing lookup table entry and terminator, causing
|
|
|
|
|
proxymap server segfault when postscreen(8) or verify(8)
|
|
|
|
|
attempted to access their cache via the proxymap server.
|
|
|
|
|
This could never have worked anyway, because the Postfix
|
|
|
|
|
2.8 proxymap protocol does not support cache cleanup. File
|
|
|
|
|
util/dict.c.
|
|
|
|
|
the Postfix client sqlite
|
|
|
|
|
quoting routine returned the unquoted result instead of the
|
|
|
|
|
quoted text. The opportunities for misuse are limited,
|
|
|
|
|
because Postfix sqlite files are usually owned by root, and
|
|
|
|
|
Postfix daemons usually run with non-root privileges so
|
|
|
|
|
they can't corrupt the database. Problem reported by Rob
|
|
|
|
|
McGee (rob0). File: global/dict_sqlite.c.
|
|
|
|
|
the trace service did not
|
|
|
|
|
distinguish between notifications for a non-bounce or a
|
|
|
|
|
bounce message. This code pre-dates DSN support and should
|
|
|
|
|
have been updated when it was re-purposed to handle DSN
|
|
|
|
|
SUCCESS notifications. Problem reported by Sabahattin
|
|
|
|
|
Gucukoglu. File: bounce/bounce_trace_service.c.
|
|
|
|
|
- use latest VDA patch (2.8.5)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jan 25 15:12:38 UTC 2012 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#743369 - yast2 mail module does not open the firewall
|
|
|
|
|
- Set MD5DIR in SuSEconfig.postfix to avoid warnings
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 17 11:14:30 UTC 2012 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc738693 - upgrade from 11.4 enables mysql service for systemd
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 12 12:18:17 UTC 2012 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- Add postmap rebuild script to systemv init script too
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jan 11 14:21:21 UTC 2012 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#738900 - cyrus-imapd not receiving mail from postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Dec 13 14:50:45 UTC 2011 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- Move the post map rebuild script into the start script
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Dec 6 11:04:12 UTC 2011 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- Fix the last change in %post
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Dec 2 06:44:28 UTC 2011 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- bnc#728308 - warning output after update the postfix package
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Nov 9 20:05:38 UTC 2011 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- update to 2.8.7
|
|
|
|
|
Bugfixes:
|
|
|
|
|
smtpd(8) did not sanitize newline characters in cleanup(8)
|
|
|
|
|
REJECT messages, causing them to be sent out via SMTP as bare newline characters.
|
|
|
|
|
smtpd(8) sent multi-line responses from a before-queue content filter as text with
|
|
|
|
|
bare <LF> instead of <CR><LF>.
|
|
|
|
|
Workaround: postscreen sent non-compliant SMTP responses (220- followed by 421)
|
|
|
|
|
when it could not give a connection to a real smtpd process, causing some
|
|
|
|
|
remote SMTP clients to bounce mail.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Nov 3 15:56:23 UTC 2011 - varkoly@suse.com
|
|
|
|
|
|
|
|
|
|
- Use the systemd macros in the spec file
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Oct 14 16:43:02 CEST 2011 - mhrusecky@suse.cz
|
|
|
|
|
|
|
|
|
|
- only fix files that exists in %post
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Oct 9 04:30:54 UTC 2011 - crrodriguez@opensuse.org
|
|
|
|
|
|
|
|
|
|
- Use SSL_MODE_RELEASE_BUFFERS if available, see
|
|
|
|
|
SSL_CTX_set_mode man page and
|
|
|
|
|
http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
|
|
|
|
|
for the full details.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 6 14:49:47 UTC 2011 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- update to 2.8.5
|
|
|
|
|
* Bugfix: allow for Milters that send an SMTP server reply
|
|
|
|
|
without RFC 3463 enhanced status code. Reported by Vladimir
|
|
|
|
|
Vassiliev. File: milter/milter8.c.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Aug 22 09:31:02 UTC 2011 - varkoly@novell.com
|
|
|
|
|
|
|
|
|
|
- bnc#684304 - server:mail/postfix: Bugs in SuSEconfig chroot setup script
|
|
|
|
|
- Aplly SASL_SOCKET_DIR patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 18 09:32:04 UTC 2011 - varkoly@novell.com
|
|
|
|
|
|
|
|
|
|
- Move SuSEconfig.postfix into /usr/sbin/
|
|
|
|
|
(FATE#311272: Do not rewrite postfix.cf via SuSEconfig)
|
|
|
|
|
SuSEconfig.postfix will be executed only once after installation
|
|
|
|
|
automaticaly. Afterwards only you can start it manually or via
|
|
|
|
|
yast2 mail module.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 12 16:40:40 UTC 2011 - werner@suse.de
|
|
|
|
|
|
|
|
|
|
- Just the first strep forward to systemd, please test out
|
|
|
|
|
/etc/postfix/system/update_chroot
|
|
|
|
|
/etc/postfix/system/wait_qmgr
|
|
|
|
|
/etc/postfix/system/cond_slp
|
|
|
|
|
and
|
|
|
|
|
/lib/systemd/system/postfix.service
|
|
|
|
|
and also fill out the missing description.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Aug 9 11:03:55 UTC 2011 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- rework SuSE patch
|
|
|
|
|
* add missing SASL stuff in rc.postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jul 25 09:08:14 UTC 2011 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- when chrooted and using SASL
|
|
|
|
|
o mount -o bind SASL_SOCKET_DIR into postfix CHROOT
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jul 11 17:22:19 UTC 2011 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- update to 2.8.4
|
|
|
|
|
o Linux kernel version 3 support.
|
|
|
|
|
for more info see ChangeLog
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jul 6 13:11:07 UTC 2011 - varkoly@novell.com
|
|
|
|
|
|
|
|
|
|
- bnc#686436 - postfix bounces messages with improper use of 8-bit data in message body
|
|
|
|
|
- Apply patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jul 1 12:35:59 UTC 2011 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- rework master.cf patch
|
|
|
|
|
o fix receive_override_options line
|
|
|
|
|
- rework SuSE patch
|
|
|
|
|
o sysconfig: remove POSTFIX_WITH_POP_BEFORE_SMTP
|
|
|
|
|
o SuSEconfig: fix receive_override_options line
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 30 20:15:40 UTC 2011 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- replace vda patch
|
|
|
|
|
o 2.8.1 -> 2.8.3
|
|
|
|
|
- fix files doc
|
|
|
|
|
o remove 'doc auxiliary'
|
|
|
|
|
instead cp to pf_docdir
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat May 28 04:22:22 UTC 2011 - varkoly@novell.com
|
|
|
|
|
|
|
|
|
|
- fix spec for building on all repos
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue May 24 10:24:51 UTC 2011 - varkoly@novell.com
|
|
|
|
|
|
|
|
|
|
- bnc#679187 - suseconfig/postfix: missing dependency
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue May 17 22:31:46 UTC 2011 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- fix master.cf
|
|
|
|
|
o fix missing
|
|
|
|
|
- amavis unix - - n - 4 smtp
|
|
|
|
|
- localhost:10025 inet n - n - - smtpd
|
|
|
|
|
o add master.cf patch
|
|
|
|
|
- rework patches
|
|
|
|
|
o main.cf (add two missing sasl vars)
|
|
|
|
|
o postfix-SuSE (SuSEconfig, cleanup those vars,...)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun May 15 14:16:03 UTC 2011 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- rework TLS stuff
|
|
|
|
|
o reworked main.cf patch
|
|
|
|
|
o added postfix-SuSE patch
|
|
|
|
|
o added post-install patch
|
|
|
|
|
Editing /etc/postfix/master.cf, adding missing entry for tlsmgr service
|
|
|
|
|
add only if it really does not exist
|
|
|
|
|
- removed Author from description
|
|
|
|
|
- updated vda patch
|
|
|
|
|
o vda-2.7.1 > vda-v10-2.8.1
|
|
|
|
|
- fix build for SLE_10
|
|
|
|
|
o no fdupes ;)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 11 08:23:56 UTC 2011 - varkoly@novell.com
|
|
|
|
|
|
|
|
|
|
- remove document paths from postfix-files to avoid error messages
|
|
|
|
|
when postfix-doc is not installed
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue May 10 09:20:23 UTC 2011 - varkoly@novell.com
|
|
|
|
|
|
|
|
|
|
- update to 2.8.3 - VUL-0: postfix memory corruption
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Apr 10 07:00:18 UTC 2011 - varkoly@novell.com
|
|
|
|
|
|
|
|
|
|
- bnc#641271 - postfix-2.7.1: init script cannot properly stop
|
|
|
|
|
multi-instance configurations
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Mar 30 21:21:16 UTC 2011 - varkoly@novell.com
|
|
|
|
|
|
|
|
|
|
- update to 2.8.2
|
|
|
|
|
* DNSBL/DNSWL:
|
|
|
|
|
o Support for address patterns in DNS blacklist and whitelist lookup results.
|
|
|
|
|
o The Postfix SMTP server now supports DNS-based whitelisting with several safety features
|
|
|
|
|
* Support for read-only sqlite database access.
|
|
|
|
|
* Alias expansion:
|
|
|
|
|
o Postfix now reports a temporary delivery error when the result
|
|
|
|
|
of virtual alias expansion would exceed the virtual_alias_recursion_limit
|
|
|
|
|
or virtual_alias_expansion_limit.
|
|
|
|
|
o To avoid repeated delivery to mailing lists with pathological
|
|
|
|
|
nested alias configurations, the local(8) delivery agent now keeps
|
|
|
|
|
the owner-alias attribute of a parent alias, when delivering mail
|
|
|
|
|
to a child alias that does not have its own owner alias.
|
|
|
|
|
* The Postfix SMTP client no longer appends the local domain when
|
|
|
|
|
looking up a DNS name without ".".
|
|
|
|
|
* The SMTP server now supports contact information that is appended
|
|
|
|
|
to "reject" responses: smtpd_reject_footer
|
|
|
|
|
* Postfix by default no longer adds a "To: undisclosed-recipients:;"
|
|
|
|
|
header when no recipient specified in the message header.
|
|
|
|
|
* tls support:
|
|
|
|
|
o The Postfix SMTP server now always re-computes the SASL mechanism
|
|
|
|
|
list after successful completion of the STARTTLS command.
|
|
|
|
|
o The smtpd_starttls_timeout default value is now stress-dependent.
|
|
|
|
|
o Postfix no longer appends the system-supplied default CA certificates
|
|
|
|
|
to the lists specified with *_tls_CAfile or with *_tls_CApath.
|
|
|
|
|
* New feature: Prototype postscreen(8) server that runs a number
|
|
|
|
|
of time-consuming checks in parallel for all incoming SMTP connections,
|
|
|
|
|
before clients are allowed to talk to a real Postfix SMTP server.
|
|
|
|
|
It detects clients that start talking too soon, or clients that appear
|
|
|
|
|
on DNS blocklists, or clients that hang up without sending any command.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 10 11:43:28 UTC 2011 - varkoly@novell.com
|
|
|
|
|
|
|
|
|
|
- bnc#667299 - Postfix LICENSE not marked as documentation
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jan 17 09:56:32 UTC 2011 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- add some min LDAP support for virtual LDAP-users
|
|
|
|
|
o sysconfig "WITH_LDAP"
|
|
|
|
|
o add ldap_aliases.cf
|
|
|
|
|
o SuSEconfig.postfix
|
|
|
|
|
virtual_alias_maps = ... ldap:/etc/postfix/ldap_aliases.cf
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 4 12:14:06 UTC 2011 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- update to 2.7.2
|
|
|
|
|
* Bugfix (introduced Postfix 2.2): Postfix no longer appends
|
|
|
|
|
the system default CA certificates to the lists specified
|
|
|
|
|
with *_tls_CAfile or with *_tls_CApath. This prevents
|
|
|
|
|
third-party certificates from getting mail relay permission
|
|
|
|
|
with the permit_tls_all_clientcerts feature. Unfortunately
|
|
|
|
|
this may cause compatibility problems with configurations
|
|
|
|
|
that rely on certificate verification for other purposes.
|
|
|
|
|
To get the old behavior, specify "tls_append_default_CA =
|
|
|
|
|
yes". Files: tls/tls_certkey.c, tls/tls_misc.c,
|
|
|
|
|
global/mail_params.h. proto/postconf.proto, mantools/postlink.
|
|
|
|
|
* Compatibility with Postfix < 2.3: fix 20061207 was incomplete
|
|
|
|
|
(undoing the change to bounce instead of defer after
|
|
|
|
|
pipe-to-command delivery fails with a signal). Fix by Thomas
|
|
|
|
|
Arnett. File: global/pipe_command.c.
|
|
|
|
|
* Bugfix: the milter_header_checks parser provided only the
|
|
|
|
|
actions that change the message flow (reject, filter,
|
|
|
|
|
discard, redirect) but disabled the non-flow actions (warn,
|
|
|
|
|
replace, prepend, ignore, dunno, ok). File:
|
|
|
|
|
cleanup/cleanup_milter.c.
|
|
|
|
|
* Performance: fix for poor smtpd_proxy_filter TCP performance
|
|
|
|
|
over loopback (127.0.0.1) connections. Problem reported by
|
|
|
|
|
Mark Martinec. Files: smtpd/smtpd_proxy.c.
|
|
|
|
|
* Cleanup: don't apply reject_rhsbl_helo to non-domain forms
|
|
|
|
|
such as network addresses. This would cause false positives
|
|
|
|
|
with dbl.spamhaus.org. File: smtpd/smtpd_check.c.
|
|
|
|
|
* Bugfix: the "421" reply after Milter error was overruled
|
|
|
|
|
by Postfix 1.1 code that replied with "503" for RFC 2821
|
|
|
|
|
compliance. We now make an exception for "final" replies,
|
|
|
|
|
as permitted by RFC. Solution by Victor Duchovni. File:
|
|
|
|
|
smtpd/smtpd.c.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Dec 11 19:50:25 UTC 2010 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- update vda patch
|
|
|
|
|
o remove 2.6.1-vda-ng.patch
|
|
|
|
|
o remove 2.6.1-vda-ng-64bit.patch
|
|
|
|
|
o add vda-2.7.1.patch
|
|
|
|
|
- rework main.cf.patch
|
|
|
|
|
o remove 2.2.9-main.cf.patch
|
|
|
|
|
o add 2.7.1-main.cf.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Dec 7 22:02:56 UTC 2010 - coolo@novell.com
|
|
|
|
|
|
|
|
|
|
- prereq init scripts network and syslog
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 12 18:57:14 UTC 2010 - varkoly@novell.com
|
|
|
|
|
|
|
|
|
|
- Remove obsolate postscripts
|
|
|
|
|
- bnc#625657 - SuSEconfig.postfix and smtp_use_tls
|
|
|
|
|
- bnc#622873 - postfix doesn't start if ipv6 is disabled
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jul 6 15:04:30 UTC 2010 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- reworked bnc#606251 stuff (not checked in to Factory)
|
|
|
|
|
o used my_print_defaults command for parsing of /etc/my.cnf
|
|
|
|
|
o using quotation marks: "$PF_CHROOT"
|
|
|
|
|
o added sysconfig option POSTFIX_MYSQL_CONN=(socket,tcp)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 16 23:39:09 UTC 2010 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- bnc#606251 - postfix chrooted mysql.sock lost on mysql restart
|
|
|
|
|
o Now MYSQL_SOCK_DIR is mounted with '-o bind' to postfix CHROOT
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 10 10:55:54 UTC 2010 - varkoly@novell.com
|
|
|
|
|
|
|
|
|
|
- update to 2.7.1
|
|
|
|
|
* Bugfix (introduced Postfix 2.6) in the XFORWARD implementation,
|
|
|
|
|
which sends remote SMTP client attributes through SMTP-based content filters.
|
|
|
|
|
The Postfix SMTP client did not skip "unknown" SMTP client attributes,
|
|
|
|
|
causing a syntax error when sending an "unknown" client PORT attribute.
|
|
|
|
|
* Robustness: skip LDAP queries with non-ASCII search strings, instead of failing with a database lookup error.
|
|
|
|
|
* Safety: Postfix processes now log a warning when a matchlist has
|
|
|
|
|
a #comment at the end of a line (for example mynetworks or relay_domains).
|
|
|
|
|
* Portability: OpenSSL 1.0.0 changes the priority of anonymous cyphers.
|
|
|
|
|
* Portability: Berkeley DB 5.x is now supported.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu May 20 17:08:26 UTC 2010 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- fix obviously lost POSTFIX_MYHOSTNAME in SuSEconfig.postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Apr 7 12:39:16 UTC 2010 - varkoly@novell.com
|
|
|
|
|
|
|
|
|
|
- New file check_mail_queue. This script checks if there are some
|
|
|
|
|
mails in the queue and starts postfix if necessary. After delivering
|
|
|
|
|
the mails postfix will be stoped.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Apr 1 10:28:09 UTC 2010 - varkoly@novell.com
|
|
|
|
|
|
|
|
|
|
- bnc#559145 - Changed Domain name not reflected when sending mail
|
|
|
|
|
First /var/run/dhcp-hostname will be evaluated
|
|
|
|
|
- Now POSTFIX_SMTP_TLS_CLIENT is ternary : no yes must
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Feb 28 18:38:18 UTC 2010 - varkoly@novell.com
|
|
|
|
|
- update to 2.7.0
|
|
|
|
|
* performance
|
|
|
|
|
- Periodic cache cleanup for the verify(8) cache database.
|
|
|
|
|
- Improved before-queue filter performance.
|
|
|
|
|
* sender reputation
|
|
|
|
|
- The FILTER action in access maps or header/body_checks now supports sender
|
|
|
|
|
reputation schemes that dynamically choose the SMTP source IP address.
|
|
|
|
|
* address verification
|
|
|
|
|
- The verify(8) service now uses a persistent cache by default.
|
|
|
|
|
* content filter
|
|
|
|
|
- The meaning of an empty filter next-hop destination has changed.
|
|
|
|
|
- The FILTER action in access maps or header/body_checks now supports sender
|
|
|
|
|
reputation schemes that dynamically choose the SMTP source IP address.
|
|
|
|
|
* milter
|
|
|
|
|
- Support for header checks on Milter-generated message headers.
|
|
|
|
|
Please read /usr/share/doc/packages/postfix/RELEASE_NOTES for details.
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 11 15:16:13 UTC 2010 - coolo@novell.com
|
|
|
|
|
|
|
|
|
|
- revert the change to PreReq openldap-devel, this increases the
|
|
|
|
|
default installation several MBs
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Feb 2 15:45:26 UTC 2010 - varkoly@novell.com
|
|
|
|
|
|
|
|
|
|
- bnc#567569 - Postfix: move ldap support to a separate package
|
|
|
|
|
- bnc#557239 - postfix delivers mail to user's home instead of /var/spool/mail
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 5 23:28:12 UTC 2010 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- rpmlint fixes
|
|
|
|
|
o init-script-undefined-dependency $network-remotefs
|
|
|
|
|
- fix for SuSEconfig.postfix
|
|
|
|
|
o if use_amavis eq "yes"
|
|
|
|
|
then content_filter "amavis:[127.0.0.1]:10024]" is defined,
|
|
|
|
|
so removed "-o content_filter=smtp:[127.0.0.1]:10024" for smtp
|
|
|
|
|
- s#ldconfig#/sbin/ldconfig#
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Dec 22 16:15:00 CEST 2009 - freespacer@gmx.de
|
|
|
|
|
|
|
|
|
|
- Add support for dovecot as MDA to SuSEconfig.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Dec 16 10:45:14 CET 2009 - jengelh@medozas.de
|
|
|
|
|
|
|
|
|
|
- Package documentation as noarch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Dec 10 13:15:15 CET 2009 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- Remove postfixs update script. This does not work now.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Dec 8 19:15:15 CET 2009 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- Fix the %post section add missed %{fillup_only -an mail}
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Nov 16 17:14:39 CET 2009 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- bnc#555814 – VUL-0: SMTPD_LISTEN_REMOTE="yes" by default
|
|
|
|
|
- bnc#555732 - Invalid $(hostname -i) usage SuSEconfig.postfix
|
|
|
|
|
- bnc#547928 – Postfix does not start during boot process
|
|
|
|
|
- Avoid append relay multiple times in POSTFIX_MAP_LIST
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Oct 26 14:36:55 CET 2009 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- bnc#549612 – SuSEconfig.postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Sep 28 09:22:54 CEST 2009 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- bnc#540538 – postfix-2.6.1-10.1 installs new files in /etc/postfix and does not generate <file>.db
|
|
|
|
|
- bnc#519438 - Postfix: Running chrooted lets qmgr loosing his syslog-socket
|
|
|
|
|
- remove obsolate version tests from SuSEconfig.postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Sep 28 08:24:43 CEST 2009 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- bnc#525825 - when using cyrus in a chroot environment Suseconfig does not
|
|
|
|
|
create socket /var/lib/imap/socket/lmtp
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Sep 14 11:34:41 UTC 2009 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- spec
|
|
|
|
|
o fdupes if >= 1100
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 10 21:22:46 CEST 2009 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- update to 2.6.1
|
|
|
|
|
o merge home:varkoly:Factory and o:F
|
|
|
|
|
- spec mods
|
|
|
|
|
o use of getent
|
|
|
|
|
- rpmlint
|
|
|
|
|
o remove unneeded dists from examples/chroot-setup/
|
|
|
|
|
o postin-without-ldconfig
|
|
|
|
|
o files-duplicate /usr/share/doc/packages/postfix-doc/html/
|
|
|
|
|
o files-duplicate /usr/share/man/man?
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Apr 13 18:21:14 UTC 2009 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- added VDA patch
|
|
|
|
|
o Mailbox / Maildir size limit, known also as "soft quota",
|
|
|
|
|
to avoid user take all you disk space
|
|
|
|
|
o Customizable "limit" message when the soft quota limit is reached.
|
|
|
|
|
NOTE: message is sent to senders, but NOT to the owner of the mailbox.
|
|
|
|
|
o Limit only 'INBOX', because some people use IMAP and don't want
|
|
|
|
|
the same limit in IMAP folder that are differents from INBOX.
|
|
|
|
|
o Support for 'Courier' style Maildir, usefull for people that
|
|
|
|
|
use courier as pop3/imap server and to get fast soft quota summary.
|
|
|
|
|
Note that it is also compatible with qmail maildir per default.
|
|
|
|
|
o Supports for Courier 'maildirsize' file in Maildir folder that
|
|
|
|
|
is used to read quotas quickly. Note that this option is not
|
|
|
|
|
actived per default and can be dangerous on some NFS client
|
|
|
|
|
implementation
|
|
|
|
|
(like for example Solaris that cache some filesystem operations).
|
|
|
|
|
o Customisable suffix for Maildir support, when share same external
|
|
|
|
|
dict between postfix and pop3/imap server sometime "Maildir/" suffix
|
|
|
|
|
is needed to avoid extra database handling (eg LDAP, MySQL...).
|
|
|
|
|
- some improvements of SuSEconfig.postfix
|
|
|
|
|
o POSTFIX_LISTEN: Comma separated list of IP's
|
|
|
|
|
o POSTFIX_INET_PROTO: ipv4, ipv6, all
|
|
|
|
|
o POSTFIX_MYHOSTNAME: define SMTPs FQHOSTNAME
|
|
|
|
|
o POSTFIX_WITH_MYSQL: when using MySQL as backend
|
|
|
|
|
o POSTFIX_BASIC_SPAM_PREVENTION: "custom"
|
|
|
|
|
you can now define your own rules
|
|
|
|
|
- POSTFIX_SMTPD_CLIENT_RESTRICTIONS
|
|
|
|
|
- POSTFIX_SMTPD_HELO_RESTRICTIONS
|
|
|
|
|
- POSTFIX_SMTPD_SENDER_RESTRICTIONS
|
|
|
|
|
- POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS
|
|
|
|
|
- added helo_access for helo checks
|
|
|
|
|
- added relay for relaying domain
|
|
|
|
|
- added MySQL stuff when using MySQL as backend (virtuser)
|
|
|
|
|
o you should consider postfixAdmin as mgmnt interface
|
|
|
|
|
o when runninng postfix chrooted:
|
|
|
|
|
you have to run SUSEconfig each time when you have restarted MySQL
|
|
|
|
|
because of linking mysql.sock
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Mar 29 15:18:52 CEST 2009 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- bnc#439287 - not all POSTFIX_ADD_* values are properly handled
|
|
|
|
|
by SuSEconfig.postfix
|
|
|
|
|
- bnc#483208 - Postfix configuration trashed after update
|
|
|
|
|
- bnc#488268 - SuSEconfig.postfix chroot setup misses /etc/ssl/certs
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jan 12 11:12:16 CET 2009 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- bnc#465165 - postfix src package
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 9 17:43:53 CET 2009 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- bnc#464869 - SuSEconfig.postfix causes DNS lookup
|
|
|
|
|
- bnc#460442 - amavisd-new and Postfix need fqdn-hostname in "uname -n"
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jan 5 13:54:11 CET 2009 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- update to 2.5.6
|
|
|
|
|
- The SMTP server did not ask for a client certificate
|
|
|
|
|
with "smtpd_tls_req_ccert = yes". Reported by Rob Foehl.
|
|
|
|
|
|
|
|
|
|
- Avoid reduced TCP performance when reusing an SMTP connection
|
|
|
|
|
with a larger than 4096-byte TCP MSS value. In practice, this
|
|
|
|
|
could happen only with loopback (localhost) connections.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Nov 16 12:16:03 CET 2008 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- (bnc#442456) - chrooted postfix and saslauthd
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Nov 4 15:24:41 CET 2008 - ro@suse.de
|
|
|
|
|
|
|
|
|
|
- fix build
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Nov 4 15:15:03 CET 2008 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- upgrade must not be executed during installation
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Oct 14 11:16:21 CEST 2008 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- (bnc#403976) - permissions on /var/lib/postfix changed
|
|
|
|
|
- (bnc#433916) - postfix should be splitted into postfix and postfix-doc
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 11 14:34:22 CEST 2008 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- (bnc#415216) - Postfix RPM Install Displays Multiple Warnings
|
|
|
|
|
- clean up spec file
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 9 09:57:35 CEST 2008 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- Update to Version 2.5 patchlevel 5
|
|
|
|
|
* Bugfix (introduced Postfix 2.4): epoll file descriptor leak.
|
|
|
|
|
With Postfix >= 2.4 on Linux >= 2.6, Postfix has an epoll
|
|
|
|
|
file descriptor leak when it executes non-Postfix commands
|
|
|
|
|
in, for example, user-controlled $HOME/.forward files.
|
|
|
|
|
* Security: some systems have changed their link() semantics,
|
|
|
|
|
and will hardlink a symlink, contrary to POSIX and XPG4.
|
|
|
|
|
Sebastian Krahmer, SuSE. File: util/safe_open.c.
|
|
|
|
|
|
|
|
|
|
The solution introduces the following incompatible change:
|
|
|
|
|
when the target of mail delivery is a symlink, the parent
|
|
|
|
|
directory of that symlink must now be writable by root only
|
|
|
|
|
(in addition to the already existing requirement that the
|
|
|
|
|
symlink itself is owned by root). This change will break
|
|
|
|
|
legitimate configurations that deliver mail to a symbolic
|
|
|
|
|
link in a directory with less restrictive permissions.
|
|
|
|
|
* Bugfix: dangling pointer in vstring_sprintf_prepend().
|
|
|
|
|
File: util/vstring.c.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Aug 25 18:45:03 CEST 2008 - mt@suse.de
|
|
|
|
|
|
|
|
|
|
- init script: copy LSB *-Start tags to *-Stop
|
|
|
|
|
- spec file: removed obsolete rc.config update hooks
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Aug 6 13:33:01 CEST 2008 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- (bnc#414959) postfix doesn't have any "Name: " tag in firewall definition
|
|
|
|
|
- (bnc#405900) SuSEconfig.postfix changes owner and permissions of
|
|
|
|
|
/tmp if smtpd_tls_CApath is not set
|
|
|
|
|
|
|
|
|
|
- Update to Version 2.5 patchlevel 3
|
|
|
|
|
* Cleanup of code
|
|
|
|
|
* defer delivery when a mailbox file is not owned by the recipient.
|
|
|
|
|
Requested by Sebastian Krahmer, SuSE.
|
|
|
|
|
Specify "strict_mailbox_ownership=no" to ignore ownership discrepancies.
|
|
|
|
|
* Bugfix: null-terminate CN comment string after sanitization.
|
|
|
|
|
* Bugfix (introduced Postfix 2.0): after "warn_if_reject
|
|
|
|
|
reject_unlisted_recipient/sender", the SMTP server mistakenly
|
|
|
|
|
remembered that recipient/sender validation was already done.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jul 9 15:07:46 CEST 2008 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- (fate#305005) Enable SMTPS in postfix ootb
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jun 17 12:27:10 CEST 2008 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- (bnc#396985) sending of NUL character disallowed by RFC2822
|
|
|
|
|
- (bnc#397127) without relay is silent about undeliverable mails
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue May 13 18:17:09 CEST 2008 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- (bnc#389670) - postfix generates invalid config
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Apr 1 16:17:31 CEST 2008 - mkoenig@suse.de
|
|
|
|
|
|
|
|
|
|
- remove dir /usr/share/omc/svcinfo.d as it is provided now
|
|
|
|
|
by filesystem
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Feb 26 09:59:43 CET 2008 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- Update to Version 2.5 patchlevel 1
|
|
|
|
|
Changes: The Postfix 2.5 "postfix upgrade-configuration" command
|
|
|
|
|
now works even with Postfix 2.4 or earlier versions of the
|
|
|
|
|
postfix command. When installing Postfix 2.5.0 without upgrading
|
|
|
|
|
from an existing master.cf file, the new master.cf file had an
|
|
|
|
|
incorrect process limit for the proxywrite service. This service
|
|
|
|
|
is used only by the obscure "smtp_sasl_auth_cache_name" and
|
|
|
|
|
"lmtp_sasl_auth_cache_name" configuration parameters. Someone
|
|
|
|
|
needed multi-line support for header/body Milter replies. The
|
|
|
|
|
LDAP client's TLS support was broken in several ways.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Feb 13 14:58:52 CET 2008 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- #360572 - postfix %post script leaves lots of backup files in /etc/postfix/
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jan 30 12:20:53 CET 2008 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- Update to Version 2.5 patchlevel 0
|
|
|
|
|
|
|
|
|
|
Major changes - critical
|
|
|
|
|
------------------------
|
|
|
|
|
|
|
|
|
|
[Incompat 20071224] The protocol to send Milter information from
|
|
|
|
|
smtpd(8) to cleanup(8) processes was cleaned up. If you use the
|
|
|
|
|
Milter feature, and upgrade a live Postfix system, you may see an
|
|
|
|
|
"unexpected record type" warning from a cleanup(8) server process.
|
|
|
|
|
To prevent this, execute the command "postfix reload". The
|
|
|
|
|
incompatibility affects only systems that use the Milter feature.
|
|
|
|
|
It does not cause loss of mail, just a minor delay until the remote
|
|
|
|
|
SMTP client retries.
|
|
|
|
|
|
|
|
|
|
[Incompat 20071212] The allow_min_user feature now applies to both
|
|
|
|
|
sender and recipient addresses in SMTP commands. With earlier Postfix
|
|
|
|
|
versions, only recipients were subject to the allow_min_user feature,
|
|
|
|
|
and the restriction took effect at mail delivery time, causing mail
|
|
|
|
|
to be bounced later instead of being rejected immediately.
|
|
|
|
|
|
|
|
|
|
[Incompat 20071206] The "make install" and "make upgrade" procedures
|
|
|
|
|
now create a Postfix-owned directory for Postfix-writable data files
|
|
|
|
|
such as caches and random numbers. The location is specified with
|
|
|
|
|
the "data_directory" parameter (default: "/var/lib/postfix"), and
|
|
|
|
|
the ownership is specified with the "mail_owner" parameter.
|
|
|
|
|
|
|
|
|
|
[Incompat 20071206] The tlsmgr(8) and verify(8) servers no longer
|
|
|
|
|
use root privileges when opening the address_verify_map,
|
|
|
|
|
*_tls_session_cache_database, and tls_random_exchange_name cache
|
|
|
|
|
files. This avoids a potential security loophole where the ownership
|
|
|
|
|
of a file (or directory) does not match the trust level of the
|
|
|
|
|
content of that file (or directory).
|
|
|
|
|
|
|
|
|
|
[Incompat 20071206] The tlsmgr(8) and verify(8) cache files should
|
|
|
|
|
now be stored as Postfix-owned files under the Postfix-owned
|
|
|
|
|
data_directory. As a migration aid, attempts to open these files
|
|
|
|
|
under a non-Postfix directory are redirected to the Postfix-owned
|
|
|
|
|
data_directory, and a warning is logged.
|
|
|
|
|
|
|
|
|
|
This is an example of the warning messages:
|
|
|
|
|
|
|
|
|
|
Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: request
|
|
|
|
|
to update file /etc/postfix/prng_exch in non-postfix directory
|
|
|
|
|
/etc/postfix
|
|
|
|
|
|
|
|
|
|
Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: redirecting
|
|
|
|
|
the request to postfix-owned data_directory /var/lib/postfix
|
|
|
|
|
|
|
|
|
|
If you wish to continue using a pre-existing tls_random_exchange_name
|
|
|
|
|
or address_verify_map file, move it to the Postfix-owned data_directory
|
|
|
|
|
and change ownership from root to Postfix (that is, change ownership
|
|
|
|
|
to the account specified with the mail_owner configuration parameter).
|
|
|
|
|
|
|
|
|
|
[Feature 20071205] The "make install" and "make upgrade" procedures
|
|
|
|
|
now create a Postfix-owned directory for Postfix-writable data files
|
|
|
|
|
such as caches and random numbers. The location is specified with
|
|
|
|
|
the "data_directory" parameter (default: "/var/lib/postfix"), and
|
|
|
|
|
the ownership is specified with the "mail_owner" parameter.
|
|
|
|
|
|
|
|
|
|
[Incompat 20071203] The "make upgrade" procedure adds a new service
|
|
|
|
|
"proxywrite" to the master.cf file, for read/write lookup table
|
|
|
|
|
access. If you copy your old configuration file over the updated
|
|
|
|
|
one, you may see warnings in the maillog file like this:
|
|
|
|
|
|
|
|
|
|
connect #xx to subsystem private/proxywrite: No such file or directory
|
|
|
|
|
|
|
|
|
|
To recover, run "postfix upgrade-configuration" again.
|
|
|
|
|
|
|
|
|
|
[Incompat 20070613] The pipe(8) delivery agent no longer allows
|
|
|
|
|
delivery with the same group ID as the main.cf postdrop group.
|
|
|
|
|
|
|
|
|
|
Major changes - malware defense
|
|
|
|
|
-------------------------------
|
|
|
|
|
|
|
|
|
|
[Feature 20080107] New "pass" service type in master.cf. Written
|
|
|
|
|
years ago, this allows future front-end daemons to accept all
|
|
|
|
|
connections from the network, and to hand over connections from
|
|
|
|
|
well-behaved clients to Postfix. Since this feature uses file
|
|
|
|
|
descriptor passing, it imposes no overhead once a connection is
|
|
|
|
|
handed over to Postfix. See master(5) for a few details.
|
|
|
|
|
|
|
|
|
|
[Feature 20070911] Stress-adaptive behavior. When a "public" network
|
|
|
|
|
service runs into an "all processes are busy" condition, the master(8)
|
|
|
|
|
daemon logs a warning, restarts the service, and runs it with "-o
|
|
|
|
|
stress=yes" on the command line (under normal conditions it runs
|
|
|
|
|
the service with "-o stress=" on the command line). This can be
|
|
|
|
|
used to make main.cf parameter settings stress dependent, for
|
|
|
|
|
example:
|
|
|
|
|
|
|
|
|
|
/etc/postfix/main.cf:
|
|
|
|
|
smtpd_timeout = ${stress?10}${stress:300}
|
|
|
|
|
smtpd_hard_error_limit = ${stress?1}${stress:20}
|
|
|
|
|
|
|
|
|
|
Translation: under conditions of stress, use an smtpd_timeout value
|
|
|
|
|
of 10 seconds instead of 300, and use smtpd_hard_error_limit of 1
|
|
|
|
|
instead of 20. The syntax is explained in the postconf(5) manpage.
|
|
|
|
|
|
|
|
|
|
The STRESS_README file gives examples of how to mitigate flooding
|
|
|
|
|
problems.
|
|
|
|
|
|
|
|
|
|
Major changes - tls support
|
|
|
|
|
---------------------------
|
|
|
|
|
|
|
|
|
|
[Incompat 20080109] TLS logging output has changed to make it more
|
|
|
|
|
useful. Existing logfile parser regular expressions may need
|
|
|
|
|
adjustment.
|
|
|
|
|
|
|
|
|
|
- More log entries include the "hostnamename[ipaddress]" of the
|
|
|
|
|
remote SMTP peer.
|
|
|
|
|
|
|
|
|
|
- Certificate trust chain error reports show only the first
|
|
|
|
|
error certificate (closest to the trust chain root), and the
|
|
|
|
|
reporting is more human-readable for the most likely errors.
|
|
|
|
|
|
|
|
|
|
- After the completion of the TLS handshake, the session is logged
|
|
|
|
|
with TLS loglevel >= 1 as either "Untrusted", "Trusted" or
|
|
|
|
|
"Verified" (SMTP client only).
|
|
|
|
|
- "Untrusted" means that the certificate trust chain is invalid,
|
|
|
|
|
or that the root CA is not trusted.
|
|
|
|
|
- "Trusted" means that the certificate trust chain is valid, and
|
|
|
|
|
that the root CA is trusted.
|
|
|
|
|
- "Verified" means that the certificate meets the SMTP client's
|
|
|
|
|
matching criteria for the destination:
|
|
|
|
|
- In the case of a destination name match, "Verified" also
|
|
|
|
|
implies "Trusted".
|
|
|
|
|
- In the case of a fingerprint match, CA trust is not applicable.
|
|
|
|
|
|
|
|
|
|
- The logging of protocol states with TLS loglevel >= 2 no longer
|
|
|
|
|
reports bogus error conditions when OpenSSL asks Postfix to refill
|
|
|
|
|
(or flush) network I/O buffers. This loglevel is for debugging
|
|
|
|
|
only; use 0 or 1 in production configurations.
|
|
|
|
|
|
|
|
|
|
[Feature 20080109] The Postfix SMTP client has a new "fingerprint"
|
|
|
|
|
security level. This avoids dependencies on CAs, and relies entirely
|
|
|
|
|
on bi-lateral exchange of public keys (really self-signed or private
|
|
|
|
|
CA signed X.509 public key certificates). Scalability is clearly
|
|
|
|
|
limited. For details, see the fingerprint discussion in TLS_README.
|
|
|
|
|
|
|
|
|
|
[Feature 20080109] The Postfix SMTP server can now use SHA1 instead
|
|
|
|
|
of MD5 to compute remote SMTP client certificate fingerprints. For
|
|
|
|
|
backwards compatibility, the default algorithm is MD5. For details,
|
|
|
|
|
see the "smtpd_tls_fingerprint_digest" parameter in the postconf(5)
|
|
|
|
|
manual.
|
|
|
|
|
|
|
|
|
|
[Feature 20080109] The maximum certificate trust chain depth
|
|
|
|
|
(verifydepth) is finally implemented in the Postfix TLS library.
|
|
|
|
|
Previously, the parameter had no effect. The default depth was
|
|
|
|
|
changed to 9 (the OpenSSL default) for backwards compatibility.
|
|
|
|
|
|
|
|
|
|
If you have explicity limited the verification depth in main.cf,
|
|
|
|
|
check that the configured limit meets your needs. See the
|
|
|
|
|
"lmtp_tls_scert_verifydepth", "smtp_tls_scert_verifydepth" and
|
|
|
|
|
"smtpd_tls_ccert_verifydepth" parameters in the postconf(5) manual.
|
|
|
|
|
|
|
|
|
|
[Feature 20080109] The selection of SSL/TLS protocols for mandatory
|
|
|
|
|
TLS can now use exclusion rather than inclusion. Either form is
|
|
|
|
|
acceptable; see the "lmtp_tls_mandatory_protocols",
|
|
|
|
|
"smtp_tls_mandatory_protocols" and "smtpd_tls_mandatory_protocols"
|
|
|
|
|
parameters in the postconf(5) manual.
|
|
|
|
|
|
|
|
|
|
Major changes - scheduler
|
|
|
|
|
-------------------------
|
|
|
|
|
|
|
|
|
|
[Feature 20071130] Revised queue manager with separate mechanisms
|
|
|
|
|
for per-destination concurrency control and for dead destination
|
|
|
|
|
detection. The concurrency control supports less-than-1 feedback
|
|
|
|
|
to allow for more gradual concurrency adjustments, and uses hysteresis
|
|
|
|
|
to avoid rapid oscillations. A destination is declared "dead" after
|
|
|
|
|
a configurable number of pseudo-cohorts(*) reports connection or
|
|
|
|
|
handshake failure.
|
|
|
|
|
|
|
|
|
|
(*) A pseudo-cohort is a number of delivery requests equal to a
|
|
|
|
|
destination's delivery concurrency.
|
|
|
|
|
|
|
|
|
|
The drawbacks of the old +/-1 feedback scheduler are a) overshoot
|
|
|
|
|
due to exponential delivery concurrency growth with each pseudo-cohort(*)
|
|
|
|
|
(5-10-20...); b) throttling down to zero concurrency after a single
|
|
|
|
|
pseudo-cohort(*) failure. The latter was especially an issue with
|
|
|
|
|
low-concurrency channels where a single failure could be sufficient
|
|
|
|
|
to mark a destination as "dead", and suspend further deliveries.
|
|
|
|
|
|
|
|
|
|
New configuration parameters: destination_concurrency_feedback_debug,
|
|
|
|
|
default_destination_concurrency_positive_feedback,
|
|
|
|
|
default_destination_concurrency_negative_feedback,
|
|
|
|
|
default_destination_concurrency_failed_cohort_limit, as well as
|
|
|
|
|
transport-specific versions of the same.
|
|
|
|
|
|
|
|
|
|
The default parameter settings are backwards compatible with older
|
|
|
|
|
Postfix versions. This may change after better defaults are field
|
|
|
|
|
tested.
|
|
|
|
|
|
|
|
|
|
The updated SCHEDULER_README document describes the theory behind
|
|
|
|
|
the new concurrency scheduler, as well as Patrik Rak's preemptive
|
|
|
|
|
job scheduler. See postconf(5) for more extensive descriptions of
|
|
|
|
|
the configuration parameters.
|
|
|
|
|
|
|
|
|
|
Major changes - small/home office
|
|
|
|
|
---------------------------------
|
|
|
|
|
|
|
|
|
|
[Feature 20080115] Preliminary SOHO_README document that combines
|
|
|
|
|
bits and pieces from other document in one place, so that it is
|
|
|
|
|
easier to find. This document describes the "mail sending" side
|
|
|
|
|
only.
|
|
|
|
|
|
|
|
|
|
[Feature 20071202] Output rate control in the queue manager. For
|
|
|
|
|
example, specify "smtp_destination_rate_delay = 5m", to pause five
|
|
|
|
|
minutes between message deliveries. More information in the postconf(5)
|
|
|
|
|
manual under "default_destination_rate_delay".
|
|
|
|
|
|
|
|
|
|
Major changes - smtp client
|
|
|
|
|
---------------------------
|
|
|
|
|
|
|
|
|
|
[Incompat 20080114] The Postfix SMTP client now by default defers
|
|
|
|
|
mail after a remote SMTP server rejects a SASL authentication
|
|
|
|
|
attempt. Specify "smtp_sasl_auth_soft_bounce = no" for the old
|
|
|
|
|
behavior.
|
|
|
|
|
|
|
|
|
|
[Feature 20080114] The Postfix SMTP client can now avoid making
|
|
|
|
|
repeated SASL login failures with the same server, username and
|
|
|
|
|
password. To enable this safety feature, specify for example
|
|
|
|
|
"smtp_sasl_auth_cache_name = proxy:btree:/var/lib/postfix/sasl_auth_cache"
|
|
|
|
|
(access through the proxy service is required). Instead of trying
|
|
|
|
|
to SASL authenticate, the Postfix SMTP client defers or bounces
|
|
|
|
|
mail as controlled with the new smtp_sasl_auth_soft_bounce configuration
|
|
|
|
|
parameter.
|
|
|
|
|
|
|
|
|
|
[Feature 20071111] Header/body checks are now available in the SMTP
|
|
|
|
|
client, after the implementation was moved from the cleanup server
|
|
|
|
|
to a library module. The SMTP client provides only actions that
|
|
|
|
|
don't change the message delivery time or destination: warn, replace,
|
|
|
|
|
prepend, ignore, dunno, ok.
|
|
|
|
|
|
|
|
|
|
[Incompat 20070614] By default, the Postfix Cyrus SASL client no
|
|
|
|
|
longer sends a SASL authoriZation ID (authzid); it sends only the
|
|
|
|
|
SASL authentiCation ID (authcid) plus the authcid's password. Specify
|
|
|
|
|
"send_cyrus_sasl_authzid = yes" to get the old behavior.
|
|
|
|
|
|
|
|
|
|
Major changes - smtp server
|
|
|
|
|
---------------------------
|
|
|
|
|
|
|
|
|
|
[Feature 20070724] Not really major. New support for RFC 3848
|
|
|
|
|
(Received: headers with ESMTPS, ESMTPA, or ESMTPSA); updated SASL
|
|
|
|
|
support according to RFC 4954, resulting in small changes to SMTP
|
|
|
|
|
reply codes and (DSN) enhanced status codes.
|
|
|
|
|
|
|
|
|
|
Major changes - milter
|
|
|
|
|
----------------------
|
|
|
|
|
|
|
|
|
|
[Incompat 20071224] The protocol to send Milter information from
|
|
|
|
|
smtpd(8) to cleanup(8) processes was cleaned up. If you use the
|
|
|
|
|
Milter feature, and upgrade a live Postfix system, you may see an
|
|
|
|
|
"unexpected record type" warning from a cleanup(8) server process.
|
|
|
|
|
To prevent this, execute the command "postfix reload". The
|
|
|
|
|
incompatibility affects only systems that use the Milter feature.
|
|
|
|
|
It does not cause loss of mail, just a minor delay until the remote
|
|
|
|
|
SMTP client retries.
|
|
|
|
|
|
|
|
|
|
[Feature 20071221] Support for most of the Sendmail 8.14 Milter
|
|
|
|
|
protocol features.
|
|
|
|
|
|
|
|
|
|
To enable the new features specify "milter_protocol = 6" and link
|
|
|
|
|
the filter application with a libmilter library from Sendmail 8.14
|
|
|
|
|
or later.
|
|
|
|
|
|
|
|
|
|
Sendmail 8.14 Milter features supported at this time:
|
|
|
|
|
|
|
|
|
|
- NR_CONN, NR_HELO, NR_MAIL, NR_RCPT, NR_DATA, NR_UNKN, NR_HDR,
|
|
|
|
|
NR_EOH, NR_BODY: The filter can tell Postfix that it won't reply
|
|
|
|
|
to some of the SMTP events that Postfix sends. This makes the
|
|
|
|
|
protocol less chatty and improves performance.
|
|
|
|
|
|
|
|
|
|
- SKIP: The filter can tell Postfix to skip sending the rest of
|
|
|
|
|
the message body, which also improves performance.
|
|
|
|
|
|
|
|
|
|
- HDR_LEADSPC: The filter can request that Postfix does not delete
|
|
|
|
|
the first space character between header name and header value
|
|
|
|
|
when sending a header to the filter, and that Postfix does not
|
|
|
|
|
insert a space character between header name and header value
|
|
|
|
|
when receiving a header from the filter. This fixes a limitation
|
|
|
|
|
in the old Milter protocol that can break DKIM and DK signatures.
|
|
|
|
|
|
|
|
|
|
- SETSYMLIST: The filter can override one or more of the main.cf
|
|
|
|
|
milter_xxx_macros parameter settings.
|
|
|
|
|
|
|
|
|
|
Sendmail 8.14 Milter features not supported at this time:
|
|
|
|
|
|
|
|
|
|
- RCPT_REJ: report rejected recipients to the mail filter.
|
|
|
|
|
|
|
|
|
|
- CHGFROM: replace sender, with optional ESMTP command parameters.
|
|
|
|
|
|
|
|
|
|
- ADDRCPT_PAR: add recipient, with optional ESMTP command parameters.
|
|
|
|
|
|
|
|
|
|
It is unclear when (if ever) the missing features will be implemented.
|
|
|
|
|
SMFIP_RCPT_REJ requires invasive changes in the SMTP server recipient
|
|
|
|
|
processing and error handling. SMFIR_CHGFROM and SMFIR_ADDRCPT_PAR
|
|
|
|
|
require ESMTP command-line parsing in the cleanup server. Unfortunately,
|
|
|
|
|
Sendmail's documentation does not specify what ESMTP options are
|
|
|
|
|
supported, but only discusses examples of things that don't work.
|
|
|
|
|
|
|
|
|
|
Major changes - address verification
|
|
|
|
|
------------------------------------
|
|
|
|
|
|
|
|
|
|
[Incompat 20070514] The default sender address for address verification
|
|
|
|
|
probes was changed from "postmaster" to "double-bounce", so that
|
|
|
|
|
the Postfix SMTP server no longer causes surprising behavior by
|
|
|
|
|
excluding "postmaster" from SMTP server access controls.
|
|
|
|
|
|
|
|
|
|
Major changes - ldap
|
|
|
|
|
--------------------
|
|
|
|
|
|
|
|
|
|
[Incompat 20071216] Due to an incompatible API change between
|
|
|
|
|
OpenLDAP 2.0.11 and 2.0.12, an LDAP client compiled for OpenLDAP
|
|
|
|
|
version <= 2.0.11 will refuse to work with an OpenLDAP library
|
|
|
|
|
version >= 2.0.12 and vice versa.
|
|
|
|
|
|
|
|
|
|
Major changes - logging
|
|
|
|
|
-----------------------
|
|
|
|
|
|
|
|
|
|
[Incompat 20080109] TLS logging output has changed to make it more
|
|
|
|
|
useful. Existing logfile parser regular expressions may need
|
|
|
|
|
adjustment.
|
|
|
|
|
|
|
|
|
|
- More log entries include the "hostnamename[ipaddress]" of the
|
|
|
|
|
remote SMTP peer.
|
|
|
|
|
|
|
|
|
|
- Certificate trust chain error reports show only the first
|
|
|
|
|
error certificate (closest to the trust chain root), and the
|
|
|
|
|
reporting is more human-readable for the most likely errors.
|
|
|
|
|
|
|
|
|
|
- After the completion of the TLS handshake, the session is logged
|
|
|
|
|
with TLS loglevel >= 1 as either "Untrusted", "Trusted" or
|
|
|
|
|
"Verified" (SMTP client only).
|
|
|
|
|
- "Untrusted" means that the certificate trust chain is invalid,
|
|
|
|
|
or that the root CA is not trusted.
|
|
|
|
|
- "Trusted" means that the certificate trust chain is valid, and
|
|
|
|
|
that the root CA is trusted.
|
|
|
|
|
- "Verified" means that the certificate meets the SMTP client's
|
|
|
|
|
matching criteria for the destination:
|
|
|
|
|
- In the case of a destination name match, "Verified" also
|
|
|
|
|
implies "Trusted".
|
|
|
|
|
- In the case of a fingerprint match, CA trust is not applicable.
|
|
|
|
|
|
|
|
|
|
- The logging of protocol states with TLS loglevel >= 2 no longer
|
|
|
|
|
reports bogus error conditions when OpenSSL asks Postfix to refill
|
|
|
|
|
(or flush) network I/O buffers. This loglevel is for debugging
|
|
|
|
|
only; use 0 or 1 in production configurations.
|
|
|
|
|
|
|
|
|
|
[Incompat 20071216] The SMTP "transcript of session" email now
|
|
|
|
|
includes the remote SMTP server TCP port number.
|
|
|
|
|
|
|
|
|
|
Major changes - loop detection
|
|
|
|
|
------------------------------
|
|
|
|
|
|
|
|
|
|
[Incompat 20070422] [Incompat 20070422] When the pipe(8) delivery
|
|
|
|
|
agent is configured to create the optional Delivered-To: header,
|
|
|
|
|
it now first checks if that same header is already present in the
|
|
|
|
|
message. If so, the message is returned as undeliverable. This test
|
|
|
|
|
should have been included with Postfix 2.0 when Delivered-To: support
|
|
|
|
|
was added to the pipe(8) delivery agent.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 8 10:00:12 CET 2008 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- Remove previous fix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Dec 30 19:58:02 CET 2007 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- #301335 - [SuSEconfig]: Postfix module uses stderr
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Dec 4 09:02:19 CET 2007 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- Update to Version 2.4 patchlevel 6
|
|
|
|
|
Bugfix (introduced Postfix 2.2.11): TLS client certificate
|
|
|
|
|
with unparsable canonical name caused the SMTP server's
|
|
|
|
|
policy client to allocate zero-length memory, triggering
|
|
|
|
|
an assertion that it shouldn't do such things. File:
|
|
|
|
|
smtpd/smtpd_check.c.
|
|
|
|
|
|
|
|
|
|
Bugfix (introduced Postfix 2.4) missing initialization of
|
|
|
|
|
event mask in the event_mask_drain() routine (used by the
|
|
|
|
|
obsolete postkick(1) command). Found by Coverity. File:
|
|
|
|
|
util/events.c.
|
|
|
|
|
|
|
|
|
|
Workaround: the flush daemon forces an access time update
|
|
|
|
|
for the per-destination logfile, to prevent an excessive
|
|
|
|
|
rate of delivery attempts when the queue file system is
|
|
|
|
|
mounted with "noatime". File: flush/flush.c.
|
|
|
|
|
|
|
|
|
|
- #330276 – /sbin/conf.d/SuSEconfig.postfix could copy certs into smtpd_tls_CApath
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Oct 22 17:38:19 CEST 2007 - sbrabec@suse.cz
|
|
|
|
|
|
|
|
|
|
- Use correct SuSEfirewall2 rule directory.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Oct 17 11:52:01 CEST 2007 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- #333629 - saslauthd typo in SuSEconfig.postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Oct 8 12:37:39 CEST 2007 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- #331044 - Postfix uses receive_override_options in main.cf
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Sep 9 17:42:27 CEST 2007 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- fix the last fix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 4 00:38:58 CEST 2007 - cthiel@suse.de
|
|
|
|
|
|
|
|
|
|
- fix the last fix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Sep 3 12:37:43 CEST 2007 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- Fixing bug: #297622 - SMTPD_LISTEN_REMOTE has no effect
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Aug 6 00:26:31 CEST 2007 - mrueckert@suse.de
|
|
|
|
|
|
|
|
|
|
- Update to Version 2.4 patchlevel 5
|
|
|
|
|
Bugfix: the loopback TCP performance workaround was ineffective
|
|
|
|
|
due to a wetware bit-flip during code cleanup. File:
|
|
|
|
|
util/vstream_tweak.c.
|
|
|
|
|
|
|
|
|
|
(patch level 4)
|
|
|
|
|
Bugfix: the Milter client assumed that a Milter application
|
|
|
|
|
does not modify the message header or envelope, after that
|
|
|
|
|
same Milter application has modified the message body of
|
|
|
|
|
that same email message. This is not a problem with updates
|
|
|
|
|
by different Milter applications. Problem was triggered
|
|
|
|
|
by Jose-Marcio Martins da Cruz. Also simplified the handling
|
|
|
|
|
of queue file update errors. File: milter/milter8.c.
|
|
|
|
|
|
|
|
|
|
Workaround: some non-Cyrus SASL SMTP servers require SASL
|
|
|
|
|
login without authzid (authoriZation ID), i.e. the client
|
|
|
|
|
must send only the authcid (authentiCation ID) + the authcid's
|
|
|
|
|
password. In this case the server is supposed to derive
|
|
|
|
|
the authzid from the authcid. This works as expected when
|
|
|
|
|
authenticating to a Cyrus SASL SMTP server. To get the old
|
|
|
|
|
behavior specify "send_cyrus_sasl_authzid = yes", in which
|
|
|
|
|
case Postfix sends the (authzid, authcid, password), with
|
|
|
|
|
the authzid equal to the authcid. File: xsasl/xsasl_cyrus_client.c.
|
|
|
|
|
|
|
|
|
|
Portability: /dev/poll support for Solaris chroot jail setup
|
|
|
|
|
scripts. Files: examples/chroot-setup/Solaris8,
|
|
|
|
|
examples/chroot-setup/Solaris10.
|
|
|
|
|
|
|
|
|
|
Cleanup: Milter client error handling, so that the (Postfix
|
|
|
|
|
SMTP server's Milter client) does not get out of sync with
|
|
|
|
|
Milter applications after the (cleanup server's Milter
|
|
|
|
|
client) encounters some non-recoverable problem. Files:
|
|
|
|
|
milter/milter8.c, smtpd/smtpd.c.
|
|
|
|
|
|
|
|
|
|
Performance: workaround for poor TCP performance on loopback
|
|
|
|
|
(127.0.0.1) connections. Problem reported by Mark Martinec.
|
|
|
|
|
Files: util/vstream_tweak.c, milter/milter8.c, smtp/smtp_connect.c,
|
|
|
|
|
smtpstone/*source.c.
|
|
|
|
|
|
|
|
|
|
Bugfix: when a milter replied with ACCEPT at or before the
|
|
|
|
|
first RCPT command, the cleanup server would apply the
|
|
|
|
|
non_smtpd_milters setting as if the message was a local
|
|
|
|
|
submission. Problem reported by Jukka Salmi. Also, the
|
|
|
|
|
cleanup server would get out of sync with the milter when
|
|
|
|
|
a milter replied with ACCEPT at the DATA command. Files:
|
|
|
|
|
cleanup/cleanup_envelope.c, smtpd/smtpd.c, milter/milters.c.
|
|
|
|
|
- rediffed patches
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jul 31 18:21:11 CEST 2007 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- Update to Version 2.4 patchlevel 3
|
|
|
|
|
(patch level 1)
|
|
|
|
|
Bugfix (introduced Postfix 2.3): segfault with HOLD action
|
|
|
|
|
in access/header_checks/body_checks on 64-bit platforms.
|
|
|
|
|
File: cleanup/cleanup_api.c.
|
|
|
|
|
|
|
|
|
|
Portability (introduced 20070325): the fix for hardlinks
|
|
|
|
|
and symlinks in postfix-install forgot to work around shells
|
|
|
|
|
where "IFS=/ command" makes the IFS setting permanent. This
|
|
|
|
|
is allowed by some broken standard, and affects Solaris.
|
|
|
|
|
File: postfix-install.
|
|
|
|
|
|
|
|
|
|
Portability (introduced 20070212): the workaround for
|
|
|
|
|
non-existent library bugs with descriptors >= FD_SETSIZE
|
|
|
|
|
broke with "fcntl F_DUPFD: Invalid argument" on 64-bit
|
|
|
|
|
Solaris. Files: master/multi_server.c, *qmgr/qmgr_transport.c.
|
|
|
|
|
|
|
|
|
|
Cleanup: on (Linux) platforms that cripple signal handlers
|
|
|
|
|
with deadlock, "postfix stop" now forcefully stops all the
|
|
|
|
|
processes in the master's process group, not just the master
|
|
|
|
|
process alone. File: conf/postfix-script.
|
|
|
|
|
|
|
|
|
|
(patch level 2)
|
|
|
|
|
Bugfix: don't falsely report "lost connection from
|
|
|
|
|
localhost[127.0.0.1]" when Postfix is being portscanned.
|
|
|
|
|
Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.
|
|
|
|
|
|
|
|
|
|
Robustness: recommend a "0" process limit for policy servers
|
|
|
|
|
to avoid "connection refused" problems when the smtpd process
|
|
|
|
|
limit exceeds the default process limit. File:
|
|
|
|
|
proto/SMTPD_POLICY_README.html.
|
|
|
|
|
|
|
|
|
|
Safety: when IPv6 (or IPv4) is turned off, don't treat an
|
|
|
|
|
IPv6 (or IPv4) connection from e.g. inetd as if it comes
|
|
|
|
|
from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c,
|
|
|
|
|
qmqpd/qmqpd_peer.c.
|
|
|
|
|
|
|
|
|
|
Bugfix: Content-Transfer-Encoding: attribute values are
|
|
|
|
|
case insensitive. File: src/cleanup/cleanup_message.c.
|
|
|
|
|
|
|
|
|
|
Bugfix: mailbox_transport(_maps) and fallback_transport(_maps)
|
|
|
|
|
were broken when used with the error(8) or discard(8)
|
|
|
|
|
transports. Cause: insufficient documentation. Files:
|
|
|
|
|
error/error.c, discard/discard.c.
|
|
|
|
|
|
|
|
|
|
Bugfix (problem introduced Postfix 2.3): when DSN support
|
|
|
|
|
was introduced it broke "agressive" recipient duplicate
|
|
|
|
|
elimination with "enable_original_recipient = no". File:
|
|
|
|
|
cleanup/cleanup_out_recipient.c.
|
|
|
|
|
|
|
|
|
|
Bugfix (introduced Postfix 2.3): the sendmail/postdrop
|
|
|
|
|
commands would hang when trying to submit a message larger
|
|
|
|
|
than the per-message size limit. File: postdrop/postdrop.c.
|
|
|
|
|
|
|
|
|
|
Sabotage the saboteur who insists on breaking Postfix by
|
|
|
|
|
adding gethostbyname() calls that cause maildir delivery
|
|
|
|
|
to fail when the machine name is not found in /etc/hosts,
|
|
|
|
|
or that cause Postfix processes to hang when the network
|
|
|
|
|
is down.
|
|
|
|
|
|
|
|
|
|
(patch level 3)
|
|
|
|
|
Portability: Victor helpfully pointed out that change
|
|
|
|
|
20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c,
|
|
|
|
|
qmqpd/qmqpd_peer.c.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 21 08:30:45 CEST 2007 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- Bug 285553 amavisd inconsistency
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jun 19 18:55:43 CEST 2007 - dmueller@suse.de
|
|
|
|
|
|
|
|
|
|
- provide smtp meta-service as well
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 11 21:32:53 CEST 2007 - lrupp@suse.de
|
|
|
|
|
|
|
|
|
|
- don't PreRequire /sbin/ip: removed call in SuSEconfig.postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu May 3 12:09:13 CEST 2007 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- dynamic_maps.patch: readded the chunk for dict_tcp and dict_pcre
|
|
|
|
|
- replaced prereq for postfix with a prereq on
|
|
|
|
|
%{name} = %{version}
|
|
|
|
|
- updated to postfix 2.4, patchlevel 0
|
|
|
|
|
Major changes - safety
|
|
|
|
|
* As a safety measure, Postfix now by default creates mailbox dotlock
|
|
|
|
|
files on all systems. This prevents problems with GNU POP3D which
|
|
|
|
|
subverts kernel locking by creating a new mailbox file and deleting
|
|
|
|
|
the old one
|
|
|
|
|
|
|
|
|
|
Major changes - Milter support
|
|
|
|
|
* The support for Milter header modification
|
|
|
|
|
requests was revised. With minimal change in the on-disk representation,
|
|
|
|
|
the code was greatly simplified, and regression tests were updated
|
|
|
|
|
to ensure that old errors were not re-introduced. The queue file
|
|
|
|
|
format is entirely backwards compatible with Postfix 2.3.
|
|
|
|
|
|
|
|
|
|
* Support for Milter requests to replace the message
|
|
|
|
|
body. Postfix now implements all the header/body modification
|
|
|
|
|
requests that are available with Sendmail 8.13.
|
|
|
|
|
|
|
|
|
|
* A new field is added to the queue file "size"
|
|
|
|
|
record that specifies the message content length. Postfix 2.3 and
|
|
|
|
|
older Postfix 2.4 snapshots will ignore this field, and will report
|
|
|
|
|
the message size as it was before the body was replaced.
|
|
|
|
|
|
|
|
|
|
Major changes - TLS support
|
|
|
|
|
* The check_smtpd_policy client sends TLS certificate
|
|
|
|
|
attributes (client ccert_subject, ccert_issuer) only after successful
|
|
|
|
|
client certificate verification. The reason is that the certification
|
|
|
|
|
verification status itself is not available in the policy request.
|
|
|
|
|
|
|
|
|
|
* The check_smtpd_policy client sends TLS certificate
|
|
|
|
|
fingerprint information even when the certificate itself was not
|
|
|
|
|
verified.
|
|
|
|
|
|
|
|
|
|
* The remote SMTP client TLS certificate fingerprint
|
|
|
|
|
can be used for access control even when the certificate itself was
|
|
|
|
|
not verified.
|
|
|
|
|
|
|
|
|
|
* The format of SMTP server TLS session cache
|
|
|
|
|
lookup keys has changed. The lookup key now includes the master.cf
|
|
|
|
|
service name.
|
|
|
|
|
|
|
|
|
|
Major changes - performance
|
|
|
|
|
* Better support for systems that run thousands
|
|
|
|
|
of Postfix processes. Postfix now supports FreeBSD kqueue(2),
|
|
|
|
|
Solaris poll(7d) and Linux epoll(4) as more scalable alternatives
|
|
|
|
|
to the traditional select(2) system call, and uses poll(2) when
|
|
|
|
|
examining a single file descriptor for readability or writability.
|
|
|
|
|
These features are supported on sufficiently recent versions of
|
|
|
|
|
FreeBSD, NetBSD, OpenBSD, Solaris and Linux; support for other
|
|
|
|
|
systems will be added as evidence becomes available that usable
|
|
|
|
|
implementations exist.
|
|
|
|
|
|
|
|
|
|
Major changes - delivery status notifications
|
|
|
|
|
* Small changes were made to the default bounce
|
|
|
|
|
message templates, to prevent HTML-aware software from hiding or
|
|
|
|
|
removing the text "<postmaster>", and producing misleading text.
|
|
|
|
|
|
|
|
|
|
* Postfix no longer announces its name in delivery
|
|
|
|
|
status notifications. Users believe that Wietse provides a free
|
|
|
|
|
help desk service that solves all their email problems.
|
|
|
|
|
|
|
|
|
|
Major changes - ETRN support
|
|
|
|
|
* More precise queue flushing with the ETRN,
|
|
|
|
|
"postqueue -s site", and "sendmail -qRsite" commands, after
|
|
|
|
|
minimization of race conditions. New per-queue-file flushing with
|
|
|
|
|
"postqueue -i queueid" and "sendmail -qIqueueid".
|
|
|
|
|
|
|
|
|
|
Major changes - small office/home office support
|
|
|
|
|
* Postfix no longer requires a domain name. It
|
|
|
|
|
uses "localdomain" as the default Internet domain name when no
|
|
|
|
|
domain is specified via main.cf or via the machine's hostname.
|
|
|
|
|
|
|
|
|
|
Major changes - SMTP access control
|
|
|
|
|
* The check_smtpd_policy client sends TLS certificate
|
|
|
|
|
attributes (client ccert_subject, ccert_issuer) only after successful
|
|
|
|
|
client certificate verification. The reason is that the certification
|
|
|
|
|
verification status itself is not available in the policy request.
|
|
|
|
|
|
|
|
|
|
* The check_smtpd_policy client sends TLS certificate
|
|
|
|
|
fingerprint information even when the certificate itself was not
|
|
|
|
|
verified.
|
|
|
|
|
|
|
|
|
|
* The remote SMTP client TLS certificate fingerprint can be used for
|
|
|
|
|
access control even when the certificate itself was not verified.
|
|
|
|
|
|
|
|
|
|
* The Postfix installation procedure no longer
|
|
|
|
|
updates main.cf with "unknown_local_recipient_reject_code = 450".
|
|
|
|
|
Four years after the introduction of mandatory recipient validation,
|
|
|
|
|
this transitional tool is no longer neeed.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Mar 29 14:33:03 CEST 2007 - rguenther@suse.de
|
|
|
|
|
|
|
|
|
|
- Add pwdutils BuildRequires to allow postinst script to succeed.
|
|
|
|
|
- Add /usr/share/omc directory.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 26 10:32:36 CET 2007 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- #247351 - postfix - Ports for SuSEfirewall added via packages
|
|
|
|
|
|
|
|
|
|
- Move postfix.xml into the postfix-SuSE tarball
|
|
|
|
|
|
|
|
|
|
- #228479 - Postfix is configured for inet_protocols=all if
|
|
|
|
|
selecting ipv4 only support during installation.
|
|
|
|
|
Now we set both inet_protocols and inet_interfaces to all.
|
|
|
|
|
This means the available interfaces and protocols will be used.
|
|
|
|
|
To avoid bogus warnings inet_proto.c was patched.
|
|
|
|
|
|
|
|
|
|
- #251598 - postfix use pointers for literals
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jan 15 13:14:07 CET 2007 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- #144104 - postfix does not start
|
|
|
|
|
|
|
|
|
|
- Implementing Fate #301840: Postfix XML Service Description Document
|
|
|
|
|
|
|
|
|
|
- Enhancing /etc/sysconfig/postfix descripton to avoid problems
|
|
|
|
|
like Bug 228678 - Problems with setting up chroot environment if
|
|
|
|
|
/var/spool is not on same filesystem as /var
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Nov 22 03:03:18 CET 2006 - mrueckert@suse.de
|
|
|
|
|
|
|
|
|
|
- moved the dict handling into a preun script instead of postun
|
|
|
|
|
and do not remove the dict entry on upgrade (#223176)
|
|
|
|
|
- removed duplicates in the filelists.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Nov 10 11:43:00 CET 2006 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- #218229 - Postfix SuSEconfig script increases the max_proc line each run in master.cf
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Oct 28 11:41:50 CEST 2006 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- #206414 - /usr/lib/sasl2/smtpd.conf misplaced
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Oct 24 22:32:45 CEST 2006 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- #202119 – SuSEconfig script for Postfix incomplete
|
|
|
|
|
- #202162 – Postfix 2.3.2 slightly incorrect, Cyrus SASL unavailable
|
|
|
|
|
- #203174 – /sbin/conf.d/SuSEconfig.postfix should configure a TLS session cache for postfix 2.2
|
|
|
|
|
- #203575 – postfix-2.2.9-10 chokes without scache
|
|
|
|
|
- #213589 - No development package/headers for postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Aug 16 01:24:20 CEST 2006 - ro@suse.de
|
|
|
|
|
|
|
|
|
|
- also add libpostfix-milter.so*
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Aug 14 12:34:37 CEST 2006 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- updated to postfix 2.3, patchlevel 2
|
|
|
|
|
- Major changes
|
|
|
|
|
- Name server replies that contain a malformed hostname are now flagged
|
|
|
|
|
as permanent errors instead of transient errors.
|
|
|
|
|
- DSN support as described in RFC 3461 .. RFC 3464.
|
|
|
|
|
- The SMTP client now implements the LMTP protocol.
|
|
|
|
|
- Milter (mail filter) application support, compatible with Sendmail
|
|
|
|
|
version 8.13.6 and earlier.
|
|
|
|
|
- Major changes - SASL authentication
|
|
|
|
|
- Plug-in support for SASL authentication in the SMTP server and in the
|
|
|
|
|
SMTP/LMTP client.
|
|
|
|
|
- The Postfix-with-Cyrus-SASL build procedure has changed.
|
|
|
|
|
- Support for sender-dependent ISP accounts.
|
|
|
|
|
- Major changes - SMTP client
|
|
|
|
|
- The SMTP client now implements the LMTP protocol.
|
|
|
|
|
- This version addresses a performance stability problem with remote
|
|
|
|
|
SMTP servers.
|
|
|
|
|
- Major changes - SMTP server
|
|
|
|
|
- The Postfix SMTP server now refuses to receive mail from the network
|
|
|
|
|
if it isn't running with postfix mail_owner privileges.
|
|
|
|
|
- Optional suppression of remote SMTP client hostname lookup and hostname
|
|
|
|
|
verification.
|
|
|
|
|
- SMTPD Access control based on the existence of an address->name mapping
|
|
|
|
|
- Major changes - TLS
|
|
|
|
|
- New concept: TLS security levels ("none", "may", "encrypt", "verify"
|
|
|
|
|
or "secure") in the Postfix SMTP client.
|
|
|
|
|
- Both the Postfix SMTP client and server can be configured without a
|
|
|
|
|
client or server certificate.
|
|
|
|
|
- See
|
|
|
|
|
/usr/share/doc/packages/postfix/RELEASE_NOTES
|
|
|
|
|
/usr/share/doc/packages/postfix/TLS_CHANGES
|
|
|
|
|
/usr/share/doc/packages/postfix/README_FILES/SASL_README
|
|
|
|
|
for detailed informations.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Aug 2 16:18:30 CEST 2006 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- Only %{conf_backup_dir} is contained by the package not /var/adm/backup
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jul 10 16:21:31 CEST 2006 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix: #190639 Default number of processes for postfix
|
|
|
|
|
- Bugfix: #190270 postfix-postgresql
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jun 2 19:58:38 CEST 2006 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix: #98188 - SuSE.tar.gz filename collision in cyrus/postfix SRPMs
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Apr 24 17:14:40 CEST 2006 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix: #165786 - yast2-mail modul uses obsolate postfix attributes
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 20 10:21:55 CET 2006 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- updated to postfix 2.2, patchlevel 9.
|
|
|
|
|
- Reasons:
|
|
|
|
|
Bugfix: the LMTP client would reuse a session after negative
|
|
|
|
|
reply to the RSET command (which may happen when client and
|
|
|
|
|
server somehow get out of sync).
|
|
|
|
|
Bugfix: race condition in the connection caching protocol,
|
|
|
|
|
causing the SMTP delivery agent to hang after delivering
|
|
|
|
|
mail, while trying to save a connection.
|
|
|
|
|
Bugfix: the best_mx_transport, mailbox_transport and
|
|
|
|
|
fallback_transport features did not write a per-recipient
|
|
|
|
|
defer logfile record when the target delivery agent was
|
|
|
|
|
broken.
|
|
|
|
|
Bugfix: an EHLO I/O error after STARTTLS would be reported
|
|
|
|
|
as a STARTTLS I/O error.
|
|
|
|
|
Bugfix: the *SQL, proxy and LDAP maps were not defined in
|
|
|
|
|
user-land commands such as postqueue.
|
|
|
|
|
Bugfix: the anvil server would terminate after "max_idle"
|
|
|
|
|
seconds, even when this was less than the anvil_rate_time_unit
|
|
|
|
|
interval.
|
|
|
|
|
Portability: 64-bit support for LINUX chroot script by Keith
|
|
|
|
|
Owens.
|
|
|
|
|
Safety: new "smtp_cname_overrides_servername" parameter.
|
|
|
|
|
|
|
|
|
|
Bugfix: mailbox_command_maps was not subject to $name
|
|
|
|
|
expansion.
|
|
|
|
|
Bugfix: don't ignore the per-site policy when SSL library
|
|
|
|
|
initialization fails.
|
|
|
|
|
Bugfix: a TLS per-site MUST_NOPEERMATCH policy could not
|
|
|
|
|
override a stronger main.cf policy, while a per-site NONE
|
|
|
|
|
policy could.
|
|
|
|
|
Bugfix: a combined TLS per-site (host, recipient) policy
|
|
|
|
|
of (NONE, MAY) changed a global MUST policy into NONE, and
|
|
|
|
|
a global MUST_NOPEERMATCH into MAY. The result is now NONE.
|
|
|
|
|
Problem found by exhaustive simulation.
|
|
|
|
|
Bugfix: an empty remote_header_rewrite_domain value caused
|
|
|
|
|
trivial-rewrite to dereference a null pointer, but only in
|
|
|
|
|
regression tests, not in production. Postfix rewrites
|
|
|
|
|
addresses in the remote rewriting context only when the
|
|
|
|
|
remote_header_rewrite_domain parameter value is non-empty.
|
|
|
|
|
Workaround: a malformed domain name lookup result (such as
|
|
|
|
|
null MX record) is now treated as a hard error, so that
|
|
|
|
|
Postfix will no longer repeatedly try to deliver mail until
|
|
|
|
|
the message expires in the queue. However, this will not
|
|
|
|
|
reject mail with reject_unknown_sender/recipient_domain.
|
|
|
|
|
That would require too much change for a stable release.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 27 02:19:42 CET 2006 - mls@suse.de
|
|
|
|
|
|
|
|
|
|
- converted neededforbuild to BuildRequires
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 24 09:11:46 CET 2006 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- Fixing the spec-file
|
|
|
|
|
- Bugfix: ID#143682 - Spurious (obsoleted?) configuration variable in postfix's main.cf
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jan 23 13:00:13 CET 2006 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix: ID#140173 postfix allows relaying on the whole subnet
|
|
|
|
|
- Bugfix: ID#144091 postfix doesn't start with the latest kernel
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 20 11:56:24 CET 2006 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix: ID#144091
|
|
|
|
|
- Postfix makes an entry in slp servre for smtp & smtps
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jan 16 14:49:29 CET 2006 - varkoly@suse.de
|
|
|
|
|
|
|
|
|
|
- removing openldap from "neededforbuild"
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Nov 30 11:11:16 CET 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated to postfix 2.2, patchlevel 6
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Oct 11 15:03:56 CEST 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added patch ldap_api_changes.patch: openldap2.3 enforces to use
|
|
|
|
|
"The C LDAP Application Program Interface"
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Aug 15 13:55:32 CEST 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix Bugzilla ID#104663 - consistent use of variables in postfix
|
|
|
|
|
init-script
|
|
|
|
|
- Bugfix Bugzilla ID#104568 - SuSEconfig.postfix doesnt set $PATH properly to
|
|
|
|
|
find all binaries.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 12 10:25:09 CEST 2005 - mmj@suse.de
|
|
|
|
|
|
|
|
|
|
- Package the /usr/lib/sendmail -> /usr/sbin/sendmail link [#102947]
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jul 26 11:05:29 CEST 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix Bugzilla ID#93884 - package postfix uses -fsigned-char
|
|
|
|
|
Remove -fsigned-char option for ppc and s390 archs
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jul 25 11:52:18 CEST 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated to postfix 2.2, patchlevel 5:
|
|
|
|
|
- Portability: the connection caching code broke on LP64
|
|
|
|
|
systems (inherited from Stevens Network Programming).
|
|
|
|
|
Files: util/unix_send_fd.c, util/unix_recv_fd.c. This code
|
|
|
|
|
is back-ported from the Postfix 2.3 snapshot release.
|
|
|
|
|
- Robustness: the SMTP client now disables connection caching
|
|
|
|
|
when it is unable to communicate with the scache(8) server,
|
|
|
|
|
instead of looping forever and not delivering mail. File:
|
|
|
|
|
global/scache_clnt.c. This code is back-ported from the
|
|
|
|
|
Postfix 2.3 snapshot release.
|
|
|
|
|
- Portability: after sending a socket, the scache(8) server
|
|
|
|
|
now waits for an ACK from the connection cache client before
|
|
|
|
|
closing the socket that it just sent. Files: scache/scache.c,
|
|
|
|
|
global/scache_clnt.c. This code is back-ported from the
|
|
|
|
|
Postfix 2.3 snapshot release.
|
|
|
|
|
- Portability: on LP64 systems, integer expressions are int,
|
|
|
|
|
but sizeof() and pointer difference expressions are larger.
|
|
|
|
|
Point fixes for a few discrepancies with variadic functions
|
|
|
|
|
that expect int (the permanent fix is to change the receiving
|
|
|
|
|
modules, but that results in too much change, and is not
|
|
|
|
|
allowed in the stable release). Files: tls/tls_scache.c,
|
|
|
|
|
util/clean_env.c, util/vstring.h, smtpstone/qmqp-source.c.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jul 18 15:49:16 CEST 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- force to set strict_8bitmime to "no" when POSTFIX_MDA != cyrus,
|
|
|
|
|
because once it is set to "yes", nobody sets it back.
|
|
|
|
|
- only install /etc/pam.d/smtp if suse_version > 920
|
|
|
|
|
- use Prereq instead of Requires for mysql and postgresql subpackages
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jul 13 16:59:14 CEST 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added /etc/pam.d/smtp configuration file
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jul 7 16:44:05 CEST 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Fixed build on x86_64: use -fPIC for libraries and -fPIE for the
|
|
|
|
|
rest
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jul 5 17:57:48 CEST 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- applied dynamic maps patch of LaMont Jones at debian
|
|
|
|
|
- Fix to SuSEconfig.postfix: only touch tlsmgr line in master.cf,
|
|
|
|
|
if it is the new one using unix socket instead of fifo
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 30 17:52:10 CEST 2005 - uli@suse.de
|
|
|
|
|
|
|
|
|
|
- build with -fPIE (not -fpie) to avoid GOT overflow on s390x
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 23 10:22:18 CEST 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated to postfix 2.2, patchlevel 4
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jun 17 17:06:39 CEST 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- fixed build using -pie/-fpie (hopefully)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jun 17 11:04:03 CEST 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Build using -pie
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri May 13 18:24:50 CEST 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- set strict_8bitmime parameter to yes when using cyrus mailbox
|
|
|
|
|
delivery
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 4 15:54:33 CEST 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix ID#66325 - postfix: permissions
|
|
|
|
|
also ship a postfix.paranoid file with the package with all suid and sgid
|
|
|
|
|
bits disabled
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue May 3 16:29:04 CEST 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated to postfix 2.2, patchlevel 3
|
|
|
|
|
- Bugfix ID#75717 - postfix init scripts reports success allthough postfix is
|
|
|
|
|
not running:
|
|
|
|
|
use checkproc again instead of "master -t", as "master -t" seems to be broken
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Apr 21 17:42:04 CEST 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated to postfix 2.2, patchlevel 2
|
|
|
|
|
- Bugfix ID#74712, problems with read-only mounting of $chroot/proc:
|
|
|
|
|
don't mount /var/spool/postfix/proc ro as that results in /proc also mounted
|
|
|
|
|
ro.
|
|
|
|
|
- Bugfix ID#74709, postfix configuration and USE_IPV6 in
|
|
|
|
|
sysconfig/network/config
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Mar 15 17:46:44 CET 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated to postfix 2.2, patchlevel 1
|
|
|
|
|
Postfix 2.2.1 solves four portability problems that surfaced in
|
|
|
|
|
the week since the 2.2.0 release, one harmless bug in the TLS
|
|
|
|
|
session cache cleaning code, and cleans up minor documentation
|
|
|
|
|
problems.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Mar 10 10:18:45 CET 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- 2.2.0 is out
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 7 14:15:08 CET 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to RC2
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Mar 2 15:01:33 CET 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- make it compile with gcc4
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 28 18:03:36 CET 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- RC1 of 2.2 is out
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Feb 18 16:34:07 CET 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- use "usr/sbin/postfix upgrade-configuration" now instead of
|
|
|
|
|
"etc/postfix/post-install upgrade-package"
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 17 19:28:22 CET 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- removed some @ chars (don't know how they slipped in)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 17 13:42:18 CET 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to current pre 2.2 snapshot (2.2-20050216)
|
|
|
|
|
2.2 release could happen next week
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 10 09:08:18 CET 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added patch needed for the Kolab project (this patch is part of the upcoming
|
|
|
|
|
postfix 2-2 release), see
|
|
|
|
|
http://wiki.kolab.org/index.php/Kolab-major-app-patches
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 3 10:00:38 CET 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- s/X-UnitedLinux-Should-Start/Should-Start/
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Feb 2 16:44:34 CET 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added long_header.patch
|
|
|
|
|
long lines piped into postfix sendmail can lead to errors.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Feb 2 08:52:19 CET 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix ID#49307: faster postfix startup: don't use hashed directories if
|
|
|
|
|
possible:
|
|
|
|
|
- added patch empty_hash_queue_names.patch to be able to modify
|
|
|
|
|
hash_queue_names parameter.
|
|
|
|
|
- added check to %post to change hash_queue_names in case of
|
|
|
|
|
/var/spool/postfix residing on a reiserfs partition when doing
|
|
|
|
|
a fresh installation
|
|
|
|
|
- Bugfix ID#50386 - postfix must prereq /sbin/ip (iproute2)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 28 16:29:05 CET 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated tls+ipv6 patchkit to v1.26
|
|
|
|
|
- Bugfix: Incomplete error checking in getaddrinfo() could cause lmtpd to
|
|
|
|
|
crash with debug_peer_list defined. Carsten Hoeger, SuSE. File:
|
|
|
|
|
util/match_ops.c
|
|
|
|
|
- Linux workaround: When mynetworks isn't set, a chrooted process could not
|
|
|
|
|
read the IPv6 address information from /proc. We now invoke own_inet_addr()
|
|
|
|
|
before chrooting, while processing main.cf. [backported from 2.2-nonprod
|
|
|
|
|
snapshot] File: global/mail_params.c
|
|
|
|
|
- Safety: when IPv6 netmask can't be determined, mynetworks is not set and
|
|
|
|
|
mynetworks_style = subnet, assume /128 (host only). Until now, Tru64Unix
|
|
|
|
|
assumed /64 (good for real subnets, but not safe for tunnel ranges etc.).
|
|
|
|
|
File: util/inet_addr_local.c
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Jan 15 20:48:48 CET 2005 - schwab@suse.de
|
|
|
|
|
|
|
|
|
|
- Use <owner>:<group> in permissions file.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 13 16:16:41 CET 2005 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Two fixes to ipv6-patch related bugs:
|
|
|
|
|
- Bugfix Bugzilla ID#49435 - VUL-0: Postfix, permit_mx_backup, IPv6, chroot
|
|
|
|
|
--> Open Relay!
|
|
|
|
|
- Bugfix Bugzilla ID#49695 - SEGV while lmtp delivery
|
|
|
|
|
- mount /proc into chroot jail to be able to access /proc/net/if_inet6
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Nov 24 14:46:16 CET 2004 - schwab@suse.de
|
|
|
|
|
|
|
|
|
|
- Put options first in find command line.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Nov 9 09:20:27 CET 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- setting LC_ALL=POSIX in SuSEconfig.postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 29 18:14:13 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix Bugzilla ID#46462, postfix should switch biff off
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 21 12:48:02 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated to postfix 2.1, patchlevel 5
|
|
|
|
|
(several small bugfixes)
|
|
|
|
|
- updated tls+ipv6 patchkit (there have been some small bugs)
|
|
|
|
|
- use v4 address 127.0.0.1 as amavisd-new local contact address
|
|
|
|
|
as amavisd is not listening on any v6 address
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Sep 20 09:51:25 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- also chmod the .db file resulting of a postmap (related to
|
|
|
|
|
bugfix ID#39045
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 16 13:57:32 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix Bugzilla ID#39045 - tls_per_site table updates in SuSEconfig.postfix
|
|
|
|
|
introduced POSTFIX_MAP_LIST in /etc/sysconfig/postfix where additional
|
|
|
|
|
maps maintained by SuSEconfig.postfix can be added
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 16 10:34:58 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix Bugzilla ID#45252 - rpm calls SuSEconfig.permissions which calls rpm
|
|
|
|
|
-> 3 minute timeout
|
|
|
|
|
Also don't call rpm from SuSEconfig.postfix
|
|
|
|
|
- Speedup: set timestamp of $TMPDIR/main.cf into the past to workaround
|
|
|
|
|
postconf safety which is not neccessary, because we do not touch the main.cf,
|
|
|
|
|
the postfix daemons are using.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Sep 13 11:57:15 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added $time to Required-Start in init-script
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 26 14:15:31 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- do not filter locally delivered mail when USE_AMAVIS=yes
|
|
|
|
|
(don't set content_filter=vscan in main.cf)
|
|
|
|
|
- removed obsolete vscan service definition from master.cf
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 20 12:47:52 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- use "$MASTER_BIN -t" to check whether postfix is already running
|
|
|
|
|
in start section of init-script. That's more reliable then checkproc.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jul 14 17:48:29 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix Bugzilla ID#42995 - SuSEconfig.postfix should ignore
|
|
|
|
|
.swp and other files in /etc/aliases.d
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jul 13 16:22:02 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix Bugzilla ID#42281, openssl ca segfaults:
|
|
|
|
|
added missing [ policy_anything ] configuration
|
|
|
|
|
options to openssl.cnf
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jul 12 14:58:58 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated to postfix 2.1, patchlevel 4
|
|
|
|
|
- updated tls+ipv6 patchkit to v1.25
|
|
|
|
|
- new feature POSTFIX_REGISTER_SLP in /etc/sysconfig/postfix
|
|
|
|
|
to be able to totally disable slptool from being started
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue May 25 12:42:45 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated tls+ipv6 patchkit to v1.24:
|
|
|
|
|
- Bugfix: Prefixlen non-null host portion validation (in CIDR maps for
|
|
|
|
|
example) yielded incorrect results sometimes because signed arithmetic was
|
|
|
|
|
used instad of unsigned.
|
|
|
|
|
- Patch correction: The TLS+IPv6 patch for Postfix 2.1.0 missed the master.cf
|
|
|
|
|
update (used for new installattions). Added it back.
|
|
|
|
|
- as tls and ipv6 patches have not been completely ported to postfix 2.1
|
|
|
|
|
new documentation system, especially the new postconf(5) manpage is
|
|
|
|
|
missing the complete ipv6 and tls related configuration parameters,
|
|
|
|
|
readded the sample-* files from ipv6+tls to %doc/samples
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue May 4 11:24:20 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to postfix 2.1, patchlevel 1:
|
|
|
|
|
- Patch 01 fixes a signal 11 problem in the check_policy_service
|
|
|
|
|
feature when SASL support is compiled in but turned off in the
|
|
|
|
|
SMTP server (smtpd_sasl_auth_enable = no).
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Apr 28 10:46:55 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added now officially released tls patchkit 0.8.18-2.1.0-0.9.7d to
|
|
|
|
|
the source package for the user to be able to build a non-ipv6
|
|
|
|
|
postfix package
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Apr 26 17:46:01 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- official tls+ipv6 v1.23 patchkit released:
|
|
|
|
|
- Patch fixes: Several code fixes to make the patch compile and work
|
|
|
|
|
correctly when compiled without IPv6 support.
|
|
|
|
|
- Bugfix (Solaris only?): address family length was not updated
|
|
|
|
|
which could cause client hostname validation errors. File:
|
|
|
|
|
smtpd/smtpd_peer.c
|
|
|
|
|
- Portability: added support for Darwin 7.3+. This may need some
|
|
|
|
|
further testing.
|
|
|
|
|
- Cleanup: Restructure and redocument interface address retrieval
|
|
|
|
|
functions. (This reduced the number of preprocessor statements
|
|
|
|
|
from 99 to 93 ;) File: util/inet_addr_local.c
|
|
|
|
|
- Cleanup: make several explicit casts to have compilers shut their
|
|
|
|
|
pie holes about uninteresting things.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Apr 23 11:22:35 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to final postfix v2.1
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Apr 21 17:35:26 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix: changed {main,master}.cf backup path in specfile, but not in
|
|
|
|
|
SuSEconfig script
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Apr 21 11:55:43 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to postfix 2.1 RC5
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Apr 19 14:23:19 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to current postfix 2.1 release candidate (RC4)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Apr 7 13:09:09 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix Bugzilla ID#38569, exit SuSEconfig.postfix if
|
|
|
|
|
mktemp fails
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Mar 30 11:13:38 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix Bugzilla ID#37409
|
|
|
|
|
the saslauthd socket is not copied to chroot jail due to
|
|
|
|
|
a wrong test in SuSEconfig.postfix (used -L instead of -S)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 29 20:03:16 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- only add ::1 to inet_interfaces when SMTPD_LISTEN_REMOTE=no
|
|
|
|
|
AND ipv6 is enabled
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 29 11:03:56 CEST 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix Bug ID#37293, SuSEConfig complains POSTFIX_ADD_* parameters are
|
|
|
|
|
unknown (in turkish locale settings)
|
|
|
|
|
added LC_CTYPE=POSIX to SuSEconfig.postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Mar 25 10:54:26 CET 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated to tls+ipv6 version 1.22 (related to Bugzilla ID#35884)
|
|
|
|
|
- Feature: Support "inet_interfaces = IPv4:all" and "inet_interfaces =
|
|
|
|
|
IPv6:all", to restrict postfix to use either IPv4-only or IPv6-only. A more
|
|
|
|
|
complete implementation will be part of a future patch. (Slightly modified)
|
|
|
|
|
patch by Michal Ludvig, SuSE. Files: util/interfaces_to_af.[ch],
|
|
|
|
|
util/inet_addr_local.c, global/own_inet_addr.c,
|
|
|
|
|
global/wildcard_inet_addr.[ch], master/master_ent.ch
|
|
|
|
|
- Bugfix: In Postfix snapshots, a #define was misplaced with the effect that
|
|
|
|
|
IPv6 subnets were not included in auto- generated $mynetworks (i.e.,
|
|
|
|
|
mynetworks not defined in main.cf, when also mynetworks_style=subnet) on
|
|
|
|
|
Linux 2.x systems. File: utils/sys_defs.h
|
|
|
|
|
- now adding ::1 to inet_interfaces when SMTPD_LISTEN_REMOTE=no
|
|
|
|
|
(related to Bugzilla ID#35884)
|
|
|
|
|
- enabled ipv6 again
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Mar 18 12:37:44 CET 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated to most recent snapshot version 2.0.19-20040312:
|
|
|
|
|
Patch 19 fixes two low-priority problems:
|
|
|
|
|
|
|
|
|
|
- When mail is submitted at a high rate with the Postfix sendmail
|
|
|
|
|
command, the pickup daemon is keps busy long enough that it it
|
|
|
|
|
terminated by the watchdog timer (a feature that prevents Postfix
|
|
|
|
|
from locking up permanently).
|
|
|
|
|
|
|
|
|
|
- Malformed addresses in SMTP commands could result in table looks
|
|
|
|
|
with zero-length search strings, causing trouble with NIS lookups.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Mar 17 16:51:00 CET 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- disable IPv6 patch as it introduces problems for people
|
|
|
|
|
who do not use IPv6, see Bugzilla ID#35884,
|
|
|
|
|
"ipv6 mynetworks don't work"
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 8 15:58:35 CET 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- be a nice packager and strictly follow
|
|
|
|
|
http://www.porcupine.org/postfix-mirror/newdoc/PACKAGE_README.html
|
|
|
|
|
(added setgid_group=... to post-install upgrade-package)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Feb 27 11:37:56 CET 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to most recent version 2.0.18-20040209
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 23 15:25:20 CET 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix Bugzilla ID#34817, SuSEconfig.postfix doesn't specify direct path to
|
|
|
|
|
"postconf" and generates errors if run via sudo by a non-root user.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Feb 6 13:15:49 CET 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to postfix 2.0.18-20040205
|
|
|
|
|
- enabled tls+ipv6 patch as it is now available for latest
|
|
|
|
|
pre 2.1 snapshot
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 2 13:22:54 CET 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- finally, the official TLS patchkit of Lutz hit the ground
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 2 11:02:16 CET 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- additional fix for the TLS extensions patch
|
|
|
|
|
should also fix Bugzilla ID#34218
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 23 12:15:00 CET 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- fixed the smtp segfault
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 22 21:37:51 CET 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated to postfix 2.0.18-20040122
|
|
|
|
|
- added new feature for specfile usetls to en/dis-able TLS
|
|
|
|
|
support
|
|
|
|
|
- temporary removed TLS support (self adapted patch to most recent
|
|
|
|
|
postfix snapshot version) as it currently results in smtp segfaulting
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 22 13:53:44 CET 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to recent postfix snapshot version 2.0.17-20040120
|
|
|
|
|
which will become the next official release 2.1 around
|
|
|
|
|
next week according to Wietse Venema.
|
|
|
|
|
- added possibility to compile using the combined IPV6/TLS patch
|
|
|
|
|
which can be downloaded from http://www.ipnet6.org/postfix/
|
|
|
|
|
just set useipv6 to 1 at the top of the specfile.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 22 01:45:58 CET 2004 - ro@suse.de
|
|
|
|
|
|
|
|
|
|
- remove call to ldap_enable_cache
|
|
|
|
|
(function has been removed from openldap and was already
|
|
|
|
|
obsolete before (warning was issued back then))
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jan 14 16:38:06 CET 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added openslp register/derigister calls to postfix init-script
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jan 12 15:50:35 CET 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- add postfix user to group mail in case of POSTFIX_MDA==cyrus
|
|
|
|
|
to let postfix lmtp access /var/lib/imap/socket/lmtp
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 8 16:00:30 CET 2004 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix Bugzilla ID#33421, SMTP-Auth and relaying
|
|
|
|
|
added permit_sasl_authenticated also to smtpd_recipient_restrictions
|
|
|
|
|
in SuSEconfig.postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Dec 1 14:51:06 CET 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- always create temp files and always remove them later on
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Nov 17 12:51:09 CET 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- some .spec improvements
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Oct 30 12:13:51 CET 2003 - mmj@suse.de
|
|
|
|
|
|
|
|
|
|
- Run SuSEconfig after install
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Oct 29 20:23:44 CET 2003 - mmj@suse.de
|
|
|
|
|
|
|
|
|
|
- Don't build as root
|
|
|
|
|
- Be nice and clean up after ourselves
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Oct 14 15:47:52 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to postfix v2.0.16
|
|
|
|
|
- update to tls extensions v0.8.16
|
|
|
|
|
- Fix for Bugzilla ID#32114, fixed some if condition syntaxes
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 16 10:29:25 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- fixed example for POSTFIX_RELAYHOST, Bug ID#30756
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Sep 8 09:49:49 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated some sysconfig descriptions
|
|
|
|
|
- removed relays.osirosoft.com from the examples, Bug ID#30215
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 4 15:40:25 CEST 2003 - kukuk@suse.de
|
|
|
|
|
|
|
|
|
|
- Fix next useradd call
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 3 11:31:54 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- conf/postfix-files as input for /etc/permissions.d/postfix (Bug ID#29915)
|
|
|
|
|
- generate better amavisd-new master.cf line:
|
|
|
|
|
limit maxproc to 2 and use brackets around localhost
|
|
|
|
|
(Bug ID#29917)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Sep 1 13:08:33 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- use conf/postfix-files as input for directories and permissions
|
|
|
|
|
for files/directories in/below $queue_directory and $command_directory
|
|
|
|
|
- use /var/lib/imap/socket/lmtp as lmtp socket in SuSEconfig.postfix
|
|
|
|
|
and change access modes of /var/lib/imap and /var/lib/imap/socket
|
|
|
|
|
to let postfix lmtp access the unix socket
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 29 11:43:53 CEST 2003 - kukuk@suse.de
|
|
|
|
|
|
|
|
|
|
- Create postfix user as system account [Bug #29611]
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 29 08:48:52 CEST 2003 - kukuk@suse.de
|
|
|
|
|
|
|
|
|
|
- Adjust sendmail permissions
|
|
|
|
|
- Create /var/spool/postfix/public with permissions postfix is
|
|
|
|
|
using
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 29 00:27:03 CEST 2003 - mmj@suse.de
|
|
|
|
|
|
|
|
|
|
- Add sendmail to /etc/sysconfig/mail
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 14 18:41:19 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to Postfix 2.0 Patch 14
|
|
|
|
|
- Bugfix Bugzilla ID#28921:
|
|
|
|
|
missing activation metadata in sysconfig template
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jul 30 11:48:21 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- new macros for stop/restart of services on rpm update/removal
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jul 21 13:33:53 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- chown user:group instead of user.group
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jul 11 11:23:05 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to tls extensions 0.8.15-2.0.13-0.9.7b
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jul 1 15:44:05 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated SuSEconfig to use amavisd-new instead of amavis[d]-postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 30 17:43:20 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to Postfix 2.0 Patch 13
|
|
|
|
|
- After "postfix reload", the master daemon now warns when the
|
|
|
|
|
inet_interfaces parameter setting has changed, and ignores the
|
|
|
|
|
change, instead of passing incorrect information to the smtp
|
|
|
|
|
server.
|
|
|
|
|
- After the postdrop command change with Postfix 2.0.11, the postcat
|
|
|
|
|
command no longer recognized "maildrop" queue files as valid.
|
|
|
|
|
- Mail could bounce when two messages were delivered simultaneously
|
|
|
|
|
to a non-existent mailbox file. The safe_open() code that prevents
|
|
|
|
|
race condition exploits will now try a little harder when it
|
|
|
|
|
actually encounters a race condition.
|
|
|
|
|
- update to tls extensions 0.8.14-2.0.12-0.9.7b
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 12 13:27:48 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- also change path to smtpd.conf in sysconfig template parameter
|
|
|
|
|
description dependent on what %{_lib} is set to.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 12 09:51:33 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to postfix 2.0, patchlevel 12
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 11 17:55:21 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- mkdir -p $RPM_BUILD_ROOT/%{_libdir}/sasl2 instead of
|
|
|
|
|
$RPM_BUILD_ROOT/usr/lib/sasl2
|
|
|
|
|
and we also can build on 64bit archs
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 11 14:25:29 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- package /usr/lib/sasl2/smtpd.conf using %{_libdir}/sasl2/smtpd.conf
|
|
|
|
|
- added /etc/postfix to filelist
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 11 09:11:11 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to postfix 2.0, patchlevel 11
|
|
|
|
|
- update to tls extensions 0.8.13-2.0.10-0.9.7b
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri May 23 14:33:01 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated SuSE/master.cf toplevel comments
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri May 23 14:19:43 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to postfix 2.0, patchlevel 10
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon May 19 12:42:36 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- remove installed (but unpackaged) file /etc/postfix/aliases
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon May 19 10:12:52 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- path to ca, certificate and key is relative to $POSTFIX_SSL_PATH,
|
|
|
|
|
added $POSTFIX_SSL_PATH/ to the relevant parts of SuSEconfig.postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 14 11:29:48 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- correctly handle new POSTFIX_SMTP_TLS_CLIENT parameter in
|
|
|
|
|
SuSEconfig.postfix (activate/deactivate master.cf entries)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 14 11:05:36 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added libxcrypt to chroot jail, Bugzilla ID#25766
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue May 13 20:40:00 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added TLS_CLIENT support, Bugzilla ID#26647
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Apr 23 13:43:02 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to postfix 2.0, patchlevel 9
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Apr 15 10:27:13 CEST 2003 - ro@suse.de
|
|
|
|
|
|
|
|
|
|
- fixed neededforbuild
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Apr 7 12:58:01 CEST 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to postfix 2.0, patchlevel 7
|
|
|
|
|
- update to tls extensions 0.8.13-2.0.6-0.9.7a
|
|
|
|
|
- Bugfix Bugzilla ID#25905, do not restrict mailbox size per default
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Mar 8 15:56:26 CET 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- use checkproc to check if there really is a postfix master
|
|
|
|
|
process running when there's a pid file lying around.
|
|
|
|
|
(Bugzilla ID#24910)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Mar 6 11:02:12 CET 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to Postfix 2.0 Patch 06
|
|
|
|
|
- Postfix now truncates non-address information in message address
|
|
|
|
|
headers (comments, etc.) to 250 characters per address. This should
|
|
|
|
|
rarely present a problem. Reportedly, junk mail from poorly written
|
|
|
|
|
software can trigger the protection, but that is no great loss.
|
|
|
|
|
- Some little fixes to documentation.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Mar 4 10:29:31 CET 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to Postfix 2.0 Patch 05
|
|
|
|
|
- The SMTP server's hard and soft error limits were off by one.
|
|
|
|
|
With "smtpd_hard_error_limit = 1", Postfix will now disconnect
|
|
|
|
|
after the first error, instead of the second one.
|
|
|
|
|
- The proxymap server could deadlock when the mydestination parameter
|
|
|
|
|
setting included a proxymapped lookup table.
|
|
|
|
|
- Some little fixes to documentation.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Mar 1 16:41:10 CET 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- when updating postfix, check whether post-install changed
|
|
|
|
|
main/master.cf and update md5sums to not confuse SuSEconfig
|
|
|
|
|
- when installing postfix on a fresh system, create md5sums
|
|
|
|
|
in %post to be able to let check_md5_and_move() detect
|
|
|
|
|
changes that a user might have done without running SuSEconfig
|
|
|
|
|
before.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 27 19:01:32 CET 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- no longer remove md5sums of main.cf and master.cf during
|
|
|
|
|
postinstall, as SuSEconfig then no longer knows, whether
|
|
|
|
|
main.cf/master.cf had been modified by the user.
|
|
|
|
|
Disadvantage: as postfix permanently needs basic changes
|
|
|
|
|
to both main and master.cf, SuSEconfig.postfix will frequently
|
|
|
|
|
generate .SuSEconfig files although the user did not change anything
|
|
|
|
|
Bugzilla ID#24432
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Feb 21 10:04:48 CET 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to Postfix 2.0 Patch 04
|
|
|
|
|
- The format of maildir filenames is synchronized with the present
|
|
|
|
|
version of the maildir definition document. This format was already
|
|
|
|
|
adopted by the 20030126 snapshot release.
|
|
|
|
|
- The time limit on delivery to external commands was not enforced.
|
|
|
|
|
This was broken probably some time before the first public Postfix
|
|
|
|
|
release.
|
|
|
|
|
- Duplicate elimination after virtual alias expansion works again.
|
|
|
|
|
This was broken with the introduction of the original recipient
|
|
|
|
|
attribute.
|
|
|
|
|
- The local pickup daemon dropped incomplete records from local
|
|
|
|
|
submissions. This was broken somewhere in the middle of 2002.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Feb 15 14:59:54 CET 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix Bugzilla ID#23675: new service proxymap will not be
|
|
|
|
|
appended during update
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 10 16:25:39 CET 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- also check whether amavisd-postfix is installed and set up
|
|
|
|
|
filter section in master.cf
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 30 11:43:03 CET 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to Postfix 2.0 Patch 03
|
|
|
|
|
- Postfix 2.0 broke relocated table lookup results with mail not
|
|
|
|
|
rejected at the SMTP port, causing "User has moved to" text to be
|
|
|
|
|
deleted.
|
|
|
|
|
- A widely used maildir filename generating algorithm was broken.
|
|
|
|
|
This affects all Postfix versions with maildir support. Instead of
|
|
|
|
|
TIME.PID_COUNT.HOST Postfix now uses TIME.DEVICE_INODE.HOST.
|
|
|
|
|
- Postfix 2.0 gave incorrect FILTER_README instructions for sites
|
|
|
|
|
that wish to disable virtual alias mapping before the content
|
|
|
|
|
filter.
|
|
|
|
|
- postfix-lib64.patch code now integrated in postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 24 11:52:17 CET 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- changed SuSEconfig.postfix and smtpd.conf to use sasl2
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 23 13:07:17 CET 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- forgot to add tlsmgr to master.cf
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 23 11:43:24 CET 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Hmmm, just noticed, that suddenly 2.0.0.x became 2.0.x
|
|
|
|
|
must have missed something...
|
|
|
|
|
- updated SuSE/master.cf (new proxymap service)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 16 10:21:27 CET 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added POSTFIX_ADD_MESSAGE_SIZE_LIMIT as example to sysconfig.postfix
|
|
|
|
|
(Bugzilla ID#22907)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 14 12:51:56 CET 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- build using sasl2
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 10 13:24:43 CET 2003 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to postfix v2 (version 2.0.0.2)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Dec 11 11:44:51 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added sysconfig metadata to sysconfig templates
|
|
|
|
|
- updated to new tls extensions
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Nov 29 13:16:42 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix Bugzilla ID#21865: don't copy directories into
|
|
|
|
|
directories when updating chroot jail in cpifnewer()
|
|
|
|
|
- Update to version 1.11, pl12
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Nov 19 14:29:36 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- new SuSEconfig.postfix features:
|
|
|
|
|
. SMTP-AUTH server
|
|
|
|
|
. SMTP-AUTH client
|
|
|
|
|
. TLS Server
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Nov 5 15:08:43 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- quote args of tr command
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Nov 4 13:52:51 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- new feature: POSTFIX_ADD_* command in sysconfig/postfix to
|
|
|
|
|
be able to add any regular postfix command via SuSEconfig
|
|
|
|
|
- Bugfix Bugzilla ID#21120 added POSTFIX_ADD_MAILBOX_SIZE_LIMIT
|
|
|
|
|
as example with value 0 (unlimited)
|
|
|
|
|
- added a header to main.cf explaining that many postfix
|
|
|
|
|
parameters have been added to the end of main.cf
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Oct 15 11:27:46 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix for Bugzilla ID#20754
|
|
|
|
|
missed some parameters when restoring main.cf or master.cf
|
|
|
|
|
from scratch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Oct 9 20:34:03 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- NULLCLIENT did not work because SuSEconfig searches for the wrong
|
|
|
|
|
keyword
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Oct 7 17:47:56 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix related to Bugzilla IDs 20506, 18298, 19294:
|
|
|
|
|
masquerade_classes should not be extended by envelope_recipient
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Sep 6 17:04:57 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added ypbind to X-UnitedLinux-Should-Start in init-script
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Aug 28 11:37:38 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added restoration mechanism to restore master.cf and/or main.cf
|
|
|
|
|
if they got deleted by (intention or) accident to SuSEconfig.postfix
|
|
|
|
|
- added ldap to X-UnitedLinux-Should-Start
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Aug 26 11:11:26 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix Bugzilla ID#18298: when setting FROM_HEADER, also unqualified
|
|
|
|
|
envelope recipients should be qualified to FROM_HEADER, not to
|
|
|
|
|
myorigin, added envelope_recipient to masquerade_classes
|
|
|
|
|
- Bugfix Bugzilla ID#18297: %post touches main.cf and master.cf so it
|
|
|
|
|
may happen, that an update leaves .SuSEconfig files.
|
|
|
|
|
Remove /var/adm/SuSEconfig/md5/etc/postfix/main.cf and master.cf
|
|
|
|
|
in %post
|
|
|
|
|
- Bugfix Bugzilla ID#18301: sendmail and postfix have different
|
|
|
|
|
opinions on the usage of NULLCLIENT. Moved NULLCLIENT to
|
|
|
|
|
sysconfig.postfix.POSTFIX_NULLCLIENT
|
|
|
|
|
- added exim to Conflicts
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 22 09:47:51 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- wait for qmgr in the background for a maximum of 60 seconds
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Aug 21 17:07:39 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix for init-script:
|
|
|
|
|
wait for qmgr to be ready before calling postfix flush
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Aug 14 15:59:04 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added accidently removed line in master.cf for amavis,
|
|
|
|
|
Bugzilla ID#17732
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Aug 13 10:08:47 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- exclude .rpmsave and .rpmorig from /etc/aliases.d expansion
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Aug 7 11:55:55 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added netcfg to Prereq (/etc/aliases)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Aug 6 11:28:56 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added pcre openldap2-client to prereq (Bugzilla ID#17447)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Aug 5 16:38:49 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- completed Prereq
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jul 19 16:49:57 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix for the handling of POSTFIX_MASQUERADE_DOMAIN
|
|
|
|
|
and FROM_HEADER
|
|
|
|
|
- removed main.cf from SuSE.tar.gz
|
|
|
|
|
- added X-UnitedLinux-Should-Start: cyrus to init-script
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jul 18 13:57:44 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- set local as default MDA again
|
|
|
|
|
reason: postfix does not execute any external programs like procmail
|
|
|
|
|
with uid 0, so root mails will go to /var/mail/nobody, which
|
|
|
|
|
will confuse people
|
|
|
|
|
- remove setting of SUSE_RELEASE version in the (E)SMTP banner
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jul 12 11:08:03 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- removed /etc/aliases from filelist, it's now in netcfg
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jul 11 14:16:25 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- removed 'q' flag from vscan transport definition, because
|
|
|
|
|
current amavis versions have a rfc2821_mailbox_addr function
|
|
|
|
|
- remove old aliases.db files in %post
|
|
|
|
|
- do not use unset in %post
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jul 8 15:14:00 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- make procmail the default MDA
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jul 5 17:11:03 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- use %{_lib} macro to detect platforms with lib64
|
|
|
|
|
directories
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jul 5 16:34:38 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- make chroot jail function lib64 aware
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jul 4 13:53:40 CEST 2002 - uli@suse.de
|
|
|
|
|
|
|
|
|
|
- fixed libnsl detection on lib64 systems
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jul 4 10:34:26 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- ldap_url_search_st is no longer available in OpenLDAP v2.1
|
|
|
|
|
added a patch, that uses ldap_url_parse
|
|
|
|
|
- added new feature POSTFIX_MDA, Bugzilla ID#16720
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jun 7 13:34:09 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- changed POSTFIX_BASIC_SPAM_PREVENTION. It can now be set to
|
|
|
|
|
either off(default), medium or hard
|
|
|
|
|
- cleaned up SuSEconfig.postfix
|
|
|
|
|
- prepared for /etc/aliases.d
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 5 18:09:16 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- new FEATURES: POSTFIX_RBL_HOSTS, POSTFIX_BASIC_SPAM_PREVENTION,
|
|
|
|
|
Bugzilla ID#16383
|
|
|
|
|
- moved sample-*.cf files to %{_docdir}/postfix/samples
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 5 11:14:29 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to patchlevel 11, version 1.1.11
|
|
|
|
|
- new FEATURE: POSTFIX_UPDATE_MAPS
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri May 24 13:39:05 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to patchlevel 10, version 1.1.10
|
|
|
|
|
- create required users and groups in %pre install
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Apr 25 16:55:58 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- removed provides of my own packagename...
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Apr 19 13:25:32 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix for README.SuSE: POSTFIX_CREATECF is now
|
|
|
|
|
MAIL_CREATE_CONFIG
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Apr 4 11:36:52 CEST 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to patchlevel 7, version 1.1.7
|
|
|
|
|
- introduced new feature POSTFIX_LAPTOP
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Mar 26 15:21:18 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to patchlevel 5, version 1.1.5
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Mar 12 15:28:24 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix: don't check whether POSTFIX_MASQUERADE_DOMAIN is empty
|
|
|
|
|
or not, because else we won't be able to clear it.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 28 10:21:36 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added flags=q to amavis transport definition (link@suse.de):
|
|
|
|
|
[...]
|
|
|
|
|
If your postfix is older than snapshot 20010610, leave out the
|
|
|
|
|
"flags=q" part. However, amavis will not function properly with
|
|
|
|
|
envelope adresses that contain whitespace in the local-part.
|
|
|
|
|
This is quite rare, but has been observed a few times.
|
|
|
|
|
[...]
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 25 13:58:05 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 1.1.4 (1.1, patchlevel 4)
|
|
|
|
|
Bugfix (excerpt from HISTORY):
|
|
|
|
|
..................................................................
|
|
|
|
|
off-by-one error, causing a null byte to be
|
|
|
|
|
written outside dynamically allocated memory in
|
|
|
|
|
the queue manager with addresses of exactly 100
|
|
|
|
|
bytes long, resulting in SIGSEGV on systems with
|
|
|
|
|
an "exact fit" malloc routine.
|
|
|
|
|
..................................................................
|
|
|
|
|
- added new option SMTPD_LISTEN_REMOTE to /etc/sysconfig/mail
|
|
|
|
|
which has been introduced by the SuSE dist-team (excerpt):
|
|
|
|
|
..................................................................
|
|
|
|
|
sendmail does have an option to listen only on the local port,
|
|
|
|
|
this should be the default.
|
|
|
|
|
A flag "SMTPD_LISTEN_REMOTE" in /etc/sysconfig/mail will be used
|
|
|
|
|
to decide if port 25 should be opened externally.
|
|
|
|
|
The sendmail package will send a mail to root explaining this
|
|
|
|
|
fact. sendmail updates will copy the value of START_SMTPD to this
|
|
|
|
|
new flag.
|
|
|
|
|
..................................................................
|
|
|
|
|
As this is a totally different behaviour compared to old releases,
|
|
|
|
|
SMTPD_LISTEN_REMOTE will be set to "yes", if POSTFIX_CREATECF
|
|
|
|
|
(now MAIL_CREATE_CONFIG) had been set to "yes" before the update.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 21 12:39:55 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- fillup workaround
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 21 11:23:52 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- hostname handling is still annoying
|
|
|
|
|
added some piece of code to SuSEconfig.postfix to
|
|
|
|
|
get a valid hostname
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 18 16:03:40 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- %postinst cleanup:
|
|
|
|
|
. use rename_sysconfig_variable macro
|
|
|
|
|
. use remove_and_set macro
|
|
|
|
|
instead of directly calling fillup
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Feb 13 17:27:37 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- FQHOSTNAME has been removed from /etc/sysconfig/network/config
|
|
|
|
|
and is now set in /etc/HOSTNAME, which wasn't FQ in the past.
|
|
|
|
|
*Please, don't change it again*
|
|
|
|
|
- if POSTFIX_LOCALDOMAINS is set, do not append
|
|
|
|
|
"$myhostname, localhost.$mydomain" anymore
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Feb 12 16:31:14 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Also take care of the localhost:10025 mailer definition when
|
|
|
|
|
setting up chroot options
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 11 09:27:47 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Do not set myorigin to FROM_HEADER
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 7 10:10:55 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix(SuSEconfig.postfix): typo in path to /etc/sysconfig/amavis
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 4 11:25:51 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- SuSEconfig.postfix enhancement: get hostname from hostname -f
|
|
|
|
|
Bugfix: get FQHOSTNAME from /etc/sysconfig/network/config
|
|
|
|
|
- added -y to fillup_and_insserv to create startlinks
|
|
|
|
|
after installation
|
|
|
|
|
- changed company name to SuSE Linux AG in copyright headers
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 4 09:44:45 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to postfix 1.1.3 and tls extensions 0.8.3
|
|
|
|
|
minor bugfixes
|
|
|
|
|
http://groups.yahoo.com/group/postfix-users/message/52953
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Feb 1 20:37:27 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix: Forgot to assign a name to TMPDIR in SuSEconfig.postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Feb 1 11:43:17 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added resolve_local_panic.patch
|
|
|
|
|
http://groups.yahoo.com/group/postfix-users/message/52746
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jan 30 15:44:10 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update of tls extensions to 0.8.2
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jan 28 15:00:07 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 1.1.2
|
|
|
|
|
- sysconfig.mail changes
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 22 12:08:43 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- renamed cleanup.fillup to sysconfig.postfix.cleanup
|
|
|
|
|
- added postqueue patch, see
|
|
|
|
|
http://groups.yahoo.com/group/postfix-users/message/51611
|
|
|
|
|
for more details
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jan 21 14:56:39 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to official release version 1.1.0
|
|
|
|
|
- moved some stuff to /etc/sysconfig/mail
|
|
|
|
|
- cleaned up /etc/rc.config access
|
|
|
|
|
- added some safety checks to SuSEconfig.postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jan 16 16:58:53 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 20020115 (release candidate for Postfix
|
|
|
|
|
official release version 1.1)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 15 16:20:13 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- some improvements to SuSEconfig.postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 11 17:52:25 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated to version 20020107
|
|
|
|
|
- added postinstall section to update from previous versions
|
|
|
|
|
of postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 8 20:11:07 CET 2002 - egmont@suselinux.hu
|
|
|
|
|
|
|
|
|
|
- Changed /sbin/init.d to /etc/init.d in init script comment
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jan 7 15:01:16 CET 2002 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added sender_canonical_maps to SuSEconfig.postfix to let
|
|
|
|
|
the new YaST2 module setup this map similar to sendmails
|
|
|
|
|
genericstable
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 3 13:51:45 CET 2002 - kukuk@suse.de
|
|
|
|
|
|
|
|
|
|
- SuSEconfig.postfix shell script is no config file [Bug #12712]
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Dec 19 15:26:20 CET 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Made initscript more LSB compliant (status codes)
|
|
|
|
|
- Bugfix for Bugzilla ID#12672 (improve explanation
|
|
|
|
|
of POSTFIX_LOCALDOMAINS)
|
|
|
|
|
- robustness enhancement for SuSEconfig.postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Dec 14 15:42:31 CET 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- typo in specfile (master.cf installed as main.cf)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Dec 13 11:25:44 CET 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 20011210
|
|
|
|
|
- some changes to SuSEconfig.postfix:
|
|
|
|
|
. added POSTFIX_UPDATE_CHROOT_JAIL variable, see README.SuSE
|
|
|
|
|
. some cleanups for chroot jail
|
|
|
|
|
. little bugfixes
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Dec 13 01:16:57 CET 2001 - ro@suse.de
|
|
|
|
|
|
|
|
|
|
- moved rc.config.d -> sysconfig
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Nov 28 18:36:10 CET 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 20011127
|
|
|
|
|
- some changes to SuSEconfig.postfix:
|
|
|
|
|
. added more robustness (Jehova)
|
|
|
|
|
. do not chown -R postfix to /var/spool/postfix
|
|
|
|
|
. query for package cyrus-sasl instead of sasl
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Nov 20 16:13:00 CET 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 20011115
|
|
|
|
|
Bugfix for a memory exhaustion bug in smtpd
|
|
|
|
|
see http://groups.yahoo.com/group/postfix-users/message/46597
|
|
|
|
|
- remove START_ variable
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Nov 9 14:54:24 CET 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- some changes to specfile (thanks to Simon J Mudd from whom
|
|
|
|
|
I copied some code)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Nov 6 15:19:18 CET 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- fix some SuSEconfig.postfix bugs:
|
|
|
|
|
. master.cf chroot column can also contain '-'
|
|
|
|
|
. don't do anything if POSTFIX_CREATECF != yes
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Oct 26 13:11:17 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to most recent snapshot version 20011008
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Oct 25 14:36:47 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to pl05
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Oct 19 12:53:44 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix, Bugzilla ID#11914
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Sep 26 09:33:34 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- ALWAYS create master.cf, even is POSTFIX_CREATECF is set
|
|
|
|
|
to no, because else chroot mode may not work, Bugzilla ID#11359
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 13 14:34:06 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- removed an obsolete echo in start section of init-script
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 6 13:48:29 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix in init-script: redirect output of postfix start
|
|
|
|
|
to dev/null and do not use startproc to start postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 4 18:09:43 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to tls-extensions v0.7.9
|
|
|
|
|
see http://groups.yahoo.com/group/postfix-users/message/41094
|
|
|
|
|
for details
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 31 13:54:02 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update of tls-extensions to 0.7.8
|
|
|
|
|
- update of postfix to pl04
|
|
|
|
|
- Bugfix: - check if postfix spool is set up before starting postfix
|
|
|
|
|
- start postfix with postfix start, because postfix-script
|
|
|
|
|
wouldn't be executed, else.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jul 10 14:34:17 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update of tls-extensions to 0.7.3
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 28 13:06:47 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- bugfix: remove libs from chroot jail, that are no longer
|
|
|
|
|
valid, Bugzilla ID#9133
|
|
|
|
|
- bugfix: init script was not LSB compliant, Bugzilla ID#9063
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jun 15 09:44:49 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added cyrus to require start in init-script
|
|
|
|
|
- "bugfix": bootstrap problem cyrus-imapd <-> postfix:
|
|
|
|
|
cyrus-imapd must run before postfix, but fails to create
|
|
|
|
|
lmtp socket, because /var/spool/postfix/public directory
|
|
|
|
|
isn't present. FIX: add it to filelist
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 13 15:08:33 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- install postrop with special SGID modes
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jun 12 13:29:36 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- improved SuSEconfig.postfix
|
|
|
|
|
- better main.cf handling
|
|
|
|
|
- new feature: chroot or not chroot
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon May 28 09:36:49 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- major bugfix: memory leak in the LDAP client module
|
|
|
|
|
- minor bugfixes
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 9 20:15:27 CEST 2001 - mfabian@suse.de
|
|
|
|
|
|
|
|
|
|
- bzip2 sources
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 2 09:44:29 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- updated to pl02, bugfixrelease
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Apr 30 11:41:35 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix for SuSEconfig.postfix:
|
|
|
|
|
Handling of TIMEZONE variable if set to unappropriate or no
|
|
|
|
|
value
|
|
|
|
|
- Improvement: Warnings are printed out in bold
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Apr 17 16:28:41 CEST 2001 - kukuk@suse.de
|
|
|
|
|
|
|
|
|
|
- Don't use a RPM macro for version number
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Mar 30 10:08:15 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to pl01, bugfixrelease
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Mar 27 13:16:45 CEST 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- added libcrack to chroot jail, because
|
|
|
|
|
it is needed by pam_pwcheck
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Mar 15 01:08:35 CET 2001 - ro@suse.de
|
|
|
|
|
|
|
|
|
|
- fixed neededforbuild for openldap
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 5 11:49:48 CET 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- first non-beta of the next postfix generation
|
|
|
|
|
- v20010228
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Feb 27 11:22:24 CET 2001 - ro@suse.de
|
|
|
|
|
|
|
|
|
|
- added cyrus-sasl-devel to neededforbuild
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Feb 27 09:51:56 CET 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- new version, 20010225
|
|
|
|
|
- removed notification message
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Feb 20 14:16:30 CET 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- bugfix: wrong permissions for maildrop directory
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jan 31 10:53:04 CET 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 20010128
|
|
|
|
|
- now linked against ldaplib2
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 5 14:25:11 CET 2001 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- bugfix: maildrop must be owned by postfix.root
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Dec 18 14:47:53 CET 2000 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 20001212
|
|
|
|
|
- bugfix: insserv
|
|
|
|
|
- bugfix: missed openssl in neededforbuilt
|
|
|
|
|
- renamed to postfix, because a non-crypto version
|
|
|
|
|
is no longer needed
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Dec 13 15:52:43 CET 2000 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfix: postfix-script was not executable
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Dec 12 15:13:40 CET 2000 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- Bugfixes:
|
|
|
|
|
Provides in initscript
|
|
|
|
|
Use /bin/bash in SuSEconfig.postfix
|
|
|
|
|
- Update to version 20001210
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Nov 30 08:35:09 CET 2000 - ro@suse.de
|
|
|
|
|
|
|
|
|
|
- startscript sbin -> etc
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Nov 23 09:55:37 CET 2000 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- new version
|
|
|
|
|
- fix for neededforbuild
|
|
|
|
|
- fix for master.cf
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Nov 22 13:06:54 CET 2000 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- adopted to new init scheme
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Nov 15 16:13:12 CET 2000 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- fixed neededforbuild
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Nov 14 15:19:40 CET 2000 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 20001030
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Nov 9 17:14:48 CET 2000 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- long packagename
|
|
|
|
|
- added rpm buildroot
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Nov 8 15:59:41 CET 2000 - uli@suse.de
|
|
|
|
|
|
|
|
|
|
- fixed neededforbuild
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Nov 3 18:12:57 CET 2000 - bk@suse.de
|
|
|
|
|
|
|
|
|
|
- src/util/dict_ldap.c:dict_ldap_lookup(): fix missing **-termination.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Oct 24 17:28:06 CEST 2000 - fober@suse.de
|
|
|
|
|
|
|
|
|
|
- s390,ppc: added -fsigned-char compiler option, to fix obscure segfaults.
|
|
|
|
|
(code is not signed/unsigned-char-clean)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Oct 12 18:24:54 CEST 2000 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- yet another SuSEconfig.postfix bug (incorrect link)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Oct 11 16:47:35 CEST 2000 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- bugfix for SuSEconfig.postfix
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Oct 9 13:54:13 CEST 2000 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- bugfix: missed to install new flush service
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Oct 9 11:48:39 CEST 2000 - choeger@suse.de
|
|
|
|
|
|
|
|
|
|
- inititial revision of pfixtls
|
|
|
|
|
|