forked from pool/postfix
Accepting request 686001 from home:varkoly:branches:server:mail
- Update to 3.4.4
o Incompatible changes
- The Postfix SMTP server announces CHUNKING (BDAT
command) by default. In the unlikely case that this breaks some
important remote SMTP client, disable the feature as follows:
/etc/postfix/main.cf:
# The logging alternative:
smtpd_discard_ehlo_keywords = chunking
# The non-logging alternative:
smtpd_discard_ehlo_keywords = chunking, silent_discard
- This introduces a new master.cf service 'postlog'
with type 'unix-dgram' that is used by the new postlogd(8) daemon.
Before backing out to an older Postfix version, edit the master.cf
file and remove the postlog entry.
- Postfix 3.4 drops support for OpenSSL 1.0.1
- To avoid performance loss under load, the
tlsproxy(8) daemon now requires a zero process limit in master.cf
(this setting is provided with the default master.cf file). By
default, a tlsproxy(8) process will retire after several hours.
- To set the tlsproxy process limit to zero:
postconf -F tlsproxy/unix/process_limit=0
postfix reload
o Major changes
- Postfix SMTP server support for RFC 3030 CHUNKING
(the BDAT command) without BINARYMIME, in both smtpd(8) and
postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions,
and smtpd_proxy_filter. See BDAT_README for more.
- Support for logging to file or stdout, instead of using syslog.
- Logging to file solves a usability problem for MacOS, and
OBS-URL: https://build.opensuse.org/request/show/686001
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=328
This commit is contained in:
Peter Varkoly
committed by
Git OBS Bridge
Git OBS Bridge
parent
48ef32a7be
commit
262723174e
@@ -1,3 +1,75 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 18 09:56:11 UTC 2019 - Peter Varkoly <varkoly@suse.com>
|
||||
|
||||
- Update to 3.4.4
|
||||
|
||||
o Incompatible changes
|
||||
- The Postfix SMTP server announces CHUNKING (BDAT
|
||||
command) by default. In the unlikely case that this breaks some
|
||||
important remote SMTP client, disable the feature as follows:
|
||||
|
||||
/etc/postfix/main.cf:
|
||||
# The logging alternative:
|
||||
smtpd_discard_ehlo_keywords = chunking
|
||||
# The non-logging alternative:
|
||||
smtpd_discard_ehlo_keywords = chunking, silent_discard
|
||||
- This introduces a new master.cf service 'postlog'
|
||||
with type 'unix-dgram' that is used by the new postlogd(8) daemon.
|
||||
Before backing out to an older Postfix version, edit the master.cf
|
||||
file and remove the postlog entry.
|
||||
- Postfix 3.4 drops support for OpenSSL 1.0.1
|
||||
- To avoid performance loss under load, the
|
||||
tlsproxy(8) daemon now requires a zero process limit in master.cf
|
||||
(this setting is provided with the default master.cf file). By
|
||||
default, a tlsproxy(8) process will retire after several hours.
|
||||
- To set the tlsproxy process limit to zero:
|
||||
postconf -F tlsproxy/unix/process_limit=0
|
||||
postfix reload
|
||||
o Major changes
|
||||
- Postfix SMTP server support for RFC 3030 CHUNKING
|
||||
(the BDAT command) without BINARYMIME, in both smtpd(8) and
|
||||
postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions,
|
||||
and smtpd_proxy_filter. See BDAT_README for more.
|
||||
- Support for logging to file or stdout, instead of using syslog.
|
||||
- Logging to file solves a usability problem for MacOS, and
|
||||
eliminates multiple problems with systemd-based systems.
|
||||
- Logging to stdout is useful when Postfix runs in a container, as
|
||||
it eliminates a syslogd dependency.
|
||||
- Better handling of undocumented(!) Linux behavior
|
||||
whether or not signals are delivered to a PID=1 process.
|
||||
- Support for (key, list of filenames) in map source text.
|
||||
Currently, this feature is used only by tls_server_sni_maps.
|
||||
- Automatic retirement: dnsblog(8) and tlsproxy(8) process
|
||||
will now voluntarily retire after after max_idle*max_use, or some
|
||||
sane limit if either limit is disabled. Without this, a process
|
||||
could stay busy for days or more.
|
||||
- Postfix SMTP client support for multiple deliveries
|
||||
per TLS-encrypted connection. This is primarily to improve mail
|
||||
delivery performance for destinations that throttle clients when
|
||||
they don't combine deliveries.
|
||||
This feature is enabled with "smtp_tls_connection_reuse=yes" in
|
||||
main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps.
|
||||
It supports all Postfix TLS security levels including dane and
|
||||
dane-only.
|
||||
- SNI support in the Postfix SMTP server, the
|
||||
Postfix SMTP client, and in the tlsproxy(8) daemon (both server and
|
||||
client roles). See the postconf(5) documentation for the new
|
||||
tls_server_sni_maps and smtp_tls_servername parameters.
|
||||
- Support for files that contain multiple (key, certificate, trust chain)
|
||||
instances. This was required to implement
|
||||
server-side SNI table lookups, but it also eliminates the need for
|
||||
separate cert/key files for RSA, DSA, Elliptic Curve, and so on.
|
||||
- Support for smtpd_reject_footer_maps (as well as the postscreen
|
||||
variant postscreen_reject_footer_maps) for more informative reject
|
||||
messages. This is indexed with the Postfix SMTP server response
|
||||
text, and overrides the footer specified with smtpd_reject_footer.
|
||||
One will want to use a pcre: or regexp: map with this.
|
||||
o Bugfixes
|
||||
- Andreas Schulze discovered that reject_multi_recipient_bounce
|
||||
was producing false rejects with BDAT commands. This problem
|
||||
already existed with Postfix 2.2 smtpd_end_of_data_restrictons.
|
||||
Postfix 3.4.4 fixes both.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 5 13:21:35 UTC 2019 - Jiri Slaby <jslaby@suse.com>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user