- update to 3.8.0
* Support to look up DNS SRV records in the Postfix SMTP/LMTP
client, Based on code by Tomas Korbar (Red Hat). For example,
with "use_srv_lookup = submission" and "relayhost =
example.com:submission", the Postfix SMTP client will look up
DNS SRV records for _submission._tcp.example.com, and will relay
email through the hosts and ports that are specified with those
records.
* TLS obsolescence: Postfix now treats the "export" and "low"
cipher grade settings as "medium". The "export" and "low" grades
are no longer supported in OpenSSL 1.1.1, the minimum version
required in Postfix 3.6.0 and later. Also, Postfix default
settings now exclude deprecated or unused ciphers (SEED, IDEA,
3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms
(DH, ECDH), and public key algorithm (DSS).
* Attack resistance: the Postfix SMTP server can now aggregate
smtpd_client_*_rate and smtpd_client_*_count statistics by
network block instead of by IP address, to raise the bar against
a memory exhaustion attack in the anvil(8) server; Postfix TLS
support unconditionally disables TLS renegotiation in the middle
of an SMTP connection, to avoid a CPU exhaustion attack.
* The PostgreSQL client encoding is now configurable with the
"encoding" Postfix configuration file attribute. The default
is "UTF8". Previously the encoding was hard-coded as "LATIN1",
which is not useful in the context of SMTP.
* The postconf command now warns for #comment in or after a Postfix
parameter value. Postfix programs do not support #comment after
other text, and treat that as input.
- rebase/refresh patches
* pointer_to_literals.patch
* postfix-linux45.patch
* postfix-master.cf.patch
* postfix-ssl-release-buffers.patch
* set-default-db-type.patch
OBS-URL: https://build.opensuse.org/request/show/1080180
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=454
- Update to 3.4.4
o Incompatible changes
- The Postfix SMTP server announces CHUNKING (BDAT
command) by default. In the unlikely case that this breaks some
important remote SMTP client, disable the feature as follows:
/etc/postfix/main.cf:
# The logging alternative:
smtpd_discard_ehlo_keywords = chunking
# The non-logging alternative:
smtpd_discard_ehlo_keywords = chunking, silent_discard
- This introduces a new master.cf service 'postlog'
with type 'unix-dgram' that is used by the new postlogd(8) daemon.
Before backing out to an older Postfix version, edit the master.cf
file and remove the postlog entry.
- Postfix 3.4 drops support for OpenSSL 1.0.1
- To avoid performance loss under load, the
tlsproxy(8) daemon now requires a zero process limit in master.cf
(this setting is provided with the default master.cf file). By
default, a tlsproxy(8) process will retire after several hours.
- To set the tlsproxy process limit to zero:
postconf -F tlsproxy/unix/process_limit=0
postfix reload
o Major changes
- Postfix SMTP server support for RFC 3030 CHUNKING
(the BDAT command) without BINARYMIME, in both smtpd(8) and
postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions,
and smtpd_proxy_filter. See BDAT_README for more.
- Support for logging to file or stdout, instead of using syslog.
- Logging to file solves a usability problem for MacOS, and
OBS-URL: https://build.opensuse.org/request/show/686001
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=328
- update to 3.1.0
- Since version 3.0 postfix supports dynamic loading of cdb:, ldap:,
lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients.
Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch
could be removed.
- Adapting all the patches to postfix 3.1.0
- The patch postfix-db6.diff is not more neccessary
- Backwards-compatibility safety net.
With NEW Postfix installs, you MUST install a main.cf file with
the setting "compatibility_level = 2". See conf/main.cf for an
example.
With UPGRADES of existing Postfix systems, you MUST NOT change the
main.cf compatibility_level setting, nor add this setting if it
does not exist.
Several Postfix default settings have changed with Postfix 3.0. To
avoid massive frustration with existing Postfix installations,
Postfix 3.0 comes with a safety net that forces Postfix to keep
running with backwards-compatible main.cf and master.cf default
settings. This safety net depends on the main.cf compatibility_level
setting (default: 0). Details are in COMPATIBILITY_README.
- Major changes - tls
* [Feature 20160207] A new "postfix tls" command to quickly enable
opportunistic TLS in the Postfix SMTP client or server, and to
manage SMTP server keys and certificates, including certificate
signing requests and TLSA DNS records for DANE.
* As of the middle of 2015, all supported Postfix releases no longer
nable "export" grade ciphers for opportunistic TLS, and no longer
use the deprecated SSLv2 and SSLv3 protocols for mandatory or
OBS-URL: https://build.opensuse.org/request/show/373635
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=232
