* tls support:
Support to turn off the TLSv1.1 and TLSv1.2 protocols:
To temporarily turn off problematic protocols globally:
/etc/postfix/main.cf:
smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
However, it may be better to temporarily turn off problematic
protocols for broken sites only:
/etc/postfix/main.cf:
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
/etc/postfix/tls_policy:
example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2
* 20111012 To simplify integration with third-party
applications, the Postfix sendmail command now always transforms
all input lines ending in <CR><LF> into UNIX format (lines ending
in <LF>). Specify "sendmail_fix_line_endings = strict" to restore
historical Postfix behavior (i.e. convert all input lines ending
in <CR><LF> only if the first line ends in <CR><LF>).
* 20120114 Logfile-based alerting systems may need to be
updated to look for "error" messages in addition to "fatal" messages.
Specify "daemon_table_open_error_is_fatal = yes" to get the historical
behavior (immediate termination with "fatal" message).
* enable_long_queue_ids Postfix 2.9 introduces support for non-repeating queue IDs (also
used as queue file names). These names are encoded in a mix of upper
case, lower case and decimal digit characters. Long queue IDs are
disabled by default to avoid breaking tools that parse logfiles and
that expect queue IDs with the smaller [A-F0-9] character set.
* 20111209 memcache lookup and update support. This provides
a way to share postscreen(8) or verify(8) caches between Postfix
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=154
was comparing bitmasks incorrectly causing the program to
always wait for the full time limit. This error affected
the unused postkick command, but only after s/fifo/unix/
in master.cf. File: util/events.c.
- Cleanup: laptop users have always been able to avoid
unnecessary disk spin-up by doing s/fifo/unix/ in master.cf
(this is currently not supported on Solaris systems).
However, to make this work reliably, the "postqueue -f"
command must wait until its requests have reached the pickup
and qmgr servers before closing the UNIX-domain request
sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in.
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=143
Bugfixes:
smtpd(8) did not sanitize newline characters in cleanup(8)
REJECT messages, causing them to be sent out via SMTP as bare newline characters.
smtpd(8) sent multi-line responses from a before-queue content filter as text with
bare <LF> instead of <CR><LF>.
Workaround: postscreen sent non-compliant SMTP responses (220- followed by 421)
when it could not give a connection to a real smtpd process, causing some
remote SMTP clients to bounce mail.
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=104
* DNSBL/DNSWL:
o Support for address patterns in DNS blacklist and whitelist lookup results.
o The Postfix SMTP server now supports DNS-based whitelisting with several safety features
* Support for read-only sqlite database access.
* Alias expansion:
o Postfix now reports a temporary delivery error when the result
of virtual alias expansion would exceed the virtual_alias_recursion_limit
or virtual_alias_expansion_limit.
o To avoid repeated delivery to mailing lists with pathological
nested alias configurations, the local(8) delivery agent now keeps
the owner-alias attribute of a parent alias, when delivering mail
to a child alias that does not have its own owner alias.
* The Postfix SMTP client no longer appends the local domain when
looking up a DNS name without ".".
* The SMTP server now supports contact information that is appended
to "reject" responses: smtpd_reject_footer
* Postfix by default no longer adds a "To: undisclosed-recipients:;"
header when no recipient specified in the message header.
* tls support:
o The Postfix SMTP server now always re-computes the SASL mechanism
list after successful completion of the STARTTLS command.
o The smtpd_starttls_timeout default value is now stress-dependent.
o Postfix no longer appends the system-supplied default CA certificates
to the lists specified with *_tls_CAfile or with *_tls_CApath.
* New feature: Prototype postscreen(8) server that runs a number
of time-consuming checks in parallel for all incoming SMTP connections,
before clients are allowed to talk to a real Postfix SMTP server.
It detects clients that start talking too soon, or clients that appear
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=62
