* Fix for DMARC implementations based on SPF policy plus DKIM Milter.
* The Postfix SMTP server logged an incorrect client name in reject
messages for check_reverse_client_hostname_access and check_reverse_client_hostname_{mx,ns}_access.
* The qmqpd daemon crashed with null pointer bug when logging a lost connection while not in a mail transaction.
* The TLS client logged that an anonymous TLS connection was "Untrusted", instead of "Anonymous".
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=230
- postfix-SuSE.tar.gz/postfix.service: None of
nss-lookup.target network.target local-fs.target time-sync.target
should be Wanted or Required except by the services
the implement the relevant functionality i.e network.target
is wanted/required by networkmanager, wicked,
systemd-network. other software must be ordered After them,
see systemd.special(7)
OBS-URL: https://build.opensuse.org/request/show/309705
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=223
- Bugfix (introduced: Postfix 2.6):
sender_dependent_relayhost_maps ignored the relayhost setting
in the case of a DUNNO lookup result. It would use the
recipient domain instead. Viktor Dukhovni. Wietse took the
pieces of code that enforce the precedence of a
sender-dependent relayhost, the global relayhost, and the
recipient domain, and put that code together in once place so
that it is easier to maintain. File:
trivial-rewrite/resolve.c.
- Bitrot: prepare for future changes in OpenSSL API. Viktor
Dukhovni. File: tls_dane.c.
- Incompatibility: specifying "make makefiles" with "CC=command"
will no longer override the default WARN setting.
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=216
- bnc#912594 config.postfix creates config based on old options
- bnc#911806 config.postfix does not set up correct saslauthd socket directory for chroot
- bnc#910265 config.postfix does not upgrade the chroot
- bnc#908003 wrong access rights on /usr/sbin/postdrop causes
permission denied when trying to send a mail as non root user
- bnc#729154 wrong permissions for some postfix components
OBS-URL: https://build.opensuse.org/request/show/280976
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=206
* TLS
o Support for PKI-less TLS server certificate verification, where
the CA public key or the server certificate is identified via DNSSEC lookup
* LMDB database support
* master
o The master_service_disable parameter value syntax has changed:
use "service/type" instead of "service.type".
* postconf:
o Support for advanced master.cf query and update operations.
This was implemented primarily to support automated system management tools.
o The postconf command produces more warnings
* relay safety
New smtpd_relay_restrictions parameter built-in default settings:
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
defer_unauth_destination
* postscreen whitelisting
Allow a remote SMTP client to skip postscreen(8) tests based on
its postscreen_dnsbl_sites score.
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=180
unsuitable for computing certificate PUBLIC KEY fingerprints.
Postfix now provides a correct procedure that accounts for
the algorithm and parameters in addition to the key data. Specify
"tls_legacy_public_key_fingerprints = yes" if you need backwards compatibility.
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=160
* tls support:
Support to turn off the TLSv1.1 and TLSv1.2 protocols:
To temporarily turn off problematic protocols globally:
/etc/postfix/main.cf:
smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
However, it may be better to temporarily turn off problematic
protocols for broken sites only:
/etc/postfix/main.cf:
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
/etc/postfix/tls_policy:
example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2
* 20111012 To simplify integration with third-party
applications, the Postfix sendmail command now always transforms
all input lines ending in <CR><LF> into UNIX format (lines ending
in <LF>). Specify "sendmail_fix_line_endings = strict" to restore
historical Postfix behavior (i.e. convert all input lines ending
in <CR><LF> only if the first line ends in <CR><LF>).
* 20120114 Logfile-based alerting systems may need to be
updated to look for "error" messages in addition to "fatal" messages.
Specify "daemon_table_open_error_is_fatal = yes" to get the historical
behavior (immediate termination with "fatal" message).
* enable_long_queue_ids Postfix 2.9 introduces support for non-repeating queue IDs (also
used as queue file names). These names are encoded in a mix of upper
case, lower case and decimal digit characters. Long queue IDs are
disabled by default to avoid breaking tools that parse logfiles and
that expect queue IDs with the smaller [A-F0-9] character set.
* 20111209 memcache lookup and update support. This provides
a way to share postscreen(8) or verify(8) caches between Postfix
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=154
