9433
9634
Bugfix: update SMTP server error counter when a client is
9434
9635
denied access with smtpd_delay_reject=no.
9639
Bugfix: The smtp_chat_cmd() forced output flushing code in
9640
the SMTP client could run before an I/O error handler was
9641
set up. Problem diagnosed by Victor Duchovni, Morgan
9642
Stanley. The fix is to disable the smtp_chat_cmd() forced
9643
output flushing code as it duplicates better code in
9644
smtp_loop(). File: smtp/smtp_chat.c.
9646
Safety: set up an I/O error handler before the smtp_loop()
9647
protocol engine starts; this handler logs a warning in case
9648
it ever runs, because that means someone broke ESMTP command
9649
pipelining. File: smtp/smtp_proto.c.
9651
Feature: canonical_classes parameter by Kimmo Suominen, to
9652
control what addresses are rewritten by canonical_maps.
9653
Files: cleanup/cleanup_addr.c, cleanup/cleanup_message.c.
9438
Bugfix: The smtp_chat_cmd() output flushing code in the
9439
SMTP client could run before an I/O error handler was set
9440
up. Problem diagnosed by Victor Duchovni, Morgan Stanley.
9441
The fix is to disable the smtp_chat_cmd() output flushing
9442
code as it duplicates better code in smtp_loop(). File:
9447
Bugfix: vstream_popen() did not close the child pipe after
9448
failure to fork(). File: util/vstream_popen.c.
9657
Bugfix: update the vstream I/O time AFTER the completion
9658
of an I/O request, so that time-sensitive applications
9659
don't force flush output too soon and possibly trigger
9660
NAGLE delays. Problem diagnosed by Victor Duchovni, Morgan
9661
Stanley. File: util/vstream.c.
9663
Portability: avoid postmap/postalias test file name clashes
9664
on Windows. Ian Lance Taylor (of Taylor UUCP fame).
9668
Bugfix: vstream_popen() did not close the child pipe
9669
after failure to fork(). File: util/vstream_popen.c.
9673
Feature: support for systems with closefrom(), and emulation
9674
for those without. Andrew Brown. Files: util/sys_defs.h,
9679
Feature: {sender,recipient}_canonical_classes parameters,
9680
which give better control than sender_canonical_classes.
9681
Files: cleanup/cleanup_addr.c, cleanup/cleanup_message.c.
9683
Feature: the proxymap client now recognizes when a map
9684
can't be proxied, and will open it directly instead. This
9685
makes proxy maps easier to use for virtual mailbox domains.
9686
File: global/dict_proxy.c.
9688
Feature: smtp_sasl_mechanism_filter restricts what remote
9689
SMTP server mechanism names the Postfix SMTP client passes
9690
on to the SASL library. Victor Duchovni, Morgan Stanley.
9691
Files: smtp/smtp.c. smtp/smtp_sasl_glue.c, smtp/smtp_sasl_proto.c.
9695
User interface: when no recipients are specified, the
9696
Postfix sendmail command now terminates with status EX_USAGE
9697
instead of accepting the mail first and bouncing it later.
9698
This gives more direct feedback in case of a common client
9699
configuration error. File: sendmail/sendmail.c.
9703
Portability: Solaris closefrom() support didn't work for
9704
non-SUN compilers. Victor Duchovni, Morgan Stanley.
9708
Feature: the scache(8) session cache manager now logs the
9709
peak counts of destinations, endpoints and sessions. Files:
9710
scache/scache.c, global/scache*c.
9714
Portability: disable session caching support on SCO 5
9715
because of incompatible sockets API. File: util/sys_defs.h.
9452
9719
Bugfix (introduced 20020803): sent the wrong bounce message
9453
9720
type when a Delivered-To: loop was detected for a mailing
9454
9721
list alias. Nicolas Riendeau. File: bounce_notify_util.c.
9725
Feature: authorized_flush_users, authorized_mailq_users,
9726
authorized_submit_users to restrict what users can flush
9727
the queue, list the queue, or submit mail locally. Based
9728
on code by Victor Duchovni, Morgan Stanley. Files:
9729
sendmail/sendmail.c, postdrop/postdrop.c, postqueue/postqueue.c,
9730
global/user_acl.[hc].
9732
Feature: discard(8) mail delivery agent. Victor Duchovni,
9733
Morgan Stanley. File: discard/discard.c.
9737
Long overdue, a master(5) manual page based on an initial
9738
version by Magnus Baeck.
9740
By popular demand, a postfix-manuals.html web page with
9741
totally useless links to UNIX-style manual pages (the same
9742
information should already be available simply by typing
9743
"apropos postfix"). To keep newbies from getting completely
9744
lost due to information overload, the document starts with
9745
a list of actually useful pointers to Postfix introductions,
9746
duplicated from the already existing documents.html.
9750
Bugfix: "sendmail -bv" did not reject the -t option. File:
9751
sendmail/sendmail.c.
9755
Feature: SASL authentication attributes are now stored in
9756
queue files and passed on to delivery agents, by Leandro
9757
Santi. Files: deliver_pass.c, deliver_request.c,
9758
qmgr_deliver.c, qmgr_message.c, pipe.c, smtpd.c.
9762
Feature: per SMTP client message rate limit and recipient
9763
rate limit, by Ragnar Lonn, GHN network technologies.
9764
Files: smtpd/smtpd.c, anvil/anvil.c, global/anvil_clnt.[hc].
9766
Incompatibility: smtpd_client_connection_limit_exceptions
9767
renamed to smtpd_client_event_limit_exceptions, because it
9768
now also controls message and recipient rate limit control.
9772
Portability: AIX 5.1/GCC.
9776
Postfix no longer appends the local domain to header
9777
addresses from remote clients. Instead, Postfix either
9778
does not rewrite those headers at all, or it appends the
9779
domain specified with the new remote_header_rewrite_domain
9782
Postfix still appends $@myorigin or .$mydomain to headers
9783
from the Postfix sendmail command, or from clients listed
9784
with the new local_header_rewrite_clients parameter (default:
9785
permit_mynetworks, permit_sasl_authenticated).
9787
These changes affect the SMTP server (including XFORWARD
9788
support), the cleanup server (do or don't rewrite headers),
9789
the trivial-rewrite server (append local domain or surrogate
9790
remote domain to incomplete addresses), the queue manager
9791
(send additional attributes to delivery agents), the LMTP
9792
and SMTP clients (XFORWARD support), and the local delivery
9793
agent (preserve XFORWARD attributes when forwarding mail).
9797
Bugfix: attr_clnt_request() did not properly skip hash
9798
table arguments. Luc Pardon, Skopos Consulting. File:
9803
The NIS+ module by Geoff Gibbs is now part of Postfix.
9804
Files: util/dict_nisplus.c, proto/nisplus_table.
9808
Support for Errors-To: is permanently removed.
9812
Bugfix: "smtp_connection_cache_on_demand=no" could crash
9813
the SMTP client. File: smtp/smtp_connect.c.
9815
Robustness: extra sanity checks. Files: util/dict_db.c,
9816
util/dict_dbm.c, dict_nis.c.
9820
Initial merge of Lutz Jaenicke's TLS patch. Initial rewrite
9821
of tlsmgr to eliminate some code duplication and to postpone
9822
calls into OpenSSL until after dropping privileges.
9826
Compatibility: "session cache" renamed to "connection cache"
9827
to avoid confusion with the TLS session cache.
9831
Feature: smtpd_end_of_data_restrictions allow you to specify
9832
restrictions at the end of the SMTP DATA command. The syntax
9833
is identical to that of the smtpd_data_restrictions feature.
9834
This introduces a new END-OF-DATA protocol state for the
9835
external policy server. Files: proto/SMTPD_POLICY_README.html,
9836
proto/SMTPD_ACCESS_README.html, smtpd/smtpd_check.c.
9840
Cleanup: terminate the dict_eval() result buffer for verbose
9841
logging. Victor Duchovni, Morgan Stanley. File: util/dict.c.
9845
Cleanup: be more careful when saving and restoring resolver(3)
9846
options to avoid problems with an HP-UX security patch
9847
(change introduced 20031215). File: dns/dns_lookup.c.
9851
Bugfix: the test for "no debugger_command" was wrong.
9852
Leandro Santi. File: global/debugger_command.c.
9856
Robustness: the master-child protocol now includes a process
9857
generation number besides the child process ID. The process
9858
generation number is incremented by one each time the master
9859
creates a child process. Child-to-master status updates
9860
with the wrong generation number are ignored, instead of
9861
triggering a consistency error in the master server. Files:
9862
master/*server.c, master/master_status.c, master/master_spawn.c.
9866
Bugfix: the "local_header_rewrite_clients" feature (20041023)
9867
did not recognize "bare" lookup tables as documented. Victor
9868
Duchovni, Morgan Stanley. File: smtpd/smtpd_check.c.
9870
Bugfix: the "local_header_rewrite_clients" feature (20041023)
9871
was broken because the local delivery agent passed on a
9872
bogus attribute value when forwarding internally generated
9873
mail, causing the mail to be rejected by the cleanup server.
9874
File: local/dotforward.c.
9876
Bugfix: the "local_header_rewrite_clients" feature (20041023)
9877
was broken because the pickup server always overwrote origin
9878
information. Files: pickup/pickup.c, cleanup/cleanup_state.c,
9879
*qmgr/qmgr_message.c.
9881
Workaround: enable the "can't write before sending a file
9882
descriptor" workaround for Solaris. Problem reported by
9883
Victor Duchovni for Solaris 2.5.1, but we play safe and
9884
enable it unconditionally.
9888
The TLS support routines are moved to a "tls" directory,
9889
and are published via the "libtls.a" object library.
9893
Infrastructure: support for binary attribute values
9894
(ATTR_TYPE_DATA) in Postfix IPC messages. Files:
9895
util/attr_scan*c, util/attr_print*c.
9899
TLS support: via a process of gradual transformation,
9900
decomposed Lutz Jaenicke's pfixtls.c into separate modules
9901
for clients, servers, certificate verification, session
9902
caching, and PRNG management. Global variables were eliminated
9903
so that the code now supports multiple client and/or server
9904
contexts in the same process. Files: tls/*.[hc].
9908
TLS support: eliminated shared access (and locking) of the
9909
TLS PRNG exchange file and TLS session caches. Instead,
9910
Postfix uses a client-server protocol, and the tlsmgr
9911
becomes the sole mediator. This eliminated the need for
9912
1000+ lines of SDBM support, and eliminated the need for
9913
running a persistent tlsmgr process on systems don't enable
9918
Feature: configurable list of forbidden SMTP commands
9919
(default: smtpd_forbidden_commands = CONNECT, GET, POST)
9920
after which the Postfix SMTP server disconnects immediately.
9921
The SMTP server always disconnects immediately when the
9922
client sends a message header instead of an SMTP command.
9923
Magnus Baeck. File: smtpd/smtpd.c.
9927
CDB support by Michael Tokarev, documentation by Victor
9928
Duchovni. Files: util/dict_cdb.[hc], global/mkmap_cdb.c.
9932
Completed support for the Berkeley DB sequence operator.
9933
This is needed for finding and deleting old entries in TLS
9934
session databases. File: util/dict_db.c.
9936
Bugfix: the DBM client's sequence operator used exclusive
9937
locking instead of shared locking. File: util/dict_dbm.c.
9939
Feature: dump an entire database with the new postmap/postalias
9940
"-s" option. This works only for database types with Postfix
9941
sequence operator support: hash, btree, dbm, and sdbm.
9942
Files: postmap/postmap.c, postalias/postalias.c.
9946
Solaris 10/ix86 chroot setup script update by J.D. Bronson.
9948
TLS support: cosmetic changes to comments and messages;
9949
completed the code for the master -> tlsmgr trigger handshake,
9950
so that the master no longer complains about trigger
9951
responses timing out.
9955
Updated the SDBM dictionary interface. It had fallen behind
9956
with the Postfix dictionary interfaces that were already
9957
bundled with Postfix. Files: util/dict_sdbm.[hc].
9959
Cleanup: "postconf -m" (show all available map types) now
9960
produces sorted output. File: util/dict_open.c.
9964
No bugfix: tests with the new "postmap -s" feature show
9965
that SDBM first/next operations never worked with Postfix/TLS
9966
patch 20040829 (verified with the 20040829 dict_sdbm.c
9967
module on Linux and FreeBSD). The code stops after finding
9968
one database element. Other SDBM versions found on the
9969
Internet will find all database entries, but report an I/O
9970
error after the last database element is found. All this
9971
would be easy enough to fix, but the SDBM library is not
9972
part of Postfix, and never will be.
9974
Bugfix: the sequence operator in the DBM and SDBM clients
9975
released the shared lock after reading the next key but
9976
before reading the corresponding value. This was never a
9977
problem, because the sequence operator was used only in
9978
the Postfix/TLS patch. This used the SDBM sequence operator
9979
which didn't work as discussed above. Files: util/dict_dbm.c,
9982
Feature: the local(8) and pipe(8) delivery agents now make
9983
the following attributes available upon delivery (with
9984
local(8) names must be spelled in upper case): client_hostname,
9985
client_address, client_protocol, client_helo, sasl_method,
9986
sasl_sender, sasl_username. Files: local/command.c,
9987
pipe/pipe.c, and lots of documentation.
9991
"postcat -o" now prints queue file record offsets; this is
9992
useful for debugging. File: postcat/postcat.c.
9994
NON-PRODUCTION Bugfix: (bug introduced while adopting the
9995
Postfix/TLS patch): the new TLS certification call-back
9996
routine expects that the peer hostname is in
9997
tlscontext->peername_save, but the TLS server code never
9998
updated this field. File: tls/tls_server.c.
10002
Feature: selective suppression of SMTP extensions (pipelining,
10003
starttls, auth, etc.); this is useful to work around broken
10004
clients or servers. Specify a list of EHLO keywords with
10005
the smtp(d)_discard_ehlo_keywords parameters, or specify
10006
one or more lookup tables, indexed by remote network address,
10007
with the smtp(d)_discard_ehlo_keyword_address_maps parameters.
10008
EHLO keyword lists are case insensitive. Files:
10009
util/name_mask.[hc], global/ehlo_mask.[hc], smtpd/smtpd.c,
10010
smtp/smtp.c, smtp/smtp_proto.c.
10014
Bugfix: postcat without -o was broken. File: postcat/postcat.c.
10018
NON-PRODUCTION Bugfix: (bug introduced while adopting
10019
Postfix/TLS patch): don't call smtp_flush() after return
10020
from vstream_setjmp(), we'll call you. File: smtpd/smtpd.c.
10022
Dummy VSTREAM read-write routines. Files: util/dummy_read.c,
10023
util/dummy_write.c.
10027
Fixes for TLS_README by Victor Duchovni. File:
10028
proto/TLS_README.html.
10030
NON-PRODUCTION Bugfix: (bug introduced while adopting
10031
Postfix/TLS patch). The client code had become too similar
10032
to the server implementation, and also required a host
10033
certificate and key. Fix by Victor Duchovni. File:
10038
Bugfix: further postcat corner cases.
10042
Cosmetic: don't log disconnect events as I/O errors.
10043
File: tls/tls_bio_ops.c.
10047
Infrastructure: unified IPv4/IPv6 name/address API so that
10048
Postfix can support IPv6 without #ifdef INET6 everywhere.
10049
In particular, we allow #ifdef in libraries but avoid it
10050
in applications. Files: util/myaddrinfo.[hc],
10051
util/sock_addr.[hc], dns/dns_rr_to_pa.c, dns/dns_sa_to_rr.c,
10052
dns/dns_rr_eq_sa.c, dns/dns_rr_to_sa.c, inet_proto.[hc].
10054
Postfix no longer attempts to deliver mail via IPv6 when
10055
the system has no IPv6 connectivity. Network protocol
10056
support is now selected with the "inet_protocols" configuration
10057
parameter, instead of "inet_interfaces". The "inet_protocols"
10058
parameter also controls what DNS lookups Postfix will do.
10060
Infrastructure: eliminated two host/port parsing routines.
10061
Only one survives: host_port(), in an extended form that
10062
allows for missing host or missing service information but
10063
not both. File: util/host_port.c.
10067
Milestone: Postfix with the unified IPv4/IPv6 socket/name
10068
API builds without compiler error on IPv4-only system and
10073
Bugfix: SMTPD_PROXY_README incorrectly claimed that ":port"
10074
in master.cf causes a server to listen only on "localhost"
10075
without exposing the service to the network. Instead,
10076
":port" causes a client to connect to "localhost".
10080
Linux workaround: when mynetworks isn't set, a chrooted
10081
process could not read the IPv6 address information from
10082
/proc. We now invoke own_inet_addr() before chrooting,
10083
while processing main.cf. File: global/mail_params.c.
10087
Workaround for (Linux) systems without IPV6_V6ONLY support
10088
(RFC 3493). When Postfix listened on an IPv4 wild-card
10089
smtp socket, the IPv6 wild-card smtp listener would fail
10090
with EADDRINUSE (and vice versa). File: util/myaddrinfo.c.
10094
Safety: when the IPV6 netmask can't be determined, assume
10095
/128 (host only). File: util/inet_addr_local.c.
10099
Re-implemented IPv6 support for net/mask pattern matching.
10100
Files: util/cidr_match.[hc], util/dict_cidr.c,
10101
util/match_ops.[hc], proto/cidr_table.
10105
Moved mask_addr() to its own module so that it could also
10106
be called by mynetworks() and inet_addr_local() to remove
10107
non-zero host bits from IPv6 network/mask patterns. File:
10112
Re-implemented IPv6 support for network interface lookup
10113
via the Linux /proc file system. File: util/inet_addr_local.c.
10117
Feature: specify "inet_interfaces = loopback-only" for
10118
servers that must listen on local interfaces only, without
10119
having to specify IPv4 and/or IPv6 addresses in main.cf or
10120
master.cf. File: global/own_inet_addr.c.
10122
Workaround: AIX 5.1 getaddrinfo() can't handle a null host
10123
argument with AI_PASSIVE. Instead we specify an explicit
10124
protocol family, a host of "::" or "0.0.0.0", and turn off
10125
IPV6_V6ONLY. Files: util_myaddrinfo.c, util/inet_listen.c.
10127
Workaround: AIX 5.1 getaddrinfo() can't handle a "0" service
10128
argument. Instead we specify "1". Files: util/inet_addr_host.c.
10132
Cleanup: now that the over-all structure is proving itself,
10133
clean up some internal APIs to increase robustness and get
10134
rid of some clumsiness. Mainly, the getaddrinfo(3) interface.
10136
Start-up performance: the hash_queue_names default setting
10137
is reduced from eight directories to just defer and deferred.
10138
This reduces time for checking the Postfix queue. Files:
10139
conf/post-install, global/mail_params.h.
10143
Further cleanup: eliminate duplicate IPv6 results when the
10144
mynetworks value is generated by Postfix. More documentation
10145
of the new internal APIs.
10147
Performance: reduced start-up delay by moving warning-only
10148
startup checks into the background. File: conf/postfix-script.
10152
Further hardening of the IPv6 support: don't trust system
10153
libraries to protect Postfix against malformed IPv6 address
10154
literals. Their syntax is complex enough that errors are
10155
likely. Files: global/resolve_local.c, util/valid_hostname.c.
10157
Further cleanup: RFC 2821 requires the IPv6: prefix with
10158
IPv6 address strings. The smtp and qmqp servers maintain
10159
separate address instances, the bare address and the RFC
10160
2821 compatible form, and use each where appropriate. This
10161
strict separation simplifies address syntax checks as well
10162
as the implementation of XCLIENT and XFORWARD.
10166
Infrastructure: new valid_mailhost_addr() routine to verify
10167
that an address literal satisfies RFC 2821. An IPv4 address
10168
is in dotted-quad decimal form, and an IPv6 address is in
10169
hexadecimal form, with the "IPv6:" prefix. Files:
10170
global/valid_mailhost_addr.[hc].
10172
Further cleanup: valid_hostname() no longer allows network
10173
addresses or numerical domain names. While it made some
10174
sense with IPv4 dotted quad decimal forms, with IPv6 it
10175
just made no sense anymore. Again, being stricter actually
10176
simplifies code. Files: util/valid_hostname.c and a
10177
surprisingly small number of valid_hostname() callers that
10178
did not reject numerical forms.
10180
Bugfix: in the Postfix 2.2 SMTP client, the debug_peer_init()
10181
call was moved to the after-chroot initialization.
10185
Performance: reduced start-up delay by moving warning-only
10186
startup checks into the background; they now start after
10187
one minute to allow the system to finish booting. File:
10188
conf/postfix-script.
10190
Milestone: first non-non-production snapshot with IPv6.
10194
Milestone: first non-non-production snapshot with TLS.
10198
Workaround: don't send mail to $fallback_relay if Postfix
10199
is MX host for the next-hop destination. This is, however,
10200
a partial solution. The documentation has been updated to
10201
cover all the cases where a fallback_relay could interfere
10202
with the operation of a backup or primary MX host. Files:
10203
smtp/smtp_addr.c, smtp/smtp_connect.c.
10207
Configuration: Postfix daemons that need privileged operation
10208
(such as local, pipe, or spawn) now log a fatal error when
10209
they are configured in master.cf as unprivileged.
10213
Cleanup: simplified the handling of receive_override_options
10214
settings. Files: pickup/pickup.c, smtpd/smtpd.c, qmqpd/qmqpd.c,
10215
global/input_transp.c.
10217
Feature: permit_inet_interfaces allows a request when the
10218
client matches $inet_interfaces. This is used for generic
10219
access restrictions and for header address rewriting control.
10220
Files: global/mail_params.h, smtpd/smtpd_check.c.
10222
Cleanup: by default, message header address rewriting is
10223
now enabled only for mail that originates from the machine
10224
itself. Files: global/mail_params.h, smtpd/smtpd_check.c.
10228
Bugfix: when extracting recipients from message headers,
10229
the Postfix sendmail command produced output records longer
10230
than $line_length_limit, causing postdrop to reject the
10231
mail. Diagnosis by Victor Duchovni. File: sendmail/sendmail.c.
10235
Cleanup: explicit Makefile targets for "make package" and
10236
"make non-interactive-package" to create ready-to-install
10237
packages for distribution to other systems. Added extra
10238
sanity checks to prevent attempts to overwrite your running
10239
Postfix instance. Files: Makefile.in, proto/PACKAGE_README.
10241
Cleanup: when bounce_queue_lifetime > maximal_queue_lifetime,
10242
it is adjusted to maximal_queue_lifetime, and a warning is
10243
logged. Files: *qmgr/qmgr.c.
10247
Cleanup: trivial-rewrite now restarts more timely after
10248
changes in lookup tables. Of the all the alternatives
10249
tested, the simplest one produces the most bang for the
10250
buck. The other code is left in place for illustrative
10251
purposes. File: trivial-rewrite/trivial-rewrite.c.
10253
Cleanup: sendmail no longer ignores null command-line
10254
recipients. File: sendmail/sendmail.c.
10256
Cleanup: "postfix start" background checks moved back to
10257
the foreground so they can be stopped more easily. File:
10258
conf/postfix-script.
10262
Feature: REPLACE command in header/body_checks (implemented
10263
as a combination of PREPEND and IGNORE) by Bastiaan Bakker.
10264
File: cleanup/cleanup_message.c.
10266
Cleanup: linted the manual pages for consistency in the
10267
way manuals are referenced, and in the presentation of
10268
command examples. Files: mantools/manlint, mantools/fixman,
10269
mantools/postconf2man.
10273
Cleanup: updated the mass-deletion example in the postsuper
10278
Cleanup: don't count a [45]XX SMTP server greeting towards
10279
the mx_session_limit setting. File: smtp/smtp_connect.c.
10281
Feature: output address rewriting in the SMTP client. The
10282
smtp_generic_maps parameter specifies an address mapping
10283
that happens only when mail is delivered via SMTP. This is
10284
typically used for hosts without a valid domain name, that
10285
use something like localdomain.local instead. This feature
10286
can replace local mail addresses by valid Internet mail
10287
addresses when mail needs to go across the Internet, but
10288
not when mail is sent between accounts on the local machine.
10289
Files: smtp/smtp_proto.c, smtp/smtp_map11.c.
10291
Cleanup: don't panic in mymalloc() when master can't find
10292
any IP addresses. LaMont Jones. File: master/master_ent.c.
10296
Documentation: added a generic(5) manual page for consistency
10297
with the already existing table driven mechanisms, added
10298
references to or examples of the new generic mapping.
10300
Bugfix: the header_checks REPLACE action mis-handled
10301
multi-line replacement text in message headers, for example:
10302
/(.*)/ REPLACE X-$1. File: cleanup/cleanup_message.c.
10304
Bugfix: the header_checks REPLACE action should not drop
10305
the input when the action is NOT executed. File:
10306
cleanup/cleanup_message.c.
10308
Bugfix? Cleanup? Documentation? main.cf now implements
10309
${name[?:]value} as promised in the postconf(5) manual.
10310
Implemented by deleting the macro processor in dict_eval(),
10311
and using the one in mac_expand() instead. File: util/dict.c.
10315
Feature: check_ccert_access maptype:mapname for access(5)
10316
control, based on code by Victor Duchovni. File:
10317
smtpd/smtpd_check.c and documentation.
10319
Safety: don't allow unlimited message size with limited
10320
mailbox size. File: local/local.c, virtual/virtual.c.
10322
Feature: new smtpd policy attributes ccert_subject,
10323
ccert_issuer and ccert_fingerprint, with TLS client
10324
certificate information, but only when verification was
10325
successful. Files: src/smtpd/smtpd_check.c.
10327
Cleanup: corrected the address verification data flow in
10328
the ADDRESS_VERIFICATION_README illustration.
10332
Cleanup: the smtp generic mapping did syntax check on the
10333
input address instead of the result. These tests were not
10334
going to be useful in any case, because mail_addr_map()
10335
canonicalizes the lookup result, including @dom1->@dom2
10336
mapping. File: smtp_map11.c.
10338
Cleanup: made the generic mapping documentation consistent
10339
with the implementation.
10341
Cleanup: documented the myorigin/mydomain address rewriting
10342
in canonical, generic and virtual alias maps.
10344
Feature: updated LDAP and *SQL query interfaces using a
10345
common infrastructure so that all have the same feature set
10346
where possible. Victor Duchovni and many others. This code
10347
was tested separately and was merged into the main stream
10348
20050308. Files: global/db_common.[hc], global/dict_ldap.c,
10349
global/dict_mysql.c, global/dict_pgsql.c, plus documentation.
10353
Bugfix: spurious fallback_relay warnings after 20050202.
10354
Victor Duchovni. File: smtp/smtp_connect.c.
10356
Bugfix: (introduced while adopting Postfix/TLS patch) the
10357
TLS cache scan stopped after expiring one entry. Victor
10358
Duchovni. File: tls/tls_scache.c.
10360
Safety: delete-behind when removing expired entries from
10361
TLS session caches. With some maps the enumeration method
10362
mis-behaves when the current entry is deleted. File:
10367
Cleanup: the "generics" feature (output address rewriting)
10368
is renamed to "generic", for consistency with "canonical"
10373
Cleanup: remove old trace(8) logfile before attempting
10374
delivery (and after locking the message file exclusively).
10375
Files: *qmgr/qmgr_message.c.
10377
Cleanup: don't parse-then-regenerate message headers when
10378
no address is changed by address rewriting operations. This
10379
behavior was copied from the SMTP client's generic mapping
10380
code. Files: cleanup/cleanup_rewrite.c, cleanup/cleanup_map11.c,
10381
cleanup/cleanup_masquerade.c, cleanup/cleanup_message.c..
10385
Bugfix: don't chmod queue files while running "postfix
10386
set-permissions". This prevents mail from being labeled as
10387
"corrupt" when a live Postfix system is upgraded. Found
10388
by Victor Duchovni. File: conf/post-install.
10392
Feature: in smtpd?_discard_ehlo_keyword(s|_address_maps)
10393
specify the pseudo keyword "silent-discard" in order to
10394
avoid logging that some EHLO keyword is being suppressed.
10395
File: global/ehlo_mask.[hc].
10399
Bugfix: typo in tls_server.c, breaking CApath. Fix by
10400
Philipp Morger. File: tls/tls_server.c.
10404
Bugfix (bug introduced 20040331): with SIGHUP ignored, the
10405
postdrop signal handler would effectively ignore SIGINT,
10406
SIGQUIT and SIGTERM. Simplified the overly-conservative
10407
protection against nested signals in postdrop, and added
10408
some future proofing comments. File: postdrop/postdrop.c
10410
Cleanup: when address rewriting is enabled, don't change
10411
the capitalization of header labels, i.e. don't replace
10412
FROM: or CC: by From: or Cc:. Files: cleanup/cleanup_message.c,
10417
Cleanup/portability: missing #includes and bad prototypes.
10418
Matthias Andree, Carsten Hoeger, and others.
10422
Workaround: make TLS session caching work with perverse
10423
sites that have multiple servers per hostname or even
10424
multiple servers per IP address, but no shared TLS session
10425
cache. The SMTP client TLS session cache is now indexed by
10426
(server hostname, server address, server port, server helo
10427
hostname). After an idea by Victor Duchovni. Files:
10428
smtp/smtp_proto.c, tls/tls_client.c.
10432
Bugfix (bug inherited from Postfix/TLS patch): a rare 9kbyte
10433
memory leak when in-memory TLS session information expires;
10434
found by setting the expiry time shorter than the time to
10435
deliver one or two messages with a very slow machine. This
10436
was due to a missing SSL_SESSION_free() call in the "new
10437
session" call-back routines. Found by Victor Duchovni.
10438
Files: tls/tls_client.c, tls/tls_server.c.
10440
Workaround: OpenSSL is overly agressive when purging a
10441
not-yet expired entry from a full in-memory cache: it also
10442
purges the entry from the on-disk server session cache.
10443
Workaround is to let only the tlsmgr purge entries from the
10444
on-disk server session cache. Found by Victor Duchovni.
10445
File: tls/tls_server.c.
10449
Postfix releases are now signed with Wietse's new PGP key.
10450
The old key was getting a bit short for today's standards.
10451
The new public key can be found on the Postfix download
10452
webpage. As proof of authenticity the new PGP key is signed
10453
with Wietse's old PGP key.
10455
Cleanup: check_mumble_{ns,mx}_access no longer attempt to
10456
do MX or NS lookups for address literals. An address literal
10457
is treated as its own MX host; there is no meaningful
10458
equivalent for NS access control. File: smtpd/smtpd_check.c.
10462
Bugfix: the AIX and SUN compilers rightfully complained
10463
about non-portable code in the "new" LDAP/SQL client. File:
10464
global/db_common.c.
10466
Workaround: some systems no longer recognize "tail +2" as
10467
valid command syntax. Instead they require "improved" syntax
10468
that is not valid on several other systems that Postfix
10469
builds on. So we have to stop using the tail command.
10470
Files: Makefile.in, src/*/Makefile.in.
10474
Bugfix: the TLS session cache cleaning code didn't always
10475
delete the right entry. Problem found by Victor Duchovni,
10476
more problems found by Wietse. File: tls/tls_scache.c.
10480
Portability: Berkeley DB changed API from version 2.5 to
10481
2.6. Rob Foehl. File: util/dict_db.c.
10485
Bugfix: when <unistd.h> is included, read is a reserved
10486
identifier. File: smtpstone/smtp-source.c.
10490
Cleanup: change wording of error message when an IPv6 address
10491
is mistaken for maptype:mapname. File: util/dict_open.c.
10495
Robustness: don't look for SMTP status code when there was
10496
none. File: smtp/smtp_chat.c, lmtp/lmtp_chat.c.
10498
Portability: missing netinet/in.h include, so that ntohs()
10499
was not defined on HP-UX. File: smtp/smtp_proto.c.
10503
Bugfix: the SMTP and LMTP clients did not ask the queue
10504
manager to reduce destination concurrency when "lost
10505
connection" or "connection timed out" happened AFTER Postfix
10506
received the server greeting. Files: smtp/smtp_trouble.c,
10507
lmtp/lmtp-trouble.c.
10511
Cleanup: the REPLACE action is no longer implemented as
10512
PREPEND+IGNORE. The result remains in the input stream, and
10513
is subject to address rewriting and other processing where
10514
applicable. File: cleanup/cleanup_message.c.
10518
Cleanup: updated error messages about MIME processing errors
10519
in the SMTP client. These errors are no longer specific to
10520
8bit->7bit conversion; they can also happen with generic
10521
address mapping. File: smtp/smtp_proto.c.
10525
@%^!#& Thanks to inadequate SASL documentation the client
10526
could negotiate a security layer where none was desired.
10527
Better documentation has become available since Postfix
10528
SASL support was implemented, and now Postfix needs to be
10529
fixed. Files: */*_sasl_glue.c.
10533
Safety: the CDB map now logs a warning when the source file
10534
is newer than the indexed file, just like the Berkeley DB
10535
and DBM maps. Michael Tokarev. File: util/dict_cdb.c.
10539
Bugfix: while updating the cleanup_flush() infrastructure
10540
in the 2.3 development release, eliminated a portability
10541
problem that was introduced when "REJECT text" support was
10542
added. File: cleanup/cleanup.c.
10546
Portability: don't mix socket message send/receive calls
10547
with socket stream read/write calls. The fact that you can
10548
get away with it only on some stacks implies that there is
10549
no long-term guarantee. Specify -DCAN_WRITE_BEFORE_SENDING_FD
10550
if you feel brave. File: util/sys_defs.h.
10552
Robustness: re-compile all object files after the "make
10553
makefiles" options have changed. Files: src/*/Makefile.in.
10557
Safety: don't call syslog from a user-triggered signal
10558
handler, and other minor fixes back-ported from the 2.3
10559
development release. File: postdrop/postdrop.c.
10563
Bugfix: postsuper could lose an error message after reporting
10564
a fatal error. Fix back-ported from the 2.3 development
10565
release. File: postsuper/postsuper.c.
10569
Bugfix: don't panic when the fall-back relay can't be used
10570
because the local MTA is MX for the destination, or when
10571
the fall-back relay can't be used because it was already
10572
tried via a cached session. Files: util/argv.c,
10573
smtp/smtp_connect.c.
10577
Bugfix: in a DSN report, the original recipient should not
10578
be xtext encoded. File: bounce/bounce_notify_util.c.
10582
Bugfix: mymalloc() panic with mistyped server host list.
10583
File: global/dict_pgsql.c.
10587
Bugfix: TLS MUST_NOPEERMATCH didn't work (inherited from
10588
TLS patch), and a dangling pointer in the corresponding
10589
error handling. File: smtp/smtp_proto.c.
10593
Cleanup: the SMTP client now sends QUIT when the initial
10594
HELO handshake fails. it still doesn't send QUIT when the
10595
server greets with a [45]XX code, as that is handled in the
10596
connection management code before a session context exists.
10597
File: smtp/smtp_connect.c.
10601
Bugfix: missing or mis-placed va_end() macros, found in
10602
Postfix 2.3 code review. Files: util/netstring.c,
10603
util/myaddrinfo.c, util/attr_clnt.c, util/vstream.c.
10607
Portability: file descriptor passing is available for Tru64
10608
UNIX, but AIX4 and IRIX6 will have to do without. This means
10609
no SMTP connection caching for those platforms. Albert
10610
Chin. File: util/sys_defs.h.
10614
Portability: the connection caching code broke on LP64
10615
systems (inherited from Stevens Network Programming). Files:
10616
util/unix_send_fd.c, util/unix_recv_fd.c. This code is
10617
back-ported from the Postfix 2.3 snapshot release.
10621
Robustness: the SMTP client now disables connection caching
10622
when it is unable to communicate with the scache(8) server,
10623
instead of looping forever and not delivering mail. File:
10624
global/scache_clnt.c. This code is back-ported from the
10625
Postfix 2.3 snapshot release.
10627
Portability: after sending a socket, the scache(8) server
10628
now waits for an ACK from the connection cache client before
10629
closing the socket that it just sent. Files: scache/scache.c,
10630
global/scache_clnt.c. This code is back-ported from the
10631
Postfix 2.3 snapshot release.
10635
Portability: on LP64 systems, integer expressions are int,
10636
but sizeof() and pointer difference expressions are larger.
10637
Point fixes for a few discrepancies with variadic functions
10638
that expect int (the permanent fix is to change the receiving
10639
modules, but that results in too much change, and is not
10640
allowed in the stable release). Files: tls/tls_scache.c,
10641
util/clean_env.c, util/vstring.h, smtpstone/qmqp-source.c.
10645
Workaround: accept(2) fails with EPROTO when the client
10646
already disconnected (SunOS 5.5.1). File: sane_accept.c.
10650
Workaround: old Solaris compilers can't link an archive
10651
without globally visible symbols. File: tls/tls_misc.c.
10655
Bugfix: the *SQL clients did not uniformly choose the
10656
database host from the available pool of servers due to an
10657
off-by-one error, so that the "last" available server was
10658
not selected. Leandro Santi. Files: dict_mysql.c, dict_pgsql.c.
10662
Paranoia: don't ignore garbage in SMTP or LMTP server replies
10663
when ESMTP command pipelining is turned on. For example,
10664
after sending ".<CR><LF>QUIT<CR><LF>", Postfix could recognize
10665
the server's 2XX QUIT reply as a 2XX END-OF-DATA reply after
10666
garbage, causing mail to be lost. The SMTP and LMTP clients
10667
now report a remote protocol error and defer delivery.
10668
Files: smtp/smtp_chat.c, smtp/smtp_trouble.c, lmtp/lmtp_chat.c,
10669
lmtp/lmtp_trouble.c.
10673
Bugfix: raise the "policy violation" flag when a client
10674
request exceeds a concurrency or rate limit. File:
10677
Bugfix (cut-and-paste error): don't reply with 421 (too
10678
many MAIL FROM or RCPT TO commands) when we aren't closing
10679
the connection. File: smtpd/smtpd.c.
10683
Bugfix: don't do smtpd_end_of_data_restrictions after the
10684
transaction failed due to, e.g., a write error. File:
10687
Cleanup: the SMTP server now enforces the message_size_limit
10688
even when the client did not send SIZE information with the
10689
MAIL FROM command. This protects before-queue content
10690
filters against over-size messages. File: smtpd/smtpd.c.
10694
Workaround: the next-hop logical destination information
10695
for connection caching was reset only after a good non-TLS
10696
connection, so that cached connections to non-TLS backup
10697
servers could suck away traffic from TLS primary servers
10698
(the Postfix SMTP client cannot cache an open TLS connection).
10699
Found during code review. Fixing this requires more change
10700
than is allowed in a stable release. File: smtp/smtp_connect.c.
10704
Bugfix: two messages could get the same message ID due to
10705
a race condition. This time window was increased when queue
10706
file creation was postponed from MAIL FROM until the first
10707
accepted RCPT TO. The window is closed again. Found by
10708
Victor. Files: global/mail_stream.c, global/mail_queue.c,
10709
cleanup/cleanup_message.c. This code is back-ported from
10710
the Postfix 2.3 snapshot release.
10714
Bugfix: the queue manager did not write a per-recipient
10715
defer logfile record when the delivery agent crashed after
10716
the initial handshake with the queue manager, and before
10717
reporting the delivery status to the queue manager. Files:
10718
*qmgr/qmgr_deliver.c.
10722
Log warning when REDIRECT, FILTER, HOLD and DISCARD are
10723
used in smtpd_etrn_restrictions. File: smtpd/smtpd_check.c.
10727
Bugfix: moved code around from one place to another to make
10728
REDIRECT, FILTER, HOLD and DISCARD access(5) table actions
10729
work in smtpd_end_of_data_restrictions. PREPEND will not
10730
be fixed; it must be specified before the message content
10731
is received. Files: smtpd/smtpd.c, smtpd/smtpd_check.c,
10732
cleanup/cleanup_extracted.c, pickup/pickup.c.