15759
Robustness: skip LDAP queries with non-ASCII search strings.
15760
The LDAP library requires well-formed UTF-8. Victor Duchovni.
15761
File: global/dict_ldap.c.
15807
Robustness: skip LDAP queries with non-UTF-8 search strings
15808
(in anticipation of UTF8SMTP support). File: global/dict_ldap.c.
15810
Strict UTF-8 validator per RFC 3629. File: util/valid_utf_8.c.
15814
Cleanup: Postfix LDAP client support for RFC 2255 LDAP URLs.
15815
Victor Duchovni. Files: proto/ldap_table global/dict_ldap.c.
15765
15817
Safety: Postfix processes log a warning when a matchlist
15766
15818
has a #comment at the end of a line (for example mynetworks
15767
15819
or relay_domains). File: util/match_list.c.
15769
15821
Portability: Berkeley DB 5.x has the same API as Berkeley
15770
15822
DB 4.1 and later. File: util/dict_db.c.
15826
Bugfix (introduced Postfix 2.2): Postfix no longer appends
15827
the system default CA certificates to the lists specified
15828
with *_tls_CAfile or with *_tls_CApath. This prevents
15829
third-party certificates from getting mail relay permission
15830
with the permit_tls_all_clientcerts feature. Unfortunately
15831
this may cause compatibility problems with configurations
15832
that rely on certificate verification for other purposes.
15833
To get the old behavior, specify "tls_append_default_CA =
15834
yes". Files: tls/tls_certkey.c, tls/tls_misc.c,
15835
global/mail_params.h. proto/postconf.proto, mantools/postlink.
15839
Cleanup: the master no longer logs "process P killed with
15840
signal S" when it shuts down a running service (for example,
15841
the service is removed from master.cf, or the service is
15842
disabled via the main.cf master_service_disable parameter).
15843
File: master/master_spawn.c.
15847
Feature: read-only sqlite support based on code by Axel
15848
Steiner and documentation by Jesus Garcia Crespo. Files:
15849
conf/postfix-files, mantools/postlink, proto/DATABASE_README.html,
15850
proto/Makefile.in, proto/INSTALL.html, proto/mysql_table,
15851
proto/pgsql_table, proto/sqlite_table, proto/SQLITE_README.html,
15852
global/Makefile.in, global/mail_dict.c, global/dict_sqlite.c,
15853
global/dict_sqlite.h, postconf/postconf.c, postfix/postfix.c.
15857
Cleanup: SQLite read-only driver and documentation. Files:
15858
global/dict_sqlite.c, proto/mysql_table, proto/SQLITE_README.html.
15862
Completed the 20100610 bugfix. File: tls/tls_misc.c.
15866
Compatibility with Postfix < 2.3: fix 20061207 was incomplete
15867
(undoing the change to bounce instead of defer after
15868
pipe-to-command delivery fails with a signal). Fix by Thomas
15869
Arnett. File: global/pipe_command.c.
15873
Convenience: "postconf name=value ..." is now equivalent to
15874
"postconf -e name=value ...". File: postconf/postconf.c.
15878
Feature: INFO header/body_checks action for non-warning
15879
messages (for example, to log all Milter-inserted headers).
15880
File: global/header_body_checks.c, proto/header_checks.
15882
Cleanup: after-filter Postfix SMTP servers now log before-filter
15883
queue IDs. For this, the XFORWARD protocol was extended
15884
with an IDENT attribute for the before-filter queue ID.
15885
This code was started in Postfix 2.1, but it was never
15886
finished due to time constraints. Files: smtpd/smtpd.[hc]
15887
smtpd/smtpd_proxy.c, smtpd/smtpd_sasl_proto.c,
15888
*qmgr/qmgr_messsage.c, *qmgr/qmgr_deliver.c,
15889
global/deliver_request.[hc], global/mail_proto.h,
15890
global/deliver_pass.c, smtp/smtp_proto.c.
15894
Bugfix: the milter_header_checks parser provided only the
15895
actions that change the message flow (reject, filter,
15896
discard, redirect) but disabled the non-flow actions (warn,
15897
replace, prepend, ignore, dunno, ok). File:
15898
cleanup/cleanup_milter.c.
15902
Performance: fix for poor smtpd_proxy_filter TCP performance
15903
over loopback (127.0.0.1) connections. Problem reported by
15904
Mark Martinec. Files: smtpd/smtpd_proxy.c.
15906
Bugfix: the Postfix SMTP client no longer appends the local
15907
domain when looking up a DNS name without ".". Specify
15908
"smtp_dns_resolver_options = res_defnames" to get the old
15909
behavior, which can produce unexpected results. Files:
15910
smtp/smtp.c, smtp/smtp_params.c, smtp/smtp_addr.c.
15914
Refactoring: postscreen source code broken up into multiple
15915
files, and identifiers updated to match changes in their
15916
purpose. This will be the baseline for adding support for
15917
DNSBL weighting, then a dummy engine to collect forensic
15918
evidence with the option of future protocol checks. Files:
15919
postscreen/*.[hc], Makefile.in.
15923
Postscreen DNSBL support for optional fixed-string filters
15924
and optional integral weight factors (use negative weights
15925
for whitelisting). See RELEASE_NOTES and postconf(5) for
15926
details. Files: postscreen/postscreen_dnsbl.c,
15927
proto/postconf.proto, mantools.postlink, global/mail_params.h.
15929
Incompatibility: the postscreen-to-dnsblog protocol was
15930
changed to support DNSBL query result filters. Use "postfix
15931
reload" after installing the new version otherwise the
15932
dnsblog(8) server may complain.
15936
Polished the postscreen documentation and comments to clarify
15937
the user interface and implementation. No code changes.
15941
Restructured postscreen and added support for a dummy SMTP
15942
protocol engine. This engine logs rejected attempts to
15943
deliver mail with helo/sender/recipient information, and
15944
implements deep protocol tests. The first deep protocol
15945
test is for command pipelining, where a client sends multiple
15946
commands instead of waiting for the server to respond to
15947
each command. The second one implements the Postfix SMTP
15948
server's smtpd_forbidden_commands feature. Files:
15949
postscreen/*.[hc]. See RELEASE_NOTES, postconf(5) and
15950
postscreen(8) for incompatibilities, features, and configuration
15955
Feature: boolean configuration parameters with string-valued
15956
defaults, so that they can be subject to macro expansions.
15957
This was needed to make some postscreen parameter defaults
15958
to the values of the corresponding smtpd parameters. Files:
15959
global/mail_conf.h, global/mail_conf_nbool.c,
15960
master/event_server.c, master/mail_server.h, master/multi_server.c,
15961
master/single_server.c, master/trigger_server.c,
15962
postconf/extract.awk, postconf/postconf.c.
15966
Feature: texthash read-only database. This is similar to
15967
hash: files, except that you don't need to run the postmap(1)
15968
command before you can use the file, and that it does not
15969
detect changes after the file is read. All information is
15970
read into memory. Files: util/dict_open.c, util/dict_thash.[hc],
15971
proto/DATABASE_README.html, postconf/postconf.c
15975
Feature: bare newline detection in postscreen. Real spambots
15976
don't make this mistake anymore, but poorly-written software
15977
still does. File: postscreen/smtpd.c.
15979
Documentation: POSTSCREEN_README including instructions for
15980
turning postscreen(8) on without blocking mail, and more.
15981
Trimmed the text in the postscreen(8) manpage. File:
15982
proto/POSTSCREEN_README.html, postscreen/postscreen.c.
15986
Cleanup: the "postscreen_greet_wait" delay now ends as soon
15987
as both the pregreet and DNSBL tests complete (the postscreen
15988
documentation mentions in history/credits that the program
15989
started as a crude prototype). The default postscreen_dnsbl_ttl
15990
caching time is now reduced to 1h from 24h, allowing
15991
postscreen to catch up on DNSBL updates more quickly. If
15992
this increases the database update frequency too much then
15993
we'll need to make dnsbl result non-cachable. Files:
15994
postscreen/postscreen_dnsbl.c, global/mail_params.h.
15998
Bugfix (introduced 20100914): missing precondition for
15999
call-back notification. File: postscreen/postscreen_dnsbl.c.
16001
Bugfix (introduced 20100914): the "postscreen_greet_wait"
16002
delay speedup worked only for DNSBL listed sites. File:
16003
postscreen/postscreen_dnsbl.c.
16005
Workaround: better handling of pregreeting spambots. The
16006
postscreen built-in SMTP engine no longer sends a 220 banner
16007
to a client that falls into the pregeet trap. This eliminates
16008
many "NON-SMTP COMMAND" records in postscreen logging, as
16009
the SMTP client and server no longer get out of sync. It
16010
also results in better logging of sender/recipient information.
16011
File: postscreen/postscreen_smtpd.c.
16015
Cleanup: postscreen now uses the first responding DNSBL
16016
name in the "5.7.1 Service unavailable" reply, instead of
16017
the last responding one. File: postscreen/postscreen_dnsbl.c.
16019
Cleanup: the 20100914 "postscreen_greet_wait" speedup did
16020
not happen as often as it should, because some older code
16021
still turned on PREGREET tests gratuitously, causing a full
16022
greet-wait delay. File: postscreen/postscreen_tests.c.
16024
Cleanup: to avoid "address in use" problems, postscreen now
16025
closes the listening socket after "postfix stop". It also
16026
closes the socket after "postfix reload" but that does not
16027
hurt. Files: master/event_server.c, master/multi_server.c.
16029
Cleanup: postscreen now logs CONNECT and DISCONNECT events.
16030
Files: postscreen/postscreen.c, postscreen/postscreen_misc.c.
16034
Bugfix: cut-and-paste error. Postscreen used pregreet_ttl
16035
instead of dnsbnl_ttl. File: postscreen/postscreen_early.c.
16039
Cleanup: minor cleanups and invisible fixes. Files:
16040
postscreen/postscreen_misc.c, postscreen/postscreen.h,
16041
postscreen/postscreen_tests.c.
16043
Feature: preliminary postscreen penalty mechanism. Basic
16044
idea: when a client exceeds some threshold, don't allow it
16045
to pass any tests until the penalty expires. Penalties
16046
provide a way to slow down clients without blocking mail
16047
permanently. Files: postscreen/postscreen_misc.c,
16048
postscreen/postscreen_tests.c, postscreen/postscreen.c.
16050
A first application of the postscreen penalty mechanism
16051
triggers on clients that make brief connections to find out
16052
if the mail server is up. With "postscreen_early_hangup_penalty
16053
= 600" they will disqualify themselves for 10 minutes.
16054
Unfortunately, this behavior is used by legitimate bulk
16055
mail services. This application was removed 20101103. The
16056
penalty mechanism itself is left in place as #ifdef NONPROD.
16060
Cleanup: renamed MUMBLE_FLAG_MUMBLE aggregates to
16061
MUMBLE_MASK_MUMBLE for consistency with other Postfix code.
16062
Files: postscreen/*.[hc].
16066
Cleanup: flag PIPELINING errors with NOOP and VRFY. File:
16071
Bugfix (introduced: 20100914) dangling pointer when a client
16072
makes N > 1 simultaneous connections and closes M < N
16073
connections before postscreen has delivered the DNSBL score
16074
to the corresponding pseudothreads. In practice the pointer
16075
will refer to a block of 0xff bytes; the program terminates
16076
with a segmentation violation, and is restarted immediately
16077
by the master daemon. Files: postscreen/postscreen_early.c,
16078
postscreen/postscreen_dnsbl.c.
16080
Cleanup: avoid repeated delivery to mailing list members
16081
with pathological nested alias configurations. The local(8)
16082
delivery agent now keeps the owner-alias attribute of the
16083
parent alias, when delivering mail to a child alias that
16084
does not have its own owner alias. With this change, local
16085
addresses from that child alias will be written to a new
16086
queue file, and a temporary error with one local address
16087
will no longer result in repeated delivery to other mailing
16088
list members. Specify "reset_owner_alias = yes" for the
16089
older behavior. File: local/alias.c.
16093
Bugfix (introduced: 2100923): duplicate "PASS OLD" logging.
16094
File: postscreen/postscreen_misc.c.
16098
Cleanup: dnsblog now logs "addr X listed by domain Y as Z"
16099
instead of "addr X blocked by domain Y as Z", because the
16100
service may be used for whitelist lookups. File:
16105
Cleanup: don't apply reject_rhsbl_helo to non-domain forms
16106
such as network addresses. This would cause false positives
16107
with dbl.spamhaus.org. File: smtpd/smtpd_check.c.
16111
Cleanup: new qmgr_ipc_timeout parameter (default: 60s) to
16112
override the system-wide ipc_timeout setting (default:
16113
3600s). The shorter timeout allows the queue manager to
16114
reset a deadlocked IPC connection before the watchdog timer
16115
goes off. Files: *qmgr/qmgr.c.
16117
Cleanup: new qmgr_daemon_timeout parameter (default: 1000s)
16118
to make the hard-coded 1000s watchdog timeout configurable.
16119
Files: *qmgr/qmgr.c.
16121
Cleanup: request default DSN notification when adding a
16122
recipient with smfi_addrcpt, instead of requesting "never
16123
notify" as with Postfix automatically-added BCC recipients.
16124
Files: cleanup/cleanup_addr.c, cleanup/cleanup.h,
16125
cleanup/cleanup_milter.c.
16129
Feature: DNS whitelist support in the Postfix SMTP server.
16130
permit_dnswl_client whitelists a client by IP address, and
16131
permit_rhswl_client whitelists a client by its hostname.
16132
The syntax is the same as reject_rbl_client etc., but the
16133
result is PERMIT instead of REJECT. For safety reasons,
16134
permit_xxx_client are silently ignored when they would
16135
override reject_unauth_destination. The result is
16136
DEFER_IF_REJECT when DNSWL lookup fails. The implementation
16137
is based on a design documented by Noel Jones (August 2010).
16138
File: smtpd/smtpd_check.c.
16142
Workaround: strip off IPv6 datalink suffix from peer address
16143
to avoid problems with strict address checking code. Files:
16144
smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.
16148
Robustness: postscreen(8) now implements a time limit on
16149
reading an entire command, instead of a time limit for
16150
reading individual characters. File: postscreen/postscreen_smtpd.c.
16154
Cleanup: don't apply reject_rhsbl_helo to non-domain forms
16155
such as network addresses. This would cause false positives
16156
with dbl.spamhaus.org. File: smtpd/smtpd_check.c.
16160
Bugfix: the "421" reply after Milter error was overruled
16161
by Postfix 1.1 code that replied with "503" for RFC 2821
16162
compliance. We now make an exception for "final" replies,
16163
as permitted by RFC. Solution by Victor Duchovni. File:
16168
Feature: pattern matching for DNSWL/DNSBL responses. For
16169
example, with "reject_rbl_client example.com=d.d.d.d", each
16170
"d" can now be a pattern inside "[]" that contains one or
16171
more comma-separated decimal numbers or number..number
16172
ranges. Files: smtpd/smtpd_check.c, postscreen/postscreen_dnsbl.c,
16173
util/ip_match.c, util/ip_match.h.
16177
Cleanup: don't log "blocked using example.com=127.0.0.1",
16178
just log the domain name. File: smtpd/smtpd_check.c.
16182
Cleanup: postscreen_client_connection_count_limit (default:
16183
$smtpd_client_connection_count_limit) to limit the number
16184
of connections from the same IP address to the postscreen(8)
16185
daemon. Files: postscreen/postscreen.c, postscreen/postscreen.h,
16186
postscreen/postscreen_state.c.
16190
Cleanup: all postscreen(8) logging now reports the client
16191
as [address]:port. This requires an update of tools that
16192
process postscreen logging. Files: postscreen/*.c,
16193
proto/POSTSCREEN_README.html.
16195
Cleanup: polishing recent documentation and code. Files:
16196
postscreen/postscreen_dnsbl.c, util/ip_match.c.
16200
Bugfix (introduced 20101129): broken default value for
16201
postscreen_client_connection_count_limit if the
16202
smtpd_client_connection_count_limit parameter was left at
16203
its default. File: postscreen/postscreen.c.
16205
Workaround: BSD-ish mkdir() ignores the effective GID
16206
and copies group ownership from the parent directory.
16207
File: util/make_dirs.c.
16211
Feature: the LDAP client can now authenticate to LDAP servers
16212
via SASL. This is tested with SASL GSSAPI and Kerberos 5.
16213
Original code by Quanah Gibson-Mount adapted by Victor
16214
Duchovni. Files: global/dict_ldap.c, proto/LDAP_README.html,
16217
Cleanup: the cleanup server now reports a temporary delivery
16218
error when it reaches the virtual_alias_expansion_limit or
16219
virtual_alias_recursion_limit. Previously, it would silently
16220
ignore the excess recipients and deliver the message. File:
16221
cleanup/cleanup_map1n.c.
16225
Cleanup: sache_clnt_create() had an unnecessary data
16226
dependency on the non-library var_scache_service variable,
16227
causing problems with shared library builds. Instead, it
16228
should use its service argument (which has the same value).
16229
File: global/scache.c.
16231
Cleanup: pipe_command.c had an unnecessary data dependency
16232
on the non-library var_command_maxtime variable, causing
16233
problems with shared library builds. The dependency was not
16234
necessary because the callers already specify an explicit
16235
time limit. File: global/pipe_command.c.
16239
Bugfix (introduced 20101205): postscreen hung up due to
16240
incorrect output error test. File: postscreen/postscreen_send.c.
16244
Cleanup: the undisclosed_recipients_header default value
16245
is now the empty string. The Internet mail RFCs have supported
16246
messages without recipient header for almost 10 years now.
16247
File: global/mail_params.h.
16249
Cleanup: use strtol() instead of sscanf() for consistent
16250
handling of out-of-range numbers. Files: global/cfg_parser.c,
16251
global/conv_time.c, global/mail_conf_int.c,
16252
global/mail_conf_long.c, global/mail_conf_nint.c.
16256
Cleanup: eliminated the code that copied TLS protocol
16257
messages between the OpenSSL TLS engine and the network.
16258
This change hopefully simplifies the TLS library enough
16259
that it can be used in an event-driven TLS proxy in front
16260
of postscreen. Files: tls/tls_bio.c, tls/tls_server.c,
16263
This change eliminates an obscure bug where the SMTP server
16264
would wait for another $smtpd_timeout seconds after sending
16265
the "421 Error: timeout exceeded" message to the client.
16269
Cleanup: simplified the VSTREAM "large buffer" support by
16270
dropping the Postfix 2.4 "binary compatibility" requirement.
16271
Files: util/vstream.c, util/vstream.h.
16275
Cleanup: the SMTP client PIPELINING code did not account
16276
for TLS protocol overhead. This could (only in theory)
16277
result in deadlock when the remote SMTP server announces a
16278
very small receive window after the client and server have
16279
synchronized their SMTP state. Victor Duchovni. File:
16284
Feature: with "tls_preempt_cipherlist = yes" the Postfix
16285
SMTP server will preempt the remote SMTP client's cipher
16286
preference order. This requires OpenSSL 0.9.7 and later.
16287
Victor Duchovni. Files: src/smtpd/smtpd.c, src/tls/tls_server.c,
16288
proto/TLS_README.html, proto/postconf.proto.
16290
Future proofing: specify "tls_disable_workarounds = a list
16291
or bit-mask of OpenSSL bug work-arounds to disable". This
16292
may become necessary when a bug workaround is found to cause
16293
problems (security or interoperability). Victor Duchovni.
16294
Files: tls/tls_misc.c, proto/TLS_README.html, proto/postconf.proto.
16296
Infrastructure: extended name_mask module feature set with
16297
extensive documentation and 32-bit regression tests. Victor
16298
and Wietse. File: util/name_mask.[hc].
16302
Cleanup: sanitized the name_mask API so that errors will be
16303
ignored only upon explicit request. Files: util/name_mask.[hc],
16304
src/global/ehlo_mask.c, src/smtp/smtp_proto.c,
16305
src/util/name_mask.c, src/xsasl/xsasl_dovecot_server.c.
16307
Cleanup: more TLS overhead horrors for the SMTP client's
16308
PIPELINING engine. Wietse and Victor. File: smtp/smtp_proto.c.
16312
Cleanup: the SMTP client logic for pipelining the "." and
16313
"QUIT" commands was bogus - the pipelining engine could not
16314
know how much unacknowledged data is pending in the local
16315
TCP stack. We now ignore the buffer check for sending
16316
"QUIT" after ".". Wietse and Victor. File: smtp/smtp_proto.c.
16320
Cleanup: the Postfix SMTP server now always refreshes the
16321
SASL authentication mechanism list after STARTTLS. Some
16322
Dovecot versions may change their responses when they know
16323
that the SMTP connection is encrypted. File: smtpd/smtpd.c.
16325
Cleanup: the smtpd_starttls_timeout default value is now
16326
stress-dependent. Files: global/mail_params.h,
16327
proto/postconf.proto.
16329
Compatibility: postscreen_discard_ehlo_keyword(s|maps)
16330
support for compatibility with smtpd_discard_ehlo_keyword(s|maps).
16331
Files: postscreen/postscreen_smtpd.c.
16335
Feature: STARTTLS support for the postscreen(8) daemon.
16336
With early testing feedback from Victor Duchovni and Ralf
16337
Hildebrandt. Files: postscreen/postscreen_smtpd,
16338
postscreen/postscreen_starttls.c.
16340
Feature: event-driven tlsproxy(8) daemon that translates
16341
TLS <=> plaintext for postscreen(8). One tlsproxy(8) process
16342
can translate traffic for multiple remote SMTP clients.
16343
With early testing feedback from Victor Duchovni and Christian
16344
Roessner. Files: util/nbbio.[hc], tlsproxy/*.[hc],
16345
postscreen/postscreen_starttlsd.c, postscreen/postscreen_smtpd.c.
16349
Cleanup: missing tls_level support in tlsproxy (it has no
16350
way to send plaintext, but perhaps an informative error
16351
message is in order anyway). File: tlsproxy/tlsproxy.c.
16353
Cleanup: simplified the handling of throttled output (i.e.
16354
output that can't be sent because the receiver tries to be
16355
nasty). File: postscreen/postscreen_send.c.
16359
Feature: add contact information to each SMTP server reject
16360
message. For example, "smtpd_reject_footer = call 800-555-0101
16361
for assistance", with macro expansion and with multi-line
16362
support. Files: global/mail_params.h, mantools/postlink,
16363
proto/postconf.proto, smtpd/smtpd.c, smtpd/smtpd_chat.c,
16364
smtpd/smtpd_expand.[hc], util/mac_expand.[hc].
16368
Cleanup: the forest of TLS-related booleans was shrunk.
16369
Victor Duchovni. Files: smtpd/smtpd.c, postscreen/postscreen.c,
16370
postscreen/postscreen_smtpd.c, tlsproxy/tlsproxy.c.
16372
Non-production: tlsproxy support in the Postfix SMTP server
16373
for stress testing of the tlsproxy daemon (#ifdef TLSPROXY).
16374
Seen from outside, Postfix works just as if it has TLS
16375
support built into in smtpd(8). Files: smtpd/smtpd.c,
16376
tls/tls_proxy*.[hc], tlsproxy/tlsproxy.c, util/vstream.[hc].
16378
Bugfix (introduced with the Postfix TLS patch): discard
16379
plaintext following the STARTTLS command or response. This
16380
matters only for the minority of SMTP clients that actually
16381
verify server certificates. Files: smtpd/smtpd.c,
16386
Non-production: cleaned up the tlsproxy support in the
16387
Postfix SMTP server for stress testing of the tlsproxy
16388
daemon (still #ifdef TLSPROXY). File: smtpd/smtpd.c.
16392
Cleanup: smtpd_reject_contact_information is renamed to
16393
smtpd_reject_footer, because it can be used for non-contact
16396
Compatibility: postscreen_reject_footer support for
16397
compatibility with smtpd_reject_footer. Files:
16398
global/smtp_reply_footer.[hc], global/mail_conf.[hc],
16399
postscreen/postscreen_expand.c, postscreen/postscreen_send.c,
16400
postscreen/postscreen.c, smtpd/smtpd_chat.c.
16402
Compatibility: postscreen_command_filter support for
16403
compatibility with smtpd_command_filter. Files:
16404
postscreen/postscreen_dict.c, postscreen/postscreen_smtpd.c
16408
Cleanup: postscreen(8) now displays control characters in
16409
PREGREET responses as C-style \letter escapes, instead of
16410
"?". File: postscreen/postscreen_early.c.
16414
Cleanup: Solaris support for "pass" (file descriptor passing
16415
based) services in master.cf. This was needed by postscreen(8).
16416
Also, renamed upass_xxx.c to unix_pass_xxx.c. One-character
16417
prefixes are too short. Removed upass_connect.c because it
16418
was useless code. Files: util/stream_pass_connect.c,
16419
util/unix_pass_listen.c, util/unix_pass_trigger.c.
16421
Bugfix (introduced Postfix 2.4): on Solaris the Postfix
16422
event engine was deaf for SIGHUP and SIGALRM signals after
16423
the switch to /dev/poll. Symptoms were delayed "postfix
16424
reload" response, and killed processes when the watchdog
16425
timeout was less than max_idle. The fix is to set up SIGHUP
16426
and SIGALRM handlers that write to a pipe, and to monitor
16427
that pipe for read events via the Postfix event engine.
16428
Files: master/master_sig.c, util/watchdog.c, util/sys_defs.h.
16432
Cleanup: replaced the postscreen(8) separate blacklist and
16433
whitelist lookup tables by one postscreen_access_list table.
16434
See postconf(5) and POSTSCREEN_README for examples. Files:
16435
postscreen/postscreen_access.c, postscreen/postscreen.c,
16436
proto/postconf.proto, proto/POSTSCREEN_README.html.
16440
Cleanup: suspend/resume logic for postscreen(8) SMTP sessions
16441
that temporarily switch control to an external program such
16442
as tlsproxy, or perhaps a future policy plugin. Files:
16443
postscreen/postscreen_smtpd, postscreen/postscreen_starttls.c.
16447
Cleanup: ps_cache and psc_cache are now postscreen_cache.
16448
There is no need for obscure name abbrevations. File:
16449
src/global/mail_params.h.
16453
Workaround: malloc fuzz (safety margin for malloc requests).
16454
Files: util/sys_defs.h, util/mymalloc.c.
16456
Cleanup: dnsblog_service_name and tlsproxy_service_name are
16457
now configurable, in case someone needs this. Files:
16458
global/mail_params.h, postscreen/postscreen.c, mantools/postlink,
16459
proto/postconf.proto.
16463
Cleanup: soft_bounce support for postscreen(8). Files:
16464
postscreen/postscreen_smtpd.c, postscreen/postscreen_send.c.
16466
Cleanup: for smtpd(8) compatibility, postscreen(8) now
16467
strips deprecated route address prefixes from email addresses
16468
(@here,@there:user@example becomes user@example). This is
16469
primarily to make postscreen(8) logging more similar to
16470
that of smtpd(8). File: postscreen/postscreen_smtpd.c.
16472
Cleanup: documentation, in preparation for the Postfix 2.8
16477
Bugfix (introduced Postfix alpha, or thereabouts): on HP-UX
16478
the Postfix event engine was deaf for SIGALRM signals.
16479
Symptoms were killed processes when the watchdog timeout
16480
was less than max_idle. The fix is the same as Solaris fix
16481
20110109. Since we can't know what other systems need this,
16482
the workaround is enabled by default. Files: util/sys_defs.h.
16484
Cleanup: "smtpd_tls_eecdh_grade = strong" by default, instead
16485
of snapshot-only. File: global/mail_params.h, proto/postconf.proto.
16487
Cleanup: missing "#include <errno.h>" in util/watchdog.c.
16489
Bugfix: when compiled without -DUSE_TLS, tlsproxy used the
16490
wrong server skeleton (multi_server instead of event_server).
16491
File: tlsproxy/tlsproxy.c.
16493
Workaround: added a panic check for code that is mis-compiled
16494
by the HP-UX compiler. File: postscreen/postscreen.c,
16495
postscreen/postscreen.h, postscreen/postscreen_state.c.
16499
Bugfix: the tls_disable_workarounds word list only included
16500
workarounds in SSL_OP_ALL. Problem report by Steve Jenkins,
16501
problem fix by Victor Duchovni. File: tls/tls_misc.c.
16503
Last-minute incompatible syntax change: Postfix now uses
16504
";" instead of "," to separate DNSBL/DNSWL address filter
16505
fields inside "[]". The compatibility break is not an issue,
16506
because the syntax never worked in main.cf. Problem reported
16507
by Mark Martinec. Files: util/ip_match.c, util/ip_match.in,
16508
util/ip_match.ref, proto/postconf.proto.
16510
Cleanup: postscreen now monitors the AVERAGE latency of
16511
table access, and complains at most once per minute. File:
16512
postscreen/postscreen_dict.c.
16514
Bugfix: support for the "dunno" command somehow disappeared
16515
from the postscreen_access_list implementation. File:
16516
postscreen/postscreen_access.c.