« back to all changes in this revision
Viewing changes to HISTORY
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Bazaar Package Importer
- Author(s): LaMont Jones
- Date: 2005-02-27 09:33:07 UTC
- Revision ID: james.westby@ubuntu.com-20050227093307-cn789t27ibnlh6tf
Tags: upstream-2.1.5
ImportĀ upstreamĀ versionĀ 2.1.5
- files added:
- INSTALL
- README_FILES
- README_FILES/RELEASE_NOTES
- auxiliary
- auxiliary/MacOSX
- auxiliary/MacOSX/Postfix.StartupItem
- auxiliary/qshape
- auxiliary/rmail
- bin
- conf
- conf/LICENSE
- examples
- examples/chroot-setup
- examples/qmail-local
- examples/smtpd-policy
- html
- html/defer.8.html
- html/mailq.1.html
- html/newaliases.1.html
- html/trace.8.html
- include
- lib
- libexec
- man
- man/cat1
- man/cat5
- man/cat8
- man/man1
- man/man5
- man/man8
- mantools
- proto
- src
- src/bounce
- src/bounce/.indent.pro
- src/cleanup
- src/cleanup/.indent.pro
- src/dns
- src/dns/.indent.pro
- src/error
- src/error/.indent.pro
- src/flush
- src/flush/.indent.pro
- src/fsstone
- src/fsstone/.indent.pro
- src/global
- src/global/.indent.pro
- src/lmtp
- src/lmtp/.indent.pro
- src/local
- src/local/.indent.pro
- src/master
- src/master/.indent.pro
- src/oqmgr
- src/oqmgr/.indent.pro
- src/pickup
- src/pickup/.indent.pro
- src/pipe
- src/pipe/.indent.pro
- src/postalias
- src/postalias/.indent.pro
- src/postcat
- src/postcat/.indent.pro
- src/postconf
- src/postconf/.indent.pro
- src/postdrop
- src/postdrop/.indent.pro
- src/postfix
- src/postfix/.indent.pro
- src/postkick
- src/postkick/.indent.pro
- src/postlock
- src/postlock/.indent.pro
- src/postlog
- src/postlog/.indent.pro
- src/postmap
- src/postmap/.indent.pro
- src/postqueue
- src/postsuper
- src/postsuper/.indent.pro
- src/proxymap
- src/proxymap/.indent.pro
- src/qmgr
- src/qmgr/.indent.pro
- src/qmqpd
- src/qmqpd/.indent.pro
- src/sendmail
- src/sendmail/.indent.pro
- src/showq
- src/showq/.indent.pro
- src/smtp
- src/smtp/.indent.pro
- src/smtpd
- src/smtpd/.indent.pro
- src/smtpstone
- src/smtpstone/.indent.pro
- src/spawn
- src/spawn/.indent.pro
- src/trivial-rewrite
- src/trivial-rewrite/.indent.pro
- src/util
- src/util/.indent.pro
- src/verify
- src/verify/.indent.pro
- src/virtual
- src/virtual/.indent.pro
added
removed
HISTORY
1
In addition to the names listed below, the following people provided
2
useful inputs on many occasions: Paul D. Robertson, Simon J. Mudd.
3
Apologies for any names omitted.
4
5
19980105
6
7
The compiled-in default value for resolve_smtp_sender was
8
wrong (from the days that it was a boolean), causing smtpd
9
to dump core when the variable was not set in main.cf.
10
11
The INSTALL instructions now have separate sections for
12
the three basic ways of running vmailer.
13
14
The INSTALL instructions now have discusses how to deal
15
with chrooted processes.
16
17
Ported to RedHat 5.0. My, these people have re-organized
18
their include files quite a bit, haven't they.
19
20
19980106
21
22
On RedHat Linux 4.2/5.0, when a FIFO listener opens the
23
FIFO with mode O_RDONLY, the FIFO remains forever readable
24
after the writer has closed it. Workaround: open the FIFO
25
mode O_RDWR.
26
27
Test program: util/fifo_rdonly_bug.c
28
29
Unfortunately, the above fix triggers a bug on BSD/OS 3.1
30
where opening the FIFO mode O_RDWR causes select() to claim
31
that the FIFO is readable even before any data is written
32
to it, causing read() to block or to fail.
33
34
Test program: util/fifo_rdwr_bug.c
35
36
printfck (check arguments of printf-like function calls)
37
found a missing argument in local/command.c
38
39
Miscellaneous Makefile cleanups that I didn't finish before
40
the first alpha release.
41
42
19980107
43
44
Sometimes the DNS will claim that a domain does not exist,
45
when in fact it does. Thus, it is a bad idea to reject mail
46
from apparently non-existent domains. I have changed the
47
smtpd so that it produces a soft error responses when a
48
resolve_smtp_sender test fails with HOST_NOT_FOUND. Note:
49
by default, this test is still disabled.
50
51
The DB and DBM read routines will now automagically figure
52
out if (key, value) pairs were written including a terminating
53
null byte or not. The DB and DBM write routines will use
54
this result to determine how to write, and will fall back
55
to per-system defaults otherwise.
56
57
Renamed the README to MUSINGS, and wrote up a README that
58
reflects the current status of the software.
59
60
Added -d (don't disconnect) and -c (show running counter)
61
option to te smtp-source test program. These tools are
62
great torture tests for the mail software, and for the
63
system that it runs on.
64
65
Turned down the process_limit parameter (# of parallel smtp
66
clients or servers) to avoid unpleasant surprises. You can
67
crank up the process_limit parameter in main.cf.
68
69
19980111
70
71
Feature: when run by the superuser, mailq now shows the
72
mail queue even when the mail system is down. To this end,
73
mailq (sendmail -bp) runs the showq program directly instead
74
of connecting to the UNIX-domain service socket, and drops
75
privileges etc. as usual.
76
77
19980119
78
79
Bugfix: Edwin Kremer spotted an oversight in the negated
80
host matching code (for name or address patterns prefixed
81
by !).
82
83
Bugfix: upon receipt of a SIGHUP signal, the master now
84
disconnects from its child processes, so that the current
85
generation of child processes commits suicide, and so that
86
the next generation of child processes will use the new
87
configuration settings.
88
89
Bugfix: the smtp server now skips the sender DNS domain
90
lookup test for foo@[address]
91
92
Bugfix: don't append the local domain to foo@[address]
93
94
19980120
95
96
Bugfix: old low-priority bug in some list walk code that
97
caused the master to drop core when a service was turned
98
off in master.cf.
99
100
Robustness: the mail system should be able to start up and
101
to accept local postings even while the naming service is
102
down. For this reason, the mail system no longer uses
103
gethostbyname() to look up its own machine name. Sites
104
that use short hostnames will have to specify their FQDN
105
in main.cf (this will eventually be done by the system
106
installation/configuration procedure). Should the config
107
language support backticks so one can say `domainname`?
108
What about $name stuff between the backtics?
109
110
Security: the master now creates FIFOs and UNIX-domain
111
sockets as the mail owner instead of as root, for better
112
protection against subverted mail systems. chmod() is
113
susceptible to race conditions. fchmod(), although safer,
114
often does not work on sockets.
115
116
Portability: anticipate that all major UNIXes will create
117
UNIX-domain sockets with permissions modified by the process
118
umask (required by POSIX). For this reason, we always
119
chmod() UNIX-domain sockets, unless the system allows us
120
to use the safer fchmod() instead.
121
122
Portability: the semi-resident servers now properly handle
123
EWOULDBLOCK returns from accept() in addition to EGAIN
124
(on some systems, EAGAIN and EWOULDBLOCK have different
125
values).
126
127
Bugfix: the semi-resident servers now properly handle EINTR
128
returns From accept().
129
130
Bugfix: Edwin Kremer found that mynetworks() would compute
131
(32 - mask) instead of mask.
132
133
19980121
134
135
Feature: /etc/vmailer/relocated is used by the local delivery
136
program and specifies what mail should be bounced with a
137
"user has moved to XXX" message. The main.cf configuration
138
parameter is "relocated_maps". Just like the "virtual_maps"
139
config parameter, this feature is off by default, and the
140
parameter can have values such as "files" or "files, nis"
141
(on hosts equipped with NIS).
142
143
19980123
144
145
Cleanup: virtual domain support moved from the queue manager
146
to the resolve service, where it belongs.
147
148
Feature: /etc/vmailer/canonical is used by the rewrite
149
service for all addresses, and maps a canonical address
150
(user@domain) to another address. Typical use is to generate
151
Firstname.Lastname@domain addresses, or to clean up dirty
152
addresses from non-RFC 822 mail systems. The main.cf
153
configuration parameter is "canonical_maps". Just like
154
the "virtual_maps" config parameter, this feature is off
155
by default, and the parameter can have values such as
156
"files" or "files, nis" (on hosts equipped with NIS).
157
158
19980124
159
160
HPUX10 port and many little fixes from Pieter Schoenmakers.
161
162
Bugfix: isolated an old mysterious bug that could make the
163
master deaf for new connections while no child process was
164
running. A typical result was that no pickup daemon would
165
be started after the previous one had terminated voluntarily.
166
167
Bugfix: the NIS lookup code did not mystrdup() the NIS map
168
name and would access free()d memory.
169
170
19980125
171
172
Bugfix: the vstream routines would sometimes ignore flushing
173
errors. The error would still be reported by vstream_fclose()
174
and vstream_ferror().
175
176
Feature: time limit on delivery to shell commands. Config
177
parameter: command_time_limit. Default value: 100 sec. The
178
idea is to prevent one bad .forward file or alias file
179
entry from slowly using up all local delivery process slots.
180
181
19980126
182
183
Code cleanup: in preparation for SMTP extensions such as
184
SIZE, allow an extended SMTP command to have a variable
185
number of options.
186
187
19980127
188
189
Bugfix: moved canonical map lookups away from the rewriting
190
module to the cleanup service, so that canonical map lookups
191
do not interfere with address rewriting on behalf of other
192
programs. Back to an older trivial-rewrite program version.
193
194
Bugfix: moved virtual map lookups away from the resolver
195
back to the queue manager, so that virtual domain lookup
196
does not interfere with address resolution on behalf of
197
other programs. Back to an older qmgr program version.
198
199
19980131
200
201
Feature: integrated and adapted Guido van Rooij's SIZE
202
option (RFC 1870), carefully avoiding potential problems
203
due to overflow (by multiplying large numbers) or unsigned
204
underflow (by subtracting numbers).
205
206
Code cleanup: cleaned up the code that parses the server
207
response to the HELO/EHLO command, so that we can more
208
reliably recognize what options a server supports.
209
210
19980201
211
212
Portability: integrated the IRIX 6 port by Oved Ben-Aroya.
213
214
Portability: the software now figures out by itself if a
215
server should open its FIFO read-write or read-only, to
216
avoid getting stuck with a FIFO that stays readable forever.
217
218
Bugfix: the cleanup service would terminate with a fatal
219
vstream_fseek() error when the queue file was too large.
220
221
Bugfix: the cleanup service could be killed by a signal
222
when the queue file became too large.
223
224
19980203
225
226
Portability: some systems have statfs(), some have statvfs(),
227
and the relevant include files are in a different place on
228
almost every system.
229
230
Portability: the makedefs script now nukes the -O compiler
231
flag when building on AIX with IBM's own compiler...
232
233
19980204
234
235
Portability: HP-UX 9.x support by Pieter Schoenmakers.
236
237
Portability: added SYSV-style ulimit() file size limit
238
support for HP-UX 9.x.
239
240
Portability: added some #includes that appeared to be
241
missing according to the Digital UNIX cc compiler.
242
243
Bugfix: sys_defs.h now correctly specifies NIS support for
244
LINUX2, HPUX9 and HPUX10.
245
246
Security: fixed a file descriptor leak in the local delivery
247
agent that could give shell commands access to the VMailer
248
IPC streams. This should not cause a vulnerability, given
249
the design and implementation of the mailer, but it would
250
be like asking for trouble.
251
252
Bugfix: the sendmail -B (body type) option did not take a
253
value.
254
255
19980205
256
257
Bugfix (SUNOS5): should not have deleted the SVID_GETTOD
258
definition from util/sys_defs.h.
259
260
Bugfix (HPUX9): forgot to specify whether to use statfs()
261
or statvfs().
262
263
Bugfix (HPUX9): don't try to raise the file size ulimit.
264
265
Bugfix (HPUX9): must specify file size limit in 512-blocks.
266
267
19980207
268
269
Robustness: the master process now raises the file size
270
limit when it is started with a limit that is less than
271
VMailer's file size limit. File: util/file_limit.c.
272
273
Security: the dns lookup routines now screen all result
274
names with valid_hostname(). Bad names are treated as
275
transient errors.
276
277
Feature: qmail compatibility: when the home_mailbox parameter
278
is set, mail is delivered to ~/$home_mailbox instead of to
279
/var[/spool]/mail/username. This hopefully makes it easier
280
to lure people away from qmail :-)
281
282
Robustness: several testers by accident configured relayhost
283
the same as myhostname. The programs now explicitly check
284
for this mistake.
285
286
Bugfix: deliver_request_read() would free unallocated memory
287
when it received an incomplete delivery request from the
288
queue manager.
289
290
Robustness: local_destination_concurrency=1 prevents parallel
291
delivery to the same user (with possibly disastrous effects
292
when that user has an expensive pipeline in the .forward
293
or procmail config file). Each transport can have its own
294
XXX_destination_concurrency parameter, to limit the number
295
of simultaneous deliveries to the same destination.
296
297
19980208
298
299
Robustness: added "slow open" mode, to gradually increase
300
the number of simultaneous connections to the same site as
301
long as delivery succeeds, and to gradually decrease the
302
number of connections while delivery fails. Brad Knowles
303
provided the inspiration to do this.
304
305
This also solves the "thundering herd" problem (making a
306
bunch of connections to a dead host when it was time to
307
retry that host). Let's see when other mailers fix this.
308
309
Feature: Added $smtpd_banner and $mail_version, for those
310
who want to show the world what software version they are
311
running.
312
313
Bugfix: vmailer-script now properly labels each syslog
314
entry.
315
316
19980210
317
318
Portability: merged in NEXTSTEP 3 port from Pieter Schoenmakers
319
320
Bugfix: the local delivery program now checks that a
321
destination is a regular file before locking it.
322
323
19980211
324
325
Robustness: the local delivery agent sets HOME, LOGNAME,
326
and SHELL when delivering to a user shell command. PATH is
327
always set, and TZ is passed through if it is set.
328
329
19980212
330
331
Feature: mailq (sendmail -bp) now also lists the maildrop
332
queue (with mail that hasn't been picked up yet).
333
334
19980213
335
336
Feature: the smtpd now says: 502 HELP not implemented. This
337
should impress the heck out of the competition :-)
338
339
19980214
340
341
Feature: local delivery to configurable system-wide command
342
(e.g. procmail) avoids the need for per-user ~/.forward
343
shell commands. Config parameter: mailbox_command.
344
345
19980215
346
347
Performance: avoid running a shell when a command contains
348
no shell magic characters or built-in shell commands. This
349
speeds up delivery to all commands. File: util/exec_command.c.
350
351
Bugfix: the local delivery agent, after reading EOF from
352
a child process, now sends SIGKILL only when the child does
353
not terminate within a limited amount of time. This avoids
354
some problems with procmail. File: util/timed_wait.c.
355
356
19980217
357
358
Portability: folded in NetInfo support from Pieter
359
Schoenmakers.
360
361
19980218
362
363
Feature: new vmlock command to run a command while keeping
364
an exclusive lock on a mailbox.
365
366
Feature: with "recipient_delimiter = +", mail for local
367
address "user+foo" is delivered to "foo", with a "Delivered-To:
368
user+foo@domain" message header. Files: qmgr/qmgr_message.c,
369
local/recipient.c. This must be the cheapest feature.
370
371
19980219
372
373
Code cleanup: moved error handling into functions that
374
should always succeed (non_blocking(), close_on_exec()).
375
376
19980223
377
378
Bugfix: null pointer bug in the cleanup program after
379
processing a From: header with no mail address (or with
380
only a comment).
381
382
19980226
383
384
Robustness: now detects when getpwnam() returns a name that
385
differs from the requested name.
386
387
Feature: Added %p support to the vbuf_print formatting
388
module.
389
390
Code cleanup: revamped the alias/include/.forward loop
391
detection and duplicate suppression code in the local
392
delivery agent. This must be the fourth iteration, and
393
again the code has been simplified.
394
395
19980228
396
397
Robustness: don't treat anything starting with whitespace
398
as a header record. Instead, explicitly test for leading
399
whitespace where we permit it. Files: global/is_header.c,
400
bounce/bounce_flush_service.c, local/delivered.c.
401
402
19980301
403
404
Compatibility: the sendmail program now accepts the -N
405
command-line option (delivery status notification) but
406
ignores it entirely, just like many other sendmail options.
407
408
Bugfix: dns_lookup.c was too conservative with buffer sizes
409
and would incorrectly report "malformed name server reply".
410
411
19980302
412
413
Bugfix: the local delivery agent was not null-byte clean.
414
415
19980307
416
417
Feature: integrated Pieter Schoenmaker's code for transport
418
lookup tables that list (transport, nexthop) by destination.
419
420
19980309
421
422
Bugfix: delivery agents no longer rename corrupt queue
423
files, because programs might fall over each other doing
424
so. Instead, when a delivery agent detects queue file
425
corruption, it chmods the queue file, simulates a soft
426
error, and lets the queue manager take care of the problem.
427
428
Bugfix: the SMTP server implemented VRFY incorrectly.
429
430
Feature: first shot at a pipe mailer, which can be used to
431
extend VMailer with external mail transports such as UUCP
432
(provided that the remote site understands domain addressing,
433
because VMailer version 1 does not rewrite addresses).
434
435
Cleanup: extended the master/child interface so that the
436
service name (from master.cf) is passed on to the child.
437
The pipe mailer needs the service name so it can look up
438
service-specific configuration parameters (privilege level,
439
recipient limit, time limit, and so on).
440
441
19980310-12
442
443
Cleanup: factored out the pipe_command() code, so it can
444
be shared between pipe mailer and local delivery agent.
445
446
19980314
447
448
Compatibility: the sendmail program now parses each
449
command-line recipient as if it were an RFC 822 message
450
header; some MUAs specify comma-separated recipients in a
451
command-line argument; and some MUAs even specify "word
452
word <address>" forms as command-line arguments.
453
454
19980315
455
456
Bugfix: VMailer's queue processing randomization wasn't
457
adequate for unloaded systems with small backlogs.
458
459
Bugfix: smtpd now uses double-buffered stream I/O to prevent
460
loss of input sent ahead of responses.
461
462
19980316
463
464
Bugfix: the smtpd anti-relay code didn't treat all hosts
465
listed in $mydestinations as local, so it would accept mail
466
only for hosts listed in $relay_domains (default: my own
467
domain).
468
469
Bugfix: smtpd now replies with 502 when given an unknown
470
command.
471
472
19980318
473
474
Cleanup: resolve/rewrite clients now automatically disconnect
475
after a configurable amount of idle time (ipc_idle).
476
477
19980322
478
479
Tolerance: VRFY now permits user@domain, even though the
480
RFC requires that special characters such as @ be escaped.
481
482
19980325
483
484
Bugfix: a recipient delimiter of "-" could interfere with
485
special addresses such as owner-xxx or double-bounce.
486
487
Tolerance: the SMTP client now permits blank lines in SMTP
488
server responses.
489
490
Tolerance: the SMTP client now falls back to SMTP when it
491
apparently mistook an SMTP server as ESMTP capable.
492
493
Bugfix: eliminated strtok() calls in favor of mystrtok().
494
Symptom: master.cf parsing would break if $inet_interfaces
495
was more than one word.
496
497
19980328
498
499
Bugfix: user->addr patterns in canonical and virtual tables
500
matched only $myorigin, not hosts listed in $mydestination
501
or addresses listed in $inet_interfaces. The man pages
502
were wrong too. File: global/addr_match.c.
503
504
19980401
505
506
Robustness: FIFO file permissions now default to 0622. On
507
some systems, opening a FIFO read-only could deafen the
508
pickup daemon. Only the listener end (which is opened as
509
root) needs read access anyway, so there should not be a
510
loss of functionality by making FIFOs non-readable for
511
non-mail processes.
512
513
19980402
514
515
Compatibility: sendmail -I and -c options added.
516
517
19980403
518
519
Feature: virtual lookups are now recursive. File:
520
qmgr/qmgr_message.c
521
522
19980405
523
524
Implemented sendmail -bs (stand-alone) mode. This mode runs
525
as the user and therefore deposits into the maildrop queue.
526
527
19980406
528
529
The pickup service now removes malformed maildrop files.
530
531
19980407
532
533
The pickup service now guards against maildrop files with
534
time stamps dated into the future.
535
536
19980408
537
538
Bugfix: in the canonical and virtual maps, foo->address
539
would match foo@$myorigin only. This has been fixed to also
540
match hosts listed in main.cf:$mydestination and the
541
addresses listed in main.cf:$inet_interfaces.
542
543
Bugfix: added double buffering support to the VMailer SMTP
544
server. This makes the SMTP server robust against SMTP
545
clients that talk ahead of time, and should have been in
546
there from day one.
547
548
19980409
549
550
Bugfix: the VMailer SMTP client now recognizes its own
551
hostname in the SMTP greeting banner only when that name
552
appears as the first word on the first line.
553
554
19980410
555
556
Feature: smtpd now logs the local queue ID along with the
557
client name/address, and pickup now logs the local queue
558
ID along with the message owner.
559
560
Bugfix: still didn't do virtual/canonical lookups right
561
(code used the non-case-folded key instead of the case
562
folded one).
563
564
19980418
565
566
Bugfix: the SMTP server did not flush the "250 OK queued
567
as XXXX" message from the SMTP conversation history.
568
569
19980419
570
571
Bugfix: qmgr would not notice that a malformed message has
572
multiple senders, and would leak memory (Tom Ptacek).
573
574
19980421
575
576
Portability: in the mantools scripts, the expr pattern no
577
longer has ^ at the beginning, and the scripts now use the
578
expand program instead of my own detab utility.
579
580
19980425
581
582
NetBSD 1.x patch by Soren S. Jorvang.
583
584
19980511
585
586
Feature: the SMTP server now logs the protocol (SMTP or
587
ESMTP) as part of the Received: header.
588
589
Feature: smtpd now logs the last command when a session is
590
aborted due to timeout, unexpected EOF, or too many client
591
errors.
592
593
19980514
594
595
Bugfix: the queue manager did not update the counter for
596
in-core message structures, so the in-core message limit
597
had no effect. This can be bad when you have a large backlog
598
with many messages eligible for delivery.
599
600
Robustness: the queue manager now also limits the total
601
number of in-core recipient structures, so that it won't
602
use excessive amounts of memory on sites that have large
603
mailing lists.
604
605
19980518
606
607
Bugfix: the SMTP client did not notice that the DNS client
608
received a truncated response. As a result, a backup MX
609
host could incorrectly claim that it was the best MX host
610
and declare a mailer loop.
611
612
Added start_msg/stop_msg entries to the vmailer startup
613
script, for easy installation.
614
615
Cleanup: VMailer databases are now explicitly specified as
616
type:name, for example, hash:/etc/aliases or nis:mail.aliases,
617
instead of implicitly as "files", "nis" and so on. Test
618
program: util/dict_open. This change allowed me to
619
eliminate a lot of redundant code from mkmap_xxx.c, and
620
from everything that does map lookups.
621
622
19980525
623
624
Bugfix: local/dotforward.c compared the result of opening
625
a user's ~/.forward against the wrong error value.
626
627
19980526
628
629
Bugfix: the smtpd VRFY command could look at free()d memory.
630
631
Robustness: the smtpd program had a fixed limit on the
632
number of token structures. The code now dynamically
633
allocates token structures.
634
635
Bugfix: the queue manager still used the deprecated parameter
636
name xxx_deliver_concurrency for concurrency control, but
637
the documentation talks about the preferred parameter name
638
xxx_destination_concurrency. Fix: try xxx_destination_concurrency
639
first, then fall back to xxx_deliver_concurrency.
640
641
19980621-19980702
642
643
Cleanup: the string read routines now report the last
644
character read or VSTREAM_EOF. This change is necessary
645
for the implementation of the long SMTP line bugfix.
646
647
Bugfix: the smtp server exited the DATA command prematurely
648
when the client sent long lines. Reason: the smtp server
649
did not remember that it broke long lines, so that '.'
650
could appear to be the first character on a line when in
651
fact it wasn't.
652
653
Bugfix: the queue manager made lots of stupid errors while
654
reading $qmgr_message_recipient_limit chunks of recipients
655
from a queue file. This code has been restructured.
656
657
19980706
658
659
Performance: the cleanup program now always adds return-receipt
660
and errors-to records to a queue file, so that the queue
661
manager does not have to plow through huge lists of
662
recipients.
663
664
Robustness: the initial destination concurrency now defaults
665
to 2, so that one bad message or one bad connection does
666
not stop all mail to a site. The configuration parameter
667
is called initial_destination_concurrency.
668
669
Performance: the per-message recipient limit is now enforced
670
by the queue manager instead of by the transport. Thus, a
671
large list of recipients for the same site is now mapped
672
onto several delivery requests which can be handled in
673
parallel, instead of being mapped onto one delivery request
674
that is sent to limited numbers of recipients, one group
675
after the other.
676
677
19980707
678
679
Cleanup: the queue manager now does an additional recipient
680
sort after the recipients have been resolved, so that the
681
code can do better aggregation of recipients by next hop
682
destination.
683
684
Feature: lines in the master.cf file can now be continued
685
in the same manner as lines in the main.cf file, i.e. by
686
starting the next line with whitespace.
687
688
Feature: the smtp client now warns that a message may be
689
delivered multiple times when the response to "." is not
690
received (the problem described in RFC 1047).
691
692
Cleanup: when the queue manager changes its little mind
693
after contacting a delivery agent (for example, it decides
694
to skip the host because a transport or host goes bad),
695
the delivery agent no longer complains about premature EOF.
696
File: global/deliver_request.c
697
698
19980709
699
700
Bugfix: when breaking long lines, the SMTP client did not
701
escape leading dots in secondary etc. line fragments. Fix:
702
don't break lines. This change makes VMailer line-length
703
transparent. Files: global/smtp_stream.c, smtp/smtp_proto.c.
704
705
19980712
706
707
Cleanup: the queue manager to deliver agent protocol now
708
distinguishes between domain-specific soft errors and
709
recipient-specific soft errors. Result: many soft errors
710
with SMTP delivery no longer affect other mail the same
711
domain.
712
713
19980713
714
715
Feature: the file modification time stamp of deferred queue
716
files is set to the nearest wakeup time of their recipient
717
hosts, or if delivery was deferred due to a non-host problem,
718
the time stamp is set into the future by the configurable
719
minimal backoff time.
720
721
Bugfix: the SMTP client and the MAILQ command would report
722
as message size the total queue file size. That would
723
grossly overestimate the size of a message with many
724
recipients.
725
726
Bugfix: the 19980709 fix screwed up locally-posted mail
727
that didn't end in newline.
728
729
19980714
730
731
Robustness: the makedefs script now defaults to no optimization
732
when compiling for purify.
733
734
19980715
735
736
Robustness: the makedefs script now defaults to no optimization
737
when compiling with gcc 2.8, until this compiler is known
738
to be OK.
739
740
Workaround: when sending multiple messages over the same
741
SMTP connection, some SMTP servers need an RSET command
742
before the second etc. MAIL FROM command. The VMailer SMTP
743
client now sends a redundant RSET command just in case.
744
745
The queue manager now logs explicitly when delivery is
746
deferred because of a "dead" message transport.
747
748
19980716
749
750
Feature: mailq and mail bounces now finally report why mail
751
was deferred (the reason was logged to the syslog file
752
only). Changes were made to the bounce service (generalized
753
to be usable for defer logs), showq service (to show reasons)
754
and the queue manager.
755
756
As a result the defer directory (with one log per deferred
757
message) may contain many files; also, this directory is
758
accessed each time a message is let into the active queue,
759
in order to delete its old defer log. This means that hashed
760
directories are now a must.
761
762
19980718-20
763
764
Feature: configurable timeout for establishing smtp
765
connections. Parameter: smtp_connect_timeout (default 0,
766
which means use the timeout as wired into the kernel).
767
Inspired by code from Lamont Jones. For a clean but far
768
from trivial implementation, see util/timed_connect.c
769
770
Cleaned up the interfaces that implement read/write deadlines.
771
Instead of returning -2, the routines now set errno to
772
ETIMEDOUT; the readable/writable tests are now separate.
773
774
19980722
775
776
Feature: the default indexed file type (hash, btree, dbm)
777
is now configurable with the "database_type" parameter.
778
The default value for this parameter is system specific.
779
780
Feature: selectively turn on verbose logging for hosts that
781
match the patterns specified via the "debug_peer_list"
782
config parameter. Syntax is like the "bad_smtp_clients"
783
parameter (see global/peer_list.c). The verbose logging
784
level is specified with "debug_peer_level" (default 2).
785
786
Security: the local delivery agent no longer delivers to
787
files that have execute permission enabled.
788
789
19980723
790
791
Workarounds for Solaris 2.x UNIX-domain sockets: they lose
792
data when you close them immediately after writing to them.
793
This could screw up the delivery agent to queue manager
794
protocol.
795
796
19980724
797
798
Cleanup: spent most of the day cleaning up queue manager
799
code that defers mail when a site or transport dies, and
800
fixed a few obscure problems in the process.
801
802
19980726
803
804
Feature: the admin can now configure what classes of problems
805
result in mail to the postmaster. Configuration parameter:
806
"notify_classes". Default is backwards compatible: bounce,
807
policy, protocol, resource, and software.
808
809
19980726-28
810
811
Feature: the admin can now configure what smtp server access
812
control restrictions must be applied, and in what order.
813
Configuration parameters: smtpd_client_restrictions,
814
smtpd_helo_restrictions, smtpd_mail_restrictions and
815
smtpd_rcpt_restrictions. Defaults are intended to be
816
backwards compatible. The bad_senders and bad_clients lists
817
are gone and have become db (dbm, nis, etc) maps. Files:
818
smtpd/smtpd_check.c, config/main.cf.
819
820
19980729-31
821
822
Feature: hashed queues. Rewrote parts of the mail queue
823
API. Configuration parameters: "hash_queue_names" specifies
824
what queue directories will be hashed (default: the defer
825
log directory), "hash_queue_depth" specifies the number of
826
subdirectories used for hashing (default 2).
827
828
19980802
829
830
Bugfix: the pipe mailer should expand command-line arguments
831
with $recipient once for every recipient (producing one
832
command-line argument per recipient), instead of replacing
833
$recipient by of all recipients (i.e. producing only one
834
command-line argument). This is required for compatibility
835
with programs that expect to be run from sendmail, such as
836
uux. Thanks to Ollivier Robert for helping me to get this
837
right.
838
839
Code cleanup: for the above, cleaned up the macro expansion
840
code in dict.c and factored out the parsing into a separate
841
module, mac_parse.c.
842
843
19980803
844
845
"|command" and /file/name destinations in alias databases
846
are now executed with the privileges of the database owner
847
(unless root or vmailer). Thus, with: "alias_maps =
848
hash:/etc/aliases, hash:/home/majordomo/aliases", and with
849
/home/majordomo/aliases* owned by the majordomo account,
850
you no longer need the majordomo set-uid wrapper program,
851
and you no longer need root privileges in order to install
852
a new mailing list.
853
854
19980804
855
856
Added support for the real-time blackhole list. Example:
857
"client_restrictions = permit_mynetworks, reject_maps_rbl"
858
859
All SMTP server "reject" status codes are now configurable:
860
unknown_client_reject_code, mynetworks_reject_code,
861
invalid_hostname_reject_code, unknown_hostname_reject_code,
862
unknown_address_reject_code, relay_domains_reject_code,
863
access_map_reject_code, maps_rbl_reject_code. Default values
864
are documented in the smtpd/smtpd_check.c man page.
865
866
19980806-8
867
868
Code cleanup: after eye balling line-by line diffs, started
869
deleting code that duplicated functionality because it was
870
at the wrong abstraction level (smtp_trouble.c), moved
871
functionality that was in the wrong place (dictionary
872
reference counts in maps.c instead of dict.c), simplified
873
code that was too complex (password-file structure cache)
874
and fixed some code that was just wrong.
875
876
19980808
877
878
Robustness: the number of queue manager in-core structures
879
for dead hosts is limited; the limit scales with the limit
880
on the number of in-core recipient structures. The idea is
881
to not run out of memory under conditions of stress.
882
883
19980809
884
885
Feature: mail to files and commands can now be restricted
886
by class: alias, forward file or include file. The default
887
restrictions are: "allow_mail_to_files = alias, forward"
888
and allow_mail_to_commands = alias, forward". The idea is
889
to protect against buggy mailing list managers that allow
890
intruders to subscribe /file/name or "|command".
891
892
19980810-12
893
894
Cleanup: deleted a couple hundred lines of code from the
895
local delivery agent. It will never be a great program;
896
sendmail compatibility is asking a severe toll.
897
898
19980814
899
900
Cleanup: made the program shut up about some benign error
901
conditions that were reported by Daniel Eisenbud.
902
903
19980814-7
904
905
Documentation: made a start of HTML docs that describe all
906
configuration parameters.
907
908
Feature: while documenting things, added smtpd_helo_required.
909
910
19980817
911
912
Bugfix: at startup the queue manager now updates the time
913
stamps of active queue files some time into the future.
914
This eliminates duplicate deliveries after "vmailer reload".
915
916
Bugfix: the local delivery agent now applies the recipient
917
delimiter after looking in the alias database, instead of
918
before.
919
920
Documentation bugfixes by Matt Shibla, Tom Limoncelli,
921
Eilon Gishri.
922
923
19980819
924
925
GLIBC fixes from Myrdraal.
926
927
Bugfix: applied showq buffer reallocation workaround in
928
the wrong place.
929
930
Bugfix: can't use shorts in varargs lists. SunOS 4 has
931
short uid_t and gid_t. pipe_command() would complain.
932
933
Bugfix: can't use signed char in ctype macros. All ctype
934
arguments are now casted to unsigned char. Thanks, Casper
935
Dik.
936
937
19980820
938
939
Bugfix: save the alias lookup result before looking up the
940
owner. The previous alpha release did this right.
941
942
Cleanup: mail_trigger() no longer complains when the trigger
943
FIFO or socket is unavailable. This change is necessary to
944
shut up the sendmail mail posting program, so that it can
945
be used on mail clients that mount their maildrop via NFS.
946
947
Experiment: pickup and pipe now run as vmailer most of the
948
time, and switch to user privileges only temporarily.
949
Files: util/set_eugid.c global/pipe_command.c pipe/pipe.c
950
pickup/pickup.c. Is this more secure/ What about someone
951
manipulating such a process while not root? It still has
952
ruid == 0.
953
954
19980822
955
956
Portability: with GNU make, commands such as "(false;true)"
957
and "while :; do false; done" don't fail. Workaround: use
958
"set -e" all over the place. Problem found by Jeff Wolfe.
959
960
Feature: "check_XXX_access maptype:mapname" (XXX = client,
961
helo, sender, recipient). Now you can make recipient and
962
other SPAM restrictions dependent on client or sender access
963
tables lookup results.
964
965
19980823
966
967
Bugfix: smtpd access table lookup keys were case sensitive.
968
969
Added "permit" and "reject" operators. These are useful at
970
the end of SPAM restriction lists (smtpd_XXX_restrictions).
971
972
Added a first implementation of the permit_mx_backup SPAM
973
restriction. This permits mail relaying to any domain that
974
lists this mail system as an MX host (including mail for
975
the local machine). Thanks to Ollivier Robert for useful
976
discussions.
977
978
19980824
979
980
Bugfix: transport table lookup keys were case sensitive.
981
982
19980825
983
984
Portability: sa_len is some ugly #define on some SGI systems,
985
so we must rename identifiers (file util/connect.c).
986
987
Bugfix: uucp delivery errors are now sent to the sender.
988
Thanks, Mark Delany.
989
990
Bugfix: the pipe delivery agent now replaces empty sender
991
by the mailer daemon address. Mark Delany, again.
992
993
Portability: GNU getopt looks at all command-line arguments.
994
Fix: insert -- into the pipe/uucp definition in master.cf.
995
996
Bugfix: the smtp server command tokenizer silently discarded
997
the [] around [text], so that HELO [x.x.x.x] was read as
998
if the client had sent: HELO x.x.x.x. Thanks, Peter Bivesand.
999
1000
Bugfix: the HELO unknown hostname/bad hostname restrictions
1001
would have treated [text] as a domain name anyway.
1002
1003
Bugfix: the $local_duplicate_filter_limit value was not
1004
picked up by the local delivery agent. This means the local
1005
delivery agent could run out of memory on large mailing
1006
list deliveries.
1007
1008
19980826
1009
1010
Performance: mkmap/mkalias now run with the same speed as
1011
sendmail. VMailer now uses a 4096-entry cache with 1 Mbyte
1012
of memory for DB lookups. File: util/dict_db.c.
1013
1014
19980902
1015
1016
Robustness: the reject_unknown_hostname restriction for
1017
HELO/EHLO hostnames will now permit names that have an MX
1018
record instead of an A record.
1019
1020
19980903
1021
1022
Feature: appending @$myorigin to an unqualified address is
1023
configurable with the boolean append_at_myorigin parameter
1024
(default: yes).
1025
1026
Feature: appending .$mydomain to user@host is configurable
1027
with the boolean append_dot_mydomain parameter (default:
1028
yes).
1029
1030
Feature: site!user is rewritten to user@site, under control
1031
of the boolean parameter swap_bangpath (default: yes).
1032
1033
Feature: permit a naked IP address in HELO commands (i.e.
1034
an address without the enclosing [] as required by the
1035
RFC), by specifying "permit_naked_ip_address" as one of
1036
the restrictions in the "smtpd_helo_restrictions" config
1037
parameter.
1038
1039
19980904
1040
1041
Code cleanup: when an SMTP client aborts a session after
1042
sending MAIL FROM, the cleanup service no longer warns that
1043
it is "skipping further client input". Files: cleanup/*.c.
1044
Thanks, Daniel Eisenbud, for prodding.
1045
1046
Code cleanup: when an SMTP server disconnects in the middle
1047
of a session, don't try to send QUIT over the non-existing
1048
connection. Files: global/smtp_stream.c, smtp/smtp.c.
1049
Thanks, Daniel Eisenbud, for prodding, again.
1050
1051
Code cleanup: the VMailer version number has moved from
1052
mail_params.h (which is included by lots of modules) to a
1053
separate file global/mail_version.h, so that a version
1054
change no longer results in massive recompilation.
1055
1056
Bugfix: Errors-To was flagged as a sender address, so the
1057
address never was picked up.
1058
1059
Code cleanup: support for Errors-To: headers completed.
1060
1061
19980905
1062
1063
Feature: per-message exponential delivery backoff, by
1064
looking at the amount of time a message has been queued.
1065
Thanks, Mark Delany.
1066
1067
19980906
1068
1069
Code cleanup: ripped out the per-host exponential backoff
1070
code. It was broken by 19980818. It was probably a bad idea
1071
anyway, because it required per-host, in-core, state kept
1072
by the queue manager. All we do now is to keep state for
1073
$minimal_backoff_time seconds, but only for a limited number
1074
of hosts. Daniel Eisenbud spotted the problem.
1075
1076
Lost feature: the SMTP session transcripts now show who
1077
said what. This feature was inadvertently dropped during
1078
development. Thanks, Daniel Eisenbud, for reminding.
1079
1080
Documentation: the hard-coded rewriting process of the
1081
trivial-rewrite program is described in html/rewrite.html.
1082
1083
Feature: the local delivery agent now does alias lookups
1084
before and after chopping off the recipient subaddress.
1085
This allows you to forward user-anything to another user,
1086
without losing the ability to redirect specific user-foo
1087
addresses.
1088
1089
19980909
1090
1091
Feature: the smtp client now logs a warning that a server
1092
sends a greeting banner with the client's hostname, which
1093
could imply a mailer loop.
1094
1095
19980910
1096
1097
Feature: separate canonical maps for sender and recipient
1098
address rewriting, so that you can rewrite an ugly sender
1099
address and still forward mail to that same ugly address
1100
without creating a mailer loop. Files: cleanup_envelope.c,
1101
cleanup_message.c, cleanup_rewrite.c.
1102
1103
19980911
1104
1105
Feature: virtual maps now support multiple addresses on
1106
the right-hand side. In the case of virtual domains this
1107
can eliminate the need for address expansion via local
1108
aliases, making virtual domains much easier to administer.
1109
This required that I moved the virtual table lookups from
1110
the queue manager to the cleanup service, so that every
1111
recipient has an on-disk status record. Files: qmgr.c,
1112
qmgr_message.c, cleanup_envelope.c, cleanup_rewrite.c,
1113
cleanup_virtual.c.
1114
1115
Feature: sendmail/mailq/newaliases pass on the -v flag to
1116
the program that they end up running, to make debugging a
1117
little easier.
1118
1119
19980914
1120
1121
Bugfix: some anti-spam measures didn't recognize some
1122
addresses as local and would do too much work. File:
1123
smtpd_check.c.
1124
1125
Bugfix: the smtp sender/recipient table lookup restriction
1126
destroyed global data, so that other restrictions could
1127
break. File: smtpd_check.c.
1128
1129
Bugfix: after vmailer reload, single-threaded servers could
1130
exit before flushing unwritten data to the client. Example:
1131
cleanup would exit before acking success to pickup, so the
1132
message would be delivered twice. Bug reported by Brian
1133
Candler.
1134
1135
Cleanup: removed spurious error output from vmailer-script.
1136
Reported by Brian Candler.
1137
1138
Tolerance: ignore non-numeric SMTP server responses. There's
1139
lot of brain damage out there on the net.
1140
1141
19980915
1142
1143
Feature: the smtp-sink benchmark tool now announces itself
1144
with a neutral name so that it can be run on the same
1145
machine as VMailer, without causing Postfix to complain
1146
about a mailer loop.
1147
1148
Robustness: on LINUX, vmailer-script now does chattr +S to
1149
force synchronous directory updates. Fix developed with
1150
Chris Wedgwood.
1151
1152
19980916
1153
1154
Bugfix: when transforming an RFC 822 address to external
1155
form, there is no need to quote " characters in comments.
1156
This didn't break anything, it just looked ugly. File:
1157
global/tok822_parse.c
1158
1159
19980917
1160
1161
Workaround: with deliveries to /file/name, use fsync() and
1162
ftruncate() only on regular files. File: local/file.c
1163
1164
Workaround: the plumbing code in master_spawn.c didn't
1165
check if it was dup2()/close()ing a descriptor to itself
1166
then closing it. Will have to redo the plumbing later.
1167
1168
19980918
1169
1170
Workaround: on multiprocessor Solaris machines, one-second
1171
rollover appears to happen on different CPUs at slightly
1172
different times. Made the queue manager more tolerant for
1173
such things. Problem reported by Daniel Eisenbud.
1174
1175
Workaround: in preparation for deployment with a network-shared
1176
maildrop directory. make pickup more tolerant against clock
1177
drift between clients and servers.
1178
1179
19980921
1180
1181
New vstream_popen() module that opens a two-way channel
1182
across a socketpair-based pipe. This module isn't being
1183
used yet; it is here only to complete the vstream code.
1184
1185
19980922
1186
1187
Code cleanup: the xxx_server_main() interface for master
1188
child processes now uses a name-value argument list instead
1189
of an ugly and inflexible data structure.
1190
1191
Bugfix: moved the test if a non-interactive process is run
1192
by hand, so that the "don't do this" error message can be
1193
printed to stderr before any significant processing.
1194
1195
Bugfix: smtpd now can talk to unix-domain sockets without
1196
bailing out on a peer lookup problem. Files: smtpd/smtpd.c,
1197
util/peer_name.c.
1198
1199
Safety: by default, the postmaster is no longer informed
1200
of protocol problems, policy violations or bounces.
1201
1202
Safety: the SMTP server now sleeps before sending a [45]xx
1203
error response, in order to prevent clients from hammering
1204
the server with a connect/error/disconnect loop. Parameter:
1205
smtpd_error_sleep_time (default: 5).
1206
1207
Feature: the logging facility is compile-time configurable
1208
(e.g., make makefiles "CCARGS=-DLOG_FACILITY=LOG_LOCAL1").
1209
1210
19980923
1211
1212
Bugfix: changed virtual/canonical map search order from
1213
(user@domain, @domain, user) to (user@domain, user, @domain)
1214
so the search order is most specific to least specific.
1215
File: global/addr_map.c, lots of documentation.
1216
1217
Bugfix: after the change of 19980910, cleanup_message
1218
extracted recipients from Reply-To: etc. headers. Found
1219
by Lamont Jones.
1220
1221
19980925
1222
1223
Bugfix: the change in virtual/canonical map search order
1224
broke @domain entries; they would never be looked up if
1225
the address matched $myorigin or $mydestinations. Found by
1226
Chip Christian who now regrets asking for the change.
1227
1228
Bugfix: cleanup initialized an error mask incorrectly, so
1229
that it would keep writing to a file larger than the queue
1230
file size limit, and so it would treat the error as a
1231
recoverable one instead of sending a bounce. Thanks, Pieter
1232
Schoenmakers.
1233
1234
Bugfix: the "queue file cleanup on fatal error" action was
1235
no longer enabled in the sendmail mail posting agent.
1236
1237
Feature: the sendmail mail posting program now returns
1238
EX_UNAVAILABLE when the size of the input exceeds the queue
1239
file size limit. NB THIS CHANGE HAS BEEN WITHDRAWN.
1240
1241
19980926
1242
1243
Code cleanup: the dotlock file locking routine is no longer
1244
derived from Eric Allman's 4.3BSD port of mail.local.
1245
1246
Code cleanup: the retry strategy of the file locking routines
1247
dot_lockfile() and deliver_flock() is now configurable
1248
(deliver_flock_attempts, deliver_flock_delay, deliver_flock_stale).
1249
1250
Code cleanup: the master.pid lock file is now created with
1251
symlink paranoia, and is properly locked so that PID rollover
1252
will not cause false matches.
1253
1254
Bugfix: the vbuf_print() formatting engine did not know
1255
about the '+' format specifier.
1256
1257
Cleanup: replaced unnecessary instances of stdio calls by
1258
vstream ones.
1259
1260
19980929-19981002
1261
1262
Compatibility: added support for "sendmail -q". This required
1263
a change to the queue manager trigger protocol, and a code
1264
reorganization of the way queue scans were done. The queue
1265
manager socket now has become public.
1266
1267
19981002
1268
1269
SMTPD now logs "lost connection after end-of-message"
1270
instead of "lost connection after DATA".
1271
1272
19981005
1273
1274
More bullet proofing: timeouts on all triggers.
1275
1276
19981006
1277
1278
Bugfix: make the number of cleanup processes unlimited, in
1279
order to avoid deadlock. The number of instances needed is
1280
one per smtp/pickup process, and an indeterminate number
1281
per local delivery agent. Thanks, Thanks, David Miller and
1282
Terry Lorrah for cleueing me in.
1283
1284
Bugfix: "sendmail -t" extracted recipients weren't subjected
1285
to virtual mapping. Daniel Eisenbud strikes again.
1286
1287
19981007
1288
1289
Compatibility: if the first input line ends in CRLF, the
1290
sendmail posting agent will treat all CRLF as LF. Otherwise,
1291
CRLF is left alone. This is a compromise between sendmail
1292
compatibility (all lines end in CRLF) and binary transparency
1293
(some, but not all, lines contain CRLF).
1294
1295
19981008
1296
1297
Robustness: stop recursive virtual expansion when the
1298
left-hand side appears in its own expansion.
1299
1300
19981009
1301
1302
Portability: trigger servers such as pickup and qmgr can
1303
now use either FIFOs or UNIX-domain sockets; hopefully at
1304
least one of them works properly. Trigger clients were
1305
already capable of using either form of local IPC.
1306
1307
19981011
1308
1309
Feature: masquerading. Strip subdomains from domains listed
1310
in $masquerade_domains. Exception: envelope recipients are
1311
left alone, in order to not screw up routing.
1312
1313
19981015
1314
1315
Code cleanup: moved the recipient duplicate filter from
1316
the user-level sendmail posting agent to the semi-resident
1317
cleanup service, so that the filter operates on the output
1318
from address canonicalization and of virtual expansion,
1319
instead of operating on their inputs.
1320
1321
19981016
1322
1323
Bugfix: after kill()ing a bunch of child processes, wait()
1324
sometimes fails before all children have been reaped, and
1325
must be called again, or the master will SIGSEGV later.
1326
Problem reported by Scott Cotton.
1327
1328
Workaround: don't log a complaint when an SMTP client goes
1329
away without sending QUIT.
1330
1331
19981018
1332
1333
Workaround: Solaris 2.5 ioctl SIOCGIFCONF returns a hard
1334
error (EINVAL) when the result buffer is not large enough.
1335
This can happen on systems with many real or virtual
1336
interfaces. File: util/inet_addr_local.c. Problem reported
1337
by Scott Cotton.
1338
1339
Workaround: the optional HELO/EHLO hostname syntax check
1340
now allows a single trailing dot.
1341
1342
Workaround: with UNIX-domain sockets, LINUX connect() blocks
1343
until the server calls accept(). File: qmgr/qmgr_transport.c.
1344
Terry Lorrah and Scott Cotton provided the necessary
1345
evidence.
1346
1347
19981020
1348
1349
Robustness: recursive canonical mapping terminates when
1350
the result stops changing.
1351
1352
Code cleanup: reorganized the address rewriting and mapping
1353
code in the cleanup service, to make it easier to implement
1354
the previous enhancement.
1355
1356
19981022
1357
1358
Code cleanup: more general queue scanning programming
1359
interface, in preparation for hashed queues. File:
1360
qmgr/qmgr_scan.c.
1361
1362
Bugfix: a non-FIFO server with a process limit of 1 has a
1363
too short listen queue. Until now this was not a problem
1364
because only FIFO servers had a process limit of 1, and
1365
FIFOs have no listen queue. Fix: always configure a listen
1366
queue of proc_limit or more. File: master/master_listen.c.
1367
1368
19981023
1369
1370
Feature: by popular request, mail delay is logged when
1371
delivering, bouncing or deferring mail.
1372
1373
19981024
1374
1375
Cleanup: double-bounce mail is now absorbed by the queue
1376
manager, instead of the local delivery agent, so that the
1377
mail system will not go mad when no local delivery agent
1378
is configured.
1379
1380
19981025
1381
1382
Cleanup: moved the relocated table from the local delivery
1383
agent to the queue manager, so that the table can also be
1384
used for virtual addresses.
1385
1386
Code reorg: in order for the queue manager to absorb
1387
recipients, the queue file has to stay open until all
1388
recipients have been assigned to a destination queue.
1389
1390
19981026
1391
1392
vmlogger command, so that vmailer-script logging becomes
1393
consistent with the rest of the VMailer system.
1394
1395
Code reorg: logger interface now can handle multiple output
1396
handlers (e.g. syslog and stderr stream).
1397
1398
Bugfix: a first line starting with whitespace is no longer
1399
treated as an extension of our own Received: header. Files:
1400
smtpd/smtpd.c, pickup/pickup.c.
1401
1402
19981027
1403
1404
Bugfix: the bang-path swapping code went into a loop on an
1405
address consisting of just a single !. Eilon Gishri had
1406
the privilege of finding this one.
1407
1408
Workaround: the non-blocking UNIX-domain socket connect is
1409
now enabled only on systems that need it. It may cause
1410
kernel trouble on Solaris 2.x.
1411
1412
Bugfix: the resolver didn't implement bangpath swapping,
1413
so that mail for site!user@mydomain would be delivered to
1414
a local user named "site!user".
1415
1416
19981028
1417
1418
Cleanup: a VSTREAM can now use different file descriptors
1419
for reading and writing. This was necessary to prevent
1420
"sendmail -bs" and showq from writing to stdin. Eilon Gishri
1421
observed the problem.
1422
1423
19981029
1424
1425
The RFC 822 address manipulation routines no longer give
1426
special attention to 8-bit data. Files: global/tok822_parse.c,
1427
global/quote_822_local.c.
1428
1429
Bugfix: host:port and other non-domain stuff is no longer
1430
allowed in mail addresses. File: qmgr/qmgr_message.c.
1431
1432
Workaround: LINUX accept() wakes up before the three-way
1433
handshake is complete, so it can fail with ECONNRESET.
1434
Files: master/single_server.c, master/multi_server.c.
1435
1436
Feature: when delivering to user+foo, try ~user/.forward+foo
1437
before trying ~user/.forward.
1438
1439
Bugfix: smtpd in "sendmail -bs" (stand-alone) mode didn't
1440
clean up when terminated by a signal.
1441
1442
Bugfix: smtpd in "sendmail -bs" (stand-alone) mode should
1443
not try to enforce spam controls because it cannot access
1444
the address rewriting machinery.
1445
1446
Cleanup: the percent hack (user%domain -> user@domain) is
1447
now configurable (allow_percent_hack, default: yes).
1448
1449
Bugfix: daemons in -S (stand-alone) mode didn't change
1450
directory to the queue. This was no problem with daemons
1451
run by the sendmail compatibility program.
1452
1453
19981030
1454
1455
Feature: when virtual/canonical/relocated lookup fails for
1456
an address that contains the optional recipient delimiter
1457
(e.g., user+foo@domain), the search is done again with the
1458
unextended address (e.g., user@domain). File: global/addr_find.c.
1459
1460
Code reorg: the address searching is now implemented by a
1461
separate module global/addr_find.c, so that the same code
1462
can be used for both (non-mapping) relocated table lookups
1463
and for canonical and virtual mapping. The actual mapping
1464
is still done in the global/addr_map.c module.
1465
1466
Robustness: the SMTP client now skips hosts that don't send
1467
greeting banner text. File: smtp/smtp_connect.c
1468
1469
Feature: preliminary support to disable delivered-to. This
1470
is desirable for mailing list managers that don't want to
1471
advertise internal aliases.
1472
1473
Generic support: when the recipient_feature_delimiter
1474
configuration parameter is set, the local delivery agent
1475
uses it to split the recipient localpart into fields. Any
1476
field that has a known name such as "nodelivered" enables
1477
the corresponding delivery feature.
1478
1479
19981031
1480
1481
Code reorg: address splitting on recipient delimiter is
1482
now centralized in global/split_addr.c, which knows about
1483
all reserved names that should never be split.
1484
1485
Robustness: when a request for an internal service cannot
1486
be satisfied because the master has terminated, terminate
1487
instead of trying to reach the service every 30 seconds.
1488
1489
Safety: the local delivery agent now runs as vmailer most
1490
of the time, just like pickup and pipe. Files: local/local.c,
1491
local/mailbox.c
1492
1493
19981101
1494
1495
Compatibility: the tokenizer for alias/forward/etc.
1496
expansion now updates an optional counter with the number
1497
of destinations found; If no destinations is found in a
1498
.forward file, deliver to the mailbox instead. Thanks,
1499
Daniel Eisenbud, for showing the way to go.
1500
1501
Robustness: the pickup daemon should always include a
1502
posting-time record, even when the sendmail posting agent
1503
didn't. However, just like before, user-provided posting
1504
times will be ignored. Ollivier Robert found this one.
1505
1506
Robustness: duplicate entries in aliases or maps now cause
1507
a warning instead of a fatal error (and an incomplete file).
1508
1509
Robustness: mkmap now prints a warning when an entry is in
1510
"key: value" format, which is the format expected for alias
1511
databases, not for maps.
1512
1513
Portability: on LINUX, prepend "+" to the getopt() options
1514
string so that getopt() will stop at the first non-option
1515
argument. Suggestion by Marco d'Itri.
1516
1517
19981103
1518
1519
Cleaned up the set_eugid() and open_as() implementations,
1520
and added stat_as() and fstat_as() so that the local delivery
1521
agent would look up include files and .forward files with
1522
the right privileges.
1523
1524
19981104
1525
1526
Bugfix: the :include: routine now stat()s/open()s files
1527
included by root-owned aliases as root, not as nobody.
1528
1529
Bugfix: the master crashed when a service with wakeup timer
1530
was disabled or renamed. Fix: eliminate some pathological
1531
coupling between process management and wakeup management.
1532
1533
Feature: partial implementation of ETRN (causes a full
1534
deferred queue scan). Thanks Lamont Jones for reminding me
1535
that things can be useful already before they are perfect.
1536
1537
Cleanup: simplified the SMTPD tokenizer.
1538
1539
Bugfix: sendmail -bs didn't properly notify the mail system
1540
of new mail.
1541
1542
Compatibility: the MAIL FROM and RCPT TO commands now accept
1543
the most common address forms without enclosing <>. The <>
1544
is still needed for addresses that contain a "string", an
1545
[address], or a colon (:).
1546
1547
19981105
1548
1549
Bugfix: "master -t" would claim that the master runs when
1550
in fact the pid directory does not exist, causing trouble
1551
with first time startup (reported by several).
1552
1553
Portability: added a sane_accept() module that maps all
1554
beneficial accept() error results to EAGAIN. According to
1555
private communication with Alan Cox, Linux 2.0.x accept()
1556
can return a variety of error conditions, so we play safe
1557
and allow for any error that may happen because SYN+ACK
1558
could not be sent.
1559
1560
Portability: NETBSD1 uses dotlock files (Perry Metzger).
1561
1562
Bugfix: the local delivery agent did not canonicalize
1563
owner-foo sender addresses, so that local users would see
1564
owner-foo instead of owner-foo@$myorigin (Perry Metzger).
1565
1566
OPENSTEP4 support, similar to NEXTSTEP3 (Gerben Wierda).
1567
1568
19981106
1569
1570
Portability: the master startup would take a long time on
1571
AIX because AIX has a very large per-process open file
1572
limit. Fix is to check the status of only the first couple
1573
hundred file descriptors instead. File: master/master.c.
1574
1575
Bugfix: mail to user@[net.work.addr.ess] was broken because
1576
of a reversed test. File: qmgr/qmgr_message.c.
1577
1578
19981107
1579
1580
Compatibility: don't clobber the envelope sender address
1581
when an alias has no owner-foo alias (problem diagnosed by
1582
Christophe Kalt).
1583
1584
Bugfix: mail to local users in include files would be
1585
delivered directly if the alias didn't have an owner-foo
1586
alias, and if the alias database and include file were
1587
owned by root.
1588
1589
Feature: with user+foo addresses, any +foo address extension
1590
that is not explicitly matched in canonical, virtual or
1591
alias databases is propagated to the table lookup result.
1592
1593
19981108
1594
1595
Bugfix: minor memory leak in the user+foo table lookup
1596
code.
1597
1598
Configurability: specify virtual.domain in the virtual map,
1599
and mail for unknown@virtual.domain will bounce automatically.
1600
The $relay_domains default value now includes $virtual_maps,
1601
so the SMTP server will accept mail for the domain. Marco
1602
d'Itri put me on the right track.
1603
1604
Configurability: The mydestinations configuration parameter
1605
now accepts /file/name expressions and type:name lookup
1606
tables.
1607
1608
Code cleanup: in order to make the previous two enhancements
1609
possible, revised the string/host/address matching engine
1610
so it can handle any mixture of strings, /file/name patterns
1611
and type:name lookup tables. Files: util/match_{list,ops}.c,
1612
global/{domain,namadr,string}_list.c.
1613
1614
19981110
1615
1616
Code cleanup: replaced remaining isxxx() calls by ISXXX().
1617
1618
19981111
1619
1620
Bugfix: the "bounce unknown virtual user" code was in the
1621
wrong place. Problem tackled with help of Chip Christian.
1622
1623
Portability: reportedly, Solaris 2.5.1 can hang waiting
1624
for a UNIX-domain connection to be accepted, so it gets
1625
the same workaround that was designed for LINUX. Problem
1626
reported by Scott Cotton.
1627
1628
19981112
1629
1630
Management: "vmailer stop" now allows delivery agents to
1631
finish what they are doing, like "vmailer reload".
1632
1633
Management; "vmailer abort" causes immediate termination.
1634
1635
Workaround: zombie processes pile up with HP-UX. Reason:
1636
select() does not return upon SIGCHLD when SA_RESTART is
1637
specified to sigaction(). Workaround: shorten the select()
1638
timer to 10 seconds, #ifdef BRAINDEAD_SELECT_RESTARTS.
1639
Thanks, Lamont Jones.
1640
1641
19981117
1642
1643
Rename: VMailer is now Postfix. Sigh.
1644
1645
19981118
1646
1647
Cleanup: generalized the safe_open() routine so that it is
1648
no longer limited to mailbox files, lock files, etc.
1649
1650
Bugfix (found during code review): vstream*printf() could
1651
run off the end of a stream buffer after an I/O error,
1652
because vbuf_print() ignored the result from VBUF_SPACE().
1653
1654
Bugfix (found during code review): resolve_local() could
1655
clobber its argument, but the docs didn't say so.
1656
1657
19981121
1658
1659
Cleanup: the is_header() routine now allows 8-bit data in
1660
header labels.
1661
1662
19981123
1663
1664
Bugfix (found during code review): the mail_queue_enter()
1665
path argument wasn't optional. File: global/mail_queue.c
1666
1667
19981124
1668
1669
Cleanup: eliminated redundant tests for a zero result from
1670
vstream_fdopen(). Unlike the stdio fdopen() routine, the
1671
vstream_fdopen() routine either succeeds or never returns.
1672
1673
Bugfix: the queue manager now looks at the clock before
1674
examining a file time stamp, to avoid spurious complaints
1675
about time warps on busy machines. File: qmgr/qmgr_active.c.
1676
1677
19981125
1678
1679
Compatibility: allow trailing dot at the end of user@domain.
1680
Address canonicalization now strips it off. Issue brought
1681
forward by Eilon Gishri. File: trivial-rewrite/rewrite.c.
1682
1683
Robustness: changed DNS lookup order of MAIL FROM etc.
1684
domains from MX then A to A then MX, just in case the MX
1685
lookup fails with a server error.
1686
1687
Renamed vmcat, vmlock, vmlogger, vmtrigger to postcat,
1688
postlock, postlog, postkick. Also renamed mkmap and mkalias
1689
to postmap and postalias.
1690
1691
19981126
1692
1693
Workaround: Lamont Jones found a way for HP-UX to terminate
1694
select() after SIGCHLD. The code is #ifdef USE_SIG_RETURN.
1695
Files: util/sys_defs.h, master/master_sig.c.
1696
1697
Bugfix: the Delivered-To: loop detection code had stopped
1698
working, when long ago the is_header() routine was changed.
1699
File: local/delivered.c.
1700
1701
19981128
1702
1703
Bugfix: postcat opened queue files read-write, where only
1704
read access was needed. File: postcat/postcat.c.
1705
1706
19981129
1707
1708
Safety: added a sleep(1) to all fatal and panic exits.
1709
File: util/msg.c.
1710
1711
19981201
1712
1713
Robustness: postcat now insists that a file starts with a
1714
time record.
1715
1716
Consistency: added "-c config_dir" command-line options
1717
where appropriate.
1718
1719
19981202
1720
1721
Man pages, on-line version.
1722
1723
19981203
1724
1725
Man pages, html version; overview documentation.
1726
1727
19981206
1728
1729
Sendmail silently accepted the unsupported -qRsite and
1730
-qSsite options. It now prints an error message and
1731
terminates.
1732
1733
Separated the contributed tree from the IBM code; moved
1734
the LDAP and NEXTSTEP/OPENSTEP code to the contributed
1735
source tree because obviously I didn't write it.
1736
1737
19981206-9
1738
1739
Had to write a postconf configuration utility in order to
1740
reliably find out about all configuration parameters and
1741
their defaults.
1742
1743
Documentation bugfixes by Matt Shibla, Scott Drassinower,
1744
Greg A. Woods.
1745
1746
19981209
1747
1748
On machines with short hostnames, postconf -d cored while
1749
reporting a fatal error. It should not report that error
1750
in the first place. Thanks, Eilon Gishri.
1751
1752
Changed the FAQ entry about rejecting mail for *.my.domain
1753
on a firewall. Chip Christian was right, I was wrong.
1754
1755
19981214
1756
1757
Portability: with GNU getopt, optind is not initially 1,
1758
breaking an assumption in sendmail/sendmail.c. Liviu Daia.
1759
1760
Annoyance: on non-networked systems, don't warn that only
1761
one network interface was found. File: global/inet_addr_local.c.
1762
Reported by several.
1763
1764
Bugfix: on non-networked systems, the smtp client assumed
1765
that it was running in virtual host mode, and would bind
1766
to the loopback interface. File smtp/smtp_connect.c. Liviu
1767
Daia, again.
1768
1769
19981220
1770
1771
Robustness: when looking up an A or MX record, do not give
1772
up when the A query fails because of a server error. File
1773
dns/dns_lookup.c. Reported by Scott Drassinower.
1774
1775
19981221
1776
1777
Bugfix: "bounce mail for non-existent virtual user" didn't
1778
work when a non-default relay host was configured in main.cf
1779
or in the transport table. File: qmgr/qmgr_message.c.
1780
1781
Bugfix: the maildrop directory should not be world-readable.
1782
Files: conf/postfix-script, showq/showq.c.
1783
1784
Documentation: fixed several omissions and errors.
1785
1786
Documentation: removed references to the broken recipient
1787
feature delimiter configuration parameter.
1788
1789
Bugfix: write mailbox file as the recipient, so that file
1790
quota work as expected.
1791
1792
Bugfix: pickup would die when it tried to remove a non-file
1793
in the maildrop directory (Jeff Wolfe).
1794
1795
19981222
1796
1797
Sendmail no longer logs the queue ID when it is unable to
1798
notify the pickup daemon. This is a late addition to the
1799
"unreadable maildrop queue" patch.
1800
1801
user.lock files are now created as root, so that postfix
1802
needs no group directory write permission.
1803
1804
19981224
1805
1806
Security: allow queue file link counts > 1, to avoid
1807
non-delivery of maildrop files with links to a non-maildrop
1808
directory. Files: global/mail_open_ok.c, and anything
1809
that calls this code (qmgr, pickup, showq). If multiple
1810
hard links are a problem, see the set-gid "postdrop" utility
1811
below.
1812
1813
19981225
1814
1815
Robustness: the queue manager no longer aborts when a queue
1816
file suddenly disappears (e.g. because the file was removed
1817
by hand).
1818
1819
Feature: when a writable maildrop directory is a problem,
1820
sites can make the new "postdrop" utility set-gid. This
1821
command is never used when the maildrop directory is
1822
world-writable.
1823
1824
Robustness: make the queue file creation routine more
1825
resistant against denial of service race attack. File:
1826
global/mail_queue.c
1827
1828
19981226
1829
1830
New suid_priv module to enable/disable privileges in a
1831
set-uid/gid program. In the end I decided to not use it.
1832
1833
19981228
1834
1835
Robustness: make the pickup daemon more resistant against
1836
non-file race attack.
1837
1838
Cleanup: generic mail_stream.c interface for writing queue
1839
file streams to files, daemons or commands. This simplifies
1840
the code in smtpd and in sendmail that must be able to pipe
1841
mail through the postdrop command. The cleanup daemon has
1842
been modified to use the same interface. Result: less code.
1843
1844
Feature: smtpd now logs the only recipient in Received:
1845
headers.
1846
1847
Feature: separate command and daemon directories. Both
1848
default to $program_directory. Install conf/postfix-script
1849
if you want to use this feature.
1850
1851
19981230
1852
1853
Patch to avoid conflict with non-writable top-level Makefile
1854
(Lamont Jones).
1855
1856
19981231
1857
1858
Portability: port to UnixWare 7 by Ronald Joe Record, SCO.
1859
1860
19990104
1861
1862
Bugfix: fencepost (Jon Ribbens, Oaktree Internet Solutions
1863
Ltd.) Files: quote_82[12]_local.c.
1864
1865
Bugfix: wrong default for relay_domains (Juergen Kirschbaum,
1866
Bayerische Landesbank). File: mail_params.h.
1867
1868
Bugfix: changed 5xx response for "too may recipients" to
1869
4xx. File: smtpd.c.
1870
1871
19990106
1872
1873
Feature: defer_transports specifies the names of transports
1874
that should be used only when "sendmail -q" (or equivalent)
1875
is issued. For example, "defer_transports = smtp" is useful
1876
for sites that are disconnected most of the time. File:
1877
qmgr_message.c.
1878
1879
19990107
1880
1881
Feature: local_command_shell specifies a non-default shell
1882
for delivery to command by the local delivery agent. For
1883
example, "local_command_shell = /some/where/smrsh -c"
1884
restricts what may appear in "|command" destinations.
1885
File: global/pipe_command.c.
1886
1887
19990112-16
1888
1889
Feature: SMTP command pipelining support based on an initial
1890
version by Jon Ribbens, Oaktree Internet Solutions Ltd.
1891
This one took several days of massaging before I felt
1892
comfortable about it. Files: smtp.c, smtp_proto.c.
1893
1894
Bugfix: the SMTP server would flush responses one-by-one,
1895
which caused suboptimal performance with pipelined clients.
1896
The vstream routines now flush the write buffer when the
1897
read() routine is called, instead of flushing when the
1898
application changes from writing to reading. Delayed flush
1899
prevents the SMTP server from flushing responses one-by-one
1900
and thus triggering Nagle's algorithm. File: util/vstream.c.
1901
1902
19990117
1903
1904
Bugfixes and enhancements to the smtpstone tools by Drew
1905
Derbyshire, Kendra Electronic Wonderworks: send helo command,
1906
send message headers, format the message content to lines
1907
< 80, work around NT stacks, make "." recognition more
1908
robust. Files: smtp-source.c, smtp-sink.c.
1909
1910
Strategy: look at the deferred queue only when the incoming
1911
queue is empty; limit the number of recipients read from
1912
a queue file depending on the number of recipients already
1913
in core. Files: qmgr.c, qmgr_message.c.
1914
1915
Feature: postponed anti-UCE restrictions. The decision to
1916
reject junk mail on the basis of the client name/address,
1917
HELO hostname or sender address can now be postponed until
1918
the RCPT TO command (or HELO or MAIL FROM if you like).
1919
File: smtpd_check.c.
1920
1921
19990118
1922
1923
Feature: incremental updates of alias databases and of
1924
other lookup tables. Both postalias and postmap now take
1925
a -i option for incremental updates from standard input.
1926
Files: global/mkmap_*.c, post{map,alias}/post{map,alias}.c.
1927
1928
Compatibility: newaliases can now update multiple alias
1929
databases: list them in the "alias_database" parameter in
1930
main.cf. By the same token, postalias can now update multiple
1931
maps in one command. Files: post{map,alias}/post{map,alias}.c
1932
1933
Feature: mail to <> is now sent to the address specified
1934
with the "empty_address_recipient" configuration parameter
1935
which defaults to MAILER-DAEMON (idea by Lamont Jones,
1936
Hewlett-Packard). File: cleanup/cleanup_envelope.c.
1937
1938
Compatibility: the transport table now uses .domain.name
1939
to match subdomains, just like sendmail mailer tables (patch
1940
by Lamont Jones, Hewlett-Packard).
1941
1942
Feature: mailq now ends with a total queue size summary
1943
(Eilon Gishri, Israel Inter University Computation Center).
1944
1945
19990119
1946
1947
Feature: address masquerade exceptions for user names listed
1948
in the "masquerade_exceptions" configuration parameter.
1949
File: cleanup/cleanup_masquerade.c.
1950
1951
Feature: qmail-style maildir support, based on initial code
1952
by Kevin W. Brown, Quantum Internet Services Inc.
1953
1954
Workaround: Solaris 2.something connect() fails with
1955
ECONNREFUSED when the system is busy (Chris Cappuccio,
1956
Empire Net). File: global/mail_connect.c.
1957
1958
Feature: the cleanup service now adds a Return-Path: header
1959
when none is present. This header is needed for some mail
1960
delivery programs (see below). File: cleanup_message.c.
1961
1962
Feature: the pipe mailer now supports $user, $extension
1963
and $mailbox macros in command-line expansions. This, plus
1964
the Return-Path: header (see above), should be sufficient
1965
to support cyrus IMAP out of the box. Based on initial
1966
code by Joerg Henne, Cogito Informationssysteme GMBH.
1967
File: pipe/pipe.c.
1968
1969
Bugfix: with address extensions enabled, canonical and
1970
virtual lookups now are done in the proper order:
1971
user+foo@domain, user@domain, user+foo, user, @domain.
1972
File: global/mail_addr_find.c.
1973
1974
19990119
1975
1976
Feature: the local mailer now prepends a Received: message
1977
header with the queue ID to forwarded mail, in order to
1978
make message tracing easier. File: local/forward.c.
1979
1980
Cleanup: after "postfix reload", no more broken pipe
1981
complaints from resolve/rewrite clients.
1982
1983
19990121
1984
1985
Feature: pickup (again) logs uid and sender address. On
1986
repeated request by Scott Cotton, Internet Consultants
1987
Group, Inc.
1988
1989
Portability: doze() function for systems without usleep().
1990
1991
Cleanup: clients are now consistently logged as host[address].
1992
1993
19990122
1994
1995
Maildir support changed: specify "home_mailbox = Maildir/".
1996
The magic is the trailing /. Suggested by Daniel Eisenbud,
1997
University of California at Berkeley.
1998
1999
Maildir support from aliases, :include: and .forward files.
2000
Specify /file/name/ - the trailing / is required. Suggested
2001
by Daniel Eisenbud, University of California at Berkeley.
2002
2003
Workaround: watchdog timer to prevent the queue manager
2004
from locking up on some systems.
2005
2006
Bugfix: in Received: headers, the "for <recipient>"
2007
information was in the wrong place. Pointed out by Jon
2008
Ribbens, Oaktree Internet Solutions Ltd.
2009
2010
19990124
2011
2012
Portability: more workarounds for GNU getopt() by Liviu
2013
Daia, Institute of Mathematics, Romanian Academy. File:
2014
sendmail/sendmail.c.
2015
2016
19990125
2017
2018
Bugfix: Postfix should not masquerade recipient addresses
2019
extracted from message headers. Problem reported by David
2020
Blacka, Network Solutions. File: cleanup/cleanup_message.c.
2021
2022
19990126
2023
2024
Feature: smtpd_etrn_restrictions parameter to restrict who
2025
may use ETRN and what domains may be specified. Example:
2026
"smtpd_etrn_restrictions = permit_mynetworks, reject".
2027
Requested by Jon Ribbens, Oaktree Internet Solutions Ltd.
2028
File: smtpd/smtpd_check.c.
2029
2030
19990127
2031
2032
Bugfix: in an attempt to shave some cycles, the anti junk
2033
mail routines would use the wrong resolved address. This
2034
"optimization" is now turned off. Problem reported by Sam
2035
Eaton, Pavilion Internet Plc. File: smtpd/smtpd_check.c.
2036
2037
Feature: BIFF notifications. For compatibility reasons
2038
this feature is on by default. This "protocol" can be a
2039
real performance pig. Specify "biff = no" in main.cf if
2040
your machine has lots of shell users. Feature requested by
2041
Dan Farmer - it's one of the things one does for friends.
2042
Files: local/mailbox.c, local/biff_notify.c.
2043
2044
Bugfix: another case sensitivity problem, this time with
2045
virtual lookups to recognize unknown@virtual.domain.
2046
Problem reported by Bo Kleve, Linkoping University. File:
2047
qmgr/qmgr_message.c.
2048
2049
19990128
2050
2051
Feature: with "soft_bounce = yes", defer delivery instead
2052
of bouncing mail. This is a safety net for configuration
2053
errors with delivery agents. It has no effect on errors in
2054
virtual maps, canonical maps, or in junk mail restrictions.
2055
Feature requested by Bennett Todd. File: global/bounce.c.
2056
2057
19990129
2058
2059
Compatibility: the qmail maildir.5 documentation prescribes
2060
maildir file names of the form time.pid.hostname, which is
2061
wrong because Postfix processes perform multiple deliveries.
2062
Elsewhere the qmail author has documented how maildir files
2063
should be named under such conditions. Postfix has been
2064
changed to be conformant. File: local/maildir.c.
2065
2066
19990131
2067
2068
Feature: special treatment of owner-foo and foo-request
2069
can be turned off. Specify "owner_request_special = no".
2070
Requested by Matthew Green and others. Files: local/alias.c,
2071
global/split_addr.c. This affects canonical, virtual and
2072
alias lookups.
2073
2074
19990204
2075
2076
Portability: signal handling for HP-UX 9 by Lamont Jones
2077
of Hewlett Packard. File: master/master_sig.c.
2078
2079
Robustness: disable random walk inside a per-site queue to
2080
avoid message starvation under heavy load. File: qmgr_entry.c.
2081
2082
Robustness: under some conditions the queue manager could
2083
declare a host dead after just one delivery failure. File:
2084
qmgr_queue.c.
2085
2086
19990212
2087
2088
Feature: skip SMTP servers that greet us with a 4XX status
2089
code. Example: "smtp_skip_4xx_greeting = yes". By default,
2090
the Postfix SMTP client defers delivery when a server
2091
declines talking to us. File: smtp/smtp_connect.c.
2092
2093
Robustness: upon startup the queue manager now moves active
2094
queue files to the incoming queue instead of the deferred
2095
queue, to avoid anomalous delivery delays on systems that
2096
have a huge incoming queue. Files: qmgr/qmgr.c,
2097
qmgr/qmgr_active.c, global/mail_flush.c, conf/postfix-script*
2098
2099
19990213
2100
2101
Robustness: added watchdog timers to avoid getting stuck
2102
on systems with broken select() socket implementations.
2103
File: qmgr_transport.c, qmgr_deliver.c.
2104
2105
19990218
2106
2107
Feature: NFS-friendly delivery to mailbox by avoiding the
2108
use of root privileges as much as possible. With input by
2109
Mike Muus, Army Research Lab, USA.
2110
2111
Feature: the smtp-sink test server now supports SMTP command
2112
pipelining. To this end we had to generalize the timer and
2113
vstream support. Poor performance is fixed 19990222.
2114
2115
Cleanup: timer event routines now have the same interface
2116
as read/write event routines (event type + context). File:
2117
util/events.c.
2118
2119
Feature: new vstream_peek() routine to tell how much unread
2120
data is left in a VSTREAM buffer. This is the vstream
2121
variant of the peekfd() routine for kernel read buffers.
2122
File: util/vstream.c.
2123
2124
Feature: directory scanning support for hashed mail queue
2125
directories. So far the results are disappointing: with
2126
depth = 2 (16 directories with 16 subdirectories), mailq
2127
takes 5 seconds with an empty queue unless all directories
2128
happen to be cached in memory. We need a bit map before
2129
hashed queue directories become practical. Depth=1 hashing
2130
doesn't slow down mailq much, but doesn't help much either.
2131
Files: util/scan_dir.c, global/mail_scan_dir.c.
2132
2133
19990221
2134
2135
Workaround: with "ignore_mx_lookup_error = yes", the SMTP
2136
client always performs an A lookup when an MX lookup could
2137
not be completed, rather than treating MX lookup failure
2138
as a temporary error condition. Unfortunately there are
2139
many broken DNS servers on the Internet. File: smtp/smtp_addr.c.
2140
2141
19990222
2142
2143
Performance: rewrote the guts of the smtp-sink test server
2144
so it can do pipelining without losing performance.
2145
2146
19990223
2147
2148
Workaround: hotmail.com sometimes drops the connection
2149
after "." (causing misleading diagnostics to be logged) or
2150
waits minutes after receiving QUIT. Solution: do not wait
2151
for the response to QUIT. File: smtp/smtp_proto.c. This
2152
is turned off with: "smtp_skip_quit_response = no".
2153
2154
19990224
2155
2156
Feature: the pipe mailer accepts user=username:groupname,
2157
based on code submitted by Philip A. Prindeville, Mirapoint,
2158
Inc., USA. File: pipe/pipe.c.
2159
2160
Workaround: use file locking to prevent multiple processes
2161
from select()ing on the same socket. This causes performance
2162
problems on large BSD systems. Files: master/*_server.c.
2163
2164
19990225
2165
2166
Bugfix: with "inet_interfaces = 127.0.0.1", don't bind to
2167
the loopback interface. Problem reported by Steve Bellovin
2168
of AT&T. File: smtp/smtp_addr.c.
2169
2170
Feature: "postsuper" command to remove stale queue files
2171
to update queues after changes to the queue structure
2172
parameters (hash_queue_names, hash_queue_depth). This
2173
command is to be run from the postfix-script maintenance
2174
shell script.
2175
2176
19990301
2177
2178
Feature: new postconf -h (suppress `name = ' in output)
2179
option to make the program easier to use in, e.g., shell
2180
scripts.
2181
2182
Feature: dict_unix module so you can add the UNIX passwd
2183
table to the SMTPD access control list.
2184
2185
19990302
2186
2187
Feature: "luser_relay = destination" captures mail for
2188
non-existent local recipients. This works only when the
2189
local delivery agent does mailbox delivery (including
2190
delivery via mailbox_command), not when mailbox delivery
2191
is delegated to another message transport.
2192
2193
Feature: new reject_non_fqdn_{hostname,sender,recipient}
2194
restrictions to require fully.qualified.domain forms in
2195
HELO, MAIL FROM and RCPT TO commands (while still allowing
2196
the <> sender address).
2197
2198
19990304
2199
2200
Bugfix: backed out the 19990119 change to always insert
2201
Return-Path: if that header is not present. The pipe and
2202
local agents now are responsible for prepending Return-Path:.
2203
Files: cleanup/cleanup_message.c, global/mail_copy.[hc],
2204
pipe/pipe.c, global/header_opts.c. This causes an incompatible
2205
change to the pipe flags parameter, because Return-Path:
2206
now must be requested explicitly.
2207
2208
19990305
2209
2210
Bugfix: showq (the mailq server) incorrectly assumed that
2211
all recipients of a deferred message are listed in the
2212
corresponding defer logfile. It now lists all recipients.
2213
Files: showq/showq.c, cleanup/cleanup_envelope.c (ensure
2214
that sender records always precede recipient records).
2215
2216
Cleanup: smtpd HELO restrictions validate [numerical] forms.
2217
Files: util/valid_hostname.c, smtpd/smtpd_check.c. Initial
2218
code by Philip A. Prindeville, Mirapoint, Inc., USA.
2219
2220
19990306
2221
2222
Cleanup: re-vamped the valid_hostname module, and added a
2223
maximal label length (63) requirement.
2224
2225
Feature: fallback_relay parameter to specify extra backup
2226
hosts in case the regular relay hosts are not found or not
2227
available. Files: smtp/smtp_addr.c.
2228
2229
Feature: "always_bcc = address" specifies where to send a
2230
copy of each message that enters he system. However, if
2231
that copy bounces, the sender will be informed of the
2232
bounce. Files: smtpd/smtpd.c, pickup/pickup.c
2233
2234
Compatibility: the transport map will now route on top-level
2235
domains, so you can dump all of .bitnet to a bitnet relay.
2236
2237
19990307
2238
2239
Feature: LDAP lookups, updated by Jon Hensley, Merit Network,
2240
USA.
2241
2242
Feature: regular expression (PCRE) support by Andrew
2243
McNamara, connect.com.au Pty. Ltd., Australia. In order to
2244
use this code specify pcre:/file/name. You can use this
2245
anywhere you would use a DB or DBM file, NIS or LDAP. See:
2246
PCRE_README for how to enable this code.
2247
2248
Feature: "delay_warning_time = 4" causes Postfix to send
2249
a "your mail is delayed" notice after approx. 4 hours.
2250
Daniel Eisenbud, University of California at Berkeley.
2251
Files: qmgr/qmgr_active.c, qmgr/qmgr_message. Postmaster
2252
notices for delayed mail are disabled by default. In order
2253
to receive postmaster notices, specify "notify_classes =
2254
... delay ...".
2255
2256
Cleanup: do not send undeliverable bounced mail to postmaster.
2257
This was causing lots of pain with junk mail from bogus
2258
sender addresses to non-existent recipients. This change
2259
was reversed 19990311.
2260
2261
19990308
2262
2263
Bugfix: the dotforward routine was too eager with throwing
2264
away extension information, so that the Delivered-To: info
2265
would differ for \mailbox and |command. Problem reported
2266
by Rafi Sadowski, Open University, Israel.
2267
2268
Bugfix: seems I never got around to fix the btree access
2269
method. I finally did. Problem reported by: Matt Smith,
2270
AvTel Communications Inc., USA.
2271
2272
19990311
2273
2274
Back by popular demand: with "notify_classes = 2bounce ..."
2275
Postfix will send undeliverable bounced mail to postmaster.
2276
The default is to not send double bounces. This change
2277
reverses a change made on 19990307.
2278
2279
19990312
2280
2281
Feature: configurable exit handler for server skeletons.
2282
Philip A. Prindeville, Mirapoint, Inc., USA. Files:
2283
master/*server.c.
2284
2285
Feature: mail_spool_directory configuration parameter to
2286
specify the UNIX mail spool directory. The default setting
2287
is system dependent.
2288
2289
19990313
2290
2291
Cleanup: share file descriptors for resolve and rewrite
2292
client connections. This puts less strain on the trivial-rewrite
2293
service.
2294
2295
Portability: support for UnixWare 2.1 by Dmitry E. Kiselyov,
2296
Nizhny Novgorod City Health Emergency Station.
2297
2298
Feature: configurable delays in the smtpstone test programs.
2299
With input by Philip A. Prindeville, Mirapoint, Inc., USA.
2300
Files: smtpstone/*.c.
2301
2302
Bugfix: a "signal 11" problem in the trivial-rewrite program
2303
that would occasionally happen after "postfix reload".
2304
Reason: some rewrite clients would clobber their input,
2305
and when they had to retransmit the query, the input would
2306
be a zero-length string, which trivial-rewrite isn't supposed
2307
to receive.
2308
2309
19990314
2310
2311
Feature: "mailbox_transport = cyrus" delegates all local
2312
mailbox delivery to a master.cf entry called "cyrus" (the
2313
same trick for procmail), including users not found in the
2314
UNIX passwd database. This gives the flexibility of $name
2315
expansions by the pipe mailer, without losing local aliases
2316
and ~/.forward processing. Result of discussions with Rupa
2317
Schomaker, RS Consulting.
2318
2319
19990315
2320
2321
Feature: the mydestination parameter can now be an empty
2322
string, for hosts that don't receive any mail locally. Be
2323
sure to specify a default route for mail that comes to the
2324
machine or mail will loop.
2325
2326
19990316
2327
2328
Bugfix: the SMTPD check scaffolding didn't apply the same
2329
sanity checks as the production code. Problem reported by
2330
Alain Thivillon, Herve Schauer Consultants, France. File:
2331
smtpd/smtpd_check.c.
2332
2333
Portability: some systems can have more than 59 seconds in
2334
a minute. Based on a fix by Liviu Daia, Institute of
2335
Mathematics, Romanian Academy. File: global/mail_date.c.
2336
2337
Enhancement: include the client network address in the
2338
rejected by RBL response. Lamont Jones, Hewlett-Packard.
2339
2340
Workaround: use fstat() to figure out if the maildrop is
2341
world-writable. access() uses the real uid, which stinks.
2342
2343
Robustness: don't do partial address lookups (user@, domain,
2344
user, @domain) with regexp-style tables.
2345
2346
Security: don't allow regexp-style tables to be used for
2347
aliases. It would be too easy to slip in "|command" or
2348
:include: or /file/name.
2349
2350
19990317
2351
2352
Feature: "fallback_transport = cyrus" delegates non-UNIX
2353
recipients to a master.cf entry called "cyrus", allowing
2354
you to have both UNIX and non-UNIX mailboxes side by side.
2355
2356
19990319
2357
2358
Workaround: on 4.4 BSD derivatives, fstat() can return
2359
EBADF on an open file descriptor. Now, that was a surprise.
2360
This caused std{out,err} from cron commands to not be
2361
delivered.
2362
2363
Bugfix: "local -v" stopped working.
2364
2365
Workaround: more watchdog timers for postfix-unfriendly
2366
systems. By now every Postfix daemon has one. Call it life
2367
insurance.
2368
2369
Robustness: increased the maximal time to receive or deliver
2370
mail from $ipc_timeout (default: 3600 seconds) to the more
2371
generous $daemon_timeout (default: 18000 seconds). We don't
2372
want false alarms.
2373
2374
Portability: IRIX 5.2 does not have usleep().
2375
2376
19990320
2377
2378
Bugfix: \username was broken. Frank Dziuba was the first
2379
to notice.
2380
2381
19990321
2382
2383
Workaround: from now on, Postfix on Solaris uses stream
2384
pipes instead of UNIX-domain sockets. Despite workarounds,
2385
the latter were causing more trouble than anything else on
2386
all systems combined.
2387
2388
19990322
2389
2390
Portability: the makedefs would mis-identify IRIX 6.5.x as
2391
IRIX 5.x. Fix by Brian Truelsen of Maersk Mc-Kinney Moller
2392
Institute for Production Technology, Denmark.
2393
2394
Feature: reject_unknown_recipient_domain restriction for
2395
recipient addresses. For the sake of symmetry, we now also
2396
have reject_unknown_sender_domain. This means the old
2397
reject_unknown_address restriction is being phased out.
2398
Suggested by Rask Ingemann Lambertsen, Denmark Technical
2399
University.
2400
2401
Feature: unknown sender/recipient domain restrictions now
2402
distinguish between soft errors (always: 450) and hard
2403
errors (configurable with the unknown_address_reject_code
2404
parameter, default: 450; use 550 at your own risk).
2405
2406
Feature: no HELO junk mail restrictions means that no syntax
2407
check will be done on HELO/EHLO hostname arguments.
2408
2409
Bugfix: the initial Solaris workaround for UNIX-domain
2410
sockets could cause the queue manager to block if Postfix
2411
ran into a delivery agent process limit. After another code
2412
rewrite that problem is eliminated. Thanks to Chris
2413
Cappuccio, Empire Net, for assistance with testing.
2414
2415
19990323
2416
2417
Bugfix: too much forwarding when users list their own name
2418
in their .forward file (e.g. mail to user@localhost would
2419
go through .forward, would be forwarded to user@$myorigin,
2420
and would go through .forward again). Problem reported by
2421
Roman Dolejsi, Prague University of Economics.
2422
2423
19990324
2424
2425
Bugfix: missing map name in check_xxx_access restrictions
2426
could cause a segmentation error. Lamont Jones, Hewlett-
2427
Packard.
2428
2429
Feature: forward_path configuration parameter (default:
2430
$home/.forward$recipient_delimiter$extension,$home/.forward).
2431
Based on initial code by Philip A. Prindeville, Mirapoint,
2432
Inc., USA. Files: local/dotforward.c.
2433
2434
19990325
2435
2436
Workaround: Solaris NIS alias maps need special entries
2437
(YP_MASTER_NAME, YP_LAST_MODIFIED). What's worse, normal
2438
keys/values include a null byte at the end, but the YP_XXX
2439
ones don't. Problem reported by Walcir Fontanini, state
2440
university of Campinas, Brazil. File: postalias/postalias.c.
2441
2442
Compatibility: Solaris NIS apparently does include a null
2443
byte at the end of keys and values. File: util/sys_defs.h.
2444
2445
Feature: library support for config parameters that are
2446
not $name expanded at program start-up. This was needed
2447
for forward_path, and will also be needed to make message
2448
headers customizable.
2449
2450
Bugfix: pcre didn't handle \\ right. Lamont Jones, Hewlett-
2451
Packard. File: util/dict_pcre.c.
2452
2453
19990326
2454
2455
Compatibility: Postfix now puts two spaces after the sender
2456
in a "From sender date..." header. Found by John A. Martin,
2457
fixed by Lamont Jones, Hewlett-Packard.
2458
2459
Bugfix: when a recipient appeared multiple times in a local
2460
alias or include expansion, the delivery status could be
2461
left uninitialized, causing the mail to be deferred and
2462
delivered again. File: local/recipient.c.
2463
2464
19990327
2465
2466
Cleanup: the dictionary routines now take an extra flag
2467
argument to control such things as warning about duplicates,
2468
and appending null bytes to key/value. The latter was needed
2469
for a clean implementation of NIS master alias maps support.
2470
2471
Feature: POSIX regular expressions by Lamont Jones. See
2472
config/sample-regexp.c. Right now, enabled on *BSD and
2473
LINUX only.
2474
2475
19990328
2476
2477
Code cleanup: dictionaries now have flags that say whether
2478
lookup keys are fixed strings or whether keys are subjected
2479
to pattern matching. This is needed to avoid passing partial
2480
addresses to regexp-based lookup tables (user, @domain,
2481
user@, domain). Files: util/dict*.c.
2482
2483
Bugfix: fixed memory leaks and core dumps in the regexp
2484
and pcre routines (neither handled an empty pattern file).
2485
2486
19990329
2487
2488
Code cleanup: the dictionary I/O routines now do their own
2489
locking depending on dictionary flag settings. This means
2490
that the low-level dict_get() interface can now be used
2491
for safe dictionary lookups. This is needed for 19990328's
2492
partial lookup key support. Files: util/dict*.c. global/maps.c.
2493
2494
Feature: regular expression matches are no longer limited
2495
to user@domain address forms in access/canonical/virtual
2496
maps, but can also be used for domains in transport maps.
2497
This needed the partial lookup key support to avoid passing
2498
partial addresses to regexp-based lookup tables (user,
2499
@domain, user@, domain). Files: global/maps.c
2500
global/mail_addr_find.c.
2501
2502
Feature: new dictionary types can be registered with
2503
dict_open_register(). File: util/dict_open.c.
2504
2505
19990330
2506
2507
Bug fix: match_list membership dictionary lookups were case
2508
sensitive when they should not. Patch by Lutz Jaenicke,
2509
BTU Cottbus, Germany.
2510
2511
19990402
2512
2513
Feature: $domain macro support in forward_path. Philip A.
2514
Prindeville, Mirapoint, Inc., USA. File: local/dotforward.c.
2515
2516
Feature: if an address extension (+foo) is explicitly
2517
matched by the .forward+foo file name, do not propagate
2518
the extension to recipient addresses. This is more consistent
2519
with the way aliases are expanded. File: local/dotforward.c.
2520
2521
19990404
2522
2523
Bugfix: after receiving mail, the SMTP server didn't reset
2524
the cleanup error flag, so that multiple deliveries over
2525
the same SMTP session could fail due to errors with previous
2526
deliveries. Found by Lamont Jones, Hewlett-Packard.
2527
2528
19990405
2529
2530
Feature: MIME-encapsulated bounces. Philip A. Prindeville,
2531
Mirapoint, Inc., USA. File: bounce/bounce_notify_service.c
2532
2533
Cleanup: vstreams now properly look at the EOF flag before
2534
attempting to read, eliminating the need for typing Ctrl-D
2535
twice to test programs; the EOF flag is reset after each
2536
unget or seek operation. Files: util/vstream.c, util/vbuf.c.
2537
2538
Feature: in preparation for configurable message headers
2539
the mac_parse() routine now balances the parentheses in
2540
${name} or $(name). We need this in order to support
2541
conditional expressions such as ${name?text} where `text'
2542
contains other ${name} expressions.
2543
2544
19990406
2545
2546
Cleanup: changed MIME header information to make bounces
2547
more RFC 1892 compliant.
2548
2549
19990407
2550
2551
Feature: "best_mx_transport = local" delivers mail locally
2552
if the local machine is the best mail exchanger (by default,
2553
mail is bounced with a "mail loops back to myself" error).
2554
2555
Config: in order to make feature tracking easier the source
2556
code distribution now has a copy of the default settings
2557
in conf/main.cf.default.
2558
2559
Feature: separate configurable postmaster addresses for
2560
single bounces (bounce_notice_recipient), double bounces
2561
(2bounce_notice_recipient), delayed mail (delay_notice_recipient),
2562
and for other mailer errors (error_notice_recipient). The
2563
default for all is "postmaster".
2564
2565
19990408
2566
2567
Workaround: on Solaris 2.x, the master appears to lose its
2568
exclusive lock on the master.pid file, so keep grabbing
2569
the lock each time the master wakes up from select().
2570
2571
Robustness: don't flush VSTREAM buffers after I/O error.
2572
This prevents surprises when calling vstream_fclose() after
2573
truncating a mailbox to its original size.
2574
2575
Portability: on LINUX systems, if <db_185.h> exists, don't
2576
look for <db/db.h>.
2577
2578
Workaround: specify "sun_mailtool_compatibility = yes" to
2579
avoid clashes with the mailtool application. This disables
2580
kernel locks on mailbox files. Use only where needed.
2581
2582
Portability: renamed readline to readlline, to avoid clashes
2583
with mysql.
2584
2585
19990409
2586
2587
Bugfix: ignore temp queue files that aren't old enough.
2588
Problem reported by Vivek Khera, Khera Communications, Inc.
2589
2590
Bugfix: fixed typo in dict_db.c that caused processes to
2591
not release DB shared locks.
2592
2593
Feature: auto-detection of changes to DB or DBM lookup
2594
tables. This avoids the need to run "postfix reload" after
2595
change to the smtp access table and other tables.
2596
2597
Feature: regular expression checks for message headers.
2598
This requires support for POSIX or for PCRE regular
2599
expressions. Specify "header_checks = regexp:/file/name"
2600
or "header_checks = pcre:/file/name", and specify
2601
"/^header-name: badstuff/ REJECT" in the pattern file
2602
(patterns are case-insensitive by default). Code by Lamont
2603
Jones, Hewlett-Packard. It is to be expected that full
2604
content filtering will be delegated to an external command.
2605
2606
19990410
2607
2608
Bugfix: auto-detection of changes to DB or DBM lookup tables
2609
wasn't done for TCP connections.
2610
2611
19990410
2612
2613
Feature: $recipient expansion in forward_path. Philip A.
2614
Prindeville, Mirapoint, Inc., USA. File: local/dotforward.c
2615
2616
Feature: the smtp client consistently treats a numerical
2617
hostname as an address. File: smtp/smtp_addr.c.
2618
2619
19990414
2620
2621
Compatibility: support comment lines starting with # in
2622
$mydestination include files. This makes Postfix more
2623
compatible with sendmail.cw files. File: util/match_list.c.
2624
2625
Feature: if your machines have short host names, specify
2626
"mydomain = domain.name", and you no longer have to specify
2627
"myhostname = host.domain.name". Files: global/mail_params.c,
2628
postconf/postconf.c.
2629
2630
19990420
2631
2632
Cleanup: bounce mail when a mailbox goes over file quota,
2633
instead of deferring delivery. File: local/mailbox.c.
2634
2635
19990421
2636
2637
Feature: auto-detection of changes to DB or DBM lookup
2638
tables now includes the case where a file is unlinked.
2639
Philip A. Prindeville, Mirapoint, Inc., USA. File:
2640
util/dict.c.
2641
2642
19990422
2643
2644
Robustness: Lotus mail sends MAIL FROM: <@> instead of <>.
2645
Problem reported by Erik Toubro Nielsen, IFAD, Denmark.
2646
Files: trivial-rewrite/rewrite.c (@ becomes empty address)
2647
and global/rewrite_clnt.c (allow empty response).
2648
2649
Bugfix: showq could segfault when writing to a broken pipe.
2650
Problem reported by Bryan Fullerton, Canadian Broadcasting
2651
Corporation. Files: util/vbuf_print.c.
2652
2653
Cleanup: got rid of the "fatal: write error: Broken pipe"
2654
message when mailq output is piped into a program that
2655
terminates early.
2656
2657
Cleanup: bounce messages are multipart/mixed with the error
2658
report as part of the first message segment, because users
2659
had trouble extracting the delivery error report from the
2660
attachment.
2661
2662
19990423
2663
2664
Cleanup: the default junk mail reject code is now 554
2665
(service unavailable) rather than 550 (user unknown).
2666
2667
Folded in the updated dict_ldap.c module by John Hensley,
2668
Merit Network, USA.
2669
2670
Folded in the vstream_popen.c updates by Philip A.
2671
Prindeville, Mirapoint, Inc., USA. This copies a lot of
2672
code from pipe_command(); the next step is to trim that
2673
module.
2674
2675
19990425
2676
2677
Workaround: renamed config.h to mail_conf.h etc. in order
2678
to avoid name collisions with LINUX (yes, they have a system
2679
include file called config.h). For compatibility with people
2680
who have written software for Postfix, there's a config.h
2681
that aliases the old names to the new ones. That file will
2682
go away eventually.
2683
2684
19990426
2685
2686
Feature: error mailer, in order to easily bounce mail for
2687
specific destinations. In the transport table, specify:
2688
"host.domain error:host.domain is unavailable". Too bad
2689
that the transport table triggers on destination domain
2690
only; it would be nice to bounce specific users as well.
2691
2692
19990427
2693
2694
Cleanup: "disable_dns_lookups = yes" now should disable
2695
all DNS lookups by the SMTP client.
2696
2697
19990428
2698
2699
Bugfix: with DBM files, Postfix was watching the "dir" file
2700
modification time for changes. It should be watching the
2701
"pag" file instead.
2702
2703
19990429
2704
2705
Cleanup: all callbacks in the master to server API now pass
2706
on the service name and the application-specific argument
2707
vector. Files: master/*server.c.
2708
2709
19990504
2710
2711
Feature: conditional macro expansion. ${name?text} expands
2712
to text when name is defined, otherwise the result is empty.
2713
${name:text} expands to text when name is undefined,
2714
otherwise the result is empty. File: util/mac_expand.c.
2715
2716
Feature: conditional macro expansion of the forward_path
2717
configuration parameters of $user, $home, $shell, $recipient,
2718
$extension, $domain, $mailbox and $recipient_delimiter.
2719
Files: local/dotforward.c, local/local_expand.c.
2720
2721
19990506
2722
2723
Cleanup: eliminated misleading warnings about unknown HELO
2724
etc. SMTPD restrictions when the HELO etc. information is
2725
not available. File: smtpd/smtpd_check.c.
2726
2727
19990507
2728
2729
Feature: all smtpd reject messages now contain the MAIL
2730
FROM and RCPT TO addresses, if available.
2731
2732
19990508
2733
2734
Feature: conditional macro expansion of the luser_relay
2735
configuration parameter. It is no longer possible to specify
2736
/file/name or "|command" destinations. File: local/unknown.c.
2737
2738
Cleanup: changed the mac_parse interface so that the
2739
application callback routine can return status information.
2740
Updated the dict_regexp and dict_pcre modules accordingly.
2741
2742
Cleanup: changed the mac_expand interface so that the caller
2743
provides an attribute lookup routine, instead of having to
2744
provide a copy of all attributes upfront. Files:
2745
util/mac_expand.c, local/local_expand.c.
2746
2747
Feature: control over how address extensions are propagated
2748
to other addresses. By default, propagation of unmatched
2749
address extensions is now restricted to canonical and
2750
virtual mappings. Specify "propagate_unmatched_extensions
2751
= canonical, virtual, alias, forward, include" to restore
2752
previous behavior.
2753
2754
19990509
2755
2756
Feature: USER, EXTENSION, DOMAIN, RECIPIENT (entire address)
2757
and MAILBOX (address localpart) environment variables are
2758
exported to shell commands (including mailbox_command).
2759
2760
Feature: new command_expansion_filter parameter to control
2761
what characters may appear in message attributes that are
2762
exported via environment variables.
2763
2764
Cleanup: SMTPD reject messages are more informative, and
2765
more complete sender/recipient information is logged for
2766
the local sysadmin.
2767
2768
19990510
2769
2770
Bugfix: missing MIME header in postmaster bounce notices.
2771
Found by Samuel Tardieu, Ecole Nationale Superieure des
2772
Telecommunications, France.
2773
2774
Feature: UCE restrictions are always delayed until RCPT
2775
TO, VRFY or ETRN. To change back to the default specify
2776
"smtpd_delay_reject = no" in /etc/postfix/main.cf.
2777
2778
Bugfix: missing duplicate filter call. This caused too many
2779
deliveries when a user is listed multiple times in an alias.
2780
Reported by Hideyuki Suzuki, School of Engineering, University
2781
of Tokyo. Backed out on 19990512 because it caused problems.
2782
Fixed 19990513 but needs further study.
2783
2784
Feature: it is now possible to move queue files back into
2785
the maildrop queue, so that they can benefit from changes
2786
in canonical and virtual mappings. In order to make this
2787
possible, some restrictions on queue file contents were
2788
relaxed. Files: pickup/pickup.c, cleanup/cleanup_extracted.c.
2789
2790
Feature: made a start with integrating Joerg Henne's
2791
dictionary extensions to remove entries and to iterate over
2792
entries. That code is almost four months old by now.
2793
2794
19990511
2795
2796
Feature: added a "undeliverable postmaster notification
2797
discarded" warning when mail is dropped on the floor.
2798
Requested by Michael Hasenstein, SuSE, Germany.
2799
2800
19990517
2801
2802
Bugfix: reject_non_fqdn_sender/recipient would pass
2803
user@[ip_address] regardless of destination. Eric Cholet
2804
had the honor of suffering from this one.
2805
2806
19990527
2807
2808
More SMTP client logging for easier debugging: the smtp
2809
client now logs hostname[ip.addr], and logs every failed
2810
attempt to reach an MX host, not just the last one.
2811
2812
19990601
2813
2814
Bugfix: emit a blank line before a MIME boundary; the line
2815
is part of the boundary. File: bounce/bounce_notify_service.c.
2816
Wolfgang Segmuller, IBM Research.
2817
2818
19990610
2819
2820
Bugfix: the "is this the loopback interface" test was
2821
broken. Reported by Claus Fischer @microworld.com. File:
2822
smtp/smtp_connect.c.
2823
2824
Usability: added helpful warnings about restrictions that
2825
are being ignored after check_relay_domains, etc.
2826
2827
Portability: Reliant Unix support by Gert-Jan Looy, Siemens,
2828
the Netherlands.
2829
2830
19990611
2831
2832
Robustness: the postfix-script start-up procedure now
2833
detects a missing master program, avoiding misleading
2834
warnings that the mail system is already running. Fix
2835
suggested by David E. Smith @technopagan.org.
2836
2837
Portability: Mac OS X Server Port by Mark Miller @swoon.net.
2838
2839
Feature: on systems that use dotlock files for mailbox
2840
locking, the local delivery agent now will attempt to use
2841
dotlock files when delivering to user-specified files.
2842
Dotlock files for user-specified destinations are created
2843
with the privileges of the user. For backwards compatibility,
2844
Postfix will attempt to create dotlocks for user-specified
2845
destinations only when the user has parent directory write
2846
permission.
2847
2848
Feature: specify "expand_owner_alias = yes" in order to
2849
use the right-hand side of an owner- alias, instead of
2850
using the left-hand side address. Needed by Juergen Georgi.
2851
2852
19990622
2853
2854
Bugfix: the local delivery agent did not set user attributes
2855
when delivering to root, so that forward_path did not expand
2856
properly. Found by Jozsef Kadlecsik, KFKI Research Institute
2857
for Particle and Nuclear Physics, Hungary. File:
2858
local/dotforward.c.
2859
2860
Bugfix: the unix:passwd.byname mechanism is not suitable
2861
for smtpd access control - the user name would have to end
2862
in @, or the access control software would have to be
2863
changed. Removed the example from the RELEASE_NOTES file.
2864
2865
19990623
2866
2867
Bugfix: the smtp server did not reset the error flag after
2868
".". Found by James Ponder, Oaktree Internet Solutions Ltd.
2869
File: smtpd/smtpd.c.
2870
2871
Bugfix: fencepost error in the doze() routine (an usleep()
2872
replacement for systems without one). Found by Simon J
2873
Mudd. File: util/doze.c.
2874
2875
19990624
2876
2877
Portability: support for AIX 3.2.5 (!) by Florian Lohoff
2878
@rfc822.org.
2879
2880
Portability: Ultrix 4.3 support by Christian von Roques
2881
@pond.sub.org.
2882
2883
Feature: mysql support by Scott Cotton and Joshua Marcus,
2884
Internet Consultants Group, Inc. Files: util/dict_myqsl.*.
2885
2886
19990627
2887
2888
Bugfix: Postfix is now distributed under the new IBM Public
2889
License (version 1, dated June 14, 1999).
2890
2891
Feature: the Delivered-To: header can be turned off for
2892
delivery to command or file/mailbox. The default setting
2893
is: "prepend_delivered_header = command, file, forward".
2894
Turning off the Delivered-To: header when forwarding mail
2895
is not recommended.
2896
2897
19990628
2898
2899
Feature: the postlock command now returns EX_TEMPFAIL when
2900
the destination file is locked by another process.
2901
2902
19990705
2903
2904
Workaround: in the SMTP client, move the "mail loops back
2905
to myself test" from the 220 greeting to the HELO response.
2906
This change does not weaken the test, and makes Postfix
2907
more robust against broken software that greets with the
2908
client hostname.
2909
2910
19990706
2911
2912
Workaround: in the INSTALL file, use `&&' instead of `;'
2913
in (cd path; tar ...) pipelines because some UNIX re-invented
2914
shells don't bail out when cd fails. Matthias Andree
2915
@stud.uni-dortmund.de.
2916
2917
19990709
2918
2919
Bugfix: $user was not set when delivering to a non-user.
2920
Found by Vladimir Ulogov @ rohan.control.att.com when
2921
configuring a luser_relay that contained $user.
2922
2923
19990714
2924
2925
Robustness: add PATH statement to Solaris2 chroot setup
2926
script to avoid running the ucb commands. Problem found by
2927
Panagiotis Astithas @ ece.ntua.gr.
2928
2929
19990721
2930
2931
Bugfix: don't claim a "mail loops to myself" error when
2932
the best MX host was not found in the DNS. Found by Andrew
2933
McNamara, connect.com.au Pty Ltd. File: smtp/smtp_addr.c.
2934
2935
19990810
2936
2937
Feature: added "-c config_dir" support to the postconf
2938
command. This probably means that "-f file" will never be
2939
implemented.
2940
2941
19990812
2942
2943
Bugfix: showq didn't print properly when listing a maildrop
2944
file. Fix by: Andrew McNamara, connect.com.au Pty Ltd.
2945
File: showq/showq.c.
2946
2947
Feature: added SENDER to the list of parameters exported
2948
to external commands. File: local/command.c. Code by: Lars
2949
Hecking, National Microelectronics Research Centre, Ireland.
2950
2951
19990813
2952
2953
Bugfix: sendmail -t (extract recipients from headers) did
2954
not work when the always_bcc feature was turned on. Reported
2955
by: Denis Shaposhnikov @ neva.vlink.ru.
2956
2957
19990813
2958
Bugfix: "sendmail -bd" returns a bogus exit status (the
2959
child process ID). Fix by Lamont Jones of Hewlett-Packard.
2960
File: sendmail/sendmail.c.
2961
2962
19990824
2963
2964
Bugfix: null pointer dereference while rejecting VRFY before
2965
MAIL FROM. Found by Laurent Wacrenier @ fr.clara.net.
2966
2967
19990826
2968
2969
Portability: more MacOS X Server patches; some NEXTSTEP/OPENSTEP
2970
code that had been removed for the first public beta release;
2971
NEXTSTEP/OPENSTEP now defaults to netinfo for the aliases
2972
database. Submitted by Gerben Wierda.
2973
2974
Portability: workaround for a FreeBSD 3.x active network
2975
interface without IP address by Pierre Beyssac @ enst.fr.
2976
File: inet_addr_local.c.
2977
2978
19990831
2979
2980
Workaround: sendmail now prints a warning when installed
2981
set-uid or when run by a set-uid command. Reportedly, the
2982
linuxconf software turns on the set-uid bit, which could
2983
open up a security loophole. File: sendmail/sendmail.c.
2984
2985
Bugfix: Postfix daemons now temporarily lock DB/DBM files
2986
while opening them, in order to avoid "invalid argument"
2987
errors because some other process is changing the file.
2988
Files: util/dict_db.c, util/dict_dbm.c.
2989
2990
Robustness: Postfix locks queue files during delivery, to
2991
prevent duplicate delivery when "postfix reload" is
2992
immediately followed by "sendmail -q". This involves a
2993
change of the deliver_request interface: delivery agents
2994
no longer need to open and close queue files explicitly.
2995
Files: global/deliver_request.c, pipe/pipe.c, smtp/smtp.c,
2996
local/local.c, qmgr/qmgr_active.c, qmgr/qmgr_message.c.
2997
2998
Feature: reject_unauth_destination SMTP recipient restriction
2999
that rejects destinations not in $relay_domains. By Lamont
3000
Jones of Hewlett-Packard. File: smtpd/smtpd_check.c.
3001
3002
Security: do not allow weird characters in the expansion
3003
of $names that appear in $forward_path. Just like with
3004
shell commands, replace bad characters in expansions by
3005
underscores. Configuration parameter: forward_expansion_filter.
3006
3007
19990902
3008
3009
Documentation: added a sample postfix alias to the examples
3010
in the INSTALL document and in the conf/aliases file.
3011
Reminded by Simon J. Mudd @ alltrading.com.
3012
3013
19990903
3014
3015
Bugfix: in case of some error conditions the pickup daemon
3016
could leak small amounts of memory.
3017
3018
19990905
3019
3020
Bugfix: no more "skipping further client input" warnings
3021
when a message header is rejected.
3022
3023
Feature: reject_unauth_pipelining SMTP restriction that
3024
rejects mail from clients that improperly use SMTP command
3025
pipelining.
3026
3027
Robustness: the LDAP client by default no longer looks up
3028
names containing "*". See the lookup_wildcards feature in
3029
LDAP_README. Update by John Hensley.
3030
3031
Documentation: address masquerading with exceptions FAQ by
3032
Jim Seymour @ jimsun.LinxNet.com.
3033
3034
Bugfix: mysql reconnect after disconnect by Scott Cotton
3035
Internet Consultants Group, Inc. File: util/dict_myqsl.c.
3036
3037
Portability: the Postfix to PCRE interface now expects
3038
version 2.08. Postfix is no longer compatible with PCRE
3039
versions before 2.6.
3040
3041
19990906
3042
3043
Feature: INSTALL.sh script that makes Postfix installation
3044
a bit less painful. This script can be used for installing
3045
and for upgrading Postfix. It replaces files instead of
3046
overwriting them, and leaves existing configuration and
3047
queue files intact.
3048
3049
19990907
3050
3051
Bugfix: reject_non_fqdn_sender used the wrong test to see
3052
if a sender address was given and could dump core. This
3053
must have been broken ever since the UCE tests were moved
3054
to the RCPT TO stage in 19990510.
3055
3056
Bugfix: check_sender_access was recognized as a valid
3057
restriction name only if a sender had been specified.
3058
3059
19990908
3060
3061
Portability: Unixware has <sysexits.h> only after sendmail
3062
is installed. Changed postlock.c to use global/sys_exits.h.
3063
3064
19990909
3065
3066
Performance: added one-entry cache to the address rewriting
3067
client and to the address resolving client. This is because
3068
UCE restrictions tend to produce the same query repeatedly.
3069
Files: global/rewrite_clnt.c, global/resolve_clnt.c.
3070
3071
Feature: the UCE restrictions are now fully recursive so
3072
you can have per-client/helo/sender/recipient restrictions.
3073
Instead of OK, REJECT or [45]xx, you can specify a sequence
3074
of restrictions on the right-hand side of an SMTPD access
3075
table. This means you can no longer use canonical/virtual/alias
3076
maps as SMTPD access tables. But the loss is compensated
3077
for. File: smtpd/smtpd_access.c.
3078
3079
Feature: restriction classes, essentially a short-hand for
3080
restriction lists. These short hands are useful mostly on
3081
the right-hand side of SMTPD access tables. You must use
3082
restriction classes in order to have lookup tables on the
3083
right-hand side of an SMTPD access table. File:
3084
smtpd/smtpd_access.c.
3085
3086
Feature: "permit_recipient_map maptype:mapname" permits a
3087
recipient address when it matches the specified table.
3088
Lookups are done just as with canonical/virtual maps. With
3089
this, you can also use passwd/aliases as SMTPD access maps.
3090
File: smtpd/smtpd_access.c.
3091
3092
19990910
3093
3094
Changed "permit_address_map" into "permit_recipient_map"
3095
and added a test for the case that they specify a lookup
3096
table on the right-hand side of an SMTPD access map. File:
3097
smtpd/smtpd_access.c.
3098
3099
Cleanup: removed spurious sender address checks for <>.
3100
File: smtpd/smtpd_check.c.
3101
3102
Cleanup: the smtp client now consistently logs host[address]
3103
for all connection attempts.
3104
3105
19990919
3106
3107
Feature: in an SMTPD access map, an all-numeric right-hand
3108
side now means OK, for better cooperation with out-of-band
3109
authentication mechanisms.
3110
3111
19990922
3112
3113
Security: recipient addresses must not start with '-', in
3114
order to protect external commands. The old behavior is
3115
re-instated when main.cf specifies: "allow_min_user =
3116
yes". Credits to Mads Kiilerich @ Kiilerich.com. File:
3117
qmgr/qmgr_message.c.
3118
3119
Bugfix: after 19990831, the queue manager would throw away
3120
defer logs after deferring mail to known-to-be-dead hosts
3121
or message transports. This means that in some cases, mailq
3122
would not show why mail is delayed, and that delayed mail
3123
could be sent back with recipients missing from the error
3124
report. Reported by Giulio Orsero @ tiscalinet.it.
3125
3126
19990923
3127
3128
Bugfix: the above bugfix broke bounces of mail with bad
3129
address syntax and relocated users. Problem diagnosed by
3130
Dick Porter @ acm.org.
3131
3132
Documentation: added DO NOT EDIT THIS FILE. EDIT MAIN.CF
3133
INSTEAD notices to the sample-xxx.cf files.
3134
3135
19991007
3136
3137
Compatibility: ignore the sendmail -U (initial user
3138
submission) option. Thomas Quinot @ cuivre.fr.eu.org.
3139
3140
19991103
3141
3142
Code cleanup: don't send postmaster notifications when an
3143
SMTP client sends a DATA command while no recipients were
3144
accepted. This can happen when a pipelined client runs
3145
into an UCE block. File: smtpd/smtpd.c.
3146
3147
19991104
3148
3149
Robustness: do not apply UCE header checks to mail that is
3150
generated by Postfix (bounces, forwarded mail etc.). Files:
3151
smtpd/smtpd.c, pickup/pickup.c, cleanup/cleanup_message.c.
3152
3153
Robustness: new generic watchdog module that can deal with
3154
clocks that jump occasionally. Files: util/watchdog.c,
3155
master/master.c, master/{single,multi,trigger}_server.c.
3156
This hopefully ends the false watchdog alarms that happen
3157
when clocks are set or when laptops are resumed.
3158
3159
Code cleanup: BSMTP requires dot quoting as per RFC 821.
3160
Based on code by Florian Lohoff @ rfc822.org. Files:
3161
global/mail_copy.[hc], pipe/pipe.c.
3162
3163
19991105
3164
3165
Bugfix: the crufty code in inet_addr_local() did not find
3166
IP aliases. File: util/inet_addr_local.c.
3167
3168
Portability: the INSTALL.sh utility did not find users or
3169
groups in NIS or Netinfo tables. The script no longer
3170
searches the /etc/passwd and /etc/group files. Instead it
3171
now queries the unix:passwd.byname and unix:group.byname
3172
maps. For this, a -q (query) option was added to postmap
3173
(and to postalias, for symmetry). Files: util/dict_unix.c,
3174
postalias/postalias.c, postmap/postmap.c, INSTALL.sh.
3175
3176
Bugfix: LDAP lookup timeout settings were ignored. Patch
3177
by John Hensley. File: util/dict_ldap.c.
3178
3179
19991108
3180
3181
Bugfix: when doing a fresh install, INSTALL.sh didn't set
3182
main.cf:mail_owner properly (Simon J. Mudd).
3183
3184
19991109
3185
3186
Bugfix: when doing a fresh install, INSTALL.sh no longer
3187
worked (missing main.cf file). Fix: add "-c" argument to
3188
the postmap commands (Lars Hecking @ nmrc.ucc.ie).
3189
3190
Documentation: removed spurious "do not edit" comments from
3191
the sample pcre and regexp configuration files.
3192
3193
19991110-13
3194
3195
Code cleanup: greatly simplified the SMTPD command parser
3196
and somewhat simplified the code that groks RFC 822-style
3197
address syntax in MAIL FROM and RCPT TO commands.
3198
3199
New parameter: strict_rfc821_envelopes (default: no) to
3200
reject RFC 822 address forms (with comments etc.) in SMTP
3201
envelopes. By default, the Postfix SMTP server only logs
3202
a warning.
3203
3204
19991113
3205
3206
Oops, also updated the SMTP VRFY code in the light of
3207
changes to the SMTPD command parser.
3208
3209
Cleanup: the local delivery agent now explicitly rejects
3210
recipients with an empty username.
3211
3212
19991114
3213
3214
Workaround: with some gawk versions, postconf/extract.awk
3215
reportedly returns a non-zero exit status upon success.
3216
Added an explicit exit(0) statement.
3217
3218
19991115
3219
3220
Feature: DNS TXT record lookup support, based on initial
3221
code by Simon J Mudd. File: dns/dns_lookup.c.
3222
3223
Feature: RBL TXT record lookups, based on initial code by
3224
Simon J Mudd. File: smtpd/smtpd_check.c.
3225
3226
Feature: permit_auth_destination restriction based on code
3227
by Jesper Skriver @ skriver.dk.
3228
3229
Code cleanup: the transport table now can override all
3230
deliveries, including local ones.
3231
3232
19991116
3233
3234
Code cleanup: a new "local_transports" configuration
3235
parameter explicitly lists all transports that deliver mail
3236
locally. The first name listed there is the default local
3237
transport. This is the end of the "empty next-hop hostname"
3238
hack to indicate that a destination is local. Files:
3239
trivial-rewrite/resolve.c, global/local_transport.[hc]
3240
3241
Feature: "postconf -m" shows what lookup table types are
3242
available. Code by Scott Cotton, Internet Consultants
3243
Group, Inc.
3244
3245
Feature: "postconf -e" edits any number of main.cf parameters.
3246
The edit is done on a copy, and the copy is renamed into
3247
the place of the original. File: postconf/postconf.c,
3248
util/readlline.[hc].
3249
3250
19991117
3251
3252
Portability: SunOS 4 has no SA_RESTART. File: util/watchdog.c.
3253
3254
Feature: on systems with h_errno, the "reject_unknown_client"
3255
restriction now distinguishes between soft errors (always
3256
reply with 450) and hard errors (use the user-specified
3257
reply code). This should lessen the load by broken mailers
3258
that re-connect once a minute.
3259
3260
Feature: forward/reverse name/address check for SMTP client
3261
hostnames. This fends off some hypothetical attacks by
3262
spammers who are in control of their own reverse mapping.
3263
3264
Robustness: postconf no longer aborts when it can't figure
3265
out the local domain name; it prints a warning instead.
3266
This allows you to use "postconf -e" to fix the problem.
3267
3268
19991118
3269
3270
Bugfix: the RFC822 address parser would misparse a leading
3271
\ as an atom all by itself. Problem reported by Keith
3272
Stevenson @ louisville.edu. File: global/tok822_parse.c.
3273
3274
19991119
3275
3276
Bugfix: tiny memory leak in pipe_command() when fork()
3277
fails. File: global/pipe_command.c.
3278
3279
19991120
3280
3281
Bugfix: reversed test for all-numerical results in SMTPD
3282
access maps. File: smtpd/smtpd_check.c.
3283
3284
19991121
3285
3286
Robustness: INSTALL.sh no longer uses postmap for sanity
3287
checks.
3288
3289
Feature: INSTALL.sh now has an install_root option.
3290
3291
Bugfix: INSTALL.sh now installs manual pages with proper
3292
permissions and ownership.
3293
3294
Bugfix: the LDAP client did not properly escape special
3295
characters in lookup keys (patch by John Hensley). File:
3296
util/dict_ldap.c.
3297
3298
19991122
3299
3300
Bugfix: missing absolute path in INSTALL.sh broke fresh
3301
install.
3302
3303
19991124
3304
3305
Bugfix: the local delivery agent's recipient duplicate
3306
filter did not work when configured to use unlimited memory
3307
(which is not a recommended setting). Patrik Rak @raxoft.cz.
3308
3309
19991125
3310
3311
Bugfix: postconf didn't have an umask(022) call at the
3312
beginning (problem experienced by Matthias Andree).
3313
3314
19991126
3315
3316
Bugfix: DNS TXT records now have string lengths before text
3317
(Mark Martinec @ nsc.ijs.si).
3318
3319
19991127
3320
3321
Update: the LDAP client code now supports escapes as per
3322
RFC2254 (John Hensley).
3323
3324
19991207
3325
3326
Performance: one message with many recipients no longer
3327
stops other mail from being delivered. The queue manager
3328
now frees in-memory recipients as soon as a message is
3329
delivered to one destination, rather than waiting until
3330
all in-memory destinations of that message have been tried.
3331
Patch by Patrik Rak @ raxoft.cz. Files: qmgr/qmgr_entry.c,
3332
qmgr/qmgr_message.c.
3333
3334
Performance: when delivering mail to a huge list of
3335
recipients, the queue manager now reads more recipients
3336
from the queue file before delivery concurrency drops too
3337
low. Files: qmgr/qmgr_entry.c, qmgr/qmgr_message.c.
3338
3339
19991208
3340
3341
Updated LDAP client code by John Hensley with escape
3342
sequences as per RFC 2254. File: util/dict_ldap.c.
3343
3344
Updated MYSQL client code by Scott Cotton. File: dict_mysql.c.
3345
3346
Feature: added -N/-n options to include/exclude terminating
3347
nulls in keys and values in postmap/postalias DB or DBM
3348
files. Normally, Postfix uses whatever is appropriate for
3349
the host system. A non-default setting can be necessary
3350
for inter-operability with third-party software.
3351
3352
Bugfix: the local delivery agent would deliver to the user
3353
instead of the .forward file when the .forward file was
3354
already visited via some non-recursive path. Patch by Patrik
3355
Rak @ raxoft.cz. Files: global/been_here.c, local/dotforward.c.
3356
3357
Robustness: attempt to deliver all addresses in the expansion
3358
of an alias or .forward file, even when some addresses must
3359
be deferred. File: local/token.c.
3360
3361
19991211
3362
3363
Performance: qmgr_fudge_factor controls what percentage of
3364
delivery resources Postfix will devote to one message.
3365
With 100%, delivery of one message does not begin before
3366
delivery of the previous message is completed. This is good
3367
for list performance, bad for one-to-one mail. With 10%,
3368
response time for one-to-one mail improves much, but list
3369
performance suffers. In the worst case, people near the
3370
start of a mailing list get a burst of postings today,
3371
while people near the end of the list get that same burst
3372
of postings a whole day later. Files: qmgr/qmgr_message.c,
3373
qmgr/qmgr_entry.c.
3374
3375
Bugfix: address rewriting would panic on a lone \ at the
3376
end of a line where an address was expected. Jason Hoos @
3377
thwack.net. File: global/rewrite_clnt.c.
3378
3379
19991215
3380
3381
Bugfix: the strict RFC821 envelope address check should
3382
not be applied to VRFY commands. File: smtpd/smtpd.c.
3383
3384
Cleanup: permit_recipient_maps is gone, because that could
3385
only be used inside UCE restrictions.
3386
3387
19991216
3388
3389
Feature: allow an empty inet_interfaces parameter, just
3390
like an empty mydestination parameter. It's needed for true
3391
null clients and for firewalls that deliver no local mail.
3392
3393
Feature: "disable_vrfy_command = yes" disables some forms
3394
of address harvesting used by spammers.
3395
3396
Workaround: added the alias map parameter definition to
3397
the smtpd code. This is a symptom of a general problem
3398
with parameters that have non-empty default values: unless
3399
a program explicitly defines such a parameter, the parameter
3400
defaults to the empty string when used in other parameters.
3401
There's also a problem with evaluation order.
3402
3403
Feature: the SMTP server rejects mail for unknown users in
3404
virtual domains that are defined by Postfix virtual domain
3405
files. File: smtpd/smtpd_check.c.
3406
3407
Feature: reject mail for unknown local users at the SMTP
3408
port. The local_recipient_maps configuration parameter
3409
specifies maps with all addresses that are local with
3410
respect to $mydestination or $inet_interfaces. Example:
3411
"local_recipient_maps = $alias_maps unix:passwd.byname".
3412
This feature is disabled by default. You may have to copy
3413
the passwd file into the chroot jail. File: smtpd/smtpd_check.c.
3414
3415
Feature: the sendmail -f option now understands '<user>'
3416
and even understands address forms with RFC 822-style
3417
comments.
3418
3419
19991217
3420
3421
Cleanup: no more UCE checks for VRFY commands. It still
3422
reports unknown local/virtual users. File: smtpd/smtpd_check.c.
3423
3424
Robustness: upon Postfix startup, report discrepancies
3425
between system files inside and outside the chroot jail.
3426
Files: conf/postfix-script-nosgid, conf/postfix-script-sgid.
3427
3428
19991218
3429
3430
Cleanup: INSTALL.sh produces relative symlinks, which is
3431
necessary when install_root is not /.
3432
3433
19991219
3434
3435
Documentation: completely reorganized the FAQ and added
3436
many new entries. Rewrote the UCE html documentation.
3437
3438
Cleanup: INSTALL.sh uses a configurable directory for
3439
scratch files, so that it can install from a file system
3440
that is not writable by the super-user.
3441
3442
Cleanup: INSTALL.sh gives helpful hints when the "mv"
3443
command is unable to move symlinks across file system
3444
boundaries.
3445
3446
19991220
3447
3448
Cleanup: it is no longer necessary to list $virtual_maps
3449
as part of the relay_domains definition. The SMTP server
3450
now by default accepts mail for destinations that match
3451
$inet_interfaces, $mydestination or $virtual_maps, whether
3452
or not these are specified in relay_domains. We still need
3453
the ugly "virtual.domain whatever" hack in the virtual
3454
maps. Files: smtpd/smtpd_check.c and lots of documentation
3455
and sample config files.
3456
3457
19991221
3458
3459
Removed cyrus -q flag (ignore quotas) from the sample
3460
master.cf file.
3461
3462
19991223
3463
3464
Bugfix: smtpd should not check for unknown users when
3465
running in stand-alone (sendmail -bs) mode. Problem
3466
experienced by Chuck Mead. File: smtpd/smtpd.c.
3467
3468
Retraction: the "local_transports" configuration parameter
3469
is gone. Adjusted code and documentation accordingly.
3470
Instead, use just one "local_transport" parameter with the
3471
name of the default local transport. Files: smtpd/smtpd_check.c,
3472
qmgr/qmgr_message.c, trivial-rewrite/ resolve.c, local/resolve.c.
3473
3474
Feature: Postfix SMTPD now insists that the smtpd recipient
3475
restrictions contain at least one restriction that by
3476
default rejects mail. This should make it much more difficult
3477
to change Postfix into an open relay. File: smtpd/smtpd_check.c.
3478
3479
Retraction: null-length inet_interfaces is too confusing.
3480
3481
19991224
3482
3483
Bugfix: the relative symlink code in INSTALL.sh computed
3484
the ../ prefix from the wrong pathname.
3485
3486
1999122[5-7]
3487
3488
Feature: "allow_untrusted_routing = no" (default) prevents
3489
forwarding of source-routed mail from untrusted clients to
3490
destinations that are blessed by the relay_domains parameter
3491
(example: user@domain2@domain1 etc.). This plugs a mail
3492
relay loophole where a backup MX host forwards junk mail
3493
to a primary MX host which forwards the junk to the Internet.
3494
Files: global/quote_822_local.c, smtp/quote_821_local.c,
3495
trivial-rewrite/rewrite.c, trivial-rewrite/resolve.c,
3496
smtp/smtpd_check.c.
3497
3498
In order to make this possible, the Postfix resolver data
3499
structure and protocol has changed, so that all resolver
3500
clients need to be re-compiled.
3501
3502
Side effect from the above change: from now on, an address
3503
with @ in the recipient localpart no longer bounces with
3504
"user unknown" but instead is rejected with "relay access
3505
denied" or "source-routed relay access denied".
3506
3507
19991227
3508
3509
Workaround: the BSD/OS "mkdir -p" and "cmp -s" commands
3510
misbehave on boundary cases: directory exists or file does
3511
not exist. Those who re-invent...
3512
3513
19991229
3514
3515
Added the no source routing info requirement to addresses
3516
accepted by the permit_mx_backup UCE restriction.
3517
3518
19991230
3519
3520
Added a spawn daemon (not compiled and installed by default)
3521
to enable LMTP delivery over UNIX-domain sockets. The goal
3522
is to simplify the experimental LMTP delivery agent by
3523
ripping out the privileged code that forks the LMTP server.
3524
3525
20000102
3526
3527
Clarified documentation after early feedback on the 19991231
3528
release by Drew Derbyshire, Ollivier Robert, Khetan Gajjar.
3529
3530
Sanity check: a common error is to list Postfix virtual
3531
domains in the mydestination parameter. This causes the
3532
new optional local_recipient_maps feature to reject mail
3533
for virtual users. The SMTP server now explicitly tests
3534
for this common error and logs a warning instead of refusing
3535
the mail. File: smtpd/smtpd_check.c.
3536
3537
20000104
3538
3539
Bugfix: a case sensitivity bug had slipped through in the
3540
anti-relaying code, causing mail for USER@VIRTUAL.DOMAIN
3541
to be rejected with "relay access denied". This was found
3542
by Jim Maenpaa @ jmm.com.
3543
3544
Questionable feature: set "smtp_skip_5xx_greeting = yes"
3545
to make Postfix more sendmail compatible, even though this
3546
is wrong, IMNSHO. File: smtp/smtp_connect.c.
3547
3548
Portability: Ultrix patch from Simon Burge @ thistledown.com.au.
3549
3550
Portability: Siemens Pyramid (dcosx) patch by Thomas D.
3551
Knox @ vushta.com.
3552
3553
Performance: FreeBSD has bidirectional pipes that are faster
3554
than socketpairs. Anticipating on more platform-specific
3555
optimizations, all duplex pipe plumbing is now isolated in
3556
a duplex_pipe.c module that provides a system-independent
3557
interface.
3558
3559
20000105
3560
3561
Cleanup: the INSTALL.sh script now updates the sample files
3562
in /etc/postfix even when main.cf exists.
3563
3564
20000106
3565
3566
Bugfix: the SMTP server should consult the relocated map
3567
for virtual destinations (Denis Shaposhnikov). Files:
3568
smtpd/smtpd.c smtpd/smtpd_check.c.
3569
3570
20000108
3571
3572
Workaround: rename() over NFS can fail with ENOENT even
3573
when the operation succeeds (Graham Orndorff @ WebTV). This
3574
is not news. Any non-idempotent operation can fail over
3575
NFS when the NFS server's acknowledgment is lost and the
3576
NFS client code retries the operation (other examples are:
3577
create, symlink, link, unlink, mkdir, rmdir). Postfix has
3578
workarounds for the cases where this is most likely to
3579
cause trouble. Files: util/sane_{rename,link}.[hc]. If
3580
you want reliable mail system, do not use NFS.
3581
3582
20000115
3583
3584
Workaround: better detection of bad hardware. Added SIGBUS
3585
to the list of signals that the master will log before
3586
exiting.
3587
3588
20000122
3589
3590
Portability: preliminary SCO5 port Christopher Wong @
3591
csports.com. This still needs to a workaround for "find"
3592
not supporting "-type s" (actually, UNIX-domain sockets
3593
have no unique representation in the file system and show
3594
up as FIFOs).
3595
3596
20000115-22
3597
3598
Bugfix: in case of a too long message header, don't extract
3599
recipients from message headers. With the previous behavior,
3600
Bcc information could be left in the message body, as one
3601
person found out the hard way. Files: cleanup/cleanup.c,
3602
cleanup/cleanup_extracted.c, global/cleanup_user.h.
3603
3604
20000124
3605
3606
Whatever: RFC 1869 amends RFC 821 and specifies that code
3607
555 is to be used when a MAIL FROM or RCPT TO parameter is
3608
not implemented or not recognized. Russ Allbery @stanford.edu.
3609
This reply code is added to the list of reply codes that
3610
cause the Postfix SMTP client to mail a transcript to the
3611
postmaster. File: smtp/smtp_trouble.c.
3612
3613
20000126
3614
3615
Emergency feature: qmgr_site_hog_factor (default: 90 percent)
3616
limits the amount of resources that Postfix devotes to a
3617
single destination. With less than 100, Postfix defers the
3618
excess mail so that one site with a large backlog does not
3619
block other deliveries. Files: qmgr/qmgr.c, qmgr/qmgr_message.c.
3620
3621
20000128
3622
3623
Cleanup: the queue manager no longer replaces the nexthop
3624
field by the recipient localpart when a destination matches
3625
$mydestination/$inet_interfaces. The price is the introduction
3626
of a new parameter local_destination_recipient_limit which
3627
defaults to 1 in order to maintain backwards compatibility.
3628
Files: qmgr/qmgr.c, qmgr/qmgr_message.c.
3629
3630
20000129
3631
3632
Bugfix: extracted recipients were misfiled when a message
3633
was moved back to the maildrop queue. But they still worked
3634
due to a coincidence.
3635
3636
Feature: bounce_recip() bounces a recipient immediately
3637
without accessing a bounce logfile. This is necessary for
3638
VERP bounces, for bounces by delivery agents that change
3639
the sender address, and for bounces that for some reason
3640
must not use temporary logfiles. Files: global/bounce.c,
3641
bounce/bounce_recip_service.c.
3642
3643
20000130
3644
3645
Bugfix: the too long header fix of 20000115-22 lost mail
3646
with too long headers that didn't need to extract recipients
3647
from message headers.
3648
3649
Bugfix: the too long header fix of 20000115-22 lost mail
3650
without (blank line + message body).
3651
3652
Code rewrite: reorganized the cleanup daemon source code
3653
so that the cleanup service can be called one record at a
3654
time (see cleanup/cleanup_api.c); also got rid of the global
3655
state variables and fixed a couple bugs that were introduced
3656
with 20000115-22.
3657
3658
20000204
3659
3660
Feature: in daemon mode, the MAIL FROM size check can be
3661
postponed until RCPT TO so that Postfix can log sender and
3662
recipient. Simon J Mudd. Files: smtpd/smtpd.c
3663
3664
Robustness: limit the number of recipient addresses that
3665
can be extracted from message headers. Parameter:
3666
extract_recipient_limit (default: 10240). Files:
3667
cleanup/cleanup_message.c, cleanup/cleanup_extracted.c.
3668
3669
Cleanup: the message header reject logging now includes
3670
sender and recipient address (if possible), so that the
3671
logging looks more like the other reject logging. File:
3672
cleanup/cleanup_message.c.
3673
3674
Documentation: added sections on regular expression tables
3675
to the access, canonical, virtual, transport and relocated
3676
man pages, and write new man pages that are specific to
3677
regular expressions: pcre_table.5 and regexp_table.5.
3678
3679
20000214
3680
3681
Bugfix: postconf reported some parameters more than once
3682
because the parameter extracting script didn't recognize
3683
lines that differ in whitespace only. File: postconf/extract.awk.
3684
Reported by Kenn Martin.
3685
3686
20000221
3687
3688
Logging: the SMTP client now logs log host+port when it is
3689
unable to connect to a non-MX host, just like it logs
3690
host+port when unable to connect to an MX host.
3691
3692
20000226
3693
3694
Bugfix: the SMTP server's "User unknown" test didn't notice
3695
LDAP etc. dictionary access errors. The code now reports
3696
a 450 status (try again instead of bounce) if the reply is
3697
not definitive. File: smtp/smtpd_check.c.
3698
3699
Robustness: the smtp-source program could stall when making
3700
hundreds of parallel connections to a Postfix system with
3701
only one SMTP server process. The fix is to use non-blocking
3702
connect() calls, very carefully. File: smtpstone/smtp-source.c.
3703
3704
20000303
3705
3706
Feature: with smtp_always_send_ehlo the SMTP client will
3707
send EHLO regardless of the content of the SMTP server's
3708
greeting. File: smtp/smtp_proto.c.
3709
3710
20000304
3711
3712
Feature: DICT_FLAG_SYNC_UPDATE flag for synchronous dictionary
3713
updates, if supported by the underlying mechanism. Files:
3714
util/dict.h, util/dict_open.c, util/dict_db.c.
3715
3716
20000307
3717
3718
Cleanup: the manual pages in Postfix configuration files
3719
no longer contain troff formatting codes. The text is now
3720
generated from prototype files in a new "proto" subdirectory.
3721
Requested by Matthias Andree @ stud.uni-dortmund.de.
3722
3723
20000308
3724
3725
Bugfix: the unused db and dbm "delete" routines would
3726
clobber the per-dictionary flags when called before reading
3727
or writing the table. Files: util/dict_dbm.c, util/dict_db.c.
3728
Lutz Jaenicke @ aet.TU-Cottbus.DE.
3729
3730
Bugfix: the SMTP server would produce a cryptic message
3731
when a queue file write error happened before it had written
3732
any recipients. Keith Stevenson. File: smtpd/smtpd.c.
3733
3734
Robustness: the db and dbm "delete" routines didn't adjust
3735
to dictionaries with/without one trailing null in lookup
3736
keys and values. Did a complete rewrite of the routines.
3737
Files: util/dict_db.c, util/dict_dbm.c.
3738
3739
Feature: specify "-d key" to postalias or postmap in order
3740
to remove one key. This still needs to be generalized to
3741
multi-key removal (read stdin?). Files: postmap/postmap.c,
3742
postalias/postalias.c.
3743
3744
Test: added test targets for the dictionary delete operations.
3745
Files: util/Makefile.in, util/dict_test.{c,in,ref}.
3746
3747
Feature: added data offset and recipient count fields to
3748
the first queue file record output from the cleanup daemon.
3749
The recipient counts provides an initial estimate for a
3750
more advanced queue manager scheduling algorithm. Files:
3751
cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c.
3752
3753
20000311
3754
3755
Portability: HP-UX awk can't handle bare { in regexps
3756
(Lamont Jones. HP). File: postconf/extract.awk.
3757
3758
Compatibility: sendmail now recognizes '.' as end of input.
3759
File: sendmail/sendmail.c.
3760
3761
20000313
3762
3763
Compatibility: dtcm (CDE desktop calendar manager) leaks
3764
a file descriptor into its child process, and requires that
3765
sendmail closes the descriptor, otherwise mail notification
3766
will hang. These GUI programmers never figured out that
3767
the child process must close the writing end of a pipe.
3768
File: sendmail/sendmail.c.
3769
3770
20000314
3771
3772
Feature: SASL authentication in the SMTP server and client.
3773
Based on code contributed by Till Franke, SuSE. Specify:
3774
"smtpd_sasl_auth_enable = yes" and "smtp_sasl_auth_enable
3775
= yes". The "permit_sasl_authenticated" UCE restriction
3776
gives special treatment to authenticated clients.
3777
3778
20000315
3779
3780
Workaround: added -blibpath option for AIX 4.x, to close
3781
hole in case postdrop needs to be set-gid.
3782
3783
20000320
3784
3785
Portability: FreeBSD 5.x added to the list of supported
3786
systems (Mark Huizer).
3787
3788
20000323
3789
3790
Portability: INSTALL.sh looks if sendmail is in /usr/lib
3791
rather than in /usr/sbin.
3792
3793
20000326
3794
3795
Bugfix: settings in one mysql configuration file would act
3796
as the implicit defaults for the next one, which could be
3797
confusing. Patch by Scott Cotton. File: util/dict_mysql.c.
3798
3799
Robustness: limit the number of "junk" commands that can
3800
be issued in an SMTP session (ex.: NOOP, VRFY, ETRN, RSET).
3801
Problem report by Michael Ju. Tokarev @ tls.msk.ru. Files:
3802
global/mail_params.h, smtpd/smtpd.c.
3803
3804
20000413
3805
3806
Portability: more MacOS X patches by Gerben Wierda.
3807
3808
Bugfix: RFC 822 requires the presence of at least one
3809
destination message header. The cleanup daemon now generates
3810
a generic "To: undisclosed-recipients:;" message header
3811
when no destination header is present. The header content
3812
is specified with the undisclosed_recipients_header parameter.
3813
Problem pointed out by Geoff Gibbs, UK-Human Genome Mapping
3814
Project-Resource Centre.
3815
3816
20000416
3817
3818
Workaround: allow <(comment)> as SMTP MAIL FROM address.
3819
3820
20000417
3821
3822
The SASL authentication in the SMTP server and client works,
3823
but only on Linux and Solaris, neither of which I wish to
3824
run on my laptop.
3825
3826
20000418
3827
3828
Added LMTP support to the smtp-source and smtp-sink utilities
3829
so that I don't have to install Cyrus IMAP just to test
3830
LMTP.
3831
3832
20000419
3833
3834
Bugfix: removed the () from the tokenized representation
3835
of RFC 822 comments, so that comments with \( or \) can be
3836
unparsed correctly. Problem reported by Bodo Moeller.
3837
3838
20000423
3839
3840
Bugfix: mail_copy() could prepend > or . in the middle of
3841
long lines. Found by code inspection.
3842
3843
20000427
3844
3845
New code: unescape module that translates C escape sequences
3846
into their equivalent character values. File: util/unescape.c.
3847
3848
Feature: the pipe mailer now has a way to specify the output
3849
record delimiter (for example, eol=\r\n). This is necessary
3850
for transports that require CRLF instead of UNIX-style LF.
3851
3852
20000502
3853
3854
In order to support timeouts more conveniently, VSTREAMs
3855
now have built into them the concept of timeout. Instead
3856
of calling read() and write(), the low-level VSTREAM
3857
interface now by default uses timed_read() and timed_write()
3858
which receive a timeout parameter; vstream_ctl(stream,
3859
VSTREAM_CTL_TIMEOUT...) sets the timeout deadline on a
3860
stream, and vstream_ftimeout(stream) queries a stream for
3861
timeout errors. This change simplified timeout handling
3862
considerably. Files: util/vbuf.h, util/vstream.[hc],
3863
global/smtp_stream.c, global/timed_ipc.c.
3864
3865
20000504
3866
3867
Added application context to VSTREAMs, which is passed on
3868
transparently to application-provided read/write routines.
3869
vstream_ctl(stream, VSTREAM_CTL_CONTEXT...) sets the context.
3870
Files: util/vstream.[hc].
3871
3872
Added vstream_setjmp() and vstream_longjmp() support to
3873
make exception handling more convenient. Turn on exception
3874
handling with vstream_ctl(stream, VSTREAM_CTL_EXCEPT...).
3875
Files: util/vstream.[hc].
3876
3877
Cleaned up the smtp_stream module further and got rid of
3878
the global state that limited the use of this module to
3879
one stream per process. Files: global/smtp_stream.[hc].
3880
3881
20000505
3882
3883
Bugfix: the SMTP server now flushes unwritten output before
3884
tarpit delays, to avoid protocol timeouts in pipelined
3885
sessions when a client causes lots of errors. Found by
3886
Lamont Jones, HP. File: smtpd/smtpd_chat.c.
3887
3888
Finished the LMTP client, which is based on a modified
3889
version of the SMTP client by Philippe Prindeville, Mirapoint,
3890
Inc., later modified by Amos Gouaux, UTDallas, and then
3891
Wietse ripped it all up again. Currently this talks LMTP
3892
over TCP only.
3893
3894
Feature: override main.cf parameters in master.cf. Specify
3895
"-o parameter=value" after the program name. This allows
3896
you to selectively override myhostname etc. See also the
3897
new smtp_bind_address parameter below.
3898
3899
20000506
3900
3901
Convenience: the LMTP and SMTP clients now append the local
3902
domain to unqualified nexthop destinations. This makes it
3903
more convenient to set up transport maps. Files:
3904
lmtp/lmtp_addr.c, smtp/smtp_addr.c.
3905
3906
Sendmail compatibility: the Postfix SMTP client now skips
3907
servers that greet the client with a 4xx or 5xx status
3908
code. To disable, set both smtp_skip_4xx_greeting and
3909
smtp_skip_5xx_greeting to "no".
3910
3911
20000507
3912
3913
Portability: NetBSD has migrated to /etc/mail/aliases. We
3914
can expect to see this happen more often when systems start
3915
shipping Sendmail 8.10. File: util/sys_defs.h
3916
3917
Updated LDAP code by John Hensley, with support for
3918
dereferencing of LDAP aliases, which have nothing to do
3919
with Postfix aliases.
3920
3921
Feature: "smtp_bind_address=x.x.x.x" specifies the source
3922
IP address for SMTP client connections. Specify in master.cf
3923
as "smtp -o smtp_bind_address=x.x.x.x" in order to give
3924
different delivery agents different source addresses.
3925
3926
20000510
3927
3928
Cleanup: mailbox_transport did not work with the lmtp
3929
delivery agent. This dates back to when Postfix used empty
3930
nexthop information to indicate that a destination was
3931
local. File: global/deliver_pass.c.
3932
3933
Bugfix: configuration parameters for one mysql dictionary
3934
would become default settings for the next one. File:
3935
dict_mysql.c. This patch was merged into Postfix a while
3936
back but apparently that Postfix version was nuked when
3937
other parts were redesigned. Update by Scott Cotton.
3938
3939
Bugfix: some Postfix delivery agents would abort on addresses
3940
of the form `stuff@.' which could be generated only locally.
3941
Found by Patrik Rak. File: trivial-rewrite/resolve.c.
3942
3943
Third-party Berkeley DB support for HP-UX by Lamont Jones.
3944
File: makedefs.
3945
3946
20000511
3947
3948
Bugfix: Postfix would incorrectly reject domain names with
3949
adjacent - characters. File: util/valid_hostname.c.
3950
3951
Bugfix: the 20000505 pipeline tarpit delay flush was wrong
3952
and caused the client and server to get out of phase. Yuck!
3953
3954
20000513
3955
3956
Feature: VSTREAMs now have the concept of last fill/flush
3957
time, which is needed to prevent timeouts with pipelined
3958
SMTP sessions as detailed in the next item.
3959
3960
Bugfix: delayed SMTP command/reply flushing to prevent
3961
sender delays from accumulating too much and causing timeouts
3962
with pipelined sessions. For example, client-side delays
3963
happen when a client does DNS lookups to replace hostname
3964
aliases in MAIL FROM or RCPT TO commands; server-side delays
3965
happen when an UCE restriction involves a time-consuming
3966
DNS lookup, or when a server generates tarpit delays.
3967
Files: lmtp/lmtp_proto.c, smtp/smtp_proto.c, smtpd/smtpd_chat.c.
3968
3969
Portability: define ANAL_CAST for compilation environments
3970
that reject explicit casts between pointers and integral
3971
types. File: util/sys_defs.h, master/*server.c. Upon closer
3972
investigation, this turned out to be the result of someone's
3973
compiler configuration preferences. Therefore the change
3974
is likely to go away after a code cleanup.
3975
3976
20000514
3977
3978
Feature: mysql client support for multi-valued queries
3979
(select email, email2 from aliastbl where username='$local')
3980
By Loic Le Loarer @ m4x.org. File: util/dict_mysql.c.
3981
3982
Finalized the delayed SMTP command/reply flushing code in
3983
the SMTP and LMTP clients after lots of testing and review.
3984
3985
20000520
3986
3987
Robustness: upon receipt of mail, map the mailer-daemon
3988
sender address back into the magic null string. File:
3989
cleanup/cleanup_envelope.c.
3990
3991
20000524
3992
3993
Bugfix: the code for masquerade_exceptions was case sensitive.
3994
Reported by Eduard Vopicka. File: cleanup/cleanup_masquerade.c.
3995
3996
20000526
3997
3998
Feature: experimental queue manager by Patrik Rak with a
3999
fancy pre-emptive scheduling algorithm that improves delivery
4000
performance of mail with few recipients. This queue manager
4001
is made available as "nqmgr".
4002
4003
20000528
4004
4005
Feature: the SMTP client SASL password file can contain
4006
entries for destination domain names (the address remote
4007
part) not just mail server hostnames. File: smtp_sasl_glue.c.
4008
4009
Feature: smtpd_sasl_local_domain parameter (default:
4010
$myhostname) to specify the local SASL authentication realm.
4011
File: smtpd_sasl_glue.c.
4012
4013
Feature: specify "body_checks=regexp:/file/name" for a very
4014
crude one line at a time message body content filter. This
4015
feature uses the same filtering syntax as the header_checks
4016
feature. File: cleanup/cleanup_message.c. See also the
4017
conf/sample-filter.cf file.
4018
4019
20000530
4020
4021
Feature: full content filtering through external software.
4022
This uses existing interfaces for sending mail to the
4023
external content filter and for injecting it back into
4024
Postfix. Details in FILTER_README. Files: pickup/pickup.c,
4025
smtpd/smtpd.c, qmgr/qmgr_message.c.
4026
4027
20000531
4028
4029
More SASL feedback by Liviu Daia, regarding the use of
4030
authentication realms. File smtpd/smtpd_sasl_glue.c.
4031
4032
Added a simple shell-script based content filtering example
4033
to the FILTER_README file.
4034
4035
Content filtering support for nqmgr by Patrik Rak. File:
4036
nqmgr/qmgr_message.c.
4037
4038
Renamed "content inspection" etc. to "content filtering"
4039
in anticipation of a new hook for content inspection that
4040
only inspects mail without re-injecting it into Postfix.
4041
4042
20000601
4043
4044
Feature: limit the size of pipe mailer deliveries with the
4045
size=nnn command-line attribute. Patch by Andrew McNamara.
4046
4047
20000603
4048
4049
Bugfix: don't try to do SASL authentication when running
4050
in stand-alone (sendmail -bs) mode. Fix by Liviu Daia.
4051
4052
Bug: the unauthorized pipelining test fails with single
4053
recipient mail when smtpd_delay_reject = yes.
4054
4055
20000617
4056
4057
Bugfix: conf/sample-ldap.cf was no longer up to date with
4058
reality. Patch by Lamont Jones, HP.
4059
4060
Bugfix: the maildir delivery routine left temporary files
4061
lying around after unsuccessful delivery (problem reported
4062
by Brian Laughton @ Corp.Axxent.Ca).
4063
4064
20000621
4065
4066
AIX 4.x had POSIX regular expression support all the time
4067
I was working on Postfix. Better find out late than never.
4068
4069
20000623
4070
4071
Bugfix: the SMTP server did not reset the so-called junk
4072
command counter after successful delivery (Mark Hoffman @
4073
wallst.com). File: smtpd/smtpd.c.
4074
4075
20000625
4076
4077
Cleanup: remove Content-Length from incoming mail. The
4078
sender has no authority over the format of mail as stored
4079
by the receiving system. File: global/header_opts.h.
4080
4081
Feature: rewrite Mail-Followup-To: as sender. Files:
4082
global/header_opts.[hc].
4083
4084
Cleanup: rewrite Reply-To, Errors-To, Return-Receipt-To as
4085
sender, so that address masquerading works as expected.
4086
Files: global/header_opts.c.
4087
4088
Feature: specify "require_home_directory = yes" to prevent
4089
mail from being delivered to a user whose home directory
4090
is not mounted. File: local/dotforward.c.
4091
4092
Cleanup: the pipe deliver agent no longer appends a blank
4093
line when the F flag (prepend From_ line) is specified.
4094
Specify the B flag if you need that blank line. The local
4095
delivery agent no longer appends a blank line to mail that
4096
is delivered to external command. Files: pipe/pipe.c,
4097
global/mail_copy.[hc].
4098
4099
20000708
4100
4101
Portability: support for NEXT/OPENSTEP requires extra
4102
include file in util/watchdog.c (Masaki Murase).
4103
4104
20000715
4105
4106
Added macros to turn on vstream/vstring/etc. format string
4107
checking by gcc, in addition to the checking that was
4108
already implemented with printfck. File: util/sys_defs.h,
4109
the macros for PRINTFLIKE and SCANFLIKE. Problem - unlike
4110
the printfck tool, gcc finds format argument type mismatches
4111
only in code that isn't #ifdef-ed out.
4112
4113
20000718
4114
4115
Robustness: make_dirs() now continues when a missing
4116
directory is created by another process.
4117
4118
20000720
4119
4120
Feature: the queue manager now logs the number of recipients
4121
when opening a queue file (a zero recipient count is logged
4122
with older queue files). File: global/opened.c.
4123
4124
20000726
4125
4126
Robustness: added watchdog_pat() routine to keep the watchdog
4127
quiet if a client stays connected for a lot of time. Files:
4128
util/watchdog.[hc], smtpd/smtpd.c.
4129
4130
20000729
4131
4132
Robustness: if relayhost is specified but the host does
4133
not exist, defer mail instead of bouncing it (which would
4134
lose the mail if the bounce would have to be delivered to
4135
that same non-existent relayhost). Problem reported by
4136
Chris Cooper @ maths.ox.ac.uk. File: smtp/smtp_connect.c.
4137
4138
20000821
4139
4140
Feature: added -r (replace key+value) option to postalias
4141
and postmap.
4142
4143
Cleanup: smtpd now replies with 555 when the client sends
4144
unrecognized RCPT TO parameters, as required by RFC 1869
4145
(problem report by Robert Norris @ its.monash.edu.au).
4146
File: smtpd/smtpd.c.
4147
4148
20000822
4149
4150
Logging: the SMTP server's SASL code logs the authentication
4151
method along with an authentication failure. Suggested by
4152
Ronald F. Guilmette @ monkeys.com.
4153
4154
Workaround: some systems have file size resource limits
4155
that cannot be represented with the off_t type that is used
4156
by standard functions such as lseek(2). Problem reported
4157
by Blaz Zupan @ amis.net.
4158
4159
20000823
4160
4161
Feature: all this discussion about when to reject mail and
4162
when not made me decide to implement a TCP-based map type
4163
so that it becomes relatively simple to implement dynamic
4164
access controls, for example, hold off mail from an unknown
4165
client or sender until we have completed some investigation,
4166
after which we will either reject or accept.
4167
4168
However, this code is turned off until it is finished.
4169
4170
20000905
4171
4172
Robustness: the dns client now rejects malformed domain
4173
names rather than depending on the DNS to report that the
4174
name does not exist. Linux returns a rather misleading
4175
server failure code as found out by Patrik Rak. File:
4176
dns/dns_lookup.c.
4177
4178
20000911
4179
4180
Feature: added IGNORE keyword to header_checks and body_checks
4181
to pretend that certain data does not exist. File:
4182
cleanup/cleanup_message.c.
4183
4184
20000911
4185
4186
Bugfix: the SASL code did not allow MAIL FROM... AUTH=sender
4187
without prior authentication. The RFC allows this, although
4188
one wonders what the reasoning behind this is. File:
4189
smtpd/smtpd_sasl_proto.c.
4190
4191
20000913
4192
4193
Bugfix: the rmail script did not handle remote UUCP systems
4194
that send a from_ line with unqualified envelope sender.
4195
Reported by Luciano Mannucci.
4196
4197
Compatibility: don't insert Sender: header lines. Sendmail
4198
has not done so for at least 10 years, if it ever did.
4199
Problem reported by Brad Knowles. File: cleanup/cleanup_message.c.
4200
4201
20000916
4202
4203
Bugfix: when propagating an address extension in a virtual
4204
or canonical mapping, cleanup accesses memory that is no
4205
longer allocated. This can happen when the result address
4206
length is more than 100 characters. Problem reported by
4207
Adi Prasaja @ satunet.com. File: global/mail_addr_crunch.c.
4208
4209
Bugfix: fixed a misleading error message when the cleanup
4210
server reaches the queue file size limit. Fix by Robby
4211
Griffin @ MIT.EDU. File: cleanup/cleanup_extracted.c.
4212
4213
20000917
4214
4215
Bugfix: postalias -i would complain about duplicate entries
4216
for the Sendmail-compatible @ entry and for the NIS-compatible
4217
YP_LAST_MODIFIED and YP_MASTER_NAME entries.
4218
4219
20000918
4220
4221
Gross hack: prevent looping on a bad recipient by always
4222
forwarding recipients in :include: files to a new mail
4223
delivery request, even when owner-listname is not set.
4224
File: local/recipient.c.
4225
4226
20000919
4227
4228
Convenience: INSTALL.sh now imports default settings from
4229
the process environment, in order to make scripting easier.
4230
4231
Robustness: INSTALL.sh now systematically skips over CVS,
4232
RCS and SCCS cruft.
4233
4234
Portability: another fix for NEXTSTEP (Masaki MURASE).
4235
File: util/spawn_command.h.
4236
4237
20000920
4238
4239
Cleanup: in a transport table entry, do not ignore port
4240
numbers specified as [host]:port. In fact, this is now
4241
becoming the preferred form, in order to avoid parsing
4242
problems with IPV6 addresses. Postfix supports both forms,
4243
but future versions will print a warning for the old form.
4244
Problem reported by Claus Fischer @ werhats.at
4245
4246
Bugfix: missing initialization for state->sasl_method can
4247
cause permit_sasl_authenticated to always succeed. Report
4248
and fix by Lutz Jaenicke @ aet.TU-Cottbus.DE.
4249
4250
FAQ: added notes about how to delete, copy or restore queue
4251
files in a safe manner.
4252
4253
20000921
4254
4255
File reorganization. No code change except Makefiles. All
4256
sources are pushed down by one directory level to keep file
4257
listings usable. Released as 20000922, so that I have a
4258
reference to run "diff -cr against.
4259
4260
Bugfix: the spawn service was installed without man pages.
4261
4262
Portability: MacOSX hints and tips by Joe Block, University
4263
of Central Florida School of Optics/CREOL
4264
4265
Portability: The MacOSX gcc compiler does not understand
4266
the new printf_like/scanf_like attributes. File: util/sys_defs.h.
4267
4268
20000922
4269
4270
nqmgr update from Patrik Rak for the changed queue manager
4271
to delivery agent protocol.
4272
4273
Lame feature: syslog_facility parameter to control where
4274
syslogd sends Postfix logging (default: syslog_facility =
4275
mail). However, errors during command-line parsing are
4276
still logged with the default syslog facility, as are errors
4277
while processing the main.cf file (surprise). Based on
4278
code by Andrew McNamara.
4279
4280
20000923
4281
4282
Cleanup: new bounce logfile API so that Postfix can change
4283
to an extensible bounce logfile format with per-recipient
4284
sender addresses (needed for VERP and for reporting local
4285
list delivery problems to the list owner) and other
4286
attributes. File: global/bounce_log.[hc].
4287
4288
Cleanup: replaced the ad-hoc logfile parsing code in showq
4289
by something that uses the generic bounce logfile API.
4290
4291
20000924
4292
4293
Feature: Postfix bounced mail and delayed mail notifications
4294
now have the standard RFC 1894 form (DSN). The bounce
4295
service now uses the generic bounce logfile API. File:
4296
bounce/bounce_notify_service.c, bounce/bounce_notify_util.c.
4297
4298
Cleanup: deleted the per-recipient bounce protocol. Future
4299
bounce logfiles will support per-recipient bounce addresses.
4300
Files: global/bounce.c, bounce/bounce_recip_service.
4301
4302
20000925
4303
4304
Workaround: sendmail allows MAIL FROM and RCPT TO envelope
4305
addresses like <the dude <dude@site>> so we will never get
4306
rid of them. To disallow, specify "strict_rfc821_envelopes
4307
= yes". File: smtpd/smtpd.c.
4308
4309
20000926-20001003
4310
4311
Feature: a "flush" server that keeps per-destination records
4312
of deferred mail. It is the basis of a faster ETRN and
4313
"sendmail -qRsite" implementation. This code was rewritten
4314
half a dozen times.
4315
4316
20000928
4317
4318
Bugfix: the stricter dns_lookup() argument checks revealed
4319
that Postfix was doing DNS lookups for domain literals
4320
([ip.address]) when expanding aliases in MAIL FROM and RCPT
4321
TO address parameters. Reported by Jim Littlefield. File:
4322
smtp/smtp_unalias.c.
4323
4324
Documentation: added text on the biff=yes/no parameter to
4325
conf/sample-local.cf (text provided by Paul Wagland,
4326
relational-consultancy.com.
4327
4328
Robustness? Log errors from SASL library code as warnings
4329
not as fatal errors. Files: smtp*/*glue.c.
4330
4331
20001001
4332
4333
Feature: in master.cf, specify ? after wakeup time to avoid
4334
waking up services that aren't being used.
4335
4336
20001003
4337
4338
Feature: the fast flush refresh and purge time interval
4339
parameters can now be specified in user-specified units by
4340
providing an appropriate suffix: s (seconds), m (minutes),
4341
h (hours), d (days), w (weeks). unit. This was needed so
4342
that I could test the flush server code in a reasonable
4343
way (its timeouts are normally specified in days or hours,
4344
and I don't have that much time for testing). Other Postfix
4345
time interval parameters will be migrated as time permits.
4346
Files: conf/sample-flush.cf, global/mail_conf_time.c,
4347
postconf/postconf.c.
4348
4349
Unfeature: qmgr_hog_factor is now disabled by default. It
4350
was just too confusing. If you don't know what this means,
4351
do not worry.
4352
4353
20001005
4354
4355
Cleanup: after "postfix reload" do not penalize mail that
4356
was in the active queue, but make it ready for immediate
4357
delivery so that ETRN etc. works as intended. Files:
4358
*qmgr/qmgr.c, *qmgr/qmgr_active.c.
4359
4360
Portability: Redhat 7 library interfaces have changed
4361
incompatibly, which breaks existing software. File makedefs.
4362
4363
Consistency: the fallback_relay parameter did not understand
4364
the [] or host:port syntax, and there was no way to suppress
4365
MX record lookups. Files: smtp/smtp_addr.c, smtp/smtp_connect.c.
4366
4367
Convenience: you can now specify multiple SMTP destinations
4368
in the relayhost or fallback_relay configuration parameters.
4369
The specified destinations will be tried in the specified
4370
order. File: smtp/smtp_connect.c.
4371
4372
Many typographical corrections by Matthias Andree.
4373
4374
20001024
4375
4376
Documentation: the canonical, virtual etc. manual pages
4377
did not document the effect of leading whitespace.
4378
4379
20001025
4380
4381
Bugfix: virtual map expansion stopped too early with
4382
self-referential aliases. Reported by Michael Douglass @
4383
datafoundry.net. File: cleanup/cleanup_map1n.c.
4384
4385
20001026
4386
4387
Horror: postmap and postalias (newaliases) silently lose
4388
the file lock while building a lookup table with Berkeley
4389
DB 2.x and later on Solaris, HP-UX, IRIX, and UNIXWARE.
4390
The result is that table lookups fail while the table is
4391
being built, so that mail is lost. In order to avoid this
4392
misbehavior one has to use an undocumented feature that is
4393
NOT available with the DB1.85 compatibility interface.
4394
Therefore, Postfix now supports three Berkeley DB programming
4395
interfaces of increasing complexity. File: util/dict_db.c.
4396
4397
Bugfix: some character manipulations were not portable for
4398
signed/unsigned characters. Files: global/quote_821_local.c,
4399
global/quote_822_local.c.
4400
4401
Workaround: apparently, some software sends SMTP mail that
4402
begins with "From sender time-stamp". Sendmail silently
4403
ignores such RFC violating garbage, and therefore Postfix
4404
needs to jump another hoop. File: smtpd/smtpd.c.
4405
4406
20001028
4407
4408
Bugfix: the flush server tried to access config files after
4409
going to the chroot jail. Found by Lutz Jaenicke, TU-Cottbus.DE.
4410
File: flush/flush.c.
4411
4412
Update: revised LDAP module from primary maintainer John
4413
Hensley, with contributions from many other people. Files:
4414
util/dict_ldap.c, LDAP_README.
4415
4416
Update: LINUX2 chroot setup script by Matthias Andree,
4417
uni-dortmund.de.
4418
4419
Feature: specify unix:/path/name for LMTP connections over
4420
UNIX-domain sockets, and specify inet:host or inet:host:port
4421
for IPV4. If no unix: or inet: is specified, IPV4 is assumed.
4422
File: lmtp/lmtp_connect.c.
4423
4424
Feature: added UNIX-domain support to the smtpstone test
4425
programs in order to test the LMTP client UNIX-domain
4426
support.
4427
4428
20001030
4429
4430
Bugfix: further testing in preparation for 19991231-pl10
4431
revealed that the DB map code was now broken for every
4432
platform.
4433
4434
20001031
4435
4436
Performance: the slow start (gradually increase number of
4437
parallel connections to the same site) was too gentle and
4438
Postfix would back off too quickly. Files: qmgr/qmgr_queue.c
4439
and nqmgr/qmgr_queue.c.
4440
4441
20001101
4442
4443
FAQ update by Ralph Hildebrandt.
4444
4445
20001104
4446
4447
Portability: RedHat Linux has changed incompatibly, again.
4448
Fixed with the help of Matthias Andree. File: makedefs.
4449
4450
20001109
4451
4452
Cleanup: changed prototype of internal function that did
4453
not return a useful result. File: src/util/vstream_popen.c.
4454
4455
20001110
4456
4457
Workaround: the Debian post install script passes an open
4458
file descriptor into the master server and waits forever.
4459
Reported by Lamont Jones. File: master/master.c.
4460
4461
20001114
4462
4463
Compatibility: added sendmail -G (gateway submission) option
4464
for compatibility with the sendmail rmail command. Requested
4465
by David Gilbert, Velocet Communications.
4466
4467
20001116
4468
4469
Documentation: added MAILER-DAEMON to the list of sample
4470
masquerade_exceptions settings in conf/sample-rewrite.cf.
4471
Suggested by Karl O. Pinc, pop.artic.edu.
4472
4473
Performance: the slow start (gradually increase number of
4474
parallel connections to the same site) was too gentle and
4475
Postfix would back off too quickly. Files: qmgr/qmgr_queue.c
4476
and nqmgr/qmgr_queue.c. Yup, changed the same code, again.
4477
We now allow for a margin above the actual concurrency,
4478
with the size of the initial destination concurrency.
4479
Final solution by Patrik Rak.
4480
4481
Bugfix: the recipient home directory test broke mailbox_transport
4482
support for non-UNIX recipients. File: local/recipient.c.
4483
4484
20001117
4485
4486
Robustness: additional integrity tests for the nqmgr by
4487
Patrik Rak. File: nqmgr/qmgr_message.c.
4488
4489
20001118
4490
4491
Bugfix: the new LDAP client code did not work properly if
4492
the new ldap_domain parameter was not specified. LaMont
4493
Jones, HP. File: util/dict_ldap.c.
4494
4495
Feature: the soft_bounce safety net is extended to the SMTP
4496
server. With "soft_bounce = yes", The SMTP server changes
4497
all 5xx (reject) replies into 4xx (try again) replies.
4498
4499
Documentation: the virtual(5) man page now documents both
4500
Postfix-style virtual domains and Sendmail-style virtual
4501
domains, including their interaction with local usernames,
4502
aliases and mailing lists. Hopefully, this ends some of
4503
the confusion surrounding virtual domain support. Updated
4504
several FAQ entries concerning virtual domain support.
4505
4506
Documentation: added FAQ entry for the biff service.
4507
4508
20001119
4509
4510
Bugfix: per-destination queue names were case sensitive so
4511
that the same site could have multiple queues. Reported
4512
by Patrik Rak. Files: *qmgr/qmgr_message.c.
4513
4514
20001120
4515
4516
Bugfix: per-destination deferred mail logfiles were case
4517
sensitive so that the same site could have multiple deferred
4518
mail logfiles, so that not all mail would be flushed with
4519
ETRN. Reported by Ralph Hildebrandt. Files: flush/flush.c.
4520
4521
Portability: added (int) casts to printf-like arguments
4522
that specify the width of %*letter conversions. On some
4523
systems, sizeof and pointer difference expressions are
4524
wider than an int. Reported by Valentin Nechayev @ lucky.net.
4525
4526
20001121:
4527
4528
Compatibility: Postfix now retries delivery when an external
4529
command is killed by a signal, because people expect such
4530
behavior from Sendmail. File: global/pipe_command.c.
4531
4532
20001123-30
4533
4534
Feature: mailbox locking is now configurable. The configuration
4535
parameter name is "mailbox_delivery_lock". Depending on
4536
the operating system one can specify one or more of "flock",
4537
"fcntl" and "dotlock". Use "postconf -l" to find out what
4538
locking methods Postfix supports. The default setting is
4539
system dependent. All mailbox file opens are now done by
4540
one central mbox_open() routine. This affects the operation
4541
of the postlock command, and of local delivery to mailbox
4542
or /file/name. Files: util/safe_open.c, util/myflock.c,
4543
global/deliver_flock.c, global/mbox_conf.c, global/mbox_open.c.
4544
local/mailbox.c, local/file.c, postlock/postlock.c.
4545
4546
Compatibility: the old sun_mailtool_compatibility parameter
4547
is being phased out. It still works (by turning off
4548
flock/fcntl locks), but logs a warning as a reminder that
4549
it will go away.
4550
4551
Compatibility: when delivering to /file/name, the local
4552
delivery agent now logs a warning when it is unable to
4553
create a /file/name.lock file, and then delivers the mail
4554
(older Postfix versions would silently deliver).
4555
4556
20001202
4557
4558
Feature: specify "smtp_never_send_ehlo = no" to disable
4559
ESMTP. Someone asked for this long ago. Files: smtp/smtp.c,
4560
smtp/smtp_proto.c.
4561
4562
Feature? Bugfix? The smtp client now skips server replies
4563
that do not start with "CODE SPACE" or with "CODE HYPHEN",
4564
and flags them as protocol errors. Older versions silently
4565
treat "CODE TEXT" as "CODE SPACE TEXT". File: smtp/smtp_chat.c.
4566
4567
20001203
4568
4569
Documentation: postmap(1) and postalias(1) did not document
4570
the process exit status for "-q key".
4571
4572
20001204
4573
4574
Bugfix: the Postfix master daemon no longer imported
4575
MAIL_CONF and some other necessary environment parameters.
4576
Postfix now has explicit "import_environment" and
4577
"export_environment" configuration parameters that control
4578
what environment parameters are shared with non-Postfix
4579
processes. Files: util/clean_env.c, util/spawn_command.c,
4580
util/vstream_popen.c, global/pipe_command.c, and everything
4581
that invokes this code.
4582
4583
20001208
4584
4585
Bugfix: while processing massive amounts of one-recipient
4586
mail, qmgr could deadlock for 10 seconds while sending a
4587
bounce message. All queue manager bounce send requests are
4588
now implemented asynchronously. Files: global/abounce.[hc]
4589
(asynchronous bounce client), qmgr/qmgr_active.c. Problem
4590
reported by El Bunzo (webpower.nl) and Tiger Technologies
4591
(tigertech.com).
4592
4593
20001209
4594
4595
Feature: mailbox_transport and fallback_transport can now
4596
have the form transport:nexthop, with suitable defaults
4597
when either transport or nexthop are omitted, just like in
4598
the Postfix transport map. This allows you to specify for
4599
example, "mailbox_transport = lmtp:unix:/file/name". File:
4600
global/deliver_pass.c.
4601
4602
20001210
4603
4604
Bugfix: the local_destination_concurrency_limit paramater
4605
no longer worked as per-user concurrency limit but instead
4606
worked as per-domain limit, so that the limit of "2" in
4607
the default main.cf files resulted in poor local delivery
4608
performance. Files: qmgr/qmgr_message.c, qmgr/qmgr_deliver.c.
4609
Problem reported by David Schweikert (ee.ethz.ch) and Dallas
4610
Wisehaupt (cynicism.com).
4611
4612
20001210
4613
4614
Feature: support for MYSQL connections over UNIX-domain
4615
sockets by Piotr Klaban. Files: util/dict_mysql.c,
4616
MYSQL_README.
4617
4618
20001211
4619
4620
Small dirt: postconf -m produced too much output due to a
4621
missing "else", and the optional SASL code needed a fix
4622
for the changed name_mask API.
4623
4624
20001212
4625
4626
Workaround: due to an error, record type L for "filter
4627
transport name" was the same as that for the already existing
4628
record type L for "record not ending in newline", causing
4629
the pickup daemon to discard all records not ending in
4630
newline. The code cannot be changed without breaking
4631
compatibility with queued mail, so the pickup server is
4632
changed to discard type L records only from the message
4633
envelope, not from the content. File: pickup/pickup.c.
4634
4635
20001213
4636
4637
Bugfix: dict_ldap did not properly initialize a handle
4638
after connection timeout. Problem reported by Alain Thivillon.
4639
File: util/dict_ldap.c.
4640
4641
20001214
4642
4643
Feature: local_transport and default_transport now also
4644
understand the transport[:destination] notation, so that
4645
all transport config parameters are similar again. File:
4646
trivial-rewrite/resolve.c, trivial-rewrite/transport.c.
4647
4648
Code cleanup: mailbox_transport and fallback_transport no
4649
longer allow the user to omit the transport part of a
4650
transport:destination specification. That just did not make
4651
any sense at all. The :destination part is still optional.
4652
File: global/deliver_pass.c.
4653
4654
Feature: most time-related configuration parameters take
4655
a one-letter suffix that specifies the time unit: s
4656
(second), m (minutes), h (hours), d (days), w (weeks).
4657
"postconf -d" output includes the default time unit. Files:
4658
many.
4659
4660
Code cleanup: in a CONFIG_TIME_TABLE, the default time unit
4661
is now always the last character of a default time value.
4662
It is no longer necessary to specify the default time unit
4663
separately. This change means that it will not be possible
4664
to specify default values in the form of function calls,
4665
but that was unused anyway. Files: global/mail_conf_time.c,
4666
and user code.
4667
4668
20001217
4669
4670
Bugfix: reorganized some code in the MYSQL client to end
4671
a number of memory allocation/deallocation problems. This
4672
code needs more work. File: dict_mysql.c.
4673
4674
20001218
4675
4676
Bugfix: the MYSQL client did not provide function pointers
4677
for unimplemented operations, causing "postmap -d" to dump
4678
core instead if issuing an error message. This is what I
4679
get for accepting code that I cannot test myself.
4680
4681
20001221
4682
4683
Code cleanup: configuration parameters that are $name
4684
expanded at run-time now have their own data type hierarchy
4685
instead of being piggy-backed on top of strings that are
4686
$name expanded at program initialization time. Files:
4687
global/mail_conf.h, global/mail_conf_raw.c, and code that
4688
calls it.
4689
4690
20001230
4691
4692
Update: replaced the default rbl.maps.vix.com setting by
4693
the current blackholes.mail-abuse.org.
4694
4695
20010102
4696
4697
Code cleanup: the queue manager is a bit greedier with
4698
allocating a delivery agent. Problem pointed out by Patrik
4699
Rak. All bugs in the solution are mine. Files:
4700
*qmgr/qmgr_active.c.
4701
4702
20010105
4703
4704
Bugfix: the FILTER_README shell script example did not
4705
correctly pass exit status to the parent.
4706
4707
Bugfix: soft errors in client hostname lookups would be
4708
treated as hard errors. Fix by Michael Herrmann
4709
(informatik.tu-muenchen.de). File: smtpd/smtpd_peer.c.
4710
4711
20010110
4712
4713
Bugfix: the mkdir() EEXIST race condition workaround was
4714
not complete. Matthias Andree, Daniel Roesen. Files:
4715
global/mail_queue.c, util/make_dirs.c.
4716
4717
20010111
4718
4719
Portability: IRIX 6.5.10 defines sa_len as a macro, causing
4720
a name collision with a variable used by Postfix. Roberto
4721
Totaro, enigma.ethz.ch. File: smtpstone/smtp-source.c.
4722
4723
20010116
4724
4725
Bugfix: REJECT by header/body_checks was flagged in smtpd
4726
as a bounce, should be policy, in order to make postmaster
4727
notifications more consistent. File: smtpd/smtpd.c.
4728
4729
Merged updated chroot setup procedure by Matthias Andree.
4730
Files: examples/chroot-setup/LINUX2.
4731
4732
20010117
4733
4734
Formatting: changed the seconds and days formats in the
4735
"your mail is delayed" text so that it does not switch to
4736
scientific notation. File: bounce/bounce_notify_util.c.
4737
4738
20010119
4739
4740
Feature: SASL support for the LMTP client. Recent CYRUS
4741
software requires this for Postfix over TCP sockets.
4742
4743
20010120
4744
4745
Bugfix: the 20001005 revised fallback_relay support caused
4746
Postfix to send mail to the fallback even when the local
4747
machine was an MX host for the final destination. Result:
4748
mailer loop. Found by Laurent Wacrenier (teaser.fr). Files:
4749
smtp/smtp_connect.c, smtp/smtp_addr.c.
4750
4751
20010121
4752
4753
Workaround: specify "broken_sasl_auth_clients = yes" in
4754
order to support old Microsoft clients that implement a
4755
non-standard version of RFC 2554 (AUTH command).
4756
4757
Workaround: Lotus Domino 5.0.4 violates RFC 2554 and replies
4758
to EHLO with AUTH=LOGIN. File: smtp/smtp_proto.c.
4759
4760
20010125
4761
4762
Code cleanup: wrote creator/destructor for dictionary
4763
objects that provides default methods that trap all attempts
4764
to perform an unimplemented operation. Based on an ansatz
4765
by Laurent Wacrenier (teaser.fr). Files: util/dict*.[hc].
4766
4767
Code cleanup: INSTALL.sh does not ask questions when stdin
4768
is not connected to a tty (as in: make install</dev/null).
4769
To automate a customized install, the script imports
4770
environment variables for install_root etc.
4771
4772
20010127
4773
4774
Workaround: randomize the delay between attempts to lock
4775
a file, so that multiple bounce or defer servers are less
4776
likely to retry all at the same time. likely. File:
4777
util/rand_sleep.c, global/deliver_flock.c, global/dot_lockfile.c.
4778
4779
20010128
4780
4781
Code cleanup: complaints about invalid or numeric hostnames
4782
either provide specific context or are removed as redundant.
4783
Files: util/valid_hostname.c dns/dns_lookup.c.
4784
4785
Code cleanup: new mailbox_size_limit parameter (default:
4786
20MB). Until now, the mailbox size limit was the same as
4787
the message size limit, due to artefact of implementation.
4788
Files: global/mail_params.h, local/local.c.
4789
4790
Bugfix: fix for the ldap_domains parameter, both semantics
4791
and documentation by LaMont Jones. Files: LDAP_README,
4792
conf/sample-ldap.cf, util/dict_ldap.c.
4793
4794
Update: merged in the virtual delivery agent by Andrew
4795
McNamara. See VIRTUAL_README for detailed examples.
4796
4797
Update: merged a re-vamped nqmgr by Patrik Rak.
4798
4799
20010129
4800
4801
Tweak: several little nqmgr tweaks by Patrik Rak. Files:
4802
global/mail_params.h, nqmgr/qmgr_job.c.
4803
4804
Bugfix: the virtual delivery agent did not save maps_find()
4805
results timely. J?rgen Thomsen, postfix.jth.net. File:
4806
virtual/mailbox.c.
4807
4808
Security: disallow regexp tables in the virtual delivery
4809
agent. The $1 etc. substitution mechanism gives too much
4810
power to the sender. File: virtual/mailbox.c.
4811
4812
Cleanup: clarified documentation and boundary cases in the
4813
random_sleep() routine.
4814
4815
Bugfix: the MISSING_USLEEP feature was used backwards.
4816
Patrik Rak. File: util/random_sleep.c.
4817
4818
20010130
4819
4820
Workaround: Linux usleep() is void, BSD/Solaris usleep()
4821
returns int, don't use it. File util/random_sleep.c.
4822
4823
Made local maildir bounce/defer handling mode consistent
4824
with local mailbox delivery. File local/maildir.c.
4825
4826
The smtp client now defers delivery when all MX hosts have
4827
no A record. File: smtp/smtp_addr.c
4828
4829
Bundled the man2html and postlink quick hacks so people
4830
can do their own manual page processing. See scripts in
4831
the mantools directory.
4832
4833
Documentation: updated the reference to sendmail in the
4834
html/index.html page.
4835
4836
Documentation: added note about the Cisco PIX "fixup smtp"
4837
bug that causes mail delivery problems when "." and "CRLF"
4838
arrive in separate packets. File: html/faq.html.
4839
4840
20010201
4841
4842
Bugfix: another missing initialization in the mysql client.
4843
File: util/dict_mysql.c.
4844
4845
Sanitized time routine by Patrik Rak, to make his nqmgr
4846
robust against people who set their clock back. Files:
4847
util/sane_time.[hc].
4848
4849
Bumped the default mailbox file size limits to 50MB.
4850
4851
20010202
4852
4853
Bugfix: fixed the way the master resets the file size limit
4854
to avoid problems when a Postfix daemon updates a queue
4855
file. The file size limit is now increased to INT_MAX if
4856
it is smaller than INT_MAX, so that it is less likely to
4857
interfere than the old setting of message_size_limit.
4858
4859
Feature: disable mailbox size limits for the local and
4860
virtual delivery agents by setting mailbox_size_limit or
4861
virtual_mailbox_limit to zero.
4862
4863
20010203
4864
4865
Update: null candidate patch from Patrik Rak. Files:
4866
nqmgr/qmgr_entry.c nqmgr/qmgr_job.c nqmgr/qmgr_message.c.
4867
4868
Cleanup: added one gruesome command to the postlink script
4869
for hyperlinking nroff manual page output. Word abbreviation
4870
broke some <a href...> </a> instances across line boundaries.
4871
sed(1) is an amazing tool. File: mantools/postlink.
4872
4873
20010204
4874
4875
Laid the ground work for logging of table accesses. This
4876
will give more insight into how Postfix uses its lookup
4877
tables. User interface comes later. File: util/dict_debug.c.
4878
4879
20010216
4880
4881
Bugfix: the pipe delivery agent expanded $size as if it
4882
were a recipient, instead of expanding it as $nexthop or
4883
as $sender. Reported by Michael Tokarev. File: pipe/pipe.c.
4884
4885
20010221
4886
4887
Bugfix: poor LMTP performance for domains that are listed
4888
in $mydestination, because Postfix would send one recipient
4889
at a time, with multiple deliveries of recipients of the
4890
same message in parallel; a similar problem could exist
4891
with virus scanning and with firewall relay hosts that
4892
forward mail for $mydestination to an inside machine. This
4893
behavior is now changed to depend on the transport-specific
4894
xxx_destination_recipient_limit parameter. This also means
4895
that you can now get qmail behavior for SMTP deliveries by
4896
setting smtp_destination_recipient_limit=1. File:
4897
{qmgr,nqmgr}/qmgr_message.c.
4898
4899
Workaround: Solaris socketpair() can fail with EINTR. Added
4900
a sane_socketpair.c module that joins the ranks of the
4901
other sane_whatever workarounds. Reported by Andrew McNamara.
4902
File: util/sane_socketpair.[hc]
4903
4904
20010222
4905
4906
Documentation: the default main.cf file has a prominent
4907
warning that mynetworks should be properly configured in
4908
order to reject unauthorized mail relay requests from
4909
strangers.
4910
4911
Documentation: the INSTALL document, section "mandatory
4912
configuration file edits" has a section that explains that
4913
mynetworks should be properly configured in order to reject
4914
unauthorized mail relay requests from strangers.
4915
4916
20010223
4917
4918
Documentation: the basic.html document has a section that
4919
explains that mynetworks should be properly configured in
4920
order to reject unauthorized mail relay requests from
4921
strangers.
4922
4923
Feature: new "mynetworks_style" parameter that controls
4924
how mynetworks (trusted networks) is derived from the
4925
inet_interfaces (machine interfaces) setting. Specify
4926
"class" for entire class A, B, C networks; "subnet" for
4927
the local subnets only; or "host" for maximal privacy.
4928
Files: util/inet_addr_local.[hc], global/own_inet_addr.[hc],
4929
global/mynetworks.[hc], postconf/postconf.c.
4930
4931
Portability: MACOSX patches by Gerben Wierda.
4932
4933
Portability: Solaris /dev/null is a symlink, which tripped
4934
up the code to safely open a file before local delivery.
4935
We now grudgingly allow symlinks owned by root. File:
4936
util/safe_open.c.
4937
4938
20010224
4939
4940
Bugfix: "postconf mynetworks" ignored the inet_interfaces
4941
setting. That was a very old one. File: postconf/postconf.c.
4942
4943
INCOMPATIBLE CHANGE: POSTFIX NO LONGER RELAYS MAIL FOR
4944
CLIENTS IN THE ENTIRE CLASS A/B/C NETWORK. POSTFIX BY
4945
DEFAULT RELAYS MAIL FOR CLIENTS IN THE LOCAL SUBNETWORK.
4946
Specify "mynetworks_style = class" to get the old behavior.
4947
4948
20010225
4949
4950
Portability: master sigchld handler based on writing to a
4951
pipe, so that the master wakes up from select(). Based on
4952
code by Erik Forsberg, Linkoping University, Sweden. File:
4953
master/master_sig.c. Disabled until after the major release.
4954
4955
Code cleanup: Postfix should now run with no alias database.
4956
4957
Code cleanup: local_destination_recipient_limit and
4958
local_destination_concurrency_limit have become first-class
4959
configuration parameters. Files: global/mail_params.h,
4960
*qmgr/qmgr.c, postconf/postconf.c.
4961
4962
20010226
4963
4964
Documentation suggestions by Lars Hecking and Richard
4965
Huxton, Matthias Andree and many others.
4966
4967
Code cleanup: some queue/transport operations need to be
4968
moved, after the code cleanup of the recipient/concurrency
4969
limit handling. Patrik Rak. Files: *qmgr/qmgr_message.c.
4970
4971
20010301
4972
4973
Feature: configurable name in syslog output (default:
4974
"syslog_name = postfix") so that different Postfix instances
4975
can be recognized by their logging. File: global/mail_task.c.
4976
4977
20010313
4978
4979
Workaround for logic mismatch in nqmgr that was exposed
4980
with the introduction of the asynchronous bounce client.
4981
Patrik Rak.
4982
4983
20010313
4984
4985
Bugfix: the RFC 822 untokenizer quoted newlines inside
4986
comments. File: global/tok822_parse.c.
4987
4988
20010316
4989
4990
Cleanup: removed an extraneous warning when a queue file
4991
write error happened.
4992
4993
20010321
4994
4995
Workaround: LMTP connection caching never worked for
4996
destinations starting with unix: or inet:. File:
4997
lmtp/lmtp_connect.c.
4998
4999
20010322
5000
5001
Portability: Solaris <2.6 does not have srandom() and
5002
random() in libc. File: util/rand_sleep.c. It does not have
5003
to be cryptographically strong.
5004
5005
Bugfix: the fast ETRN flush server could not handle [ipaddr]
5006
or domain names with one-character hostname part. This
5007
fix changes the destination to logfile name mapping, so
5008
that you need to populate the new files with "sendmail -q".
5009
The old files go away automatically. File: flush/flush.c.
5010
5011
20010327
5012
5013
Speed up mailq (sendmail -bp) display by flushing output
5014
after each file. File: showq/showq.c.
5015
5016
Portability: missing string.h includes, %p wants (void *),
5017
Lamont Jones, HP.
5018
5019
20010328
5020
5021
Bugfix: swapped logic caused cleanup to stall when the
5022
queue file size exceeded the file size limit by less than
5023
one the VSTREAM buffer size, so that the "file too big"
5024
was detected after flushing the last queue file record.
5025
File: cleanup/cleanup.c.
5026
5027
20010329
5028
5029
Portability: workaround for missing prototype problem in
5030
dict_ldap.c. This module should move to the global directory,
5031
because it depends on Postfix main.cf parameter information.
5032
5033
Workaround: after sending a trigger message over a socket,
5034
do not immediately close the client side, but close it from
5035
a background thread that waits until the server closes the
5036
socket first. This avoids trouble with socket implementations
5037
that destroy a socket when the client closes a socket before
5038
the server has received the client's data. Files:
5039
util/{inet,unix,stream}_trigger.c, util/events.c,
5040
master/master_trigger.c, postkick/postkick.c.
5041
5042
20010403
5043
5044
Workaround: the mysql library can return null pointers
5045
rather than zero-length strings. File: util/dict_mysql.c.
5046
5047
20010404
5048
5049
Ergonomics: log additional information about the reason
5050
why "mail for XXX loops back to myself" when the local
5051
machine is the best MX host. File: smtp/smtp_addr.c.
5052
5053
20010406
5054
5055
Changed some noisy LDAP client warnings into optional
5056
logging. LaMont Jones, util/dict_ldap.c.
5057
5058
20010411
5059
5060
Bugfix: the SMTP server now replies with 550 instead of
5061
503 when it receives the DATA command without having received
5062
a valid recipient address. This is needed for the Sendmail
5063
client-side pipelining implementation. Problem reported by
5064
Lutz Jaenicke. File: smtpd/smtpd.c.
5065
5066
Cleanup: shut up if chattr fails on Reiserfs and other file
5067
systems that do not support the respective attributes.
5068
Files: conf/postfix-script-{no,}sgid.
5069
5070
20010413
5071
5072
Ergonomics: Postfix applications now warn when a DB or DBM
5073
file is out of date, and recommend to rebuild the table.
5074
Files: util/dict_db.c, util/dict_dbm.c.
5075
5076
20010414
5077
5078
Feature: specify a key of "-" to the postmap or postalias
5079
-q or -d option, and the keys will be read from standard
5080
input, one key per line. Files: postmap/postmap.c,
5081
postalias/postalias.c.
5082
5083
Bugfix: with a non-default inet_interfaces setting, the
5084
master ignored host information in master.cf host:port
5085
settings. Fix by Jun-ichiro itojun Hagino @ iijlab.net.
5086
Files: master/master.h, master/master_ent.c.
5087
5088
20010426
5089
5090
Bugfix: the SMTP server did not parse invalid MAIL FROM or
5091
RCPT TO addresses such as <first last <user@domain>> the
5092
way it was supposed to do. I thought this was taken care
5093
of years ago. File: smtpd/smtpd.c.
5094
5095
20010427
5096
5097
Bugfix: smtpd would reject mail instead of replying with
5098
a 4xx temporary error code when, for example, an LDAP or
5099
mysql server was unavailable. Remotely based on a fix by
5100
Robert Kiessling @ de.easynet.net. File: smtpd/smtpd_check.c.
5101
5102
20010429
5103
5104
Feature: the Postfix SMTP client now by default randomly
5105
shuffles destination IP addresses of equal preference.
5106
Specify "smtp_randomize_addresses = no" to disable.
5107
Shuffling code by Elias Levy @ SecurityFocus.com Files:
5108
dns/dns_rr.c, smtp/smtp_addr.c.
5109
5110
20010501
5111
5112
Bugfix: The SMTP server's 550 in reply to DATA should be
5113
a 554 response. And it wasn't Sendmail. Claus Assman.
5114
5115
Bugfix: the INSTALL.sh test for non-interactive upgrade
5116
broke rooted installations that specify settings via the
5117
environment. Simon Mudd.
5118
5119
Bugfix: mailq output is now really flushed one message at
5120
a time. File: sendmail/sendmail.c.
5121
5122
Feature: "postsuper -d queueID" deletes one message queue
5123
file; "postsuper -d -" reads zero or more queue IDs from
5124
standard input, and deletes one instance of each file.
5125
File: postsuper/postsuper.c.
5126
5127
Code cleanup: in order to make postsuper -d safe with a
5128
running Postfix mail system, some routines had to be made
5129
tolerant for sudden queue file disappearances. Files:
5130
global/deliver_request.c, *qmgr/qmgr_move.c.
5131
5132
Code cleanup: in order to make postsuper -d more usable,
5133
the showq command was extended to safely list the possibly
5134
world-writable maildrop directory. File: showq/showq.c.
5135
5136
20010504
5137
5138
Feature: postsuper -d will also delete defer and bounce
5139
logfiles when the named queue file is found.
5140
5141
20010505
5142
5143
RFC 2821 feature: an SMTP server must reset all buffers
5144
upon receipt of EHLO. File: smtpd/smtpd_check.c.
5145
5146
RFC 2821 feature: an SMTP server must accept a recipient
5147
address of "postmaster" without domain name. File:
5148
smtpd/smtpd_check.c.
5149
5150
RFC 2821 recommendation: reply with 503 to commands sent
5151
after 554 greeting. File: smtpd/smtpd.c.
5152
5153
RFC 2821 recommendation: if VRFY is enabled, list it in
5154
the EHLO response. File: smtpd/smtpd.c.
5155
5156
RFC 2821 recommendation: SMTP clients should use EHLO.
5157
The default setting of smtp_always_send_ehlo has changed
5158
from 0 (send EHLO if server greets with ESMTP) to 1 (always
5159
send EHLO). In all cases, Postfix falls back to HELO if
5160
the server does not support EHLO. File: smtp/smtp_proto.c.
5161
5162
20010507
5163
5164
Bugfix: with soft_bounce=yes, the SMTP server would log
5165
5xx replies even though it would send 4xx replies to the
5166
client (Phil Howard, ipal.net). File: smtpd/smtpd_check.c.
5167
5168
20010515
5169
5170
Compatibility: Microsoft sends "AUTH=MBS_BASIC LOGIN".
5171
Updated the parsing code in smtp/smtp_proto.c. Problem
5172
reported by Ralf Tessmann, Godot GmbH.
5173
5174
20010520
5175
5176
Standard: deleted the non-standard "via" portion from
5177
Received: headers generated by Postfix bounce or other
5178
notification processes. File: global/post_mail.c.
5179
5180
Robustness: eliminated stack-based recursion from the RFC
5181
822 address parser. File: global/tok822_parse.c.
5182
5183
Standard: annotated the source code with comments based on
5184
RFC 2821 and 2822. Not all the RFC changes make sense.
5185
5186
RFC 2821 recommendation: treat a RCPT 552 reply as if the
5187
server sent 452. Files: smtp/smtp_proto.c, lmtp/lmtp_proto.c.
5188
5189
Cleanup: moved ownership of the debug_peer parameters from
5190
the applications to the library, so that a Postfix shared
5191
library does not suffer from undefined references. Files:
5192
smtp/smtp.c, lmtp/lmtp.c, smtpd/smtpd.c, global/mail_params.c.
5193
LaMont Jones, for Debian.
5194
5195
20010522
5196
5197
Feature: "postsuper -r queueID" re-queues a message, and
5198
"postsuper -r ALL" re-queues all mail. The message is moved
5199
to the maildrop queue so that the pickup daemon will copy
5200
it to a new queue file, and so that address rewriting will
5201
be done again. This is useful after changes of address
5202
rewriting or virtual mappings.
5203
5204
Feature: "postsuper -d ALL [queue-name]" deletes a bunch
5205
of mail.
5206
5207
20010523
5208
5209
Feature: "postsuper -s" (which is done by default) renames
5210
queue files whose name (queue ID) does not match the message
5211
file inode number.
5212
5213
Bugfix: memory leak in the LDAP client module. Alain
5214
Thivillon, France Teaser - Groupe Firstream.
5215
5216
20010525
5217
5218
Portability: gcc 2.6.3 does not have __attribute__ (Clive
5219
Jones, dgw.co.uk). File: util/sys_defs.h.
5220
5221
Bugfix: the SMTP and LMTP clients claimed that a queue file
5222
needed to be delivered again (even when all recipients were
5223
erased from the queue file) when no QUIT or RSET reply was
5224
received (by default, this does not happen with SMTP mail
5225
because the SMTP client does not wait for QUIT replies and
5226
does not send RSET to deliver mail). As a result of the
5227
same bug the LMTP client followed a dangling pointer when
5228
sending QUIT after process idle timeout while the LMTP
5229
server had disconnected. Files: smtp/smtp_proto.c,
5230
lmtp/lmtp_proto.c.
5231
5232
20010526
5233
5234
newaliases no longer complains when an empty list is
5235
specified with the alias_database configuration parameter.
5236
File: sendmail/sendmail.c.
5237
5238
20010529
5239
5240
Workaround: old PIX firewall code messes up when the final
5241
".<CR><LF>" at the end of DATA spans a packet boundary.
5242
When Postfix detects PIX SMTP fixup mode, Postfix flushes
5243
the output buffers before sending the final ".<CR><LF>".
5244
File: smtp/smtp_proto.c.
5245
5246
20010530
5247
5248
Portability: updated code for Mac OS X, accounting for the
5249
post-Beta changes. Code by Joe Block, UCF School of
5250
Optics/CREOL.
5251
5252
20010601
5253
5254
Safety: postdrop turns off interrupts when cleaning up
5255
after interrupt. The additional safety does not hurt anyone.
5256
File: src/postdrop/postdrop.c.
5257
5258
20010607
5259
5260
Safety: dropped the RFC 2821 compliant code that treats
5261
552 RCPT TO replies as 452. It created more problems than
5262
it solved. Files: smtp/smtp_proto.c, lmtp/lmtp_proto.c.
5263
5264
Logging: the SMTP server now logs a warning if RBL lookups
5265
have problems other than "not found". file: smtpd/smtpd_check.c.
5266
5267
20010610
5268
5269
Feature: address quoting and case folding flags for the
5270
pipe(8) mailer.
5271
5272
20010611
5273
5274
Workaround: some MTAs fall on their face when they receive
5275
unexpectedly long lines. From now on, Postfix defaults to
5276
breaking long lines at 2048 (like Sendmail so it has got
5277
to be right). To get the old, content preserving, behavior
5278
specify "smtp_truncate_lines = no". File: smtp/smtp_proto.c.
5279
5280
20010614
5281
5282
Bugfix: did not really undo 2821 552->452 mapping.
5283
5284
20010628
5285
5286
Bugfix: postfix-script used a hard-coded maildrop group
5287
owner instead of using the install-time specified name
5288
stored in /etc/postfix/install.cf. Problem reported by
5289
David Terrell @ meat.net.
5290
5291
20010701
5292
5293
Feature: mail_spool_directory ending in / causes maildir
5294
style delivery.
5295
5296
Bugfix: the FreeBSD kernel parameters kern.ipc.nmbclusters
5297
and kern.ipc.maxsockets cannot be set with sysctl commands.
5298
File: html/faq.html. Len Conrad @ Go2France.com.
5299
5300
Cleanup: the virtual delivery agent was poorly integrated
5301
so that the SMTP server and queue manager did not reject
5302
mail for unknown users. Files: smtpd/smtpd_check.c.
5303
5304
20010705
5305
5306
Feature: QMQP server, compatible with qmail and the ezmlm
5307
list manager. Files: util/netstring.[hc], qmqpd/qmqpd*.c.
5308
5309
20010706
5310
5311
Feature: QMQP stress test message generator program. Files:
5312
smtpstone/qmqp-source.c, smtpstone/qmqp-sink.c.
5313
5314
20010708
5315
5316
Bugfix: with disable_dns=yes, the SMTP client treated all
5317
host lookup errors as permanent. File: smtp/smtp_addr.c.
5318
5319
20010709
5320
5321
Feature: VERP support, based on a patch by Peng Yong, and
5322
with the missing parts filled in so that the Postfix bounce
5323
daemon can send one VERP bounce per undeliverable recipient.
5324
Files: , sendmail/sendmail.c, smtpd/smtpd.c, qmgr/qmgr_deliver.c,
5325
bounce/bounce_notify_verp.c, qmqpd/qmqpd.c, plus a couple
5326
support routines in the global library.
5327
5328
Cleanup: with recipient_delimiter=+ (or any character other
5329
than -) Postfix will now recognize address extensions even
5330
with owner-foo+extension addresses. This is necessary to
5331
make VERP work for mailing lists.
5332
5333
20010710
5334
5335
Bugfix: potential memory leak in the queue managers with
5336
the new VERP delimiter record. Fix by Patrik Rak.
5337
5338
20010711
5339
5340
Cleanup: you can now specify the VERP delimiter characters
5341
on the sendmail(1) command line, but they are still optional.
5342
5343
Safety: with maildir style delivery and with hashed mailboxes
5344
the system mail spool directory must not be world writable.
5345
5346
20010713
5347
5348
Safety: the verp_delimiter_filter parameter (default: -=+)
5349
limits what characters Postfix accepts as VERP delimiter
5350
characters.
5351
5352
20010714
5353
5354
Logging: the queue manager now logs a "status=expired"
5355
record when it returns a message that is too old. Files:
5356
*qmgr/qmgr_active.c.
5357
5358
20010719
5359
5360
Feature: stiffer coupling between mail receiving rates and
5361
mail delivery rates, using a trivial token-based scheme,
5362
implemented by reading and writing an in-memory pipe. The
5363
queue manager produces one token when it retrieves mail
5364
from the incoming queue. The cleanup daemon consumes one
5365
token when it adds mail to the incoming queue. If no token
5366
is available the cleanup server pauses for $in_flow_delay
5367
seconds and proceeds anyway. The delay allows mail sending
5368
process to catch up and access the disk while not blocking
5369
inbound mail. Valid delays are 0..10 seconds.
5370
5371
20010727
5372
5373
Bugfix: updated LDAP client module from LaMont Jones, HP.
5374
This also introduces new LDAP query filter patterns: %u
5375
(address localpart) and %d (domain part). Files:
5376
conf/sample-ldap.cf, util/dict_ldap.c.
5377
5378
20010729
5379
5380
Bugfix: recursive smtpd_whatever_restrictions clobbered
5381
intermediate results when switching between sender and
5382
recipient address restrictions. Problem found by Victor
5383
Duchovni, morganstanley.com. In order to fix, introduced
5384
address resolver result caching, which should also help to
5385
speed up sender/recipient address restriction processing.
5386
5387
Bugfix: the not yet announced DUNNO access table lookup
5388
result did not prevent lookups with substrings of the same
5389
lookup key. Found by Victor Duchovni, morganstanley.com.
5390
5391
20010730
5392
5393
Robustness: trim trailing whitespace from regexp and pcre
5394
right-hand sides, for consistency with DB/DBM tables.
5395
Files: util/dict_pcre.c, util/dict_regexp.c.
5396
5397
20010731
5398
5399
Robustness: eliminate duplicate IP addresses after expansion
5400
of hostnames in $inet_interfaces, so that Postfix does not
5401
suddenly refuse to start up after someone changes the DNS.
5402
Files: util/inet_addr_list.c global/own_inet_addr.c.
5403
5404
Feature: specify "disable_verp_bounces = yes" to have
5405
Postfix send one RFC-standard, non-VERP, bounce report for
5406
multi-recipient mail, even when VERP style delivery was
5407
requested.
5408
5409
20010801
5410
5411
Bugfix: postconf was using unexpanded values internally
5412
for myhostname, inet_interfaces, and mynetworks_style.
5413
This broke the "postconf -d" mynetworks computation. File:
5414
postconf/postconf.c.
5415
5416
20010803
5417
5418
Feature: masquerade_classes parameter for fine control of
5419
address masquerading. The default setting is backwards
5420
compatible: envelope_sender header_sender header_recipient.
5421
Files: cleanup/whatever.c.
5422
5423
20010822
5424
5425
Code cleanup: the bounce daemon complained about data that
5426
it was not going to send back anyway. Fix: stop reading
5427
the original message when the bounce message reaches the
5428
bounce message size limit. File: bounce/bounce_notify_util.c.
5429
5430
20010826
5431
5432
Logging: postsuper now logs the queue ID when it requeues
5433
a message, or when it deletes a message from the mail queue.
5434
File: postsuper/postsuper.c.
5435
5436
20010830
5437
5438
Safety: the SMTP server now sends a 4xx (try again later)
5439
response when an UCE restriction is misconfigured, instead
5440
of ignoring the bad restriction and possibly accepting mail
5441
that it should not accept. File: smtpd/smtpd_check.c.
5442
5443
20010907
5444
5445
Workaround: the Postfix qmqp-source program produced mail
5446
not ending in newline. qmail-qmqpd accepts such mail, but
5447
qmail-remote is unable to deliver it. Matthias Andree,
5448
uni-dortmund.de. File: smtpstone/qmqp-source.c.
5449
5450
20010910
5451
5452
Bugfix: the smtp-sink stress test program broke when RCPT
5453
TO commands crossed network packet boundaries. Problem
5454
reported by Matthias Andree, uni-dortmund.de. File:
5455
smtpstone/smtp-sink.c.
5456
5457
20010917
5458
5459
Code cleanup: permit_mx_backup implements the old behavior
5460
(accept mail if the local MTA is MX relay), and allows an
5461
additional restriction via the permit_mx_backup_networks
5462
parameter (accept mail only if the primary MX hosts match
5463
the specified list of network blocks). This second restriction
5464
is now entirely optional, for backwards compatibility.
5465
5466
Bugfix: an address extension could be appended multiple
5467
times to the result of a canonical or virtual map lookup.
5468
File: global/mail_addr_map.c. Fix by Victor Duchovni,
5469
Morgan Stanley.
5470
5471
Bugfix: split_addr() would split an address even when there
5472
was no data before the recipient delimiter. In combination
5473
with the above bug, this could cause an address to grow
5474
exponentially in size. Problem reported by Victor Duchovni,
5475
Morgan Stanley. File: global/split_addr.c.
5476
5477
20010918
5478
5479
Bugfix: the mail_addr_map() fix was almost but not quite
5480
right. It took two clever people and several iterations of
5481
email to really fix the mail_addr_map() problem. Thanks
5482
to Victor Duchovni and Liviu Daia.
5483
5484
20011006
5485
5486
Cleanup: Postfix no longer flushes the whole deferred queue
5487
after an ETRN request for a random domain name (i.e. a
5488
domain name not matched by $fast_flush_domains); the SMTP
5489
server instead replies with "459 service unavailable".
5490
Files: smtpd/smtpd.c, global/flush_clnt.c, flush/flush.c.
5491
5492
20011008
5493
5494
Bugfix: there was a minute memory leak when an smtpd access
5495
restriction was misconfigured. File: smtpd/smtpd_check.c.
5496
5497
20011010
5498
5499
Code cleanup: Postfix daemons now print the name of the
5500
UNIX-domain socket (instead of "unknown stream") in case
5501
of a malformed client request. Files: master/*server.c.
5502
5503
20011010-14
5504
5505
Code cleanup: replaced the ugly mail_print() and mail-scan()
5506
protocols by (name,value) attribute lists. This gives better
5507
error detection when we make changes to internal protocols,
5508
and allows new attributes to be introduced without breaking
5509
everything immediately. Files: util/attr_print.c util/attr_scan.c
5510
global/mail_command_server.c global/mail_command_client.c
5511
as wel as most Postfix applications and daemons.
5512
5513
20011015
5514
5515
Put base 64 encoding into place on the replaced internal
5516
protocols. Files: util/base64_code.[hc].
5517
5518
Feature: header/body REJECT rules can now provide text that
5519
is sent to the originator. Files: cleanup/cleanup.c,
5520
cleanup/cleanup_message.c, conf/sample-filter.cf.
5521
5522
20011016
5523
5524
Bugfix: As of 20000625, Errors-To: was broken, because the
5525
code to extract the address was not moved from recipient
5526
address rewriting to sender address rewriting. Problem
5527
reported by Roelof Osinga @ nisser.com. File:
5528
cleanup/cleanup_message.c.
5529
5530
20011029
5531
5532
Bugfix: virtual map expansion terminated early because the
5533
detection of self-referential entries was flawed. File:
5534
cleanup/cleanup_map1n.c.
5535
5536
20011031
5537
5538
Bugfix: mail_date() mis-formatted negative time zone offsets
5539
with fractional hours (-03-30 instead of -0330). Fix by
5540
Chad House, greyfirst.ca. File: global/mail_date.c.
5541
5542
20011102
5543
5544
Feature: new -f option to postmap and postalias (do not
5545
lowercase the lookup key while creating a table). Files:
5546
util/dict.h postmap/postmap.c postalias/postalias.c.
5547
5548
Code cleanup: simplified the attribute print/scan routines,
5549
and removed the never-used support for sending and receiving
5550
integer arrays and string arrays. Files: util/attr_print.c,
5551
util/attr_scan.c.
5552
5553
Bugfix: qmqpd could read past the end of a string while
5554
looking for qmail's VERP magic token in the envelope sender
5555
address. File: qmqpd/qmqpd.c.
5556
5557
Code cleanup: finished testing the new internal protocols.
5558
The only bug was with the flush server, which still needs
5559
to support the old (string + null byte) protocol for triggers
5560
from the Postfix master daemon.
5561
5562
20011103
5563
5564
Bugfix: Postfix would log the wrong error text when locally
5565
submitted mail was deferred due to "soft_bounce = yes".
5566
5567
Bugfix: The LDAP client dropped any entries that don't have
5568
the result_attribute, but errored out when a DN didn't
5569
exist. The behavior is now consistent: treat non-existant
5570
DN's in a special result attribute expansion the same as
5571
DN's with no attribute. LaMont Jones, HP.
5572
5573
20011104
5574
5575
Bugfix: the new smtp-sink -n option (terminate after the
5576
specified number of deliveries) wasn't optional.
5577
5578
Portability: updated Mac OS X documentation and install
5579
scripts by Gerben Wierda.
5580
5581
20011105
5582
5583
Bugfix: missing terminator in new attribute-based function
5584
call caused signal 11. File: src/cleanup/cleanup.c.
5585
5586
Lame workaround for ESTALE errors with mail delivery over
5587
NFS. Additional bandages were added to the local delivery
5588
agent. However, Wietse maintains that Postfix offers no
5589
guarantee for reliable delivery over NFS.
5590
5591
Feature: put "warn_if_reject" before an smtpd restriction,
5592
and that restriction logs warnings without rejecting mail.
5593
This makes it easier to test configurations "live" without
5594
having to lose mail. File: smtpd/smtpd_check.c.
5595
5596
20011107
5597
5598
Workaround: in order to get mail past PIX firewall bugs,
5599
the Postfix SMTP client now blocks until the socket send
5600
buffer is empty before sending the final ".<CR><LF>". Files:
5601
util/sock_empty_wait.c, smtp/smtp_proto.c. Changed into
5602
sleep(10) on 20011119. Sleep suggested by Hobbit.
5603
5604
20011108
5605
5606
Feature: added string-null encoding for internal protocols.
5607
Files: util/attr_print0.c, util/attr_scan0.c.
5608
5609
Feature: configurable parent domain matching for domain
5610
and hostname/address match lists: either .domain or the
5611
domain name itself. Files: util/match_ops.c util/match_list.c
5612
5613
Feature: added pretend-to-be-behind-PIX mode to the smtp-sink
5614
test program, in order to stress test some PIX bug workaround
5615
code.
5616
5617
20011109
5618
5619
Workaround: Linux and Solaris systems have no reasonable
5620
way to block until a socket drains. On these systems Postfix
5621
simply waits for 10 seconds, in order to work around PIX
5622
".<CR><LF>" bugs. File: util/sock_empty_wait.c.
5623
5624
20011114
5625
5626
Bugfix: reset the smtpd command transaction log between
5627
deliveries. File: smtpd/smtpd.c.
5628
5629
20011115
5630
5631
Feature: mailbox_command_maps no longer requires that every
5632
user has an entry. If the user does not have a command
5633
entry, the local delivery agent tries the other delivery
5634
methods (mailbox_command, home_mailbox). File: local/mailbox.c.
5635
5636
Bugfix: reset the smtpd command transaction log between
5637
non-deliveries. File: smtpd/smtpd.c.
5638
5639
20011116
5640
5641
Bugfix: consolidated all the command transaction log resets
5642
and eliminated one missing reset (Victor Duchovni, Morgan
5643
Stanley). File: smtpd/smtpd.c.
5644
5645
20011118
5646
5647
Cleanup: replaced unnecessary match_list wrapper code by
5648
macros. Files: global/{string,domain,namadr}_list.[hc].
5649
5650
20011119
5651
5652
Feature: configurable parent domain matching strategy for
5653
transport map lookups. File: trivial-rewrite/transport.c.
5654
5655
New parent_domain_matches_subdomains parameter. This lists
5656
all the Postfix features where a domain name matches itself
5657
and all its subdomains (instead of requiring ".domain.name"
5658
for subdomain matches). Planning for future backwards
5659
compatibility :-) File: global/match_parent_style.c.
5660
5661
Workaround: simplified the PIX ".<CR><LF>" bug to always
5662
sleep for 10 seconds. File: smtp/smtp_proto.c.
5663
5664
20011120
5665
5666
Workaround: disable attribute string length restriction so
5667
that trivial-rewrite does not refuse to rewrite broken mail
5668
headers. Files: util/attr_scan*.c.
5669
5670
20011121
5671
5672
Bugfix: missing long integer support in the new IPC protocols.
5673
Files: util/attr_scan*.c, util/attr_print*.c.
5674
5675
Portability: AIX5 (Adrian P. van Bloois), MAC OS X 10.1.1
5676
(Gerben Wierda).
5677
5678
20011125
5679
5680
Bugfix: spurious postmaster notifications because some flag
5681
was not reset.
5682
5683
Feature: new parameter smtpd_sender_login_maps that specifies
5684
the (SASL) login name that owns a MAIL FROM address.
5685
Specify a regexp table in order to require a simple one-to-one
5686
mapping. This is used in the reject_sender_login_mismatch
5687
sender anti-spoofing feature.
5688
5689
Feature: restriction reject_sender_login_mismatch refuses
5690
a MAIL FROM address when $smtpd_sender_login_maps specifies
5691
an owner but the client is not (SASL) logged in as the MAIL
5692
FROM address owner, or when a client is (SASL) logged in
5693
but the client login name does not own the MAIL FROM address
5694
according to $smtpd_sender_login_maps. File: smtpd/smpd_check.c.
5695
5696
Documentation: added some redundancy to the LMTP_README
5697
file so people can keep track of the difference between
5698
the Postfix LMTP client and the non-Postfix LMTP server.
5699
5700
20011126
5701
5702
Feature: smtpd_noop_commands specifies a list of commands
5703
that are treated as NOOP (no operation) commands, without
5704
syntax check or state change. File: smtpd/smtpd.c.
5705
5706
Bugfix: the "mark queue file as corrupt" code did not work
5707
because it was never used. Files: global/mark_corrupt.c,
5708
global/mail_copy.c, global/pipe_command.c, *qmgr/qmgr_active.c,
5709
local/maildir.c, local/mailbox.c, local/command.c, pipe/pipe.c,
5710
virtual/mailbox.c, virtual/maildir.c.
5711
5712
Bugfix: the bounce daemon broke in the unlikely case of a
5713
non-existing queue file. File: bounce/bounce_notify_util.c.
5714
5715
20011127
5716
5717
Feature: added WARN command to header/body_checks files as
5718
proposed by Michael Tokarev. File: cleanup/cleanup_message.c.
5719
5720
Bugfix: the postdrop program was broken after the change
5721
of Postfix internal protocols. This broke "sendmail -bs"
5722
mail submissions with "secure" maildrop directory. Reported
5723
by Craig Loomis, apo.nmsu.edu. File: postdrop/postdrop.c.
5724
5725
Feature: a first start at fault injection for testing
5726
unlikely error scenarios (such as corrupt queue files).
5727
Parameter: fault_injection_code, must be left at zero for
5728
production use.
5729
5730
20011128
5731
5732
Robustness: add a file size limit to the sendmail and
5733
postdrop submission programs to stop run-away process
5734
accidents. This is not a defense against DOS attack. Files:
5735
sendmail/sendmail.c, postdrop/postdrop.c.
5736
5737
That resulted in a considerable amount of work to properly
5738
propagate "file too large" conditions back to the sendmail
5739
mail posting user interface. Took the opportunity to express
5740
other mail submission fatal exits with the <sysexits.h>
5741
exit status codes. Files: sendmail/sendmail.c,
5742
postdrop/postdrop.c.
5743
5744
20011129
5745
5746
Maintenance: dict_ldap.c wasn't updated after the revision
5747
of the string matching routines. File: util/dict_ldap.c.
5748
5749
20011208
5750
5751
Maintenance: LDAP module and documentation from LaMont
5752
Jones. This version adds verbose logging for LDAP library
5753
routines. Files: src/util/dict_ldap.[hc], LDAP_README,
5754
conf/sample-ldap.cf
5755
5756
Portability: made memory alignment restrictions configurable.
5757
File: util/mymalloc.c.
5758
5759
Bugfix? Avoid surprises with source routed destinations
5760
and OK entries in SMTPD access maps. File: smtpd/smtpd_access.c.
5761
5762
Security: "postfix check" looks for damage by well-intended
5763
but misguided use of "chown -R postfix /var/spool/postfix".
5764
That would make chrooted Postfix less secure than non-chrooted
5765
Postfix. These extra tests may cause complaints with
5766
third-party patches such as TLS that introduce their own
5767
files into the jail.
5768
5769
Feature: static map type that always returns the map name
5770
as lookup value, regardless of lookup key value. Contributed
5771
Jeff Miller (jeffm at ghostgun.com)
5772
5773
Feature: turn off the PIX <CR><LF>.<CR><LF> workaround for
5774
the first mail delivery attempt, i.e. when mail is queued
5775
for less than $smtp_pix_workaround_threshold_time (default:
5776
500) seconds. New parameter $smtp_pix_workaround_delay_time
5777
to control the delay before sending .<CR><LF> (default: 10
5778
seconds) when doing the PIX <CR><LF>.<CR><LF> workaround.
5779
5780
20011210
5781
5782
Bugfix: the 20011128 change in sendmail and postdrop did
5783
not handle the case of message_size_limit=0. Fix by Will
5784
Day, Georgia Tech.
5785
5786
20011212
5787
5788
Compatibility: The SMTP server now accepts <CR><CR><LF> as
5789
if the client sent <CR><LF>. Reportedly, some badly written
5790
windows software produces such garbage, and some badly
5791
written windows anti-VIRUS software cannot handle such
5792
garbage. File: global/smtp_stream.c.
5793
5794
20011214
5795
5796
Bugfix: postmap/postalias queries ignored the -f flag.
5797
Reported by Hamish Marson.
5798
5799
20011217
5800
5801
Compatibility: Sendmail now has a -L option to set the
5802
syslogging label. Postfix sendmail uses syslog_name instead,
5803
and ignores the -L option.
5804
5805
Security: subtle hardening of the Postfix chroot jail,
5806
Postfix queue file permissions and access methods, in case
5807
someone compromises the postfix account. Michael Tokarev,
5808
who received the insights from Solar Designer, who tested
5809
Postfix with a kernel module that is paranoid about open()
5810
calls. Files: master/master_wakeup.c, util/fifo_trigger.c,
5811
postfix-script.
5812
5813
Convenience: issue a warning instead of aborting when the
5814
local machine name is not in fully-qualified domain form.
5815
This would otherwise break initial postfix installation
5816
which needs the postconf command. File: global/mail_params.c.
5817
5818
20011220
5819
5820
Added more garbage detection to postconf -e input processing.
5821
5822
20011221
5823
5824
Feature: SMTPD access map lookups of null sender addresses.
5825
If your access maps cannot store or look up null string
5826
key values, specify "smtpd_null_access_lookup_key = <>"
5827
and the null sender address will be looked up as <> instead.
5828
File: src/smtpd_access.c.
5829
5830
20011223
5831
5832
Safety: configuration file comments no longer span multiple
5833
lines when the next line begins with whitespace; multi-line
5834
input is no longer terminated by a comment line, by an all
5835
white space line, or by an empty line. Michael Tokarev made
5836
the crucial suggestion to simplify the readline routine.
5837
Files: util/readlline.c, postconf/postconf.c.
5838
5839
Cleanup: proper detection of big number overflow in EHLO
5840
and MAIL FROM size announcements, with input from Victor
5841
Duchovni, Morgan Stanley. Files: global/off_cvt.c,
5842
smtpd/smtpd.c, smtp/smtp_proto.c, util/alldig.c.
5843
5844
Forward compatibility: added queue file record types for
5845
original recipient and for generic named attributes.
5846
5847
Cleanup: safe_open() now returns sensible errno values so
5848
that the fifo_trigger() external interface is restored.
5849
5850
20011225
5851
5852
Upgrade: PCRE_README now describes PCRE version 3.x.
5853
5854
Cleanup: flush SMTPD command history upon receipt of EHLO,
5855
RSET, and upon DATA completion, only if it exceeds
5856
$smtpd_history_flush_threshold lines (default: 100).
5857
Distant derivative of code by Michael Tokarev. File:
5858
smtpd/smtpd.c.
5859
5860
20011228
5861
5862
Bugfix: a readlline() error message showed less text than
5863
intended. Christian von Roques.
5864
5865
Cleanup: postfix now installs with group-writable maildrop
5866
directory and with a set-gid postdrop mail submission
5867
command. The pickup service is now unprivileged. The
5868
world-writable maildrop directory no longer exists.
5869
5870
The cleanup service is now public, in preparation for local
5871
sendmail/postdrop mail submission that avoids the maildrop
5872
queue directory while Postfix is up.
5873
5874
Cleanup: moved the main.cf/master.cf file editing from the
5875
postfix-script file to the INSTALL.sh file.
5876
5877
Cleanup: INSTALL.sh no longer accepts "no" as the destination
5878
of Postfix manual pages.
5879
5880
20011230
5881
5882
Cleanup: the code for "mailq", "sendmail -q", and for
5883
"sendmail -qRsite" was moved from the sendmail command to
5884
a new set-gid postqueue command. The pickup and qmgr FIFOs
5885
are no longer world writable. Files: sendmail/sendmail.c,
5886
postqueue/postqueue.c.
5887
5888
20020101
5889
5890
Security: new alternate_config_directories parameter that
5891
specifies what directories a set-gid command will accept
5892
as its configuration directory. The list must be specified
5893
in the default main.cf file. File: global/mail_conf.c.
5894
5895
Cleanup: "sendmail -qRsite" is no longer implemented by
5896
connecting to the SMTP port. It is now implemented by
5897
talking to the fast flush service. File: postqueue/postqueue.c.
5898
5899
20020203
5900
5901
Cleanup: INSTALL.sh now records all installation information
5902
in the main.cf file. The now obsolete install.cf file is
5903
used only when upgrading from an older Postfix release.
5904
5905
Cleanup: INSTALL.sh now takes name=value settings on the
5906
command line, and has a new "-upgrade" command line option
5907
to turn on non-interactive installation.
5908
5909
Security: additional run-time checks to discourage sharing
5910
of Postfix user/group ID values with other accounts.
5911
5912
20020105
5913
5914
Cleanup: SMTPD access maps now return DUNNO (undetermined)
5915
instead of OK when a recipient address contains multiple
5916
domains (user@dom1@dom2, etcetera). Victor Duchovni, Morgan
5917
Stanley. File: smtpd/smtpd_check.c.
5918
5919
20020106
5920
5921
Bugfix: SMTPD access maps did not handle address extensions.
5922
File: smtpd/smtpd_check.c.
5923
5924
20020107
5925
5926
Bugfix: postfix-script, when creating a missing maildrop
5927
queue directory, still referenced install.cf when setting
5928
maildrop directory group ownership; and the postfix command
5929
did not export the setgid_group parameter to the postfix-script
5930
shell script. Victor Duchovni.
5931
5932
Bugfix: postfix-script, when creating a missing public
5933
queue directory, did not set group ownership of the public
5934
directory.
5935
5936
20020109
5937
5938
Cleanup: rewrote the Postfix installation procedure again.
5939
It is now separated into 1) a primary installation script
5940
(postfix-install) that installs files locally or that builds
5941
a package for distribution and that stores file owner and
5942
permission information in /etc/postfix/post-files, and 2)
5943
a post-installation script (/etc/postfix/post-install) that
5944
creates missing directories, that sets file/directory
5945
ownership and permissions, and that upgrades existing
5946
configuration files if necessary.
5947
5948
20020110
5949
5950
Workaround: AIX null read() return on an empty but open
5951
non-blocking pipe. File: master/master_flow.c. Report:
5952
Hamish Marson.
5953
5954
20020111
5955
5956
Feedback: feedback, bugfixes, and brain-dead shell workarounds
5957
for the install scripts by Victor Duchovni and Simon Mudd.
5958
5959
20020113
5960
5961
Rewrote postfix-install. The postfix-files file now controls
5962
what is installed. Refined the semantics of many post-install
5963
operations. post-install now auto-saves settings that
5964
override main.cf.
5965
5966
20020114
5967
5968
Bugfix: alternate_config_directories did not take comma or
5969
whitespace as separators. File: global/mail_conf.c. Victor
5970
Duchovni, Morgan Stanley.
5971
5972
Bugfix: the rewritten postfix-install script did not chattr
5973
+S the Postfix queue.
5974
5975
20020115
5976
5977
Cleanup: added sample_directory and readme_directory
5978
installation parameters for sample configuration files and
5979
for README files. Files: postconf.c, postfix-install,
5980
conf/postfix-files, conf/post-install.
5981
5982
Robustness: the postfix command now exports all installation
5983
parameter settings, and input filters the environment, so
5984
that the startup shell scripts produce a consistent result.
5985
Files: postconf.c.
5986
5987
20020117
5988
5989
Portability: patch from LaMont Jones for compiling dict_ldap.c
5990
with the Netscape SDK.
5991
5992
Feature: added "r" (recursive chown/chgrp) flag to the
5993
postfix-files database, for more convenient change of
5994
Postfix queue ownership. Files: conf/postfix-files,
5995
conf/post-install.
5996
5997
20020122
5998
5999
Documentation: lots of little fixes.
6000
6001
Documentation: updates for the VIRTUAL_README file by Victor
6002
Duchovni, Morgan Stanley.
6003
6004
Bugfix: postqueue -s dereferenced a null pointer when given
6005
a numerical domain argument. LaMont Jones, HP.
6006
6007
Cleanup: smtpd now logs a warning when permit_sasl_authenticated
6008
is used while SASL authentication is disabled, instead of
6009
simply ignoring the restriction. LaMont Jones, HP. File:
6010
smtpd/smtpd.c.
6011
6012
Safety: when postmap creates a non-existent file, the new
6013
file inherits group/other read permissions from the source
6014
file. Based on code by LaMont Jones, HP. File:
6015
postmap/postmap.c.
6016
6017
20020123
6018
6019
Portability: some Linux systems install libnsl.so without
6020
libnsl.a file, causing an yp_match undefined reference
6021
problem. File: makedefs.
6022
6023
20020124
6024
6025
Portability: post-install now requests that command_directory
6026
is given on the command line when the postconf command is
6027
in an unusual place.
6028
6029
Safety: extra code to detect and report Berkeley DB version
6030
mismatches between compile time and run time. This test
6031
is limited to mismatches in the major version number only.
6032
File: util/dict_db.c. Based on code by Lawrence Greenfield,
6033
Carnegie-Mellon university.
6034
6035
Safety: the postfix command and the master daemon abort if
6036
they are running set-uid.
6037
6038
Documentation: the postmap manual page described an out of
6039
date input file format.
6040
6041
20020129
6042
6043
Workaround: SCO version 3.2 can't ioctl(FIONREAD) a pipe.
6044
Therefore, input mail flow control is disabled by default.
6045
Files: makedefs, global/mail_params.h, conf/main.cf.
6046
Problem reported by Kurt Andersen, Agilent.
6047
6048
20020201
6049
6050
Workaround: changed the default smtpd_null_access_lookup_key
6051
setting to <>, because some Bezerkeloid DB implementations
6052
can't handle null-length lookup keys. File: global/mail_params.h.
6053
6054
Bugfix: backed out a null-length address panic call by
6055
ignoring the problem, like Postfix did in the past. File:
6056
global/resolve_local.c.
6057
6058
Safety: "postfix check" will now warn if /usr/lib/sendmail
6059
and /usr/sbin/sendmail differ, and will propose to replace
6060
one by a symlink to the other. File: conf/postfix-script.
6061
6062
20020204
6063
6064
Sanity: additional permission checks for "postfix check"
6065
that warn for setgid_group group ownership mismatches. by
6066
Matthias Andree, uni-dortmund.de. File: conf/postfix-script.
6067
6068
Bugfix: "postfix check" used a too simplistic way to
6069
recognize file ownership (grepping ls output). It now uses
6070
the recently discovered "find -prune". Peter Bieringer,
6071
Matthias Andree. File: conf/postfix-script.
6072
6073
20020218
6074
6075
Workaround: log a warning and disconnect when an SMTP client
6076
ignores our negative replies and starts sending message
6077
content without permission. File: smtpd/smtpd.c.
6078
6079
20020220
6080
6081
Bugfix: mismatch in the file being locked by dict_dbm and
6082
the file being locked by postmap, so that locks did not
6083
work correctly. Victor Duchovni, Morgan Stanley.
6084
6085
20020222
6086
6087
Workaround: Solaris bug 4380626: strcasecmp() and strncasecmp()
6088
produce incorrect results with 8-bit characters. For example,
6089
non-ASCII characters could compare equal to ASCII characters,
6090
and that could result in any number of security problems.
6091
Files: util/strcasecmp.c, COPYRIGHT (the BSD license).
6092
6093
Bugfix: off-by-one error, causing a null byte to be written
6094
outside dynamically allocated memory in the queue manager
6095
with addresses of exactly 100 bytes long, resulting in
6096
SIGSEGV on systems with an "exact fit" malloc routine.
6097
Experienced by Ralf Hildebrandt; diagnosed by Victor
6098
Duchovni. Files: *qmgr/qmgr_message.c. This is not a
6099
security problem.
6100
6101
Bugfix: make all recipient comparisons transitive, because
6102
Solaris qsort() causes SIGSEGV errors otherwise. Victor
6103
Duchovni, Morgan Stanley. File: *qmgr/qmgr_message.c.
6104
6105
20020302
6106
6107
Bugfix: don't strip source route (@domain...:) when the
6108
result would be an empty address. This avoids problems when
6109
append_at_myorigin is set to "no" (which is not supported).
6110
Problem reported by Charles McColgan, Big Fish Communications.
6111
File: trivial-rewrite/rewrite.c.
6112
6113
20020304
6114
6115
Cleanup: postqueue should not not complain when output
6116
fails with "broken pipe".
6117
6118
20020308
6119
6120
Bugfix? reply with 550 not 552 when content is rejected.
6121
552 is reserved for "too much mail".
6122
6123
Documentation: add note to sendmail manual page that running
6124
"sendmail -bs" as $mail_owner enables SMTP server UCE and
6125
access control checks. This is meant for use from inetd
6126
etc. Matthias Andree.
6127
6128
20020311
6129
6130
Bugfix: DBM maps should use different files for locking
6131
and for change detection. Problem reported by Victor
6132
Duchovni, Morgan Stanley. Files: util/dict.h util/dict.c
6133
util/dict_db.c util/dict_dbm.c global/mkmap.c local/alias.c.
6134
6135
20020313
6136
6137
Bugfix: mailq could show addresses with unusual characters
6138
twice. Problem reported by Victor Duchovni, Morgan Stanley.
6139
File: showq/showq.c.
6140
6141
Bugfix: null recipients weren't properly recorded in
6142
bounce/defer logfiles. Such recipient addresses are not
6143
accepted in SMTP mail, but they could appear within locally
6144
submitted mail. File: bounce/bounce_append_service.c.
6145
6146
20020318
6147
6148
Workaround: Berkeley DB can't handle null key lookups,
6149
which happen with HELO names ending in ".". Victor Duchovni,
6150
Morgan Stanley. File: smtpd/smtpd_check.c.
6151
6152
Logging: log a hint when mail is deferred because the
6153
soft_bounce parameter is set. People sometimes forget to
6154
turn it off. File: global/bounce.c.
6155
6156
20020319
6157
6158
Cleanup: add a msg_warn() call when fork() fails in
6159
pipe_command(), to make problems easier to investigate.
6160
Chris Wedgwood. File: global/pipe_command.c.
6161
6162
20020320
6163
6164
Feature: smtp_helo_name parameter to specify the hostname
6165
or [ip.address] in HELO or EHLO commands. Files: smtp/smtp.c
6166
smtp/smtp_proto.c.
6167
6168
20020324
6169
6170
Cleanup: more graceful handling of long physical message
6171
header lines upon input. Physical header lines can now
6172
extend up to $header_size_limit characters. When a logical
6173
message header is too long, the excess text is discarded
6174
and Postfix no longer switches to body mode, to avoid
6175
breaking MIME encapsulation. Based on code by Victor
6176
Duchovni, Morgan Stanley. Files: cleanup/cleanup_out.c,
6177
cleanup/cleanup_message.c.
6178
6179
Cleanup: more graceful handling of long physical message
6180
header or body lines upon output by the SMTP client. The
6181
SMTP client output line length is controlled by a new
6182
parameter smtp_line_length_limit (default: 990; specify 0
6183
to disable the limit). Long lines are folded by inserting
6184
<CR> <LF> <SPACE>, to avoid breaking MIME encapsulation.
6185
Based on code by Victor Duchovni, Morgan Stanley. File:
6186
smtp/smtp_proto.c.
6187
6188
20020325
6189
6190
Cleanup: allow additional text after a WARN command in a
6191
header/body_checks pattern file, so that one can change
6192
REJECT+text into WARN+text and vice versa. Based on code
6193
by Fredrik Thulin, Stockholm University.
6194
6195
Cleanup: log a warning when an unknown command is found in
6196
a header/body_checks pattern file, or when additional text
6197
is found after a command that does not expect additional
6198
text. Based on code by Fredrik Thulin, Stockholm University.
6199
6200
Bugfix: sendmail should not recognize "." as the end of
6201
input when the current read operation started in the middle
6202
of a line. Victor Duchovni, Morgan Stanley. File:
6203
sendmail/sendmail.c.
6204
6205
20020328
6206
6207
Portability fix for OPENSTEP and NEXTSTEP by Gerben Wierda.
6208
File: util/sys_defs.h.
6209
6210
20020329
6211
6212
Bugfix: defer_transports broke because the flush server
6213
triggered mail delivery (as if ETRN was sent) while doing
6214
some internal housekeeping of per-destination logfiles.
6215
Problem experienced by LaMont Jones, HP. File: flush/flush.c.
6216
6217
Bugfix: virtual mapping broke for addresses with embedded
6218
whitespace. Fix by Victor Duchovni, Morgan Stanley. File:
6219
cleanup/cleanup_map1n.c.
6220
6221
Feature: configurable service name for the internal services:
6222
bounce, cleanup, defer, error, flush, pickup, queue, rewrite,
6223
showq. This allows you to specify, for example, a non-default
6224
cleanup service (smtpd -o cleanup_service_name=alt_cleanup).
6225
Files: global/mail_params.[hc].
6226
6227
Feature: SASL version 2 support by Jason Hoos. Files:
6228
*/*_sasl_glue.c, SASL_README, conf/sample-auth.cf.
6229
6230
20020330
6231
6232
Bugfix: postqueue did not pass on non-default configuration
6233
directory settings when running showq while the mail system
6234
is down. The super-user is now exempted from environment
6235
stripping in postqueue/postqueue.c. Problem reported by
6236
Victor Duchovni, Morgan Stanley.
6237
6238
20020402
6239
6240
Workaround: recognize more headers that are sent instead
6241
of SMTP commands. File: smtpd/smtpd.c.
6242
6243
20020413
6244
6245
Feature: new pipe delivery agent "D" flag to prepend a
6246
Delivered-To: message header. This requires single recipient
6247
deliveries. Based on code by Matthias Andree. File:
6248
pipe/pipe.c.
6249
6250
20020414
6251
6252
Portability: Postfix will no longer attempt to build with
6253
gdbm support, because gdbm is broken. File: makedefs.
6254
6255
20020415
6256
6257
Cleanup: the attribute list IPC code did not distinguish
6258
between "disconnect" and "timeout" while reading an attribute
6259
list, making trouble shooting more difficult than necessary.
6260
Files: util/attr_scan0.c, util/attr_scan64.c.
6261
6262
Cleanup: install parameter defaults can now be overruled
6263
from makedefs: sendmail_path, mailq_path, newaliases_path,
6264
command_directory, daemon_directory. Based on code by Victor
6265
Duchovni, Morgan Stanley. File: util/sys_defs.h.
6266
6267
20020411
6268
6269
Cleanup: Use more robust quoting passing makedefs/Makefile
6270
settings. This also simplifies the seven backslashes example
6271
in the INSTALL file. Victor Duchovni, Morgan Stanley.
6272
Files: makedefs, INSTALL.
6273
6274
20020417
6275
6276
Bugfix: the post-install script failed to upgrade master.cf
6277
settings from private to public if the service was explicitly
6278
configured as private.
6279
6280
20020418
6281
6282
Documentation: added CPU saving patterns for quickly skipping
6283
base 64 encoded text in message bodies. Liviu Daia. Files:
6284
{proto,conf}/pcre_table, {proto,conf}/regexp_table,
6285
conf/sample_{regexp,pcre}_body.cf.
6286
6287
20020426
6288
6289
Bugfix: the SMTP client forgot to quote whitespace etc.
6290
in a sender/recipient address when DNS lookup was turned
6291
off (disable_dns_lookups = yes). Problem experienced by
6292
Chip Paswater. Files: smtp/smtp_proto.c.
6293
6294
20020501
6295
6296
Feature: wildcard lookup in transport maps (lookup key
6297
"*"). Code developed with Lamont Jones, HP.
6298
6299
Feature: a null transport:destination transport map entry
6300
means proceed as if the transport map lookup failed. Code
6301
developed with Lamont Jones, HP.
6302
6303
Feature: more efficient use of cache memory when a process
6304
opens multiple Berkeley DB tables; and faster performance
6305
creating large tables by using more buffer memory. Files:
6306
util/dict_db.[hc], global/mkmap_db.c. Victor Duchovni,
6307
Morgan Stanley.
6308
6309
20020503
6310
6311
Cleanup: postqueue silently ignored command-line arguments
6312
following -p or -f options, instead of complaining; postqueue
6313
produced an incorrect error message (mail system down) when
6314
the command was installed with incorrect privileges. File:
6315
postqueue/postqueue.c.
6316
6317
Bugfix: while reporting a domain name or IP address syntax
6318
error, postqueue could dereference a dangling pointer with
6319
some getopt() implementations. LaMont Jones, HP. File:
6320
postqueue/postqueue.c.
6321
6322
Safety: postalias and postmap now drop root privileges
6323
while processing a non-root input file. Thus, the result
6324
should be writable to the source file owner. Specify the
6325
-o option if this is a problem. Files: postmap/postmap.c,
6326
postalias/postalias.c.
6327
6328
Consistency: just like postmap, postalias now copies file
6329
permissions from the source file when it creates a new
6330
table for the first time. File: postalias/postalias.c.
6331
6332
20020504
6333
6334
Portability: run-time test to avoid GDBM trouble. File:
6335
util/dict_dbm.c.
6336
6337
20020505
6338
6339
Cleanup: revised and simplified the transport map semantics.
6340
Null transport or nexhop fields now mean: "do not change":
6341
use what would be used if the transport map did not exist.
6342
This change eliminated a lot of code. The incompatibility
6343
is that a null transport field no longer defaults to
6344
$default_transport, but to $local_transport or $default_transport
6345
depending on the destination, and that a transport map only
6346
overrides relayhost when the table specifies explicit
6347
nexthop information. Files: trivial-rewrite/transport.c,
6348
trivial-rewrite/resolve.c.
6349
6350
Cleanup: revised the user interface for controlling the
6351
Berkeley DB create and read buffer size controls. Files:
6352
util/dict_db.[hc], global/mail_params.[hc], global/mkmap_db.c.
6353
6354
20020507
6355
6356
Cleanup: simplified the hash/btree cache management code.
6357
The caches are now per table instead of shared, and the
6358
default read cache size is reduced to 128 kBytes. File:
6359
util/dict_db.c.
6360
6361
20020508
6362
6363
Bugfix: close user@domain@postfix-style.virtual.domain
6364
source routing relaying loophole involving postfix-style
6365
virtual domains with @virtual.domain catch-all patterns.
6366
Problem reported by Victor Duchovni. File: smtpd/smtpd_check.c.
6367
6368
Bugfix: mail_addr_map() used the "wrong" @ character in
6369
addresses with multiple @. Victor Duchovni. File:
6370
global/mail_addr_map.c.
6371
6372
Bugfix: for address localpart quoting, now quote @ as a
6373
special character everywhere, except when resolving addresses.
6374
Previously, the @ was nowhere quoted as a special character,
6375
not even in SMTP commands. Files: global/quote_82[12]_local.c
6376
and clients.
6377
6378
20020509
6379
6380
Safety: don't allow an OK access rule lookup result for
6381
user@domain@postfix-style.virtual.domain. Suggested by
6382
Victor Duchovni, Morgan Stanley. File: smtpd/smtpd_check.c.
6383
6384
Bugfix: quote unquoted address localparts that need quoting.
6385
Files: global/tok822_parse.c, global/quote_82[12]_local.c.
6386
6387
Documentation: simplified the advanced content filtering
6388
example, and included a more advanced example for those
6389
who want to squeeze out more performance without running
6390
multiple Postfix instances. Text by Victor Duchovni, Morgan
6391
Stanley. File: README_FILES/FILTER_README.
6392
6393
20020510
6394
6395
Feature: header/body filters now log the origin of the
6396
message that is being rejected. Files: smtpd/smtpd.c,
6397
qmqpd/qmqpd.c, pickup/pickup.c, cleanup/cleanup_envelope.c,
6398
cleanup/cleanup_message.c. Requested by Craig Sanders, if
6399
I remember correctly.
6400
6401
Feature: the Postfix SMTP client now passes on MIME body
6402
type information (8bit, 7bit) received via SMTP, via MIME
6403
headers, or via the sendmail command line. Files:
6404
global/deliver_request.c, smtpd/smtpd.c, sendmail/sendmail.c,
6405
cleanup/cleanup_envelope.c, cleanup/cleanup_message.c,
6406
cleanup/cleanup_extracted.c, *qmgr/qmgr_message.c,
6407
*qmgr/qmgr_deliver.c, smtp/smtp_proto.c, lmtp/lmtp_proto.c.
6408
6409
20020511
6410
6411
Feature: bounces now specify the proper MIME encoding (8bit,
6412
7bit), depending on the MIME body type information received
6413
via SMTP, via MIME headers, or via the sendmail command
6414
line. Files: global/bounce.c, global/defer.c, global/abounce.c,
6415
bounce/bounce_service.c, bounce/bounce_notify_util.c.
6416
6417
20020512
6418
6419
Cleanup: the SMTP client logged and bounced the CNAME
6420
expanded recipient address, and thereby complicated trouble
6421
shooting. File: src/smtp_proto.c.
6422
6423
Bugfix: the SMTP and LMTP clients bounced the quoted
6424
recipient address, resulting in too much quoting in bounce
6425
reports. Files: src/smtp_proto.c, lmtp/lmtp_proto.c.
6426
6427
20020513
6428
6429
Bugfix: the LDAP client used the "wrong" @ character in
6430
addresses with multiple @. LaMont Jones, HP. File:
6431
util/dict_ldap.c.
6432
6433
Feature: lots of new LDAP stuff: result_filter (filter to
6434
expand results from queries), chase_referrals, LaMont Jones,
6435
HP. The LDAP bind timeout now works thanks to Victor
6436
Duchovni, Morgan Stanley. File: util/dict_ldap.c.
6437
6438
Cleanup: specify "resolve_dequoted_address = no" to prevent
6439
Postfix from looking inside quotes for extra @ etc. characters
6440
when resolving an address. This behavior is technically
6441
more correct, but it opens a mail relay loophole with "user
6442
@domain"@domain when relaying mail to a Sendmail system.
6443
6444
20020514
6445
6446
Bugfix: the new code for header address quoting sometimes
6447
did not null terminate strings so that arbitrary garbage
6448
could appear at the end of message headers. Reported by
6449
Ralf Hildebrandt. File: global/tok822_parse.c.
6450
6451
Safety: user@domain@domain is no longer accepted by the
6452
permit_mx_backup uce restriction (unless Postfix is configured
6453
with "resolve_dequoted_address = no"). Victor Duchovni,
6454
Morgan Stanley. File: smtpd/smtpd_check.c.
6455
6456
20020515
6457
6458
Workaround: flush the SMTP client output buffer when no
6459
output has happened for 10+ seconds. This prevents the
6460
socket from timing out, in case DNS CNAME expansion is
6461
slow. Problem experienced by Alex Erdelyi, peregrine.com.
6462
File: smtp/smtp_chat.c. We did the same thing for the SMTP
6463
server years ago, and one wonders why the coin didn't drop
6464
at the time that the SMTP client could suffer from a similar
6465
problem.
6466
6467
20020516
6468
6469
Updated the FILTER_README file to turn off DNS lookups in
6470
the SMTP client that feeds mail into a content filter.
6471
6472
20020517
6473
6474
Cleanup: Mailbox-Line: message header labels should be
6475
X-Mailbox-Line: labels. Files: smtpd/smtpd.c, qmqpd/qmqpd.c.
6476
6477
20020515-21
6478
6479
Feature: new MIME parser, written from scratch, that
6480
recognizes the structure of MIME encapsulated mail. Influenced
6481
by comments from Victor Duchovni. This code can detect but
6482
will not decode obscure MIME formats or obscure character
6483
string encoding that Liviu Daia expresses concern about.
6484
6485
MIME header scanning now happens in header_checks, and is
6486
faster than body_checks could ever be. This also eliminates
6487
the problem with multi-line MIME headers being matched one
6488
line at a time. Files: global/mime_state.[hc],
6489
cleanup/cleanup_message.c.
6490
6491
20020521-22
6492
6493
Feature: 8-bit to quoted-printable conversion. First use
6494
in the Postfix SMTP client. File: smtp/smtp_proto.c.
6495
6496
Logging: the Postfix SMTP and LMTP clients now report the
6497
the protocol stage when they report a server reply. File:
6498
smtp/smtp_proto.c, lmtp/lmtp_proto.c.
6499
6500
Bugfix: the SMTP server warned about ignored client attributes
6501
(these were introduced 20020510) in mail that was submitted
6502
with "sendmail -bs". File: smtpd/smtpd.c.
6503
6504
20020525
6505
6506
Feature: separation of header checks into header_checks
6507
(all primary headers except MIME related headers),
6508
mime_header_checks (all MIME headers including MIME headers
6509
at the start of messages) and nested_header_checks (headers
6510
of attached messages, except MIME related headers).
6511
6512
Cleanup: broke out the header value parser from the MIME
6513
processor so that the code can be reused elsewhere. File:
6514
global/header_token.c.
6515
6516
Compatibility: Postfix now recognizes "name :" as a valid
6517
message header, but normalizes it to "name:" form or else
6518
lots of things would break all over the place. Files:
6519
global/is_header.c, global/mime_state.c.
6520
6521
20020526
6522
6523
Bugfix: the SMTP server now disallows RCPT TO:<"">, just
6524
like it disallows RCPT TO:<>. File: smtpd/smtpd.c.
6525
6526
Feature: disable_mime_input_processing=yes/no controls
6527
whether Postfix recognizes (and optionally enforces) MIME
6528
formats while receiving mail. Default is NO.
6529
6530
Feature: disable_mime_output_conversion=yes/no controls
6531
whether Postfix will convert 8BITMIME to 7BIT mail when
6532
delivering mail to an SMTP server that does not announce
6533
8BITMIME support. Default is NO.
6534
6535
Feature: strict_8bitmime=yes/no controls whether Postfix
6536
rejects 8-bit characters in headers and 7-bit body parts.
6537
This blocks mail from poorly written software, including
6538
majordomo approval requests that contain a valid 8BITMIME
6539
email message, as well as mail that is piped into ancient
6540
/bin/mail implementations that do not MIME format 8-bit
6541
content. Default is NO.
6542
6543
Feature: strict_mime_encoding_domain=yes/no controls whether
6544
Postfix rejects illegal content transfer encodings for
6545
multipart/* and message/*. This blocks mail from poorly
6546
written software. Default is NO.
6547
6548
20020527
6549
6550
Feature: "FILTER transport:nexthop" in header/body checks.
6551
After the message is queued, the message is sent through
6552
a content filter. This requires different cleanup servers
6553
before and after the filter, with header/body checks turned
6554
off in the second cleanup server.
6555
6556
20020528
6557
6558
Feature: strict_7bit_headers and strict_8bitmime_body are
6559
now separately available. To to turn on both, use
6560
strict_8bitmime.
6561
6562
Cleanup: abandon the use of isspace(3) in the parsing of
6563
RFC822 message headers. Files: global/lex_822.h and lots
6564
of little places.
6565
6566
Documentation: replace domain.name by domain.tld in the
6567
example config files. The domain exists. They were getting
6568
mail from poorly configured Postfix boxes.
6569
6570
Bugfix: The Postfix sendmail command did not export the
6571
MAIL_CONFIG environment setting to the postdrop command.
6572
File: global/mail_config.h.
6573
6574
Incompatibility: by default, turn on the PCRE_DOTALL flag,
6575
so that PCRE patterns will match multi-line message headers
6576
without causing pain. Suggested by Michael Tokarev. Also
6577
documented all those darned undocumented PCRE flags in the
6578
pcre_table(5) manual page. Files: util/dict_pcre.c,
6579
proto/pcre_table.
6580
6581
20020529
6582
6583
Bugfix: mail rejected due to MIME errors was rejected
6584
without proper logging. Files: global/mime_state.c,
6585
cleanup/cleanup_message.c.
6586
6587
20020531
6588
6589
Bugfix: the SMTP client code that prepends '.' to lines
6590
starting with '.' had to be moved from its old place to
6591
after the MIME output conversion. Problem found by Mark
6592
Martinec. File: smtp/smtp_proto.c.
6593
6594
20020601
6595
6596
Bugfix: the deliver_pass() routine needed updating for the
6597
extra MIME encoding attribute that was introduced 20020510.
6598
Patch by Sebastian Schaffert @ wastl.net. File:
6599
global/deliver_pass.c.
6600
6601
20020604
6602
6603
Workaround: Solaris non-blocking read() can fail on a socket
6604
with unread data according to ioctl FIONREAD. Incredible.
6605
Diagnosis by Max Pashkov. File: smtp/smtp-sink.c.
6606
6607
Weird feature: sender-based routing. This will become more
6608
useful once per-address transport map entries are done.
6609
File: src/*qmgr/qmgr_message.c.
6610
6611
20020605
6612
6613
Safety: header_address_token_limit limits the amount of
6614
memory and CPU that we're willing to spend while parsing
6615
addresses in message headers. The limit is expressed as a
6616
number of tokens. File: global/tok822_parse.c
6617
6618
20020608
6619
6620
Feature: user@domain transport map lookup, based on code
6621
by Scott Cotton, from several years ago. Adding this code
6622
now was much less painful than it was in the past. Files:
6623
global/strip_addr.c, trivial-rewrite/transport.c.
6624
6625
20020610
6626
6627
Cleanup: making user@domain transport map lookups work with
6628
sender-based routing was a bit tricky, because the null
6629
address must be handled sensibly. Files: global/resolve_clnt.c,
6630
trivial-rewrite/resolve.c. It ain't perfect yet, but close.
6631
6632
20020613
6633
6634
Bugfix: postsuper -r was broken as of 20020510. The cleanup
6635
daemon would discard mail with MIME type information. Moved
6636
a bunch of sanity checks from the cleanup daemon to the
6637
pickup daemon, so the checks are in one place. Problem
6638
experienced by Pavol Luptak. Files: pickup/pickup.c,
6639
cleanup/cleanup_extracted.c.
6640
6641
20020705
6642
6643
Safety: log a warning when a domain is listed in mydestination
6644
and (virtual_maps or virtual_mailbox_maps). This configuration
6645
error causes the Postfix SMTP server to reject recipients
6646
when the local_recipient_maps feature is enabled. File:
6647
smtpd/smtpd_check.c.
6648
6649
200207011
6650
6651
Portability: in the master daemon, the default now is to
6652
enable the signal handler code that writes a byte into a
6653
pipe, instead of the signal handler code that sets a global
6654
flag and hopes that select() will somehow wake up. File:
6655
master/master_sig.c. This is needed for some IRIX and
6656
UnixWare versions, but it should also produce a robust
6657
result on all other supported systems.
6658
6659
Performance: the default SMTP connection establishment
6660
timeout is now 30 seconds, instead of the system default
6661
which can be atrociously large.
6662
6663
20020712
6664
6665
When DNS lookup fails while delivering mail, report not
6666
only the domain name but also the DNS record type. This
6667
should clue in people who ask why Postfix can't find a
6668
domain while nslookup can. File: dns/dns_lookup.c.
6669
6670
20020713
6671
6672
Bugfix: undo change made at 20020610 that causes the trivial
6673
resolver client to loop when an address consists entirely
6674
of @ and . characters. File: trivial-rewrite/resolve.c.
6675
6676
Cleanup: Postfix no longer strips multiple '.' at the end
6677
of a domain name. One '.' is silently tolerated. Files:
6678
trivial-rewrite/rewrite.c, trivial-rewrite/resolve.c,
6679
global/resolve_local.c. This policy is too distributed.
6680
6681
20020715
6682
6683
Feature: @domain.tld catch-all map entries for the virtual
6684
mail delivery agent. Files: global/virtual8_maps_find.c,
6685
virtual/mailbox.c, smtpd/smtpd_check.c.
6686
6687
Feature: the virtual mail delivery agent now accepts address
6688
extensions (user+foo@domain.tld), ignores them when looking
6689
up users in its tables, but displays them in Delivered-To:
6690
message headers. File: global/virtual8_maps_find.c.
6691
6692
20020716
6693
6694
Feature: domain names in a masquerade_domains list can now
6695
be prefixed with !, in order to disable masquerading for
6696
that domain name and for its subdomains. File:
6697
cleanup/cleanup_masquerade.c.
6698
6699
20020717
6700
6701
Bugfix: Mac OS X niscript (Netinfo) update by Gerben Wierda.
6702
File: auxiliary/MacOSX/niscript.
6703
6704
Feature: The SMTP server reject_unknown_whatever restrictions
6705
now also attempt to look up AAAA (IPV6 address) records.
6706
Jun-ichiro itojun Hagino, IIJ labs. Files: smtpd/smtpd_check.c,
6707
dns/dns_lookup.c.
6708
6709
20020718
6710
6711
Bugfix: unnecessary lookups for extended addresses by the
6712
virtual8_maps_find() routine. Victor Duchovni. His patch
6713
did not work, nor did my own, but the present version should
6714
be OK. File: global/virtual8_maps_find.c.
6715
6716
20020719
6717
6718
Workaround: log a warning when an SMTP client name->address
6719
lookup results in a numeric IP address, and set the client
6720
hostname to "unknown". Some gethostbyname() implementations
6721
will actually accept such garbage and thereby allow sites
6722
to defeat the "reject_unknown_client" restriction. Problem
6723
reported by Wolfgang Rupprecht, fix based on analysis (but
6724
not code) by Victor Duchovni.
6725
6726
Bugfix: memory leaks in the LDAP client by Victor Duchovni.
6727
File: util/dict_ldap.c.
6728
6729
Bugfix: garbage in verbose "flush" server logging. Victor
6730
Duchovni. File: flush/flush.c.
6731
6732
20020723
6733
6734
Incompatibility: smtpd_sasl_local_domain now defaults to
6735
the null string. File: smtpd/smtpd.c, smtpd/smtpd_sasl_glue.c.
6736
6737
20020726
6738
6739
Documentation: added GDB debugging instructions for sites
6740
that do not have X installed on the Postfix machine. Henrik
6741
Larsson, spambox.dk.
6742
6743
20020729
6744
6745
Weird: installed RedHat 3.03 inside VMware, and no change
6746
was needed to build Postfix, except to recognize the Linux
6747
version.
6748
6749
Bugfix: some mailers will announce ESMTP features in their
6750
HELO (not EHLO) response. Postfix did not ignore them.
6751
File: smtp/smtp_proto.c.
6752
6753
20020731
6754
6755
Cleanup: permit_naked_ip_address is unsafe (especially when
6756
used with smtpd_recipient_restrictions) and will go away.
6757
Postfix now logs a warning. File: smtpd/smtpd_check.c.
6758
6759
20020801
6760
6761
Cleanup: the warning message for matched header/body content
6762
was misleading. File: cleanup/cleanup_message.c.
6763
6764
Safety: moved the "postsuper -r ALL" operation after the
6765
"postsuper -s" check that makes queue file names match
6766
inode numbers. This avoids loss of mail in the unlikely
6767
case that someone runs "postsuper -sr ALL" on a queue that
6768
was copied from another place.
6769
6770
Feature: "postsuper -h" to put mail "on hold" and "postsuper
6771
-H" to release mail that was placed "on hold". This involves
6772
a new queue, which is appropriately named "hold". Files:
6773
postsuper/postsuper.c, showq/showq.c.
6774
6775
20020803
6776
6777
Feature: when a Delivered-To: mail delivery loop is detected,
6778
send the bounce to the mailing list owner. This required
6779
changes to the local delivery agent, a new bounce client
6780
stub, and a new bounce server stub and support routines
6781
for one recipient bouncing. Files: local/recipient.c,
6782
global/bounce_log.c, global/bounce.c, bounce/bounce.c,
6783
bounce/bounce_notify_util.c, bounce/bounce_one_service.c.
6784
6785
20020809
6786
6787
Bugfix: the 20020531 bugfix could prepend '.' to lines when
6788
it shouldn't (but only when converting 8-bit mail to 7-bit).
6789
Problem experienced by Ralf Hildebrandt. File:
6790
smtp/smtp_proto.c.
6791
6792
Bugfix: smtpd_sender_login_maps did not do the @domain etc.
6793
wild-card lookups that were promised. Problem experienced
6794
by Sven Michels. File: smtpd/smtpd_check.c.
6795
6796
20020810
6797
6798
Feature: new smtp-sink command-line options to specify the
6799
SMTP hostname, to disable ESMTP protocol support, to disable
6800
8BITMIME support, and to syslog selected commands. File:
6801
smtpstone/smtp-sink.c.
6802
6803
20020814
6804
6805
Feature: the queue manager now warns when mail for some
6806
destination is piling up in the active queue, and suggests
6807
a variety of remedies. The qmgr_clog_warn_time parameter
6808
controls the time between warnings, mainly so that I could
6809
test the code. To disable these warnings, specify
6810
"qmgr_clog_warn_time = 0". Files: *qmgr/qmgr_entry.c.
6811
6812
20020815
6813
6814
Paranoia: truncate the DNS response length result value in
6815
case it is larger than the result buffer length (the resolver
6816
documentation is vague about this). File: dns/dns_lookup.c.
6817
6818
20020816
6819
6820
Cleanup: "postqueue -f" now also triggers delivery of mail
6821
in the maildrop directory. This is needed when the master
6822
does not frequently wake up the pickup service. Files:
6823
global/mail_flush.c, postqueue/postqueue.c.
6824
6825
20020818
6826
6827
Cleanup: the qmgr_site_hog_factor feature is gone (defer
6828
mail if a site uses up too much space in the active queue).
6829
Instead, the qmgr_clog_warn_time feature provides better
6830
solutions. File: qmgr/qmgr_message.c.
6831
6832
20020819
6833
6834
Feature: new header/body_checks HOLD pattern that causes
6835
mail to be placed on the "hold" queue for manual inspection.
6836
Files: global/hold_message.[hc], cleanup/cleanup_message.c.
6837
6838
20020820
6839
6840
Bugfix: yesterday's HOLD pattern code did not update the
6841
cleanup server's idea of the queue file name for error
6842
recovery and for error reporting purposes, so that incomplete
6843
or content rejected mail would not be deleted from the
6844
queue, and so that the bouncer would not find the queue
6845
file.
6846
6847
Bugfix: the #ifdef that detects too old LDAP libraries was
6848
in the wrong place. Victor Duchovni. File: util/dict_ldap.c.
6849
6850
Feature: new header/body_checks DISCARD pattern that causes
6851
mail to be silently discarded. Files: global/cleanup_user.h,
6852
cleanup/cleanup_message.c, cleanup/cleanup_api.c.
6853
6854
Bugfix: the local delivery agent's mailbox duplicate delivery
6855
eliminator was not updated in the days that address extensions
6856
were added to Postfix. The other local duplicate eliminators
6857
probably need revision as well. File: local/mailbox.c.
6858
6859
20020821
6860
6861
Feature: HOLD and DISCARD actions in SMTPD access tables.
6862
These requests are propagated to the cleanup daemon. Files:
6863
cleanup/cleanup_envelope.c smtpd/smtpd_check.c.
6864
6865
Cleanup: eliminate unnecessary references to the obsolete
6866
program_directory configuration parameter (but keep the
6867
parameter so as to not break existing installations).
6868
Matthias Andree, many little changes in documentation.
6869
6870
20020822
6871
6872
Bit Rot: OpenLDAP incompatible change with URL parsing.
6873
Patches by Will Day, Georgia Tech, and Carsten Hoeger,
6874
SUSE. File: util/dict_ldap.c.
6875
6876
20020823
6877
6878
Bugfix: added a missing memset() call to wipe the lookup
6879
key in dict_db_delete(). This is needed by some Berkeley
6880
DB implementations. Patch by Katsu Yamamoto, Fujitsu.
6881
6882
Bugfix: when permit_mx_backup is unable to make a decision
6883
due to DNS problems, set the "defer if reject" flag so that
6884
other restrictions will not cause mail to be rejected.
6885
File: smtpd/smtpd_check.c.
6886
6887
Feature: instead of giving up immediately after DNS failure,
6888
turn on the "defer_if_permit" flag when reject_unknown_hostname,
6889
reject_unknown_sender_domain or reject_unknown_recipient_domain
6890
are unable to make a decision, and see if any subsequent
6891
restrictions would still cause the mail to be rejected.
6892
File: smtpd/smtpd_check.c.
6893
6894
Feature: "FILTER transport:nexthop" is now also available
6895
in SMTPD access tables.
6896
6897
20020826
6898
6899
Workaround: HP-UX 11 accept() fails with ENOBUFS when the
6900
client disconnects early. File: sane_accept.c.
6901
6902
20020901
6903
6904
Cleanup: postfix-install no longer installs all the manual
6905
pages under $POSTFIXSOURCE/man, so we can generate manual
6906
pages for smtp-sink etc. File: man/Makefile.in.
6907
6908
20020903
6909
6910
Bugfix: the rmail script should have been updated when
6911
Postfix sendmail was changed to recognize `.' as the end
6912
of input. Problem fix by Christian Kratzer, cksoft.de.
6913
File: auxiliary/rmail/rmail.
6914
6915
Feature: specify "maximal_queue_lifetime = 0" for mail that
6916
should be returned immediately after the first unsuccessful
6917
delivery attempt. Files: qmgr/qmgr.c, nqmgr/nqmgr.c.
6918
6919
20020904
6920
6921
Bugfix: qmail compatibility: qmqpd should support any
6922
character at the end of the VERP prefix in prefix@host-@[].
6923
Based on a patch by LaMont Jones, HP.
6924
6925
20020905
6926
6927
Feature: "smtpd_data_restrictions = reject_unauth_pipelining"
6928
blocks mail from SMTP clients that send message content
6929
before Postfix has replied to the DATA command. File:
6930
smtpd/smtpd.c, smtpd/smtpd_check.c.
6931
6932
Bugfix: the LDAP client dumped core in verbose mode.
6933
Reported by Will Day and others. File: util/dict_ldap.c.
6934
6935
20020906
6936
6937
Cleanup: dict_regexp module speedups by avoiding unnecessary
6938
substring overhead while matching strings. Based on a
6939
suggestion by Liviu Daia. This involved major rewriting of
6940
the regexp map code. File: util/dict_regexp.c.
6941
6942
20020907
6943
6944
Feature: IF..ENDIF support based on code by Bert Driehuis.
6945
This involved a further rewrite of the regexp map code.
6946
File: util/dict_regexp.c.
6947
6948
6949
200209010
6950
6951
Bugfix: the SMTP client produced suprious warnings about
6952
trouble with fallback_relay hosts. File: smtp/smtp_connect.c.
6953
6954
Robustness: don't wait with detecting broken SMTP connections
6955
until reading input. Leandro Santi. File: smtpd/smtpd_chat.c.
6956
6957
200209011
6958
6959
Workaround: IRIX 6 can't do ioctl FIONREAD on pipes. This
6960
breaks the in_flow_delay feature. File: util/sys_defs.h.
6961
6962
20020912
6963
6964
Bugfix: canonical/virtual mapping core dump with a null
6965
right-hand side address. Report by Jussi Silvennoinen.
6966
File: global/mail-addr_crunch.c.
6967
6968
Feature: IF..ENDIF support based on code by Bert Driehuis.
6969
This involved a rewrite of the pcre map code similar to
6970
the regexp map code. File: util/dict_pcre.c.
6971
6972
20020917
6973
6974
Feature: on Linux, support for PCRE lookup tables is now
6975
compiled in if the PCRE library code is found under
6976
/usr/include and /usr/lib. File: makedefs.
6977
6978
20020918
6979
6980
Documentation: postsuper(1) did not document the -c option.
6981
6982
Bugfix: possible longjump() before setjmp(). File:
6983
smtpd/smtpd.c.
6984
6985
Bugfix: pickup should not preserve INSPECT or FILTER records
6986
from "postsuper -r". File: pickup/pickup.c.
6987
6988
20020919
6989
6990
Feature: "reject_rbl <domain>" for client address blacklisting
6991
by LaMont Jones, including $name expansion for per-domain
6992
customized response messages. The obsolete reject_maps_rbl
6993
is now a wrapper that uses the new code.
6994
6995
20020921
6996
6997
Internal: added caching and factored out common code that
6998
will be used for both reject_rbl and for the upcoming
6999
reject_rhsbl restriction.
7000
7001
20020922
7002
7003
Feature: "reject_rhsbl <domain>" for sender domain
7004
blacklisting. Provides the same per-domain customized
7005
response message mechanisms with $name expansion as
7006
reject_rbl.
7007
7008
Safety: the smtpd_expansion_filter parameter controls what
7009
characters are allowed in the expansion of $name macros in
7010
template RBL responses.
7011
7012
Cleanup. In order to make sensible warnings possible when
7013
expanding a non-existent $name in RBL reply templates,
7014
mac_expand() had to be changed so that an empty string
7015
result (i.e. the name does exist) will no longer cause
7016
${name?text} to succeed. File: util/mac_expand.c.
7017
7018
20020923
7019
7020
Cleanup. Renamed the RBL features according to a scheme
7021
that was suggested by Liviu Daia in October 2001. The names
7022
are reject_rbl_client and reject_rhsbl_sender, respectively.
7023
Added domain name based reject_rhsbl_client and
7024
reject_rhsbl_recipient restrictions for completeness. The
7025
reject_rbl restriction name is still recognized for
7026
compatibility with systems maintained by LaMont Jones.
7027
7028
20020924
7029
7030
Bugfix: reject_rhsbl_<mumble> was broken when <mumble> was
7031
unavailable, causing the restrictions parser to get out if
7032
sync. Spotted by Ralf Hildebrandt. File: smtpd/smtpd_check.c.
7033
7034
20020928
7035
7036
Bugfix: missing %s in the 20020923 RBL code. This was not
7037
exploitable because Postfix implements only a safe subset
7038
of all printf format operators and because memory for the
7039
result is dynamically allocated. Victor Duchovni. File:
7040
smtpd/smtpd_check.c.
7041
7042
20020929
7043
7044
Updated MacOSX support scripts from Gerben Wierda. Files:
7045
auxiliary/MacOSX/*.
7046
7047
20021009
7048
7049
Bugfix: SIZE errors should be reported at MAIL FROM time,
7050
and should not be postponed (with smtpd_delay_reject = yes)
7051
until RCPT TO time. Reported by Jeroen Scheerder, Utrecht
7052
University. Files: smtpd/smtpd.c smtpd/smtpd_check.c.
7053
7054
20021013
7055
7056
When Postfix development started, Linux mail delivery
7057
software such as procmail did not use kernel locks, and
7058
Postfix picked one that seemed plausible, namely, flock().
7059
In the mean time, Linux mail delivery software seems to
7060
have standardized on fcntl() locks. File: util/sys_defs.h.
7061
7062
Feature: body_checks_size_limit parameter to specify how
7063
much of a message body segment (or attachment, if you prefer
7064
to use that term) is subjected to body_checks inspection.
7065
Default limit: 50 kbytes. Files: global/mime_state.c,
7066
cleanup/cleanup_message.c.
7067
7068
20021015
7069
7070
Bugfix: the code for missing postmaster/mailer-daemon
7071
aliases had to be moved after the code that implements the
7072
luser_relay feature. Files: local/alias.c, local/unknown.c.
7073
7074
Weird? The LMTP client lowercased the MAIL FROM and RCPT
7075
TO addresses. Some remnant of code that someone put in
7076
there long ago. File: lmtp/lmtp_proto.c.
7077
7078
20021024
7079
7080
Feature: proxy_interfaces parameter. Specify your NAT or
7081
other proxy addresses here to avoid mail delivery loops.
7082
Files: global/mail_params.[hc] global/own_inet_addr.[hc]
7083
global/resolve_local.c smtp/smtp_addr.c smtpd/smtpd_check.c.
7084
7085
Paranoia: defend against a very unlikely false alarm in
7086
safe_open().
7087
7088
20021025
7089
7090
Feature: X-Original-To: message headers with the raw original
7091
envelope recipient.
7092
7093
Logging: status=sent/deferred/bounced/ logging now includes
7094
the original recipient address if it differs from the final
7095
address.
7096
7097
20021026
7098
7099
Logging: SMTP UCE reject/warn/hold/discard logging now
7100
includes queue ID. This will break some logfile analyzers.
7101
7102
Logging: SMTP UCE reject/warn/hold/discard logging now
7103
includes the protocol name and, if available, the hostname
7104
given in the SMTP HELO or EHLO command.
7105
7106
Logging: header/body_checks reject/warn/hold/discard logging
7107
now includes the protocol name and, if available, the
7108
hostname given in the SMTP HELO or EHLO command.
7109
7110
20021028
7111
7112
Bugfix: don't reset state after rejected EHLO. Reset state
7113
after HELO. Reported by Karthikeyan Bhargavan, upenn.edu.
7114
Files: smtpd/smtpd.c.
7115
7116
20021029
7117
7118
Bugfix: local(8) did not prepend an X-Original-To: message
7119
header while delivering to command, and local(8) did not
7120
document the X-Original-To: message header.
7121
7122
Workaround: DJBDNS produces a bogus A record when given a
7123
numerical hostname. File: dns/dns_lookup.c.
7124
7125
20021030
7126
7127
Portability: support for Berkeley DB version 4.0 but not
7128
for Berkeley DB version 4.1 (yes, the API is different).
7129
Postfix is now going to be paranoid about the minor version
7130
number, too. File: util/dict_db.c.
7131
7132
Documentation: updated LMTP_README file by Amos Gouaux.
7133
7134
20021031
7135
7136
Bugfix: (bug introduced 20021026) log NOQUEUE when rejecting
7137
ETRN, instead of trying to log a non-existent queue ID.
7138
Victor Duchovni, Morgan Stanley. File: smtpd/smtpd_check.c.
7139
7140
Cleanup: allow optional text after commands in SMTPD access
7141
maps. Based on initial effort by Victor Duchovni, Morgan
7142
Stanley. File: smtpd/smtpd_check.c.
7143
7144
Portability: support for Berkeley DB version 4.1. This
7145
version refuses to open zero-length files. This complicates
7146
lock management and requires extra code to remove broken
7147
files. Files: util/dict_db.c, global/mkmap*.[hc].
7148
7149
20021101
7150
7151
Bugfix: don't complain about out-of-order original recipient
7152
records for finished recipients. Files: *qmgr/qmgr_message.c,
7153
cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c.
7154
7155
Cleanup: further simplified the mkmap wrapper (used by
7156
postmap and postalias only) to remove some hurdles for
7157
Michael Tokarev's CDB support. Files: global/mkmap*.[hc].
7158
7159
20021105
7160
7161
Postalias now produces YP_LAST_MODIFIED and YP_MASTER_NAME
7162
records only when NIS support is compiled in. File:
7163
postalias.c.
7164
7165
20021106
7166
7167
Postalias now puts $myhostname in the YP_MASTER_NAME record,
7168
instead of the possibly bogus gethostname() result. File:
7169
postalias.c.
7170
7171
The PCRE map code did not reject non-numeric replacement
7172
indices in replacement text, and silently treated $text as
7173
$0. Found by Michael Tokarev. File: dict_pcre.c.
7174
7175
20021108
7176
7177
Cleanup: the behavior of the SMTP server's defer_if_permit
7178
flag was changed, in order to maximize the opportunity to
7179
permanently reject mail without opening opportunities for
7180
losing legitimate mail. This was done in cooperation with
7181
Victor Duchovni, Morgan Stanley. File: smtpd/smtpd_check.c.
7182
7183
The defer_if_permit flag is still set when an UCE reject
7184
restriction fails due to a temporary (e.g., DNS) problem,
7185
to prevent unwanted mail from slipping through. However,
7186
the flag is no longer tested at the end of client, helo or
7187
sender restrictions. Instead, the flag is now tested at
7188
the end of the ETRN and recipient restrictions only.
7189
7190
The behavior of the warn_if_reject restriction has changed.
7191
It no longer activates any already made defer_if_permit or
7192
defer_if_reject decisions (the defer_if_reject flag is set
7193
when some UCE permit restriction fails due to a temporary
7194
(DNS) problem, to avoid loss of legitimate mail).
7195
7196
Bugfix: instead of setting the defer_if_permit flag, a
7197
failing reject restriction after warn_if_reject now merely
7198
logs that it would have caused mail to be deferred.
7199
7200
A failing permit restriction after warn_if_reject still
7201
raises the defer_if_reject flag, to avoid loss of legitimate
7202
mail.
7203
7204
20021109
7205
7206
Bugfix: a misguided change to the .forward macro expansion
7207
filter broke .forward file lookup.
7208
7209
Bugfix: missing defer_if_permit test in smtpd_data_restrictions.
7210
Victor Duchovni. File: smtpd/smtpd_check.c.
7211
7212
20021112
7213
7214
Robustness: increase the mime_nesting_limit from 20 to 100,
7215
so that bounces can't loop. Each bounces increases the MIME
7216
nesting level by one. Ralf Hildebrandt and Victor Duchovni.
7217
7218
20021113
7219
7220
Robustness: reinstated SMTP client command flushing to
7221
avoid pipeline stalls. File: smtp/smtp_chat.c.
7222
7223
20021114
7224
7225
Robustness: distinguish between timeout and "lost connection"
7226
when the SMTP server is unable to send a reply to the remote
7227
client. File: smtpd/smtpd_chat.c.
7228
7229
20021115
7230
7231
Bugfix: initialization error with "*" transport table
7232
lookup, reported by LaMont Jones. The transport map lookup
7233
code had grown into a monster and needed to be replaced.
7234
trivial-rewrite/transport.c.
7235
7236
20021115
7237
7238
Start implementing recipient verification. For now this is
7239
done by adding trace flags to queue files. In case of a
7240
verification request, a delivery agent does not deliver,
7241
deliver, it just records what would happen.
7242
7243
This required instrumenting the bounce/defer/sent logging
7244
routines to send their data to the right place depending
7245
on the type of delivery request.
7246
7247
20021116
7248
7249
New trace service. This is used for reporting if a recipient
7250
is deliverable (sendmail -bv) and for producing a record
7251
of delivery attempts (sendmail -v). The report is sent via
7252
email, using the bounce daemon. Files: global/trace.[hc].
7253
7254
This required replacing the bounce/defer logfile format by
7255
an extensible name=value format. Files: global/bounce_log.c,
7256
bounce/bounce_append_service.c.
7257
7258
20021117
7259
7260
New address verification service with simple expiration
7261
and refresh policy. Storage can be in-core or in permanent
7262
table. The daemon is appropriately called "verify". Files:
7263
global/verify_clnt.[hc], verify/verify.c.
7264
7265
20021118
7266
7267
Cleaning up the code for tracing and verification. Files:
7268
global/{log_adhoc,bounce,defer,trace,verify}.[hc].
7269
7270
20021119
7271
7272
New address_verification_negative_cache = yes/no parameter
7273
controls whether Postfix stores the result of negatieve
7274
address verification probes. This reduces cache pollution
7275
but causes Postfix to send a probe for each address
7276
verification service query. File: verify/verify.c.
7277
7278
Added optimistic caching to the verify daemon, so that one
7279
failed probe will not clobber a known to be good address.
7280
As long as some probes succeeed, a good address will stay
7281
cached as OK.
7282
7283
Cleaning up of the bounce daemon's code for bounce, delayed
7284
mail warning and trace notification. Files: bounce/*.[hc],
7285
global/bounce_log.c.
7286
7287
20021120
7288
7289
Changed the probe's sender address to "postmaster" so that
7290
we get better information about the address we're testing.
7291
File: verify/verify.c.
7292
7293
Added some paranoia to the routine that reads data from
7294
the address verification cache. Ignore data that is obviously
7295
bogus. File: verify/verify.c.
7296
7297
20021121
7298
7299
Bugfix: garbage in "user@garbage"@domain address forms may
7300
cause the SMTP or LMTP client to terminate with a fatal
7301
error exit because garbage/tcp is not an existing service.
7302
This cannot be abused to cause the SMTP or LMTP client to
7303
send data into unauthorized ports. Files: *qmgr/qmgr_message.c,
7304
trivial-rewrite/resolve.c.
7305
7306
20021124
7307
7308
Bugfix: don't use same VSTRING buffer for reading and
7309
writing. File: verify/verify.c.
7310
7311
20021128
7312
7313
Feature: hashed hold queue support, with hashing turned on
7314
by default. Omission spotted by Victor Duchovni, Morgan
7315
Stanley. Files: global/hold_message.c, global/mail_params.h.
7316
7317
Bugfix: the LMTP client lost the port(service) information
7318
when parsing host:port information. Victor Duchovni, Morgan
7319
Stanley. Fix is to have a new host_port(3) module that does
7320
the parsing for the SMTP and LMTP clients.
7321
7322
Cleanup: host_port() routine that parses host/port information
7323
more consistently than the existing code in the LMTP and
7324
SMTP clients. Files: smtp/smtp_connect.c, lmtp/lmtp_connect.c,
7325
util/host_port.[hc].
7326
7327
20021130
7328
7329
Cleanup: defer mail when recipient verification takes too
7330
long. File: smtpd/smtpd_proto.c.
7331
7332
Feature: new reject_multi_recipient_bounce restriction, to
7333
reject "MAIL FROM: <>" with multiple recipients. File:
7334
smtpd/smtpd_check.c.
7335
7336
20021201
7337
7338
Compatibility: ignore the new Sendmail -A option. File:
7339
sendmail/sendmail.c.
7340
7341
Workaround: sendmail -v now produces no output. You need
7342
to specify -v -v instead. This is to avoid problems when
7343
people request verbose mail delivery in their mail.rc file.
7344
File: sendmail/sendmail.c.
7345
7346
20021202
7347
7348
Cleanup: hash_queue_depth now defaults to 1 level of
7349
subdirectories. This makes "mailq" faster on most systems,
7350
but will result in poorer worst-case performance when lots
7351
of mail is queued.
7352
7353
The check_relay_domains restriction is going away. The SMTP
7354
server logs a warning and suggests using reject_unauth_destination
7355
instead.
7356
7357
Cleanup: the local(8) and virtual(8) delivery agents did
7358
not prepend X-Original-To: addresses to maildir files.
7359
Omission spotted by Matthias Andree.
7360
7361
Specify "address_verify_sender=" or "address_verify_sender=<>"
7362
to use a null sender address while doing address verification
7363
probes. Beware, doing so may trigger false negatives
7364
because some sites reject mail from the null sender, even
7365
though this is required by RFC standards.
7366
7367
Bugfix: too many levels of dereferencing while testing for
7368
missing reject_rbl_mumble domain names. Patrik Rak. File:
7369
smtpd/smtpd_check.c.
7370
7371
20021203
7372
7373
Bugfix: the FILTER access table action included the FILTER
7374
command in the filter request, where only the transport+destination
7375
were expected. Noel Jones. File smtpd/smtpd_check.c.
7376
7377
Cleanup: virtual_maps is now called virtual_alias_maps, in
7378
order to better distinguish it from virtual_mailbox_maps.
7379
The default value is $virtual_maps for backwards compatibility.
7380
7381
New parameters virtual_alias_domains and virtual_mailbox_domains
7382
for the "domain.tld whatever" lookups. These use the same
7383
syntax as the mydestination parameter. Default settings
7384
are backwards compatible with Postfix 1.1.
7385
7386
Concept: just like $mydestination+$inet_interfaces control
7387
what routes to $local_transport, $virtual_mailbox_domains
7388
now controls what routes to $virtual_transport (default
7389
transport: virtual), and $relay_domains now controls what
7390
routes to $relay_transport (default transport: relay, a
7391
clone of the smtp transport). Everything else routes to
7392
$default_transport as before. This eliminates the need
7393
for transport map entries for every virtual(8) domain, and
7394
avoids performance problems with inbound relay mail. This
7395
was improvement was suggested by Victor Duchovni. File:
7396
trivial-rewrite/resolve.c.
7397
7398
20021206
7399
7400
Cleanup: do allow regexps in aliases, virtual mailbox maps
7401
but do not allow regular expression substitutions. Files:
7402
util/dict.h, util/dict_regexp.c, util/dict_pcre.c.
7403
7404
20021207
7405
7406
Cleanup: deleted the description of sendmail-style virtual
7407
domains from the virtual(5) manual page. This part of
7408
Postfix was too confusing.
7409
7410
Performance: RFC 2821 blesses the use of CNAME domain names
7411
in MAIL FROM and RCPT TO. Not having to expand CNAME domain
7412
names speeds things up a bit. File: smtp/smtp_proto.c.
7413
7414
Workaround: exclude error mailer destinations from transport
7415
mapping lookups :-(. File: trivial-rewrite/resolve.c.
7416
7417
Cleanup: relocated_maps lookups are now moved to the
7418
trivial-rewrite server. As of now, the queue manager no
7419
longer does any map lookups, so it won't restart when maps
7420
change. Files: *qmgr/qmgr_message.c, trivial-rewrite/resolve.c.
7421
7422
Robustness: because the trivial-rewrite server now does
7423
many more table lookups, some of which are often LDAP or
7424
SQL based, trivial-rewrite clients must be be prepared for
7425
the case that the resolver reports a failure while processing
7426
a request (when it was unable to access a lookup table).
7427
Files: trivial-rewrite/resolve.c, local/resolve.c,
7428
smtpd/smtpd_check.c.
7429
7430
Robustness: moving possible LDAP or SQL table lookups into
7431
the trivial-rewrite server also required that trivial-rewrite
7432
be running as multiple processes to reduce lookup latencies.
7433
Files: master/multi-server.c.
7434
7435
Workaround: don't discard all the DNS lookup results when
7436
only one of the results has a malformed name or address.
7437
File: dns/dns_lookup.c.
7438
7439
20021208
7440
7441
Cleanup: with the preliminary address domain classification
7442
concept as implemented by the trivial-rewrite address
7443
resolver, a lot of table lookups could be eliminated from
7444
the SMTP server. Files: smtpd/smtpd_check.c.
7445
7446
Feature: new relay_recipient_maps parameter, for optional
7447
maps with all the recipients in the domains that match
7448
$relay_domains (so you can reject mail for unknown relay
7449
recipients). This is for consistency with virtual_xx_maps
7450
and virtual_xx_domains, and with local_recipient_maps and
7451
the local delivery agent. File: smtpd/smtpd_check.c.
7452
7453
Cleanup: removed support for obsolete #number domain forms.
7454
File: smtpd/smtpd_check.c.
7455
7456
20021209
7457
7458
The Postfix installation procedure no longer sets the
7459
"chattr +S" bit on Linux queue directories. Wietse has
7460
gotten too annoyed with naive reviewers who complain about
7461
performance without having a clue of what they are comparing.
7462
7463
"Security": local_recipient_maps is now turned on by default,
7464
to reject mail for non-existent users at the SMTP port.
7465
See conf/main.cf for instructions, section REJECTING UNKNOWN
7466
LOCAL USERS.
7467
7468
Safety: detection of missing or inaccessible passwd file
7469
database, to prevent massive complaints from people who
7470
suddenly lose all their mail because local_recipient_maps
7471
is now turned on by default.
7472
7473
20021210
7474
7475
Feature: recipient address verification, using the code
7476
that already implements sender address verification. Based
7477
on suggestion by Matthias Andree. Files: src/smtpd/smtpd.c,
7478
src/smtpd/smtpd_check.c.
7479
7480
20021211
7481
7482
Performance: doubled the default process limit (50->100)
7483
and default queue manager active queue message/recipient
7484
limits (10k->20k). File: global/mail_params.h.
7485
7486
Bugfix: the change that begot us multiple trivial-rewrite
7487
processes (good) also gave us multiple verify daemons (bad).
7488
File: conf/post-install.
7489
7490
20021212
7491
7492
Cleanup: allow transport map lookups to override error
7493
mailer results (to avoid breaking existing installations),
7494
and do transport map lookups before relocated map lookups.
7495
Files: trivial-rewrite/resolve.c, trivial-rewrite/transport.c.
7496
7497
Shortened the verify server's negative cache refresh time
7498
from 12 hours to 2 hours. File: global/mail_params.h.
7499
7500
Admin friendliness: the SMTP server now reports "User
7501
unknown in {local recipient | virtual alias | virtual
7502
mailbox | relay recipient} table". This will make trouble
7503
shooting a little easier. Files: smtpd/smtpd_check.c,
7504
trivial-rewrite/resolve.c.
7505
7506
20021213
7507
7508
Cleanup: transport map entries with null nexthop ignored
7509
relayhost settings. Making the code simpler also made it
7510
more correct. Files: trivial-rewrite/resolve.c,
7511
trivial-rewrite/transport.c.
7512
7513
Feature: "helpful_warnings" (default: yes) that can be
7514
turned off if you really know what you're doing and want
7515
to eliminate some unnecessary work.
7516
7517
Feature: enforcement of master.cf process limits for
7518
processes such as qmgr and pickup that must run alone, and
7519
processes such as cleanup and bounce that must run without
7520
explicit process count limit. If an incorrect process limit
7521
is specified in master.cf the service aborts.
7522
7523
20021214
7524
7525
Cleanup: it looks like we finally get it right with transport
7526
lookup table entries that either override or specify an
7527
error transport without updating the nexthop information.
7528
File: trivial-rewrite/resolve.c.
7529
7530
Robustness: don't probe the sender address when probed for
7531
our own address verification probe sender address. File:
7532
smtpd/smtpd_check.c.
7533
7534
Performance: don't do UCE checks (which may result in 4xx
7535
SMTP reply codes, and thus, repeated delivery attempts)
7536
when we already know that the recipient does not exist.
7537
Files: smtpd/smtpd.c, smtpd/smtpd_check.c.
7538
7539
20021215
7540
7541
Cleanup: further simplification of transport map handling
7542
after some really fine hair splitting with Victor Duchovni.
7543
Files: trivial-rewrite/resolve.c, trivial-rewrite/transport.c.
7544
7545
20021216
7546
7547
Workaround: transform the address local-part into unquoted
7548
form only when the address domain is local and the local-part
7549
contains routing operators. Otherwise, we may damage the
7550
address local-part by inserting space between non-operator
7551
tokens. Some people use weird addresses and expect them to
7552
be handled without damage. File: trivial-rewrite/resolve.c.
7553
7554
Robustness: scan the resolved recipient address for routing
7555
operators in the address local-part, even when the local
7556
MTA does not recognize ! and % as valid operators. File:
7557
trivial-rewrite/resolve.c.
7558
7559
Cleanup: the address rewriting code no longer tries to
7560
rewrite broken user@ or user@. address forms into even more
7561
broken forms. bother. File: trivial-rewrite/rewrite.c.
7562
7563
Cleanup: the address resolver code now treates forms ending
7564
in @ in a more rational manner (because the address rewriting
7565
code no longer messes up by appending .my.domain).
7566
7567
Bugfix: a null address local-part before @domain now is
7568
properly quoted just like the null address. File:
7569
global/quote_82[12]_local.c.
7570
7571
7572
20021217
7573
7574
Cleanup: more work on the trivial-rewrite address rewriting
7575
and address resolving code. New regression tests for address
7576
rewriting and resolving that make some assumptions about
7577
main.cf settings. Files: global/Makefile.in (assumptions),
7578
global/rewrite_clnt.in, global/rewrite_clnt.ref,
7579
global/resolve_clnt.in, global/resolve_clnt.ref.
7580
7581
Safety: configurable SMTPD reject codes for recipients not
7582
in {local,relay}_recipient,virtual_{alias,mailbox}}_maps,
7583
aptly named unknown_mumble_reject_code. Postfix installs
7584
with unknown_local_recipient_reject_code=450, unless the
7585
site already ran Postfix with local_recipient_maps enabled.
7586
Files: smtpd/smtpd.c, smtpd/smtpd_check.c, conf/post-install.
7587
7588
20021218
7589
7590
Feature: specify unverified_recipient_reject_code=250 or
7591
unverified_sender_reject_code=250 to accept mail for an
7592
address that is known to bounce. File: smtpd/smtpd_check.c.
7593
7594
20021219
7595
7596
Bugfix: longjmp() while sending "go away" without setjmp()
7597
in the QMQP server. Patrik Rak. File: qmqpd/qmqpd.c.
7598
7599
Safety: the XVERP extension is restricted to clients listed
7600
in the authorized_verp_clients list (default: $mynetworks).
7601
File: smtpd/smtpd.c.
7602
7603
Workaround: preliminary IPV6 support in valid_hostliteral().
7604
File: util/valid_hostname.c.
7605
7606
20021220
7607
7608
Bugfix: the reject_multi_recipient_bounce restriction had
7609
an off-by-one error when used in smtpd_data_restrictions.
7610
File: smtpd/smtpd_check.c.
7611
7612
Feature: new check_recipient_maps restriction that gives
7613
finer control over when unknown recipients are rejected.
7614
As with Postfix 1.1, the default is to do this at the end
7615
of the recipient restrictions. Sites that want to improve
7616
performance can put check_recipient_maps at the start of
7617
the smtpd_client_restrictions list and avoid doing unnecessary
7618
RBL lookups etc. File: smtpd/smtpd_check.c.
7619
7620
Feature: new show_user_unknown_recipient_table parameter
7621
controls whether or not to reveal the lookup table name in
7622
"User unknown" responses. The extra detail makes trouble
7623
shooting easier but also reveals information that is nobody
7624
elses business.
7625
7626
20021221
7627
7628
Workaround: don't allow the transport map to override the
7629
virtual alias class (error:User unknown) result. File:
7630
trivial-rewrite/transport.c.
7631
7632
20030101
7633
7634
Documentation update: new-style virtual domains broke the
7635
advanced content filtering example. Files: FILTER_README,
7636
RELEASE_NOTES-2.0.
7637
7638
20030102
7639
7640
Cleanup: use different client instances when the same map
7641
is opened with different flags. File: global/maps.c.
7642
7643
Feature: proxymap server for Postfix table lookups. This
7644
helps to consolidate the number of open lookup tables (such
7645
as MYSQL or LDAP), or to overcome chroot restrictions
7646
(example: specify proxy:unix:passwd.byname to avoid the
7647
need for a copy of the UNIX passwd file in chroot jails).
7648
Files: global/dict_proxy.[hc], proxymap/proxymap.c
7649
7650
Cleanup: multiservers such as trivial-rewrite and the new
7651
proxymap server now enforce the max_use total client number
7652
limit more agressively, by not accepting new connections
7653
after the limit is reached. Based on a patch by Victor
7654
Duchovni, Morgan Stanley. File: master/multi_server.c.
7655
7656
20030103
7657
7658
Cleanup: client stream endpoints not only have an idle time
7659
limit ($ipc_idle) before a connection is closed, they now
7660
also have a time to live ($ipc_ttl) to prevent connections
7661
from becoming too persistent. This allows multi-servers
7662
such as trivial-rewrite or the proxymap server to refresh
7663
more frequently on busy systems. File: global/clnt_stream.c.
7664
7665
20030104
7666
7667
Cleanup: avoid warnings about flag mismatches when the same
7668
lookup table is listed under both virtual_alias_maps and
7669
virtual_mailbox_maps. Files: global/virtual8.h, virtual/virtual.c.
7670
7671
Bugfix: an obscure memory leak that puzzled me for more
7672
than a year until I found out how to reproduce it. File:
7673
util/vstream.c.
7674
7675
20030105
7676
7677
Cleanup: removed the address syntax check from the queue
7678
manager, since a better test was implemented recently in
7679
the trivial-rewrite server. Files: *qmgr/qmgr_message.c.
7680
7681
Bugfix: redirect bounce/defer to the address verification
7682
service where appropriate. Files: *qmgr/qmgr_bounce.c,
7683
*qmgr/qmgr_defer.c.
7684
7685
Bugfix: "no such file or directory" warnings after "postfix
7686
reload" when a chrooted smtpd reconnects to the proxy
7687
service. Fix: use "private/proxymap" if possible, otherwise
7688
use "$queue_dir/private/proxymap". File: global/dict_proxy.c.
7689
7690
Robustness: daemons now chdir() to the queue directory
7691
before running the pre-jail initialization code, so that
7692
daemons running in stand-alone mode produce more consistent
7693
results. Files: master/single_server.c, master/multi_server.c.
7694
master/trigger_server.c.
7695
7696
Bugfix: "sendmail -bs" tried to access the proxymap service.
7697
It should not try to open any user/domain/uce related tables
7698
at all. File: smtpd/smtpd.c.
7699
7700
20030106
7701
7702
Bugfix: bouncing to owner-alias was broken, i.e. the mail
7703
kept being deferred, and when that was fixed, another buglet
7704
came to light. File: bounce/bounce.c.
7705
7706
Robustness: the master no longer aborts with "address
7707
already in use" when inet_interfaces specifies the same IP
7708
address multiple times, or when a TCP service in master.cf
7709
specifies a hostname for which the same IP address is listed
7710
multiple times. File: master/master_ent.c.
7711
7712
20030107
7713
7714
Robustness: check that FILTER actions in SMTPD access maps
7715
or cleanup header/body_checks have plausible syntax. Files:
7716
smtpd/smtpd_check.c, cleanup/cleanup_message.c.
7717
7718
20030109
7719
7720
Cleanup: unnecessary "premature end of file on xxx while
7721
reading yyy" warnings became exposed after some code
7722
simplification. Files" global/*_clnt.c, global/dict_proxy.c
7723
7724
Robustness: undo the change that causes a multi-server
7725
process to stop accepting new connections while it still
7726
services existing clients for an extended amount of time.
7727
We need a better process retirement strategy. File:
7728
master/multi_server.c.
7729
7730
20030110
7731
7732
Cleanup: the virtual_mailbox_maps parameter is now optional
7733
even when virtual_mailbox_domains is. This makes virtual
7734
mailbox domains more like relay domains and the local
7735
domain.
7736
7737
Portability: the makedefs script now uses the pcre-config
7738
utility to find out where things are installed.
7739
7740
Bugfix: the SMTP server did not recognize the local built-in
7741
double bounce address as local. Reported by Matthias Andree.
7742
For safety sake, threw in the local postmaster address as
7743
well. File: smtpd/smtpd_check.c.
7744
7745
20030113
7746
7747
Added MAILER-DAEMON to the list of always recognized local
7748
addresses, since it is generated by Postfix bounces. File:
7749
smtpd/smtpd_check.c.
7750
7751
20030114
7752
7753
Bugfix: transport_errno was not reset upon successful
7754
transport map wildcard lookup after an earlier failure.
7755
Reported by Victor Duchovni. File: trivial-rewrite/transport.c.
7756
7757
Cleanup: unnecessary warnings from the proxymap client
7758
after proxymap server disconnect. File: global/dict_proxy.c.
7759
7760
Cleanup: Patrik Rak found a few more chattr invocations
7761
that were missed 20021209. Files: postfix-install,
7762
conf/post-install.
7763
7764
Cleanup: the pcre-config command can produce null outputs.
7765
Matthias Andree. File: makedefs.
7766
7767
Bugfix: the virtual(8) Makefile included $(AUXLIBS) in the
7768
dependencies.
7769
7770
20030118
7771
7772
Typos: some hyperlinks referred to flushd, which is the
7773
name that was used before the flush service was released.
7774
Reported by Victor Duchovni.
7775
7776
Cleanup: smtpd no longer needed to open relocated_maps.
7777
7778
20030119
7779
7780
Cleanup: bounce messages used "X-Postfix" even when mail_name
7781
was set to something other than the default "Postfix" name.
7782
File: bounce/bounce-notify_util.c.
7783
7784
20030120
7785
7786
Bugfix: wrong FILTER_README instructions for disabling
7787
virtual alias mapping in the cleanup server before the
7788
content filter.
7789
7790
Bugfix: wrong FILTER_README instructions for destination-dependent
7791
filtering, because relay_domains was specified incorrectly.
7792
7793
20030122
7794
7795
Bugfix: 20021207 (move relocated table lookup from queue
7796
manager to trivial-rewrite server) broke relocated table
7797
lookup results with mail not rejected at the SMTP port.
7798
Files: *qmgr/qmgr_deliver.c, *qmgr/qmgr_message.c.
7799
7800
20030123
7801
7802
Bugfix: a widely used maildir filename algorithm was broken.
7803
Postfix now uses TIME.DEVICE_INODE.HOST. Files: local/maildir.c,
7804
virtual/maildir.c.
7805
7806
20030124
7807
7808
Cleanup: queue structures no longer overload queue name
7809
and nexthop destination. Files: *qmgr/qmgr_message.c,
7810
*qmgr/qmgr_queue.c, *qmgr/qmgr_deliver.c.
7811
7812
20030125
7813
7814
Feature: "REDIRECT user@domain" action in access maps or
7815
in header/body_checks causes mail to be sent to the specified
7816
address instead of the intended recipient(s). I would never
7817
recommend that people use this to redirect (bounced) SPAM
7818
to the beneficiaries of an advertisement campaign. Files:
7819
smtpd/smtpd_check.c, cleanup/cleanup_message.c,
7820
*qmgr/qmgr_message.c.
7821
7822
20030126
7823
7824
Update: maildir filename algorithm updated according to
7825
today's version of http://cr.yp.to/proto/maildir.html.
7826
7827
20030127
7828
7829
Cleanup: use separate error messages for separate problems
7830
with computing the list of SASL authentication mechanisms.
7831
File: smtpd/smtpd_sasl_glue.c.
7832
7833
20030130
7834
7835
Bugfix: allow $name in default time values. File:
7836
global/mail_conf_time.c.
7837
7838
20030205
7839
7840
Feature: allow !, /file/name and map:name in masquerade_exceptions.
7841
By Liviu Daia. Files:cleanup_init.c, cleanup.h,
7842
cleanup_masquerade.c.
7843
7844
20030219
7845
7846
Bugfix: the local pickup daemon skipped unterminated records,
7847
since they happened to have the same record type code as
7848
content filtering instructions. Victor Duchovni. Files:
7849
global/rec_type.h, pickup/pickup.c.
7850
7851
Portability: Postfix could block, and thus not enforce
7852
command execution time limits, while delivering mail to
7853
command. File: global/pipe_command.c.
7854
7855
Bugfix: command execution time limits were not enforced
7856
because the child process killing code in pipe_command()
7857
was running with the wrong privileges. Problem reported by
7858
Ben Rosengart, Panix. File: global/pipe_command.c.
7859
7860
Bugfix: duplicate recipient filtering in the cleanup server
7861
did not eliminate virtual expansion duplicates with the
7862
same original recipient. File: cleanup/cleanup_out_recipient.c.
7863
7864
20030223
7865
7866
Cleanup: added postmap/postalias -p option (do not inherit
7867
the source file permissions when creating a new file), for
7868
completeness. A feature that can't be turned off is a bug.
7869
Files: postmap/postmap.c, postalias/postalias.c.
7870
7871
Bugfix: smtpd_hard/soft_error_limit off-by-one error, so
7872
that the real limit was one larger than the configured
7873
value. File: smtpd/smtpd.c, smtpd/smtpd_chat.c.
7874
7875
20030226
7876
7877
Safety: proxymap server defense against potential deadlock
7878
when some library routine wants to open a proxied table.
7879
Instead, proxymap opens the requested table directly. File:
7880
proxymap/proxymap.c.
7881
7882
Portability: updated AIX 5.x system dependent definitions.
7883
File: util/sys_defs.h.
7884
7885
20030227
7886
7887
Bugfix: added mynetworks to the list of proxy_read_maps
7888
parameter settings that are pre-authorized to use proxied
7889
table lookups. File: global/mail_params.h.
7890
7891
Cleanup: daemons now log what table has changed before
7892
restarting. Files: dict.c, and anything that invoked
7893
dict_changed().
7894
7895
Cleanup: more consistency in the naming of lookup table
7896
handles as generated by maps(3) and by match_list(3).
7897
7898
20030305
7899
7900
Workaround: Postfix removes too long non-address text from
7901
message headers in order to protect vulnerable Sendmail
7902
systems against exploitation of the remote buffer overflow
7903
vulnerability described in CERT advisory CA-2003-07.
7904
7905
20030311-19
7906
7907
Bugfix: the access map actions HOLD, DISCARD, FILTER and
7908
REDIRECT were broken with smtpd_delay_reject=no and with
7909
ETRN. This required re-architecting of the actions code.
7910
Files: smtpd/smtpd.[hc], smtpd/smtpd_check.c, smtpd/smtpd_state.c.
7911
7912
20030315
7913
7914
Bugfix: the postsuper manual page documented support for
7915
the -c command line option, but it was not implemented.
7916
File: postsuper/postsuper.c.
7917
7918
Bugfix: the Postfix 2.0 recipient map checking code broke
7919
the VRFY command, causing it to reply with status code 252
7920
for non-existent addresses. This required re-architecting
7921
the recipient table lookup code. File: smtpd/smtpd_check.c.
7922
7923
20030319
7924
7925
Feature: configurable limit on virtual alias expansion size
7926
and nesting depth, via the virtual_alias_expansion_limit
7927
and virtual_alias_recursion_limit parameters. The default
7928
limits are compatible with past Postfix versions. Victor
7929
Duchovni, Morgan Stanley. Files: /sample-resource.cf,
7930
html/resource.html, cleanup/cleanup.c, cleanup/cleanup_init.c,
7931
cleanup/cleanup_map1n.c.
7932
7933
Feature: the installation procedure records build information
7934
(by default: in /etc/postfix/makedefs.out).
7935
7936
20030324
7937
7938
Bugfix: smtp-source flushed too often, causing suboptimal
7939
performance with smtp-source sending directly into smtp-sink.
7940
Files: smtpstone/smtp-source.c.
7941
7942
20030410
7943
7944
Safety: log a fatal error when a net/mask pattern has a
7945
non-zero host part, so that mail delivery is deferred.
7946
File: util/match_ops.c.
7947
7948
20030411
7949
7950
Bugfix: extraneous warning about out-of-order original
7951
recipient records by Patrik Rak. Files: *qmgr/qmgr_message.c.
7952
7953
20030412
7954
7955
Workaround: log a warning and reset the queue file time
7956
stamps when the file system clock is ahead of the local
7957
clock. File: global/mail_stream.c.
7958
7959
20030414
7960
7961
Feature: PostgreSQL client module, adopted by LaMont Jones.
7962
Files: README_FILES/PGSQL_README, util/dict_pgsql.c,
7963
util/dict_pgsql.h, conf/sample-pgsql-aliases.cf.
7964
7965
Cleanup: the generic smtp client/server code in smtp_stream.c
7966
now has an explicit flush operation, and the smtp-source/sink
7967
programs are updated to take advantage of this.
7968
7969
Cleanup: the file system clock drift detection code now
7970
runs only once per process instance, to minimize the
7971
performance impact. File: global/mail_stream.c.
7972
7973
Robustness: avoid TIME_WAIT state with smtp/qmqp-source
7974
client sockets. This puts less strain on local system
7975
resources.
7976
7977
20030415
7978
7979
Cleanup: the file system clock drift detection code now
7980
runs only for incoming mail. File: global/mail_stream.c.
7981
7982
20030416
7983
7984
Bugfix: missing partial last line when 1) someone submits
7985
8-bit mail not ending in newline via /usr/sbin/sendmail
7986
and 2) MIME input processing is turned off, and 3) MIME
7987
8bit->7bit conversion is requested upon delivery via SMTP.
7988
7989
Cleanup: auto-bcc recipients are now added in one place
7990
(the cleanup server) instead of by individual front-end
7991
servers (pickup, smtpd, qmqpd). This makes it easier to
7992
add auto-bcc features that trigger on sender or recipient
7993
addresses.
7994
7995
Cleanup: "sendmail -t" (recipients from headers) is now
7996
implemented by the sendmail command instead of by the
7997
cleanup server. This means that the extract_recipient_limit
7998
configuration parameter is no longer needed. Files:
7999
sendmail/sendmail.c, cleanup/cleanup_message.c,
8000
cleanup/cleanup_extracted.c.
8001
8002
Compatibility: "sendmail -t" (recipients from headers) now
8003
accepts command-line recipients instead of complaining.
8004
The extracted header recipients are added to the command-line
8005
recipients.
8006
8007
Feature: sender/recipient_bcc_maps. These are indexed by
8008
sender/recipient address and are examined when mail enters
8009
from outside of Postfix. Files: cleanup/cleanup_addr.c.
8010
cleanup/cleanup_envelope.c cleanup/cleanup_extracted.c.
8011
8012
20030417
8013
8014
Feature: the SMTP client now falls back to native name
8015
service lookups (including /etc/hosts) when a host cannot
8016
be found in the DNS. This is controlled by a new parameter
8017
smtp_host_lookup (default: dns, native). Files: smtp/smtp.c,
8018
smtp/smtp_addr.c.
8019
8020
20030418
8021
8022
Bugfix: "sendmail -t" broke with unrecognized message
8023
headers.
8024
8025
20030419
8026
8027
Feature: "postcat -q" searches the queue for the named
8028
file.
8029
8030
Cleanup: made postcat "record names" output more consistent.
8031
8032
20030421
8033
8034
Debugging: added some extra detailed error logging to the
8035
pipe-to-command delivery, to help folks with bizarre file
8036
truncation problems. File: global/pipe_command.c.
8037
8038
20030424
8039
8040
Cleanup: readlline() did not terminate the result before
8041
complaining about lines starting with whitespace.
8042
8043
Cleanup: eliminated valid_hostname warning for invalid
8044
queue file names. File: global/mail_queue.c.
8045
8046
Bugfix: lost three lines of code when readying the postcat
8047
command for release, which broke postcat -q. File:
8048
postcat/postcat.c.
8049
8050
Bugfix: the Postfix sendmail command applied the message
8051
size limit when running as newaliases. The limiting code
8052
is now moved to the message enqueuing branch of the code.
8053
File: sendmail/sendmail.c.
8054
8055
Documentation: start of documentation for the algorithm of
8056
Patrik Rak's clever queue manager scheduler (nqmgr). Files:
8057
conf/sample-scheduler.cf, README_FILES/SCHEDULER_README.
8058
8059
20030429
8060
8061
Bugfix: while verifying an address, the LMTP client entered
8062
a forbidden "next" sender state after the last recipient.
8063
Fix by Vladimir Davydoff. File: lmtp/lmtp_proto.c.
8064
8065
Bugfix: "," was not recognized in proxy_read_maps settings.
8066
Fix by Leandro Santi. File: proxymap/proxymap.c.
8067
8068
20030502
8069
8070
Bugfix: defer delivery after .forward etc. file read error.
8071
File: local/token.c. Problem reported by Ben Rosengart,
8072
Panix.
8073
8074
20030503
8075
8076
Bugfix: the Postfix LMTP client used the wrong service
8077
name, causing trouble with SASL 2.1.13. Daniel Schales,
8078
Louisiana Tech. File: lmtp/lmtp_sasl_glue.c.
8079
8080
20030518
8081
8082
Workaround: IRIX select() reports that a non-blocking file
8083
descriptor is writable while write() transfers zero bytes.
8084
File: util/vstream.c. Superseded by change 20030523.
8085
8086
20030520
8087
8088
Cleanup: future time stamps in Received: headers and negative
8089
delays in delivery agent logging after "postdrop -r",
8090
because deferred queue files had future file modification
8091
times. File: src/postsuper/postsuper.c.
8092
8093
20030521
8094
8095
Cleanup: nqmgr warnings about "recipient count mismatch"
8096
after "postdrop -r", because the cleanup server did not
8097
count the "already done" recipients. Problem reported by
8098
Richard Stockton, Gramma Software. Files:
8099
cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c.
8100
8101
20030523
8102
8103
Workaround: IRIX select() reports that a non-blocking file
8104
descriptor is writable while write() transfers zero bytes.
8105
File: global/pipe_command.c.
8106
8107
20030523-20030605
8108
8109
Cleanup: rewrote the queue file record processing loops in
8110
pickup, cleanup and in [n]qmgr. This code had deteriorated
8111
a lot as the result of small changes over the years. This
8112
change brings the code closer to "obviously correct". Files:
8113
cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c,
8114
*qmgr/qmgr_message.c.
8115
8116
Cleanup: Postfix no longer produces queue files with
8117
backwards compatibility data for Postfix versions < 1.0
8118
(a.k.a. 20010228). Files: cleanup/cleanup_extracted.c,
8119
showq/showq.c.
8120
8121
Performance: the queue manager no longer has to examine
8122
every queue file record before it can start deliveries.
8123
This helps to avoid thrashing with very large mailing lists.
8124
Postfix queue files have an extra field in the size record
8125
with queue manager processing hints. This change is backward
8126
and forward compatible. Files: cleanup/cleanup_envelope.c,
8127
cleanup/cleanup_extracted.c, *qmgr/qmgr_message.c.
8128
8129
20030528
8130
8131
Compatibility: "sendmail -q<time>" without -bd option now
8132
exits immediately, instead of waiting for input on the
8133
standard input stream and screwing up system boot sequences.
8134
File: sendmail/sendmail.c.
8135
8136
20030530
8137
8138
Bugfix: client access denied with smtpd_delay_reject=no
8139
broke "sendmail -bs". Fix by Victor Duchovni, Morgan Stanley.
8140
File: smtpd/smtpd.c.
8141
8142
20030531
8143
8144
Compatibility: allow <@site,@site:address> route addresses
8145
in SMTP commands. File: smtpd/smtpd.c.
8146
8147
20030605
8148
8149
Cleanup: input checks moved from the pickup daemon to the
8150
postdrop mail submission command; this is to prepare for
8151
direct mail submission from postdrop->cleanup without going
8152
through the maildrop directory and the pickup service.
8153
Files: pickup/pickup.c, postdrop/postdrop.c.
8154
8155
Bugfix: the "dead host" backoff timer in the MySQL client
8156
didn't work. Fix by Leandro Santi. File: util/dict_mysql.c.
8157
8158
Bugfix: same problem in the PostgreSQL client. File:
8159
util/dict_pgsql.c.
8160
8161
Workaround: turned off non-blocking write to pipe because
8162
too many systems give a weird write() result. File:
8163
global/pipe_command.c.
8164
8165
Cleanup: added support for vstream_fseek(.., .., SEEK_END).
8166
File: util/vstream.c.
8167
8168
20030608
8169
8170
Feature: separate address resolver controls for address
8171
verification probe messages: address_verify_{local,virtual,
8172
relay,default}_transport, address_verify_relayhost, and
8173
address_verify_transport_maps. The default values are the
8174
regular versions of the same controls. Files: trivial-rewrite/*,
8175
global/resolve_clnt.[hc], *qmgr/qmgr_message.c.
8176
8177
20030609
8178
8179
Workaround: Solaris blocking socket read() may hang. Hernan
8180
Perez Masci and Leandro Santi. File: smtpd/smtpd.c.
8181
8182
Bugfix: the "unread recipient" counter needs to be restored
8183
after the queue manager has a problem reading a queue file.
8184
Fix by Patrik Rak. File: nqmgr/qmgr_message.c.
8185
8186
20030610
8187
8188
Cleanup: the verify server now uses asynchronous submission
8189
of mail probes, so it will no longer block for in_flow_delay
8190
seconds when mail arrives faster than it is delivered.
8191
Still need to make mail_stream_finish() asynchronous in
8192
order to avoid blocking for trigger_timeout seconds when the
8193
queue manager is overwhelmed. Files: global/post_mail.c,
8194
verify/verify.c.
8195
8196
Bugfix: removed extraneous sleep() after the last attempt
8197
to retrieve address verification status. File: smtpd/smtpd.c.
8198
8199
20030611
8200
8201
Bugfix: the stricter postdrop input filter broke "sendmail
8202
-bs". Found by Lutz Jaenicke. File: smtpd/smtpd.c.
8203
8204
20030614
8205
8206
Portability: Dropped support for client side LDAP caching.
8207
As of release 2.1.13 OpenLDAP no longer supports client
8208
side caching, it has been deprecated for some time, and
8209
never worked well. Implemented by Victor Duchovni, Morgan
8210
Stanley, and further enhanced by Lamont Jones, HP. Files:
8211
src/util/dict_ldap.c, conf/sample-ldap.cf,
8212
README_FILES/LDAP_README.
8213
8214
Safety: Given suitable invalid database contents, LDAP
8215
lookups can produce too many results, enter an infinite
8216
loop in the expansion of "special result attributes" (LDAP
8217
DNs and LDAP URLs) or just consume excessive server resources
8218
returning large result sets. Three new (per LDAP map)
8219
configuration parameters enable one to set limits on
8220
recursive nesting, result expansion and the server response
8221
"entry" count. Implemented by Victor Duchovni, Morgan
8222
Stanley, further enanced by Lamont Jones, HP. Files:
8223
src/util/dict_ldap.c, conf/sample-ldap.cf,
8224
README_FILES/LDAP_README.
8225
8226
20030616
8227
8228
Feature: in mail delivery status reports, report the sender
8229
address as X-Postfix-Sender. Matthias Andree. File:
8230
bounce/bounce_notify_util.c.
8231
8232
Cleanup: in mail delivery status reports, transform the
8233
original recipient into xtext format as required by RFC
8234
1891. Files: bounce/bounce_notify_util.c, util/xtext.[hc].
8235
8236
Cleanup: more accurate "postfix check" warning for files
8237
that miss one or more of the required mode 02111 execute
8238
permission bits. Matthias Andree. File: conf/postfix-script.
8239
8240
20030618
8241
8242
After "postfix reload", the master daemon now warns when
8243
inet_interfaces has changed, and ignores the change, instead
8244
of passing incorrect information to the smtp server. File:
8245
master/master_ent.c.
8246
8247
20030619
8248
8249
Feature: the Postfix SMTP server can send all mail into a
8250
proxy server, for example a real-time SPAM filter. This
8251
proxy is supposed to send the mail into another Postfix
8252
SMTP server process for normal delivery. Files: smtpd/smtpd.c
8253
smtpd/smtpd_proxy.[hc].
8254
8255
20030620
8256
8257
Bugfix: a cut-and-paste error caused the proxy server's
8258
354 status code to be reported when a proxy connection
8259
broke during the DATA phase. File: smtpd.c.
8260
8261
20030620
8262
8263
Bugfix: after the last change to postdrop, postcat no longer
8264
recognized maildrop files as valid. File: postcat/postcat.c.
8265
8266
Bugfix: after moving "sendmail -t" address extraction to
8267
sendmail, "-t" broke multi-line recipient headers. Victor
8268
Duchovni, Morgan Stanley. File: sendmail/sendmail.c.
8269
8270
20030621
8271
8272
Workaround: the safe_open(O_CREAT) race condition exploit
8273
avoiding code tries a little harder when it encounters a
8274
race condition. File: util/safe_open.c.
8275
8276
20030624
8277
8278
Bugfix: reject_unverified_address() set the defer_if_reject
8279
flag when the verify service was unavailable (which never
8280
happens). Victor Duchovni, Morgan Stanley. File:
8281
smtpd/smtpd_check.c.
8282
8283
New parameters address_verify_poll_{count,delay} that
8284
control how often to poll the address verification service
8285
for the completion of an address verification request.
8286
Specify address_verify_poll_count=1 to implement a crude
8287
form of greylisting, that is, always defer the first delivery
8288
attempt for an unknown address. File: smtpd/smtpd_check.c.
8289
8290
Bugfix: after the last change to postdrop, postcat no longer
8291
recognized non-maildrop queue files as valid. File:
8292
postcat/postcat.c.
8293
8294
20030629
8295
8296
Cleanup: replaced references to "simulated virtual domains"
8297
by "virtual alias domains". Victor Duchovni, Morgan Stanley.
8298
8299
20030630
8300
8301
Feature: smtp_quote_rfc821_envelope=(yes|no) to control
8302
RFC 821 style quoting of MAIL FROM and RCPT TO addresses.
8303
Files: global/mail_params.h, smtp/smtp.c, smtp/smtp_proto.c.
8304
8305
20030701
8306
8307
Bugfix: multi-recipient probes triggered a bug in the SMTP
8308
client. File: smtp/smtp_proto.c.
8309
8310
Feature: enable_original_recipient (default: yes) to control
8311
whether Postfix keeps track of original recipient address
8312
information. Victor Duchovni, Morgan Stanley. Files:
8313
cleanup/cleanup.c, cleanup/cleanup_init.c,
8314
cleanup/cleanup_out_recipient.c, global/log_adhoc.c,
8315
global/mail_copy.c, *qmgr/qmgr_message.c.
8316
8317
Feature: !/pattern/ support for PCRE lookup tables. Victor
8318
Duchovni, Morgan Stanley. Files: util/dict_pcre.c.
8319
8320
Cleanup: allow whitespace after patterns in repexp and pcre
8321
tables. Victor Duchovni, Morgan Stanley. Files:
8322
util/dict_pcre.c, util/dict_regexp.c.
8323
8324
20030702
8325
8326
Feature: CIDR lookup table support, very remotely based on
8327
code by Jozsef Kadlecsik. Files: proto/cidr_table,
8328
util/dict_cidr.[hc].
8329
8330
Feature: TCP lookup table support, finally finished. Files:
8331
proto/tcp_table, proto/dict_tcp.[hc].
8332
8333
20030705
8334
8335
Feature: new receive_override_options parameter controls
8336
what happens before or after an external content filter:
8337
rejecting unknown recipients, canonical and virtual address
8338
mapping, address masquerading, automatic BCC recipients
8339
and header/body checks. This eliminates the need to configure
8340
multiple cleanup services in the master.cf file.
8341
8342
20030707
8343
8344
Feature: context dependent SASL security options (i.e.
8345
different options when TLS is enabled/disabled). Lutz
8346
Jaenicke. Files: */*sasl_glue.[hc].
8347
8348
20030708
8349
8350
Hardened the attr_scan routines for exposure to an untrusted
8351
environment, in preparation for possible use with SMTP
8352
policy delegation to an external server.
8353
8354
Feature: address filter for RBL lookups, for use with
8355
multi-valued RBL services. File: smtpd/smtpd_check.c.
8356
8357
20030709
8358
8359
Cleanup: use off_t instead of int for VSTREAM file offsets.
8360
This was needed for mailboxes > 2GB on 32-bit systems.
8361
Files: util/vstream.c, global/mail_copy.c.
8362
8363
20030710
8364
8365
Support for multiple A and TXT results in RBL lookups.
8366
Victor Duchovni, Morgan Stanley. File: smtpd/smtpd_check.c.
8367
8368
Support for attribute-based query-reply protocols.
8369
Files: util/attr_clnt.[hc], util/auto_clnt.[hc].
8370
8371
20030711
8372
8373
Support for plain "name=value\n" attribute protocol.
8374
Files: util/attr_{scan,print}_plain.c.
8375
8376
Bugfix: the LMTP session caching code did not reset the
8377
EHLO server feature list when it needed to reconnect.
8378
Problem found by Tobias Erbsland.
8379
8380
20030712
8381
8382
Feature: delegated SMTP policy server. As an example, see
8383
the greylisting server in examples/smtpd-policy. Specify
8384
"check_smtpd_policy_service" in smtpd_mumble_restrictions.
8385
See SMTPD_POLICY_SERVICE_README for details.
8386
8387
20030716
8388
8389
Bugfix: in the sample policy server, changed "ok" into
8390
"dunno" so the server can be used in the middle of a
8391
restriction list.
8392
8393
Cleanup: when an RBL reply has multiple TXT records,
8394
concatenate them up to some reasonable limit, instead of
8395
selecting one randomly. File: smtpd/smtpd_check.c.
8396
8397
Safety: always truncate SMTP server error replies to 512
8398
bytes. File: smtpd/smtpd_check.c.
8399
8400
20030717
8401
8402
Documentation: added description of policy_time_limit to
8403
the SMTPD_POLICY_README document.
8404
8405
Documentation: corrected the command time limit parameter
8406
syntax in the spawn(8) manual page.
8407
8408
Feature: defer_if_permit and defer_if_reject actions in
8409
access tables, mainly for use by the delegated policy
8410
server. Files: smtpd/smtpd_check.c, proto/access.
8411
8412
20030725
8413
8414
The dict_pgsql module did not use dict_alloc() and dict_free(),
8415
causing improper initialization and a memory leak. Leandro
8416
Santi. File: util/dict_pgsql.c.
8417
8418
Cleanup: added open_flags sanity checks to the dict_pgsql
8419
and dict_mysql modules. These maps must be opened in
8420
read-only mode.
8421
8422
20030731
8423
8424
Bugfix: virtual(8) was changed to use mail_addr_find()
8425
instead of virtual8_maps_find(), but the SMTP server's
8426
virtual mailbox recipient validation was not updated.
8427
8428
20030804
8429
8430
Bugfix: the 20030712 safety against invalid DNS results
8431
was broken. Reported by Ralf Hildebrandt. File:
8432
dns/dns_lookup.c.
8433
8434
20030805-12
8435
8436
Safety: the pipe daemon now defers delivery with a warning
8437
when it is given a non-existent command-line macro name.
8438
File: pipe/pipe.c.
8439
8440
20030810
8441
8442
Bugfix: dict_ldap had a few harmless memory leaks. By
8443
Liviu Daia. File: util/dict_ldap.c.
8444
8445
Feature: support for LDAP URLs in the LDAP parameter
8446
"server_host", if Postfix is linked against OpenLDAP. This
8447
allows Postfix to connect to LDAP SSL sources. By Liviu
8448
Daia. File: util/dict_ldap.c.
8449
8450
8451
20030811
8452
8453
Cleanup: produce a warning when host:port specifies a badly
8454
formatted numerical port. Files: util/find_inet.c,
8455
smtp/smtp_connect.c, lmtp/lmtp_connect.c.
8456
8457
20030822
8458
8459
Feature: the export_environment and import_environment
8460
parameters now accept name=value information that will be
8461
entered into the new environment. File: util/clean_env.c.
8462
8463
20030823
8464
8465
Feature: smtpd_sasl_exceptions_networks parameter to prevent
8466
Postfix from offering AUTH to clients that match the listed
8467
networks. Based on code by Ben Rosengart, Panix. Files:
8468
conf/sample-auth.cf, smtpd/smtpd.c.
8469
8470
20030902
8471
8472
Portability: the Postfix master resets the file size to
8473
the largest possible off_t value when the actual limit
8474
appears to overflow the off_t range. Files: util/sys_defs.h,
8475
util/file_limit.c. A fine sample of bit banging.
8476
8477
20030905
8478
8479
Workaround: Solaris 8 select() claims that a non-blocking
8480
socket is readable and then read() fails with EAGAIN. Files:
8481
util/timed_read.c and as precautionary measure,
8482
util/timed_write.c.
8483
8484
Bugfix: dict_register() should not be called from dict_open()
8485
in dict_mysql and dict_pgsql. Liviu Daia. Files:
8486
util/dict_mysql.c, util/dict_pgsql.c.
8487
8488
Feature: LDAP parameters can now be specified in external
8489
files. This makes it possible to securely store bind
8490
passwords for plain auth outside of main.cf (which is world
8491
readable). By Liviu Daia, based on a suggestion by Victor
8492
Duchovni and Lamont Jones. File: util/dict_ldap.c.
8493
8494
Feature: STARTTLS option for LDAP, if Postfix is linked
8495
against OpenLDAP. By Liviu Daia, amended by Victor Duchovni.
8496
File: util/dict_ldap.c.
8497
8498
Cleanup: connections to LDAP sources are now postponed
8499
until they are actually needed. By Liviu Daia. File:
8500
util/dict_ldap.c.
8501
8502
20030908
8503
8504
The 20030905 Solaris workaround triggers too many warnings.
8505
TCP sockets are back to blocking, and keepalives are turned
8506
on to kill off dead sockets, as suggested by Leandro Santi.
8507
Files: master/{single,multi}_server.c, smtpd/smtpd.c,
8508
util/sys_defs.h.
8509
8510
20030909
8511
8512
Bugfix: the LMTP session caching code had problems with
8513
SASL authentication after the first connection, and pipelining
8514
was working poorly. Fix by Victor Duchovni, Morgan Stanley.
8515
Files: lmtp/lmtp.c, lmtp/lmtp_proto.c.
8516
8517
20030912
8518
8519
Workaround: besides SMTP server sockets, SMTP client sockets
8520
can also hang on Solaris, as reported by Leandro Santi. In
8521
order to deal with this at the root, all connection management
8522
is now done by sane_accept() and sane_connect(). Both turn
8523
on keepalives on Solaris.
8524
8525
20030913
8526
8527
Safety: set-gid commands don't trust TZ. File: msg_syslog.c.
8528
8529
20030914
8530
8531
Address extension propagation wasn't documented enough when
8532
it was added to Postfix. Based on patches by Roman Neuhauser.
8533
8534
Added clarifying notes to main.cf, master.cf and access by
8535
Dean Gibson.
8536
8537
In header/body_checks, DUNNO is now the preferred action
8538
instead of the now deprecated OK. This may confuse fewer
8539
people.
8540
8541
In header/body_checks, allow text after IGNORE and DUNNO,
8542
suggested by Victor Duchovni, Morgan Stanley. File:
8543
src/cleanup/cleanup_message.c.
8544
8545
Feature: reject_rhsbl_helo. File: smtpd/smtpd_check.c.
8546
8547
Bugfix? The LMTP and SMTP clients now send "MAIL FROM:<sender>
8548
AUTH=<>" when SASL authenticated. Suggested by by Victor
8549
Duchovni, Morgan Stanley. Files: smtp/smtp_proto.c,
8550
lmtp/lmtp_proto.c.
8551
8552
20030915
8553
8554
Bugfix: mail rejected by the before-queue content filter
8555
was mis-labeled as a software error; it should be labeled
8556
as a policy error instead. File: smtpd/smtpd.c.
8557
8558
Cleanup: postcat is now null-byte transparent. File:
8559
postcat/postcat.c.
8560
8561
20030916
8562
8563
Feature: ``check_{sender,recipient}_mx_access maptype:mapname''
8564
applies the named Postfix access table to the MX host name
8565
and IP addresses for the sender or recipient address. If
8566
no MX record is found, the A record is used instead. File:
8567
smtpd/smtpd_check.c.
8568
8569
Feature: ``check_{sender,recipient}_ns_access maptype:mapname''
8570
applies the named Postfix access table to the DNS server
8571
hostname and IP addresses for the sender or recipient
8572
address. If no NS record is found, the parent domain is
8573
used instead. File: smtpd/smtpd_check.c.
8574
8575
20030917
8576
8577
Feature: ``check_helo_{ns,mx}_access maptype:mapname'',
8578
same semantics as sender and recipient.
8579
8580
Multiple LDAP lookup tables in the one Postfix process now
8581
share one LDAP connection. Code by Victor Duchovni, Morgan
8582
Stanley. File: util/dict_ldap.c.
8583
8584
Performance: with prefix_domain specified for an LDAP lookup
8585
table, lookups of @domain are skipped. Code by Victor
8586
Duchovni, Morgan Stanley. File: util/dict_ldap.c.
8587
8588
Safety: check_mumble_{mx,ns}_access refuses to be used for
8589
whitelisting. The Postfix SMTP server will reject the
8590
request with "451 server configuration error" and will log
8591
a warning explaining why. File: smtpd/smtpd_check.c.
8592
8593
20030918
8594
8595
Bugfix: check_mumble_ns_access did not correctly look up
8596
NS records of parent domains, causing mail to be deferred
8597
with a 450 status code. File: smtpd/smtpd_check.c.
8598
8599
20030919
8600
8601
Robustness: check_mumble_{mx,ns}_access skip over DNS lookup
8602
failures instead of deferring mail. This is not as bad as
8603
it appears to be because the restrictions can't be used
8604
for whitelisting. File: smtpd/smtpd_check.c.
8605
8606
20030920
8607
8608
Bugfix: the 20030917 LDAP connection sharing code introduced
8609
a compilation problem with non-OpenLDAP implementations.
8610
Fix by Liviu Daia. File: util/dict_ldap.c
8611
8612
Compatibility: the LDAP server_host parameter now supports
8613
all the usual Postfix list element delimiters. Some LDAP
8614
libraries support just SPACE, others SPACE and ",". Postfix
8615
now normalizes the host list into a space separated format.
8616
This is less surprising to Postfix users used to the full
8617
range of delimeters in other contexts. Implemented by Liviu
8618
Daia. File: util/dict_ldap.c
8619
8620
Bugfix: after returning too old mail, the bounce daemon
8621
now locks the original queue file and deletes deferred
8622
recipients, to avoid repeated bounce notifications when
8623
the queue manager is restarted. Files: bounce/*.[hc],
8624
global/bounce_log.[hc], global/{bounce,defer}.[hc] and
8625
everything that invokes these routines including queue
8626
manager and delivery agents.
8627
8628
20030922
8629
8630
Feature: "XADDR address hostname" SMTP command, for SMTPD
8631
restriction debugging, and for sites with fetchmail-like
8632
software that extracts client information from the first
8633
Received: header. The smtpd_authorized_xaddr_clients
8634
parameter specifies what clients are allowed to use XADDR
8635
(default: none). Files: smtpd/smtpd.c.
8636
8637
20031015
8638
8639
Workaround: smtpd access maps should not apply subdomain
8640
name magic to numerical hostnames. File: smtpd/smtpd_check.c.
8641
8642
Safety: the local delivery agent now defers delivery when
8643
alias lookup produces an empty result. File: local/alias.c.
8644
8645
20031019
8646
8647
Workaround: disable request/reply size limit in attr_scan*.c
8648
to prevent mail from getting stuck when rewriting a malformed
8649
message header. This limit was turned on with snapshot
8650
20030715 to harden the protocol that is used by SMTPD policy
8651
delegation. A "no code change" workaround is to specify
8652
"header_size_limit = $line_length_limit". The proper fix
8653
is to enforce request/reply size limits only for data from
8654
outside of Postfix. Problem reported by Brandon Mullenberg,
8655
Dialup USA. Files: util/attr_scan*.c.
8656
8657
Feature: "XLOGINFO address hostname" SMTP command, so that
8658
Postfix daemons behind SMTPD pass-through proxies log useful
8659
client name/address information instead of localhost[127.0.0.1].
8660
The smtpd_authorized_xloginfo_clients parameter specifies
8661
what clients are allowed to use XLOGINFO (default: none).
8662
Files: smtpd/smtpd.c.
8663
8664
Cleanup: renamed the authorized_verp_clients parameter to
8665
smtpd_authorized_verp_clients for consistency.
8666
8667
20031021
8668
8669
Workaround: the demo greylist script now uses BTREE instead
8670
of HASH files for hopefully better stability. The real fix
8671
is to use a single updater process that serves multiple
8672
clients. That approach seems to work well with the verify
8673
daemon. File: examples/smtpd-policy/smtpd-policy.pl.
8674
8675
20031022
8676
8677
Safety: the SMTP server now warns when the queue_minfree
8678
value is less than twice the message size limit. File:
8679
smtpd/smtpd.c.
8680
8681
Safety: the SMTP server no longer accepts mail when the
8682
amount of free space is less than twice the message size
8683
limit. File: smtpd/smtpd_check.c.
8684
8685
Safety: log a warning and defer mail when canonical or
8686
virtual lookups return a non-address result (like a string
8687
that contains no address). File: global/mail_addr_map.c.
8688
8689
Safety: log a warning and defer mail when any map lookup
8690
returns an empty string result, and explain that "no result"
8691
is expected in case of a "not found" condition. This happens
8692
with incorrectly implemented SQL or LDAP tables. File:
8693
global/maps_find.c.
8694
8695
20031023
8696
8697
Bugfix: the MYSQL and PGSQL modules invoked dict_register().
8698
This was fixed a while ago but never made it into the
8699
distribution. Files: util/dict*sql.c.
8700
8701
Robustness: added three ISSPACE() calls in the smtpd proxy
8702
parser. File: smtpd/smtpd_proxy.c.
8703
8704
20031024
8705
8706
Portability: added localhost to mydestination for sites that
8707
turn off append_dot_mydomain. File: global/mail_params.h.
8708
8709
20031027
8710
8711
Portability: MacOS X Bind8 compatibility. File: makedefs.
8712
8713
20031103
8714
8715
Robustness: flush pipelined "." and "quit" replies to avoid
8716
repeated deliveries in case of a program crash (you know,
8717
the kind of thing that happens before Postfix release :-).
8718
File: smtpd/smtpd.c.
8719
8720
20031105
8721
8722
Portability: turn off NETINFO support for MacOS X Panther
8723
by default. Files: makedefs, util/sys_defs.h.
8724
8725
20031106
8726
8727
Feature: the sample greylist policy server is now case
8728
insensitive. File: examples/smtpd-policy/smtpd-policy.pl.
8729
8730
20031103-20031110
8731
8732
Feature: preliminary defense against SMTP clients that
8733
hammer the SMTP server with too many simultaneous or
8734
successive connection attempts, with a whitelist capability
8735
to disable the restriction for authorized clients. Most
8736
work is implemented by a new "anvil" server. Parameters:
8737
smtpd_client_connection_count_limit, smtpd_client_connection-
8738
_rate_limit, smtpd_client_connection_limit_exceptions, and
8739
client_connection_rate_time_unit. Documentation: smtpd(8),
8740
anvil(8), sample-smtpd.cf. Files: smtpd/smtpd.c,
8741
global/anvil_clnt.[hc], anvil/anvil.c. The anvil server
8742
logs peak count and rate information per client when it
8743
terminates after running out of work or after "postfix
8744
reload".
8745
8746
20031110
8747
8748
Cleanup: Postfix now supports the /0 netmask (match every
8749
address). This is useful as a catch-all pattern at the
8750
end of a table. Files: util/dict_cidr.c, util/match_ops.c.
8751
8752
Cleanup: don't report that $queue_directory/etc/filename
8753
differs from /etc/filename when /etc/filename does not
8754
exist. File: conf/postfix-script.
8755
8756
20031112
8757
8758
Feature: client_connection_status_update_time parameter
8759
controls periodic logging of maximal connection counts or
8760
rates. The default logging interval is 10 minutes.
8761
8762
Feature: "make makefiles WARN=stuff..." overrides the
8763
built-in GCC warning options that are used when "make" is
8764
invoked from within a source subdirectory. Files: makedefs,
8765
*/Makefile.in.
8766
8767
20031125
8768
8769
Feature: qmgr logs "queueid: deleted", just like postsuper,
8770
when it removes a message from the mail queue.
8771
8772
Performance: smtpd connects to the cleanup or proxy server
8773
AFTER the first valid RCPT TO command, instead of after
8774
the first valid MAIL FROM command. This avoid wasting
8775
real-time proxy filter resources when mail is stopped by
8776
the SMTP server's access blocks. File: smtpd/smtpd.c.
8777
8778
20031126
8779
8780
Bugfix: "panic: mymalloc: requested length 0" when master.cf
8781
specified an invalid host name or address. Postfix now
8782
logs more specific information. File: master/master_ent.c.
8783
Reported by several people.
8784
8785
20031125-20031201
8786
8787
Feature: XCLIENT support to override the SMTP server's
8788
client information for logging and/or access control. This
8789
replaces the short-lived XADDR and XLOGINFO extensions.
8790
Remotely based on code by Victor Duchovni. See FILTER_README
8791
and SMTPD_PROXY_README for usage details. Files:
8792
smtpd/{smtpd,smtpd_check,smtpd_proxy,smtpd_xclient}.c
8793
smtp/smtp_smtp_proto.c, *qmgr/qmgr_message.c,
8794
global/deliver_request.c.
8795
8796
20031202
8797
8798
Cleanup: postfix-files now has support for files that are
8799
no longer part of Postfix. When upgrading Postfix, the
8800
post-install script gives the user a reminder. Files:
8801
conf/postfix-files, conf/post-install.
8802
8803
20031203
8804
8805
Support for SMTPD access map actions (FILTER, REDIRECT,
8806
HOLD or DISCARD) that are delegated to the cleanup server,
8807
but can trigger before the first valid recipient address
8808
is accepted (and thus, before a cleanup server connection
8809
is available). Files: smtpd/{smtpd,smtpd_state,smtpd_check}.c.
8810
8811
20031204
8812
8813
Bugfix: conf/post-install didn't skip non-existent obsolete
8814
files. Victor Duchovni.
8815
8816
Minor cleanups of the xclient error messages; xclient
8817
command lookup tables. File: smtpd/smtpd.c.
8818
8819
20031206
8820
8821
Feature: reject_sender_login_mismatch allows multiple owners
8822
of a sender address. Code by Liviu Daia. Files:
8823
smtpd/smtpd_check.c and documentation.
8824
8825
reject_sender_login_mismatch is now implemented by elementary
8826
features reject_unauthenticated_sender_login_mismatch
8827
(reject if the client is not SASL logged in but the sender
8828
address has an owner in smtpd_sender_login_maps) and
8829
reject_authenticated_sender_login_mismatch (reject if the
8830
client is SASL logged in but does not own the sender
8831
address). Code by Liviu Daia. Files: smtpd/smtpd_check.c
8832
and documentation.
8833
8834
20031207
8835
8836
Bugfix: fallback_transport and mailbox_transport were broken
8837
because the deliver_pass.c module was not updated for the
8838
changed message delivery protocol.
8839
8840
20031211
8841
8842
Safety: in dynamically growing data structures, update the
8843
length info after (instead of before) updating the data
8844
size. Files: util/argv.c, util/inet_addrlist.c, util/intv.c,
8845
util/mvect.c, util/vstring.c, global/recipient_list.c,
8846
*qmgr/qmgr_rcpt_list.c.
8847
8848
20031212
8849
8850
Cleanup: separate extensions XCLIENT (impersonate SMTP
8851
client) and XFORWARD (down-stream logging of up-stream MTA
8852
and/or message information, not necessarily SMTP related).
8853
The protocol is extensible: the server advertises what
8854
attributes XCLIENT or XFORWARD will accept, and it is an
8855
error to send an unsupported attribute. No xtext encoding
8856
is used, since no attribute currently needs it. See also:
8857
XCLIENT_README and XFORWARD_README.
8858
8859
20031214
8860
8861
Feature: XFORWARD support in the LMTP client.
8862
8863
20031215
8864
8865
Safety: updated mail_queue_id_ok() for long fast flush
8866
logfile names. File: global/mail_queue.c.
8867
8868
Robustness: save and restore the resolver _res.options
8869
settings before and after DNS lookup, to avoid surprises
8870
in third-party code. This may eliminate some "localhost
8871
not found" problems. File: dns/dns_lookup.c.
8872
8873
20031216
8874
8875
Cleanup: easier to parse mailq output (no more space
8876
between short queue ID and message status). File:
8877
showq/showq.c.
8878
8879
20031216-21
8880
8881
Cleanup: the SMTP client now moves on to the next MX host
8882
or fallback relay when delivery fails in the middle of an
8883
SMTP session. This includes both broken connections and
8884
4xx SMTP server replies. Files: smtp/smtp.c, smtp_rcpt.c,
8885
smtp/smtp_connect.c, smtp_trouble.c.
8886
8887
Configuration parameters: smtp_mx_address_limit (limit the
8888
list of IP addresses from MX lookup), and smtp_mx_session_limit
8889
(limit the number of actual SMTP sessions per delivery
8890
attempt, ignoring unusable MX IP addresses).
8891
8892
The new code centers around a mark-and-sweep algorithm
8893
(replacing code that twiddled the rcpt->offset structure
8894
member), with paranoid sanity checks to ensure that every
8895
recipient is explicitly accounted for.
8896
8897
20031217
8898
8899
Update: LDAP client logging (Liviu Daia) and LDAP client
8900
documentation (Victor Duchovni). Files: util/dict_ldap.c,
8901
conf/sample-ldap.cf, README_FILES/LDAP_README.
8902
8903
20031222
8904
8905
Cleanup: shaved half the worst-case bits off the cleanup
8906
duplicate address filter footprint. After discussion with
8907
Victor Duchovni. File: cleanup/cleanup_out_recipient.c.
8908
8909
Safety: added "mail loops to myself" logic for destinations
8910
that don't have an MX host. File: smtp/smtp_addr.c.
8911
8912
20031223
8913
8914
Workaround: turn off "mail loops to myself" for non-MX
8915
destinations because it breaks SMTP-based content filters.
8916
Fix is to turn off loop detection when a non-default TCP
8917
port is specified. File: smtp/smtp_addr.c.
8918
8919
Bugfix: restore errno after write failure in SIGCHLD handler.
8920
Leandro Santi (who got the idea from Hernan Perez Masci).
8921
File: master/master_sig.c.
8922
8923
Bugfix: the auto_clnt module disconnected too early, causing
8924
unnecessary work by the anvil server.
8925
8926
Cleanup: eliminated binary hashes from anvil server. Anvil
8927
client information is now stored on top of its VSTREAM.
8928
8929
20031226
8930
8931
Feature: bounce_queue_lifetime parameter (default:
8932
$maximal_queue_life_time) that bounds the time that
8933
MAILER-DAEMON messages spend in the queue before they are
8934
considered undeliverable.
8935
8936
Feature: disable "mail loops back to myself" protection
8937
when SMTP mail is sent to a non-standard port. This makes
8938
setting up content filters less painful.
8939
8940
Cleanup: disallow bare x.x.x.x numeric IP addresses in
8941
email addresses. The form user@[x.x.x.x] is still allowed.
8942
8943
Cleanup: cleaned up the naming of internal symbols in the
8944
SMTP client.
8945
8946
20031231
8947
8948
Bugfix: stricter address syntax test broke "sendmail -bs".
8949
File: smtpd/smtpd.c.
8950
8951
20040101
8952
8953
Cleanup: the Postfix SMTP server rejects a MAIL FROM address
8954
that matches a local, virtual or relay domain, while the
8955
address is not listed in the corresponding local, virtual
8956
or relay recipient table.
8957
8958
Feature: the reject_unlisted_sender(recipient) SMTPD access
8959
restriction rejects an address that matches a local, virtual
8960
or relay domain, while the address is not listed in the
8961
corresponding local, virtual or relay recipient table.
8962
8963
Compatibility: the check_recipient_maps restriction works
8964
like reject_unlisted_recipient, but will eventually be
8965
removed from Postfix.
8966
8967
20040102
8968
8969
Misc documentation cleanup by Loic Minier.
8970
8971
20040104
8972
8973
Workaround: MacOSX dumps core on the 20030913 TZ censoring
8974
code. We explictly set TZ=UTC, which will produce incorrect
8975
results when "mailq" formatting is moved from the showq
8976
daemon to the postqueue command. File: msg_syslog.c.
8977
8978
Feature: after mail is requeued with "postsuper -r", the
8979
pickup server logs the old queue ID together with the new
8980
queue ID. Victor Duchovni. File: pickup/pickup.c.
8981
8982
Feature: smtpd_sasl_application_name parameter (default:
8983
smtpd) to control the name of the SASL configuration file
8984
used by the Postfix SMTP server. Liviu Daia. Files:
8985
mail_params.h, smtpd.c, smtpd_sasl_glue.c.
8986
8987
Cleanup: the LDAP client configuration parser is now shared
8988
between the LDAP, MySQL, and PGSQL clients. Liviu Daia.
8989
Files: global/cfgparser.[hc], global/dict_ldap.c,
8990
global/dict_mysql.c, global/dict_pgsql.c and documentation.
8991
8992
Cleanup: moved "util" modules with dependencies on higher-level
8993
"global" code from the util directory to the global directory:
8994
util/dict_open.c, global/cfgparser.[hc], global/dict_ldap.c,
8995
global/dict_mysql.c, global/dict_pgsql.c, global/mail_dict.c.
8996
8997
Cleanup: the new queue manager nqmgr replaces the default
8998
queue manager qmgr, leaving behind a hard link for backwards
8999
compatibility. The old queue manager remains available as
9000
as oqmgr but will eventually be removed.
9001
9002
Bugfix: vstring_get() etc. now return VSTREAM_EOF when they
9003
terminate prematurely, instead of returning the last
9004
character stored. This avoids mis-leading warnings. File:
9005
global/vstring_vstream.c.
9006
9007
20040105
9008
9009
Cleanup: don't bother the flush daemon while deferring mail
9010
if the destination is not "fast flush" eligible. File:
9011
global/flush_clnt.c.
9012
9013
Safety: the SMTP server flushes recipients to the cleanup
9014
server in order to avoid SMTP timeouts when virtual or
9015
canonical expansions take a lot of time. File smtpd/smtpd.c.
9016
9017
Safety: add warnings to postmap and postalias when table
9018
lookup results in an empty string.
9019
9020
20040110
9021
9022
Example: script to run qmail-local from Postfix by Ron
9023
Bickers.
9024
9025
Change: queue minfree limit is now 1.5 * message size limit.
9026
File: smtpd/smtpd_check.c.
9027
9028
Bugfix: apply hostname restriction even when host address
9029
lookup fails in check_{sender,recipient}_{ns,mx}_access.
9030
File: smtpd/smtpd_check.c.
9031
9032
20040115
9033
9034
Performance: allow delivery concurrency to increase even
9035
while mail is deferred, as long as the delivery agent does
9036
not report really serious trouble with the destination.
9037
Files: *qmgr/qmgr_deliver.c.
9038
9039
Cleanup: in postfix-files, symbolic links and hard links
9040
are now first-class citizens with explicit mention of
9041
source and destination pathnames. Files: postfix-install,
9042
conf/postfix-files, conf/post-install.
9043
9044
20040116
9045
9046
Cleanup: sendmail -v caused one mail delivery report upon
9047
every delivery attempt, not just the first one. The fix is
9048
to "kill" a queue file record after the first delivery
9049
attempt. This means a new record type. Files: *qmgr/qmgr_active.c,
9050
*qmgr/qmgr_message.c, global/rec_type.c.
9051
9052
Cleanup: in anticipation of other built-in rate limiters,
9053
the client_connection_rate_time_unit parameter is renamed
9054
to client_rate_time_unit.
9055
9056
Documentation: finished the HOSTING_README file with an
9057
overview of methods to host domains with Postfix.
9058
9059
20040119
9060
9061
Bugfix: anvil (count and rate limiting) server race condition
9062
could result in dangling pointer. Postfix erases memory
9063
after allocating and before freeing, so it is extremely
9064
unlikely that this could be used to bring harmful data into
9065
the anvil server. File anvil/anvil.c.
9066
9067
20040120
9068
9069
Cleanup: new header_checks(5) and body_checks(5) manual
9070
pages. The sample-regexp* and sample-pcre* files are no
9071
longer needed and have been removed, as are the default
9072
*_table configuration files.
9073
9074
Cleanup: support for the non-standard Errors-To: header
9075
is removed. File: cleanup/cleanup_message.c.
9076
9077
20040121
9078
9079
Feature: "PREPEND headername: headervalue" action in Postfix
9080
access maps, to facilitate external policy servers that
9081
label mail instead of rejecting it. Files: smtpd/smtpd.c,
9082
smtpd/smtpd_check.c.
9083
9084
20040122
9085
9086
UNDO the 20040104 change (vstring_get() etc. return
9087
VSTREAM_EOF when they terminate prematurely, instead of
9088
returning the last character stored, to avoid mis-leading
9089
warnings). File: global/vstring_vstream.c.
9090
9091
Portability: test -e is not portable. File: conf/postfix-script.
9092
9093
Misc. documentation fixes by Victor Duchovni.
9094
9095
Documentation: the README files are now hyperlinked, and
9096
are referenced in the on-line manual pages.
9097
9098
Bugfix: the pickup daemon now strokes the watchdog frequently
9099
to prevent the watchdog from barking when mail arrives
9100
faster than it can be picked up. File: pickup/pickup.c.
9101
9102
20040123
9103
9104
Feature: set smtpd_reject_unlisted_{sender,recipient}=no to
9105
turn off automatic rejection of non-existent local, virtual
9106
or relay addresses. This way it can be made conditional
9107
for local clients, always on for remote clients. Files:
9108
global/mail_params.h, smtpd/smtpd.c, smtpd/smtpd_check.c.
9109
9110
20040124
9111
9112
Feature: PREPEND in header/body_checks, for message tagging.
9113
File: cleanup/cleanup_message.c.
9114
9115
20040126
9116
9117
Safety: handle the case that main.cf is updated while it is
9118
being read. File: util/dict.c.
9119
9120
Feature: "instance" attribute that links policy etc. queries
9121
to the same message instance.
9122
9123
Cleanup: the mynetworks setting may now be empty. File:
9124
global/mail_params.c.
9125
9126
20040127
9127
9128
Bugfix: missing flush_init() call. Introduced 20040105.
9129
File: postqueue/postqueue.c.
9130
9131
20040128
9132
9133
Cleanup: clnt_stream derived classes now try to detect that
9134
the server has disconnected before sending data and warning
9135
about an error. File: global/clnt_stream.c.
9136
9137
20040202
9138
9139
Bugfix: changed mis-leading warning about text>4096 characters
9140
into "unexpected end-of-input". File: util/attr_scan0.c.
9141
9142
20040201
9143
9144
Feature: sasl_method, sasl_username and sasl_sender attributes
9145
in smtpd policy queries. Files: src/smtpd/smtpd_check.c.
9146
9147
20040204
9148
9149
Safety: smtpd_soft_error_limit now determines when
9150
$smtpd_error_sleep_time starts to take effect.
9151
9152
Cleanup: local(8) and virtual(8) will now create maildirs
9153
in a world-writable directory. Files: util/make_dirs.c.
9154
9155
Bugfix: don't panic on a corrupt queue file. File:
9156
*qmgr/qmgr_message.c.
9157
9158
20040205
9159
9160
Cleanup: sample-filter.cf is gone. Better documentation is
9161
available with "man header_checks".
9162
9163
20040209
9164
9165
Bugfix: when delivery to smtpd_proxy_filter fails, report
9166
"451 Queue file write error" instead of repeating the
9167
previous "354 End data with <CR><LF>.<CR><LF>" response.
9168
File: smtpd/smtpd.c.
9169
9170
20040220
9171
9172
Compatibility: accept and ignore the sendmail -bh and -bH
9173
mode of operation requests.
9174
9175
20040302
9176
9177
Bugfix: SMTPD proxy didn't send QUIT as the result of code
9178
duplication. Evidence reported by Mark Martinec. File:
9179
smtpd/smtpd.c.
9180
9181
20040311
9182
9183
Bugfix: bad address syntax was passed to transport map
9184
lookups. Problem reported by Andrei Koulik. File:
9185
util/match_ops.c, trivial-rewrite/resolve.c.
9186
9187
20040324
9188
9189
Portability: ekkoBSD support by Philip Reynolds.
9190
Files: makedefs, util/sys_defs.h.
9191
9192
20040325
9193
9194
Cleanup: smtp_skip_4xx_greeting and smtp_skip_5xx_greeting
9195
functionality is moved from connection management to SMTP
9196
protocol processing, so that Postfix now logs the server
9197
response when a server refuses to provide service. Files:
9198
smtp/smtp_connect.c, smtp/smtp_proto.c.
9199
9200
Cleanup: smtp_skip_4xx_greeting is no longer configurable;
9201
it is now permanently turned on.
9202
9203
20040326
9204
9205
Workaround: in the trivial-rewrite server, turn on the code
9206
to strip trailing "." while rewriting addresses, and change
9207
the address resolver to strip trailing "." in a compatible
9208
manner. This does not eliminate the problem that the SMTP
9209
server may use a different address for recipient validation
9210
than what the cleanup server uses for virtual alias mapping.
9211
9212
20040329
9213
9214
Bugfix: the SMTP server did not log client (and SASL)
9215
information with the real-time content filter was enabled.
9216
Files: smtpd/smtpd.c, smtpd/smtpd_sasl_proto.c.
9217
9218
Compatibility: smtpd_reject_unlisted_sender is turned off
9219
by default, to avoid trouble with with in-house software
9220
that sends out mail software with an unreplyable address.
9221
9222
20040331
9223
9224
Bugfix: postdrop should not abandon mail submission after
9225
receiving a SIGHUP signal when SIGHUP was ignored by the
9226
parent process. Victor Duchovni, Morgan Stanley. File:
9227
postdrop/postdrop.c.
9228
9229
Bugfix: parsing bug in PgSQL dictionaries causing UNIX
9230
sockets to be ignored. Liviu Daia. Files: global/dict*sql.c.
9231
9232
Performance: allow MySQL and PgSQL database connections to
9233
be closed when idle for more than 1 minute; Liviu Daia.
9234
Files: global/dict*sql.c.
9235
9236
20040401
9237
9238
Sanity: the SMTP server no longer accepts sender or recipient
9239
addresses that end in the "@" null domain, as well as
9240
addresses that rewrite into such a form. Specify
9241
"resolve_null_domain=yes" to get the old behavior back.
9242
File: trivial-rewrite/resolve.c.
9243
9244
20040402
9245
9246
Cleanup: added WARN action support for access maps, for
9247
consistency with the WARN action in header and body checks.
9248
File: smtpd/smtpd_check.c.
9249
9250
20040407
9251
9252
Bugfix: missing return statement at the end of the
9253
FREE_MEMORY_AND_RETURN error handling macro. Adi Prasaja.
9254
File: trivial-rewrite/resolve.c.
9255
9256
20040411
9257
9258
Future proofing: client_rate_time_unit is renamed to
9259
anvil_rate_time_unit, so that it is no longer limited to
9260
clients only. File: src/global/mail_params.h.
9261
9262
Cleanup: postalias and postmap now log problems to syslogd.
9263
Files: postalias/postalias.c, postmap/postmap.c.
9264
9265
20040413
9266
9267
Feature: "postfix set-permissions" (re)sets ownership and
9268
access permissions of Postfix files and directories.
9269
9270
Feature: "postfix upgrade-configuration" updates main.cf
9271
and master.cf. This is for people who people copy over
9272
their old files after installing a newer Postfix version.
9273
9274
Feature: HTML files are now optionally installed under
9275
control of the html_directory configuration parameter.
9276
Files: postfix-install, conf/postfix-files, conf/post-install.
9277
9278
Cleanup: README file installation is now optional. Files:
9279
postfix-install, conf/postfix-files, conf/post-install.
9280
9281
20040414
9282
9283
Cleanup: references to sample-mumble.cf files removed,
9284
conf/mumble_table files removed, new commands added to
9285
conf/postfix-script.
9286
9287
Cleanups: function declared in but used as void, missing
9288
include file, missing const qualifier, unused variable.
9289
Matthias Andree. Files: bounce/bounce_notify_util.c,
9290
bounce/bounce_service.h, postlog/postlog.c, smtpd/smtpd_check.c,
9291
util/attr_scan64.c.
9292
9293
Bugfix: more robust version of SIGHUP test of 20040331.
9294
Victor Duchovni, Morgan Stanley. File: postdrop/postdrop.c.
9295
9296
Safety: added NOCLOBBER qualifiers to local variables that
9297
might be clobbered by longjmp(). Files: util/sys_defs.h,
9298
smtp/smtp_proto.c, lmtp/lmtp_proto.c, smtpd/smtpd_check.c,
9299
smtpstone/smtp-source.c.
9300
9301
Bugfix: sub-level Makefiles no longer turned on the extra
9302
compiler warnings. Files: Makefile.in.*, makedefs.*.
9303
9304
20040415
9305
9306
Bugfix: the LMTP client attempted to reuse a connection
9307
after timeout, causing protocol synchronization errors.
9308
Reported by Rob Mueller. File: lmtp/lmtp.c.
9309
9310
20040416
9311
9312
Cleanup: non-delivery reports now include the original
9313
recipient information. File: bounce/bounce_notify_util.c.
9314
9315
20040415-18
9316
9317
Typos: many documentation fixes by Rob Foehl.
9318
9319
20040418
9320
9321
Cleanup: "int" versus "const int" prototype mismatch between
9322
the DICT sequence method prototype and possible implementations.
9323
Files: util/dict_db.c, util/dict_dbm.c.
9324
9325
20040419
9326
9327
Bugfix: the code that rejects client/helo RESTRICTIONS with
9328
smtpd_delay_reject=no looked at the wrong evidence and
9329
rejected client/helo ACCESS MAP lookups instead. Michael
9330
Tokarev. Files: smtpd/smtpd.c, smtpd/smtpd_check.c.
9331
9332
Bugfix: missing # in master.cf in optional submission
9333
service.
9334
9335
20040420
9336
9337
Bugfix: smtpd logged the client too often. Michael Tokarev.
9338
File: smtpd/smtpd.c.
9339
9340
Cleanup: client_event_status_update_time renamed to
9341
anvil_status_update_time. Files: mantools/postlink,
9342
proto/postconf.proto, anvil/anvil.c.
9343
9344
20040421
9345
9346
Workaround: allow pipelined SMTP clients to overshoot the
9347
SMTP server recipient limit without triggering the server
9348
hard error limit. The SMTP server does not count "too many
9349
recipients" towards the hard error limit, as long as the
9350
number of excess recipients stays within a configurable
9351
overshoot limit (default: smtpd_recipient_overshoot_limit
9352
= 1000). Solution in cooperation with Victor Duchovni.
9353
Files: smtpd/smtpd.c, smtpd/smtpd_state.c, smtpd/smtpd.h.
9354
9355
20040503
9356
9357
Bugfix: missing "sasl enabled" guard in the SMTPD policy
9358
client. File: smtpd/smtpd_check.c.
9359
9360
20040614
9361
9362
Bugfix: the SMTP client did not reset per-session EHLO,
9363
SASL, and history information when opening a connection to
9364
an alternate SMTP server. This is the result of abstraction
9365
no longer matching function. Reported and diagnosed by
9366
Victor Duchovni, Morgan Stanley.
9367
9368
Bugfix: non-portable reuse of variadic argument lists.
9369
Fix by Victor Duchovni, Morgan Stanley. Files: global/bounce.c,
9370
global/defer.c, global/sent.c, global/trace.c, global/verify.c.
9371
9372
Portability: NetBSD 2.0 has changed from statfs to statvfs.
9373
John Heasley. File: util/sys_defs.h.
9374
9375
Documentation: typo fixes by IKEDA Nozomu.
9376
9377
20040616
9378
9379
Bugfix: one missed variadic argument list fix. Victor
9380
Duchovni, Morgan Stanley. File: global/verify.c.
9381
9382
Bugfix: the resolver client cache should be context dependent
9383
because address verification probes may use a different
9384
route than normal mail deliveries. File: global/resolve_clnt.c.
9385
9386
Safety: added similar context dependence to the address
9387
rewriting client in order to avoid trouble when Postfix is
9388
changed. File: global/rewrite_clnt.c.
9389
9390
Bugfix: space in HELO commands could end up in XFORWARD
9391
commands. File: smtpd/smtpd.c.
9392
9393
20040619
9394
9395
Bugfix: more missing resets in the SMTP client when it
9396
switches to an alternate SMTP server. In this case the
9397
error_mask that controls whether an SMTP session transcript
9398
is mailed to the postmaster, and the size_limit that controls
9399
how large a message Postfix will send. Found during code
9400
maintenance. File: smtp/smtp_connect.c.
9401
9402
20040622
9403
9404
Safety: when mail is delivered to a transport with per-delivery
9405
recipient limit of 1, split the recipient address on the
9406
recipient delimiter if one is defined, so that extended
9407
addresses don't get extra delivery concurrency slots.
9408
Files: *qmgr/qmgr_message.c.
9409
9410
20040714
9411
9412
Bugfix: the code to eliminate the local MTA from the MX
9413
address list did not handle the case that inet_interfaces
9414
produced a less preferred match than proxy_interfaces.
9415
Victor Duchovni, Morgan Stanley. File: smtp/smtp_addr.c.
9416
9417
20040723
9418
9419
Safety: spawn(8) now rejects a user with the -1 UID or GID
9420
value, so that commands will not end up running as root.
9421
Files: util/spawn_command.c, spawn/spawn.c.
9422
9423
Bugfix: "421 Timeout exceeded" wasn't guarded by setjmp().
9424
Victor Duchovni, Morgan Stanley. File: smtpd/smtpd.c.
9425
9426
20040801
9427
9428
Portability: h_errno is not an lvalue in the UnixWare 7.1
9429
multi-threaded environment. Olivier PRENANT.
9430
9431
20040812
9432
9433
Bugfix: update SMTP server error counter when a client is
9434
denied access with smtpd_delay_reject=no.
9435
9436
20040817
9437
9438
Bugfix: The smtp_chat_cmd() output flushing code in the
9439
SMTP client could run before an I/O error handler was set
9440
up. Problem diagnosed by Victor Duchovni, Morgan Stanley.
9441
The fix is to disable the smtp_chat_cmd() output flushing
9442
code as it duplicates better code in smtp_loop(). File:
9443
smtp/smtp_chat.c.
9444
9445
20030823
9446
9447
Bugfix: vstream_popen() did not close the child pipe after
9448
failure to fork(). File: util/vstream_popen.c.
9449
9450
20040913
9451
9452
Bugfix (introduced 20020803): sent the wrong bounce message
9453
type when a Delivered-To: loop was detected for a mailing
9454
list alias. Nicolas Riendeau. File: bounce_notify_util.c.
Loggerhead is a web-based interface for Breezy
Version: 2.0.1