1
In addition to the names listed below, the following people provided
2
useful inputs on many occasions: Paul D. Robertson, Simon J. Mudd.
3
Apologies for any names omitted.
7
The compiled-in default value for resolve_smtp_sender was
8
wrong (from the days that it was a boolean), causing smtpd
9
to dump core when the variable was not set in main.cf.
11
The INSTALL instructions now have separate sections for
12
the three basic ways of running vmailer.
14
The INSTALL instructions now have discusses how to deal
15
with chrooted processes.
17
Ported to RedHat 5.0. My, these people have re-organized
18
their include files quite a bit, haven't they.
22
On RedHat Linux 4.2/5.0, when a FIFO listener opens the
23
FIFO with mode O_RDONLY, the FIFO remains forever readable
24
after the writer has closed it. Workaround: open the FIFO
27
Test program: util/fifo_rdonly_bug.c
29
Unfortunately, the above fix triggers a bug on BSD/OS 3.1
30
where opening the FIFO mode O_RDWR causes select() to claim
31
that the FIFO is readable even before any data is written
32
to it, causing read() to block or to fail.
34
Test program: util/fifo_rdwr_bug.c
36
printfck (check arguments of printf-like function calls)
37
found a missing argument in local/command.c
39
Miscellaneous Makefile cleanups that I didn't finish before
40
the first alpha release.
44
Sometimes the DNS will claim that a domain does not exist,
45
when in fact it does. Thus, it is a bad idea to reject mail
46
from apparently non-existent domains. I have changed the
47
smtpd so that it produces a soft error responses when a
48
resolve_smtp_sender test fails with HOST_NOT_FOUND. Note:
49
by default, this test is still disabled.
51
The DB and DBM read routines will now automagically figure
52
out if (key, value) pairs were written including a terminating
53
null byte or not. The DB and DBM write routines will use
54
this result to determine how to write, and will fall back
55
to per-system defaults otherwise.
57
Renamed the README to MUSINGS, and wrote up a README that
58
reflects the current status of the software.
60
Added -d (don't disconnect) and -c (show running counter)
61
option to te smtp-source test program. These tools are
62
great torture tests for the mail software, and for the
63
system that it runs on.
65
Turned down the process_limit parameter (# of parallel smtp
66
clients or servers) to avoid unpleasant surprises. You can
67
crank up the process_limit parameter in main.cf.
71
Feature: when run by the superuser, mailq now shows the
72
mail queue even when the mail system is down. To this end,
73
mailq (sendmail -bp) runs the showq program directly instead
74
of connecting to the UNIX-domain service socket, and drops
75
privileges etc. as usual.
79
Bugfix: Edwin Kremer spotted an oversight in the negated
80
host matching code (for name or address patterns prefixed
83
Bugfix: upon receipt of a SIGHUP signal, the master now
84
disconnects from its child processes, so that the current
85
generation of child processes commits suicide, and so that
86
the next generation of child processes will use the new
87
configuration settings.
89
Bugfix: the smtp server now skips the sender DNS domain
90
lookup test for foo@[address]
92
Bugfix: don't append the local domain to foo@[address]
96
Bugfix: old low-priority bug in some list walk code that
97
caused the master to drop core when a service was turned
100
Robustness: the mail system should be able to start up and
101
to accept local postings even while the naming service is
102
down. For this reason, the mail system no longer uses
103
gethostbyname() to look up its own machine name. Sites
104
that use short hostnames will have to specify their FQDN
105
in main.cf (this will eventually be done by the system
106
installation/configuration procedure). Should the config
107
language support backticks so one can say `domainname`?
108
What about $name stuff between the backtics?
110
Security: the master now creates FIFOs and UNIX-domain
111
sockets as the mail owner instead of as root, for better
112
protection against subverted mail systems. chmod() is
113
susceptible to race conditions. fchmod(), although safer,
114
often does not work on sockets.
116
Portability: anticipate that all major UNIXes will create
117
UNIX-domain sockets with permissions modified by the process
118
umask (required by POSIX). For this reason, we always
119
chmod() UNIX-domain sockets, unless the system allows us
120
to use the safer fchmod() instead.
122
Portability: the semi-resident servers now properly handle
123
EWOULDBLOCK returns from accept() in addition to EGAIN
124
(on some systems, EAGAIN and EWOULDBLOCK have different
127
Bugfix: the semi-resident servers now properly handle EINTR
128
returns From accept().
130
Bugfix: Edwin Kremer found that mynetworks() would compute
131
(32 - mask) instead of mask.
135
Feature: /etc/vmailer/relocated is used by the local delivery
136
program and specifies what mail should be bounced with a
137
"user has moved to XXX" message. The main.cf configuration
138
parameter is "relocated_maps". Just like the "virtual_maps"
139
config parameter, this feature is off by default, and the
140
parameter can have values such as "files" or "files, nis"
141
(on hosts equipped with NIS).
145
Cleanup: virtual domain support moved from the queue manager
146
to the resolve service, where it belongs.
148
Feature: /etc/vmailer/canonical is used by the rewrite
149
service for all addresses, and maps a canonical address
150
(user@domain) to another address. Typical use is to generate
151
Firstname.Lastname@domain addresses, or to clean up dirty
152
addresses from non-RFC 822 mail systems. The main.cf
153
configuration parameter is "canonical_maps". Just like
154
the "virtual_maps" config parameter, this feature is off
155
by default, and the parameter can have values such as
156
"files" or "files, nis" (on hosts equipped with NIS).
160
HPUX10 port and many little fixes from Pieter Schoenmakers.
162
Bugfix: isolated an old mysterious bug that could make the
163
master deaf for new connections while no child process was
164
running. A typical result was that no pickup daemon would
165
be started after the previous one had terminated voluntarily.
167
Bugfix: the NIS lookup code did not mystrdup() the NIS map
168
name and would access free()d memory.
172
Bugfix: the vstream routines would sometimes ignore flushing
173
errors. The error would still be reported by vstream_fclose()
174
and vstream_ferror().
176
Feature: time limit on delivery to shell commands. Config
177
parameter: command_time_limit. Default value: 100 sec. The
178
idea is to prevent one bad .forward file or alias file
179
entry from slowly using up all local delivery process slots.
183
Code cleanup: in preparation for SMTP extensions such as
184
SIZE, allow an extended SMTP command to have a variable
189
Bugfix: moved canonical map lookups away from the rewriting
190
module to the cleanup service, so that canonical map lookups
191
do not interfere with address rewriting on behalf of other
192
programs. Back to an older trivial-rewrite program version.
194
Bugfix: moved virtual map lookups away from the resolver
195
back to the queue manager, so that virtual domain lookup
196
does not interfere with address resolution on behalf of
197
other programs. Back to an older qmgr program version.
201
Feature: integrated and adapted Guido van Rooij's SIZE
202
option (RFC 1870), carefully avoiding potential problems
203
due to overflow (by multiplying large numbers) or unsigned
204
underflow (by subtracting numbers).
206
Code cleanup: cleaned up the code that parses the server
207
response to the HELO/EHLO command, so that we can more
208
reliably recognize what options a server supports.
212
Portability: integrated the IRIX 6 port by Oved Ben-Aroya.
214
Portability: the software now figures out by itself if a
215
server should open its FIFO read-write or read-only, to
216
avoid getting stuck with a FIFO that stays readable forever.
218
Bugfix: the cleanup service would terminate with a fatal
219
vstream_fseek() error when the queue file was too large.
221
Bugfix: the cleanup service could be killed by a signal
222
when the queue file became too large.
226
Portability: some systems have statfs(), some have statvfs(),
227
and the relevant include files are in a different place on
230
Portability: the makedefs script now nukes the -O compiler
231
flag when building on AIX with IBM's own compiler...
235
Portability: HP-UX 9.x support by Pieter Schoenmakers.
237
Portability: added SYSV-style ulimit() file size limit
238
support for HP-UX 9.x.
240
Portability: added some #includes that appeared to be
241
missing according to the Digital UNIX cc compiler.
243
Bugfix: sys_defs.h now correctly specifies NIS support for
244
LINUX2, HPUX9 and HPUX10.
246
Security: fixed a file descriptor leak in the local delivery
247
agent that could give shell commands access to the VMailer
248
IPC streams. This should not cause a vulnerability, given
249
the design and implementation of the mailer, but it would
250
be like asking for trouble.
252
Bugfix: the sendmail -B (body type) option did not take a
257
Bugfix (SUNOS5): should not have deleted the SVID_GETTOD
258
definition from util/sys_defs.h.
260
Bugfix (HPUX9): forgot to specify whether to use statfs()
263
Bugfix (HPUX9): don't try to raise the file size ulimit.
265
Bugfix (HPUX9): must specify file size limit in 512-blocks.
269
Robustness: the master process now raises the file size
270
limit when it is started with a limit that is less than
271
VMailer's file size limit. File: util/file_limit.c.
273
Security: the dns lookup routines now screen all result
274
names with valid_hostname(). Bad names are treated as
277
Feature: qmail compatibility: when the home_mailbox parameter
278
is set, mail is delivered to ~/$home_mailbox instead of to
279
/var[/spool]/mail/username. This hopefully makes it easier
280
to lure people away from qmail :-)
282
Robustness: several testers by accident configured relayhost
283
the same as myhostname. The programs now explicitly check
286
Bugfix: deliver_request_read() would free unallocated memory
287
when it received an incomplete delivery request from the
290
Robustness: local_destination_concurrency=1 prevents parallel
291
delivery to the same user (with possibly disastrous effects
292
when that user has an expensive pipeline in the .forward
293
or procmail config file). Each transport can have its own
294
XXX_destination_concurrency parameter, to limit the number
295
of simultaneous deliveries to the same destination.
299
Robustness: added "slow open" mode, to gradually increase
300
the number of simultaneous connections to the same site as
301
long as delivery succeeds, and to gradually decrease the
302
number of connections while delivery fails. Brad Knowles
303
provided the inspiration to do this.
305
This also solves the "thundering herd" problem (making a
306
bunch of connections to a dead host when it was time to
307
retry that host). Let's see when other mailers fix this.
309
Feature: Added $smtpd_banner and $mail_version, for those
310
who want to show the world what software version they are
313
Bugfix: vmailer-script now properly labels each syslog
318
Portability: merged in NEXTSTEP 3 port from Pieter Schoenmakers
320
Bugfix: the local delivery program now checks that a
321
destination is a regular file before locking it.
325
Robustness: the local delivery agent sets HOME, LOGNAME,
326
and SHELL when delivering to a user shell command. PATH is
327
always set, and TZ is passed through if it is set.
331
Feature: mailq (sendmail -bp) now also lists the maildrop
332
queue (with mail that hasn't been picked up yet).
336
Feature: the smtpd now says: 502 HELP not implemented. This
337
should impress the heck out of the competition :-)
341
Feature: local delivery to configurable system-wide command
342
(e.g. procmail) avoids the need for per-user ~/.forward
343
shell commands. Config parameter: mailbox_command.
347
Performance: avoid running a shell when a command contains
348
no shell magic characters or built-in shell commands. This
349
speeds up delivery to all commands. File: util/exec_command.c.
351
Bugfix: the local delivery agent, after reading EOF from
352
a child process, now sends SIGKILL only when the child does
353
not terminate within a limited amount of time. This avoids
354
some problems with procmail. File: util/timed_wait.c.
358
Portability: folded in NetInfo support from Pieter
363
Feature: new vmlock command to run a command while keeping
364
an exclusive lock on a mailbox.
366
Feature: with "recipient_delimiter = +", mail for local
367
address "user+foo" is delivered to "foo", with a "Delivered-To:
368
user+foo@domain" message header. Files: qmgr/qmgr_message.c,
369
local/recipient.c. This must be the cheapest feature.
373
Code cleanup: moved error handling into functions that
374
should always succeed (non_blocking(), close_on_exec()).
378
Bugfix: null pointer bug in the cleanup program after
379
processing a From: header with no mail address (or with
384
Robustness: now detects when getpwnam() returns a name that
385
differs from the requested name.
387
Feature: Added %p support to the vbuf_print formatting
390
Code cleanup: revamped the alias/include/.forward loop
391
detection and duplicate suppression code in the local
392
delivery agent. This must be the fourth iteration, and
393
again the code has been simplified.
397
Robustness: don't treat anything starting with whitespace
398
as a header record. Instead, explicitly test for leading
399
whitespace where we permit it. Files: global/is_header.c,
400
bounce/bounce_flush_service.c, local/delivered.c.
404
Compatibility: the sendmail program now accepts the -N
405
command-line option (delivery status notification) but
406
ignores it entirely, just like many other sendmail options.
408
Bugfix: dns_lookup.c was too conservative with buffer sizes
409
and would incorrectly report "malformed name server reply".
413
Bugfix: the local delivery agent was not null-byte clean.
417
Feature: integrated Pieter Schoenmaker's code for transport
418
lookup tables that list (transport, nexthop) by destination.
422
Bugfix: delivery agents no longer rename corrupt queue
423
files, because programs might fall over each other doing
424
so. Instead, when a delivery agent detects queue file
425
corruption, it chmods the queue file, simulates a soft
426
error, and lets the queue manager take care of the problem.
428
Bugfix: the SMTP server implemented VRFY incorrectly.
430
Feature: first shot at a pipe mailer, which can be used to
431
extend VMailer with external mail transports such as UUCP
432
(provided that the remote site understands domain addressing,
433
because VMailer version 1 does not rewrite addresses).
435
Cleanup: extended the master/child interface so that the
436
service name (from master.cf) is passed on to the child.
437
The pipe mailer needs the service name so it can look up
438
service-specific configuration parameters (privilege level,
439
recipient limit, time limit, and so on).
443
Cleanup: factored out the pipe_command() code, so it can
444
be shared between pipe mailer and local delivery agent.
448
Compatibility: the sendmail program now parses each
449
command-line recipient as if it were an RFC 822 message
450
header; some MUAs specify comma-separated recipients in a
451
command-line argument; and some MUAs even specify "word
452
word <address>" forms as command-line arguments.
456
Bugfix: VMailer's queue processing randomization wasn't
457
adequate for unloaded systems with small backlogs.
459
Bugfix: smtpd now uses double-buffered stream I/O to prevent
460
loss of input sent ahead of responses.
464
Bugfix: the smtpd anti-relay code didn't treat all hosts
465
listed in $mydestinations as local, so it would accept mail
466
only for hosts listed in $relay_domains (default: my own
469
Bugfix: smtpd now replies with 502 when given an unknown
474
Cleanup: resolve/rewrite clients now automatically disconnect
475
after a configurable amount of idle time (ipc_idle).
479
Tolerance: VRFY now permits user@domain, even though the
480
RFC requires that special characters such as @ be escaped.
484
Bugfix: a recipient delimiter of "-" could interfere with
485
special addresses such as owner-xxx or double-bounce.
487
Tolerance: the SMTP client now permits blank lines in SMTP
490
Tolerance: the SMTP client now falls back to SMTP when it
491
apparently mistook an SMTP server as ESMTP capable.
493
Bugfix: eliminated strtok() calls in favor of mystrtok().
494
Symptom: master.cf parsing would break if $inet_interfaces
495
was more than one word.
499
Bugfix: user->addr patterns in canonical and virtual tables
500
matched only $myorigin, not hosts listed in $mydestination
501
or addresses listed in $inet_interfaces. The man pages
502
were wrong too. File: global/addr_match.c.
506
Robustness: FIFO file permissions now default to 0622. On
507
some systems, opening a FIFO read-only could deafen the
508
pickup daemon. Only the listener end (which is opened as
509
root) needs read access anyway, so there should not be a
510
loss of functionality by making FIFOs non-readable for
515
Compatibility: sendmail -I and -c options added.
519
Feature: virtual lookups are now recursive. File:
524
Implemented sendmail -bs (stand-alone) mode. This mode runs
525
as the user and therefore deposits into the maildrop queue.
529
The pickup service now removes malformed maildrop files.
533
The pickup service now guards against maildrop files with
534
time stamps dated into the future.
538
Bugfix: in the canonical and virtual maps, foo->address
539
would match foo@$myorigin only. This has been fixed to also
540
match hosts listed in main.cf:$mydestination and the
541
addresses listed in main.cf:$inet_interfaces.
543
Bugfix: added double buffering support to the VMailer SMTP
544
server. This makes the SMTP server robust against SMTP
545
clients that talk ahead of time, and should have been in
550
Bugfix: the VMailer SMTP client now recognizes its own
551
hostname in the SMTP greeting banner only when that name
552
appears as the first word on the first line.
556
Feature: smtpd now logs the local queue ID along with the
557
client name/address, and pickup now logs the local queue
558
ID along with the message owner.
560
Bugfix: still didn't do virtual/canonical lookups right
561
(code used the non-case-folded key instead of the case
566
Bugfix: the SMTP server did not flush the "250 OK queued
567
as XXXX" message from the SMTP conversation history.
571
Bugfix: qmgr would not notice that a malformed message has
572
multiple senders, and would leak memory (Tom Ptacek).
576
Portability: in the mantools scripts, the expr pattern no
577
longer has ^ at the beginning, and the scripts now use the
578
expand program instead of my own detab utility.
582
NetBSD 1.x patch by Soren S. Jorvang.
586
Feature: the SMTP server now logs the protocol (SMTP or
587
ESMTP) as part of the Received: header.
589
Feature: smtpd now logs the last command when a session is
590
aborted due to timeout, unexpected EOF, or too many client
595
Bugfix: the queue manager did not update the counter for
596
in-core message structures, so the in-core message limit
597
had no effect. This can be bad when you have a large backlog
598
with many messages eligible for delivery.
600
Robustness: the queue manager now also limits the total
601
number of in-core recipient structures, so that it won't
602
use excessive amounts of memory on sites that have large
607
Bugfix: the SMTP client did not notice that the DNS client
608
received a truncated response. As a result, a backup MX
609
host could incorrectly claim that it was the best MX host
610
and declare a mailer loop.
612
Added start_msg/stop_msg entries to the vmailer startup
613
script, for easy installation.
615
Cleanup: VMailer databases are now explicitly specified as
616
type:name, for example, hash:/etc/aliases or nis:mail.aliases,
617
instead of implicitly as "files", "nis" and so on. Test
618
program: util/dict_open. This change allowed me to
619
eliminate a lot of redundant code from mkmap_xxx.c, and
620
from everything that does map lookups.
624
Bugfix: local/dotforward.c compared the result of opening
625
a user's ~/.forward against the wrong error value.
629
Bugfix: the smtpd VRFY command could look at free()d memory.
631
Robustness: the smtpd program had a fixed limit on the
632
number of token structures. The code now dynamically
633
allocates token structures.
635
Bugfix: the queue manager still used the deprecated parameter
636
name xxx_deliver_concurrency for concurrency control, but
637
the documentation talks about the preferred parameter name
638
xxx_destination_concurrency. Fix: try xxx_destination_concurrency
639
first, then fall back to xxx_deliver_concurrency.
643
Cleanup: the string read routines now report the last
644
character read or VSTREAM_EOF. This change is necessary
645
for the implementation of the long SMTP line bugfix.
647
Bugfix: the smtp server exited the DATA command prematurely
648
when the client sent long lines. Reason: the smtp server
649
did not remember that it broke long lines, so that '.'
650
could appear to be the first character on a line when in
653
Bugfix: the queue manager made lots of stupid errors while
654
reading $qmgr_message_recipient_limit chunks of recipients
655
from a queue file. This code has been restructured.
659
Performance: the cleanup program now always adds return-receipt
660
and errors-to records to a queue file, so that the queue
661
manager does not have to plow through huge lists of
664
Robustness: the initial destination concurrency now defaults
665
to 2, so that one bad message or one bad connection does
666
not stop all mail to a site. The configuration parameter
667
is called initial_destination_concurrency.
669
Performance: the per-message recipient limit is now enforced
670
by the queue manager instead of by the transport. Thus, a
671
large list of recipients for the same site is now mapped
672
onto several delivery requests which can be handled in
673
parallel, instead of being mapped onto one delivery request
674
that is sent to limited numbers of recipients, one group
679
Cleanup: the queue manager now does an additional recipient
680
sort after the recipients have been resolved, so that the
681
code can do better aggregation of recipients by next hop
684
Feature: lines in the master.cf file can now be continued
685
in the same manner as lines in the main.cf file, i.e. by
686
starting the next line with whitespace.
688
Feature: the smtp client now warns that a message may be
689
delivered multiple times when the response to "." is not
690
received (the problem described in RFC 1047).
692
Cleanup: when the queue manager changes its little mind
693
after contacting a delivery agent (for example, it decides
694
to skip the host because a transport or host goes bad),
695
the delivery agent no longer complains about premature EOF.
696
File: global/deliver_request.c
700
Bugfix: when breaking long lines, the SMTP client did not
701
escape leading dots in secondary etc. line fragments. Fix:
702
don't break lines. This change makes VMailer line-length
703
transparent. Files: global/smtp_stream.c, smtp/smtp_proto.c.
707
Cleanup: the queue manager to deliver agent protocol now
708
distinguishes between domain-specific soft errors and
709
recipient-specific soft errors. Result: many soft errors
710
with SMTP delivery no longer affect other mail the same
715
Feature: the file modification time stamp of deferred queue
716
files is set to the nearest wakeup time of their recipient
717
hosts, or if delivery was deferred due to a non-host problem,
718
the time stamp is set into the future by the configurable
719
minimal backoff time.
721
Bugfix: the SMTP client and the MAILQ command would report
722
as message size the total queue file size. That would
723
grossly overestimate the size of a message with many
726
Bugfix: the 19980709 fix screwed up locally-posted mail
727
that didn't end in newline.
731
Robustness: the makedefs script now defaults to no optimization
732
when compiling for purify.
736
Robustness: the makedefs script now defaults to no optimization
737
when compiling with gcc 2.8, until this compiler is known
740
Workaround: when sending multiple messages over the same
741
SMTP connection, some SMTP servers need an RSET command
742
before the second etc. MAIL FROM command. The VMailer SMTP
743
client now sends a redundant RSET command just in case.
745
The queue manager now logs explicitly when delivery is
746
deferred because of a "dead" message transport.
750
Feature: mailq and mail bounces now finally report why mail
751
was deferred (the reason was logged to the syslog file
752
only). Changes were made to the bounce service (generalized
753
to be usable for defer logs), showq service (to show reasons)
754
and the queue manager.
756
As a result the defer directory (with one log per deferred
757
message) may contain many files; also, this directory is
758
accessed each time a message is let into the active queue,
759
in order to delete its old defer log. This means that hashed
760
directories are now a must.
764
Feature: configurable timeout for establishing smtp
765
connections. Parameter: smtp_connect_timeout (default 0,
766
which means use the timeout as wired into the kernel).
767
Inspired by code from Lamont Jones. For a clean but far
768
from trivial implementation, see util/timed_connect.c
770
Cleaned up the interfaces that implement read/write deadlines.
771
Instead of returning -2, the routines now set errno to
772
ETIMEDOUT; the readable/writable tests are now separate.
776
Feature: the default indexed file type (hash, btree, dbm)
777
is now configurable with the "database_type" parameter.
778
The default value for this parameter is system specific.
780
Feature: selectively turn on verbose logging for hosts that
781
match the patterns specified via the "debug_peer_list"
782
config parameter. Syntax is like the "bad_smtp_clients"
783
parameter (see global/peer_list.c). The verbose logging
784
level is specified with "debug_peer_level" (default 2).
786
Security: the local delivery agent no longer delivers to
787
files that have execute permission enabled.
791
Workarounds for Solaris 2.x UNIX-domain sockets: they lose
792
data when you close them immediately after writing to them.
793
This could screw up the delivery agent to queue manager
798
Cleanup: spent most of the day cleaning up queue manager
799
code that defers mail when a site or transport dies, and
800
fixed a few obscure problems in the process.
804
Feature: the admin can now configure what classes of problems
805
result in mail to the postmaster. Configuration parameter:
806
"notify_classes". Default is backwards compatible: bounce,
807
policy, protocol, resource, and software.
811
Feature: the admin can now configure what smtp server access
812
control restrictions must be applied, and in what order.
813
Configuration parameters: smtpd_client_restrictions,
814
smtpd_helo_restrictions, smtpd_mail_restrictions and
815
smtpd_rcpt_restrictions. Defaults are intended to be
816
backwards compatible. The bad_senders and bad_clients lists
817
are gone and have become db (dbm, nis, etc) maps. Files:
818
smtpd/smtpd_check.c, config/main.cf.
822
Feature: hashed queues. Rewrote parts of the mail queue
823
API. Configuration parameters: "hash_queue_names" specifies
824
what queue directories will be hashed (default: the defer
825
log directory), "hash_queue_depth" specifies the number of
826
subdirectories used for hashing (default 2).
830
Bugfix: the pipe mailer should expand command-line arguments
831
with $recipient once for every recipient (producing one
832
command-line argument per recipient), instead of replacing
833
$recipient by of all recipients (i.e. producing only one
834
command-line argument). This is required for compatibility
835
with programs that expect to be run from sendmail, such as
836
uux. Thanks to Ollivier Robert for helping me to get this
839
Code cleanup: for the above, cleaned up the macro expansion
840
code in dict.c and factored out the parsing into a separate
845
"|command" and /file/name destinations in alias databases
846
are now executed with the privileges of the database owner
847
(unless root or vmailer). Thus, with: "alias_maps =
848
hash:/etc/aliases, hash:/home/majordomo/aliases", and with
849
/home/majordomo/aliases* owned by the majordomo account,
850
you no longer need the majordomo set-uid wrapper program,
851
and you no longer need root privileges in order to install
856
Added support for the real-time blackhole list. Example:
857
"client_restrictions = permit_mynetworks, reject_maps_rbl"
859
All SMTP server "reject" status codes are now configurable:
860
unknown_client_reject_code, mynetworks_reject_code,
861
invalid_hostname_reject_code, unknown_hostname_reject_code,
862
unknown_address_reject_code, relay_domains_reject_code,
863
access_map_reject_code, maps_rbl_reject_code. Default values
864
are documented in the smtpd/smtpd_check.c man page.
868
Code cleanup: after eye balling line-by line diffs, started
869
deleting code that duplicated functionality because it was
870
at the wrong abstraction level (smtp_trouble.c), moved
871
functionality that was in the wrong place (dictionary
872
reference counts in maps.c instead of dict.c), simplified
873
code that was too complex (password-file structure cache)
874
and fixed some code that was just wrong.
878
Robustness: the number of queue manager in-core structures
879
for dead hosts is limited; the limit scales with the limit
880
on the number of in-core recipient structures. The idea is
881
to not run out of memory under conditions of stress.
885
Feature: mail to files and commands can now be restricted
886
by class: alias, forward file or include file. The default
887
restrictions are: "allow_mail_to_files = alias, forward"
888
and allow_mail_to_commands = alias, forward". The idea is
889
to protect against buggy mailing list managers that allow
890
intruders to subscribe /file/name or "|command".
894
Cleanup: deleted a couple hundred lines of code from the
895
local delivery agent. It will never be a great program;
896
sendmail compatibility is asking a severe toll.
900
Cleanup: made the program shut up about some benign error
901
conditions that were reported by Daniel Eisenbud.
905
Documentation: made a start of HTML docs that describe all
906
configuration parameters.
908
Feature: while documenting things, added smtpd_helo_required.
912
Bugfix: at startup the queue manager now updates the time
913
stamps of active queue files some time into the future.
914
This eliminates duplicate deliveries after "vmailer reload".
916
Bugfix: the local delivery agent now applies the recipient
917
delimiter after looking in the alias database, instead of
920
Documentation bugfixes by Matt Shibla, Tom Limoncelli,
925
GLIBC fixes from Myrdraal.
927
Bugfix: applied showq buffer reallocation workaround in
930
Bugfix: can't use shorts in varargs lists. SunOS 4 has
931
short uid_t and gid_t. pipe_command() would complain.
933
Bugfix: can't use signed char in ctype macros. All ctype
934
arguments are now casted to unsigned char. Thanks, Casper
939
Bugfix: save the alias lookup result before looking up the
940
owner. The previous alpha release did this right.
942
Cleanup: mail_trigger() no longer complains when the trigger
943
FIFO or socket is unavailable. This change is necessary to
944
shut up the sendmail mail posting program, so that it can
945
be used on mail clients that mount their maildrop via NFS.
947
Experiment: pickup and pipe now run as vmailer most of the
948
time, and switch to user privileges only temporarily.
949
Files: util/set_eugid.c global/pipe_command.c pipe/pipe.c
950
pickup/pickup.c. Is this more secure/ What about someone
951
manipulating such a process while not root? It still has
956
Portability: with GNU make, commands such as "(false;true)"
957
and "while :; do false; done" don't fail. Workaround: use
958
"set -e" all over the place. Problem found by Jeff Wolfe.
960
Feature: "check_XXX_access maptype:mapname" (XXX = client,
961
helo, sender, recipient). Now you can make recipient and
962
other SPAM restrictions dependent on client or sender access
963
tables lookup results.
967
Bugfix: smtpd access table lookup keys were case sensitive.
969
Added "permit" and "reject" operators. These are useful at
970
the end of SPAM restriction lists (smtpd_XXX_restrictions).
972
Added a first implementation of the permit_mx_backup SPAM
973
restriction. This permits mail relaying to any domain that
974
lists this mail system as an MX host (including mail for
975
the local machine). Thanks to Ollivier Robert for useful
980
Bugfix: transport table lookup keys were case sensitive.
984
Portability: sa_len is some ugly #define on some SGI systems,
985
so we must rename identifiers (file util/connect.c).
987
Bugfix: uucp delivery errors are now sent to the sender.
990
Bugfix: the pipe delivery agent now replaces empty sender
991
by the mailer daemon address. Mark Delany, again.
993
Portability: GNU getopt looks at all command-line arguments.
994
Fix: insert -- into the pipe/uucp definition in master.cf.
996
Bugfix: the smtp server command tokenizer silently discarded
997
the [] around [text], so that HELO [x.x.x.x] was read as
998
if the client had sent: HELO x.x.x.x. Thanks, Peter Bivesand.
1000
Bugfix: the HELO unknown hostname/bad hostname restrictions
1001
would have treated [text] as a domain name anyway.
1003
Bugfix: the $local_duplicate_filter_limit value was not
1004
picked up by the local delivery agent. This means the local
1005
delivery agent could run out of memory on large mailing
1010
Performance: mkmap/mkalias now run with the same speed as
1011
sendmail. VMailer now uses a 4096-entry cache with 1 Mbyte
1012
of memory for DB lookups. File: util/dict_db.c.
1016
Robustness: the reject_unknown_hostname restriction for
1017
HELO/EHLO hostnames will now permit names that have an MX
1018
record instead of an A record.
1022
Feature: appending @$myorigin to an unqualified address is
1023
configurable with the boolean append_at_myorigin parameter
1026
Feature: appending .$mydomain to user@host is configurable
1027
with the boolean append_dot_mydomain parameter (default:
1030
Feature: site!user is rewritten to user@site, under control
1031
of the boolean parameter swap_bangpath (default: yes).
1033
Feature: permit a naked IP address in HELO commands (i.e.
1034
an address without the enclosing [] as required by the
1035
RFC), by specifying "permit_naked_ip_address" as one of
1036
the restrictions in the "smtpd_helo_restrictions" config
1041
Code cleanup: when an SMTP client aborts a session after
1042
sending MAIL FROM, the cleanup service no longer warns that
1043
it is "skipping further client input". Files: cleanup/*.c.
1044
Thanks, Daniel Eisenbud, for prodding.
1046
Code cleanup: when an SMTP server disconnects in the middle
1047
of a session, don't try to send QUIT over the non-existing
1048
connection. Files: global/smtp_stream.c, smtp/smtp.c.
1049
Thanks, Daniel Eisenbud, for prodding, again.
1051
Code cleanup: the VMailer version number has moved from
1052
mail_params.h (which is included by lots of modules) to a
1053
separate file global/mail_version.h, so that a version
1054
change no longer results in massive recompilation.
1056
Bugfix: Errors-To was flagged as a sender address, so the
1057
address never was picked up.
1059
Code cleanup: support for Errors-To: headers completed.
1063
Feature: per-message exponential delivery backoff, by
1064
looking at the amount of time a message has been queued.
1065
Thanks, Mark Delany.
1069
Code cleanup: ripped out the per-host exponential backoff
1070
code. It was broken by 19980818. It was probably a bad idea
1071
anyway, because it required per-host, in-core, state kept
1072
by the queue manager. All we do now is to keep state for
1073
$minimal_backoff_time seconds, but only for a limited number
1074
of hosts. Daniel Eisenbud spotted the problem.
1076
Lost feature: the SMTP session transcripts now show who
1077
said what. This feature was inadvertently dropped during
1078
development. Thanks, Daniel Eisenbud, for reminding.
1080
Documentation: the hard-coded rewriting process of the
1081
trivial-rewrite program is described in html/rewrite.html.
1083
Feature: the local delivery agent now does alias lookups
1084
before and after chopping off the recipient subaddress.
1085
This allows you to forward user-anything to another user,
1086
without losing the ability to redirect specific user-foo
1091
Feature: the smtp client now logs a warning that a server
1092
sends a greeting banner with the client's hostname, which
1093
could imply a mailer loop.
1097
Feature: separate canonical maps for sender and recipient
1098
address rewriting, so that you can rewrite an ugly sender
1099
address and still forward mail to that same ugly address
1100
without creating a mailer loop. Files: cleanup_envelope.c,
1101
cleanup_message.c, cleanup_rewrite.c.
1105
Feature: virtual maps now support multiple addresses on
1106
the right-hand side. In the case of virtual domains this
1107
can eliminate the need for address expansion via local
1108
aliases, making virtual domains much easier to administer.
1109
This required that I moved the virtual table lookups from
1110
the queue manager to the cleanup service, so that every
1111
recipient has an on-disk status record. Files: qmgr.c,
1112
qmgr_message.c, cleanup_envelope.c, cleanup_rewrite.c,
1115
Feature: sendmail/mailq/newaliases pass on the -v flag to
1116
the program that they end up running, to make debugging a
1121
Bugfix: some anti-spam measures didn't recognize some
1122
addresses as local and would do too much work. File:
1125
Bugfix: the smtp sender/recipient table lookup restriction
1126
destroyed global data, so that other restrictions could
1127
break. File: smtpd_check.c.
1129
Bugfix: after vmailer reload, single-threaded servers could
1130
exit before flushing unwritten data to the client. Example:
1131
cleanup would exit before acking success to pickup, so the
1132
message would be delivered twice. Bug reported by Brian
1135
Cleanup: removed spurious error output from vmailer-script.
1136
Reported by Brian Candler.
1138
Tolerance: ignore non-numeric SMTP server responses. There's
1139
lot of brain damage out there on the net.
1143
Feature: the smtp-sink benchmark tool now announces itself
1144
with a neutral name so that it can be run on the same
1145
machine as VMailer, without causing Postfix to complain
1146
about a mailer loop.
1148
Robustness: on LINUX, vmailer-script now does chattr +S to
1149
force synchronous directory updates. Fix developed with
1154
Bugfix: when transforming an RFC 822 address to external
1155
form, there is no need to quote " characters in comments.
1156
This didn't break anything, it just looked ugly. File:
1157
global/tok822_parse.c
1161
Workaround: with deliveries to /file/name, use fsync() and
1162
ftruncate() only on regular files. File: local/file.c
1164
Workaround: the plumbing code in master_spawn.c didn't
1165
check if it was dup2()/close()ing a descriptor to itself
1166
then closing it. Will have to redo the plumbing later.
1170
Workaround: on multiprocessor Solaris machines, one-second
1171
rollover appears to happen on different CPUs at slightly
1172
different times. Made the queue manager more tolerant for
1173
such things. Problem reported by Daniel Eisenbud.
1175
Workaround: in preparation for deployment with a network-shared
1176
maildrop directory. make pickup more tolerant against clock
1177
drift between clients and servers.
1181
New vstream_popen() module that opens a two-way channel
1182
across a socketpair-based pipe. This module isn't being
1183
used yet; it is here only to complete the vstream code.
1187
Code cleanup: the xxx_server_main() interface for master
1188
child processes now uses a name-value argument list instead
1189
of an ugly and inflexible data structure.
1191
Bugfix: moved the test if a non-interactive process is run
1192
by hand, so that the "don't do this" error message can be
1193
printed to stderr before any significant processing.
1195
Bugfix: smtpd now can talk to unix-domain sockets without
1196
bailing out on a peer lookup problem. Files: smtpd/smtpd.c,
1199
Safety: by default, the postmaster is no longer informed
1200
of protocol problems, policy violations or bounces.
1202
Safety: the SMTP server now sleeps before sending a [45]xx
1203
error response, in order to prevent clients from hammering
1204
the server with a connect/error/disconnect loop. Parameter:
1205
smtpd_error_sleep_time (default: 5).
1207
Feature: the logging facility is compile-time configurable
1208
(e.g., make makefiles "CCARGS=-DLOG_FACILITY=LOG_LOCAL1").
1212
Bugfix: changed virtual/canonical map search order from
1213
(user@domain, @domain, user) to (user@domain, user, @domain)
1214
so the search order is most specific to least specific.
1215
File: global/addr_map.c, lots of documentation.
1217
Bugfix: after the change of 19980910, cleanup_message
1218
extracted recipients from Reply-To: etc. headers. Found
1223
Bugfix: the change in virtual/canonical map search order
1224
broke @domain entries; they would never be looked up if
1225
the address matched $myorigin or $mydestinations. Found by
1226
Chip Christian who now regrets asking for the change.
1228
Bugfix: cleanup initialized an error mask incorrectly, so
1229
that it would keep writing to a file larger than the queue
1230
file size limit, and so it would treat the error as a
1231
recoverable one instead of sending a bounce. Thanks, Pieter
1234
Bugfix: the "queue file cleanup on fatal error" action was
1235
no longer enabled in the sendmail mail posting agent.
1237
Feature: the sendmail mail posting program now returns
1238
EX_UNAVAILABLE when the size of the input exceeds the queue
1239
file size limit. NB THIS CHANGE HAS BEEN WITHDRAWN.
1243
Code cleanup: the dotlock file locking routine is no longer
1244
derived from Eric Allman's 4.3BSD port of mail.local.
1246
Code cleanup: the retry strategy of the file locking routines
1247
dot_lockfile() and deliver_flock() is now configurable
1248
(deliver_flock_attempts, deliver_flock_delay, deliver_flock_stale).
1250
Code cleanup: the master.pid lock file is now created with
1251
symlink paranoia, and is properly locked so that PID rollover
1252
will not cause false matches.
1254
Bugfix: the vbuf_print() formatting engine did not know
1255
about the '+' format specifier.
1257
Cleanup: replaced unnecessary instances of stdio calls by
1262
Compatibility: added support for "sendmail -q". This required
1263
a change to the queue manager trigger protocol, and a code
1264
reorganization of the way queue scans were done. The queue
1265
manager socket now has become public.
1269
SMTPD now logs "lost connection after end-of-message"
1270
instead of "lost connection after DATA".
1274
More bullet proofing: timeouts on all triggers.
1278
Bugfix: make the number of cleanup processes unlimited, in
1279
order to avoid deadlock. The number of instances needed is
1280
one per smtp/pickup process, and an indeterminate number
1281
per local delivery agent. Thanks, Thanks, David Miller and
1282
Terry Lorrah for cleueing me in.
1284
Bugfix: "sendmail -t" extracted recipients weren't subjected
1285
to virtual mapping. Daniel Eisenbud strikes again.
1289
Compatibility: if the first input line ends in CRLF, the
1290
sendmail posting agent will treat all CRLF as LF. Otherwise,
1291
CRLF is left alone. This is a compromise between sendmail
1292
compatibility (all lines end in CRLF) and binary transparency
1293
(some, but not all, lines contain CRLF).
1297
Robustness: stop recursive virtual expansion when the
1298
left-hand side appears in its own expansion.
1302
Portability: trigger servers such as pickup and qmgr can
1303
now use either FIFOs or UNIX-domain sockets; hopefully at
1304
least one of them works properly. Trigger clients were
1305
already capable of using either form of local IPC.
1309
Feature: masquerading. Strip subdomains from domains listed
1310
in $masquerade_domains. Exception: envelope recipients are
1311
left alone, in order to not screw up routing.
1315
Code cleanup: moved the recipient duplicate filter from
1316
the user-level sendmail posting agent to the semi-resident
1317
cleanup service, so that the filter operates on the output
1318
from address canonicalization and of virtual expansion,
1319
instead of operating on their inputs.
1323
Bugfix: after kill()ing a bunch of child processes, wait()
1324
sometimes fails before all children have been reaped, and
1325
must be called again, or the master will SIGSEGV later.
1326
Problem reported by Scott Cotton.
1328
Workaround: don't log a complaint when an SMTP client goes
1329
away without sending QUIT.
1333
Workaround: Solaris 2.5 ioctl SIOCGIFCONF returns a hard
1334
error (EINVAL) when the result buffer is not large enough.
1335
This can happen on systems with many real or virtual
1336
interfaces. File: util/inet_addr_local.c. Problem reported
1339
Workaround: the optional HELO/EHLO hostname syntax check
1340
now allows a single trailing dot.
1342
Workaround: with UNIX-domain sockets, LINUX connect() blocks
1343
until the server calls accept(). File: qmgr/qmgr_transport.c.
1344
Terry Lorrah and Scott Cotton provided the necessary
1349
Robustness: recursive canonical mapping terminates when
1350
the result stops changing.
1352
Code cleanup: reorganized the address rewriting and mapping
1353
code in the cleanup service, to make it easier to implement
1354
the previous enhancement.
1358
Code cleanup: more general queue scanning programming
1359
interface, in preparation for hashed queues. File:
1362
Bugfix: a non-FIFO server with a process limit of 1 has a
1363
too short listen queue. Until now this was not a problem
1364
because only FIFO servers had a process limit of 1, and
1365
FIFOs have no listen queue. Fix: always configure a listen
1366
queue of proc_limit or more. File: master/master_listen.c.
1370
Feature: by popular request, mail delay is logged when
1371
delivering, bouncing or deferring mail.
1375
Cleanup: double-bounce mail is now absorbed by the queue
1376
manager, instead of the local delivery agent, so that the
1377
mail system will not go mad when no local delivery agent
1382
Cleanup: moved the relocated table from the local delivery
1383
agent to the queue manager, so that the table can also be
1384
used for virtual addresses.
1386
Code reorg: in order for the queue manager to absorb
1387
recipients, the queue file has to stay open until all
1388
recipients have been assigned to a destination queue.
1392
vmlogger command, so that vmailer-script logging becomes
1393
consistent with the rest of the VMailer system.
1395
Code reorg: logger interface now can handle multiple output
1396
handlers (e.g. syslog and stderr stream).
1398
Bugfix: a first line starting with whitespace is no longer
1399
treated as an extension of our own Received: header. Files:
1400
smtpd/smtpd.c, pickup/pickup.c.
1404
Bugfix: the bang-path swapping code went into a loop on an
1405
address consisting of just a single !. Eilon Gishri had
1406
the privilege of finding this one.
1408
Workaround: the non-blocking UNIX-domain socket connect is
1409
now enabled only on systems that need it. It may cause
1410
kernel trouble on Solaris 2.x.
1412
Bugfix: the resolver didn't implement bangpath swapping,
1413
so that mail for site!user@mydomain would be delivered to
1414
a local user named "site!user".
1418
Cleanup: a VSTREAM can now use different file descriptors
1419
for reading and writing. This was necessary to prevent
1420
"sendmail -bs" and showq from writing to stdin. Eilon Gishri
1421
observed the problem.
1425
The RFC 822 address manipulation routines no longer give
1426
special attention to 8-bit data. Files: global/tok822_parse.c,
1427
global/quote_822_local.c.
1429
Bugfix: host:port and other non-domain stuff is no longer
1430
allowed in mail addresses. File: qmgr/qmgr_message.c.
1432
Workaround: LINUX accept() wakes up before the three-way
1433
handshake is complete, so it can fail with ECONNRESET.
1434
Files: master/single_server.c, master/multi_server.c.
1436
Feature: when delivering to user+foo, try ~user/.forward+foo
1437
before trying ~user/.forward.
1439
Bugfix: smtpd in "sendmail -bs" (stand-alone) mode didn't
1440
clean up when terminated by a signal.
1442
Bugfix: smtpd in "sendmail -bs" (stand-alone) mode should
1443
not try to enforce spam controls because it cannot access
1444
the address rewriting machinery.
1446
Cleanup: the percent hack (user%domain -> user@domain) is
1447
now configurable (allow_percent_hack, default: yes).
1449
Bugfix: daemons in -S (stand-alone) mode didn't change
1450
directory to the queue. This was no problem with daemons
1451
run by the sendmail compatibility program.
1455
Feature: when virtual/canonical/relocated lookup fails for
1456
an address that contains the optional recipient delimiter
1457
(e.g., user+foo@domain), the search is done again with the
1458
unextended address (e.g., user@domain). File: global/addr_find.c.
1460
Code reorg: the address searching is now implemented by a
1461
separate module global/addr_find.c, so that the same code
1462
can be used for both (non-mapping) relocated table lookups
1463
and for canonical and virtual mapping. The actual mapping
1464
is still done in the global/addr_map.c module.
1466
Robustness: the SMTP client now skips hosts that don't send
1467
greeting banner text. File: smtp/smtp_connect.c
1469
Feature: preliminary support to disable delivered-to. This
1470
is desirable for mailing list managers that don't want to
1471
advertise internal aliases.
1473
Generic support: when the recipient_feature_delimiter
1474
configuration parameter is set, the local delivery agent
1475
uses it to split the recipient localpart into fields. Any
1476
field that has a known name such as "nodelivered" enables
1477
the corresponding delivery feature.
1481
Code reorg: address splitting on recipient delimiter is
1482
now centralized in global/split_addr.c, which knows about
1483
all reserved names that should never be split.
1485
Robustness: when a request for an internal service cannot
1486
be satisfied because the master has terminated, terminate
1487
instead of trying to reach the service every 30 seconds.
1489
Safety: the local delivery agent now runs as vmailer most
1490
of the time, just like pickup and pipe. Files: local/local.c,
1495
Compatibility: the tokenizer for alias/forward/etc.
1496
expansion now updates an optional counter with the number
1497
of destinations found; If no destinations is found in a
1498
.forward file, deliver to the mailbox instead. Thanks,
1499
Daniel Eisenbud, for showing the way to go.
1501
Robustness: the pickup daemon should always include a
1502
posting-time record, even when the sendmail posting agent
1503
didn't. However, just like before, user-provided posting
1504
times will be ignored. Ollivier Robert found this one.
1506
Robustness: duplicate entries in aliases or maps now cause
1507
a warning instead of a fatal error (and an incomplete file).
1509
Robustness: mkmap now prints a warning when an entry is in
1510
"key: value" format, which is the format expected for alias
1511
databases, not for maps.
1513
Portability: on LINUX, prepend "+" to the getopt() options
1514
string so that getopt() will stop at the first non-option
1515
argument. Suggestion by Marco d'Itri.
1519
Cleaned up the set_eugid() and open_as() implementations,
1520
and added stat_as() and fstat_as() so that the local delivery
1521
agent would look up include files and .forward files with
1522
the right privileges.
1526
Bugfix: the :include: routine now stat()s/open()s files
1527
included by root-owned aliases as root, not as nobody.
1529
Bugfix: the master crashed when a service with wakeup timer
1530
was disabled or renamed. Fix: eliminate some pathological
1531
coupling between process management and wakeup management.
1533
Feature: partial implementation of ETRN (causes a full
1534
deferred queue scan). Thanks Lamont Jones for reminding me
1535
that things can be useful already before they are perfect.
1537
Cleanup: simplified the SMTPD tokenizer.
1539
Bugfix: sendmail -bs didn't properly notify the mail system
1542
Compatibility: the MAIL FROM and RCPT TO commands now accept
1543
the most common address forms without enclosing <>. The <>
1544
is still needed for addresses that contain a "string", an
1545
[address], or a colon (:).
1549
Bugfix: "master -t" would claim that the master runs when
1550
in fact the pid directory does not exist, causing trouble
1551
with first time startup (reported by several).
1553
Portability: added a sane_accept() module that maps all
1554
beneficial accept() error results to EAGAIN. According to
1555
private communication with Alan Cox, Linux 2.0.x accept()
1556
can return a variety of error conditions, so we play safe
1557
and allow for any error that may happen because SYN+ACK
1560
Portability: NETBSD1 uses dotlock files (Perry Metzger).
1562
Bugfix: the local delivery agent did not canonicalize
1563
owner-foo sender addresses, so that local users would see
1564
owner-foo instead of owner-foo@$myorigin (Perry Metzger).
1566
OPENSTEP4 support, similar to NEXTSTEP3 (Gerben Wierda).
1570
Portability: the master startup would take a long time on
1571
AIX because AIX has a very large per-process open file
1572
limit. Fix is to check the status of only the first couple
1573
hundred file descriptors instead. File: master/master.c.
1575
Bugfix: mail to user@[net.work.addr.ess] was broken because
1576
of a reversed test. File: qmgr/qmgr_message.c.
1580
Compatibility: don't clobber the envelope sender address
1581
when an alias has no owner-foo alias (problem diagnosed by
1584
Bugfix: mail to local users in include files would be
1585
delivered directly if the alias didn't have an owner-foo
1586
alias, and if the alias database and include file were
1589
Feature: with user+foo addresses, any +foo address extension
1590
that is not explicitly matched in canonical, virtual or
1591
alias databases is propagated to the table lookup result.
1595
Bugfix: minor memory leak in the user+foo table lookup
1598
Configurability: specify virtual.domain in the virtual map,
1599
and mail for unknown@virtual.domain will bounce automatically.
1600
The $relay_domains default value now includes $virtual_maps,
1601
so the SMTP server will accept mail for the domain. Marco
1602
d'Itri put me on the right track.
1604
Configurability: The mydestinations configuration parameter
1605
now accepts /file/name expressions and type:name lookup
1608
Code cleanup: in order to make the previous two enhancements
1609
possible, revised the string/host/address matching engine
1610
so it can handle any mixture of strings, /file/name patterns
1611
and type:name lookup tables. Files: util/match_{list,ops}.c,
1612
global/{domain,namadr,string}_list.c.
1616
Code cleanup: replaced remaining isxxx() calls by ISXXX().
1620
Bugfix: the "bounce unknown virtual user" code was in the
1621
wrong place. Problem tackled with help of Chip Christian.
1623
Portability: reportedly, Solaris 2.5.1 can hang waiting
1624
for a UNIX-domain connection to be accepted, so it gets
1625
the same workaround that was designed for LINUX. Problem
1626
reported by Scott Cotton.
1630
Management: "vmailer stop" now allows delivery agents to
1631
finish what they are doing, like "vmailer reload".
1633
Management; "vmailer abort" causes immediate termination.
1635
Workaround: zombie processes pile up with HP-UX. Reason:
1636
select() does not return upon SIGCHLD when SA_RESTART is
1637
specified to sigaction(). Workaround: shorten the select()
1638
timer to 10 seconds, #ifdef BRAINDEAD_SELECT_RESTARTS.
1639
Thanks, Lamont Jones.
1643
Rename: VMailer is now Postfix. Sigh.
1647
Cleanup: generalized the safe_open() routine so that it is
1648
no longer limited to mailbox files, lock files, etc.
1650
Bugfix (found during code review): vstream*printf() could
1651
run off the end of a stream buffer after an I/O error,
1652
because vbuf_print() ignored the result from VBUF_SPACE().
1654
Bugfix (found during code review): resolve_local() could
1655
clobber its argument, but the docs didn't say so.
1659
Cleanup: the is_header() routine now allows 8-bit data in
1664
Bugfix (found during code review): the mail_queue_enter()
1665
path argument wasn't optional. File: global/mail_queue.c
1669
Cleanup: eliminated redundant tests for a zero result from
1670
vstream_fdopen(). Unlike the stdio fdopen() routine, the
1671
vstream_fdopen() routine either succeeds or never returns.
1673
Bugfix: the queue manager now looks at the clock before
1674
examining a file time stamp, to avoid spurious complaints
1675
about time warps on busy machines. File: qmgr/qmgr_active.c.
1679
Compatibility: allow trailing dot at the end of user@domain.
1680
Address canonicalization now strips it off. Issue brought
1681
forward by Eilon Gishri. File: trivial-rewrite/rewrite.c.
1683
Robustness: changed DNS lookup order of MAIL FROM etc.
1684
domains from MX then A to A then MX, just in case the MX
1685
lookup fails with a server error.
1687
Renamed vmcat, vmlock, vmlogger, vmtrigger to postcat,
1688
postlock, postlog, postkick. Also renamed mkmap and mkalias
1689
to postmap and postalias.
1693
Workaround: Lamont Jones found a way for HP-UX to terminate
1694
select() after SIGCHLD. The code is #ifdef USE_SIG_RETURN.
1695
Files: util/sys_defs.h, master/master_sig.c.
1697
Bugfix: the Delivered-To: loop detection code had stopped
1698
working, when long ago the is_header() routine was changed.
1699
File: local/delivered.c.
1703
Bugfix: postcat opened queue files read-write, where only
1704
read access was needed. File: postcat/postcat.c.
1708
Safety: added a sleep(1) to all fatal and panic exits.
1713
Robustness: postcat now insists that a file starts with a
1716
Consistency: added "-c config_dir" command-line options
1721
Man pages, on-line version.
1725
Man pages, html version; overview documentation.
1729
Sendmail silently accepted the unsupported -qRsite and
1730
-qSsite options. It now prints an error message and
1733
Separated the contributed tree from the IBM code; moved
1734
the LDAP and NEXTSTEP/OPENSTEP code to the contributed
1735
source tree because obviously I didn't write it.
1739
Had to write a postconf configuration utility in order to
1740
reliably find out about all configuration parameters and
1743
Documentation bugfixes by Matt Shibla, Scott Drassinower,
1748
On machines with short hostnames, postconf -d cored while
1749
reporting a fatal error. It should not report that error
1750
in the first place. Thanks, Eilon Gishri.
1752
Changed the FAQ entry about rejecting mail for *.my.domain
1753
on a firewall. Chip Christian was right, I was wrong.
1757
Portability: with GNU getopt, optind is not initially 1,
1758
breaking an assumption in sendmail/sendmail.c. Liviu Daia.
1760
Annoyance: on non-networked systems, don't warn that only
1761
one network interface was found. File: global/inet_addr_local.c.
1762
Reported by several.
1764
Bugfix: on non-networked systems, the smtp client assumed
1765
that it was running in virtual host mode, and would bind
1766
to the loopback interface. File smtp/smtp_connect.c. Liviu
1771
Robustness: when looking up an A or MX record, do not give
1772
up when the A query fails because of a server error. File
1773
dns/dns_lookup.c. Reported by Scott Drassinower.
1777
Bugfix: "bounce mail for non-existent virtual user" didn't
1778
work when a non-default relay host was configured in main.cf
1779
or in the transport table. File: qmgr/qmgr_message.c.
1781
Bugfix: the maildrop directory should not be world-readable.
1782
Files: conf/postfix-script, showq/showq.c.
1784
Documentation: fixed several omissions and errors.
1786
Documentation: removed references to the broken recipient
1787
feature delimiter configuration parameter.
1789
Bugfix: write mailbox file as the recipient, so that file
1790
quota work as expected.
1792
Bugfix: pickup would die when it tried to remove a non-file
1793
in the maildrop directory (Jeff Wolfe).
1797
Sendmail no longer logs the queue ID when it is unable to
1798
notify the pickup daemon. This is a late addition to the
1799
"unreadable maildrop queue" patch.
1801
user.lock files are now created as root, so that postfix
1802
needs no group directory write permission.
1806
Security: allow queue file link counts > 1, to avoid
1807
non-delivery of maildrop files with links to a non-maildrop
1808
directory. Files: global/mail_open_ok.c, and anything
1809
that calls this code (qmgr, pickup, showq). If multiple
1810
hard links are a problem, see the set-gid "postdrop" utility
1815
Robustness: the queue manager no longer aborts when a queue
1816
file suddenly disappears (e.g. because the file was removed
1819
Feature: when a writable maildrop directory is a problem,
1820
sites can make the new "postdrop" utility set-gid. This
1821
command is never used when the maildrop directory is
1824
Robustness: make the queue file creation routine more
1825
resistant against denial of service race attack. File:
1830
New suid_priv module to enable/disable privileges in a
1831
set-uid/gid program. In the end I decided to not use it.
1835
Robustness: make the pickup daemon more resistant against
1836
non-file race attack.
1838
Cleanup: generic mail_stream.c interface for writing queue
1839
file streams to files, daemons or commands. This simplifies
1840
the code in smtpd and in sendmail that must be able to pipe
1841
mail through the postdrop command. The cleanup daemon has
1842
been modified to use the same interface. Result: less code.
1844
Feature: smtpd now logs the only recipient in Received:
1847
Feature: separate command and daemon directories. Both
1848
default to $program_directory. Install conf/postfix-script
1849
if you want to use this feature.
1853
Patch to avoid conflict with non-writable top-level Makefile
1858
Portability: port to UnixWare 7 by Ronald Joe Record, SCO.
1862
Bugfix: fencepost (Jon Ribbens, Oaktree Internet Solutions
1863
Ltd.) Files: quote_82[12]_local.c.
1865
Bugfix: wrong default for relay_domains (Juergen Kirschbaum,
1866
Bayerische Landesbank). File: mail_params.h.
1868
Bugfix: changed 5xx response for "too may recipients" to
1873
Feature: defer_transports specifies the names of transports
1874
that should be used only when "sendmail -q" (or equivalent)
1875
is issued. For example, "defer_transports = smtp" is useful
1876
for sites that are disconnected most of the time. File:
1881
Feature: local_command_shell specifies a non-default shell
1882
for delivery to command by the local delivery agent. For
1883
example, "local_command_shell = /some/where/smrsh -c"
1884
restricts what may appear in "|command" destinations.
1885
File: global/pipe_command.c.
1889
Feature: SMTP command pipelining support based on an initial
1890
version by Jon Ribbens, Oaktree Internet Solutions Ltd.
1891
This one took several days of massaging before I felt
1892
comfortable about it. Files: smtp.c, smtp_proto.c.
1894
Bugfix: the SMTP server would flush responses one-by-one,
1895
which caused suboptimal performance with pipelined clients.
1896
The vstream routines now flush the write buffer when the
1897
read() routine is called, instead of flushing when the
1898
application changes from writing to reading. Delayed flush
1899
prevents the SMTP server from flushing responses one-by-one
1900
and thus triggering Nagle's algorithm. File: util/vstream.c.
1904
Bugfixes and enhancements to the smtpstone tools by Drew
1905
Derbyshire, Kendra Electronic Wonderworks: send helo command,
1906
send message headers, format the message content to lines
1907
< 80, work around NT stacks, make "." recognition more
1908
robust. Files: smtp-source.c, smtp-sink.c.
1910
Strategy: look at the deferred queue only when the incoming
1911
queue is empty; limit the number of recipients read from
1912
a queue file depending on the number of recipients already
1913
in core. Files: qmgr.c, qmgr_message.c.
1915
Feature: postponed anti-UCE restrictions. The decision to
1916
reject junk mail on the basis of the client name/address,
1917
HELO hostname or sender address can now be postponed until
1918
the RCPT TO command (or HELO or MAIL FROM if you like).
1919
File: smtpd_check.c.
1923
Feature: incremental updates of alias databases and of
1924
other lookup tables. Both postalias and postmap now take
1925
a -i option for incremental updates from standard input.
1926
Files: global/mkmap_*.c, post{map,alias}/post{map,alias}.c.
1928
Compatibility: newaliases can now update multiple alias
1929
databases: list them in the "alias_database" parameter in
1930
main.cf. By the same token, postalias can now update multiple
1931
maps in one command. Files: post{map,alias}/post{map,alias}.c
1933
Feature: mail to <> is now sent to the address specified
1934
with the "empty_address_recipient" configuration parameter
1935
which defaults to MAILER-DAEMON (idea by Lamont Jones,
1936
Hewlett-Packard). File: cleanup/cleanup_envelope.c.
1938
Compatibility: the transport table now uses .domain.name
1939
to match subdomains, just like sendmail mailer tables (patch
1940
by Lamont Jones, Hewlett-Packard).
1942
Feature: mailq now ends with a total queue size summary
1943
(Eilon Gishri, Israel Inter University Computation Center).
1947
Feature: address masquerade exceptions for user names listed
1948
in the "masquerade_exceptions" configuration parameter.
1949
File: cleanup/cleanup_masquerade.c.
1951
Feature: qmail-style maildir support, based on initial code
1952
by Kevin W. Brown, Quantum Internet Services Inc.
1954
Workaround: Solaris 2.something connect() fails with
1955
ECONNREFUSED when the system is busy (Chris Cappuccio,
1956
Empire Net). File: global/mail_connect.c.
1958
Feature: the cleanup service now adds a Return-Path: header
1959
when none is present. This header is needed for some mail
1960
delivery programs (see below). File: cleanup_message.c.
1962
Feature: the pipe mailer now supports $user, $extension
1963
and $mailbox macros in command-line expansions. This, plus
1964
the Return-Path: header (see above), should be sufficient
1965
to support cyrus IMAP out of the box. Based on initial
1966
code by Joerg Henne, Cogito Informationssysteme GMBH.
1969
Bugfix: with address extensions enabled, canonical and
1970
virtual lookups now are done in the proper order:
1971
user+foo@domain, user@domain, user+foo, user, @domain.
1972
File: global/mail_addr_find.c.
1976
Feature: the local mailer now prepends a Received: message
1977
header with the queue ID to forwarded mail, in order to
1978
make message tracing easier. File: local/forward.c.
1980
Cleanup: after "postfix reload", no more broken pipe
1981
complaints from resolve/rewrite clients.
1985
Feature: pickup (again) logs uid and sender address. On
1986
repeated request by Scott Cotton, Internet Consultants
1989
Portability: doze() function for systems without usleep().
1991
Cleanup: clients are now consistently logged as host[address].
1995
Maildir support changed: specify "home_mailbox = Maildir/".
1996
The magic is the trailing /. Suggested by Daniel Eisenbud,
1997
University of California at Berkeley.
1999
Maildir support from aliases, :include: and .forward files.
2000
Specify /file/name/ - the trailing / is required. Suggested
2001
by Daniel Eisenbud, University of California at Berkeley.
2003
Workaround: watchdog timer to prevent the queue manager
2004
from locking up on some systems.
2006
Bugfix: in Received: headers, the "for <recipient>"
2007
information was in the wrong place. Pointed out by Jon
2008
Ribbens, Oaktree Internet Solutions Ltd.
2012
Portability: more workarounds for GNU getopt() by Liviu
2013
Daia, Institute of Mathematics, Romanian Academy. File:
2014
sendmail/sendmail.c.
2018
Bugfix: Postfix should not masquerade recipient addresses
2019
extracted from message headers. Problem reported by David
2020
Blacka, Network Solutions. File: cleanup/cleanup_message.c.
2024
Feature: smtpd_etrn_restrictions parameter to restrict who
2025
may use ETRN and what domains may be specified. Example:
2026
"smtpd_etrn_restrictions = permit_mynetworks, reject".
2027
Requested by Jon Ribbens, Oaktree Internet Solutions Ltd.
2028
File: smtpd/smtpd_check.c.
2032
Bugfix: in an attempt to shave some cycles, the anti junk
2033
mail routines would use the wrong resolved address. This
2034
"optimization" is now turned off. Problem reported by Sam
2035
Eaton, Pavilion Internet Plc. File: smtpd/smtpd_check.c.
2037
Feature: BIFF notifications. For compatibility reasons
2038
this feature is on by default. This "protocol" can be a
2039
real performance pig. Specify "biff = no" in main.cf if
2040
your machine has lots of shell users. Feature requested by
2041
Dan Farmer - it's one of the things one does for friends.
2042
Files: local/mailbox.c, local/biff_notify.c.
2044
Bugfix: another case sensitivity problem, this time with
2045
virtual lookups to recognize unknown@virtual.domain.
2046
Problem reported by Bo Kleve, Linkoping University. File:
2047
qmgr/qmgr_message.c.
2051
Feature: with "soft_bounce = yes", defer delivery instead
2052
of bouncing mail. This is a safety net for configuration
2053
errors with delivery agents. It has no effect on errors in
2054
virtual maps, canonical maps, or in junk mail restrictions.
2055
Feature requested by Bennett Todd. File: global/bounce.c.
2059
Compatibility: the qmail maildir.5 documentation prescribes
2060
maildir file names of the form time.pid.hostname, which is
2061
wrong because Postfix processes perform multiple deliveries.
2062
Elsewhere the qmail author has documented how maildir files
2063
should be named under such conditions. Postfix has been
2064
changed to be conformant. File: local/maildir.c.
2068
Feature: special treatment of owner-foo and foo-request
2069
can be turned off. Specify "owner_request_special = no".
2070
Requested by Matthew Green and others. Files: local/alias.c,
2071
global/split_addr.c. This affects canonical, virtual and
2076
Portability: signal handling for HP-UX 9 by Lamont Jones
2077
of Hewlett Packard. File: master/master_sig.c.
2079
Robustness: disable random walk inside a per-site queue to
2080
avoid message starvation under heavy load. File: qmgr_entry.c.
2082
Robustness: under some conditions the queue manager could
2083
declare a host dead after just one delivery failure. File:
2088
Feature: skip SMTP servers that greet us with a 4XX status
2089
code. Example: "smtp_skip_4xx_greeting = yes". By default,
2090
the Postfix SMTP client defers delivery when a server
2091
declines talking to us. File: smtp/smtp_connect.c.
2093
Robustness: upon startup the queue manager now moves active
2094
queue files to the incoming queue instead of the deferred
2095
queue, to avoid anomalous delivery delays on systems that
2096
have a huge incoming queue. Files: qmgr/qmgr.c,
2097
qmgr/qmgr_active.c, global/mail_flush.c, conf/postfix-script*
2101
Robustness: added watchdog timers to avoid getting stuck
2102
on systems with broken select() socket implementations.
2103
File: qmgr_transport.c, qmgr_deliver.c.
2107
Feature: NFS-friendly delivery to mailbox by avoiding the
2108
use of root privileges as much as possible. With input by
2109
Mike Muus, Army Research Lab, USA.
2111
Feature: the smtp-sink test server now supports SMTP command
2112
pipelining. To this end we had to generalize the timer and
2113
vstream support. Poor performance is fixed 19990222.
2115
Cleanup: timer event routines now have the same interface
2116
as read/write event routines (event type + context). File:
2119
Feature: new vstream_peek() routine to tell how much unread
2120
data is left in a VSTREAM buffer. This is the vstream
2121
variant of the peekfd() routine for kernel read buffers.
2122
File: util/vstream.c.
2124
Feature: directory scanning support for hashed mail queue
2125
directories. So far the results are disappointing: with
2126
depth = 2 (16 directories with 16 subdirectories), mailq
2127
takes 5 seconds with an empty queue unless all directories
2128
happen to be cached in memory. We need a bit map before
2129
hashed queue directories become practical. Depth=1 hashing
2130
doesn't slow down mailq much, but doesn't help much either.
2131
Files: util/scan_dir.c, global/mail_scan_dir.c.
2135
Workaround: with "ignore_mx_lookup_error = yes", the SMTP
2136
client always performs an A lookup when an MX lookup could
2137
not be completed, rather than treating MX lookup failure
2138
as a temporary error condition. Unfortunately there are
2139
many broken DNS servers on the Internet. File: smtp/smtp_addr.c.
2143
Performance: rewrote the guts of the smtp-sink test server
2144
so it can do pipelining without losing performance.
2148
Workaround: hotmail.com sometimes drops the connection
2149
after "." (causing misleading diagnostics to be logged) or
2150
waits minutes after receiving QUIT. Solution: do not wait
2151
for the response to QUIT. File: smtp/smtp_proto.c. This
2152
is turned off with: "smtp_skip_quit_response = no".
2156
Feature: the pipe mailer accepts user=username:groupname,
2157
based on code submitted by Philip A. Prindeville, Mirapoint,
2158
Inc., USA. File: pipe/pipe.c.
2160
Workaround: use file locking to prevent multiple processes
2161
from select()ing on the same socket. This causes performance
2162
problems on large BSD systems. Files: master/*_server.c.
2166
Bugfix: with "inet_interfaces = 127.0.0.1", don't bind to
2167
the loopback interface. Problem reported by Steve Bellovin
2168
of AT&T. File: smtp/smtp_addr.c.
2170
Feature: "postsuper" command to remove stale queue files
2171
to update queues after changes to the queue structure
2172
parameters (hash_queue_names, hash_queue_depth). This
2173
command is to be run from the postfix-script maintenance
2178
Feature: new postconf -h (suppress `name = ' in output)
2179
option to make the program easier to use in, e.g., shell
2182
Feature: dict_unix module so you can add the UNIX passwd
2183
table to the SMTPD access control list.
2187
Feature: "luser_relay = destination" captures mail for
2188
non-existent local recipients. This works only when the
2189
local delivery agent does mailbox delivery (including
2190
delivery via mailbox_command), not when mailbox delivery
2191
is delegated to another message transport.
2193
Feature: new reject_non_fqdn_{hostname,sender,recipient}
2194
restrictions to require fully.qualified.domain forms in
2195
HELO, MAIL FROM and RCPT TO commands (while still allowing
2196
the <> sender address).
2200
Bugfix: backed out the 19990119 change to always insert
2201
Return-Path: if that header is not present. The pipe and
2202
local agents now are responsible for prepending Return-Path:.
2203
Files: cleanup/cleanup_message.c, global/mail_copy.[hc],
2204
pipe/pipe.c, global/header_opts.c. This causes an incompatible
2205
change to the pipe flags parameter, because Return-Path:
2206
now must be requested explicitly.
2210
Bugfix: showq (the mailq server) incorrectly assumed that
2211
all recipients of a deferred message are listed in the
2212
corresponding defer logfile. It now lists all recipients.
2213
Files: showq/showq.c, cleanup/cleanup_envelope.c (ensure
2214
that sender records always precede recipient records).
2216
Cleanup: smtpd HELO restrictions validate [numerical] forms.
2217
Files: util/valid_hostname.c, smtpd/smtpd_check.c. Initial
2218
code by Philip A. Prindeville, Mirapoint, Inc., USA.
2222
Cleanup: re-vamped the valid_hostname module, and added a
2223
maximal label length (63) requirement.
2225
Feature: fallback_relay parameter to specify extra backup
2226
hosts in case the regular relay hosts are not found or not
2227
available. Files: smtp/smtp_addr.c.
2229
Feature: "always_bcc = address" specifies where to send a
2230
copy of each message that enters he system. However, if
2231
that copy bounces, the sender will be informed of the
2232
bounce. Files: smtpd/smtpd.c, pickup/pickup.c
2234
Compatibility: the transport map will now route on top-level
2235
domains, so you can dump all of .bitnet to a bitnet relay.
2239
Feature: LDAP lookups, updated by Jon Hensley, Merit Network,
2242
Feature: regular expression (PCRE) support by Andrew
2243
McNamara, connect.com.au Pty. Ltd., Australia. In order to
2244
use this code specify pcre:/file/name. You can use this
2245
anywhere you would use a DB or DBM file, NIS or LDAP. See:
2246
PCRE_README for how to enable this code.
2248
Feature: "delay_warning_time = 4" causes Postfix to send
2249
a "your mail is delayed" notice after approx. 4 hours.
2250
Daniel Eisenbud, University of California at Berkeley.
2251
Files: qmgr/qmgr_active.c, qmgr/qmgr_message. Postmaster
2252
notices for delayed mail are disabled by default. In order
2253
to receive postmaster notices, specify "notify_classes =
2256
Cleanup: do not send undeliverable bounced mail to postmaster.
2257
This was causing lots of pain with junk mail from bogus
2258
sender addresses to non-existent recipients. This change
2259
was reversed 19990311.
2263
Bugfix: the dotforward routine was too eager with throwing
2264
away extension information, so that the Delivered-To: info
2265
would differ for \mailbox and |command. Problem reported
2266
by Rafi Sadowski, Open University, Israel.
2268
Bugfix: seems I never got around to fix the btree access
2269
method. I finally did. Problem reported by: Matt Smith,
2270
AvTel Communications Inc., USA.
2274
Back by popular demand: with "notify_classes = 2bounce ..."
2275
Postfix will send undeliverable bounced mail to postmaster.
2276
The default is to not send double bounces. This change
2277
reverses a change made on 19990307.
2281
Feature: configurable exit handler for server skeletons.
2282
Philip A. Prindeville, Mirapoint, Inc., USA. Files:
2285
Feature: mail_spool_directory configuration parameter to
2286
specify the UNIX mail spool directory. The default setting
2287
is system dependent.
2291
Cleanup: share file descriptors for resolve and rewrite
2292
client connections. This puts less strain on the trivial-rewrite
2295
Portability: support for UnixWare 2.1 by Dmitry E. Kiselyov,
2296
Nizhny Novgorod City Health Emergency Station.
2298
Feature: configurable delays in the smtpstone test programs.
2299
With input by Philip A. Prindeville, Mirapoint, Inc., USA.
2300
Files: smtpstone/*.c.
2302
Bugfix: a "signal 11" problem in the trivial-rewrite program
2303
that would occasionally happen after "postfix reload".
2304
Reason: some rewrite clients would clobber their input,
2305
and when they had to retransmit the query, the input would
2306
be a zero-length string, which trivial-rewrite isn't supposed
2311
Feature: "mailbox_transport = cyrus" delegates all local
2312
mailbox delivery to a master.cf entry called "cyrus" (the
2313
same trick for procmail), including users not found in the
2314
UNIX passwd database. This gives the flexibility of $name
2315
expansions by the pipe mailer, without losing local aliases
2316
and ~/.forward processing. Result of discussions with Rupa
2317
Schomaker, RS Consulting.
2321
Feature: the mydestination parameter can now be an empty
2322
string, for hosts that don't receive any mail locally. Be
2323
sure to specify a default route for mail that comes to the
2324
machine or mail will loop.
2328
Bugfix: the SMTPD check scaffolding didn't apply the same
2329
sanity checks as the production code. Problem reported by
2330
Alain Thivillon, Herve Schauer Consultants, France. File:
2331
smtpd/smtpd_check.c.
2333
Portability: some systems can have more than 59 seconds in
2334
a minute. Based on a fix by Liviu Daia, Institute of
2335
Mathematics, Romanian Academy. File: global/mail_date.c.
2337
Enhancement: include the client network address in the
2338
rejected by RBL response. Lamont Jones, Hewlett-Packard.
2340
Workaround: use fstat() to figure out if the maildrop is
2341
world-writable. access() uses the real uid, which stinks.
2343
Robustness: don't do partial address lookups (user@, domain,
2344
user, @domain) with regexp-style tables.
2346
Security: don't allow regexp-style tables to be used for
2347
aliases. It would be too easy to slip in "|command" or
2348
:include: or /file/name.
2352
Feature: "fallback_transport = cyrus" delegates non-UNIX
2353
recipients to a master.cf entry called "cyrus", allowing
2354
you to have both UNIX and non-UNIX mailboxes side by side.
2358
Workaround: on 4.4 BSD derivatives, fstat() can return
2359
EBADF on an open file descriptor. Now, that was a surprise.
2360
This caused std{out,err} from cron commands to not be
2363
Bugfix: "local -v" stopped working.
2365
Workaround: more watchdog timers for postfix-unfriendly
2366
systems. By now every Postfix daemon has one. Call it life
2369
Robustness: increased the maximal time to receive or deliver
2370
mail from $ipc_timeout (default: 3600 seconds) to the more
2371
generous $daemon_timeout (default: 18000 seconds). We don't
2374
Portability: IRIX 5.2 does not have usleep().
2378
Bugfix: \username was broken. Frank Dziuba was the first
2383
Workaround: from now on, Postfix on Solaris uses stream
2384
pipes instead of UNIX-domain sockets. Despite workarounds,
2385
the latter were causing more trouble than anything else on
2386
all systems combined.
2390
Portability: the makedefs would mis-identify IRIX 6.5.x as
2391
IRIX 5.x. Fix by Brian Truelsen of Maersk Mc-Kinney Moller
2392
Institute for Production Technology, Denmark.
2394
Feature: reject_unknown_recipient_domain restriction for
2395
recipient addresses. For the sake of symmetry, we now also
2396
have reject_unknown_sender_domain. This means the old
2397
reject_unknown_address restriction is being phased out.
2398
Suggested by Rask Ingemann Lambertsen, Denmark Technical
2401
Feature: unknown sender/recipient domain restrictions now
2402
distinguish between soft errors (always: 450) and hard
2403
errors (configurable with the unknown_address_reject_code
2404
parameter, default: 450; use 550 at your own risk).
2406
Feature: no HELO junk mail restrictions means that no syntax
2407
check will be done on HELO/EHLO hostname arguments.
2409
Bugfix: the initial Solaris workaround for UNIX-domain
2410
sockets could cause the queue manager to block if Postfix
2411
ran into a delivery agent process limit. After another code
2412
rewrite that problem is eliminated. Thanks to Chris
2413
Cappuccio, Empire Net, for assistance with testing.
2417
Bugfix: too much forwarding when users list their own name
2418
in their .forward file (e.g. mail to user@localhost would
2419
go through .forward, would be forwarded to user@$myorigin,
2420
and would go through .forward again). Problem reported by
2421
Roman Dolejsi, Prague University of Economics.
2425
Bugfix: missing map name in check_xxx_access restrictions
2426
could cause a segmentation error. Lamont Jones, Hewlett-
2429
Feature: forward_path configuration parameter (default:
2430
$home/.forward$recipient_delimiter$extension,$home/.forward).
2431
Based on initial code by Philip A. Prindeville, Mirapoint,
2432
Inc., USA. Files: local/dotforward.c.
2436
Workaround: Solaris NIS alias maps need special entries
2437
(YP_MASTER_NAME, YP_LAST_MODIFIED). What's worse, normal
2438
keys/values include a null byte at the end, but the YP_XXX
2439
ones don't. Problem reported by Walcir Fontanini, state
2440
university of Campinas, Brazil. File: postalias/postalias.c.
2442
Compatibility: Solaris NIS apparently does include a null
2443
byte at the end of keys and values. File: util/sys_defs.h.
2445
Feature: library support for config parameters that are
2446
not $name expanded at program start-up. This was needed
2447
for forward_path, and will also be needed to make message
2448
headers customizable.
2450
Bugfix: pcre didn't handle \\ right. Lamont Jones, Hewlett-
2451
Packard. File: util/dict_pcre.c.
2455
Compatibility: Postfix now puts two spaces after the sender
2456
in a "From sender date..." header. Found by John A. Martin,
2457
fixed by Lamont Jones, Hewlett-Packard.
2459
Bugfix: when a recipient appeared multiple times in a local
2460
alias or include expansion, the delivery status could be
2461
left uninitialized, causing the mail to be deferred and
2462
delivered again. File: local/recipient.c.
2466
Cleanup: the dictionary routines now take an extra flag
2467
argument to control such things as warning about duplicates,
2468
and appending null bytes to key/value. The latter was needed
2469
for a clean implementation of NIS master alias maps support.
2471
Feature: POSIX regular expressions by Lamont Jones. See
2472
config/sample-regexp.c. Right now, enabled on *BSD and
2477
Code cleanup: dictionaries now have flags that say whether
2478
lookup keys are fixed strings or whether keys are subjected
2479
to pattern matching. This is needed to avoid passing partial
2480
addresses to regexp-based lookup tables (user, @domain,
2481
user@, domain). Files: util/dict*.c.
2483
Bugfix: fixed memory leaks and core dumps in the regexp
2484
and pcre routines (neither handled an empty pattern file).
2488
Code cleanup: the dictionary I/O routines now do their own
2489
locking depending on dictionary flag settings. This means
2490
that the low-level dict_get() interface can now be used
2491
for safe dictionary lookups. This is needed for 19990328's
2492
partial lookup key support. Files: util/dict*.c. global/maps.c.
2494
Feature: regular expression matches are no longer limited
2495
to user@domain address forms in access/canonical/virtual
2496
maps, but can also be used for domains in transport maps.
2497
This needed the partial lookup key support to avoid passing
2498
partial addresses to regexp-based lookup tables (user,
2499
@domain, user@, domain). Files: global/maps.c
2500
global/mail_addr_find.c.
2502
Feature: new dictionary types can be registered with
2503
dict_open_register(). File: util/dict_open.c.
2507
Bug fix: match_list membership dictionary lookups were case
2508
sensitive when they should not. Patch by Lutz Jaenicke,
2509
BTU Cottbus, Germany.
2513
Feature: $domain macro support in forward_path. Philip A.
2514
Prindeville, Mirapoint, Inc., USA. File: local/dotforward.c.
2516
Feature: if an address extension (+foo) is explicitly
2517
matched by the .forward+foo file name, do not propagate
2518
the extension to recipient addresses. This is more consistent
2519
with the way aliases are expanded. File: local/dotforward.c.
2523
Bugfix: after receiving mail, the SMTP server didn't reset
2524
the cleanup error flag, so that multiple deliveries over
2525
the same SMTP session could fail due to errors with previous
2526
deliveries. Found by Lamont Jones, Hewlett-Packard.
2530
Feature: MIME-encapsulated bounces. Philip A. Prindeville,
2531
Mirapoint, Inc., USA. File: bounce/bounce_notify_service.c
2533
Cleanup: vstreams now properly look at the EOF flag before
2534
attempting to read, eliminating the need for typing Ctrl-D
2535
twice to test programs; the EOF flag is reset after each
2536
unget or seek operation. Files: util/vstream.c, util/vbuf.c.
2538
Feature: in preparation for configurable message headers
2539
the mac_parse() routine now balances the parentheses in
2540
${name} or $(name). We need this in order to support
2541
conditional expressions such as ${name?text} where `text'
2542
contains other ${name} expressions.
2546
Cleanup: changed MIME header information to make bounces
2547
more RFC 1892 compliant.
2551
Feature: "best_mx_transport = local" delivers mail locally
2552
if the local machine is the best mail exchanger (by default,
2553
mail is bounced with a "mail loops back to myself" error).
2555
Config: in order to make feature tracking easier the source
2556
code distribution now has a copy of the default settings
2557
in conf/main.cf.default.
2559
Feature: separate configurable postmaster addresses for
2560
single bounces (bounce_notice_recipient), double bounces
2561
(2bounce_notice_recipient), delayed mail (delay_notice_recipient),
2562
and for other mailer errors (error_notice_recipient). The
2563
default for all is "postmaster".
2567
Workaround: on Solaris 2.x, the master appears to lose its
2568
exclusive lock on the master.pid file, so keep grabbing
2569
the lock each time the master wakes up from select().
2571
Robustness: don't flush VSTREAM buffers after I/O error.
2572
This prevents surprises when calling vstream_fclose() after
2573
truncating a mailbox to its original size.
2575
Portability: on LINUX systems, if <db_185.h> exists, don't
2578
Workaround: specify "sun_mailtool_compatibility = yes" to
2579
avoid clashes with the mailtool application. This disables
2580
kernel locks on mailbox files. Use only where needed.
2582
Portability: renamed readline to readlline, to avoid clashes
2587
Bugfix: ignore temp queue files that aren't old enough.
2588
Problem reported by Vivek Khera, Khera Communications, Inc.
2590
Bugfix: fixed typo in dict_db.c that caused processes to
2591
not release DB shared locks.
2593
Feature: auto-detection of changes to DB or DBM lookup
2594
tables. This avoids the need to run "postfix reload" after
2595
change to the smtp access table and other tables.
2597
Feature: regular expression checks for message headers.
2598
This requires support for POSIX or for PCRE regular
2599
expressions. Specify "header_checks = regexp:/file/name"
2600
or "header_checks = pcre:/file/name", and specify
2601
"/^header-name: badstuff/ REJECT" in the pattern file
2602
(patterns are case-insensitive by default). Code by Lamont
2603
Jones, Hewlett-Packard. It is to be expected that full
2604
content filtering will be delegated to an external command.
2608
Bugfix: auto-detection of changes to DB or DBM lookup tables
2609
wasn't done for TCP connections.
2613
Feature: $recipient expansion in forward_path. Philip A.
2614
Prindeville, Mirapoint, Inc., USA. File: local/dotforward.c
2616
Feature: the smtp client consistently treats a numerical
2617
hostname as an address. File: smtp/smtp_addr.c.
2621
Compatibility: support comment lines starting with # in
2622
$mydestination include files. This makes Postfix more
2623
compatible with sendmail.cw files. File: util/match_list.c.
2625
Feature: if your machines have short host names, specify
2626
"mydomain = domain.name", and you no longer have to specify
2627
"myhostname = host.domain.name". Files: global/mail_params.c,
2628
postconf/postconf.c.
2632
Cleanup: bounce mail when a mailbox goes over file quota,
2633
instead of deferring delivery. File: local/mailbox.c.
2637
Feature: auto-detection of changes to DB or DBM lookup
2638
tables now includes the case where a file is unlinked.
2639
Philip A. Prindeville, Mirapoint, Inc., USA. File:
2644
Robustness: Lotus mail sends MAIL FROM: <@> instead of <>.
2645
Problem reported by Erik Toubro Nielsen, IFAD, Denmark.
2646
Files: trivial-rewrite/rewrite.c (@ becomes empty address)
2647
and global/rewrite_clnt.c (allow empty response).
2649
Bugfix: showq could segfault when writing to a broken pipe.
2650
Problem reported by Bryan Fullerton, Canadian Broadcasting
2651
Corporation. Files: util/vbuf_print.c.
2653
Cleanup: got rid of the "fatal: write error: Broken pipe"
2654
message when mailq output is piped into a program that
2657
Cleanup: bounce messages are multipart/mixed with the error
2658
report as part of the first message segment, because users
2659
had trouble extracting the delivery error report from the
2664
Cleanup: the default junk mail reject code is now 554
2665
(service unavailable) rather than 550 (user unknown).
2667
Folded in the updated dict_ldap.c module by John Hensley,
2670
Folded in the vstream_popen.c updates by Philip A.
2671
Prindeville, Mirapoint, Inc., USA. This copies a lot of
2672
code from pipe_command(); the next step is to trim that
2677
Workaround: renamed config.h to mail_conf.h etc. in order
2678
to avoid name collisions with LINUX (yes, they have a system
2679
include file called config.h). For compatibility with people
2680
who have written software for Postfix, there's a config.h
2681
that aliases the old names to the new ones. That file will
2686
Feature: error mailer, in order to easily bounce mail for
2687
specific destinations. In the transport table, specify:
2688
"host.domain error:host.domain is unavailable". Too bad
2689
that the transport table triggers on destination domain
2690
only; it would be nice to bounce specific users as well.
2694
Cleanup: "disable_dns_lookups = yes" now should disable
2695
all DNS lookups by the SMTP client.
2699
Bugfix: with DBM files, Postfix was watching the "dir" file
2700
modification time for changes. It should be watching the
2705
Cleanup: all callbacks in the master to server API now pass
2706
on the service name and the application-specific argument
2707
vector. Files: master/*server.c.
2711
Feature: conditional macro expansion. ${name?text} expands
2712
to text when name is defined, otherwise the result is empty.
2713
${name:text} expands to text when name is undefined,
2714
otherwise the result is empty. File: util/mac_expand.c.
2716
Feature: conditional macro expansion of the forward_path
2717
configuration parameters of $user, $home, $shell, $recipient,
2718
$extension, $domain, $mailbox and $recipient_delimiter.
2719
Files: local/dotforward.c, local/local_expand.c.
2723
Cleanup: eliminated misleading warnings about unknown HELO
2724
etc. SMTPD restrictions when the HELO etc. information is
2725
not available. File: smtpd/smtpd_check.c.
2729
Feature: all smtpd reject messages now contain the MAIL
2730
FROM and RCPT TO addresses, if available.
2734
Feature: conditional macro expansion of the luser_relay
2735
configuration parameter. It is no longer possible to specify
2736
/file/name or "|command" destinations. File: local/unknown.c.
2738
Cleanup: changed the mac_parse interface so that the
2739
application callback routine can return status information.
2740
Updated the dict_regexp and dict_pcre modules accordingly.
2742
Cleanup: changed the mac_expand interface so that the caller
2743
provides an attribute lookup routine, instead of having to
2744
provide a copy of all attributes upfront. Files:
2745
util/mac_expand.c, local/local_expand.c.
2747
Feature: control over how address extensions are propagated
2748
to other addresses. By default, propagation of unmatched
2749
address extensions is now restricted to canonical and
2750
virtual mappings. Specify "propagate_unmatched_extensions
2751
= canonical, virtual, alias, forward, include" to restore
2756
Feature: USER, EXTENSION, DOMAIN, RECIPIENT (entire address)
2757
and MAILBOX (address localpart) environment variables are
2758
exported to shell commands (including mailbox_command).
2760
Feature: new command_expansion_filter parameter to control
2761
what characters may appear in message attributes that are
2762
exported via environment variables.
2764
Cleanup: SMTPD reject messages are more informative, and
2765
more complete sender/recipient information is logged for
2770
Bugfix: missing MIME header in postmaster bounce notices.
2771
Found by Samuel Tardieu, Ecole Nationale Superieure des
2772
Telecommunications, France.
2774
Feature: UCE restrictions are always delayed until RCPT
2775
TO, VRFY or ETRN. To change back to the default specify
2776
"smtpd_delay_reject = no" in /etc/postfix/main.cf.
2778
Bugfix: missing duplicate filter call. This caused too many
2779
deliveries when a user is listed multiple times in an alias.
2780
Reported by Hideyuki Suzuki, School of Engineering, University
2781
of Tokyo. Backed out on 19990512 because it caused problems.
2782
Fixed 19990513 but needs further study.
2784
Feature: it is now possible to move queue files back into
2785
the maildrop queue, so that they can benefit from changes
2786
in canonical and virtual mappings. In order to make this
2787
possible, some restrictions on queue file contents were
2788
relaxed. Files: pickup/pickup.c, cleanup/cleanup_extracted.c.
2790
Feature: made a start with integrating Joerg Henne's
2791
dictionary extensions to remove entries and to iterate over
2792
entries. That code is almost four months old by now.
2796
Feature: added a "undeliverable postmaster notification
2797
discarded" warning when mail is dropped on the floor.
2798
Requested by Michael Hasenstein, SuSE, Germany.
2802
Bugfix: reject_non_fqdn_sender/recipient would pass
2803
user@[ip_address] regardless of destination. Eric Cholet
2804
had the honor of suffering from this one.
2808
More SMTP client logging for easier debugging: the smtp
2809
client now logs hostname[ip.addr], and logs every failed
2810
attempt to reach an MX host, not just the last one.
2814
Bugfix: emit a blank line before a MIME boundary; the line
2815
is part of the boundary. File: bounce/bounce_notify_service.c.
2816
Wolfgang Segmuller, IBM Research.
2820
Bugfix: the "is this the loopback interface" test was
2821
broken. Reported by Claus Fischer @microworld.com. File:
2822
smtp/smtp_connect.c.
2824
Usability: added helpful warnings about restrictions that
2825
are being ignored after check_relay_domains, etc.
2827
Portability: Reliant Unix support by Gert-Jan Looy, Siemens,
2832
Robustness: the postfix-script start-up procedure now
2833
detects a missing master program, avoiding misleading
2834
warnings that the mail system is already running. Fix
2835
suggested by David E. Smith @technopagan.org.
2837
Portability: Mac OS X Server Port by Mark Miller @swoon.net.
2839
Feature: on systems that use dotlock files for mailbox
2840
locking, the local delivery agent now will attempt to use
2841
dotlock files when delivering to user-specified files.
2842
Dotlock files for user-specified destinations are created
2843
with the privileges of the user. For backwards compatibility,
2844
Postfix will attempt to create dotlocks for user-specified
2845
destinations only when the user has parent directory write
2848
Feature: specify "expand_owner_alias = yes" in order to
2849
use the right-hand side of an owner- alias, instead of
2850
using the left-hand side address. Needed by Juergen Georgi.
2854
Bugfix: the local delivery agent did not set user attributes
2855
when delivering to root, so that forward_path did not expand
2856
properly. Found by Jozsef Kadlecsik, KFKI Research Institute
2857
for Particle and Nuclear Physics, Hungary. File:
2860
Bugfix: the unix:passwd.byname mechanism is not suitable
2861
for smtpd access control - the user name would have to end
2862
in @, or the access control software would have to be
2863
changed. Removed the example from the RELEASE_NOTES file.
2867
Bugfix: the smtp server did not reset the error flag after
2868
".". Found by James Ponder, Oaktree Internet Solutions Ltd.
2869
File: smtpd/smtpd.c.
2871
Bugfix: fencepost error in the doze() routine (an usleep()
2872
replacement for systems without one). Found by Simon J
2873
Mudd. File: util/doze.c.
2877
Portability: support for AIX 3.2.5 (!) by Florian Lohoff
2880
Portability: Ultrix 4.3 support by Christian von Roques
2883
Feature: mysql support by Scott Cotton and Joshua Marcus,
2884
Internet Consultants Group, Inc. Files: util/dict_myqsl.*.
2888
Bugfix: Postfix is now distributed under the new IBM Public
2889
License (version 1, dated June 14, 1999).
2891
Feature: the Delivered-To: header can be turned off for
2892
delivery to command or file/mailbox. The default setting
2893
is: "prepend_delivered_header = command, file, forward".
2894
Turning off the Delivered-To: header when forwarding mail
2899
Feature: the postlock command now returns EX_TEMPFAIL when
2900
the destination file is locked by another process.
2904
Workaround: in the SMTP client, move the "mail loops back
2905
to myself test" from the 220 greeting to the HELO response.
2906
This change does not weaken the test, and makes Postfix
2907
more robust against broken software that greets with the
2912
Workaround: in the INSTALL file, use `&&' instead of `;'
2913
in (cd path; tar ...) pipelines because some UNIX re-invented
2914
shells don't bail out when cd fails. Matthias Andree
2915
@stud.uni-dortmund.de.
2919
Bugfix: $user was not set when delivering to a non-user.
2920
Found by Vladimir Ulogov @ rohan.control.att.com when
2921
configuring a luser_relay that contained $user.
2925
Robustness: add PATH statement to Solaris2 chroot setup
2926
script to avoid running the ucb commands. Problem found by
2927
Panagiotis Astithas @ ece.ntua.gr.
2931
Bugfix: don't claim a "mail loops to myself" error when
2932
the best MX host was not found in the DNS. Found by Andrew
2933
McNamara, connect.com.au Pty Ltd. File: smtp/smtp_addr.c.
2937
Feature: added "-c config_dir" support to the postconf
2938
command. This probably means that "-f file" will never be
2943
Bugfix: showq didn't print properly when listing a maildrop
2944
file. Fix by: Andrew McNamara, connect.com.au Pty Ltd.
2945
File: showq/showq.c.
2947
Feature: added SENDER to the list of parameters exported
2948
to external commands. File: local/command.c. Code by: Lars
2949
Hecking, National Microelectronics Research Centre, Ireland.
2953
Bugfix: sendmail -t (extract recipients from headers) did
2954
not work when the always_bcc feature was turned on. Reported
2955
by: Denis Shaposhnikov @ neva.vlink.ru.
2958
Bugfix: "sendmail -bd" returns a bogus exit status (the
2959
child process ID). Fix by Lamont Jones of Hewlett-Packard.
2960
File: sendmail/sendmail.c.
2964
Bugfix: null pointer dereference while rejecting VRFY before
2965
MAIL FROM. Found by Laurent Wacrenier @ fr.clara.net.
2969
Portability: more MacOS X Server patches; some NEXTSTEP/OPENSTEP
2970
code that had been removed for the first public beta release;
2971
NEXTSTEP/OPENSTEP now defaults to netinfo for the aliases
2972
database. Submitted by Gerben Wierda.
2974
Portability: workaround for a FreeBSD 3.x active network
2975
interface without IP address by Pierre Beyssac @ enst.fr.
2976
File: inet_addr_local.c.
2980
Workaround: sendmail now prints a warning when installed
2981
set-uid or when run by a set-uid command. Reportedly, the
2982
linuxconf software turns on the set-uid bit, which could
2983
open up a security loophole. File: sendmail/sendmail.c.
2985
Bugfix: Postfix daemons now temporarily lock DB/DBM files
2986
while opening them, in order to avoid "invalid argument"
2987
errors because some other process is changing the file.
2988
Files: util/dict_db.c, util/dict_dbm.c.
2990
Robustness: Postfix locks queue files during delivery, to
2991
prevent duplicate delivery when "postfix reload" is
2992
immediately followed by "sendmail -q". This involves a
2993
change of the deliver_request interface: delivery agents
2994
no longer need to open and close queue files explicitly.
2995
Files: global/deliver_request.c, pipe/pipe.c, smtp/smtp.c,
2996
local/local.c, qmgr/qmgr_active.c, qmgr/qmgr_message.c.
2998
Feature: reject_unauth_destination SMTP recipient restriction
2999
that rejects destinations not in $relay_domains. By Lamont
3000
Jones of Hewlett-Packard. File: smtpd/smtpd_check.c.
3002
Security: do not allow weird characters in the expansion
3003
of $names that appear in $forward_path. Just like with
3004
shell commands, replace bad characters in expansions by
3005
underscores. Configuration parameter: forward_expansion_filter.
3009
Documentation: added a sample postfix alias to the examples
3010
in the INSTALL document and in the conf/aliases file.
3011
Reminded by Simon J. Mudd @ alltrading.com.
3015
Bugfix: in case of some error conditions the pickup daemon
3016
could leak small amounts of memory.
3020
Bugfix: no more "skipping further client input" warnings
3021
when a message header is rejected.
3023
Feature: reject_unauth_pipelining SMTP restriction that
3024
rejects mail from clients that improperly use SMTP command
3027
Robustness: the LDAP client by default no longer looks up
3028
names containing "*". See the lookup_wildcards feature in
3029
LDAP_README. Update by John Hensley.
3031
Documentation: address masquerading with exceptions FAQ by
3032
Jim Seymour @ jimsun.LinxNet.com.
3034
Bugfix: mysql reconnect after disconnect by Scott Cotton
3035
Internet Consultants Group, Inc. File: util/dict_myqsl.c.
3037
Portability: the Postfix to PCRE interface now expects
3038
version 2.08. Postfix is no longer compatible with PCRE
3039
versions before 2.6.
3043
Feature: INSTALL.sh script that makes Postfix installation
3044
a bit less painful. This script can be used for installing
3045
and for upgrading Postfix. It replaces files instead of
3046
overwriting them, and leaves existing configuration and
3051
Bugfix: reject_non_fqdn_sender used the wrong test to see
3052
if a sender address was given and could dump core. This
3053
must have been broken ever since the UCE tests were moved
3054
to the RCPT TO stage in 19990510.
3056
Bugfix: check_sender_access was recognized as a valid
3057
restriction name only if a sender had been specified.
3061
Portability: Unixware has <sysexits.h> only after sendmail
3062
is installed. Changed postlock.c to use global/sys_exits.h.
3066
Performance: added one-entry cache to the address rewriting
3067
client and to the address resolving client. This is because
3068
UCE restrictions tend to produce the same query repeatedly.
3069
Files: global/rewrite_clnt.c, global/resolve_clnt.c.
3071
Feature: the UCE restrictions are now fully recursive so
3072
you can have per-client/helo/sender/recipient restrictions.
3073
Instead of OK, REJECT or [45]xx, you can specify a sequence
3074
of restrictions on the right-hand side of an SMTPD access
3075
table. This means you can no longer use canonical/virtual/alias
3076
maps as SMTPD access tables. But the loss is compensated
3077
for. File: smtpd/smtpd_access.c.
3079
Feature: restriction classes, essentially a short-hand for
3080
restriction lists. These short hands are useful mostly on
3081
the right-hand side of SMTPD access tables. You must use
3082
restriction classes in order to have lookup tables on the
3083
right-hand side of an SMTPD access table. File:
3084
smtpd/smtpd_access.c.
3086
Feature: "permit_recipient_map maptype:mapname" permits a
3087
recipient address when it matches the specified table.
3088
Lookups are done just as with canonical/virtual maps. With
3089
this, you can also use passwd/aliases as SMTPD access maps.
3090
File: smtpd/smtpd_access.c.
3094
Changed "permit_address_map" into "permit_recipient_map"
3095
and added a test for the case that they specify a lookup
3096
table on the right-hand side of an SMTPD access map. File:
3097
smtpd/smtpd_access.c.
3099
Cleanup: removed spurious sender address checks for <>.
3100
File: smtpd/smtpd_check.c.
3102
Cleanup: the smtp client now consistently logs host[address]
3103
for all connection attempts.
3107
Feature: in an SMTPD access map, an all-numeric right-hand
3108
side now means OK, for better cooperation with out-of-band
3109
authentication mechanisms.
3113
Security: recipient addresses must not start with '-', in
3114
order to protect external commands. The old behavior is
3115
re-instated when main.cf specifies: "allow_min_user =
3116
yes". Credits to Mads Kiilerich @ Kiilerich.com. File:
3117
qmgr/qmgr_message.c.
3119
Bugfix: after 19990831, the queue manager would throw away
3120
defer logs after deferring mail to known-to-be-dead hosts
3121
or message transports. This means that in some cases, mailq
3122
would not show why mail is delayed, and that delayed mail
3123
could be sent back with recipients missing from the error
3124
report. Reported by Giulio Orsero @ tiscalinet.it.
3128
Bugfix: the above bugfix broke bounces of mail with bad
3129
address syntax and relocated users. Problem diagnosed by
3130
Dick Porter @ acm.org.
3132
Documentation: added DO NOT EDIT THIS FILE. EDIT MAIN.CF
3133
INSTEAD notices to the sample-xxx.cf files.
3137
Compatibility: ignore the sendmail -U (initial user
3138
submission) option. Thomas Quinot @ cuivre.fr.eu.org.
3142
Code cleanup: don't send postmaster notifications when an
3143
SMTP client sends a DATA command while no recipients were
3144
accepted. This can happen when a pipelined client runs
3145
into an UCE block. File: smtpd/smtpd.c.
3149
Robustness: do not apply UCE header checks to mail that is
3150
generated by Postfix (bounces, forwarded mail etc.). Files:
3151
smtpd/smtpd.c, pickup/pickup.c, cleanup/cleanup_message.c.
3153
Robustness: new generic watchdog module that can deal with
3154
clocks that jump occasionally. Files: util/watchdog.c,
3155
master/master.c, master/{single,multi,trigger}_server.c.
3156
This hopefully ends the false watchdog alarms that happen
3157
when clocks are set or when laptops are resumed.
3159
Code cleanup: BSMTP requires dot quoting as per RFC 821.
3160
Based on code by Florian Lohoff @ rfc822.org. Files:
3161
global/mail_copy.[hc], pipe/pipe.c.
3165
Bugfix: the crufty code in inet_addr_local() did not find
3166
IP aliases. File: util/inet_addr_local.c.
3168
Portability: the INSTALL.sh utility did not find users or
3169
groups in NIS or Netinfo tables. The script no longer
3170
searches the /etc/passwd and /etc/group files. Instead it
3171
now queries the unix:passwd.byname and unix:group.byname
3172
maps. For this, a -q (query) option was added to postmap
3173
(and to postalias, for symmetry). Files: util/dict_unix.c,
3174
postalias/postalias.c, postmap/postmap.c, INSTALL.sh.
3176
Bugfix: LDAP lookup timeout settings were ignored. Patch
3177
by John Hensley. File: util/dict_ldap.c.
3181
Bugfix: when doing a fresh install, INSTALL.sh didn't set
3182
main.cf:mail_owner properly (Simon J. Mudd).
3186
Bugfix: when doing a fresh install, INSTALL.sh no longer
3187
worked (missing main.cf file). Fix: add "-c" argument to
3188
the postmap commands (Lars Hecking @ nmrc.ucc.ie).
3190
Documentation: removed spurious "do not edit" comments from
3191
the sample pcre and regexp configuration files.
3195
Code cleanup: greatly simplified the SMTPD command parser
3196
and somewhat simplified the code that groks RFC 822-style
3197
address syntax in MAIL FROM and RCPT TO commands.
3199
New parameter: strict_rfc821_envelopes (default: no) to
3200
reject RFC 822 address forms (with comments etc.) in SMTP
3201
envelopes. By default, the Postfix SMTP server only logs
3206
Oops, also updated the SMTP VRFY code in the light of
3207
changes to the SMTPD command parser.
3209
Cleanup: the local delivery agent now explicitly rejects
3210
recipients with an empty username.
3214
Workaround: with some gawk versions, postconf/extract.awk
3215
reportedly returns a non-zero exit status upon success.
3216
Added an explicit exit(0) statement.
3220
Feature: DNS TXT record lookup support, based on initial
3221
code by Simon J Mudd. File: dns/dns_lookup.c.
3223
Feature: RBL TXT record lookups, based on initial code by
3224
Simon J Mudd. File: smtpd/smtpd_check.c.
3226
Feature: permit_auth_destination restriction based on code
3227
by Jesper Skriver @ skriver.dk.
3229
Code cleanup: the transport table now can override all
3230
deliveries, including local ones.
3234
Code cleanup: a new "local_transports" configuration
3235
parameter explicitly lists all transports that deliver mail
3236
locally. The first name listed there is the default local
3237
transport. This is the end of the "empty next-hop hostname"
3238
hack to indicate that a destination is local. Files:
3239
trivial-rewrite/resolve.c, global/local_transport.[hc]
3241
Feature: "postconf -m" shows what lookup table types are
3242
available. Code by Scott Cotton, Internet Consultants
3245
Feature: "postconf -e" edits any number of main.cf parameters.
3246
The edit is done on a copy, and the copy is renamed into
3247
the place of the original. File: postconf/postconf.c,
3248
util/readlline.[hc].
3252
Portability: SunOS 4 has no SA_RESTART. File: util/watchdog.c.
3254
Feature: on systems with h_errno, the "reject_unknown_client"
3255
restriction now distinguishes between soft errors (always
3256
reply with 450) and hard errors (use the user-specified
3257
reply code). This should lessen the load by broken mailers
3258
that re-connect once a minute.
3260
Feature: forward/reverse name/address check for SMTP client
3261
hostnames. This fends off some hypothetical attacks by
3262
spammers who are in control of their own reverse mapping.
3264
Robustness: postconf no longer aborts when it can't figure
3265
out the local domain name; it prints a warning instead.
3266
This allows you to use "postconf -e" to fix the problem.
3270
Bugfix: the RFC822 address parser would misparse a leading
3271
\ as an atom all by itself. Problem reported by Keith
3272
Stevenson @ louisville.edu. File: global/tok822_parse.c.
3276
Bugfix: tiny memory leak in pipe_command() when fork()
3277
fails. File: global/pipe_command.c.
3281
Bugfix: reversed test for all-numerical results in SMTPD
3282
access maps. File: smtpd/smtpd_check.c.
3286
Robustness: INSTALL.sh no longer uses postmap for sanity
3289
Feature: INSTALL.sh now has an install_root option.
3291
Bugfix: INSTALL.sh now installs manual pages with proper
3292
permissions and ownership.
3294
Bugfix: the LDAP client did not properly escape special
3295
characters in lookup keys (patch by John Hensley). File:
3300
Bugfix: missing absolute path in INSTALL.sh broke fresh
3305
Bugfix: the local delivery agent's recipient duplicate
3306
filter did not work when configured to use unlimited memory
3307
(which is not a recommended setting). Patrik Rak @raxoft.cz.
3311
Bugfix: postconf didn't have an umask(022) call at the
3312
beginning (problem experienced by Matthias Andree).
3316
Bugfix: DNS TXT records now have string lengths before text
3317
(Mark Martinec @ nsc.ijs.si).
3321
Update: the LDAP client code now supports escapes as per
3322
RFC2254 (John Hensley).
3326
Performance: one message with many recipients no longer
3327
stops other mail from being delivered. The queue manager
3328
now frees in-memory recipients as soon as a message is
3329
delivered to one destination, rather than waiting until
3330
all in-memory destinations of that message have been tried.
3331
Patch by Patrik Rak @ raxoft.cz. Files: qmgr/qmgr_entry.c,
3332
qmgr/qmgr_message.c.
3334
Performance: when delivering mail to a huge list of
3335
recipients, the queue manager now reads more recipients
3336
from the queue file before delivery concurrency drops too
3337
low. Files: qmgr/qmgr_entry.c, qmgr/qmgr_message.c.
3341
Updated LDAP client code by John Hensley with escape
3342
sequences as per RFC 2254. File: util/dict_ldap.c.
3344
Updated MYSQL client code by Scott Cotton. File: dict_mysql.c.
3346
Feature: added -N/-n options to include/exclude terminating
3347
nulls in keys and values in postmap/postalias DB or DBM
3348
files. Normally, Postfix uses whatever is appropriate for
3349
the host system. A non-default setting can be necessary
3350
for inter-operability with third-party software.
3352
Bugfix: the local delivery agent would deliver to the user
3353
instead of the .forward file when the .forward file was
3354
already visited via some non-recursive path. Patch by Patrik
3355
Rak @ raxoft.cz. Files: global/been_here.c, local/dotforward.c.
3357
Robustness: attempt to deliver all addresses in the expansion
3358
of an alias or .forward file, even when some addresses must
3359
be deferred. File: local/token.c.
3363
Performance: qmgr_fudge_factor controls what percentage of
3364
delivery resources Postfix will devote to one message.
3365
With 100%, delivery of one message does not begin before
3366
delivery of the previous message is completed. This is good
3367
for list performance, bad for one-to-one mail. With 10%,
3368
response time for one-to-one mail improves much, but list
3369
performance suffers. In the worst case, people near the
3370
start of a mailing list get a burst of postings today,
3371
while people near the end of the list get that same burst
3372
of postings a whole day later. Files: qmgr/qmgr_message.c,
3375
Bugfix: address rewriting would panic on a lone \ at the
3376
end of a line where an address was expected. Jason Hoos @
3377
thwack.net. File: global/rewrite_clnt.c.
3381
Bugfix: the strict RFC821 envelope address check should
3382
not be applied to VRFY commands. File: smtpd/smtpd.c.
3384
Cleanup: permit_recipient_maps is gone, because that could
3385
only be used inside UCE restrictions.
3389
Feature: allow an empty inet_interfaces parameter, just
3390
like an empty mydestination parameter. It's needed for true
3391
null clients and for firewalls that deliver no local mail.
3393
Feature: "disable_vrfy_command = yes" disables some forms
3394
of address harvesting used by spammers.
3396
Workaround: added the alias map parameter definition to
3397
the smtpd code. This is a symptom of a general problem
3398
with parameters that have non-empty default values: unless
3399
a program explicitly defines such a parameter, the parameter
3400
defaults to the empty string when used in other parameters.
3401
There's also a problem with evaluation order.
3403
Feature: the SMTP server rejects mail for unknown users in
3404
virtual domains that are defined by Postfix virtual domain
3405
files. File: smtpd/smtpd_check.c.
3407
Feature: reject mail for unknown local users at the SMTP
3408
port. The local_recipient_maps configuration parameter
3409
specifies maps with all addresses that are local with
3410
respect to $mydestination or $inet_interfaces. Example:
3411
"local_recipient_maps = $alias_maps unix:passwd.byname".
3412
This feature is disabled by default. You may have to copy
3413
the passwd file into the chroot jail. File: smtpd/smtpd_check.c.
3415
Feature: the sendmail -f option now understands '<user>'
3416
and even understands address forms with RFC 822-style
3421
Cleanup: no more UCE checks for VRFY commands. It still
3422
reports unknown local/virtual users. File: smtpd/smtpd_check.c.
3424
Robustness: upon Postfix startup, report discrepancies
3425
between system files inside and outside the chroot jail.
3426
Files: conf/postfix-script-nosgid, conf/postfix-script-sgid.
3430
Cleanup: INSTALL.sh produces relative symlinks, which is
3431
necessary when install_root is not /.
3435
Documentation: completely reorganized the FAQ and added
3436
many new entries. Rewrote the UCE html documentation.
3438
Cleanup: INSTALL.sh uses a configurable directory for
3439
scratch files, so that it can install from a file system
3440
that is not writable by the super-user.
3442
Cleanup: INSTALL.sh gives helpful hints when the "mv"
3443
command is unable to move symlinks across file system
3448
Cleanup: it is no longer necessary to list $virtual_maps
3449
as part of the relay_domains definition. The SMTP server
3450
now by default accepts mail for destinations that match
3451
$inet_interfaces, $mydestination or $virtual_maps, whether
3452
or not these are specified in relay_domains. We still need
3453
the ugly "virtual.domain whatever" hack in the virtual
3454
maps. Files: smtpd/smtpd_check.c and lots of documentation
3455
and sample config files.
3459
Removed cyrus -q flag (ignore quotas) from the sample
3464
Bugfix: smtpd should not check for unknown users when
3465
running in stand-alone (sendmail -bs) mode. Problem
3466
experienced by Chuck Mead. File: smtpd/smtpd.c.
3468
Retraction: the "local_transports" configuration parameter
3469
is gone. Adjusted code and documentation accordingly.
3470
Instead, use just one "local_transport" parameter with the
3471
name of the default local transport. Files: smtpd/smtpd_check.c,
3472
qmgr/qmgr_message.c, trivial-rewrite/ resolve.c, local/resolve.c.
3474
Feature: Postfix SMTPD now insists that the smtpd recipient
3475
restrictions contain at least one restriction that by
3476
default rejects mail. This should make it much more difficult
3477
to change Postfix into an open relay. File: smtpd/smtpd_check.c.
3479
Retraction: null-length inet_interfaces is too confusing.
3483
Bugfix: the relative symlink code in INSTALL.sh computed
3484
the ../ prefix from the wrong pathname.
3488
Feature: "allow_untrusted_routing = no" (default) prevents
3489
forwarding of source-routed mail from untrusted clients to
3490
destinations that are blessed by the relay_domains parameter
3491
(example: user@domain2@domain1 etc.). This plugs a mail
3492
relay loophole where a backup MX host forwards junk mail
3493
to a primary MX host which forwards the junk to the Internet.
3494
Files: global/quote_822_local.c, smtp/quote_821_local.c,
3495
trivial-rewrite/rewrite.c, trivial-rewrite/resolve.c,
3498
In order to make this possible, the Postfix resolver data
3499
structure and protocol has changed, so that all resolver
3500
clients need to be re-compiled.
3502
Side effect from the above change: from now on, an address
3503
with @ in the recipient localpart no longer bounces with
3504
"user unknown" but instead is rejected with "relay access
3505
denied" or "source-routed relay access denied".
3509
Workaround: the BSD/OS "mkdir -p" and "cmp -s" commands
3510
misbehave on boundary cases: directory exists or file does
3511
not exist. Those who re-invent...
3515
Added the no source routing info requirement to addresses
3516
accepted by the permit_mx_backup UCE restriction.
3520
Added a spawn daemon (not compiled and installed by default)
3521
to enable LMTP delivery over UNIX-domain sockets. The goal
3522
is to simplify the experimental LMTP delivery agent by
3523
ripping out the privileged code that forks the LMTP server.
3527
Clarified documentation after early feedback on the 19991231
3528
release by Drew Derbyshire, Ollivier Robert, Khetan Gajjar.
3530
Sanity check: a common error is to list Postfix virtual
3531
domains in the mydestination parameter. This causes the
3532
new optional local_recipient_maps feature to reject mail
3533
for virtual users. The SMTP server now explicitly tests
3534
for this common error and logs a warning instead of refusing
3535
the mail. File: smtpd/smtpd_check.c.
3539
Bugfix: a case sensitivity bug had slipped through in the
3540
anti-relaying code, causing mail for USER@VIRTUAL.DOMAIN
3541
to be rejected with "relay access denied". This was found
3542
by Jim Maenpaa @ jmm.com.
3544
Questionable feature: set "smtp_skip_5xx_greeting = yes"
3545
to make Postfix more sendmail compatible, even though this
3546
is wrong, IMNSHO. File: smtp/smtp_connect.c.
3548
Portability: Ultrix patch from Simon Burge @ thistledown.com.au.
3550
Portability: Siemens Pyramid (dcosx) patch by Thomas D.
3553
Performance: FreeBSD has bidirectional pipes that are faster
3554
than socketpairs. Anticipating on more platform-specific
3555
optimizations, all duplex pipe plumbing is now isolated in
3556
a duplex_pipe.c module that provides a system-independent
3561
Cleanup: the INSTALL.sh script now updates the sample files
3562
in /etc/postfix even when main.cf exists.
3566
Bugfix: the SMTP server should consult the relocated map
3567
for virtual destinations (Denis Shaposhnikov). Files:
3568
smtpd/smtpd.c smtpd/smtpd_check.c.
3572
Workaround: rename() over NFS can fail with ENOENT even
3573
when the operation succeeds (Graham Orndorff @ WebTV). This
3574
is not news. Any non-idempotent operation can fail over
3575
NFS when the NFS server's acknowledgment is lost and the
3576
NFS client code retries the operation (other examples are:
3577
create, symlink, link, unlink, mkdir, rmdir). Postfix has
3578
workarounds for the cases where this is most likely to
3579
cause trouble. Files: util/sane_{rename,link}.[hc]. If
3580
you want reliable mail system, do not use NFS.
3584
Workaround: better detection of bad hardware. Added SIGBUS
3585
to the list of signals that the master will log before
3590
Portability: preliminary SCO5 port Christopher Wong @
3591
csports.com. This still needs to a workaround for "find"
3592
not supporting "-type s" (actually, UNIX-domain sockets
3593
have no unique representation in the file system and show
3598
Bugfix: in case of a too long message header, don't extract
3599
recipients from message headers. With the previous behavior,
3600
Bcc information could be left in the message body, as one
3601
person found out the hard way. Files: cleanup/cleanup.c,
3602
cleanup/cleanup_extracted.c, global/cleanup_user.h.
3606
Whatever: RFC 1869 amends RFC 821 and specifies that code
3607
555 is to be used when a MAIL FROM or RCPT TO parameter is
3608
not implemented or not recognized. Russ Allbery @stanford.edu.
3609
This reply code is added to the list of reply codes that
3610
cause the Postfix SMTP client to mail a transcript to the
3611
postmaster. File: smtp/smtp_trouble.c.
3615
Emergency feature: qmgr_site_hog_factor (default: 90 percent)
3616
limits the amount of resources that Postfix devotes to a
3617
single destination. With less than 100, Postfix defers the
3618
excess mail so that one site with a large backlog does not
3619
block other deliveries. Files: qmgr/qmgr.c, qmgr/qmgr_message.c.
3623
Cleanup: the queue manager no longer replaces the nexthop
3624
field by the recipient localpart when a destination matches
3625
$mydestination/$inet_interfaces. The price is the introduction
3626
of a new parameter local_destination_recipient_limit which
3627
defaults to 1 in order to maintain backwards compatibility.
3628
Files: qmgr/qmgr.c, qmgr/qmgr_message.c.
3632
Bugfix: extracted recipients were misfiled when a message
3633
was moved back to the maildrop queue. But they still worked
3634
due to a coincidence.
3636
Feature: bounce_recip() bounces a recipient immediately
3637
without accessing a bounce logfile. This is necessary for
3638
VERP bounces, for bounces by delivery agents that change
3639
the sender address, and for bounces that for some reason
3640
must not use temporary logfiles. Files: global/bounce.c,
3641
bounce/bounce_recip_service.c.
3645
Bugfix: the too long header fix of 20000115-22 lost mail
3646
with too long headers that didn't need to extract recipients
3647
from message headers.
3649
Bugfix: the too long header fix of 20000115-22 lost mail
3650
without (blank line + message body).
3652
Code rewrite: reorganized the cleanup daemon source code
3653
so that the cleanup service can be called one record at a
3654
time (see cleanup/cleanup_api.c); also got rid of the global
3655
state variables and fixed a couple bugs that were introduced
3660
Feature: in daemon mode, the MAIL FROM size check can be
3661
postponed until RCPT TO so that Postfix can log sender and
3662
recipient. Simon J Mudd. Files: smtpd/smtpd.c
3664
Robustness: limit the number of recipient addresses that
3665
can be extracted from message headers. Parameter:
3666
extract_recipient_limit (default: 10240). Files:
3667
cleanup/cleanup_message.c, cleanup/cleanup_extracted.c.
3669
Cleanup: the message header reject logging now includes
3670
sender and recipient address (if possible), so that the
3671
logging looks more like the other reject logging. File:
3672
cleanup/cleanup_message.c.
3674
Documentation: added sections on regular expression tables
3675
to the access, canonical, virtual, transport and relocated
3676
man pages, and write new man pages that are specific to
3677
regular expressions: pcre_table.5 and regexp_table.5.
3681
Bugfix: postconf reported some parameters more than once
3682
because the parameter extracting script didn't recognize
3683
lines that differ in whitespace only. File: postconf/extract.awk.
3684
Reported by Kenn Martin.
3688
Logging: the SMTP client now logs log host+port when it is
3689
unable to connect to a non-MX host, just like it logs
3690
host+port when unable to connect to an MX host.
3694
Bugfix: the SMTP server's "User unknown" test didn't notice
3695
LDAP etc. dictionary access errors. The code now reports
3696
a 450 status (try again instead of bounce) if the reply is
3697
not definitive. File: smtp/smtpd_check.c.
3699
Robustness: the smtp-source program could stall when making
3700
hundreds of parallel connections to a Postfix system with
3701
only one SMTP server process. The fix is to use non-blocking
3702
connect() calls, very carefully. File: smtpstone/smtp-source.c.
3706
Feature: with smtp_always_send_ehlo the SMTP client will
3707
send EHLO regardless of the content of the SMTP server's
3708
greeting. File: smtp/smtp_proto.c.
3712
Feature: DICT_FLAG_SYNC_UPDATE flag for synchronous dictionary
3713
updates, if supported by the underlying mechanism. Files:
3714
util/dict.h, util/dict_open.c, util/dict_db.c.
3718
Cleanup: the manual pages in Postfix configuration files
3719
no longer contain troff formatting codes. The text is now
3720
generated from prototype files in a new "proto" subdirectory.
3721
Requested by Matthias Andree @ stud.uni-dortmund.de.
3725
Bugfix: the unused db and dbm "delete" routines would
3726
clobber the per-dictionary flags when called before reading
3727
or writing the table. Files: util/dict_dbm.c, util/dict_db.c.
3728
Lutz Jaenicke @ aet.TU-Cottbus.DE.
3730
Bugfix: the SMTP server would produce a cryptic message
3731
when a queue file write error happened before it had written
3732
any recipients. Keith Stevenson. File: smtpd/smtpd.c.
3734
Robustness: the db and dbm "delete" routines didn't adjust
3735
to dictionaries with/without one trailing null in lookup
3736
keys and values. Did a complete rewrite of the routines.
3737
Files: util/dict_db.c, util/dict_dbm.c.
3739
Feature: specify "-d key" to postalias or postmap in order
3740
to remove one key. This still needs to be generalized to
3741
multi-key removal (read stdin?). Files: postmap/postmap.c,
3742
postalias/postalias.c.
3744
Test: added test targets for the dictionary delete operations.
3745
Files: util/Makefile.in, util/dict_test.{c,in,ref}.
3747
Feature: added data offset and recipient count fields to
3748
the first queue file record output from the cleanup daemon.
3749
The recipient counts provides an initial estimate for a
3750
more advanced queue manager scheduling algorithm. Files:
3751
cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c.
3755
Portability: HP-UX awk can't handle bare { in regexps
3756
(Lamont Jones. HP). File: postconf/extract.awk.
3758
Compatibility: sendmail now recognizes '.' as end of input.
3759
File: sendmail/sendmail.c.
3763
Compatibility: dtcm (CDE desktop calendar manager) leaks
3764
a file descriptor into its child process, and requires that
3765
sendmail closes the descriptor, otherwise mail notification
3766
will hang. These GUI programmers never figured out that
3767
the child process must close the writing end of a pipe.
3768
File: sendmail/sendmail.c.
3772
Feature: SASL authentication in the SMTP server and client.
3773
Based on code contributed by Till Franke, SuSE. Specify:
3774
"smtpd_sasl_auth_enable = yes" and "smtp_sasl_auth_enable
3775
= yes". The "permit_sasl_authenticated" UCE restriction
3776
gives special treatment to authenticated clients.
3780
Workaround: added -blibpath option for AIX 4.x, to close
3781
hole in case postdrop needs to be set-gid.
3785
Portability: FreeBSD 5.x added to the list of supported
3786
systems (Mark Huizer).
3790
Portability: INSTALL.sh looks if sendmail is in /usr/lib
3791
rather than in /usr/sbin.
3795
Bugfix: settings in one mysql configuration file would act
3796
as the implicit defaults for the next one, which could be
3797
confusing. Patch by Scott Cotton. File: util/dict_mysql.c.
3799
Robustness: limit the number of "junk" commands that can
3800
be issued in an SMTP session (ex.: NOOP, VRFY, ETRN, RSET).
3801
Problem report by Michael Ju. Tokarev @ tls.msk.ru. Files:
3802
global/mail_params.h, smtpd/smtpd.c.
3806
Portability: more MacOS X patches by Gerben Wierda.
3808
Bugfix: RFC 822 requires the presence of at least one
3809
destination message header. The cleanup daemon now generates
3810
a generic "To: undisclosed-recipients:;" message header
3811
when no destination header is present. The header content
3812
is specified with the undisclosed_recipients_header parameter.
3813
Problem pointed out by Geoff Gibbs, UK-Human Genome Mapping
3814
Project-Resource Centre.
3818
Workaround: allow <(comment)> as SMTP MAIL FROM address.
3822
The SASL authentication in the SMTP server and client works,
3823
but only on Linux and Solaris, neither of which I wish to
3828
Added LMTP support to the smtp-source and smtp-sink utilities
3829
so that I don't have to install Cyrus IMAP just to test
3834
Bugfix: removed the () from the tokenized representation
3835
of RFC 822 comments, so that comments with \( or \) can be
3836
unparsed correctly. Problem reported by Bodo Moeller.
3840
Bugfix: mail_copy() could prepend > or . in the middle of
3841
long lines. Found by code inspection.
3845
New code: unescape module that translates C escape sequences
3846
into their equivalent character values. File: util/unescape.c.
3848
Feature: the pipe mailer now has a way to specify the output
3849
record delimiter (for example, eol=\r\n). This is necessary
3850
for transports that require CRLF instead of UNIX-style LF.
3854
In order to support timeouts more conveniently, VSTREAMs
3855
now have built into them the concept of timeout. Instead
3856
of calling read() and write(), the low-level VSTREAM
3857
interface now by default uses timed_read() and timed_write()
3858
which receive a timeout parameter; vstream_ctl(stream,
3859
VSTREAM_CTL_TIMEOUT...) sets the timeout deadline on a
3860
stream, and vstream_ftimeout(stream) queries a stream for
3861
timeout errors. This change simplified timeout handling
3862
considerably. Files: util/vbuf.h, util/vstream.[hc],
3863
global/smtp_stream.c, global/timed_ipc.c.
3867
Added application context to VSTREAMs, which is passed on
3868
transparently to application-provided read/write routines.
3869
vstream_ctl(stream, VSTREAM_CTL_CONTEXT...) sets the context.
3870
Files: util/vstream.[hc].
3872
Added vstream_setjmp() and vstream_longjmp() support to
3873
make exception handling more convenient. Turn on exception
3874
handling with vstream_ctl(stream, VSTREAM_CTL_EXCEPT...).
3875
Files: util/vstream.[hc].
3877
Cleaned up the smtp_stream module further and got rid of
3878
the global state that limited the use of this module to
3879
one stream per process. Files: global/smtp_stream.[hc].
3883
Bugfix: the SMTP server now flushes unwritten output before
3884
tarpit delays, to avoid protocol timeouts in pipelined
3885
sessions when a client causes lots of errors. Found by
3886
Lamont Jones, HP. File: smtpd/smtpd_chat.c.
3888
Finished the LMTP client, which is based on a modified
3889
version of the SMTP client by Philippe Prindeville, Mirapoint,
3890
Inc., later modified by Amos Gouaux, UTDallas, and then
3891
Wietse ripped it all up again. Currently this talks LMTP
3894
Feature: override main.cf parameters in master.cf. Specify
3895
"-o parameter=value" after the program name. This allows
3896
you to selectively override myhostname etc. See also the
3897
new smtp_bind_address parameter below.
3901
Convenience: the LMTP and SMTP clients now append the local
3902
domain to unqualified nexthop destinations. This makes it
3903
more convenient to set up transport maps. Files:
3904
lmtp/lmtp_addr.c, smtp/smtp_addr.c.
3906
Sendmail compatibility: the Postfix SMTP client now skips
3907
servers that greet the client with a 4xx or 5xx status
3908
code. To disable, set both smtp_skip_4xx_greeting and
3909
smtp_skip_5xx_greeting to "no".
3913
Portability: NetBSD has migrated to /etc/mail/aliases. We
3914
can expect to see this happen more often when systems start
3915
shipping Sendmail 8.10. File: util/sys_defs.h
3917
Updated LDAP code by John Hensley, with support for
3918
dereferencing of LDAP aliases, which have nothing to do
3919
with Postfix aliases.
3921
Feature: "smtp_bind_address=x.x.x.x" specifies the source
3922
IP address for SMTP client connections. Specify in master.cf
3923
as "smtp -o smtp_bind_address=x.x.x.x" in order to give
3924
different delivery agents different source addresses.
3928
Cleanup: mailbox_transport did not work with the lmtp
3929
delivery agent. This dates back to when Postfix used empty
3930
nexthop information to indicate that a destination was
3931
local. File: global/deliver_pass.c.
3933
Bugfix: configuration parameters for one mysql dictionary
3934
would become default settings for the next one. File:
3935
dict_mysql.c. This patch was merged into Postfix a while
3936
back but apparently that Postfix version was nuked when
3937
other parts were redesigned. Update by Scott Cotton.
3939
Bugfix: some Postfix delivery agents would abort on addresses
3940
of the form `stuff@.' which could be generated only locally.
3941
Found by Patrik Rak. File: trivial-rewrite/resolve.c.
3943
Third-party Berkeley DB support for HP-UX by Lamont Jones.
3948
Bugfix: Postfix would incorrectly reject domain names with
3949
adjacent - characters. File: util/valid_hostname.c.
3951
Bugfix: the 20000505 pipeline tarpit delay flush was wrong
3952
and caused the client and server to get out of phase. Yuck!
3956
Feature: VSTREAMs now have the concept of last fill/flush
3957
time, which is needed to prevent timeouts with pipelined
3958
SMTP sessions as detailed in the next item.
3960
Bugfix: delayed SMTP command/reply flushing to prevent
3961
sender delays from accumulating too much and causing timeouts
3962
with pipelined sessions. For example, client-side delays
3963
happen when a client does DNS lookups to replace hostname
3964
aliases in MAIL FROM or RCPT TO commands; server-side delays
3965
happen when an UCE restriction involves a time-consuming
3966
DNS lookup, or when a server generates tarpit delays.
3967
Files: lmtp/lmtp_proto.c, smtp/smtp_proto.c, smtpd/smtpd_chat.c.
3969
Portability: define ANAL_CAST for compilation environments
3970
that reject explicit casts between pointers and integral
3971
types. File: util/sys_defs.h, master/*server.c. Upon closer
3972
investigation, this turned out to be the result of someone's
3973
compiler configuration preferences. Therefore the change
3974
is likely to go away after a code cleanup.
3978
Feature: mysql client support for multi-valued queries
3979
(select email, email2 from aliastbl where username='$local')
3980
By Loic Le Loarer @ m4x.org. File: util/dict_mysql.c.
3982
Finalized the delayed SMTP command/reply flushing code in
3983
the SMTP and LMTP clients after lots of testing and review.
3987
Robustness: upon receipt of mail, map the mailer-daemon
3988
sender address back into the magic null string. File:
3989
cleanup/cleanup_envelope.c.
3993
Bugfix: the code for masquerade_exceptions was case sensitive.
3994
Reported by Eduard Vopicka. File: cleanup/cleanup_masquerade.c.
3998
Feature: experimental queue manager by Patrik Rak with a
3999
fancy pre-emptive scheduling algorithm that improves delivery
4000
performance of mail with few recipients. This queue manager
4001
is made available as "nqmgr".
4005
Feature: the SMTP client SASL password file can contain
4006
entries for destination domain names (the address remote
4007
part) not just mail server hostnames. File: smtp_sasl_glue.c.
4009
Feature: smtpd_sasl_local_domain parameter (default:
4010
$myhostname) to specify the local SASL authentication realm.
4011
File: smtpd_sasl_glue.c.
4013
Feature: specify "body_checks=regexp:/file/name" for a very
4014
crude one line at a time message body content filter. This
4015
feature uses the same filtering syntax as the header_checks
4016
feature. File: cleanup/cleanup_message.c. See also the
4017
conf/sample-filter.cf file.
4021
Feature: full content filtering through external software.
4022
This uses existing interfaces for sending mail to the
4023
external content filter and for injecting it back into
4024
Postfix. Details in FILTER_README. Files: pickup/pickup.c,
4025
smtpd/smtpd.c, qmgr/qmgr_message.c.
4029
More SASL feedback by Liviu Daia, regarding the use of
4030
authentication realms. File smtpd/smtpd_sasl_glue.c.
4032
Added a simple shell-script based content filtering example
4033
to the FILTER_README file.
4035
Content filtering support for nqmgr by Patrik Rak. File:
4036
nqmgr/qmgr_message.c.
4038
Renamed "content inspection" etc. to "content filtering"
4039
in anticipation of a new hook for content inspection that
4040
only inspects mail without re-injecting it into Postfix.
4044
Feature: limit the size of pipe mailer deliveries with the
4045
size=nnn command-line attribute. Patch by Andrew McNamara.
4049
Bugfix: don't try to do SASL authentication when running
4050
in stand-alone (sendmail -bs) mode. Fix by Liviu Daia.
4052
Bug: the unauthorized pipelining test fails with single
4053
recipient mail when smtpd_delay_reject = yes.
4057
Bugfix: conf/sample-ldap.cf was no longer up to date with
4058
reality. Patch by Lamont Jones, HP.
4060
Bugfix: the maildir delivery routine left temporary files
4061
lying around after unsuccessful delivery (problem reported
4062
by Brian Laughton @ Corp.Axxent.Ca).
4066
AIX 4.x had POSIX regular expression support all the time
4067
I was working on Postfix. Better find out late than never.
4071
Bugfix: the SMTP server did not reset the so-called junk
4072
command counter after successful delivery (Mark Hoffman @
4073
wallst.com). File: smtpd/smtpd.c.
4077
Cleanup: remove Content-Length from incoming mail. The
4078
sender has no authority over the format of mail as stored
4079
by the receiving system. File: global/header_opts.h.
4081
Feature: rewrite Mail-Followup-To: as sender. Files:
4082
global/header_opts.[hc].
4084
Cleanup: rewrite Reply-To, Errors-To, Return-Receipt-To as
4085
sender, so that address masquerading works as expected.
4086
Files: global/header_opts.c.
4088
Feature: specify "require_home_directory = yes" to prevent
4089
mail from being delivered to a user whose home directory
4090
is not mounted. File: local/dotforward.c.
4092
Cleanup: the pipe deliver agent no longer appends a blank
4093
line when the F flag (prepend From_ line) is specified.
4094
Specify the B flag if you need that blank line. The local
4095
delivery agent no longer appends a blank line to mail that
4096
is delivered to external command. Files: pipe/pipe.c,
4097
global/mail_copy.[hc].
4101
Portability: support for NEXT/OPENSTEP requires extra
4102
include file in util/watchdog.c (Masaki Murase).
4106
Added macros to turn on vstream/vstring/etc. format string
4107
checking by gcc, in addition to the checking that was
4108
already implemented with printfck. File: util/sys_defs.h,
4109
the macros for PRINTFLIKE and SCANFLIKE. Problem - unlike
4110
the printfck tool, gcc finds format argument type mismatches
4111
only in code that isn't #ifdef-ed out.
4115
Robustness: make_dirs() now continues when a missing
4116
directory is created by another process.
4120
Feature: the queue manager now logs the number of recipients
4121
when opening a queue file (a zero recipient count is logged
4122
with older queue files). File: global/opened.c.
4126
Robustness: added watchdog_pat() routine to keep the watchdog
4127
quiet if a client stays connected for a lot of time. Files:
4128
util/watchdog.[hc], smtpd/smtpd.c.
4132
Robustness: if relayhost is specified but the host does
4133
not exist, defer mail instead of bouncing it (which would
4134
lose the mail if the bounce would have to be delivered to
4135
that same non-existent relayhost). Problem reported by
4136
Chris Cooper @ maths.ox.ac.uk. File: smtp/smtp_connect.c.
4140
Feature: added -r (replace key+value) option to postalias
4143
Cleanup: smtpd now replies with 555 when the client sends
4144
unrecognized RCPT TO parameters, as required by RFC 1869
4145
(problem report by Robert Norris @ its.monash.edu.au).
4146
File: smtpd/smtpd.c.
4150
Logging: the SMTP server's SASL code logs the authentication
4151
method along with an authentication failure. Suggested by
4152
Ronald F. Guilmette @ monkeys.com.
4154
Workaround: some systems have file size resource limits
4155
that cannot be represented with the off_t type that is used
4156
by standard functions such as lseek(2). Problem reported
4157
by Blaz Zupan @ amis.net.
4161
Feature: all this discussion about when to reject mail and
4162
when not made me decide to implement a TCP-based map type
4163
so that it becomes relatively simple to implement dynamic
4164
access controls, for example, hold off mail from an unknown
4165
client or sender until we have completed some investigation,
4166
after which we will either reject or accept.
4168
However, this code is turned off until it is finished.
4172
Robustness: the dns client now rejects malformed domain
4173
names rather than depending on the DNS to report that the
4174
name does not exist. Linux returns a rather misleading
4175
server failure code as found out by Patrik Rak. File:
4180
Feature: added IGNORE keyword to header_checks and body_checks
4181
to pretend that certain data does not exist. File:
4182
cleanup/cleanup_message.c.
4186
Bugfix: the SASL code did not allow MAIL FROM... AUTH=sender
4187
without prior authentication. The RFC allows this, although
4188
one wonders what the reasoning behind this is. File:
4189
smtpd/smtpd_sasl_proto.c.
4193
Bugfix: the rmail script did not handle remote UUCP systems
4194
that send a from_ line with unqualified envelope sender.
4195
Reported by Luciano Mannucci.
4197
Compatibility: don't insert Sender: header lines. Sendmail
4198
has not done so for at least 10 years, if it ever did.
4199
Problem reported by Brad Knowles. File: cleanup/cleanup_message.c.
4203
Bugfix: when propagating an address extension in a virtual
4204
or canonical mapping, cleanup accesses memory that is no
4205
longer allocated. This can happen when the result address
4206
length is more than 100 characters. Problem reported by
4207
Adi Prasaja @ satunet.com. File: global/mail_addr_crunch.c.
4209
Bugfix: fixed a misleading error message when the cleanup
4210
server reaches the queue file size limit. Fix by Robby
4211
Griffin @ MIT.EDU. File: cleanup/cleanup_extracted.c.
4215
Bugfix: postalias -i would complain about duplicate entries
4216
for the Sendmail-compatible @ entry and for the NIS-compatible
4217
YP_LAST_MODIFIED and YP_MASTER_NAME entries.
4221
Gross hack: prevent looping on a bad recipient by always
4222
forwarding recipients in :include: files to a new mail
4223
delivery request, even when owner-listname is not set.
4224
File: local/recipient.c.
4228
Convenience: INSTALL.sh now imports default settings from
4229
the process environment, in order to make scripting easier.
4231
Robustness: INSTALL.sh now systematically skips over CVS,
4234
Portability: another fix for NEXTSTEP (Masaki MURASE).
4235
File: util/spawn_command.h.
4239
Cleanup: in a transport table entry, do not ignore port
4240
numbers specified as [host]:port. In fact, this is now
4241
becoming the preferred form, in order to avoid parsing
4242
problems with IPV6 addresses. Postfix supports both forms,
4243
but future versions will print a warning for the old form.
4244
Problem reported by Claus Fischer @ werhats.at
4246
Bugfix: missing initialization for state->sasl_method can
4247
cause permit_sasl_authenticated to always succeed. Report
4248
and fix by Lutz Jaenicke @ aet.TU-Cottbus.DE.
4250
FAQ: added notes about how to delete, copy or restore queue
4251
files in a safe manner.
4255
File reorganization. No code change except Makefiles. All
4256
sources are pushed down by one directory level to keep file
4257
listings usable. Released as 20000922, so that I have a
4258
reference to run "diff -cr against.
4260
Bugfix: the spawn service was installed without man pages.
4262
Portability: MacOSX hints and tips by Joe Block, University
4263
of Central Florida School of Optics/CREOL
4265
Portability: The MacOSX gcc compiler does not understand
4266
the new printf_like/scanf_like attributes. File: util/sys_defs.h.
4270
nqmgr update from Patrik Rak for the changed queue manager
4271
to delivery agent protocol.
4273
Lame feature: syslog_facility parameter to control where
4274
syslogd sends Postfix logging (default: syslog_facility =
4275
mail). However, errors during command-line parsing are
4276
still logged with the default syslog facility, as are errors
4277
while processing the main.cf file (surprise). Based on
4278
code by Andrew McNamara.
4282
Cleanup: new bounce logfile API so that Postfix can change
4283
to an extensible bounce logfile format with per-recipient
4284
sender addresses (needed for VERP and for reporting local
4285
list delivery problems to the list owner) and other
4286
attributes. File: global/bounce_log.[hc].
4288
Cleanup: replaced the ad-hoc logfile parsing code in showq
4289
by something that uses the generic bounce logfile API.
4293
Feature: Postfix bounced mail and delayed mail notifications
4294
now have the standard RFC 1894 form (DSN). The bounce
4295
service now uses the generic bounce logfile API. File:
4296
bounce/bounce_notify_service.c, bounce/bounce_notify_util.c.
4298
Cleanup: deleted the per-recipient bounce protocol. Future
4299
bounce logfiles will support per-recipient bounce addresses.
4300
Files: global/bounce.c, bounce/bounce_recip_service.
4304
Workaround: sendmail allows MAIL FROM and RCPT TO envelope
4305
addresses like <the dude <dude@site>> so we will never get
4306
rid of them. To disallow, specify "strict_rfc821_envelopes
4307
= yes". File: smtpd/smtpd.c.
4311
Feature: a "flush" server that keeps per-destination records
4312
of deferred mail. It is the basis of a faster ETRN and
4313
"sendmail -qRsite" implementation. This code was rewritten
4318
Bugfix: the stricter dns_lookup() argument checks revealed
4319
that Postfix was doing DNS lookups for domain literals
4320
([ip.address]) when expanding aliases in MAIL FROM and RCPT
4321
TO address parameters. Reported by Jim Littlefield. File:
4322
smtp/smtp_unalias.c.
4324
Documentation: added text on the biff=yes/no parameter to
4325
conf/sample-local.cf (text provided by Paul Wagland,
4326
relational-consultancy.com.
4328
Robustness? Log errors from SASL library code as warnings
4329
not as fatal errors. Files: smtp*/*glue.c.
4333
Feature: in master.cf, specify ? after wakeup time to avoid
4334
waking up services that aren't being used.
4338
Feature: the fast flush refresh and purge time interval
4339
parameters can now be specified in user-specified units by
4340
providing an appropriate suffix: s (seconds), m (minutes),
4341
h (hours), d (days), w (weeks). unit. This was needed so
4342
that I could test the flush server code in a reasonable
4343
way (its timeouts are normally specified in days or hours,
4344
and I don't have that much time for testing). Other Postfix
4345
time interval parameters will be migrated as time permits.
4346
Files: conf/sample-flush.cf, global/mail_conf_time.c,
4347
postconf/postconf.c.
4349
Unfeature: qmgr_hog_factor is now disabled by default. It
4350
was just too confusing. If you don't know what this means,
4355
Cleanup: after "postfix reload" do not penalize mail that
4356
was in the active queue, but make it ready for immediate
4357
delivery so that ETRN etc. works as intended. Files:
4358
*qmgr/qmgr.c, *qmgr/qmgr_active.c.
4360
Portability: Redhat 7 library interfaces have changed
4361
incompatibly, which breaks existing software. File makedefs.
4363
Consistency: the fallback_relay parameter did not understand
4364
the [] or host:port syntax, and there was no way to suppress
4365
MX record lookups. Files: smtp/smtp_addr.c, smtp/smtp_connect.c.
4367
Convenience: you can now specify multiple SMTP destinations
4368
in the relayhost or fallback_relay configuration parameters.
4369
The specified destinations will be tried in the specified
4370
order. File: smtp/smtp_connect.c.
4372
Many typographical corrections by Matthias Andree.
4376
Documentation: the canonical, virtual etc. manual pages
4377
did not document the effect of leading whitespace.
4381
Bugfix: virtual map expansion stopped too early with
4382
self-referential aliases. Reported by Michael Douglass @
4383
datafoundry.net. File: cleanup/cleanup_map1n.c.
4387
Horror: postmap and postalias (newaliases) silently lose
4388
the file lock while building a lookup table with Berkeley
4389
DB 2.x and later on Solaris, HP-UX, IRIX, and UNIXWARE.
4390
The result is that table lookups fail while the table is
4391
being built, so that mail is lost. In order to avoid this
4392
misbehavior one has to use an undocumented feature that is
4393
NOT available with the DB1.85 compatibility interface.
4394
Therefore, Postfix now supports three Berkeley DB programming
4395
interfaces of increasing complexity. File: util/dict_db.c.
4397
Bugfix: some character manipulations were not portable for
4398
signed/unsigned characters. Files: global/quote_821_local.c,
4399
global/quote_822_local.c.
4401
Workaround: apparently, some software sends SMTP mail that
4402
begins with "From sender time-stamp". Sendmail silently
4403
ignores such RFC violating garbage, and therefore Postfix
4404
needs to jump another hoop. File: smtpd/smtpd.c.
4408
Bugfix: the flush server tried to access config files after
4409
going to the chroot jail. Found by Lutz Jaenicke, TU-Cottbus.DE.
4410
File: flush/flush.c.
4412
Update: revised LDAP module from primary maintainer John
4413
Hensley, with contributions from many other people. Files:
4414
util/dict_ldap.c, LDAP_README.
4416
Update: LINUX2 chroot setup script by Matthias Andree,
4419
Feature: specify unix:/path/name for LMTP connections over
4420
UNIX-domain sockets, and specify inet:host or inet:host:port
4421
for IPV4. If no unix: or inet: is specified, IPV4 is assumed.
4422
File: lmtp/lmtp_connect.c.
4424
Feature: added UNIX-domain support to the smtpstone test
4425
programs in order to test the LMTP client UNIX-domain
4430
Bugfix: further testing in preparation for 19991231-pl10
4431
revealed that the DB map code was now broken for every
4436
Performance: the slow start (gradually increase number of
4437
parallel connections to the same site) was too gentle and
4438
Postfix would back off too quickly. Files: qmgr/qmgr_queue.c
4439
and nqmgr/qmgr_queue.c.
4443
FAQ update by Ralph Hildebrandt.
4447
Portability: RedHat Linux has changed incompatibly, again.
4448
Fixed with the help of Matthias Andree. File: makedefs.
4452
Cleanup: changed prototype of internal function that did
4453
not return a useful result. File: src/util/vstream_popen.c.
4457
Workaround: the Debian post install script passes an open
4458
file descriptor into the master server and waits forever.
4459
Reported by Lamont Jones. File: master/master.c.
4463
Compatibility: added sendmail -G (gateway submission) option
4464
for compatibility with the sendmail rmail command. Requested
4465
by David Gilbert, Velocet Communications.
4469
Documentation: added MAILER-DAEMON to the list of sample
4470
masquerade_exceptions settings in conf/sample-rewrite.cf.
4471
Suggested by Karl O. Pinc, pop.artic.edu.
4473
Performance: the slow start (gradually increase number of
4474
parallel connections to the same site) was too gentle and
4475
Postfix would back off too quickly. Files: qmgr/qmgr_queue.c
4476
and nqmgr/qmgr_queue.c. Yup, changed the same code, again.
4477
We now allow for a margin above the actual concurrency,
4478
with the size of the initial destination concurrency.
4479
Final solution by Patrik Rak.
4481
Bugfix: the recipient home directory test broke mailbox_transport
4482
support for non-UNIX recipients. File: local/recipient.c.
4486
Robustness: additional integrity tests for the nqmgr by
4487
Patrik Rak. File: nqmgr/qmgr_message.c.
4491
Bugfix: the new LDAP client code did not work properly if
4492
the new ldap_domain parameter was not specified. LaMont
4493
Jones, HP. File: util/dict_ldap.c.
4495
Feature: the soft_bounce safety net is extended to the SMTP
4496
server. With "soft_bounce = yes", The SMTP server changes
4497
all 5xx (reject) replies into 4xx (try again) replies.
4499
Documentation: the virtual(5) man page now documents both
4500
Postfix-style virtual domains and Sendmail-style virtual
4501
domains, including their interaction with local usernames,
4502
aliases and mailing lists. Hopefully, this ends some of
4503
the confusion surrounding virtual domain support. Updated
4504
several FAQ entries concerning virtual domain support.
4506
Documentation: added FAQ entry for the biff service.
4510
Bugfix: per-destination queue names were case sensitive so
4511
that the same site could have multiple queues. Reported
4512
by Patrik Rak. Files: *qmgr/qmgr_message.c.
4516
Bugfix: per-destination deferred mail logfiles were case
4517
sensitive so that the same site could have multiple deferred
4518
mail logfiles, so that not all mail would be flushed with
4519
ETRN. Reported by Ralph Hildebrandt. Files: flush/flush.c.
4521
Portability: added (int) casts to printf-like arguments
4522
that specify the width of %*letter conversions. On some
4523
systems, sizeof and pointer difference expressions are
4524
wider than an int. Reported by Valentin Nechayev @ lucky.net.
4528
Compatibility: Postfix now retries delivery when an external
4529
command is killed by a signal, because people expect such
4530
behavior from Sendmail. File: global/pipe_command.c.
4534
Feature: mailbox locking is now configurable. The configuration
4535
parameter name is "mailbox_delivery_lock". Depending on
4536
the operating system one can specify one or more of "flock",
4537
"fcntl" and "dotlock". Use "postconf -l" to find out what
4538
locking methods Postfix supports. The default setting is
4539
system dependent. All mailbox file opens are now done by
4540
one central mbox_open() routine. This affects the operation
4541
of the postlock command, and of local delivery to mailbox
4542
or /file/name. Files: util/safe_open.c, util/myflock.c,
4543
global/deliver_flock.c, global/mbox_conf.c, global/mbox_open.c.
4544
local/mailbox.c, local/file.c, postlock/postlock.c.
4546
Compatibility: the old sun_mailtool_compatibility parameter
4547
is being phased out. It still works (by turning off
4548
flock/fcntl locks), but logs a warning as a reminder that
4551
Compatibility: when delivering to /file/name, the local
4552
delivery agent now logs a warning when it is unable to
4553
create a /file/name.lock file, and then delivers the mail
4554
(older Postfix versions would silently deliver).
4558
Feature: specify "smtp_never_send_ehlo = no" to disable
4559
ESMTP. Someone asked for this long ago. Files: smtp/smtp.c,
4562
Feature? Bugfix? The smtp client now skips server replies
4563
that do not start with "CODE SPACE" or with "CODE HYPHEN",
4564
and flags them as protocol errors. Older versions silently
4565
treat "CODE TEXT" as "CODE SPACE TEXT". File: smtp/smtp_chat.c.
4569
Documentation: postmap(1) and postalias(1) did not document
4570
the process exit status for "-q key".
4574
Bugfix: the Postfix master daemon no longer imported
4575
MAIL_CONF and some other necessary environment parameters.
4576
Postfix now has explicit "import_environment" and
4577
"export_environment" configuration parameters that control
4578
what environment parameters are shared with non-Postfix
4579
processes. Files: util/clean_env.c, util/spawn_command.c,
4580
util/vstream_popen.c, global/pipe_command.c, and everything
4581
that invokes this code.
4585
Bugfix: while processing massive amounts of one-recipient
4586
mail, qmgr could deadlock for 10 seconds while sending a
4587
bounce message. All queue manager bounce send requests are
4588
now implemented asynchronously. Files: global/abounce.[hc]
4589
(asynchronous bounce client), qmgr/qmgr_active.c. Problem
4590
reported by El Bunzo (webpower.nl) and Tiger Technologies
4595
Feature: mailbox_transport and fallback_transport can now
4596
have the form transport:nexthop, with suitable defaults
4597
when either transport or nexthop are omitted, just like in
4598
the Postfix transport map. This allows you to specify for
4599
example, "mailbox_transport = lmtp:unix:/file/name". File:
4600
global/deliver_pass.c.
4604
Bugfix: the local_destination_concurrency_limit paramater
4605
no longer worked as per-user concurrency limit but instead
4606
worked as per-domain limit, so that the limit of "2" in
4607
the default main.cf files resulted in poor local delivery
4608
performance. Files: qmgr/qmgr_message.c, qmgr/qmgr_deliver.c.
4609
Problem reported by David Schweikert (ee.ethz.ch) and Dallas
4610
Wisehaupt (cynicism.com).
4614
Feature: support for MYSQL connections over UNIX-domain
4615
sockets by Piotr Klaban. Files: util/dict_mysql.c,
4620
Small dirt: postconf -m produced too much output due to a
4621
missing "else", and the optional SASL code needed a fix
4622
for the changed name_mask API.
4626
Workaround: due to an error, record type L for "filter
4627
transport name" was the same as that for the already existing
4628
record type L for "record not ending in newline", causing
4629
the pickup daemon to discard all records not ending in
4630
newline. The code cannot be changed without breaking
4631
compatibility with queued mail, so the pickup server is
4632
changed to discard type L records only from the message
4633
envelope, not from the content. File: pickup/pickup.c.
4637
Bugfix: dict_ldap did not properly initialize a handle
4638
after connection timeout. Problem reported by Alain Thivillon.
4639
File: util/dict_ldap.c.
4643
Feature: local_transport and default_transport now also
4644
understand the transport[:destination] notation, so that
4645
all transport config parameters are similar again. File:
4646
trivial-rewrite/resolve.c, trivial-rewrite/transport.c.
4648
Code cleanup: mailbox_transport and fallback_transport no
4649
longer allow the user to omit the transport part of a
4650
transport:destination specification. That just did not make
4651
any sense at all. The :destination part is still optional.
4652
File: global/deliver_pass.c.
4654
Feature: most time-related configuration parameters take
4655
a one-letter suffix that specifies the time unit: s
4656
(second), m (minutes), h (hours), d (days), w (weeks).
4657
"postconf -d" output includes the default time unit. Files:
4660
Code cleanup: in a CONFIG_TIME_TABLE, the default time unit
4661
is now always the last character of a default time value.
4662
It is no longer necessary to specify the default time unit
4663
separately. This change means that it will not be possible
4664
to specify default values in the form of function calls,
4665
but that was unused anyway. Files: global/mail_conf_time.c,
4670
Bugfix: reorganized some code in the MYSQL client to end
4671
a number of memory allocation/deallocation problems. This
4672
code needs more work. File: dict_mysql.c.
4676
Bugfix: the MYSQL client did not provide function pointers
4677
for unimplemented operations, causing "postmap -d" to dump
4678
core instead if issuing an error message. This is what I
4679
get for accepting code that I cannot test myself.
4683
Code cleanup: configuration parameters that are $name
4684
expanded at run-time now have their own data type hierarchy
4685
instead of being piggy-backed on top of strings that are
4686
$name expanded at program initialization time. Files:
4687
global/mail_conf.h, global/mail_conf_raw.c, and code that
4692
Update: replaced the default rbl.maps.vix.com setting by
4693
the current blackholes.mail-abuse.org.
4697
Code cleanup: the queue manager is a bit greedier with
4698
allocating a delivery agent. Problem pointed out by Patrik
4699
Rak. All bugs in the solution are mine. Files:
4700
*qmgr/qmgr_active.c.
4704
Bugfix: the FILTER_README shell script example did not
4705
correctly pass exit status to the parent.
4707
Bugfix: soft errors in client hostname lookups would be
4708
treated as hard errors. Fix by Michael Herrmann
4709
(informatik.tu-muenchen.de). File: smtpd/smtpd_peer.c.
4713
Bugfix: the mkdir() EEXIST race condition workaround was
4714
not complete. Matthias Andree, Daniel Roesen. Files:
4715
global/mail_queue.c, util/make_dirs.c.
4719
Portability: IRIX 6.5.10 defines sa_len as a macro, causing
4720
a name collision with a variable used by Postfix. Roberto
4721
Totaro, enigma.ethz.ch. File: smtpstone/smtp-source.c.
4725
Bugfix: REJECT by header/body_checks was flagged in smtpd
4726
as a bounce, should be policy, in order to make postmaster
4727
notifications more consistent. File: smtpd/smtpd.c.
4729
Merged updated chroot setup procedure by Matthias Andree.
4730
Files: examples/chroot-setup/LINUX2.
4734
Formatting: changed the seconds and days formats in the
4735
"your mail is delayed" text so that it does not switch to
4736
scientific notation. File: bounce/bounce_notify_util.c.
4740
Feature: SASL support for the LMTP client. Recent CYRUS
4741
software requires this for Postfix over TCP sockets.
4745
Bugfix: the 20001005 revised fallback_relay support caused
4746
Postfix to send mail to the fallback even when the local
4747
machine was an MX host for the final destination. Result:
4748
mailer loop. Found by Laurent Wacrenier (teaser.fr). Files:
4749
smtp/smtp_connect.c, smtp/smtp_addr.c.
4753
Workaround: specify "broken_sasl_auth_clients = yes" in
4754
order to support old Microsoft clients that implement a
4755
non-standard version of RFC 2554 (AUTH command).
4757
Workaround: Lotus Domino 5.0.4 violates RFC 2554 and replies
4758
to EHLO with AUTH=LOGIN. File: smtp/smtp_proto.c.
4762
Code cleanup: wrote creator/destructor for dictionary
4763
objects that provides default methods that trap all attempts
4764
to perform an unimplemented operation. Based on an ansatz
4765
by Laurent Wacrenier (teaser.fr). Files: util/dict*.[hc].
4767
Code cleanup: INSTALL.sh does not ask questions when stdin
4768
is not connected to a tty (as in: make install</dev/null).
4769
To automate a customized install, the script imports
4770
environment variables for install_root etc.
4774
Workaround: randomize the delay between attempts to lock
4775
a file, so that multiple bounce or defer servers are less
4776
likely to retry all at the same time. likely. File:
4777
util/rand_sleep.c, global/deliver_flock.c, global/dot_lockfile.c.
4781
Code cleanup: complaints about invalid or numeric hostnames
4782
either provide specific context or are removed as redundant.
4783
Files: util/valid_hostname.c dns/dns_lookup.c.
4785
Code cleanup: new mailbox_size_limit parameter (default:
4786
20MB). Until now, the mailbox size limit was the same as
4787
the message size limit, due to artefact of implementation.
4788
Files: global/mail_params.h, local/local.c.
4790
Bugfix: fix for the ldap_domains parameter, both semantics
4791
and documentation by LaMont Jones. Files: LDAP_README,
4792
conf/sample-ldap.cf, util/dict_ldap.c.
4794
Update: merged in the virtual delivery agent by Andrew
4795
McNamara. See VIRTUAL_README for detailed examples.
4797
Update: merged a re-vamped nqmgr by Patrik Rak.
4801
Tweak: several little nqmgr tweaks by Patrik Rak. Files:
4802
global/mail_params.h, nqmgr/qmgr_job.c.
4804
Bugfix: the virtual delivery agent did not save maps_find()
4805
results timely. J?rgen Thomsen, postfix.jth.net. File:
4808
Security: disallow regexp tables in the virtual delivery
4809
agent. The $1 etc. substitution mechanism gives too much
4810
power to the sender. File: virtual/mailbox.c.
4812
Cleanup: clarified documentation and boundary cases in the
4813
random_sleep() routine.
4815
Bugfix: the MISSING_USLEEP feature was used backwards.
4816
Patrik Rak. File: util/random_sleep.c.
4820
Workaround: Linux usleep() is void, BSD/Solaris usleep()
4821
returns int, don't use it. File util/random_sleep.c.
4823
Made local maildir bounce/defer handling mode consistent
4824
with local mailbox delivery. File local/maildir.c.
4826
The smtp client now defers delivery when all MX hosts have
4827
no A record. File: smtp/smtp_addr.c
4829
Bundled the man2html and postlink quick hacks so people
4830
can do their own manual page processing. See scripts in
4831
the mantools directory.
4833
Documentation: updated the reference to sendmail in the
4834
html/index.html page.
4836
Documentation: added note about the Cisco PIX "fixup smtp"
4837
bug that causes mail delivery problems when "." and "CRLF"
4838
arrive in separate packets. File: html/faq.html.
4842
Bugfix: another missing initialization in the mysql client.
4843
File: util/dict_mysql.c.
4845
Sanitized time routine by Patrik Rak, to make his nqmgr
4846
robust against people who set their clock back. Files:
4847
util/sane_time.[hc].
4849
Bumped the default mailbox file size limits to 50MB.
4853
Bugfix: fixed the way the master resets the file size limit
4854
to avoid problems when a Postfix daemon updates a queue
4855
file. The file size limit is now increased to INT_MAX if
4856
it is smaller than INT_MAX, so that it is less likely to
4857
interfere than the old setting of message_size_limit.
4859
Feature: disable mailbox size limits for the local and
4860
virtual delivery agents by setting mailbox_size_limit or
4861
virtual_mailbox_limit to zero.
4865
Update: null candidate patch from Patrik Rak. Files:
4866
nqmgr/qmgr_entry.c nqmgr/qmgr_job.c nqmgr/qmgr_message.c.
4868
Cleanup: added one gruesome command to the postlink script
4869
for hyperlinking nroff manual page output. Word abbreviation
4870
broke some <a href...> </a> instances across line boundaries.
4871
sed(1) is an amazing tool. File: mantools/postlink.
4875
Laid the ground work for logging of table accesses. This
4876
will give more insight into how Postfix uses its lookup
4877
tables. User interface comes later. File: util/dict_debug.c.
4881
Bugfix: the pipe delivery agent expanded $size as if it
4882
were a recipient, instead of expanding it as $nexthop or
4883
as $sender. Reported by Michael Tokarev. File: pipe/pipe.c.
4887
Bugfix: poor LMTP performance for domains that are listed
4888
in $mydestination, because Postfix would send one recipient
4889
at a time, with multiple deliveries of recipients of the
4890
same message in parallel; a similar problem could exist
4891
with virus scanning and with firewall relay hosts that
4892
forward mail for $mydestination to an inside machine. This
4893
behavior is now changed to depend on the transport-specific
4894
xxx_destination_recipient_limit parameter. This also means
4895
that you can now get qmail behavior for SMTP deliveries by
4896
setting smtp_destination_recipient_limit=1. File:
4897
{qmgr,nqmgr}/qmgr_message.c.
4899
Workaround: Solaris socketpair() can fail with EINTR. Added
4900
a sane_socketpair.c module that joins the ranks of the
4901
other sane_whatever workarounds. Reported by Andrew McNamara.
4902
File: util/sane_socketpair.[hc]
4906
Documentation: the default main.cf file has a prominent
4907
warning that mynetworks should be properly configured in
4908
order to reject unauthorized mail relay requests from
4911
Documentation: the INSTALL document, section "mandatory
4912
configuration file edits" has a section that explains that
4913
mynetworks should be properly configured in order to reject
4914
unauthorized mail relay requests from strangers.
4918
Documentation: the basic.html document has a section that
4919
explains that mynetworks should be properly configured in
4920
order to reject unauthorized mail relay requests from
4923
Feature: new "mynetworks_style" parameter that controls
4924
how mynetworks (trusted networks) is derived from the
4925
inet_interfaces (machine interfaces) setting. Specify
4926
"class" for entire class A, B, C networks; "subnet" for
4927
the local subnets only; or "host" for maximal privacy.
4928
Files: util/inet_addr_local.[hc], global/own_inet_addr.[hc],
4929
global/mynetworks.[hc], postconf/postconf.c.
4931
Portability: MACOSX patches by Gerben Wierda.
4933
Portability: Solaris /dev/null is a symlink, which tripped
4934
up the code to safely open a file before local delivery.
4935
We now grudgingly allow symlinks owned by root. File:
4940
Bugfix: "postconf mynetworks" ignored the inet_interfaces
4941
setting. That was a very old one. File: postconf/postconf.c.
4943
INCOMPATIBLE CHANGE: POSTFIX NO LONGER RELAYS MAIL FOR
4944
CLIENTS IN THE ENTIRE CLASS A/B/C NETWORK. POSTFIX BY
4945
DEFAULT RELAYS MAIL FOR CLIENTS IN THE LOCAL SUBNETWORK.
4946
Specify "mynetworks_style = class" to get the old behavior.
4950
Portability: master sigchld handler based on writing to a
4951
pipe, so that the master wakes up from select(). Based on
4952
code by Erik Forsberg, Linkoping University, Sweden. File:
4953
master/master_sig.c. Disabled until after the major release.
4955
Code cleanup: Postfix should now run with no alias database.
4957
Code cleanup: local_destination_recipient_limit and
4958
local_destination_concurrency_limit have become first-class
4959
configuration parameters. Files: global/mail_params.h,
4960
*qmgr/qmgr.c, postconf/postconf.c.
4964
Documentation suggestions by Lars Hecking and Richard
4965
Huxton, Matthias Andree and many others.
4967
Code cleanup: some queue/transport operations need to be
4968
moved, after the code cleanup of the recipient/concurrency
4969
limit handling. Patrik Rak. Files: *qmgr/qmgr_message.c.
4973
Feature: configurable name in syslog output (default:
4974
"syslog_name = postfix") so that different Postfix instances
4975
can be recognized by their logging. File: global/mail_task.c.
4979
Workaround for logic mismatch in nqmgr that was exposed
4980
with the introduction of the asynchronous bounce client.
4985
Bugfix: the RFC 822 untokenizer quoted newlines inside
4986
comments. File: global/tok822_parse.c.
4990
Cleanup: removed an extraneous warning when a queue file
4991
write error happened.
4995
Workaround: LMTP connection caching never worked for
4996
destinations starting with unix: or inet:. File:
4997
lmtp/lmtp_connect.c.
5001
Portability: Solaris <2.6 does not have srandom() and
5002
random() in libc. File: util/rand_sleep.c. It does not have
5003
to be cryptographically strong.
5005
Bugfix: the fast ETRN flush server could not handle [ipaddr]
5006
or domain names with one-character hostname part. This
5007
fix changes the destination to logfile name mapping, so
5008
that you need to populate the new files with "sendmail -q".
5009
The old files go away automatically. File: flush/flush.c.
5013
Speed up mailq (sendmail -bp) display by flushing output
5014
after each file. File: showq/showq.c.
5016
Portability: missing string.h includes, %p wants (void *),
5021
Bugfix: swapped logic caused cleanup to stall when the
5022
queue file size exceeded the file size limit by less than
5023
one the VSTREAM buffer size, so that the "file too big"
5024
was detected after flushing the last queue file record.
5025
File: cleanup/cleanup.c.
5029
Portability: workaround for missing prototype problem in
5030
dict_ldap.c. This module should move to the global directory,
5031
because it depends on Postfix main.cf parameter information.
5033
Workaround: after sending a trigger message over a socket,
5034
do not immediately close the client side, but close it from
5035
a background thread that waits until the server closes the
5036
socket first. This avoids trouble with socket implementations
5037
that destroy a socket when the client closes a socket before
5038
the server has received the client's data. Files:
5039
util/{inet,unix,stream}_trigger.c, util/events.c,
5040
master/master_trigger.c, postkick/postkick.c.
5044
Workaround: the mysql library can return null pointers
5045
rather than zero-length strings. File: util/dict_mysql.c.
5049
Ergonomics: log additional information about the reason
5050
why "mail for XXX loops back to myself" when the local
5051
machine is the best MX host. File: smtp/smtp_addr.c.
5055
Changed some noisy LDAP client warnings into optional
5056
logging. LaMont Jones, util/dict_ldap.c.
5060
Bugfix: the SMTP server now replies with 550 instead of
5061
503 when it receives the DATA command without having received
5062
a valid recipient address. This is needed for the Sendmail
5063
client-side pipelining implementation. Problem reported by
5064
Lutz Jaenicke. File: smtpd/smtpd.c.
5066
Cleanup: shut up if chattr fails on Reiserfs and other file
5067
systems that do not support the respective attributes.
5068
Files: conf/postfix-script-{no,}sgid.
5072
Ergonomics: Postfix applications now warn when a DB or DBM
5073
file is out of date, and recommend to rebuild the table.
5074
Files: util/dict_db.c, util/dict_dbm.c.
5078
Feature: specify a key of "-" to the postmap or postalias
5079
-q or -d option, and the keys will be read from standard
5080
input, one key per line. Files: postmap/postmap.c,
5081
postalias/postalias.c.
5083
Bugfix: with a non-default inet_interfaces setting, the
5084
master ignored host information in master.cf host:port
5085
settings. Fix by Jun-ichiro itojun Hagino @ iijlab.net.
5086
Files: master/master.h, master/master_ent.c.
5090
Bugfix: the SMTP server did not parse invalid MAIL FROM or
5091
RCPT TO addresses such as <first last <user@domain>> the
5092
way it was supposed to do. I thought this was taken care
5093
of years ago. File: smtpd/smtpd.c.
5097
Bugfix: smtpd would reject mail instead of replying with
5098
a 4xx temporary error code when, for example, an LDAP or
5099
mysql server was unavailable. Remotely based on a fix by
5100
Robert Kiessling @ de.easynet.net. File: smtpd/smtpd_check.c.
5104
Feature: the Postfix SMTP client now by default randomly
5105
shuffles destination IP addresses of equal preference.
5106
Specify "smtp_randomize_addresses = no" to disable.
5107
Shuffling code by Elias Levy @ SecurityFocus.com Files:
5108
dns/dns_rr.c, smtp/smtp_addr.c.
5112
Bugfix: The SMTP server's 550 in reply to DATA should be
5113
a 554 response. And it wasn't Sendmail. Claus Assman.
5115
Bugfix: the INSTALL.sh test for non-interactive upgrade
5116
broke rooted installations that specify settings via the
5117
environment. Simon Mudd.
5119
Bugfix: mailq output is now really flushed one message at
5120
a time. File: sendmail/sendmail.c.
5122
Feature: "postsuper -d queueID" deletes one message queue
5123
file; "postsuper -d -" reads zero or more queue IDs from
5124
standard input, and deletes one instance of each file.
5125
File: postsuper/postsuper.c.
5127
Code cleanup: in order to make postsuper -d safe with a
5128
running Postfix mail system, some routines had to be made
5129
tolerant for sudden queue file disappearances. Files:
5130
global/deliver_request.c, *qmgr/qmgr_move.c.
5132
Code cleanup: in order to make postsuper -d more usable,
5133
the showq command was extended to safely list the possibly
5134
world-writable maildrop directory. File: showq/showq.c.
5138
Feature: postsuper -d will also delete defer and bounce
5139
logfiles when the named queue file is found.
5143
RFC 2821 feature: an SMTP server must reset all buffers
5144
upon receipt of EHLO. File: smtpd/smtpd_check.c.
5146
RFC 2821 feature: an SMTP server must accept a recipient
5147
address of "postmaster" without domain name. File:
5148
smtpd/smtpd_check.c.
5150
RFC 2821 recommendation: reply with 503 to commands sent
5151
after 554 greeting. File: smtpd/smtpd.c.
5153
RFC 2821 recommendation: if VRFY is enabled, list it in
5154
the EHLO response. File: smtpd/smtpd.c.
5156
RFC 2821 recommendation: SMTP clients should use EHLO.
5157
The default setting of smtp_always_send_ehlo has changed
5158
from 0 (send EHLO if server greets with ESMTP) to 1 (always
5159
send EHLO). In all cases, Postfix falls back to HELO if
5160
the server does not support EHLO. File: smtp/smtp_proto.c.
5164
Bugfix: with soft_bounce=yes, the SMTP server would log
5165
5xx replies even though it would send 4xx replies to the
5166
client (Phil Howard, ipal.net). File: smtpd/smtpd_check.c.
5170
Compatibility: Microsoft sends "AUTH=MBS_BASIC LOGIN".
5171
Updated the parsing code in smtp/smtp_proto.c. Problem
5172
reported by Ralf Tessmann, Godot GmbH.
5176
Standard: deleted the non-standard "via" portion from
5177
Received: headers generated by Postfix bounce or other
5178
notification processes. File: global/post_mail.c.
5180
Robustness: eliminated stack-based recursion from the RFC
5181
822 address parser. File: global/tok822_parse.c.
5183
Standard: annotated the source code with comments based on
5184
RFC 2821 and 2822. Not all the RFC changes make sense.
5186
RFC 2821 recommendation: treat a RCPT 552 reply as if the
5187
server sent 452. Files: smtp/smtp_proto.c, lmtp/lmtp_proto.c.
5189
Cleanup: moved ownership of the debug_peer parameters from
5190
the applications to the library, so that a Postfix shared
5191
library does not suffer from undefined references. Files:
5192
smtp/smtp.c, lmtp/lmtp.c, smtpd/smtpd.c, global/mail_params.c.
5193
LaMont Jones, for Debian.
5197
Feature: "postsuper -r queueID" re-queues a message, and
5198
"postsuper -r ALL" re-queues all mail. The message is moved
5199
to the maildrop queue so that the pickup daemon will copy
5200
it to a new queue file, and so that address rewriting will
5201
be done again. This is useful after changes of address
5202
rewriting or virtual mappings.
5204
Feature: "postsuper -d ALL [queue-name]" deletes a bunch
5209
Feature: "postsuper -s" (which is done by default) renames
5210
queue files whose name (queue ID) does not match the message
5213
Bugfix: memory leak in the LDAP client module. Alain
5214
Thivillon, France Teaser - Groupe Firstream.
5218
Portability: gcc 2.6.3 does not have __attribute__ (Clive
5219
Jones, dgw.co.uk). File: util/sys_defs.h.
5221
Bugfix: the SMTP and LMTP clients claimed that a queue file
5222
needed to be delivered again (even when all recipients were
5223
erased from the queue file) when no QUIT or RSET reply was
5224
received (by default, this does not happen with SMTP mail
5225
because the SMTP client does not wait for QUIT replies and
5226
does not send RSET to deliver mail). As a result of the
5227
same bug the LMTP client followed a dangling pointer when
5228
sending QUIT after process idle timeout while the LMTP
5229
server had disconnected. Files: smtp/smtp_proto.c,
5234
newaliases no longer complains when an empty list is
5235
specified with the alias_database configuration parameter.
5236
File: sendmail/sendmail.c.
5240
Workaround: old PIX firewall code messes up when the final
5241
".<CR><LF>" at the end of DATA spans a packet boundary.
5242
When Postfix detects PIX SMTP fixup mode, Postfix flushes
5243
the output buffers before sending the final ".<CR><LF>".
5244
File: smtp/smtp_proto.c.
5248
Portability: updated code for Mac OS X, accounting for the
5249
post-Beta changes. Code by Joe Block, UCF School of
5254
Safety: postdrop turns off interrupts when cleaning up
5255
after interrupt. The additional safety does not hurt anyone.
5256
File: src/postdrop/postdrop.c.
5260
Safety: dropped the RFC 2821 compliant code that treats
5261
552 RCPT TO replies as 452. It created more problems than
5262
it solved. Files: smtp/smtp_proto.c, lmtp/lmtp_proto.c.
5264
Logging: the SMTP server now logs a warning if RBL lookups
5265
have problems other than "not found". file: smtpd/smtpd_check.c.
5269
Feature: address quoting and case folding flags for the
5274
Workaround: some MTAs fall on their face when they receive
5275
unexpectedly long lines. From now on, Postfix defaults to
5276
breaking long lines at 2048 (like Sendmail so it has got
5277
to be right). To get the old, content preserving, behavior
5278
specify "smtp_truncate_lines = no". File: smtp/smtp_proto.c.
5282
Bugfix: did not really undo 2821 552->452 mapping.
5286
Bugfix: postfix-script used a hard-coded maildrop group
5287
owner instead of using the install-time specified name
5288
stored in /etc/postfix/install.cf. Problem reported by
5289
David Terrell @ meat.net.
5293
Feature: mail_spool_directory ending in / causes maildir
5296
Bugfix: the FreeBSD kernel parameters kern.ipc.nmbclusters
5297
and kern.ipc.maxsockets cannot be set with sysctl commands.
5298
File: html/faq.html. Len Conrad @ Go2France.com.
5300
Cleanup: the virtual delivery agent was poorly integrated
5301
so that the SMTP server and queue manager did not reject
5302
mail for unknown users. Files: smtpd/smtpd_check.c.
5306
Feature: QMQP server, compatible with qmail and the ezmlm
5307
list manager. Files: util/netstring.[hc], qmqpd/qmqpd*.c.
5311
Feature: QMQP stress test message generator program. Files:
5312
smtpstone/qmqp-source.c, smtpstone/qmqp-sink.c.
5316
Bugfix: with disable_dns=yes, the SMTP client treated all
5317
host lookup errors as permanent. File: smtp/smtp_addr.c.
5321
Feature: VERP support, based on a patch by Peng Yong, and
5322
with the missing parts filled in so that the Postfix bounce
5323
daemon can send one VERP bounce per undeliverable recipient.
5324
Files: , sendmail/sendmail.c, smtpd/smtpd.c, qmgr/qmgr_deliver.c,
5325
bounce/bounce_notify_verp.c, qmqpd/qmqpd.c, plus a couple
5326
support routines in the global library.
5328
Cleanup: with recipient_delimiter=+ (or any character other
5329
than -) Postfix will now recognize address extensions even
5330
with owner-foo+extension addresses. This is necessary to
5331
make VERP work for mailing lists.
5335
Bugfix: potential memory leak in the queue managers with
5336
the new VERP delimiter record. Fix by Patrik Rak.
5340
Cleanup: you can now specify the VERP delimiter characters
5341
on the sendmail(1) command line, but they are still optional.
5343
Safety: with maildir style delivery and with hashed mailboxes
5344
the system mail spool directory must not be world writable.
5348
Safety: the verp_delimiter_filter parameter (default: -=+)
5349
limits what characters Postfix accepts as VERP delimiter
5354
Logging: the queue manager now logs a "status=expired"
5355
record when it returns a message that is too old. Files:
5356
*qmgr/qmgr_active.c.
5360
Feature: stiffer coupling between mail receiving rates and
5361
mail delivery rates, using a trivial token-based scheme,
5362
implemented by reading and writing an in-memory pipe. The
5363
queue manager produces one token when it retrieves mail
5364
from the incoming queue. The cleanup daemon consumes one
5365
token when it adds mail to the incoming queue. If no token
5366
is available the cleanup server pauses for $in_flow_delay
5367
seconds and proceeds anyway. The delay allows mail sending
5368
process to catch up and access the disk while not blocking
5369
inbound mail. Valid delays are 0..10 seconds.
5373
Bugfix: updated LDAP client module from LaMont Jones, HP.
5374
This also introduces new LDAP query filter patterns: %u
5375
(address localpart) and %d (domain part). Files:
5376
conf/sample-ldap.cf, util/dict_ldap.c.
5380
Bugfix: recursive smtpd_whatever_restrictions clobbered
5381
intermediate results when switching between sender and
5382
recipient address restrictions. Problem found by Victor
5383
Duchovni, morganstanley.com. In order to fix, introduced
5384
address resolver result caching, which should also help to
5385
speed up sender/recipient address restriction processing.
5387
Bugfix: the not yet announced DUNNO access table lookup
5388
result did not prevent lookups with substrings of the same
5389
lookup key. Found by Victor Duchovni, morganstanley.com.
5393
Robustness: trim trailing whitespace from regexp and pcre
5394
right-hand sides, for consistency with DB/DBM tables.
5395
Files: util/dict_pcre.c, util/dict_regexp.c.
5399
Robustness: eliminate duplicate IP addresses after expansion
5400
of hostnames in $inet_interfaces, so that Postfix does not
5401
suddenly refuse to start up after someone changes the DNS.
5402
Files: util/inet_addr_list.c global/own_inet_addr.c.
5404
Feature: specify "disable_verp_bounces = yes" to have
5405
Postfix send one RFC-standard, non-VERP, bounce report for
5406
multi-recipient mail, even when VERP style delivery was
5411
Bugfix: postconf was using unexpanded values internally
5412
for myhostname, inet_interfaces, and mynetworks_style.
5413
This broke the "postconf -d" mynetworks computation. File:
5414
postconf/postconf.c.
5418
Feature: masquerade_classes parameter for fine control of
5419
address masquerading. The default setting is backwards
5420
compatible: envelope_sender header_sender header_recipient.
5421
Files: cleanup/whatever.c.
5425
Code cleanup: the bounce daemon complained about data that
5426
it was not going to send back anyway. Fix: stop reading
5427
the original message when the bounce message reaches the
5428
bounce message size limit. File: bounce/bounce_notify_util.c.
5432
Logging: postsuper now logs the queue ID when it requeues
5433
a message, or when it deletes a message from the mail queue.
5434
File: postsuper/postsuper.c.
5438
Safety: the SMTP server now sends a 4xx (try again later)
5439
response when an UCE restriction is misconfigured, instead
5440
of ignoring the bad restriction and possibly accepting mail
5441
that it should not accept. File: smtpd/smtpd_check.c.
5445
Workaround: the Postfix qmqp-source program produced mail
5446
not ending in newline. qmail-qmqpd accepts such mail, but
5447
qmail-remote is unable to deliver it. Matthias Andree,
5448
uni-dortmund.de. File: smtpstone/qmqp-source.c.
5452
Bugfix: the smtp-sink stress test program broke when RCPT
5453
TO commands crossed network packet boundaries. Problem
5454
reported by Matthias Andree, uni-dortmund.de. File:
5455
smtpstone/smtp-sink.c.
5459
Code cleanup: permit_mx_backup implements the old behavior
5460
(accept mail if the local MTA is MX relay), and allows an
5461
additional restriction via the permit_mx_backup_networks
5462
parameter (accept mail only if the primary MX hosts match
5463
the specified list of network blocks). This second restriction
5464
is now entirely optional, for backwards compatibility.
5466
Bugfix: an address extension could be appended multiple
5467
times to the result of a canonical or virtual map lookup.
5468
File: global/mail_addr_map.c. Fix by Victor Duchovni,
5471
Bugfix: split_addr() would split an address even when there
5472
was no data before the recipient delimiter. In combination
5473
with the above bug, this could cause an address to grow
5474
exponentially in size. Problem reported by Victor Duchovni,
5475
Morgan Stanley. File: global/split_addr.c.
5479
Bugfix: the mail_addr_map() fix was almost but not quite
5480
right. It took two clever people and several iterations of
5481
email to really fix the mail_addr_map() problem. Thanks
5482
to Victor Duchovni and Liviu Daia.
5486
Cleanup: Postfix no longer flushes the whole deferred queue
5487
after an ETRN request for a random domain name (i.e. a
5488
domain name not matched by $fast_flush_domains); the SMTP
5489
server instead replies with "459 service unavailable".
5490
Files: smtpd/smtpd.c, global/flush_clnt.c, flush/flush.c.
5494
Bugfix: there was a minute memory leak when an smtpd access
5495
restriction was misconfigured. File: smtpd/smtpd_check.c.
5499
Code cleanup: Postfix daemons now print the name of the
5500
UNIX-domain socket (instead of "unknown stream") in case
5501
of a malformed client request. Files: master/*server.c.
5505
Code cleanup: replaced the ugly mail_print() and mail-scan()
5506
protocols by (name,value) attribute lists. This gives better
5507
error detection when we make changes to internal protocols,
5508
and allows new attributes to be introduced without breaking
5509
everything immediately. Files: util/attr_print.c util/attr_scan.c
5510
global/mail_command_server.c global/mail_command_client.c
5511
as wel as most Postfix applications and daemons.
5515
Put base 64 encoding into place on the replaced internal
5516
protocols. Files: util/base64_code.[hc].
5518
Feature: header/body REJECT rules can now provide text that
5519
is sent to the originator. Files: cleanup/cleanup.c,
5520
cleanup/cleanup_message.c, conf/sample-filter.cf.
5524
Bugfix: As of 20000625, Errors-To: was broken, because the
5525
code to extract the address was not moved from recipient
5526
address rewriting to sender address rewriting. Problem
5527
reported by Roelof Osinga @ nisser.com. File:
5528
cleanup/cleanup_message.c.
5532
Bugfix: virtual map expansion terminated early because the
5533
detection of self-referential entries was flawed. File:
5534
cleanup/cleanup_map1n.c.
5538
Bugfix: mail_date() mis-formatted negative time zone offsets
5539
with fractional hours (-03-30 instead of -0330). Fix by
5540
Chad House, greyfirst.ca. File: global/mail_date.c.
5544
Feature: new -f option to postmap and postalias (do not
5545
lowercase the lookup key while creating a table). Files:
5546
util/dict.h postmap/postmap.c postalias/postalias.c.
5548
Code cleanup: simplified the attribute print/scan routines,
5549
and removed the never-used support for sending and receiving
5550
integer arrays and string arrays. Files: util/attr_print.c,
5553
Bugfix: qmqpd could read past the end of a string while
5554
looking for qmail's VERP magic token in the envelope sender
5555
address. File: qmqpd/qmqpd.c.
5557
Code cleanup: finished testing the new internal protocols.
5558
The only bug was with the flush server, which still needs
5559
to support the old (string + null byte) protocol for triggers
5560
from the Postfix master daemon.
5564
Bugfix: Postfix would log the wrong error text when locally
5565
submitted mail was deferred due to "soft_bounce = yes".
5567
Bugfix: The LDAP client dropped any entries that don't have
5568
the result_attribute, but errored out when a DN didn't
5569
exist. The behavior is now consistent: treat non-existant
5570
DN's in a special result attribute expansion the same as
5571
DN's with no attribute. LaMont Jones, HP.
5575
Bugfix: the new smtp-sink -n option (terminate after the
5576
specified number of deliveries) wasn't optional.
5578
Portability: updated Mac OS X documentation and install
5579
scripts by Gerben Wierda.
5583
Bugfix: missing terminator in new attribute-based function
5584
call caused signal 11. File: src/cleanup/cleanup.c.
5586
Lame workaround for ESTALE errors with mail delivery over
5587
NFS. Additional bandages were added to the local delivery
5588
agent. However, Wietse maintains that Postfix offers no
5589
guarantee for reliable delivery over NFS.
5591
Feature: put "warn_if_reject" before an smtpd restriction,
5592
and that restriction logs warnings without rejecting mail.
5593
This makes it easier to test configurations "live" without
5594
having to lose mail. File: smtpd/smtpd_check.c.
5598
Workaround: in order to get mail past PIX firewall bugs,
5599
the Postfix SMTP client now blocks until the socket send
5600
buffer is empty before sending the final ".<CR><LF>". Files:
5601
util/sock_empty_wait.c, smtp/smtp_proto.c. Changed into
5602
sleep(10) on 20011119. Sleep suggested by Hobbit.
5606
Feature: added string-null encoding for internal protocols.
5607
Files: util/attr_print0.c, util/attr_scan0.c.
5609
Feature: configurable parent domain matching for domain
5610
and hostname/address match lists: either .domain or the
5611
domain name itself. Files: util/match_ops.c util/match_list.c
5613
Feature: added pretend-to-be-behind-PIX mode to the smtp-sink
5614
test program, in order to stress test some PIX bug workaround
5619
Workaround: Linux and Solaris systems have no reasonable
5620
way to block until a socket drains. On these systems Postfix
5621
simply waits for 10 seconds, in order to work around PIX
5622
".<CR><LF>" bugs. File: util/sock_empty_wait.c.
5626
Bugfix: reset the smtpd command transaction log between
5627
deliveries. File: smtpd/smtpd.c.
5631
Feature: mailbox_command_maps no longer requires that every
5632
user has an entry. If the user does not have a command
5633
entry, the local delivery agent tries the other delivery
5634
methods (mailbox_command, home_mailbox). File: local/mailbox.c.
5636
Bugfix: reset the smtpd command transaction log between
5637
non-deliveries. File: smtpd/smtpd.c.
5641
Bugfix: consolidated all the command transaction log resets
5642
and eliminated one missing reset (Victor Duchovni, Morgan
5643
Stanley). File: smtpd/smtpd.c.
5647
Cleanup: replaced unnecessary match_list wrapper code by
5648
macros. Files: global/{string,domain,namadr}_list.[hc].
5652
Feature: configurable parent domain matching strategy for
5653
transport map lookups. File: trivial-rewrite/transport.c.
5655
New parent_domain_matches_subdomains parameter. This lists
5656
all the Postfix features where a domain name matches itself
5657
and all its subdomains (instead of requiring ".domain.name"
5658
for subdomain matches). Planning for future backwards
5659
compatibility :-) File: global/match_parent_style.c.
5661
Workaround: simplified the PIX ".<CR><LF>" bug to always
5662
sleep for 10 seconds. File: smtp/smtp_proto.c.
5666
Workaround: disable attribute string length restriction so
5667
that trivial-rewrite does not refuse to rewrite broken mail
5668
headers. Files: util/attr_scan*.c.
5672
Bugfix: missing long integer support in the new IPC protocols.
5673
Files: util/attr_scan*.c, util/attr_print*.c.
5675
Portability: AIX5 (Adrian P. van Bloois), MAC OS X 10.1.1
5680
Bugfix: spurious postmaster notifications because some flag
5683
Feature: new parameter smtpd_sender_login_maps that specifies
5684
the (SASL) login name that owns a MAIL FROM address.
5685
Specify a regexp table in order to require a simple one-to-one
5686
mapping. This is used in the reject_sender_login_mismatch
5687
sender anti-spoofing feature.
5689
Feature: restriction reject_sender_login_mismatch refuses
5690
a MAIL FROM address when $smtpd_sender_login_maps specifies
5691
an owner but the client is not (SASL) logged in as the MAIL
5692
FROM address owner, or when a client is (SASL) logged in
5693
but the client login name does not own the MAIL FROM address
5694
according to $smtpd_sender_login_maps. File: smtpd/smpd_check.c.
5696
Documentation: added some redundancy to the LMTP_README
5697
file so people can keep track of the difference between
5698
the Postfix LMTP client and the non-Postfix LMTP server.
5702
Feature: smtpd_noop_commands specifies a list of commands
5703
that are treated as NOOP (no operation) commands, without
5704
syntax check or state change. File: smtpd/smtpd.c.
5706
Bugfix: the "mark queue file as corrupt" code did not work
5707
because it was never used. Files: global/mark_corrupt.c,
5708
global/mail_copy.c, global/pipe_command.c, *qmgr/qmgr_active.c,
5709
local/maildir.c, local/mailbox.c, local/command.c, pipe/pipe.c,
5710
virtual/mailbox.c, virtual/maildir.c.
5712
Bugfix: the bounce daemon broke in the unlikely case of a
5713
non-existing queue file. File: bounce/bounce_notify_util.c.
5717
Feature: added WARN command to header/body_checks files as
5718
proposed by Michael Tokarev. File: cleanup/cleanup_message.c.
5720
Bugfix: the postdrop program was broken after the change
5721
of Postfix internal protocols. This broke "sendmail -bs"
5722
mail submissions with "secure" maildrop directory. Reported
5723
by Craig Loomis, apo.nmsu.edu. File: postdrop/postdrop.c.
5725
Feature: a first start at fault injection for testing
5726
unlikely error scenarios (such as corrupt queue files).
5727
Parameter: fault_injection_code, must be left at zero for
5732
Robustness: add a file size limit to the sendmail and
5733
postdrop submission programs to stop run-away process
5734
accidents. This is not a defense against DOS attack. Files:
5735
sendmail/sendmail.c, postdrop/postdrop.c.
5737
That resulted in a considerable amount of work to properly
5738
propagate "file too large" conditions back to the sendmail
5739
mail posting user interface. Took the opportunity to express
5740
other mail submission fatal exits with the <sysexits.h>
5741
exit status codes. Files: sendmail/sendmail.c,
5742
postdrop/postdrop.c.
5746
Maintenance: dict_ldap.c wasn't updated after the revision
5747
of the string matching routines. File: util/dict_ldap.c.
5751
Maintenance: LDAP module and documentation from LaMont
5752
Jones. This version adds verbose logging for LDAP library
5753
routines. Files: src/util/dict_ldap.[hc], LDAP_README,
5756
Portability: made memory alignment restrictions configurable.
5757
File: util/mymalloc.c.
5759
Bugfix? Avoid surprises with source routed destinations
5760
and OK entries in SMTPD access maps. File: smtpd/smtpd_access.c.
5762
Security: "postfix check" looks for damage by well-intended
5763
but misguided use of "chown -R postfix /var/spool/postfix".
5764
That would make chrooted Postfix less secure than non-chrooted
5765
Postfix. These extra tests may cause complaints with
5766
third-party patches such as TLS that introduce their own
5767
files into the jail.
5769
Feature: static map type that always returns the map name
5770
as lookup value, regardless of lookup key value. Contributed
5771
Jeff Miller (jeffm at ghostgun.com)
5773
Feature: turn off the PIX <CR><LF>.<CR><LF> workaround for
5774
the first mail delivery attempt, i.e. when mail is queued
5775
for less than $smtp_pix_workaround_threshold_time (default:
5776
500) seconds. New parameter $smtp_pix_workaround_delay_time
5777
to control the delay before sending .<CR><LF> (default: 10
5778
seconds) when doing the PIX <CR><LF>.<CR><LF> workaround.
5782
Bugfix: the 20011128 change in sendmail and postdrop did
5783
not handle the case of message_size_limit=0. Fix by Will
5788
Compatibility: The SMTP server now accepts <CR><CR><LF> as
5789
if the client sent <CR><LF>. Reportedly, some badly written
5790
windows software produces such garbage, and some badly
5791
written windows anti-VIRUS software cannot handle such
5792
garbage. File: global/smtp_stream.c.
5796
Bugfix: postmap/postalias queries ignored the -f flag.
5797
Reported by Hamish Marson.
5801
Compatibility: Sendmail now has a -L option to set the
5802
syslogging label. Postfix sendmail uses syslog_name instead,
5803
and ignores the -L option.
5805
Security: subtle hardening of the Postfix chroot jail,
5806
Postfix queue file permissions and access methods, in case
5807
someone compromises the postfix account. Michael Tokarev,
5808
who received the insights from Solar Designer, who tested
5809
Postfix with a kernel module that is paranoid about open()
5810
calls. Files: master/master_wakeup.c, util/fifo_trigger.c,
5813
Convenience: issue a warning instead of aborting when the
5814
local machine name is not in fully-qualified domain form.
5815
This would otherwise break initial postfix installation
5816
which needs the postconf command. File: global/mail_params.c.
5820
Added more garbage detection to postconf -e input processing.
5824
Feature: SMTPD access map lookups of null sender addresses.
5825
If your access maps cannot store or look up null string
5826
key values, specify "smtpd_null_access_lookup_key = <>"
5827
and the null sender address will be looked up as <> instead.
5828
File: src/smtpd_access.c.
5832
Safety: configuration file comments no longer span multiple
5833
lines when the next line begins with whitespace; multi-line
5834
input is no longer terminated by a comment line, by an all
5835
white space line, or by an empty line. Michael Tokarev made
5836
the crucial suggestion to simplify the readline routine.
5837
Files: util/readlline.c, postconf/postconf.c.
5839
Cleanup: proper detection of big number overflow in EHLO
5840
and MAIL FROM size announcements, with input from Victor
5841
Duchovni, Morgan Stanley. Files: global/off_cvt.c,
5842
smtpd/smtpd.c, smtp/smtp_proto.c, util/alldig.c.
5844
Forward compatibility: added queue file record types for
5845
original recipient and for generic named attributes.
5847
Cleanup: safe_open() now returns sensible errno values so
5848
that the fifo_trigger() external interface is restored.
5852
Upgrade: PCRE_README now describes PCRE version 3.x.
5854
Cleanup: flush SMTPD command history upon receipt of EHLO,
5855
RSET, and upon DATA completion, only if it exceeds
5856
$smtpd_history_flush_threshold lines (default: 100).
5857
Distant derivative of code by Michael Tokarev. File:
5862
Bugfix: a readlline() error message showed less text than
5863
intended. Christian von Roques.
5865
Cleanup: postfix now installs with group-writable maildrop
5866
directory and with a set-gid postdrop mail submission
5867
command. The pickup service is now unprivileged. The
5868
world-writable maildrop directory no longer exists.
5870
The cleanup service is now public, in preparation for local
5871
sendmail/postdrop mail submission that avoids the maildrop
5872
queue directory while Postfix is up.
5874
Cleanup: moved the main.cf/master.cf file editing from the
5875
postfix-script file to the INSTALL.sh file.
5877
Cleanup: INSTALL.sh no longer accepts "no" as the destination
5878
of Postfix manual pages.
5882
Cleanup: the code for "mailq", "sendmail -q", and for
5883
"sendmail -qRsite" was moved from the sendmail command to
5884
a new set-gid postqueue command. The pickup and qmgr FIFOs
5885
are no longer world writable. Files: sendmail/sendmail.c,
5886
postqueue/postqueue.c.
5890
Security: new alternate_config_directories parameter that
5891
specifies what directories a set-gid command will accept
5892
as its configuration directory. The list must be specified
5893
in the default main.cf file. File: global/mail_conf.c.
5895
Cleanup: "sendmail -qRsite" is no longer implemented by
5896
connecting to the SMTP port. It is now implemented by
5897
talking to the fast flush service. File: postqueue/postqueue.c.
5901
Cleanup: INSTALL.sh now records all installation information
5902
in the main.cf file. The now obsolete install.cf file is
5903
used only when upgrading from an older Postfix release.
5905
Cleanup: INSTALL.sh now takes name=value settings on the
5906
command line, and has a new "-upgrade" command line option
5907
to turn on non-interactive installation.
5909
Security: additional run-time checks to discourage sharing
5910
of Postfix user/group ID values with other accounts.
5914
Cleanup: SMTPD access maps now return DUNNO (undetermined)
5915
instead of OK when a recipient address contains multiple
5916
domains (user@dom1@dom2, etcetera). Victor Duchovni, Morgan
5917
Stanley. File: smtpd/smtpd_check.c.
5921
Bugfix: SMTPD access maps did not handle address extensions.
5922
File: smtpd/smtpd_check.c.
5926
Bugfix: postfix-script, when creating a missing maildrop
5927
queue directory, still referenced install.cf when setting
5928
maildrop directory group ownership; and the postfix command
5929
did not export the setgid_group parameter to the postfix-script
5930
shell script. Victor Duchovni.
5932
Bugfix: postfix-script, when creating a missing public
5933
queue directory, did not set group ownership of the public
5938
Cleanup: rewrote the Postfix installation procedure again.
5939
It is now separated into 1) a primary installation script
5940
(postfix-install) that installs files locally or that builds
5941
a package for distribution and that stores file owner and
5942
permission information in /etc/postfix/post-files, and 2)
5943
a post-installation script (/etc/postfix/post-install) that
5944
creates missing directories, that sets file/directory
5945
ownership and permissions, and that upgrades existing
5946
configuration files if necessary.
5950
Workaround: AIX null read() return on an empty but open
5951
non-blocking pipe. File: master/master_flow.c. Report:
5956
Feedback: feedback, bugfixes, and brain-dead shell workarounds
5957
for the install scripts by Victor Duchovni and Simon Mudd.
5961
Rewrote postfix-install. The postfix-files file now controls
5962
what is installed. Refined the semantics of many post-install
5963
operations. post-install now auto-saves settings that
5968
Bugfix: alternate_config_directories did not take comma or
5969
whitespace as separators. File: global/mail_conf.c. Victor
5970
Duchovni, Morgan Stanley.
5972
Bugfix: the rewritten postfix-install script did not chattr
5973
+S the Postfix queue.
5977
Cleanup: added sample_directory and readme_directory
5978
installation parameters for sample configuration files and
5979
for README files. Files: postconf.c, postfix-install,
5980
conf/postfix-files, conf/post-install.
5982
Robustness: the postfix command now exports all installation
5983
parameter settings, and input filters the environment, so
5984
that the startup shell scripts produce a consistent result.
5989
Portability: patch from LaMont Jones for compiling dict_ldap.c
5990
with the Netscape SDK.
5992
Feature: added "r" (recursive chown/chgrp) flag to the
5993
postfix-files database, for more convenient change of
5994
Postfix queue ownership. Files: conf/postfix-files,
5999
Documentation: lots of little fixes.
6001
Documentation: updates for the VIRTUAL_README file by Victor
6002
Duchovni, Morgan Stanley.
6004
Bugfix: postqueue -s dereferenced a null pointer when given
6005
a numerical domain argument. LaMont Jones, HP.
6007
Cleanup: smtpd now logs a warning when permit_sasl_authenticated
6008
is used while SASL authentication is disabled, instead of
6009
simply ignoring the restriction. LaMont Jones, HP. File:
6012
Safety: when postmap creates a non-existent file, the new
6013
file inherits group/other read permissions from the source
6014
file. Based on code by LaMont Jones, HP. File:
6019
Portability: some Linux systems install libnsl.so without
6020
libnsl.a file, causing an yp_match undefined reference
6021
problem. File: makedefs.
6025
Portability: post-install now requests that command_directory
6026
is given on the command line when the postconf command is
6027
in an unusual place.
6029
Safety: extra code to detect and report Berkeley DB version
6030
mismatches between compile time and run time. This test
6031
is limited to mismatches in the major version number only.
6032
File: util/dict_db.c. Based on code by Lawrence Greenfield,
6033
Carnegie-Mellon university.
6035
Safety: the postfix command and the master daemon abort if
6036
they are running set-uid.
6038
Documentation: the postmap manual page described an out of
6039
date input file format.
6043
Workaround: SCO version 3.2 can't ioctl(FIONREAD) a pipe.
6044
Therefore, input mail flow control is disabled by default.
6045
Files: makedefs, global/mail_params.h, conf/main.cf.
6046
Problem reported by Kurt Andersen, Agilent.
6050
Workaround: changed the default smtpd_null_access_lookup_key
6051
setting to <>, because some Bezerkeloid DB implementations
6052
can't handle null-length lookup keys. File: global/mail_params.h.
6054
Bugfix: backed out a null-length address panic call by
6055
ignoring the problem, like Postfix did in the past. File:
6056
global/resolve_local.c.
6058
Safety: "postfix check" will now warn if /usr/lib/sendmail
6059
and /usr/sbin/sendmail differ, and will propose to replace
6060
one by a symlink to the other. File: conf/postfix-script.
6064
Sanity: additional permission checks for "postfix check"
6065
that warn for setgid_group group ownership mismatches. by
6066
Matthias Andree, uni-dortmund.de. File: conf/postfix-script.
6068
Bugfix: "postfix check" used a too simplistic way to
6069
recognize file ownership (grepping ls output). It now uses
6070
the recently discovered "find -prune". Peter Bieringer,
6071
Matthias Andree. File: conf/postfix-script.
6075
Workaround: log a warning and disconnect when an SMTP client
6076
ignores our negative replies and starts sending message
6077
content without permission. File: smtpd/smtpd.c.
6081
Bugfix: mismatch in the file being locked by dict_dbm and
6082
the file being locked by postmap, so that locks did not
6083
work correctly. Victor Duchovni, Morgan Stanley.
6087
Workaround: Solaris bug 4380626: strcasecmp() and strncasecmp()
6088
produce incorrect results with 8-bit characters. For example,
6089
non-ASCII characters could compare equal to ASCII characters,
6090
and that could result in any number of security problems.
6091
Files: util/strcasecmp.c, COPYRIGHT (the BSD license).
6093
Bugfix: off-by-one error, causing a null byte to be written
6094
outside dynamically allocated memory in the queue manager
6095
with addresses of exactly 100 bytes long, resulting in
6096
SIGSEGV on systems with an "exact fit" malloc routine.
6097
Experienced by Ralf Hildebrandt; diagnosed by Victor
6098
Duchovni. Files: *qmgr/qmgr_message.c. This is not a
6101
Bugfix: make all recipient comparisons transitive, because
6102
Solaris qsort() causes SIGSEGV errors otherwise. Victor
6103
Duchovni, Morgan Stanley. File: *qmgr/qmgr_message.c.
6107
Bugfix: don't strip source route (@domain...:) when the
6108
result would be an empty address. This avoids problems when
6109
append_at_myorigin is set to "no" (which is not supported).
6110
Problem reported by Charles McColgan, Big Fish Communications.
6111
File: trivial-rewrite/rewrite.c.
6115
Cleanup: postqueue should not not complain when output
6116
fails with "broken pipe".
6120
Bugfix? reply with 550 not 552 when content is rejected.
6121
552 is reserved for "too much mail".
6123
Documentation: add note to sendmail manual page that running
6124
"sendmail -bs" as $mail_owner enables SMTP server UCE and
6125
access control checks. This is meant for use from inetd
6126
etc. Matthias Andree.
6130
Bugfix: DBM maps should use different files for locking
6131
and for change detection. Problem reported by Victor
6132
Duchovni, Morgan Stanley. Files: util/dict.h util/dict.c
6133
util/dict_db.c util/dict_dbm.c global/mkmap.c local/alias.c.
6137
Bugfix: mailq could show addresses with unusual characters
6138
twice. Problem reported by Victor Duchovni, Morgan Stanley.
6139
File: showq/showq.c.
6141
Bugfix: null recipients weren't properly recorded in
6142
bounce/defer logfiles. Such recipient addresses are not
6143
accepted in SMTP mail, but they could appear within locally
6144
submitted mail. File: bounce/bounce_append_service.c.
6148
Workaround: Berkeley DB can't handle null key lookups,
6149
which happen with HELO names ending in ".". Victor Duchovni,
6150
Morgan Stanley. File: smtpd/smtpd_check.c.
6152
Logging: log a hint when mail is deferred because the
6153
soft_bounce parameter is set. People sometimes forget to
6154
turn it off. File: global/bounce.c.
6158
Cleanup: add a msg_warn() call when fork() fails in
6159
pipe_command(), to make problems easier to investigate.
6160
Chris Wedgwood. File: global/pipe_command.c.
6164
Feature: smtp_helo_name parameter to specify the hostname
6165
or [ip.address] in HELO or EHLO commands. Files: smtp/smtp.c
6170
Cleanup: more graceful handling of long physical message
6171
header lines upon input. Physical header lines can now
6172
extend up to $header_size_limit characters. When a logical
6173
message header is too long, the excess text is discarded
6174
and Postfix no longer switches to body mode, to avoid
6175
breaking MIME encapsulation. Based on code by Victor
6176
Duchovni, Morgan Stanley. Files: cleanup/cleanup_out.c,
6177
cleanup/cleanup_message.c.
6179
Cleanup: more graceful handling of long physical message
6180
header or body lines upon output by the SMTP client. The
6181
SMTP client output line length is controlled by a new
6182
parameter smtp_line_length_limit (default: 990; specify 0
6183
to disable the limit). Long lines are folded by inserting
6184
<CR> <LF> <SPACE>, to avoid breaking MIME encapsulation.
6185
Based on code by Victor Duchovni, Morgan Stanley. File:
6190
Cleanup: allow additional text after a WARN command in a
6191
header/body_checks pattern file, so that one can change
6192
REJECT+text into WARN+text and vice versa. Based on code
6193
by Fredrik Thulin, Stockholm University.
6195
Cleanup: log a warning when an unknown command is found in
6196
a header/body_checks pattern file, or when additional text
6197
is found after a command that does not expect additional
6198
text. Based on code by Fredrik Thulin, Stockholm University.
6200
Bugfix: sendmail should not recognize "." as the end of
6201
input when the current read operation started in the middle
6202
of a line. Victor Duchovni, Morgan Stanley. File:
6203
sendmail/sendmail.c.
6207
Portability fix for OPENSTEP and NEXTSTEP by Gerben Wierda.
6208
File: util/sys_defs.h.
6212
Bugfix: defer_transports broke because the flush server
6213
triggered mail delivery (as if ETRN was sent) while doing
6214
some internal housekeeping of per-destination logfiles.
6215
Problem experienced by LaMont Jones, HP. File: flush/flush.c.
6217
Bugfix: virtual mapping broke for addresses with embedded
6218
whitespace. Fix by Victor Duchovni, Morgan Stanley. File:
6219
cleanup/cleanup_map1n.c.
6221
Feature: configurable service name for the internal services:
6222
bounce, cleanup, defer, error, flush, pickup, queue, rewrite,
6223
showq. This allows you to specify, for example, a non-default
6224
cleanup service (smtpd -o cleanup_service_name=alt_cleanup).
6225
Files: global/mail_params.[hc].
6227
Feature: SASL version 2 support by Jason Hoos. Files:
6228
*/*_sasl_glue.c, SASL_README, conf/sample-auth.cf.
6232
Bugfix: postqueue did not pass on non-default configuration
6233
directory settings when running showq while the mail system
6234
is down. The super-user is now exempted from environment
6235
stripping in postqueue/postqueue.c. Problem reported by
6236
Victor Duchovni, Morgan Stanley.
6240
Workaround: recognize more headers that are sent instead
6241
of SMTP commands. File: smtpd/smtpd.c.
6245
Feature: new pipe delivery agent "D" flag to prepend a
6246
Delivered-To: message header. This requires single recipient
6247
deliveries. Based on code by Matthias Andree. File:
6252
Portability: Postfix will no longer attempt to build with
6253
gdbm support, because gdbm is broken. File: makedefs.
6257
Cleanup: the attribute list IPC code did not distinguish
6258
between "disconnect" and "timeout" while reading an attribute
6259
list, making trouble shooting more difficult than necessary.
6260
Files: util/attr_scan0.c, util/attr_scan64.c.
6262
Cleanup: install parameter defaults can now be overruled
6263
from makedefs: sendmail_path, mailq_path, newaliases_path,
6264
command_directory, daemon_directory. Based on code by Victor
6265
Duchovni, Morgan Stanley. File: util/sys_defs.h.
6269
Cleanup: Use more robust quoting passing makedefs/Makefile
6270
settings. This also simplifies the seven backslashes example
6271
in the INSTALL file. Victor Duchovni, Morgan Stanley.
6272
Files: makedefs, INSTALL.
6276
Bugfix: the post-install script failed to upgrade master.cf
6277
settings from private to public if the service was explicitly
6278
configured as private.
6282
Documentation: added CPU saving patterns for quickly skipping
6283
base 64 encoded text in message bodies. Liviu Daia. Files:
6284
{proto,conf}/pcre_table, {proto,conf}/regexp_table,
6285
conf/sample_{regexp,pcre}_body.cf.
6289
Bugfix: the SMTP client forgot to quote whitespace etc.
6290
in a sender/recipient address when DNS lookup was turned
6291
off (disable_dns_lookups = yes). Problem experienced by
6292
Chip Paswater. Files: smtp/smtp_proto.c.
6296
Feature: wildcard lookup in transport maps (lookup key
6297
"*"). Code developed with Lamont Jones, HP.
6299
Feature: a null transport:destination transport map entry
6300
means proceed as if the transport map lookup failed. Code
6301
developed with Lamont Jones, HP.
6303
Feature: more efficient use of cache memory when a process
6304
opens multiple Berkeley DB tables; and faster performance
6305
creating large tables by using more buffer memory. Files:
6306
util/dict_db.[hc], global/mkmap_db.c. Victor Duchovni,
6311
Cleanup: postqueue silently ignored command-line arguments
6312
following -p or -f options, instead of complaining; postqueue
6313
produced an incorrect error message (mail system down) when
6314
the command was installed with incorrect privileges. File:
6315
postqueue/postqueue.c.
6317
Bugfix: while reporting a domain name or IP address syntax
6318
error, postqueue could dereference a dangling pointer with
6319
some getopt() implementations. LaMont Jones, HP. File:
6320
postqueue/postqueue.c.
6322
Safety: postalias and postmap now drop root privileges
6323
while processing a non-root input file. Thus, the result
6324
should be writable to the source file owner. Specify the
6325
-o option if this is a problem. Files: postmap/postmap.c,
6326
postalias/postalias.c.
6328
Consistency: just like postmap, postalias now copies file
6329
permissions from the source file when it creates a new
6330
table for the first time. File: postalias/postalias.c.
6334
Portability: run-time test to avoid GDBM trouble. File:
6339
Cleanup: revised and simplified the transport map semantics.
6340
Null transport or nexhop fields now mean: "do not change":
6341
use what would be used if the transport map did not exist.
6342
This change eliminated a lot of code. The incompatibility
6343
is that a null transport field no longer defaults to
6344
$default_transport, but to $local_transport or $default_transport
6345
depending on the destination, and that a transport map only
6346
overrides relayhost when the table specifies explicit
6347
nexthop information. Files: trivial-rewrite/transport.c,
6348
trivial-rewrite/resolve.c.
6350
Cleanup: revised the user interface for controlling the
6351
Berkeley DB create and read buffer size controls. Files:
6352
util/dict_db.[hc], global/mail_params.[hc], global/mkmap_db.c.
6356
Cleanup: simplified the hash/btree cache management code.
6357
The caches are now per table instead of shared, and the
6358
default read cache size is reduced to 128 kBytes. File:
6363
Bugfix: close user@domain@postfix-style.virtual.domain
6364
source routing relaying loophole involving postfix-style
6365
virtual domains with @virtual.domain catch-all patterns.
6366
Problem reported by Victor Duchovni. File: smtpd/smtpd_check.c.
6368
Bugfix: mail_addr_map() used the "wrong" @ character in
6369
addresses with multiple @. Victor Duchovni. File:
6370
global/mail_addr_map.c.
6372
Bugfix: for address localpart quoting, now quote @ as a
6373
special character everywhere, except when resolving addresses.
6374
Previously, the @ was nowhere quoted as a special character,
6375
not even in SMTP commands. Files: global/quote_82[12]_local.c
6380
Safety: don't allow an OK access rule lookup result for
6381
user@domain@postfix-style.virtual.domain. Suggested by
6382
Victor Duchovni, Morgan Stanley. File: smtpd/smtpd_check.c.
6384
Bugfix: quote unquoted address localparts that need quoting.
6385
Files: global/tok822_parse.c, global/quote_82[12]_local.c.
6387
Documentation: simplified the advanced content filtering
6388
example, and included a more advanced example for those
6389
who want to squeeze out more performance without running
6390
multiple Postfix instances. Text by Victor Duchovni, Morgan
6391
Stanley. File: README_FILES/FILTER_README.
6395
Feature: header/body filters now log the origin of the
6396
message that is being rejected. Files: smtpd/smtpd.c,
6397
qmqpd/qmqpd.c, pickup/pickup.c, cleanup/cleanup_envelope.c,
6398
cleanup/cleanup_message.c. Requested by Craig Sanders, if
6399
I remember correctly.
6401
Feature: the Postfix SMTP client now passes on MIME body
6402
type information (8bit, 7bit) received via SMTP, via MIME
6403
headers, or via the sendmail command line. Files:
6404
global/deliver_request.c, smtpd/smtpd.c, sendmail/sendmail.c,
6405
cleanup/cleanup_envelope.c, cleanup/cleanup_message.c,
6406
cleanup/cleanup_extracted.c, *qmgr/qmgr_message.c,
6407
*qmgr/qmgr_deliver.c, smtp/smtp_proto.c, lmtp/lmtp_proto.c.
6411
Feature: bounces now specify the proper MIME encoding (8bit,
6412
7bit), depending on the MIME body type information received
6413
via SMTP, via MIME headers, or via the sendmail command
6414
line. Files: global/bounce.c, global/defer.c, global/abounce.c,
6415
bounce/bounce_service.c, bounce/bounce_notify_util.c.
6419
Cleanup: the SMTP client logged and bounced the CNAME
6420
expanded recipient address, and thereby complicated trouble
6421
shooting. File: src/smtp_proto.c.
6423
Bugfix: the SMTP and LMTP clients bounced the quoted
6424
recipient address, resulting in too much quoting in bounce
6425
reports. Files: src/smtp_proto.c, lmtp/lmtp_proto.c.
6429
Bugfix: the LDAP client used the "wrong" @ character in
6430
addresses with multiple @. LaMont Jones, HP. File:
6433
Feature: lots of new LDAP stuff: result_filter (filter to
6434
expand results from queries), chase_referrals, LaMont Jones,
6435
HP. The LDAP bind timeout now works thanks to Victor
6436
Duchovni, Morgan Stanley. File: util/dict_ldap.c.
6438
Cleanup: specify "resolve_dequoted_address = no" to prevent
6439
Postfix from looking inside quotes for extra @ etc. characters
6440
when resolving an address. This behavior is technically
6441
more correct, but it opens a mail relay loophole with "user
6442
@domain"@domain when relaying mail to a Sendmail system.
6446
Bugfix: the new code for header address quoting sometimes
6447
did not null terminate strings so that arbitrary garbage
6448
could appear at the end of message headers. Reported by
6449
Ralf Hildebrandt. File: global/tok822_parse.c.
6451
Safety: user@domain@domain is no longer accepted by the
6452
permit_mx_backup uce restriction (unless Postfix is configured
6453
with "resolve_dequoted_address = no"). Victor Duchovni,
6454
Morgan Stanley. File: smtpd/smtpd_check.c.
6458
Workaround: flush the SMTP client output buffer when no
6459
output has happened for 10+ seconds. This prevents the
6460
socket from timing out, in case DNS CNAME expansion is
6461
slow. Problem experienced by Alex Erdelyi, peregrine.com.
6462
File: smtp/smtp_chat.c. We did the same thing for the SMTP
6463
server years ago, and one wonders why the coin didn't drop
6464
at the time that the SMTP client could suffer from a similar
6469
Updated the FILTER_README file to turn off DNS lookups in
6470
the SMTP client that feeds mail into a content filter.
6474
Cleanup: Mailbox-Line: message header labels should be
6475
X-Mailbox-Line: labels. Files: smtpd/smtpd.c, qmqpd/qmqpd.c.
6479
Feature: new MIME parser, written from scratch, that
6480
recognizes the structure of MIME encapsulated mail. Influenced
6481
by comments from Victor Duchovni. This code can detect but
6482
will not decode obscure MIME formats or obscure character
6483
string encoding that Liviu Daia expresses concern about.
6485
MIME header scanning now happens in header_checks, and is
6486
faster than body_checks could ever be. This also eliminates
6487
the problem with multi-line MIME headers being matched one
6488
line at a time. Files: global/mime_state.[hc],
6489
cleanup/cleanup_message.c.
6493
Feature: 8-bit to quoted-printable conversion. First use
6494
in the Postfix SMTP client. File: smtp/smtp_proto.c.
6496
Logging: the Postfix SMTP and LMTP clients now report the
6497
the protocol stage when they report a server reply. File:
6498
smtp/smtp_proto.c, lmtp/lmtp_proto.c.
6500
Bugfix: the SMTP server warned about ignored client attributes
6501
(these were introduced 20020510) in mail that was submitted
6502
with "sendmail -bs". File: smtpd/smtpd.c.
6506
Feature: separation of header checks into header_checks
6507
(all primary headers except MIME related headers),
6508
mime_header_checks (all MIME headers including MIME headers
6509
at the start of messages) and nested_header_checks (headers
6510
of attached messages, except MIME related headers).
6512
Cleanup: broke out the header value parser from the MIME
6513
processor so that the code can be reused elsewhere. File:
6514
global/header_token.c.
6516
Compatibility: Postfix now recognizes "name :" as a valid
6517
message header, but normalizes it to "name:" form or else
6518
lots of things would break all over the place. Files:
6519
global/is_header.c, global/mime_state.c.
6523
Bugfix: the SMTP server now disallows RCPT TO:<"">, just
6524
like it disallows RCPT TO:<>. File: smtpd/smtpd.c.
6526
Feature: disable_mime_input_processing=yes/no controls
6527
whether Postfix recognizes (and optionally enforces) MIME
6528
formats while receiving mail. Default is NO.
6530
Feature: disable_mime_output_conversion=yes/no controls
6531
whether Postfix will convert 8BITMIME to 7BIT mail when
6532
delivering mail to an SMTP server that does not announce
6533
8BITMIME support. Default is NO.
6535
Feature: strict_8bitmime=yes/no controls whether Postfix
6536
rejects 8-bit characters in headers and 7-bit body parts.
6537
This blocks mail from poorly written software, including
6538
majordomo approval requests that contain a valid 8BITMIME
6539
email message, as well as mail that is piped into ancient
6540
/bin/mail implementations that do not MIME format 8-bit
6541
content. Default is NO.
6543
Feature: strict_mime_encoding_domain=yes/no controls whether
6544
Postfix rejects illegal content transfer encodings for
6545
multipart/* and message/*. This blocks mail from poorly
6546
written software. Default is NO.
6550
Feature: "FILTER transport:nexthop" in header/body checks.
6551
After the message is queued, the message is sent through
6552
a content filter. This requires different cleanup servers
6553
before and after the filter, with header/body checks turned
6554
off in the second cleanup server.
6558
Feature: strict_7bit_headers and strict_8bitmime_body are
6559
now separately available. To to turn on both, use
6562
Cleanup: abandon the use of isspace(3) in the parsing of
6563
RFC822 message headers. Files: global/lex_822.h and lots
6566
Documentation: replace domain.name by domain.tld in the
6567
example config files. The domain exists. They were getting
6568
mail from poorly configured Postfix boxes.
6570
Bugfix: The Postfix sendmail command did not export the
6571
MAIL_CONFIG environment setting to the postdrop command.
6572
File: global/mail_config.h.
6574
Incompatibility: by default, turn on the PCRE_DOTALL flag,
6575
so that PCRE patterns will match multi-line message headers
6576
without causing pain. Suggested by Michael Tokarev. Also
6577
documented all those darned undocumented PCRE flags in the
6578
pcre_table(5) manual page. Files: util/dict_pcre.c,
6583
Bugfix: mail rejected due to MIME errors was rejected
6584
without proper logging. Files: global/mime_state.c,
6585
cleanup/cleanup_message.c.
6589
Bugfix: the SMTP client code that prepends '.' to lines
6590
starting with '.' had to be moved from its old place to
6591
after the MIME output conversion. Problem found by Mark
6592
Martinec. File: smtp/smtp_proto.c.
6596
Bugfix: the deliver_pass() routine needed updating for the
6597
extra MIME encoding attribute that was introduced 20020510.
6598
Patch by Sebastian Schaffert @ wastl.net. File:
6599
global/deliver_pass.c.
6603
Workaround: Solaris non-blocking read() can fail on a socket
6604
with unread data according to ioctl FIONREAD. Incredible.
6605
Diagnosis by Max Pashkov. File: smtp/smtp-sink.c.
6607
Weird feature: sender-based routing. This will become more
6608
useful once per-address transport map entries are done.
6609
File: src/*qmgr/qmgr_message.c.
6613
Safety: header_address_token_limit limits the amount of
6614
memory and CPU that we're willing to spend while parsing
6615
addresses in message headers. The limit is expressed as a
6616
number of tokens. File: global/tok822_parse.c
6620
Feature: user@domain transport map lookup, based on code
6621
by Scott Cotton, from several years ago. Adding this code
6622
now was much less painful than it was in the past. Files:
6623
global/strip_addr.c, trivial-rewrite/transport.c.
6627
Cleanup: making user@domain transport map lookups work with
6628
sender-based routing was a bit tricky, because the null
6629
address must be handled sensibly. Files: global/resolve_clnt.c,
6630
trivial-rewrite/resolve.c. It ain't perfect yet, but close.
6634
Bugfix: postsuper -r was broken as of 20020510. The cleanup
6635
daemon would discard mail with MIME type information. Moved
6636
a bunch of sanity checks from the cleanup daemon to the
6637
pickup daemon, so the checks are in one place. Problem
6638
experienced by Pavol Luptak. Files: pickup/pickup.c,
6639
cleanup/cleanup_extracted.c.
6643
Safety: log a warning when a domain is listed in mydestination
6644
and (virtual_maps or virtual_mailbox_maps). This configuration
6645
error causes the Postfix SMTP server to reject recipients
6646
when the local_recipient_maps feature is enabled. File:
6647
smtpd/smtpd_check.c.
6651
Portability: in the master daemon, the default now is to
6652
enable the signal handler code that writes a byte into a
6653
pipe, instead of the signal handler code that sets a global
6654
flag and hopes that select() will somehow wake up. File:
6655
master/master_sig.c. This is needed for some IRIX and
6656
UnixWare versions, but it should also produce a robust
6657
result on all other supported systems.
6659
Performance: the default SMTP connection establishment
6660
timeout is now 30 seconds, instead of the system default
6661
which can be atrociously large.
6665
When DNS lookup fails while delivering mail, report not
6666
only the domain name but also the DNS record type. This
6667
should clue in people who ask why Postfix can't find a
6668
domain while nslookup can. File: dns/dns_lookup.c.
6672
Bugfix: undo change made at 20020610 that causes the trivial
6673
resolver client to loop when an address consists entirely
6674
of @ and . characters. File: trivial-rewrite/resolve.c.
6676
Cleanup: Postfix no longer strips multiple '.' at the end
6677
of a domain name. One '.' is silently tolerated. Files:
6678
trivial-rewrite/rewrite.c, trivial-rewrite/resolve.c,
6679
global/resolve_local.c. This policy is too distributed.
6683
Feature: @domain.tld catch-all map entries for the virtual
6684
mail delivery agent. Files: global/virtual8_maps_find.c,
6685
virtual/mailbox.c, smtpd/smtpd_check.c.
6687
Feature: the virtual mail delivery agent now accepts address
6688
extensions (user+foo@domain.tld), ignores them when looking
6689
up users in its tables, but displays them in Delivered-To:
6690
message headers. File: global/virtual8_maps_find.c.
6694
Feature: domain names in a masquerade_domains list can now
6695
be prefixed with !, in order to disable masquerading for
6696
that domain name and for its subdomains. File:
6697
cleanup/cleanup_masquerade.c.
6701
Bugfix: Mac OS X niscript (Netinfo) update by Gerben Wierda.
6702
File: auxiliary/MacOSX/niscript.
6704
Feature: The SMTP server reject_unknown_whatever restrictions
6705
now also attempt to look up AAAA (IPV6 address) records.
6706
Jun-ichiro itojun Hagino, IIJ labs. Files: smtpd/smtpd_check.c,
6711
Bugfix: unnecessary lookups for extended addresses by the
6712
virtual8_maps_find() routine. Victor Duchovni. His patch
6713
did not work, nor did my own, but the present version should
6714
be OK. File: global/virtual8_maps_find.c.
6718
Workaround: log a warning when an SMTP client name->address
6719
lookup results in a numeric IP address, and set the client
6720
hostname to "unknown". Some gethostbyname() implementations
6721
will actually accept such garbage and thereby allow sites
6722
to defeat the "reject_unknown_client" restriction. Problem
6723
reported by Wolfgang Rupprecht, fix based on analysis (but
6724
not code) by Victor Duchovni.
6726
Bugfix: memory leaks in the LDAP client by Victor Duchovni.
6727
File: util/dict_ldap.c.
6729
Bugfix: garbage in verbose "flush" server logging. Victor
6730
Duchovni. File: flush/flush.c.
6734
Incompatibility: smtpd_sasl_local_domain now defaults to
6735
the null string. File: smtpd/smtpd.c, smtpd/smtpd_sasl_glue.c.
6739
Documentation: added GDB debugging instructions for sites
6740
that do not have X installed on the Postfix machine. Henrik
6741
Larsson, spambox.dk.
6745
Weird: installed RedHat 3.03 inside VMware, and no change
6746
was needed to build Postfix, except to recognize the Linux
6749
Bugfix: some mailers will announce ESMTP features in their
6750
HELO (not EHLO) response. Postfix did not ignore them.
6751
File: smtp/smtp_proto.c.
6755
Cleanup: permit_naked_ip_address is unsafe (especially when
6756
used with smtpd_recipient_restrictions) and will go away.
6757
Postfix now logs a warning. File: smtpd/smtpd_check.c.
6761
Cleanup: the warning message for matched header/body content
6762
was misleading. File: cleanup/cleanup_message.c.
6764
Safety: moved the "postsuper -r ALL" operation after the
6765
"postsuper -s" check that makes queue file names match
6766
inode numbers. This avoids loss of mail in the unlikely
6767
case that someone runs "postsuper -sr ALL" on a queue that
6768
was copied from another place.
6770
Feature: "postsuper -h" to put mail "on hold" and "postsuper
6771
-H" to release mail that was placed "on hold". This involves
6772
a new queue, which is appropriately named "hold". Files:
6773
postsuper/postsuper.c, showq/showq.c.
6777
Feature: when a Delivered-To: mail delivery loop is detected,
6778
send the bounce to the mailing list owner. This required
6779
changes to the local delivery agent, a new bounce client
6780
stub, and a new bounce server stub and support routines
6781
for one recipient bouncing. Files: local/recipient.c,
6782
global/bounce_log.c, global/bounce.c, bounce/bounce.c,
6783
bounce/bounce_notify_util.c, bounce/bounce_one_service.c.
6787
Bugfix: the 20020531 bugfix could prepend '.' to lines when
6788
it shouldn't (but only when converting 8-bit mail to 7-bit).
6789
Problem experienced by Ralf Hildebrandt. File:
6792
Bugfix: smtpd_sender_login_maps did not do the @domain etc.
6793
wild-card lookups that were promised. Problem experienced
6794
by Sven Michels. File: smtpd/smtpd_check.c.
6798
Feature: new smtp-sink command-line options to specify the
6799
SMTP hostname, to disable ESMTP protocol support, to disable
6800
8BITMIME support, and to syslog selected commands. File:
6801
smtpstone/smtp-sink.c.
6805
Feature: the queue manager now warns when mail for some
6806
destination is piling up in the active queue, and suggests
6807
a variety of remedies. The qmgr_clog_warn_time parameter
6808
controls the time between warnings, mainly so that I could
6809
test the code. To disable these warnings, specify
6810
"qmgr_clog_warn_time = 0". Files: *qmgr/qmgr_entry.c.
6814
Paranoia: truncate the DNS response length result value in
6815
case it is larger than the result buffer length (the resolver
6816
documentation is vague about this). File: dns/dns_lookup.c.
6820
Cleanup: "postqueue -f" now also triggers delivery of mail
6821
in the maildrop directory. This is needed when the master
6822
does not frequently wake up the pickup service. Files:
6823
global/mail_flush.c, postqueue/postqueue.c.
6827
Cleanup: the qmgr_site_hog_factor feature is gone (defer
6828
mail if a site uses up too much space in the active queue).
6829
Instead, the qmgr_clog_warn_time feature provides better
6830
solutions. File: qmgr/qmgr_message.c.
6834
Feature: new header/body_checks HOLD pattern that causes
6835
mail to be placed on the "hold" queue for manual inspection.
6836
Files: global/hold_message.[hc], cleanup/cleanup_message.c.
6840
Bugfix: yesterday's HOLD pattern code did not update the
6841
cleanup server's idea of the queue file name for error
6842
recovery and for error reporting purposes, so that incomplete
6843
or content rejected mail would not be deleted from the
6844
queue, and so that the bouncer would not find the queue
6847
Bugfix: the #ifdef that detects too old LDAP libraries was
6848
in the wrong place. Victor Duchovni. File: util/dict_ldap.c.
6850
Feature: new header/body_checks DISCARD pattern that causes
6851
mail to be silently discarded. Files: global/cleanup_user.h,
6852
cleanup/cleanup_message.c, cleanup/cleanup_api.c.
6854
Bugfix: the local delivery agent's mailbox duplicate delivery
6855
eliminator was not updated in the days that address extensions
6856
were added to Postfix. The other local duplicate eliminators
6857
probably need revision as well. File: local/mailbox.c.
6861
Feature: HOLD and DISCARD actions in SMTPD access tables.
6862
These requests are propagated to the cleanup daemon. Files:
6863
cleanup/cleanup_envelope.c smtpd/smtpd_check.c.
6865
Cleanup: eliminate unnecessary references to the obsolete
6866
program_directory configuration parameter (but keep the
6867
parameter so as to not break existing installations).
6868
Matthias Andree, many little changes in documentation.
6872
Bit Rot: OpenLDAP incompatible change with URL parsing.
6873
Patches by Will Day, Georgia Tech, and Carsten Hoeger,
6874
SUSE. File: util/dict_ldap.c.
6878
Bugfix: added a missing memset() call to wipe the lookup
6879
key in dict_db_delete(). This is needed by some Berkeley
6880
DB implementations. Patch by Katsu Yamamoto, Fujitsu.
6882
Bugfix: when permit_mx_backup is unable to make a decision
6883
due to DNS problems, set the "defer if reject" flag so that
6884
other restrictions will not cause mail to be rejected.
6885
File: smtpd/smtpd_check.c.
6887
Feature: instead of giving up immediately after DNS failure,
6888
turn on the "defer_if_permit" flag when reject_unknown_hostname,
6889
reject_unknown_sender_domain or reject_unknown_recipient_domain
6890
are unable to make a decision, and see if any subsequent
6891
restrictions would still cause the mail to be rejected.
6892
File: smtpd/smtpd_check.c.
6894
Feature: "FILTER transport:nexthop" is now also available
6895
in SMTPD access tables.
6899
Workaround: HP-UX 11 accept() fails with ENOBUFS when the
6900
client disconnects early. File: sane_accept.c.
6904
Cleanup: postfix-install no longer installs all the manual
6905
pages under $POSTFIXSOURCE/man, so we can generate manual
6906
pages for smtp-sink etc. File: man/Makefile.in.
6910
Bugfix: the rmail script should have been updated when
6911
Postfix sendmail was changed to recognize `.' as the end
6912
of input. Problem fix by Christian Kratzer, cksoft.de.
6913
File: auxiliary/rmail/rmail.
6915
Feature: specify "maximal_queue_lifetime = 0" for mail that
6916
should be returned immediately after the first unsuccessful
6917
delivery attempt. Files: qmgr/qmgr.c, nqmgr/nqmgr.c.
6921
Bugfix: qmail compatibility: qmqpd should support any
6922
character at the end of the VERP prefix in prefix@host-@[].
6923
Based on a patch by LaMont Jones, HP.
6927
Feature: "smtpd_data_restrictions = reject_unauth_pipelining"
6928
blocks mail from SMTP clients that send message content
6929
before Postfix has replied to the DATA command. File:
6930
smtpd/smtpd.c, smtpd/smtpd_check.c.
6932
Bugfix: the LDAP client dumped core in verbose mode.
6933
Reported by Will Day and others. File: util/dict_ldap.c.
6937
Cleanup: dict_regexp module speedups by avoiding unnecessary
6938
substring overhead while matching strings. Based on a
6939
suggestion by Liviu Daia. This involved major rewriting of
6940
the regexp map code. File: util/dict_regexp.c.
6944
Feature: IF..ENDIF support based on code by Bert Driehuis.
6945
This involved a further rewrite of the regexp map code.
6946
File: util/dict_regexp.c.
6951
Bugfix: the SMTP client produced suprious warnings about
6952
trouble with fallback_relay hosts. File: smtp/smtp_connect.c.
6954
Robustness: don't wait with detecting broken SMTP connections
6955
until reading input. Leandro Santi. File: smtpd/smtpd_chat.c.
6959
Workaround: IRIX 6 can't do ioctl FIONREAD on pipes. This
6960
breaks the in_flow_delay feature. File: util/sys_defs.h.
6964
Bugfix: canonical/virtual mapping core dump with a null
6965
right-hand side address. Report by Jussi Silvennoinen.
6966
File: global/mail-addr_crunch.c.
6968
Feature: IF..ENDIF support based on code by Bert Driehuis.
6969
This involved a rewrite of the pcre map code similar to
6970
the regexp map code. File: util/dict_pcre.c.
6974
Feature: on Linux, support for PCRE lookup tables is now
6975
compiled in if the PCRE library code is found under
6976
/usr/include and /usr/lib. File: makedefs.
6980
Documentation: postsuper(1) did not document the -c option.
6982
Bugfix: possible longjump() before setjmp(). File:
6985
Bugfix: pickup should not preserve INSPECT or FILTER records
6986
from "postsuper -r". File: pickup/pickup.c.
6990
Feature: "reject_rbl <domain>" for client address blacklisting
6991
by LaMont Jones, including $name expansion for per-domain
6992
customized response messages. The obsolete reject_maps_rbl
6993
is now a wrapper that uses the new code.
6997
Internal: added caching and factored out common code that
6998
will be used for both reject_rbl and for the upcoming
6999
reject_rhsbl restriction.
7003
Feature: "reject_rhsbl <domain>" for sender domain
7004
blacklisting. Provides the same per-domain customized
7005
response message mechanisms with $name expansion as
7008
Safety: the smtpd_expansion_filter parameter controls what
7009
characters are allowed in the expansion of $name macros in
7010
template RBL responses.
7012
Cleanup. In order to make sensible warnings possible when
7013
expanding a non-existent $name in RBL reply templates,
7014
mac_expand() had to be changed so that an empty string
7015
result (i.e. the name does exist) will no longer cause
7016
${name?text} to succeed. File: util/mac_expand.c.
7020
Cleanup. Renamed the RBL features according to a scheme
7021
that was suggested by Liviu Daia in October 2001. The names
7022
are reject_rbl_client and reject_rhsbl_sender, respectively.
7023
Added domain name based reject_rhsbl_client and
7024
reject_rhsbl_recipient restrictions for completeness. The
7025
reject_rbl restriction name is still recognized for
7026
compatibility with systems maintained by LaMont Jones.
7030
Bugfix: reject_rhsbl_<mumble> was broken when <mumble> was
7031
unavailable, causing the restrictions parser to get out if
7032
sync. Spotted by Ralf Hildebrandt. File: smtpd/smtpd_check.c.
7036
Bugfix: missing %s in the 20020923 RBL code. This was not
7037
exploitable because Postfix implements only a safe subset
7038
of all printf format operators and because memory for the
7039
result is dynamically allocated. Victor Duchovni. File:
7040
smtpd/smtpd_check.c.
7044
Updated MacOSX support scripts from Gerben Wierda. Files:
7049
Bugfix: SIZE errors should be reported at MAIL FROM time,
7050
and should not be postponed (with smtpd_delay_reject = yes)
7051
until RCPT TO time. Reported by Jeroen Scheerder, Utrecht
7052
University. Files: smtpd/smtpd.c smtpd/smtpd_check.c.
7056
When Postfix development started, Linux mail delivery
7057
software such as procmail did not use kernel locks, and
7058
Postfix picked one that seemed plausible, namely, flock().
7059
In the mean time, Linux mail delivery software seems to
7060
have standardized on fcntl() locks. File: util/sys_defs.h.
7062
Feature: body_checks_size_limit parameter to specify how
7063
much of a message body segment (or attachment, if you prefer
7064
to use that term) is subjected to body_checks inspection.
7065
Default limit: 50 kbytes. Files: global/mime_state.c,
7066
cleanup/cleanup_message.c.
7070
Bugfix: the code for missing postmaster/mailer-daemon
7071
aliases had to be moved after the code that implements the
7072
luser_relay feature. Files: local/alias.c, local/unknown.c.
7074
Weird? The LMTP client lowercased the MAIL FROM and RCPT
7075
TO addresses. Some remnant of code that someone put in
7076
there long ago. File: lmtp/lmtp_proto.c.
7080
Feature: proxy_interfaces parameter. Specify your NAT or
7081
other proxy addresses here to avoid mail delivery loops.
7082
Files: global/mail_params.[hc] global/own_inet_addr.[hc]
7083
global/resolve_local.c smtp/smtp_addr.c smtpd/smtpd_check.c.
7085
Paranoia: defend against a very unlikely false alarm in
7090
Feature: X-Original-To: message headers with the raw original
7093
Logging: status=sent/deferred/bounced/ logging now includes
7094
the original recipient address if it differs from the final
7099
Logging: SMTP UCE reject/warn/hold/discard logging now
7100
includes queue ID. This will break some logfile analyzers.
7102
Logging: SMTP UCE reject/warn/hold/discard logging now
7103
includes the protocol name and, if available, the hostname
7104
given in the SMTP HELO or EHLO command.
7106
Logging: header/body_checks reject/warn/hold/discard logging
7107
now includes the protocol name and, if available, the
7108
hostname given in the SMTP HELO or EHLO command.
7112
Bugfix: don't reset state after rejected EHLO. Reset state
7113
after HELO. Reported by Karthikeyan Bhargavan, upenn.edu.
7114
Files: smtpd/smtpd.c.
7118
Bugfix: local(8) did not prepend an X-Original-To: message
7119
header while delivering to command, and local(8) did not
7120
document the X-Original-To: message header.
7122
Workaround: DJBDNS produces a bogus A record when given a
7123
numerical hostname. File: dns/dns_lookup.c.
7127
Portability: support for Berkeley DB version 4.0 but not
7128
for Berkeley DB version 4.1 (yes, the API is different).
7129
Postfix is now going to be paranoid about the minor version
7130
number, too. File: util/dict_db.c.
7132
Documentation: updated LMTP_README file by Amos Gouaux.
7136
Bugfix: (bug introduced 20021026) log NOQUEUE when rejecting
7137
ETRN, instead of trying to log a non-existent queue ID.
7138
Victor Duchovni, Morgan Stanley. File: smtpd/smtpd_check.c.
7140
Cleanup: allow optional text after commands in SMTPD access
7141
maps. Based on initial effort by Victor Duchovni, Morgan
7142
Stanley. File: smtpd/smtpd_check.c.
7144
Portability: support for Berkeley DB version 4.1. This
7145
version refuses to open zero-length files. This complicates
7146
lock management and requires extra code to remove broken
7147
files. Files: util/dict_db.c, global/mkmap*.[hc].
7151
Bugfix: don't complain about out-of-order original recipient
7152
records for finished recipients. Files: *qmgr/qmgr_message.c,
7153
cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c.
7155
Cleanup: further simplified the mkmap wrapper (used by
7156
postmap and postalias only) to remove some hurdles for
7157
Michael Tokarev's CDB support. Files: global/mkmap*.[hc].
7161
Postalias now produces YP_LAST_MODIFIED and YP_MASTER_NAME
7162
records only when NIS support is compiled in. File:
7167
Postalias now puts $myhostname in the YP_MASTER_NAME record,
7168
instead of the possibly bogus gethostname() result. File:
7171
The PCRE map code did not reject non-numeric replacement
7172
indices in replacement text, and silently treated $text as
7173
$0. Found by Michael Tokarev. File: dict_pcre.c.
7177
Cleanup: the behavior of the SMTP server's defer_if_permit
7178
flag was changed, in order to maximize the opportunity to
7179
permanently reject mail without opening opportunities for
7180
losing legitimate mail. This was done in cooperation with
7181
Victor Duchovni, Morgan Stanley. File: smtpd/smtpd_check.c.
7183
The defer_if_permit flag is still set when an UCE reject
7184
restriction fails due to a temporary (e.g., DNS) problem,
7185
to prevent unwanted mail from slipping through. However,
7186
the flag is no longer tested at the end of client, helo or
7187
sender restrictions. Instead, the flag is now tested at
7188
the end of the ETRN and recipient restrictions only.
7190
The behavior of the warn_if_reject restriction has changed.
7191
It no longer activates any already made defer_if_permit or
7192
defer_if_reject decisions (the defer_if_reject flag is set
7193
when some UCE permit restriction fails due to a temporary
7194
(DNS) problem, to avoid loss of legitimate mail).
7196
Bugfix: instead of setting the defer_if_permit flag, a
7197
failing reject restriction after warn_if_reject now merely
7198
logs that it would have caused mail to be deferred.
7200
A failing permit restriction after warn_if_reject still
7201
raises the defer_if_reject flag, to avoid loss of legitimate
7206
Bugfix: a misguided change to the .forward macro expansion
7207
filter broke .forward file lookup.
7209
Bugfix: missing defer_if_permit test in smtpd_data_restrictions.
7210
Victor Duchovni. File: smtpd/smtpd_check.c.
7214
Robustness: increase the mime_nesting_limit from 20 to 100,
7215
so that bounces can't loop. Each bounces increases the MIME
7216
nesting level by one. Ralf Hildebrandt and Victor Duchovni.
7220
Robustness: reinstated SMTP client command flushing to
7221
avoid pipeline stalls. File: smtp/smtp_chat.c.
7225
Robustness: distinguish between timeout and "lost connection"
7226
when the SMTP server is unable to send a reply to the remote
7227
client. File: smtpd/smtpd_chat.c.
7231
Bugfix: initialization error with "*" transport table
7232
lookup, reported by LaMont Jones. The transport map lookup
7233
code had grown into a monster and needed to be replaced.
7234
trivial-rewrite/transport.c.
7238
Start implementing recipient verification. For now this is
7239
done by adding trace flags to queue files. In case of a
7240
verification request, a delivery agent does not deliver,
7241
deliver, it just records what would happen.
7243
This required instrumenting the bounce/defer/sent logging
7244
routines to send their data to the right place depending
7245
on the type of delivery request.
7249
New trace service. This is used for reporting if a recipient
7250
is deliverable (sendmail -bv) and for producing a record
7251
of delivery attempts (sendmail -v). The report is sent via
7252
email, using the bounce daemon. Files: global/trace.[hc].
7254
This required replacing the bounce/defer logfile format by
7255
an extensible name=value format. Files: global/bounce_log.c,
7256
bounce/bounce_append_service.c.
7260
New address verification service with simple expiration
7261
and refresh policy. Storage can be in-core or in permanent
7262
table. The daemon is appropriately called "verify". Files:
7263
global/verify_clnt.[hc], verify/verify.c.
7267
Cleaning up the code for tracing and verification. Files:
7268
global/{log_adhoc,bounce,defer,trace,verify}.[hc].
7272
New address_verification_negative_cache = yes/no parameter
7273
controls whether Postfix stores the result of negatieve
7274
address verification probes. This reduces cache pollution
7275
but causes Postfix to send a probe for each address
7276
verification service query. File: verify/verify.c.
7278
Added optimistic caching to the verify daemon, so that one
7279
failed probe will not clobber a known to be good address.
7280
As long as some probes succeeed, a good address will stay
7283
Cleaning up of the bounce daemon's code for bounce, delayed
7284
mail warning and trace notification. Files: bounce/*.[hc],
7285
global/bounce_log.c.
7289
Changed the probe's sender address to "postmaster" so that
7290
we get better information about the address we're testing.
7291
File: verify/verify.c.
7293
Added some paranoia to the routine that reads data from
7294
the address verification cache. Ignore data that is obviously
7295
bogus. File: verify/verify.c.
7299
Bugfix: garbage in "user@garbage"@domain address forms may
7300
cause the SMTP or LMTP client to terminate with a fatal
7301
error exit because garbage/tcp is not an existing service.
7302
This cannot be abused to cause the SMTP or LMTP client to
7303
send data into unauthorized ports. Files: *qmgr/qmgr_message.c,
7304
trivial-rewrite/resolve.c.
7308
Bugfix: don't use same VSTRING buffer for reading and
7309
writing. File: verify/verify.c.
7313
Feature: hashed hold queue support, with hashing turned on
7314
by default. Omission spotted by Victor Duchovni, Morgan
7315
Stanley. Files: global/hold_message.c, global/mail_params.h.
7317
Bugfix: the LMTP client lost the port(service) information
7318
when parsing host:port information. Victor Duchovni, Morgan
7319
Stanley. Fix is to have a new host_port(3) module that does
7320
the parsing for the SMTP and LMTP clients.
7322
Cleanup: host_port() routine that parses host/port information
7323
more consistently than the existing code in the LMTP and
7324
SMTP clients. Files: smtp/smtp_connect.c, lmtp/lmtp_connect.c,
7325
util/host_port.[hc].
7329
Cleanup: defer mail when recipient verification takes too
7330
long. File: smtpd/smtpd_proto.c.
7332
Feature: new reject_multi_recipient_bounce restriction, to
7333
reject "MAIL FROM: <>" with multiple recipients. File:
7334
smtpd/smtpd_check.c.
7338
Compatibility: ignore the new Sendmail -A option. File:
7339
sendmail/sendmail.c.
7341
Workaround: sendmail -v now produces no output. You need
7342
to specify -v -v instead. This is to avoid problems when
7343
people request verbose mail delivery in their mail.rc file.
7344
File: sendmail/sendmail.c.
7348
Cleanup: hash_queue_depth now defaults to 1 level of
7349
subdirectories. This makes "mailq" faster on most systems,
7350
but will result in poorer worst-case performance when lots
7353
The check_relay_domains restriction is going away. The SMTP
7354
server logs a warning and suggests using reject_unauth_destination
7357
Cleanup: the local(8) and virtual(8) delivery agents did
7358
not prepend X-Original-To: addresses to maildir files.
7359
Omission spotted by Matthias Andree.
7361
Specify "address_verify_sender=" or "address_verify_sender=<>"
7362
to use a null sender address while doing address verification
7363
probes. Beware, doing so may trigger false negatives
7364
because some sites reject mail from the null sender, even
7365
though this is required by RFC standards.
7367
Bugfix: too many levels of dereferencing while testing for
7368
missing reject_rbl_mumble domain names. Patrik Rak. File:
7369
smtpd/smtpd_check.c.
7373
Bugfix: the FILTER access table action included the FILTER
7374
command in the filter request, where only the transport+destination
7375
were expected. Noel Jones. File smtpd/smtpd_check.c.
7377
Cleanup: virtual_maps is now called virtual_alias_maps, in
7378
order to better distinguish it from virtual_mailbox_maps.
7379
The default value is $virtual_maps for backwards compatibility.
7381
New parameters virtual_alias_domains and virtual_mailbox_domains
7382
for the "domain.tld whatever" lookups. These use the same
7383
syntax as the mydestination parameter. Default settings
7384
are backwards compatible with Postfix 1.1.
7386
Concept: just like $mydestination+$inet_interfaces control
7387
what routes to $local_transport, $virtual_mailbox_domains
7388
now controls what routes to $virtual_transport (default
7389
transport: virtual), and $relay_domains now controls what
7390
routes to $relay_transport (default transport: relay, a
7391
clone of the smtp transport). Everything else routes to
7392
$default_transport as before. This eliminates the need
7393
for transport map entries for every virtual(8) domain, and
7394
avoids performance problems with inbound relay mail. This
7395
was improvement was suggested by Victor Duchovni. File:
7396
trivial-rewrite/resolve.c.
7400
Cleanup: do allow regexps in aliases, virtual mailbox maps
7401
but do not allow regular expression substitutions. Files:
7402
util/dict.h, util/dict_regexp.c, util/dict_pcre.c.
7406
Cleanup: deleted the description of sendmail-style virtual
7407
domains from the virtual(5) manual page. This part of
7408
Postfix was too confusing.
7410
Performance: RFC 2821 blesses the use of CNAME domain names
7411
in MAIL FROM and RCPT TO. Not having to expand CNAME domain
7412
names speeds things up a bit. File: smtp/smtp_proto.c.
7414
Workaround: exclude error mailer destinations from transport
7415
mapping lookups :-(. File: trivial-rewrite/resolve.c.
7417
Cleanup: relocated_maps lookups are now moved to the
7418
trivial-rewrite server. As of now, the queue manager no
7419
longer does any map lookups, so it won't restart when maps
7420
change. Files: *qmgr/qmgr_message.c, trivial-rewrite/resolve.c.
7422
Robustness: because the trivial-rewrite server now does
7423
many more table lookups, some of which are often LDAP or
7424
SQL based, trivial-rewrite clients must be be prepared for
7425
the case that the resolver reports a failure while processing
7426
a request (when it was unable to access a lookup table).
7427
Files: trivial-rewrite/resolve.c, local/resolve.c,
7428
smtpd/smtpd_check.c.
7430
Robustness: moving possible LDAP or SQL table lookups into
7431
the trivial-rewrite server also required that trivial-rewrite
7432
be running as multiple processes to reduce lookup latencies.
7433
Files: master/multi-server.c.
7435
Workaround: don't discard all the DNS lookup results when
7436
only one of the results has a malformed name or address.
7437
File: dns/dns_lookup.c.
7441
Cleanup: with the preliminary address domain classification
7442
concept as implemented by the trivial-rewrite address
7443
resolver, a lot of table lookups could be eliminated from
7444
the SMTP server. Files: smtpd/smtpd_check.c.
7446
Feature: new relay_recipient_maps parameter, for optional
7447
maps with all the recipients in the domains that match
7448
$relay_domains (so you can reject mail for unknown relay
7449
recipients). This is for consistency with virtual_xx_maps
7450
and virtual_xx_domains, and with local_recipient_maps and
7451
the local delivery agent. File: smtpd/smtpd_check.c.
7453
Cleanup: removed support for obsolete #number domain forms.
7454
File: smtpd/smtpd_check.c.
7458
The Postfix installation procedure no longer sets the
7459
"chattr +S" bit on Linux queue directories. Wietse has
7460
gotten too annoyed with naive reviewers who complain about
7461
performance without having a clue of what they are comparing.
7463
"Security": local_recipient_maps is now turned on by default,
7464
to reject mail for non-existent users at the SMTP port.
7465
See conf/main.cf for instructions, section REJECTING UNKNOWN
7468
Safety: detection of missing or inaccessible passwd file
7469
database, to prevent massive complaints from people who
7470
suddenly lose all their mail because local_recipient_maps
7471
is now turned on by default.
7475
Feature: recipient address verification, using the code
7476
that already implements sender address verification. Based
7477
on suggestion by Matthias Andree. Files: src/smtpd/smtpd.c,
7478
src/smtpd/smtpd_check.c.
7482
Performance: doubled the default process limit (50->100)
7483
and default queue manager active queue message/recipient
7484
limits (10k->20k). File: global/mail_params.h.
7486
Bugfix: the change that begot us multiple trivial-rewrite
7487
processes (good) also gave us multiple verify daemons (bad).
7488
File: conf/post-install.
7492
Cleanup: allow transport map lookups to override error
7493
mailer results (to avoid breaking existing installations),
7494
and do transport map lookups before relocated map lookups.
7495
Files: trivial-rewrite/resolve.c, trivial-rewrite/transport.c.
7497
Shortened the verify server's negative cache refresh time
7498
from 12 hours to 2 hours. File: global/mail_params.h.
7500
Admin friendliness: the SMTP server now reports "User
7501
unknown in {local recipient | virtual alias | virtual
7502
mailbox | relay recipient} table". This will make trouble
7503
shooting a little easier. Files: smtpd/smtpd_check.c,
7504
trivial-rewrite/resolve.c.
7508
Cleanup: transport map entries with null nexthop ignored
7509
relayhost settings. Making the code simpler also made it
7510
more correct. Files: trivial-rewrite/resolve.c,
7511
trivial-rewrite/transport.c.
7513
Feature: "helpful_warnings" (default: yes) that can be
7514
turned off if you really know what you're doing and want
7515
to eliminate some unnecessary work.
7517
Feature: enforcement of master.cf process limits for
7518
processes such as qmgr and pickup that must run alone, and
7519
processes such as cleanup and bounce that must run without
7520
explicit process count limit. If an incorrect process limit
7521
is specified in master.cf the service aborts.
7525
Cleanup: it looks like we finally get it right with transport
7526
lookup table entries that either override or specify an
7527
error transport without updating the nexthop information.
7528
File: trivial-rewrite/resolve.c.
7530
Robustness: don't probe the sender address when probed for
7531
our own address verification probe sender address. File:
7532
smtpd/smtpd_check.c.
7534
Performance: don't do UCE checks (which may result in 4xx
7535
SMTP reply codes, and thus, repeated delivery attempts)
7536
when we already know that the recipient does not exist.
7537
Files: smtpd/smtpd.c, smtpd/smtpd_check.c.
7541
Cleanup: further simplification of transport map handling
7542
after some really fine hair splitting with Victor Duchovni.
7543
Files: trivial-rewrite/resolve.c, trivial-rewrite/transport.c.
7547
Workaround: transform the address local-part into unquoted
7548
form only when the address domain is local and the local-part
7549
contains routing operators. Otherwise, we may damage the
7550
address local-part by inserting space between non-operator
7551
tokens. Some people use weird addresses and expect them to
7552
be handled without damage. File: trivial-rewrite/resolve.c.
7554
Robustness: scan the resolved recipient address for routing
7555
operators in the address local-part, even when the local
7556
MTA does not recognize ! and % as valid operators. File:
7557
trivial-rewrite/resolve.c.
7559
Cleanup: the address rewriting code no longer tries to
7560
rewrite broken user@ or user@. address forms into even more
7561
broken forms. bother. File: trivial-rewrite/rewrite.c.
7563
Cleanup: the address resolver code now treates forms ending
7564
in @ in a more rational manner (because the address rewriting
7565
code no longer messes up by appending .my.domain).
7567
Bugfix: a null address local-part before @domain now is
7568
properly quoted just like the null address. File:
7569
global/quote_82[12]_local.c.
7574
Cleanup: more work on the trivial-rewrite address rewriting
7575
and address resolving code. New regression tests for address
7576
rewriting and resolving that make some assumptions about
7577
main.cf settings. Files: global/Makefile.in (assumptions),
7578
global/rewrite_clnt.in, global/rewrite_clnt.ref,
7579
global/resolve_clnt.in, global/resolve_clnt.ref.
7581
Safety: configurable SMTPD reject codes for recipients not
7582
in {local,relay}_recipient,virtual_{alias,mailbox}}_maps,
7583
aptly named unknown_mumble_reject_code. Postfix installs
7584
with unknown_local_recipient_reject_code=450, unless the
7585
site already ran Postfix with local_recipient_maps enabled.
7586
Files: smtpd/smtpd.c, smtpd/smtpd_check.c, conf/post-install.
7590
Feature: specify unverified_recipient_reject_code=250 or
7591
unverified_sender_reject_code=250 to accept mail for an
7592
address that is known to bounce. File: smtpd/smtpd_check.c.
7596
Bugfix: longjmp() while sending "go away" without setjmp()
7597
in the QMQP server. Patrik Rak. File: qmqpd/qmqpd.c.
7599
Safety: the XVERP extension is restricted to clients listed
7600
in the authorized_verp_clients list (default: $mynetworks).
7601
File: smtpd/smtpd.c.
7603
Workaround: preliminary IPV6 support in valid_hostliteral().
7604
File: util/valid_hostname.c.
7608
Bugfix: the reject_multi_recipient_bounce restriction had
7609
an off-by-one error when used in smtpd_data_restrictions.
7610
File: smtpd/smtpd_check.c.
7612
Feature: new check_recipient_maps restriction that gives
7613
finer control over when unknown recipients are rejected.
7614
As with Postfix 1.1, the default is to do this at the end
7615
of the recipient restrictions. Sites that want to improve
7616
performance can put check_recipient_maps at the start of
7617
the smtpd_client_restrictions list and avoid doing unnecessary
7618
RBL lookups etc. File: smtpd/smtpd_check.c.
7620
Feature: new show_user_unknown_recipient_table parameter
7621
controls whether or not to reveal the lookup table name in
7622
"User unknown" responses. The extra detail makes trouble
7623
shooting easier but also reveals information that is nobody
7628
Workaround: don't allow the transport map to override the
7629
virtual alias class (error:User unknown) result. File:
7630
trivial-rewrite/transport.c.
7634
Documentation update: new-style virtual domains broke the
7635
advanced content filtering example. Files: FILTER_README,
7640
Cleanup: use different client instances when the same map
7641
is opened with different flags. File: global/maps.c.
7643
Feature: proxymap server for Postfix table lookups. This
7644
helps to consolidate the number of open lookup tables (such
7645
as MYSQL or LDAP), or to overcome chroot restrictions
7646
(example: specify proxy:unix:passwd.byname to avoid the
7647
need for a copy of the UNIX passwd file in chroot jails).
7648
Files: global/dict_proxy.[hc], proxymap/proxymap.c
7650
Cleanup: multiservers such as trivial-rewrite and the new
7651
proxymap server now enforce the max_use total client number
7652
limit more agressively, by not accepting new connections
7653
after the limit is reached. Based on a patch by Victor
7654
Duchovni, Morgan Stanley. File: master/multi_server.c.
7658
Cleanup: client stream endpoints not only have an idle time
7659
limit ($ipc_idle) before a connection is closed, they now
7660
also have a time to live ($ipc_ttl) to prevent connections
7661
from becoming too persistent. This allows multi-servers
7662
such as trivial-rewrite or the proxymap server to refresh
7663
more frequently on busy systems. File: global/clnt_stream.c.
7667
Cleanup: avoid warnings about flag mismatches when the same
7668
lookup table is listed under both virtual_alias_maps and
7669
virtual_mailbox_maps. Files: global/virtual8.h, virtual/virtual.c.
7671
Bugfix: an obscure memory leak that puzzled me for more
7672
than a year until I found out how to reproduce it. File:
7677
Cleanup: removed the address syntax check from the queue
7678
manager, since a better test was implemented recently in
7679
the trivial-rewrite server. Files: *qmgr/qmgr_message.c.
7681
Bugfix: redirect bounce/defer to the address verification
7682
service where appropriate. Files: *qmgr/qmgr_bounce.c,
7685
Bugfix: "no such file or directory" warnings after "postfix
7686
reload" when a chrooted smtpd reconnects to the proxy
7687
service. Fix: use "private/proxymap" if possible, otherwise
7688
use "$queue_dir/private/proxymap". File: global/dict_proxy.c.
7690
Robustness: daemons now chdir() to the queue directory
7691
before running the pre-jail initialization code, so that
7692
daemons running in stand-alone mode produce more consistent
7693
results. Files: master/single_server.c, master/multi_server.c.
7694
master/trigger_server.c.
7696
Bugfix: "sendmail -bs" tried to access the proxymap service.
7697
It should not try to open any user/domain/uce related tables
7698
at all. File: smtpd/smtpd.c.
7702
Bugfix: bouncing to owner-alias was broken, i.e. the mail
7703
kept being deferred, and when that was fixed, another buglet
7704
came to light. File: bounce/bounce.c.
7706
Robustness: the master no longer aborts with "address
7707
already in use" when inet_interfaces specifies the same IP
7708
address multiple times, or when a TCP service in master.cf
7709
specifies a hostname for which the same IP address is listed
7710
multiple times. File: master/master_ent.c.
7714
Robustness: check that FILTER actions in SMTPD access maps
7715
or cleanup header/body_checks have plausible syntax. Files:
7716
smtpd/smtpd_check.c, cleanup/cleanup_message.c.
7720
Cleanup: unnecessary "premature end of file on xxx while
7721
reading yyy" warnings became exposed after some code
7722
simplification. Files" global/*_clnt.c, global/dict_proxy.c
7724
Robustness: undo the change that causes a multi-server
7725
process to stop accepting new connections while it still
7726
services existing clients for an extended amount of time.
7727
We need a better process retirement strategy. File:
7728
master/multi_server.c.
7732
Cleanup: the virtual_mailbox_maps parameter is now optional
7733
even when virtual_mailbox_domains is. This makes virtual
7734
mailbox domains more like relay domains and the local
7737
Portability: the makedefs script now uses the pcre-config
7738
utility to find out where things are installed.
7740
Bugfix: the SMTP server did not recognize the local built-in
7741
double bounce address as local. Reported by Matthias Andree.
7742
For safety sake, threw in the local postmaster address as
7743
well. File: smtpd/smtpd_check.c.
7747
Added MAILER-DAEMON to the list of always recognized local
7748
addresses, since it is generated by Postfix bounces. File:
7749
smtpd/smtpd_check.c.
7753
Bugfix: transport_errno was not reset upon successful
7754
transport map wildcard lookup after an earlier failure.
7755
Reported by Victor Duchovni. File: trivial-rewrite/transport.c.
7757
Cleanup: unnecessary warnings from the proxymap client
7758
after proxymap server disconnect. File: global/dict_proxy.c.
7760
Cleanup: Patrik Rak found a few more chattr invocations
7761
that were missed 20021209. Files: postfix-install,
7764
Cleanup: the pcre-config command can produce null outputs.
7765
Matthias Andree. File: makedefs.
7767
Bugfix: the virtual(8) Makefile included $(AUXLIBS) in the
7772
Typos: some hyperlinks referred to flushd, which is the
7773
name that was used before the flush service was released.
7774
Reported by Victor Duchovni.
7776
Cleanup: smtpd no longer needed to open relocated_maps.
7780
Cleanup: bounce messages used "X-Postfix" even when mail_name
7781
was set to something other than the default "Postfix" name.
7782
File: bounce/bounce-notify_util.c.
7786
Bugfix: wrong FILTER_README instructions for disabling
7787
virtual alias mapping in the cleanup server before the
7790
Bugfix: wrong FILTER_README instructions for destination-dependent
7791
filtering, because relay_domains was specified incorrectly.
7795
Bugfix: 20021207 (move relocated table lookup from queue
7796
manager to trivial-rewrite server) broke relocated table
7797
lookup results with mail not rejected at the SMTP port.
7798
Files: *qmgr/qmgr_deliver.c, *qmgr/qmgr_message.c.
7802
Bugfix: a widely used maildir filename algorithm was broken.
7803
Postfix now uses TIME.DEVICE_INODE.HOST. Files: local/maildir.c,
7808
Cleanup: queue structures no longer overload queue name
7809
and nexthop destination. Files: *qmgr/qmgr_message.c,
7810
*qmgr/qmgr_queue.c, *qmgr/qmgr_deliver.c.
7814
Feature: "REDIRECT user@domain" action in access maps or
7815
in header/body_checks causes mail to be sent to the specified
7816
address instead of the intended recipient(s). I would never
7817
recommend that people use this to redirect (bounced) SPAM
7818
to the beneficiaries of an advertisement campaign. Files:
7819
smtpd/smtpd_check.c, cleanup/cleanup_message.c,
7820
*qmgr/qmgr_message.c.
7824
Update: maildir filename algorithm updated according to
7825
today's version of http://cr.yp.to/proto/maildir.html.
7829
Cleanup: use separate error messages for separate problems
7830
with computing the list of SASL authentication mechanisms.
7831
File: smtpd/smtpd_sasl_glue.c.
7835
Bugfix: allow $name in default time values. File:
7836
global/mail_conf_time.c.
7840
Feature: allow !, /file/name and map:name in masquerade_exceptions.
7841
By Liviu Daia. Files:cleanup_init.c, cleanup.h,
7842
cleanup_masquerade.c.
7846
Bugfix: the local pickup daemon skipped unterminated records,
7847
since they happened to have the same record type code as
7848
content filtering instructions. Victor Duchovni. Files:
7849
global/rec_type.h, pickup/pickup.c.
7851
Portability: Postfix could block, and thus not enforce
7852
command execution time limits, while delivering mail to
7853
command. File: global/pipe_command.c.
7855
Bugfix: command execution time limits were not enforced
7856
because the child process killing code in pipe_command()
7857
was running with the wrong privileges. Problem reported by
7858
Ben Rosengart, Panix. File: global/pipe_command.c.
7860
Bugfix: duplicate recipient filtering in the cleanup server
7861
did not eliminate virtual expansion duplicates with the
7862
same original recipient. File: cleanup/cleanup_out_recipient.c.
7866
Cleanup: added postmap/postalias -p option (do not inherit
7867
the source file permissions when creating a new file), for
7868
completeness. A feature that can't be turned off is a bug.
7869
Files: postmap/postmap.c, postalias/postalias.c.
7871
Bugfix: smtpd_hard/soft_error_limit off-by-one error, so
7872
that the real limit was one larger than the configured
7873
value. File: smtpd/smtpd.c, smtpd/smtpd_chat.c.
7877
Safety: proxymap server defense against potential deadlock
7878
when some library routine wants to open a proxied table.
7879
Instead, proxymap opens the requested table directly. File:
7880
proxymap/proxymap.c.
7882
Portability: updated AIX 5.x system dependent definitions.
7883
File: util/sys_defs.h.
7887
Bugfix: added mynetworks to the list of proxy_read_maps
7888
parameter settings that are pre-authorized to use proxied
7889
table lookups. File: global/mail_params.h.
7891
Cleanup: daemons now log what table has changed before
7892
restarting. Files: dict.c, and anything that invoked
7895
Cleanup: more consistency in the naming of lookup table
7896
handles as generated by maps(3) and by match_list(3).
7900
Workaround: Postfix removes too long non-address text from
7901
message headers in order to protect vulnerable Sendmail
7902
systems against exploitation of the remote buffer overflow
7903
vulnerability described in CERT advisory CA-2003-07.
7907
Bugfix: the access map actions HOLD, DISCARD, FILTER and
7908
REDIRECT were broken with smtpd_delay_reject=no and with
7909
ETRN. This required re-architecting of the actions code.
7910
Files: smtpd/smtpd.[hc], smtpd/smtpd_check.c, smtpd/smtpd_state.c.
7914
Bugfix: the postsuper manual page documented support for
7915
the -c command line option, but it was not implemented.
7916
File: postsuper/postsuper.c.
7918
Bugfix: the Postfix 2.0 recipient map checking code broke
7919
the VRFY command, causing it to reply with status code 252
7920
for non-existent addresses. This required re-architecting
7921
the recipient table lookup code. File: smtpd/smtpd_check.c.
7925
Feature: configurable limit on virtual alias expansion size
7926
and nesting depth, via the virtual_alias_expansion_limit
7927
and virtual_alias_recursion_limit parameters. The default
7928
limits are compatible with past Postfix versions. Victor
7929
Duchovni, Morgan Stanley. Files: /sample-resource.cf,
7930
html/resource.html, cleanup/cleanup.c, cleanup/cleanup_init.c,
7931
cleanup/cleanup_map1n.c.
7933
Feature: the installation procedure records build information
7934
(by default: in /etc/postfix/makedefs.out).
7938
Bugfix: smtp-source flushed too often, causing suboptimal
7939
performance with smtp-source sending directly into smtp-sink.
7940
Files: smtpstone/smtp-source.c.
7944
Safety: log a fatal error when a net/mask pattern has a
7945
non-zero host part, so that mail delivery is deferred.
7946
File: util/match_ops.c.
7950
Bugfix: extraneous warning about out-of-order original
7951
recipient records by Patrik Rak. Files: *qmgr/qmgr_message.c.
7955
Workaround: log a warning and reset the queue file time
7956
stamps when the file system clock is ahead of the local
7957
clock. File: global/mail_stream.c.
7961
Feature: PostgreSQL client module, adopted by LaMont Jones.
7962
Files: README_FILES/PGSQL_README, util/dict_pgsql.c,
7963
util/dict_pgsql.h, conf/sample-pgsql-aliases.cf.
7965
Cleanup: the generic smtp client/server code in smtp_stream.c
7966
now has an explicit flush operation, and the smtp-source/sink
7967
programs are updated to take advantage of this.
7969
Cleanup: the file system clock drift detection code now
7970
runs only once per process instance, to minimize the
7971
performance impact. File: global/mail_stream.c.
7973
Robustness: avoid TIME_WAIT state with smtp/qmqp-source
7974
client sockets. This puts less strain on local system
7979
Cleanup: the file system clock drift detection code now
7980
runs only for incoming mail. File: global/mail_stream.c.
7984
Bugfix: missing partial last line when 1) someone submits
7985
8-bit mail not ending in newline via /usr/sbin/sendmail
7986
and 2) MIME input processing is turned off, and 3) MIME
7987
8bit->7bit conversion is requested upon delivery via SMTP.
7989
Cleanup: auto-bcc recipients are now added in one place
7990
(the cleanup server) instead of by individual front-end
7991
servers (pickup, smtpd, qmqpd). This makes it easier to
7992
add auto-bcc features that trigger on sender or recipient
7995
Cleanup: "sendmail -t" (recipients from headers) is now
7996
implemented by the sendmail command instead of by the
7997
cleanup server. This means that the extract_recipient_limit
7998
configuration parameter is no longer needed. Files:
7999
sendmail/sendmail.c, cleanup/cleanup_message.c,
8000
cleanup/cleanup_extracted.c.
8002
Compatibility: "sendmail -t" (recipients from headers) now
8003
accepts command-line recipients instead of complaining.
8004
The extracted header recipients are added to the command-line
8007
Feature: sender/recipient_bcc_maps. These are indexed by
8008
sender/recipient address and are examined when mail enters
8009
from outside of Postfix. Files: cleanup/cleanup_addr.c.
8010
cleanup/cleanup_envelope.c cleanup/cleanup_extracted.c.
8014
Feature: the SMTP client now falls back to native name
8015
service lookups (including /etc/hosts) when a host cannot
8016
be found in the DNS. This is controlled by a new parameter
8017
smtp_host_lookup (default: dns, native). Files: smtp/smtp.c,
8022
Bugfix: "sendmail -t" broke with unrecognized message
8027
Feature: "postcat -q" searches the queue for the named
8030
Cleanup: made postcat "record names" output more consistent.
8034
Debugging: added some extra detailed error logging to the
8035
pipe-to-command delivery, to help folks with bizarre file
8036
truncation problems. File: global/pipe_command.c.
8040
Cleanup: readlline() did not terminate the result before
8041
complaining about lines starting with whitespace.
8043
Cleanup: eliminated valid_hostname warning for invalid
8044
queue file names. File: global/mail_queue.c.
8046
Bugfix: lost three lines of code when readying the postcat
8047
command for release, which broke postcat -q. File:
8050
Bugfix: the Postfix sendmail command applied the message
8051
size limit when running as newaliases. The limiting code
8052
is now moved to the message enqueuing branch of the code.
8053
File: sendmail/sendmail.c.
8055
Documentation: start of documentation for the algorithm of
8056
Patrik Rak's clever queue manager scheduler (nqmgr). Files:
8057
conf/sample-scheduler.cf, README_FILES/SCHEDULER_README.
8061
Bugfix: while verifying an address, the LMTP client entered
8062
a forbidden "next" sender state after the last recipient.
8063
Fix by Vladimir Davydoff. File: lmtp/lmtp_proto.c.
8065
Bugfix: "," was not recognized in proxy_read_maps settings.
8066
Fix by Leandro Santi. File: proxymap/proxymap.c.
8070
Bugfix: defer delivery after .forward etc. file read error.
8071
File: local/token.c. Problem reported by Ben Rosengart,
8076
Bugfix: the Postfix LMTP client used the wrong service
8077
name, causing trouble with SASL 2.1.13. Daniel Schales,
8078
Louisiana Tech. File: lmtp/lmtp_sasl_glue.c.
8082
Workaround: IRIX select() reports that a non-blocking file
8083
descriptor is writable while write() transfers zero bytes.
8084
File: util/vstream.c. Superseded by change 20030523.
8088
Cleanup: future time stamps in Received: headers and negative
8089
delays in delivery agent logging after "postdrop -r",
8090
because deferred queue files had future file modification
8091
times. File: src/postsuper/postsuper.c.
8095
Cleanup: nqmgr warnings about "recipient count mismatch"
8096
after "postdrop -r", because the cleanup server did not
8097
count the "already done" recipients. Problem reported by
8098
Richard Stockton, Gramma Software. Files:
8099
cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c.
8103
Workaround: IRIX select() reports that a non-blocking file
8104
descriptor is writable while write() transfers zero bytes.
8105
File: global/pipe_command.c.
8109
Cleanup: rewrote the queue file record processing loops in
8110
pickup, cleanup and in [n]qmgr. This code had deteriorated
8111
a lot as the result of small changes over the years. This
8112
change brings the code closer to "obviously correct". Files:
8113
cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c,
8114
*qmgr/qmgr_message.c.
8116
Cleanup: Postfix no longer produces queue files with
8117
backwards compatibility data for Postfix versions < 1.0
8118
(a.k.a. 20010228). Files: cleanup/cleanup_extracted.c,
8121
Performance: the queue manager no longer has to examine
8122
every queue file record before it can start deliveries.
8123
This helps to avoid thrashing with very large mailing lists.
8124
Postfix queue files have an extra field in the size record
8125
with queue manager processing hints. This change is backward
8126
and forward compatible. Files: cleanup/cleanup_envelope.c,
8127
cleanup/cleanup_extracted.c, *qmgr/qmgr_message.c.
8131
Compatibility: "sendmail -q<time>" without -bd option now
8132
exits immediately, instead of waiting for input on the
8133
standard input stream and screwing up system boot sequences.
8134
File: sendmail/sendmail.c.
8138
Bugfix: client access denied with smtpd_delay_reject=no
8139
broke "sendmail -bs". Fix by Victor Duchovni, Morgan Stanley.
8140
File: smtpd/smtpd.c.
8144
Compatibility: allow <@site,@site:address> route addresses
8145
in SMTP commands. File: smtpd/smtpd.c.
8149
Cleanup: input checks moved from the pickup daemon to the
8150
postdrop mail submission command; this is to prepare for
8151
direct mail submission from postdrop->cleanup without going
8152
through the maildrop directory and the pickup service.
8153
Files: pickup/pickup.c, postdrop/postdrop.c.
8155
Bugfix: the "dead host" backoff timer in the MySQL client
8156
didn't work. Fix by Leandro Santi. File: util/dict_mysql.c.
8158
Bugfix: same problem in the PostgreSQL client. File:
8161
Workaround: turned off non-blocking write to pipe because
8162
too many systems give a weird write() result. File:
8163
global/pipe_command.c.
8165
Cleanup: added support for vstream_fseek(.., .., SEEK_END).
8166
File: util/vstream.c.
8170
Feature: separate address resolver controls for address
8171
verification probe messages: address_verify_{local,virtual,
8172
relay,default}_transport, address_verify_relayhost, and
8173
address_verify_transport_maps. The default values are the
8174
regular versions of the same controls. Files: trivial-rewrite/*,
8175
global/resolve_clnt.[hc], *qmgr/qmgr_message.c.
8179
Workaround: Solaris blocking socket read() may hang. Hernan
8180
Perez Masci and Leandro Santi. File: smtpd/smtpd.c.
8182
Bugfix: the "unread recipient" counter needs to be restored
8183
after the queue manager has a problem reading a queue file.
8184
Fix by Patrik Rak. File: nqmgr/qmgr_message.c.
8188
Cleanup: the verify server now uses asynchronous submission
8189
of mail probes, so it will no longer block for in_flow_delay
8190
seconds when mail arrives faster than it is delivered.
8191
Still need to make mail_stream_finish() asynchronous in
8192
order to avoid blocking for trigger_timeout seconds when the
8193
queue manager is overwhelmed. Files: global/post_mail.c,
8196
Bugfix: removed extraneous sleep() after the last attempt
8197
to retrieve address verification status. File: smtpd/smtpd.c.
8201
Bugfix: the stricter postdrop input filter broke "sendmail
8202
-bs". Found by Lutz Jaenicke. File: smtpd/smtpd.c.
8206
Portability: Dropped support for client side LDAP caching.
8207
As of release 2.1.13 OpenLDAP no longer supports client
8208
side caching, it has been deprecated for some time, and
8209
never worked well. Implemented by Victor Duchovni, Morgan
8210
Stanley, and further enhanced by Lamont Jones, HP. Files:
8211
src/util/dict_ldap.c, conf/sample-ldap.cf,
8212
README_FILES/LDAP_README.
8214
Safety: Given suitable invalid database contents, LDAP
8215
lookups can produce too many results, enter an infinite
8216
loop in the expansion of "special result attributes" (LDAP
8217
DNs and LDAP URLs) or just consume excessive server resources
8218
returning large result sets. Three new (per LDAP map)
8219
configuration parameters enable one to set limits on
8220
recursive nesting, result expansion and the server response
8221
"entry" count. Implemented by Victor Duchovni, Morgan
8222
Stanley, further enanced by Lamont Jones, HP. Files:
8223
src/util/dict_ldap.c, conf/sample-ldap.cf,
8224
README_FILES/LDAP_README.
8228
Feature: in mail delivery status reports, report the sender
8229
address as X-Postfix-Sender. Matthias Andree. File:
8230
bounce/bounce_notify_util.c.
8232
Cleanup: in mail delivery status reports, transform the
8233
original recipient into xtext format as required by RFC
8234
1891. Files: bounce/bounce_notify_util.c, util/xtext.[hc].
8236
Cleanup: more accurate "postfix check" warning for files
8237
that miss one or more of the required mode 02111 execute
8238
permission bits. Matthias Andree. File: conf/postfix-script.
8242
After "postfix reload", the master daemon now warns when
8243
inet_interfaces has changed, and ignores the change, instead
8244
of passing incorrect information to the smtp server. File:
8245
master/master_ent.c.
8249
Feature: the Postfix SMTP server can send all mail into a
8250
proxy server, for example a real-time SPAM filter. This
8251
proxy is supposed to send the mail into another Postfix
8252
SMTP server process for normal delivery. Files: smtpd/smtpd.c
8253
smtpd/smtpd_proxy.[hc].
8257
Bugfix: a cut-and-paste error caused the proxy server's
8258
354 status code to be reported when a proxy connection
8259
broke during the DATA phase. File: smtpd.c.
8263
Bugfix: after the last change to postdrop, postcat no longer
8264
recognized maildrop files as valid. File: postcat/postcat.c.
8266
Bugfix: after moving "sendmail -t" address extraction to
8267
sendmail, "-t" broke multi-line recipient headers. Victor
8268
Duchovni, Morgan Stanley. File: sendmail/sendmail.c.
8272
Workaround: the safe_open(O_CREAT) race condition exploit
8273
avoiding code tries a little harder when it encounters a
8274
race condition. File: util/safe_open.c.
8278
Bugfix: reject_unverified_address() set the defer_if_reject
8279
flag when the verify service was unavailable (which never
8280
happens). Victor Duchovni, Morgan Stanley. File:
8281
smtpd/smtpd_check.c.
8283
New parameters address_verify_poll_{count,delay} that
8284
control how often to poll the address verification service
8285
for the completion of an address verification request.
8286
Specify address_verify_poll_count=1 to implement a crude
8287
form of greylisting, that is, always defer the first delivery
8288
attempt for an unknown address. File: smtpd/smtpd_check.c.
8290
Bugfix: after the last change to postdrop, postcat no longer
8291
recognized non-maildrop queue files as valid. File:
8296
Cleanup: replaced references to "simulated virtual domains"
8297
by "virtual alias domains". Victor Duchovni, Morgan Stanley.
8301
Feature: smtp_quote_rfc821_envelope=(yes|no) to control
8302
RFC 821 style quoting of MAIL FROM and RCPT TO addresses.
8303
Files: global/mail_params.h, smtp/smtp.c, smtp/smtp_proto.c.
8307
Bugfix: multi-recipient probes triggered a bug in the SMTP
8308
client. File: smtp/smtp_proto.c.
8310
Feature: enable_original_recipient (default: yes) to control
8311
whether Postfix keeps track of original recipient address
8312
information. Victor Duchovni, Morgan Stanley. Files:
8313
cleanup/cleanup.c, cleanup/cleanup_init.c,
8314
cleanup/cleanup_out_recipient.c, global/log_adhoc.c,
8315
global/mail_copy.c, *qmgr/qmgr_message.c.
8317
Feature: !/pattern/ support for PCRE lookup tables. Victor
8318
Duchovni, Morgan Stanley. Files: util/dict_pcre.c.
8320
Cleanup: allow whitespace after patterns in repexp and pcre
8321
tables. Victor Duchovni, Morgan Stanley. Files:
8322
util/dict_pcre.c, util/dict_regexp.c.
8326
Feature: CIDR lookup table support, very remotely based on
8327
code by Jozsef Kadlecsik. Files: proto/cidr_table,
8328
util/dict_cidr.[hc].
8330
Feature: TCP lookup table support, finally finished. Files:
8331
proto/tcp_table, proto/dict_tcp.[hc].
8335
Feature: new receive_override_options parameter controls
8336
what happens before or after an external content filter:
8337
rejecting unknown recipients, canonical and virtual address
8338
mapping, address masquerading, automatic BCC recipients
8339
and header/body checks. This eliminates the need to configure
8340
multiple cleanup services in the master.cf file.
8344
Feature: context dependent SASL security options (i.e.
8345
different options when TLS is enabled/disabled). Lutz
8346
Jaenicke. Files: */*sasl_glue.[hc].
8350
Hardened the attr_scan routines for exposure to an untrusted
8351
environment, in preparation for possible use with SMTP
8352
policy delegation to an external server.
8354
Feature: address filter for RBL lookups, for use with
8355
multi-valued RBL services. File: smtpd/smtpd_check.c.
8359
Cleanup: use off_t instead of int for VSTREAM file offsets.
8360
This was needed for mailboxes > 2GB on 32-bit systems.
8361
Files: util/vstream.c, global/mail_copy.c.
8365
Support for multiple A and TXT results in RBL lookups.
8366
Victor Duchovni, Morgan Stanley. File: smtpd/smtpd_check.c.
8368
Support for attribute-based query-reply protocols.
8369
Files: util/attr_clnt.[hc], util/auto_clnt.[hc].
8373
Support for plain "name=value\n" attribute protocol.
8374
Files: util/attr_{scan,print}_plain.c.
8376
Bugfix: the LMTP session caching code did not reset the
8377
EHLO server feature list when it needed to reconnect.
8378
Problem found by Tobias Erbsland.
8382
Feature: delegated SMTP policy server. As an example, see
8383
the greylisting server in examples/smtpd-policy. Specify
8384
"check_smtpd_policy_service" in smtpd_mumble_restrictions.
8385
See SMTPD_POLICY_SERVICE_README for details.
8389
Bugfix: in the sample policy server, changed "ok" into
8390
"dunno" so the server can be used in the middle of a
8393
Cleanup: when an RBL reply has multiple TXT records,
8394
concatenate them up to some reasonable limit, instead of
8395
selecting one randomly. File: smtpd/smtpd_check.c.
8397
Safety: always truncate SMTP server error replies to 512
8398
bytes. File: smtpd/smtpd_check.c.
8402
Documentation: added description of policy_time_limit to
8403
the SMTPD_POLICY_README document.
8405
Documentation: corrected the command time limit parameter
8406
syntax in the spawn(8) manual page.
8408
Feature: defer_if_permit and defer_if_reject actions in
8409
access tables, mainly for use by the delegated policy
8410
server. Files: smtpd/smtpd_check.c, proto/access.
8414
The dict_pgsql module did not use dict_alloc() and dict_free(),
8415
causing improper initialization and a memory leak. Leandro
8416
Santi. File: util/dict_pgsql.c.
8418
Cleanup: added open_flags sanity checks to the dict_pgsql
8419
and dict_mysql modules. These maps must be opened in
8424
Bugfix: virtual(8) was changed to use mail_addr_find()
8425
instead of virtual8_maps_find(), but the SMTP server's
8426
virtual mailbox recipient validation was not updated.
8430
Bugfix: the 20030712 safety against invalid DNS results
8431
was broken. Reported by Ralf Hildebrandt. File:
8436
Safety: the pipe daemon now defers delivery with a warning
8437
when it is given a non-existent command-line macro name.
8442
Bugfix: dict_ldap had a few harmless memory leaks. By
8443
Liviu Daia. File: util/dict_ldap.c.
8445
Feature: support for LDAP URLs in the LDAP parameter
8446
"server_host", if Postfix is linked against OpenLDAP. This
8447
allows Postfix to connect to LDAP SSL sources. By Liviu
8448
Daia. File: util/dict_ldap.c.
8453
Cleanup: produce a warning when host:port specifies a badly
8454
formatted numerical port. Files: util/find_inet.c,
8455
smtp/smtp_connect.c, lmtp/lmtp_connect.c.
8459
Feature: the export_environment and import_environment
8460
parameters now accept name=value information that will be
8461
entered into the new environment. File: util/clean_env.c.
8465
Feature: smtpd_sasl_exceptions_networks parameter to prevent
8466
Postfix from offering AUTH to clients that match the listed
8467
networks. Based on code by Ben Rosengart, Panix. Files:
8468
conf/sample-auth.cf, smtpd/smtpd.c.
8472
Portability: the Postfix master resets the file size to
8473
the largest possible off_t value when the actual limit
8474
appears to overflow the off_t range. Files: util/sys_defs.h,
8475
util/file_limit.c. A fine sample of bit banging.
8479
Workaround: Solaris 8 select() claims that a non-blocking
8480
socket is readable and then read() fails with EAGAIN. Files:
8481
util/timed_read.c and as precautionary measure,
8484
Bugfix: dict_register() should not be called from dict_open()
8485
in dict_mysql and dict_pgsql. Liviu Daia. Files:
8486
util/dict_mysql.c, util/dict_pgsql.c.
8488
Feature: LDAP parameters can now be specified in external
8489
files. This makes it possible to securely store bind
8490
passwords for plain auth outside of main.cf (which is world
8491
readable). By Liviu Daia, based on a suggestion by Victor
8492
Duchovni and Lamont Jones. File: util/dict_ldap.c.
8494
Feature: STARTTLS option for LDAP, if Postfix is linked
8495
against OpenLDAP. By Liviu Daia, amended by Victor Duchovni.
8496
File: util/dict_ldap.c.
8498
Cleanup: connections to LDAP sources are now postponed
8499
until they are actually needed. By Liviu Daia. File:
8504
The 20030905 Solaris workaround triggers too many warnings.
8505
TCP sockets are back to blocking, and keepalives are turned
8506
on to kill off dead sockets, as suggested by Leandro Santi.
8507
Files: master/{single,multi}_server.c, smtpd/smtpd.c,
8512
Bugfix: the LMTP session caching code had problems with
8513
SASL authentication after the first connection, and pipelining
8514
was working poorly. Fix by Victor Duchovni, Morgan Stanley.
8515
Files: lmtp/lmtp.c, lmtp/lmtp_proto.c.
8519
Workaround: besides SMTP server sockets, SMTP client sockets
8520
can also hang on Solaris, as reported by Leandro Santi. In
8521
order to deal with this at the root, all connection management
8522
is now done by sane_accept() and sane_connect(). Both turn
8523
on keepalives on Solaris.
8527
Safety: set-gid commands don't trust TZ. File: msg_syslog.c.
8531
Address extension propagation wasn't documented enough when
8532
it was added to Postfix. Based on patches by Roman Neuhauser.
8534
Added clarifying notes to main.cf, master.cf and access by
8537
In header/body_checks, DUNNO is now the preferred action
8538
instead of the now deprecated OK. This may confuse fewer
8541
In header/body_checks, allow text after IGNORE and DUNNO,
8542
suggested by Victor Duchovni, Morgan Stanley. File:
8543
src/cleanup/cleanup_message.c.
8545
Feature: reject_rhsbl_helo. File: smtpd/smtpd_check.c.
8547
Bugfix? The LMTP and SMTP clients now send "MAIL FROM:<sender>
8548
AUTH=<>" when SASL authenticated. Suggested by by Victor
8549
Duchovni, Morgan Stanley. Files: smtp/smtp_proto.c,
8554
Bugfix: mail rejected by the before-queue content filter
8555
was mis-labeled as a software error; it should be labeled
8556
as a policy error instead. File: smtpd/smtpd.c.
8558
Cleanup: postcat is now null-byte transparent. File:
8563
Feature: ``check_{sender,recipient}_mx_access maptype:mapname''
8564
applies the named Postfix access table to the MX host name
8565
and IP addresses for the sender or recipient address. If
8566
no MX record is found, the A record is used instead. File:
8567
smtpd/smtpd_check.c.
8569
Feature: ``check_{sender,recipient}_ns_access maptype:mapname''
8570
applies the named Postfix access table to the DNS server
8571
hostname and IP addresses for the sender or recipient
8572
address. If no NS record is found, the parent domain is
8573
used instead. File: smtpd/smtpd_check.c.
8577
Feature: ``check_helo_{ns,mx}_access maptype:mapname'',
8578
same semantics as sender and recipient.
8580
Multiple LDAP lookup tables in the one Postfix process now
8581
share one LDAP connection. Code by Victor Duchovni, Morgan
8582
Stanley. File: util/dict_ldap.c.
8584
Performance: with prefix_domain specified for an LDAP lookup
8585
table, lookups of @domain are skipped. Code by Victor
8586
Duchovni, Morgan Stanley. File: util/dict_ldap.c.
8588
Safety: check_mumble_{mx,ns}_access refuses to be used for
8589
whitelisting. The Postfix SMTP server will reject the
8590
request with "451 server configuration error" and will log
8591
a warning explaining why. File: smtpd/smtpd_check.c.
8595
Bugfix: check_mumble_ns_access did not correctly look up
8596
NS records of parent domains, causing mail to be deferred
8597
with a 450 status code. File: smtpd/smtpd_check.c.
8601
Robustness: check_mumble_{mx,ns}_access skip over DNS lookup
8602
failures instead of deferring mail. This is not as bad as
8603
it appears to be because the restrictions can't be used
8604
for whitelisting. File: smtpd/smtpd_check.c.
8608
Bugfix: the 20030917 LDAP connection sharing code introduced
8609
a compilation problem with non-OpenLDAP implementations.
8610
Fix by Liviu Daia. File: util/dict_ldap.c
8612
Compatibility: the LDAP server_host parameter now supports
8613
all the usual Postfix list element delimiters. Some LDAP
8614
libraries support just SPACE, others SPACE and ",". Postfix
8615
now normalizes the host list into a space separated format.
8616
This is less surprising to Postfix users used to the full
8617
range of delimeters in other contexts. Implemented by Liviu
8618
Daia. File: util/dict_ldap.c
8620
Bugfix: after returning too old mail, the bounce daemon
8621
now locks the original queue file and deletes deferred
8622
recipients, to avoid repeated bounce notifications when
8623
the queue manager is restarted. Files: bounce/*.[hc],
8624
global/bounce_log.[hc], global/{bounce,defer}.[hc] and
8625
everything that invokes these routines including queue
8626
manager and delivery agents.
8630
Feature: "XADDR address hostname" SMTP command, for SMTPD
8631
restriction debugging, and for sites with fetchmail-like
8632
software that extracts client information from the first
8633
Received: header. The smtpd_authorized_xaddr_clients
8634
parameter specifies what clients are allowed to use XADDR
8635
(default: none). Files: smtpd/smtpd.c.
8639
Workaround: smtpd access maps should not apply subdomain
8640
name magic to numerical hostnames. File: smtpd/smtpd_check.c.
8642
Safety: the local delivery agent now defers delivery when
8643
alias lookup produces an empty result. File: local/alias.c.
8647
Workaround: disable request/reply size limit in attr_scan*.c
8648
to prevent mail from getting stuck when rewriting a malformed
8649
message header. This limit was turned on with snapshot
8650
20030715 to harden the protocol that is used by SMTPD policy
8651
delegation. A "no code change" workaround is to specify
8652
"header_size_limit = $line_length_limit". The proper fix
8653
is to enforce request/reply size limits only for data from
8654
outside of Postfix. Problem reported by Brandon Mullenberg,
8655
Dialup USA. Files: util/attr_scan*.c.
8657
Feature: "XLOGINFO address hostname" SMTP command, so that
8658
Postfix daemons behind SMTPD pass-through proxies log useful
8659
client name/address information instead of localhost[127.0.0.1].
8660
The smtpd_authorized_xloginfo_clients parameter specifies
8661
what clients are allowed to use XLOGINFO (default: none).
8662
Files: smtpd/smtpd.c.
8664
Cleanup: renamed the authorized_verp_clients parameter to
8665
smtpd_authorized_verp_clients for consistency.
8669
Workaround: the demo greylist script now uses BTREE instead
8670
of HASH files for hopefully better stability. The real fix
8671
is to use a single updater process that serves multiple
8672
clients. That approach seems to work well with the verify
8673
daemon. File: examples/smtpd-policy/smtpd-policy.pl.
8677
Safety: the SMTP server now warns when the queue_minfree
8678
value is less than twice the message size limit. File:
8681
Safety: the SMTP server no longer accepts mail when the
8682
amount of free space is less than twice the message size
8683
limit. File: smtpd/smtpd_check.c.
8685
Safety: log a warning and defer mail when canonical or
8686
virtual lookups return a non-address result (like a string
8687
that contains no address). File: global/mail_addr_map.c.
8689
Safety: log a warning and defer mail when any map lookup
8690
returns an empty string result, and explain that "no result"
8691
is expected in case of a "not found" condition. This happens
8692
with incorrectly implemented SQL or LDAP tables. File:
8697
Bugfix: the MYSQL and PGSQL modules invoked dict_register().
8698
This was fixed a while ago but never made it into the
8699
distribution. Files: util/dict*sql.c.
8701
Robustness: added three ISSPACE() calls in the smtpd proxy
8702
parser. File: smtpd/smtpd_proxy.c.
8706
Portability: added localhost to mydestination for sites that
8707
turn off append_dot_mydomain. File: global/mail_params.h.
8711
Portability: MacOS X Bind8 compatibility. File: makedefs.
8715
Robustness: flush pipelined "." and "quit" replies to avoid
8716
repeated deliveries in case of a program crash (you know,
8717
the kind of thing that happens before Postfix release :-).
8718
File: smtpd/smtpd.c.
8722
Portability: turn off NETINFO support for MacOS X Panther
8723
by default. Files: makedefs, util/sys_defs.h.
8727
Feature: the sample greylist policy server is now case
8728
insensitive. File: examples/smtpd-policy/smtpd-policy.pl.
8732
Feature: preliminary defense against SMTP clients that
8733
hammer the SMTP server with too many simultaneous or
8734
successive connection attempts, with a whitelist capability
8735
to disable the restriction for authorized clients. Most
8736
work is implemented by a new "anvil" server. Parameters:
8737
smtpd_client_connection_count_limit, smtpd_client_connection-
8738
_rate_limit, smtpd_client_connection_limit_exceptions, and
8739
client_connection_rate_time_unit. Documentation: smtpd(8),
8740
anvil(8), sample-smtpd.cf. Files: smtpd/smtpd.c,
8741
global/anvil_clnt.[hc], anvil/anvil.c. The anvil server
8742
logs peak count and rate information per client when it
8743
terminates after running out of work or after "postfix
8748
Cleanup: Postfix now supports the /0 netmask (match every
8749
address). This is useful as a catch-all pattern at the
8750
end of a table. Files: util/dict_cidr.c, util/match_ops.c.
8752
Cleanup: don't report that $queue_directory/etc/filename
8753
differs from /etc/filename when /etc/filename does not
8754
exist. File: conf/postfix-script.
8758
Feature: client_connection_status_update_time parameter
8759
controls periodic logging of maximal connection counts or
8760
rates. The default logging interval is 10 minutes.
8762
Feature: "make makefiles WARN=stuff..." overrides the
8763
built-in GCC warning options that are used when "make" is
8764
invoked from within a source subdirectory. Files: makedefs,
8769
Feature: qmgr logs "queueid: deleted", just like postsuper,
8770
when it removes a message from the mail queue.
8772
Performance: smtpd connects to the cleanup or proxy server
8773
AFTER the first valid RCPT TO command, instead of after
8774
the first valid MAIL FROM command. This avoid wasting
8775
real-time proxy filter resources when mail is stopped by
8776
the SMTP server's access blocks. File: smtpd/smtpd.c.
8780
Bugfix: "panic: mymalloc: requested length 0" when master.cf
8781
specified an invalid host name or address. Postfix now
8782
logs more specific information. File: master/master_ent.c.
8783
Reported by several people.
8787
Feature: XCLIENT support to override the SMTP server's
8788
client information for logging and/or access control. This
8789
replaces the short-lived XADDR and XLOGINFO extensions.
8790
Remotely based on code by Victor Duchovni. See FILTER_README
8791
and SMTPD_PROXY_README for usage details. Files:
8792
smtpd/{smtpd,smtpd_check,smtpd_proxy,smtpd_xclient}.c
8793
smtp/smtp_smtp_proto.c, *qmgr/qmgr_message.c,
8794
global/deliver_request.c.
8798
Cleanup: postfix-files now has support for files that are
8799
no longer part of Postfix. When upgrading Postfix, the
8800
post-install script gives the user a reminder. Files:
8801
conf/postfix-files, conf/post-install.
8805
Support for SMTPD access map actions (FILTER, REDIRECT,
8806
HOLD or DISCARD) that are delegated to the cleanup server,
8807
but can trigger before the first valid recipient address
8808
is accepted (and thus, before a cleanup server connection
8809
is available). Files: smtpd/{smtpd,smtpd_state,smtpd_check}.c.
8813
Bugfix: conf/post-install didn't skip non-existent obsolete
8814
files. Victor Duchovni.
8816
Minor cleanups of the xclient error messages; xclient
8817
command lookup tables. File: smtpd/smtpd.c.
8821
Feature: reject_sender_login_mismatch allows multiple owners
8822
of a sender address. Code by Liviu Daia. Files:
8823
smtpd/smtpd_check.c and documentation.
8825
reject_sender_login_mismatch is now implemented by elementary
8826
features reject_unauthenticated_sender_login_mismatch
8827
(reject if the client is not SASL logged in but the sender
8828
address has an owner in smtpd_sender_login_maps) and
8829
reject_authenticated_sender_login_mismatch (reject if the
8830
client is SASL logged in but does not own the sender
8831
address). Code by Liviu Daia. Files: smtpd/smtpd_check.c
8836
Bugfix: fallback_transport and mailbox_transport were broken
8837
because the deliver_pass.c module was not updated for the
8838
changed message delivery protocol.
8842
Safety: in dynamically growing data structures, update the
8843
length info after (instead of before) updating the data
8844
size. Files: util/argv.c, util/inet_addrlist.c, util/intv.c,
8845
util/mvect.c, util/vstring.c, global/recipient_list.c,
8846
*qmgr/qmgr_rcpt_list.c.
8850
Cleanup: separate extensions XCLIENT (impersonate SMTP
8851
client) and XFORWARD (down-stream logging of up-stream MTA
8852
and/or message information, not necessarily SMTP related).
8853
The protocol is extensible: the server advertises what
8854
attributes XCLIENT or XFORWARD will accept, and it is an
8855
error to send an unsupported attribute. No xtext encoding
8856
is used, since no attribute currently needs it. See also:
8857
XCLIENT_README and XFORWARD_README.
8861
Feature: XFORWARD support in the LMTP client.
8865
Safety: updated mail_queue_id_ok() for long fast flush
8866
logfile names. File: global/mail_queue.c.
8868
Robustness: save and restore the resolver _res.options
8869
settings before and after DNS lookup, to avoid surprises
8870
in third-party code. This may eliminate some "localhost
8871
not found" problems. File: dns/dns_lookup.c.
8875
Cleanup: easier to parse mailq output (no more space
8876
between short queue ID and message status). File:
8881
Cleanup: the SMTP client now moves on to the next MX host
8882
or fallback relay when delivery fails in the middle of an
8883
SMTP session. This includes both broken connections and
8884
4xx SMTP server replies. Files: smtp/smtp.c, smtp_rcpt.c,
8885
smtp/smtp_connect.c, smtp_trouble.c.
8887
Configuration parameters: smtp_mx_address_limit (limit the
8888
list of IP addresses from MX lookup), and smtp_mx_session_limit
8889
(limit the number of actual SMTP sessions per delivery
8890
attempt, ignoring unusable MX IP addresses).
8892
The new code centers around a mark-and-sweep algorithm
8893
(replacing code that twiddled the rcpt->offset structure
8894
member), with paranoid sanity checks to ensure that every
8895
recipient is explicitly accounted for.
8899
Update: LDAP client logging (Liviu Daia) and LDAP client
8900
documentation (Victor Duchovni). Files: util/dict_ldap.c,
8901
conf/sample-ldap.cf, README_FILES/LDAP_README.
8905
Cleanup: shaved half the worst-case bits off the cleanup
8906
duplicate address filter footprint. After discussion with
8907
Victor Duchovni. File: cleanup/cleanup_out_recipient.c.
8909
Safety: added "mail loops to myself" logic for destinations
8910
that don't have an MX host. File: smtp/smtp_addr.c.
8914
Workaround: turn off "mail loops to myself" for non-MX
8915
destinations because it breaks SMTP-based content filters.
8916
Fix is to turn off loop detection when a non-default TCP
8917
port is specified. File: smtp/smtp_addr.c.
8919
Bugfix: restore errno after write failure in SIGCHLD handler.
8920
Leandro Santi (who got the idea from Hernan Perez Masci).
8921
File: master/master_sig.c.
8923
Bugfix: the auto_clnt module disconnected too early, causing
8924
unnecessary work by the anvil server.
8926
Cleanup: eliminated binary hashes from anvil server. Anvil
8927
client information is now stored on top of its VSTREAM.
8931
Feature: bounce_queue_lifetime parameter (default:
8932
$maximal_queue_life_time) that bounds the time that
8933
MAILER-DAEMON messages spend in the queue before they are
8934
considered undeliverable.
8936
Feature: disable "mail loops back to myself" protection
8937
when SMTP mail is sent to a non-standard port. This makes
8938
setting up content filters less painful.
8940
Cleanup: disallow bare x.x.x.x numeric IP addresses in
8941
email addresses. The form user@[x.x.x.x] is still allowed.
8943
Cleanup: cleaned up the naming of internal symbols in the
8948
Bugfix: stricter address syntax test broke "sendmail -bs".
8949
File: smtpd/smtpd.c.
8953
Cleanup: the Postfix SMTP server rejects a MAIL FROM address
8954
that matches a local, virtual or relay domain, while the
8955
address is not listed in the corresponding local, virtual
8956
or relay recipient table.
8958
Feature: the reject_unlisted_sender(recipient) SMTPD access
8959
restriction rejects an address that matches a local, virtual
8960
or relay domain, while the address is not listed in the
8961
corresponding local, virtual or relay recipient table.
8963
Compatibility: the check_recipient_maps restriction works
8964
like reject_unlisted_recipient, but will eventually be
8965
removed from Postfix.
8969
Misc documentation cleanup by Loic Minier.
8973
Workaround: MacOSX dumps core on the 20030913 TZ censoring
8974
code. We explictly set TZ=UTC, which will produce incorrect
8975
results when "mailq" formatting is moved from the showq
8976
daemon to the postqueue command. File: msg_syslog.c.
8978
Feature: after mail is requeued with "postsuper -r", the
8979
pickup server logs the old queue ID together with the new
8980
queue ID. Victor Duchovni. File: pickup/pickup.c.
8982
Feature: smtpd_sasl_application_name parameter (default:
8983
smtpd) to control the name of the SASL configuration file
8984
used by the Postfix SMTP server. Liviu Daia. Files:
8985
mail_params.h, smtpd.c, smtpd_sasl_glue.c.
8987
Cleanup: the LDAP client configuration parser is now shared
8988
between the LDAP, MySQL, and PGSQL clients. Liviu Daia.
8989
Files: global/cfgparser.[hc], global/dict_ldap.c,
8990
global/dict_mysql.c, global/dict_pgsql.c and documentation.
8992
Cleanup: moved "util" modules with dependencies on higher-level
8993
"global" code from the util directory to the global directory:
8994
util/dict_open.c, global/cfgparser.[hc], global/dict_ldap.c,
8995
global/dict_mysql.c, global/dict_pgsql.c, global/mail_dict.c.
8997
Cleanup: the new queue manager nqmgr replaces the default
8998
queue manager qmgr, leaving behind a hard link for backwards
8999
compatibility. The old queue manager remains available as
9000
as oqmgr but will eventually be removed.
9002
Bugfix: vstring_get() etc. now return VSTREAM_EOF when they
9003
terminate prematurely, instead of returning the last
9004
character stored. This avoids mis-leading warnings. File:
9005
global/vstring_vstream.c.
9009
Cleanup: don't bother the flush daemon while deferring mail
9010
if the destination is not "fast flush" eligible. File:
9011
global/flush_clnt.c.
9013
Safety: the SMTP server flushes recipients to the cleanup
9014
server in order to avoid SMTP timeouts when virtual or
9015
canonical expansions take a lot of time. File smtpd/smtpd.c.
9017
Safety: add warnings to postmap and postalias when table
9018
lookup results in an empty string.
9022
Example: script to run qmail-local from Postfix by Ron
9025
Change: queue minfree limit is now 1.5 * message size limit.
9026
File: smtpd/smtpd_check.c.
9028
Bugfix: apply hostname restriction even when host address
9029
lookup fails in check_{sender,recipient}_{ns,mx}_access.
9030
File: smtpd/smtpd_check.c.
9034
Performance: allow delivery concurrency to increase even
9035
while mail is deferred, as long as the delivery agent does
9036
not report really serious trouble with the destination.
9037
Files: *qmgr/qmgr_deliver.c.
9039
Cleanup: in postfix-files, symbolic links and hard links
9040
are now first-class citizens with explicit mention of
9041
source and destination pathnames. Files: postfix-install,
9042
conf/postfix-files, conf/post-install.
9046
Cleanup: sendmail -v caused one mail delivery report upon
9047
every delivery attempt, not just the first one. The fix is
9048
to "kill" a queue file record after the first delivery
9049
attempt. This means a new record type. Files: *qmgr/qmgr_active.c,
9050
*qmgr/qmgr_message.c, global/rec_type.c.
9052
Cleanup: in anticipation of other built-in rate limiters,
9053
the client_connection_rate_time_unit parameter is renamed
9054
to client_rate_time_unit.
9056
Documentation: finished the HOSTING_README file with an
9057
overview of methods to host domains with Postfix.
9061
Bugfix: anvil (count and rate limiting) server race condition
9062
could result in dangling pointer. Postfix erases memory
9063
after allocating and before freeing, so it is extremely
9064
unlikely that this could be used to bring harmful data into
9065
the anvil server. File anvil/anvil.c.
9069
Cleanup: new header_checks(5) and body_checks(5) manual
9070
pages. The sample-regexp* and sample-pcre* files are no
9071
longer needed and have been removed, as are the default
9072
*_table configuration files.
9074
Cleanup: support for the non-standard Errors-To: header
9075
is removed. File: cleanup/cleanup_message.c.
9079
Feature: "PREPEND headername: headervalue" action in Postfix
9080
access maps, to facilitate external policy servers that
9081
label mail instead of rejecting it. Files: smtpd/smtpd.c,
9082
smtpd/smtpd_check.c.
9086
UNDO the 20040104 change (vstring_get() etc. return
9087
VSTREAM_EOF when they terminate prematurely, instead of
9088
returning the last character stored, to avoid mis-leading
9089
warnings). File: global/vstring_vstream.c.
9091
Portability: test -e is not portable. File: conf/postfix-script.
9093
Misc. documentation fixes by Victor Duchovni.
9095
Documentation: the README files are now hyperlinked, and
9096
are referenced in the on-line manual pages.
9098
Bugfix: the pickup daemon now strokes the watchdog frequently
9099
to prevent the watchdog from barking when mail arrives
9100
faster than it can be picked up. File: pickup/pickup.c.
9104
Feature: set smtpd_reject_unlisted_{sender,recipient}=no to
9105
turn off automatic rejection of non-existent local, virtual
9106
or relay addresses. This way it can be made conditional
9107
for local clients, always on for remote clients. Files:
9108
global/mail_params.h, smtpd/smtpd.c, smtpd/smtpd_check.c.
9112
Feature: PREPEND in header/body_checks, for message tagging.
9113
File: cleanup/cleanup_message.c.
9117
Safety: handle the case that main.cf is updated while it is
9118
being read. File: util/dict.c.
9120
Feature: "instance" attribute that links policy etc. queries
9121
to the same message instance.
9123
Cleanup: the mynetworks setting may now be empty. File:
9124
global/mail_params.c.
9128
Bugfix: missing flush_init() call. Introduced 20040105.
9129
File: postqueue/postqueue.c.
9133
Cleanup: clnt_stream derived classes now try to detect that
9134
the server has disconnected before sending data and warning
9135
about an error. File: global/clnt_stream.c.
9139
Bugfix: changed mis-leading warning about text>4096 characters
9140
into "unexpected end-of-input". File: util/attr_scan0.c.
9144
Feature: sasl_method, sasl_username and sasl_sender attributes
9145
in smtpd policy queries. Files: src/smtpd/smtpd_check.c.
9149
Safety: smtpd_soft_error_limit now determines when
9150
$smtpd_error_sleep_time starts to take effect.
9152
Cleanup: local(8) and virtual(8) will now create maildirs
9153
in a world-writable directory. Files: util/make_dirs.c.
9155
Bugfix: don't panic on a corrupt queue file. File:
9156
*qmgr/qmgr_message.c.
9160
Cleanup: sample-filter.cf is gone. Better documentation is
9161
available with "man header_checks".
9165
Bugfix: when delivery to smtpd_proxy_filter fails, report
9166
"451 Queue file write error" instead of repeating the
9167
previous "354 End data with <CR><LF>.<CR><LF>" response.
9168
File: smtpd/smtpd.c.
9172
Compatibility: accept and ignore the sendmail -bh and -bH
9173
mode of operation requests.
9177
Bugfix: SMTPD proxy didn't send QUIT as the result of code
9178
duplication. Evidence reported by Mark Martinec. File:
9183
Bugfix: bad address syntax was passed to transport map
9184
lookups. Problem reported by Andrei Koulik. File:
9185
util/match_ops.c, trivial-rewrite/resolve.c.
9189
Portability: ekkoBSD support by Philip Reynolds.
9190
Files: makedefs, util/sys_defs.h.
9194
Cleanup: smtp_skip_4xx_greeting and smtp_skip_5xx_greeting
9195
functionality is moved from connection management to SMTP
9196
protocol processing, so that Postfix now logs the server
9197
response when a server refuses to provide service. Files:
9198
smtp/smtp_connect.c, smtp/smtp_proto.c.
9200
Cleanup: smtp_skip_4xx_greeting is no longer configurable;
9201
it is now permanently turned on.
9205
Workaround: in the trivial-rewrite server, turn on the code
9206
to strip trailing "." while rewriting addresses, and change
9207
the address resolver to strip trailing "." in a compatible
9208
manner. This does not eliminate the problem that the SMTP
9209
server may use a different address for recipient validation
9210
than what the cleanup server uses for virtual alias mapping.
9214
Bugfix: the SMTP server did not log client (and SASL)
9215
information with the real-time content filter was enabled.
9216
Files: smtpd/smtpd.c, smtpd/smtpd_sasl_proto.c.
9218
Compatibility: smtpd_reject_unlisted_sender is turned off
9219
by default, to avoid trouble with with in-house software
9220
that sends out mail software with an unreplyable address.
9224
Bugfix: postdrop should not abandon mail submission after
9225
receiving a SIGHUP signal when SIGHUP was ignored by the
9226
parent process. Victor Duchovni, Morgan Stanley. File:
9227
postdrop/postdrop.c.
9229
Bugfix: parsing bug in PgSQL dictionaries causing UNIX
9230
sockets to be ignored. Liviu Daia. Files: global/dict*sql.c.
9232
Performance: allow MySQL and PgSQL database connections to
9233
be closed when idle for more than 1 minute; Liviu Daia.
9234
Files: global/dict*sql.c.
9238
Sanity: the SMTP server no longer accepts sender or recipient
9239
addresses that end in the "@" null domain, as well as
9240
addresses that rewrite into such a form. Specify
9241
"resolve_null_domain=yes" to get the old behavior back.
9242
File: trivial-rewrite/resolve.c.
9246
Cleanup: added WARN action support for access maps, for
9247
consistency with the WARN action in header and body checks.
9248
File: smtpd/smtpd_check.c.
9252
Bugfix: missing return statement at the end of the
9253
FREE_MEMORY_AND_RETURN error handling macro. Adi Prasaja.
9254
File: trivial-rewrite/resolve.c.
9258
Future proofing: client_rate_time_unit is renamed to
9259
anvil_rate_time_unit, so that it is no longer limited to
9260
clients only. File: src/global/mail_params.h.
9262
Cleanup: postalias and postmap now log problems to syslogd.
9263
Files: postalias/postalias.c, postmap/postmap.c.
9267
Feature: "postfix set-permissions" (re)sets ownership and
9268
access permissions of Postfix files and directories.
9270
Feature: "postfix upgrade-configuration" updates main.cf
9271
and master.cf. This is for people who people copy over
9272
their old files after installing a newer Postfix version.
9274
Feature: HTML files are now optionally installed under
9275
control of the html_directory configuration parameter.
9276
Files: postfix-install, conf/postfix-files, conf/post-install.
9278
Cleanup: README file installation is now optional. Files:
9279
postfix-install, conf/postfix-files, conf/post-install.
9283
Cleanup: references to sample-mumble.cf files removed,
9284
conf/mumble_table files removed, new commands added to
9285
conf/postfix-script.
9287
Cleanups: function declared in but used as void, missing
9288
include file, missing const qualifier, unused variable.
9289
Matthias Andree. Files: bounce/bounce_notify_util.c,
9290
bounce/bounce_service.h, postlog/postlog.c, smtpd/smtpd_check.c,
9293
Bugfix: more robust version of SIGHUP test of 20040331.
9294
Victor Duchovni, Morgan Stanley. File: postdrop/postdrop.c.
9296
Safety: added NOCLOBBER qualifiers to local variables that
9297
might be clobbered by longjmp(). Files: util/sys_defs.h,
9298
smtp/smtp_proto.c, lmtp/lmtp_proto.c, smtpd/smtpd_check.c,
9299
smtpstone/smtp-source.c.
9301
Bugfix: sub-level Makefiles no longer turned on the extra
9302
compiler warnings. Files: Makefile.in.*, makedefs.*.
9306
Bugfix: the LMTP client attempted to reuse a connection
9307
after timeout, causing protocol synchronization errors.
9308
Reported by Rob Mueller. File: lmtp/lmtp.c.
9312
Cleanup: non-delivery reports now include the original
9313
recipient information. File: bounce/bounce_notify_util.c.
9317
Typos: many documentation fixes by Rob Foehl.
9321
Cleanup: "int" versus "const int" prototype mismatch between
9322
the DICT sequence method prototype and possible implementations.
9323
Files: util/dict_db.c, util/dict_dbm.c.
9327
Bugfix: the code that rejects client/helo RESTRICTIONS with
9328
smtpd_delay_reject=no looked at the wrong evidence and
9329
rejected client/helo ACCESS MAP lookups instead. Michael
9330
Tokarev. Files: smtpd/smtpd.c, smtpd/smtpd_check.c.
9332
Bugfix: missing # in master.cf in optional submission
9337
Bugfix: smtpd logged the client too often. Michael Tokarev.
9338
File: smtpd/smtpd.c.
9340
Cleanup: client_event_status_update_time renamed to
9341
anvil_status_update_time. Files: mantools/postlink,
9342
proto/postconf.proto, anvil/anvil.c.
9346
Workaround: allow pipelined SMTP clients to overshoot the
9347
SMTP server recipient limit without triggering the server
9348
hard error limit. The SMTP server does not count "too many
9349
recipients" towards the hard error limit, as long as the
9350
number of excess recipients stays within a configurable
9351
overshoot limit (default: smtpd_recipient_overshoot_limit
9352
= 1000). Solution in cooperation with Victor Duchovni.
9353
Files: smtpd/smtpd.c, smtpd/smtpd_state.c, smtpd/smtpd.h.
9357
Bugfix: missing "sasl enabled" guard in the SMTPD policy
9358
client. File: smtpd/smtpd_check.c.
9362
Bugfix: the SMTP client did not reset per-session EHLO,
9363
SASL, and history information when opening a connection to
9364
an alternate SMTP server. This is the result of abstraction
9365
no longer matching function. Reported and diagnosed by
9366
Victor Duchovni, Morgan Stanley.
9368
Bugfix: non-portable reuse of variadic argument lists.
9369
Fix by Victor Duchovni, Morgan Stanley. Files: global/bounce.c,
9370
global/defer.c, global/sent.c, global/trace.c, global/verify.c.
9372
Portability: NetBSD 2.0 has changed from statfs to statvfs.
9373
John Heasley. File: util/sys_defs.h.
9375
Documentation: typo fixes by IKEDA Nozomu.
9379
Bugfix: one missed variadic argument list fix. Victor
9380
Duchovni, Morgan Stanley. File: global/verify.c.
9382
Bugfix: the resolver client cache should be context dependent
9383
because address verification probes may use a different
9384
route than normal mail deliveries. File: global/resolve_clnt.c.
9386
Safety: added similar context dependence to the address
9387
rewriting client in order to avoid trouble when Postfix is
9388
changed. File: global/rewrite_clnt.c.
9390
Bugfix: space in HELO commands could end up in XFORWARD
9391
commands. File: smtpd/smtpd.c.
9395
Bugfix: more missing resets in the SMTP client when it
9396
switches to an alternate SMTP server. In this case the
9397
error_mask that controls whether an SMTP session transcript
9398
is mailed to the postmaster, and the size_limit that controls
9399
how large a message Postfix will send. Found during code
9400
maintenance. File: smtp/smtp_connect.c.
9404
Safety: when mail is delivered to a transport with per-delivery
9405
recipient limit of 1, split the recipient address on the
9406
recipient delimiter if one is defined, so that extended
9407
addresses don't get extra delivery concurrency slots.
9408
Files: *qmgr/qmgr_message.c.
9412
Bugfix: the code to eliminate the local MTA from the MX
9413
address list did not handle the case that inet_interfaces
9414
produced a less preferred match than proxy_interfaces.
9415
Victor Duchovni, Morgan Stanley. File: smtp/smtp_addr.c.
9419
Safety: spawn(8) now rejects a user with the -1 UID or GID
9420
value, so that commands will not end up running as root.
9421
Files: util/spawn_command.c, spawn/spawn.c.
9423
Bugfix: "421 Timeout exceeded" wasn't guarded by setjmp().
9424
Victor Duchovni, Morgan Stanley. File: smtpd/smtpd.c.
9428
Portability: h_errno is not an lvalue in the UnixWare 7.1
9429
multi-threaded environment. Olivier PRENANT.
9433
Bugfix: update SMTP server error counter when a client is
9434
denied access with smtpd_delay_reject=no.
9438
Bugfix: The smtp_chat_cmd() output flushing code in the
9439
SMTP client could run before an I/O error handler was set
9440
up. Problem diagnosed by Victor Duchovni, Morgan Stanley.
9441
The fix is to disable the smtp_chat_cmd() output flushing
9442
code as it duplicates better code in smtp_loop(). File:
9447
Bugfix: vstream_popen() did not close the child pipe after
9448
failure to fork(). File: util/vstream_popen.c.
9452
Bugfix (introduced 20020803): sent the wrong bounce message
9453
type when a Delivered-To: loop was detected for a mailing
9454
list alias. Nicolas Riendeau. File: bounce_notify_util.c.