![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / mail / postfix
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.206 / (download) - annotate - [select for diffs], Sat Jul 15 14:56:26 2023 UTC (4 months, 3 weeks ago) by otis
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base,
pkgsrc-2023Q3,
HEAD
Changes since 1.205: +4 -4
lines
Diff to previous 1.205 (colored)
postfix: Update to 3.8.1 Major changes with Postfix 3.8.1 ================================ - Security: the Postfix SMTP server optionally disconnects remote SMTP clients that violate RFC 2920 (or 5321) command pipelining constraints. The server replies with "554 5.5.0 Error: SMTP protocol synchronization" and logs the unexpected remote SMTP client input. Specify "smtpd_forbid_unauth_pipelining = yes" to enable. This feature is enabled by default in Postfix 3.9 and later. - Workaround to limit collateral damage from OS distributions that crank up security to 11, increasing the number of plaintext email deliveries. This introduces basic OpenSSL configuration file support, with two new parameters "tls_config_file" and "tls_config_name". Details are in the postconf(5) manpage under "tls_config_file" and "tls_config_name". Full release notes: http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.8.1.RELEASE_NOTES
Revision 1.205 / (download) - annotate - [select for diffs], Mon May 8 04:30:44 2023 UTC (7 months ago) by triaxx
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base,
pkgsrc-2023Q2
Changes since 1.204: +4 -4
lines
Diff to previous 1.204 (colored)
postfix: Update to 3.8.0
upstream changes:
-----------------
Postfix 3.7.8
o Support to look up DNS SRV records in the Postfix SMTP/LMTP client, Based
on code by Tomas Korbar (Red Hat). For example, with "use_srv_lookup =
submission" and "relayhost = example.com:submission", the Postfix SMTP
client will look up DNS SRV records for _submission._tcp.example.com, and
will relay email through the hosts and ports that are specified with those
records.
o TLS obsolescence: Postfix now treats the "export" and "low" cipher grade
settings as "medium". The "export" and "low" grades are no longer supported
in OpenSSL 1.1.1, the minimum version required in Postfix 3.6.0 and later.
Also, Postfix default settings now exclude deprecated or unused ciphers
(SEED, IDEA, 3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms
(DH, ECDH), and public key algorithm (DSS).
o Attack resistance: the Postfix SMTP server can now aggregate
smtpd_client_*_rate and smtpd_client_*_count statistics by network block
instead of by IP address, to raise the bar against a memory exhaustion
attack in the anvil(8) server; Postfix TLS support unconditionally disables
TLS renegotiation in the middle of an SMTP connection, to avoid a CPU
exhaustion attack.
o The PostgreSQL client encoding is now configurable with the "encoding"
Postfix configuration file attribute. The default is "UTF8". Previously the
encoding was hard-coded as "LATIN1", which is not useful in the context of
SMTP.
o The postconf command now warns for #comment in or after a Postfix parameter
value. Postfix programs do not support #comment after other text, and treat
that as input.
Revision 1.204 / (download) - annotate - [select for diffs], Sat Jan 28 09:28:30 2023 UTC (10 months, 1 week ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base,
pkgsrc-2023Q1
Changes since 1.203: +5 -5
lines
Diff to previous 1.203 (colored)
mail/postfix: update to 3.7.4
Postfix 3.7.4 (2023-01-22)
* Workaround: with OpenSSL 3 and later always turn on
SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
opportunities for TLS session reuse. This is safe because the SMTP
protocol implements application-level framing, and is therefore not
affected by TLS truncation attacks. Fix by Viktor Dukhovni.
* Workaround: OpenSSL 3.x EVP_get_digestbyname() can return
lazily-bound handles for digest implementations. In sufficiently
hostile configurations, Postfix could mistakenly believe that a digest
algorithm is available, and fail when it is not. A similar workaround
may be needed for EVP_get_cipherbyname(). Fix by Viktor Dukhovni.
* Bugfix (bug introduced in Postfix 2.11): the checkok() macro in
tls/tls_fprint.c evaluated its argument unconditionally; it should
evaluate the argument only if there was no prior error. Found during
code review.
* Bugfix (bug introduced in Postfix 2.8): postscreen died with a
segmentation violation when postscreen_dnsbl_threshold < 1. It
should reject such input with a fatal error instead. Discovered by
Benny Pedersen.
* Bitrot: fixes for linker warnings from newer Darwin (MacOS)
versions. Viktor Dukhovni.
* Portability: Linux 6 support.
* Added missing documentation that cidr:, pcre: and regexp: tables
support inline specification only in Postfix 3.7 and later.
Revision 1.203 / (download) - annotate - [select for diffs], Sat Oct 15 20:34:57 2022 UTC (13 months, 3 weeks ago) by triaxx
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base,
pkgsrc-2022Q4
Changes since 1.202: +5 -5
lines
Diff to previous 1.202 (colored)
postfix: Update to 3.7.3
upstream changes:
Postfix 3.7.3
o This fixes a bug where some messages were not delivered after "warning:
Unexpected record type 'X'.
Revision 1.202 / (download) - annotate - [select for diffs], Thu Jul 21 15:08:39 2022 UTC (16 months, 3 weeks ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base,
pkgsrc-2022Q3
Changes since 1.201: +6 -6
lines
Diff to previous 1.201 (colored)
mail/postfix: update to 3.7.2
3.7.0 (2022-02-07)
* Support to inline the content of small cidr:, pcre:, and regexp:
tables in Postfix parameter values. An example is the new
smtpd_forbidden_commands default value, "CONNECT GET POST
regexp:{{/^[^A-Z]/ Thrash}}", to quickly drop connections from
clients that send garbage.
* To make the maillog_file feature more useful, including stdout
logging from a container, the postlog(1) command is now set-gid
postdrop, so that unprivileged programs can use it to write
logging through the postlogd(8) daemon. This required hardening
the postlog(1) command against privilege escalation attacks.
* Support for library APIs: OpenSSL 3.0.0, PCRE2, Berkeley DB 18.
* Postfix programs now randomize the initial state of in-memory
hash tables, to defend against hash collision attacks involving
a large number of attacker-chosen lookup keys. Presently, the
only known opportunity for such attacks involves remote SMTP
client IPv6 addresses in the anvil(8) service, and requires
making hundreds of short-lived connections per second while
cycling through thousands of different client IP addresses.
* Updated defense against remote clients or servers that 'trickle'
SMTP or LMTP traffic. This replaces the old per-record deadlines
with per-request deadlines and minimum data rates.
* Many typofixes by raf and Wietse.
3.7.1 (2022-04-18)
* (problem introduced: Postfix 2.7) The milter_header_checks maps
are now opened before the cleanup(8) server enters the chroot
jail. Problem reported by Jesper Dybdal.
* In an internal client module, "host or service not found" was
a fatal error, causing the milter_default_action setting to be
ignored. It is now a non-fatal error, just like a failure to
connect. Problem reported by Christian Degenkolb.
* The proxy_read_maps default value was missing up to 27 parameter
names. The corresponding lookup tables were not automatically
authorized for use with the proxymap(8) service. The parameter
names were ending in _checks, _reply_footer, _reply_filter,
_command_filter, and _delivery_status_filter.
* (problem introduced: Postfix 3.0) With dynamic map loading
enabled, an attempt to create a map with "postmap regexp:path"
would result in a bogus error message "Is the postfix-regexp
package installed?" instead of "unsupported map type for this
operation". This happened with all non-dynamic map types (static,
cidr, etc.) that have no 'bulk create' support. Problem reported
by Greg Klanderman.
* In PCRE_README, "pcre2 --libs" should be "pcre2 --libs8". Problem
reported by Carlos Velasco.
* Documented in the postlogd(8) daemon manpage that the Postfix
>= 3.7 postlog(1) command can run with setgid permissions.
3.7.2 (2022-04-28)
This reverts an overly complex change in the postscreen SMTP engine
(made during Postfix 3.7 development), and replaces it with much
simpler code. The bad change was crashing postscreen on some systems
after receiving malformed input (for example, a TLS "hello" message).
Revision 1.201 / (download) - annotate - [select for diffs], Sat Jun 11 10:27:04 2022 UTC (18 months ago) by bsiegert
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base,
pkgsrc-2022Q2
Changes since 1.200: +2 -2
lines
Diff to previous 1.200 (colored)
postfix: FreeBSD 13 support makedefs already contains the FreeBSD 12 stanza but not version 13. From cubadevelop via Github Pull Request. Fixes NetBSD/pkgsrc#97
Revision 1.200 / (download) - annotate - [select for diffs], Wed Jan 26 17:41:31 2022 UTC (22 months, 2 weeks ago) by triaxx
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base,
pkgsrc-2022Q1
Changes since 1.199: +4 -4
lines
Diff to previous 1.199 (colored)
postfix: Update to 3.6.4
upstream changes:
-----------------
Fixed in Postfix 3.6.4, 3.5.14, 3.4.24, 3.3.21:
o Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient
entries in postconf output. This was caused by an incomplete fix to send
SMTP session transcripts to $bounce_notice_recipient. Reported by Vincent
Lefevre.
o Bug introduced in Postfix 3.0: the proxymap daemon did not automatically
authorize proxied maps inside pipemap (example:
pipemap:{proxy:maptype:mapname, ...}) or inside unionmap. Problem reported
by Mirko Vogt.
o Bug introduced in Postfix 2.5: off-by-one error while writing a string
terminator. This code passed all memory corruption tests, presumably
because it wrote over an alignment padding byte, or over an adjacent
character byte that was never read. Reported by Robert Siemer.
Fixed in Postfix 3.6.4, 3.5.14, 3.4.24:
o The proxymap daemon did not automatically authorize map features added
after Postfix 3.3, caused by missing *_maps parameter names in the
proxy_read_maps default value. Found during code maintenance.
Revision 1.199 / (download) - annotate - [select for diffs], Mon Nov 8 13:58:09 2021 UTC (2 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base,
pkgsrc-2021Q4
Changes since 1.198: +4 -4
lines
Diff to previous 1.198 (colored)
mail/postfix: update to 3.6.3
Quote from release announce:
Fixed in Postfix 3.6.3, 3.5.13, 3.4.23, 3.3.20:
* (problem introduced in Postfix 2.4, released in 2007): queue
file corruption after a Milter (for example, MIMEDefang) made
a request to replace the message body with a copy of that message
body plus additional text (for example, a SpamAssassin report).
The most likely impacts were a) the queue manager reporting a
fatal error resulting in email delivery delays, or b) the queue
manager reporting the corruption and moving the message to the
corrupt queue for damaged messages.
However, a determined adversary could craft an email message
that would trigger the bug, and insert into its queue file a
content filter destination or a redirect email address. Postfix
would then deliver the message headers there, in most cases
without delivering the message body. With enough experimentation,
an attacker could make Postfix deliver both the message headers
and body.
Some details of a successful attack depend on the Milter
implementation, and on the Postfix and Milter configuration
details; these can be determined remotely through experimentation.
Failed experiments may be detected when the queue manager
terminates with a fatal error, or when the queue manager moves
damaged files to the "corrupt" queue as evidence.
Technical details: when Postfix executes a "replace body" Milter
request it will reuse queue file storage that was used by the
existing email message body. If the new body is larger, Postfix
will append body content to the end of the queue file. The
corruption happened when a Milter (for example, MIMEDefang)
made a request to replace the body of a message with a new body
that contained a copy of the original body plus some new text,
and the original body contained a line longer than $line_length_limit
bytes (for example, an image encoded in base64 without hard or
soft line breaks). In queue files, Postfix stores a long text
line as multiple records with up to $line_length_limit bytes
each. Unfortunately, Postfix's "replace body" support did not
account for the additional queue file space needed to store the
second etc. record headers. And thus, the last record(s) of a
long text line could overwrite one or more queue file records
immediately after the space that was previously occupied by the
original message body.
Problem report by Benoit Panizzon.
* (problem introduced in Postfix 2.10, released in 2012): The
postconf "-x" option could produce incorrect output, because
multiple functions were implicitly sharing a buffer for
intermediate results. Problem report by raf, root cause analysis
by Viktor Dukhovni.
* (problem introduced in Postfix 2.11, released in 2013): The
check_ccert_access feature worked as expected, but produced a
spurious warning when Postfix was built without SASL support.
Fix by Brad Barden.
* Fix for a compiler warning due to a missing 'const' qualifier
when compiling Postfix with OpenSSL 3. Depending on compiler
settings this could cause the build to fail.
Fixed in Postfix 3.6:
* The known_tcp_ports settings had no effect. It also wasn't fully
implemented. Problem report by Peter.
* Fix for missing space between a hostname and warning text.
Revision 1.198 / (download) - annotate - [select for diffs], Tue Oct 26 10:54:21 2021 UTC (2 years, 1 month ago) by nia
Branch: MAIN
Changes since 1.197: +2 -2
lines
Diff to previous 1.197 (colored)
mail: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes The following distfiles were unfetchable (possibly fetched conditionally?): ./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch
Revision 1.197 / (download) - annotate - [select for diffs], Thu Oct 7 14:25:39 2021 UTC (2 years, 2 months ago) by nia
Branch: MAIN
Changes since 1.196: +1 -2
lines
Diff to previous 1.196 (colored)
mail: Remove SHA1 hashes for distfiles
Revision 1.196 / (download) - annotate - [select for diffs], Sat Aug 14 08:58:20 2021 UTC (2 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base,
pkgsrc-2021Q3
Changes since 1.195: +3 -3
lines
Diff to previous 1.195 (colored)
mail/postfix: add blocklist PKG_OPTIONS and fix build problem * Add blocklist PKG_OPTIONS. * Fix build problem on no blocklist/blacklist supported system. (Reported by Matthias Ferdinand on pkgsrc-users@.) Bump PKGREVISION.
Revision 1.195 / (download) - annotate - [select for diffs], Mon Jul 26 15:38:10 2021 UTC (2 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.194: +10 -6
lines
Diff to previous 1.194 (colored)
mail/postfix: update to 3.6.2
* pkgsrc change: Add supportfor blocklistd(3) (and blacklistd(3)).
* From release annuonce:
Fixed in Postfix 3.6.2, 3.5.12, 3.4.22, 3.3.19:
* In Postfix 3.6, fixed a false "Result too large" (ERANGE) fatal
error in the compatibility_level parser, because there was no
'errno = 0' statement before an strtol() call. In Postfix
3.3-3.5, fixed two older latent bugs of this kind (introduced
in 1999 and in Postfix 2.11). Problem reported by David Bohman.
* (problem introduced in Postfix 3.3) "Null pointer read" error
in the cleanup daemon when "header_from_format = standard" (the
default as of Postfix 3.3), and email was submitted with
/usr/sbin/sendmail without From: header, and an all-space full
name was specified in 1) the password file, 2) with "sendmail
-F", or 3) with the NAME environment variable. Found by Renaud
Metrich.
* (problem introduced in Postfix 2.4) False "too many reverse
jump" warnings in the showq daemon, because loop detection code
was comparing memory addresses instead of queue file names.
Reported by Mehmet Avcioglu.
* (problem introduced in 1999) The Postfix SMTP server was sending
all session transcripts to the error_notice_recipient (default:
postmaster), instead of sending transcripts of bounced mail to
the bounce_notice_recipient (default: postmaster). Reported by
Hans van Zijst.
Fixed in Postfix 3.6.2, 3.5.12, 3.4.22:
* The texthash: map implementation broke tls_server_sni_maps,
because it did not support multi-file inputs. Reported by
Christopher Gurnee, who also found an instance of the missing
code in the "postmap -F" source code. File: util/dict_thash.c.
Revision 1.194 / (download) - annotate - [select for diffs], Mon Jun 14 14:29:47 2021 UTC (2 years, 5 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q2-base,
pkgsrc-2021Q2
Changes since 1.193: +5 -5
lines
Diff to previous 1.193 (colored)
mail/postfix: update to 3.6.1
3.6.1 (2021-06-14)
Fixed in Postfix 3.6.1, 3.5.11, 3.4.21, 3.3.18:
* Bugfix (introduced: Postfix 2.11): the command "postmap
lmdb:/file/name" (create LMDB database from textfile) handled
duplicate input keys ungracefully, discarding entries stored
up to and including the duplicate key, and causing a double
free() call with lmdb versions 0.9.17 and later. Reported by
Adi Prasaja; double free() root cause analysis by Howard Chu.
Fixed in Postfix 3.6.1, 3.5.11, 3.4.21:
* Typo (introduced: Postfix 3.4): silent_discard should be
silent-discard in BDAT_README.
Revision 1.193 / (download) - annotate - [select for diffs], Wed Jun 2 15:29:56 2021 UTC (2 years, 6 months ago) by taca
Branch: MAIN
Changes since 1.192: +6 -7
lines
Diff to previous 1.192 (colored)
mail/postfix: update to 3.6.0
Postfix stable release 3.6.0 is available. This ends the support
for legacy release Postfix 3.2.
The main changes are below. See the RELEASE_NOTES file for further
details.
Incompatible changes:
* This release requires "postfix stop" before updating, or before
backing out to an earlier release, because some internal protocols
have changed. Otherwise, long-running daemons (pickup, qmgr,
verify, tlsproxy, postscreen) may fail to communicate with the
rest of Postfix, causing mail delivery delays until Postfix is
restarted.
* Respectful logging. Postfix version 3.6 deprecates terminology
that implies white is better than black. Instead, Postfix prefers
'allowlist', 'denylist', and variations on those words. This
change affects Postfix documentation, and postscreen parameters
and logging.
To keep the old postscreen logging set "respectful_logging =
no" in main.cf before setting "compatibility_level = 3.6". In
any case, the old postscreen parameter names will keep working
as before.
Other changes:
* The minimum supported OpenSSL version is 1.1.1, which will reach
the end of life by 2023-09-11. Postfix 3.6 is expected to reach
the end of support in 2025. Until then, Postfix will be updated
as needed for compatibility with OpenSSL.
The default fingerprint digest has changed from md5 to sha256
(Postfix 3.6 with compatibility_level >= 3.6). With a lower
compatibility_level setting, Postfix defaults to using md5, and
logs a warning when a Postfix configuration specifies no explicit
digest type.
The export-grade Diffie-Hellman key exchange is no longer
supported, and the tlsproxy_tls_dh512_param_file parameter is
ignored,
* Better error messages when someone configures an incorrect
program in master.cf. To recognize such mistakes, every Postfix
internal service, including the postdrop command, announces the
name of its protocol before doing any other I/O, and every
Postfix client program, including the Postfix sendmail command,
will verify that the protocol name matches what it expects.
* Fine-grained control over the envelope sender address for
submission with the Postfix sendmail (or postdrop) commands.
Example:
/etc/postfix/main.cf:
# Allow root and postfix full control, anyone else can only
# send mail as themselves. Use "uid:" followed by the numerical
# UID when the UID has no entry in the UNIX password file.
local_login_sender_maps =
inline:{ { root = *}, { postfix = * } },
pcre:/etc/postfix/login_senders
/etc/postfix/login_senders:
# Allow both the bare username and the user@domain forms.
/(.+)/ $1 $1@example.com
* Threaded bounces. This allows mail readers to present a
non-delivery, delayed delivery, or successful delivery notification
in the same email thread as the original message.
Unfortunately, this also makes it easy for users to mistakenly
delete the whole email thread (all related messages), instead
of deleting only the delivery status notification.
To enable, specify "enable_threaded_bounces = yes".
* Postfix by default no longer uses the services(5) database to
look up the TCP ports for SMTP and LMTP services. Instead, this
information is configured with the new known_tcp_ports configuration
parameter (default: lmtp=24, smtp=25, smtps=submissions=465,
submission=587). When a service is not specified in known_tcp_ports,
Postfix will still query the services(5) database.
* Starting with Postfix version 3.6, the compatibility level is
"3.6". In future Postfix releases, the compatibility level will
be the Postfix version that introduced the last incompatible
change. The level is formatted as 'major.minor.patch', where
'patch' is usually omitted and defaults to zero. Earlier
compatibility levels are 0, 1 and 2.
This also introduces main.cf and master.cf support for the
<=level, < level, and other operators to compare compatibility
levels. With the standard <=, <, etc. operators, compatibility
level 3.10 would be less than 3.9, which is undesirable.
Revision 1.192 / (download) - annotate - [select for diffs], Mon Apr 26 15:26:08 2021 UTC (2 years, 7 months ago) by triaxx
Branch: MAIN
Changes since 1.191: +5 -5
lines
Diff to previous 1.191 (colored)
postfix: Update to 3.5.10 upstream changes: ----------------- Fixed in 3.5.10: o Missing null pointer checks (introduced in Postfix 3.4) after an internal I/O error during the smtp(8) to tlsproxy(8) handshake. Found by Coverity, reported by Jaroslav Skarvada. Based on a fix by Viktor Dukhovni. o Null pointer bug (introduced in Postfix 3.0) and memory leak (introduced in Postfix 3.4) after an inline: table syntax error in main.cf or master.cf. Found by Coverity, reported by Jaroslav Skarvada. Based on a fix by Viktor Dukhovni. o Incomplete null pointer check (introduced: Postfix 2.10) after truncated HaProxy version 1 handshake message. Found by Coverity, reported by Jaroslav Skarvada. Fix by Viktor Dukhovni. o Missing null pointer check (introduced: Postfix alpha) after null argv[0] value.
Revision 1.191 / (download) - annotate - [select for diffs], Thu Jan 21 16:37:59 2021 UTC (2 years, 10 months ago) by triaxx
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base,
pkgsrc-2021Q1
Changes since 1.190: +6 -6
lines
Diff to previous 1.190 (colored)
postfix: Update to 3.5.9 upstream changes: ----------------- This update improves the reporting of DNSSEC problems that may affect DANE security. DNSSEC support may unavailable because of local configuration, libc incompatibility, or other infrastructure issues. This was backported from Postfix 3.6. Background: DNSSEC validation is needed for Postfix DANE support; this ensures that Postfix receives TLSA records with secure TLS server certificate info. When DNSSEC validation is unavailable, mail deliveries using opportunistic DANE (security level 'dane') will not be protected by server certificate info in TLSA records, and mail deliveries using mandatory DANE (security level 'dane-only') will not be made at all. This update introduces the following behavior: when a process requests DNSSEC support (typically, for Postfix DANE support), the process may now do a runtime test to determine if DNSSEC validation is available. The new dnssec_probe parameter specifies a DNS query type (default: "ns") and DNS query name (default: ".") that Postfix may use to determine whether DNSSEC validation is available. Specify an empty value to disable this feature. When dnssec_probe is enabled, a Postfix process will send a DNSSEC probe after 1) the process made a DNS query that requested DNSSEC validation, 2) the process did not receive a DNSSEC validated response to this query or to an earlier query, and 3) the process did not already send a DNSSEC probe. When the DNSSEC probe has no response, or when the response is not DNSSEC validated, Postfix logs a warning that DNSSEC validation may be unavailable. Examples: warning: DNSSEC validation may be unavailable warning: reason: dnssec_probe 'ns:.' received a response that is not DNSSEC validated warning: reason: dnssec_probe 'ns:.' received no response: Server failure With this update, the Postfix build system will no longer automatically disable DNSSEC support when it determines that Postfix will use libc-musl. This removes the earlier libc-musl workaround introduced with Postfix 3.2.15, 3.3.10, 3.4.12, and 3.5.2.
Revision 1.190 / (download) - annotate - [select for diffs], Sun Nov 22 11:14:44 2020 UTC (3 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base,
pkgsrc-2020Q4
Changes since 1.189: +5 -5
lines
Diff to previous 1.189 (colored)
postfix: updated to 3.5.8 Fixed in Postfix version 3.5.8: [Postfix 3.5 and later] The Postfix SMTP client inserted <CR><LF> into message headers with lines longer than $line_length_limit (default: 2048), causing all subsequent header content to become message body content. Reported by Andreas Weigel. Fixed in Postfix versions 3.5.8, 3.4.18, 3.3.15, 3.2.20: [Postfix 2.8 and later] The postscreen daemon did not save a copy of the postscreen_dnsbl_reply_map lookup result. This has no effect when the recommended texthash: lookup table is used, but it could result in stale data with other lookup tables. [Postfix 2.3 and later] After deleting a recipient with a Milter, the Postfix recipient duplicate filter was not updated; the filter suppressed requests to add the recipient back. Reported by Mehmet Avcioglu. [Postfix 2.3 and later] Memory leak: the static: maps did not free their casefolding buffer. [Postfix 2.2 and later] With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a TLS handshake, after processing an XCLIENT command. Reported by Aki Tuomi. [Postfix 2.0 and later] The smtp_sasl_mechanism_filter implementation ignored table lookup errors, treating them as 'not found'. [Postfix alpha and later] The code that looks for Delivered-To: headers ignored headers longer than $line_length_limit (default: 2048).
Revision 1.189 / (download) - annotate - [select for diffs], Mon Aug 31 13:07:46 2020 UTC (3 years, 3 months ago) by otis
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base,
pkgsrc-2020Q3
Changes since 1.188: +5 -5
lines
Diff to previous 1.188 (colored)
mail/postfix: Update to 3.5.7 Changelog: With "smtp_tls_connection_reuse = yes", tlsproxy(8) was using the wrong global TLS context for connections that use DANE trust anchors or that use non-DANE trust anchors. This resulted in a global certificate verify function pointer race, between TLS handshakes that use trust achors and concurrent TLS handshakes that use PKI. No memory was corrupted in the course of all this. Reference: http://www.postfix.org/announcements/postfix-3.5.7.html
Revision 1.188 / (download) - annotate - [select for diffs], Thu Aug 27 13:57:14 2020 UTC (3 years, 3 months ago) by triaxx
Branch: MAIN
Changes since 1.187: +5 -5
lines
Diff to previous 1.187 (colored)
postfix: Update to 3.5.6 upstream changes: ----------------- Fixed in Postfix versions 3.5.6, 3.4.16, 3.3.14, 3.2.19: * One fix for memory leaks in the Postfix TLS library was back-ported to the wrong place, resulting in undefined program behavior. Fixed in Postfix versions 3.5.6, 3.4.16: * The workaround for allowed TLS protocol versions did not explictly override the system-wide OpenSSL configuration, for sessions where the remote SMTP client sends SNI. It's better to be safe than sorry. Fixed in Postfix versions 3.5.5, 3.4.15, 3.3.13, 3.2.18: * Workaround for unexpected TLS interoperability problems when Postfix runs on OS distributions with system-wide OpenSSL configurations. * Memory leaks in the Postfix TLS library, the largest one involving multiple kBytes per peer certificate.
Revision 1.187 / (download) - annotate - [select for diffs], Tue Jun 30 15:00:45 2020 UTC (3 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.186: +5 -5
lines
Diff to previous 1.186 (colored)
mail/postfix: update to 3.5.4
Update postfix to 3.5.4.
Fixed in Postfix 3.5.4, 3.4.14:
* The connection_reuse attribute in smtp_tls_policy_maps always
resulted in an "invalid attribute name" error. Fix by Thorsten
Habich.
* SMTP over TLS connection reuse always failed for Postfix SMTP
client configurations that specify explicit trust anchors (remote
SMTP server certificates or public keys). Reported by Thorsten
Habich.
Fixed in Postfix versions 3.5.4, 3.4.14, 3.3.12, 3.2.17:
* The Postfix SMTP client's DANE implementation would always send
an SNI option with the name in a destination's MX record, even
if the MX record pointed to a CNAME record. MX records that
point to CNAME records are not conformant with RFC5321, and so
are rare.
Based on the DANE survey of ~2 million hosts it was found that
with the corrected SMTP client behavior, sending SNI with the
CNAME-expanded name, the SMTP server would not send a different
certificate. This fix should therefore be safe.
Revision 1.186 / (download) - annotate - [select for diffs], Mon Jun 15 15:43:32 2020 UTC (3 years, 5 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base,
pkgsrc-2020Q2
Changes since 1.185: +5 -5
lines
Diff to previous 1.185 (colored)
mail/postfix: update to 3.5.3
Update postfix and related pacakges to 3.5.3.
Quote freom release announce.
Postfix 3.5.3, 3.4.13:
* TLS handshake failure in the Postfix SMTP server during SNI
processing, after the server-side TLS engine sent a TLSv1.3
HelloRetryRequest (HRR) to a remote SMTP client. Reported by
J??n M??t??, fixed by Viktor Dukhovni.
Postfix versions 3.5.3, 3.4.13, 3.3.11, 3.2.16:
* The command "postfix tls deploy-server-cert" did not handle a
missing optional argument. This bug was introduced in Postfix
3.1.
Revision 1.185 / (download) - annotate - [select for diffs], Mon May 18 14:21:53 2020 UTC (3 years, 6 months ago) by triaxx
Branch: MAIN
Changes since 1.184: +5 -5
lines
Diff to previous 1.184 (colored)
postfix: update to 3.5.2 upstream changes: ----------------- Postfix versions 3.5.2, 3.4.12, 3.2.10, 3.2.15: * A TLS error for a database client caused a false 'lost connection' error for an SMTP over TLS session in the same Postfix process. Reported by Alexander Vasarab, diagnosed by Viktor Dukhovni. This bug was introduced with Postfix 2.2. * The same bug existed in the tlsproxy(8) daemon, where a TLS error for one TLS session could cause a false 'lost connection' error for a concurrent TLS session in the same process. This bug was introduced with Postfix 2.8. * The Postfix build now disables DANE support on Linux systems with libc-musl, because libc-musl provides no indication whether DNS responses are authentic. This broke DANE support without a clear explanation. * Due to implementation changes in the ICU library, some Postfix daemons reported file access errrors (U_FILE_ACCESS_ERROR) after chroot(). This was fixed by initializing the ICU library before making the chroot() call. * Minor code changes to silence a compiler that special-cases string literals. Postfix 3.5.2, 3.4.12: * Segfault in the tlsproxy(8) client role when the server role was disabled. This typically happened on systems that do not receive mail, after configuring connection reuse for outbound SMTP over TLS. * The date portion of the maillog_file_rotate_suffix default value used the minute (%M) instead of the month (%m). Reported by Larry Stone.
Revision 1.184 / (download) - annotate - [select for diffs], Sun Apr 26 09:33:25 2020 UTC (3 years, 7 months ago) by taca
Branch: MAIN
Changes since 1.183: +6 -6
lines
Diff to previous 1.183 (colored)
mail/postfix: update to 3.5.1
Update postfix to 3.5.1.
3.5.0 (2020-03-16)
Postfix stable release 3.5.0 is available. Support has ended for
legacy release Postfix 3.1.
The main changes are below. See the RELEASE_NOTES file for further details.
* Support for the haproxy v2 protocol. The Postfix implementation
supports TCP over IPv4 and IPv6, as well as non-proxied
connections; the latter are typically used for heartbeat tests.
* Support to force-expire email messages. This introduces new
postsuper(1) command-line options to request expiration, and
additional information in mailq(1) or postqueue(1) output.
* The Postfix SMTP and LMTP client support a list of nexthop
destinations separated by comma or whitespace. These destinations
will be tried in the specified order. Examples:
/etc/postfix/main.cf:
relayhost = foo.example, bar.example
default_transport = smtp:foo.example, bar.example
Incompatible changes:
* Logging: Postfix daemon processes now log the from= and to=
addresses in external (quoted) form in non-debug logging (info,
warning, etc.). This means that when an address localpart
contains spaces or other special characters, the localpart will
be quoted, for example:
from=<"name with spaces"@example.com>
Specify "info_log_address_format = internal" for backwards compatibility.
* Postfix now normalizes IP addresses received with XCLIENT,
XFORWARD, or with the HaProxy protocol, for consistency with
direct connections to Postfix. This may change the appearance
of logging, and the way that check_client_access will match
subnets of an IPv6 address.
3.5.1 (2020-04-20)
Postfix versions 3.5.1, 3.4.11, 3.3.9, 3.2.14:
* Bitrot workaround for broken builds after an incompatible change
in GCC 10.
* Bitrot workaround for broken DANE/DNSSEC support after an
incompatible change in GLIBC 2.31. This change avoids the need
for new options in /etc/resolv.conf.
Revision 1.183 / (download) - annotate - [select for diffs], Tue Feb 11 20:40:27 2020 UTC (3 years, 9 months ago) by triaxx
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base,
pkgsrc-2020Q1
Changes since 1.182: +6 -6
lines
Diff to previous 1.182 (colored)
postfix: update to 3.4.9
upstream changes:
-----------------
Fixed in all supported stable releases:
Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were broken while adding support for negative DNS response caching in postscreen. Postfix was inadvertently changed to call res_query() instead of res_search(). Reported by Jaroslav Skarvada.
Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro overrides from a Milter application. Postfix now evaluates the Milter macros for an SMTP CONNECT event after the Postfix-to-Milter connection is negotiated. Problem reported by David Bürgin.
Bug (introduced: Postfix 3.0): sanitize (remote) server responses before storing them in the verify database, to avoid Postfix warnings about malformed UTF8. Found during code maintenance.
Revision 1.182 / (download) - annotate - [select for diffs], Mon Dec 9 08:45:14 2019 UTC (4 years ago) by triaxx
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base,
pkgsrc-2019Q4
Changes since 1.181: +5 -5
lines
Diff to previous 1.181 (colored)
postfix: update to 3.4.8
upstream changes:
-----------------
Fix for an Exim interoperability problem when postscreen after-220 checks
are enabled. Bug introduced in Postfix 3.4: the code that detected
"PIPELINING after BDAT" looked at the wrong variable. The warning now says
"BDAT without valid RCPT", and the error is no longer treated as a command
PIPELINING error, thus allowing mail to be delivered. Meanwhile, Exim has
been fixed to stop sending BDAT commands when postscreen rejects all RCPT
commands.
Usability bug, introduced in Postfix 3.4: the parser for key/certificate
chain files rejected inputs that contain an EC PARAMETERS object. While
this is technically correct (the documentation says what types are allowed)
this is surprising behavior because the legacy cert/key parameters will
accept such inputs. For now, the parser skips object types that it does not
know about for usability, and logs a warning because ignoring inputs is not
kosher.
Bug introduced in Postfix 2.8: don't gratuitously enable all after-220
tests when only one such test is enabled. This made selective tests
impossible with 'good' clients. This will be fixed in older Postfix
versions at some later time.
Revision 1.181 / (download) - annotate - [select for diffs], Mon Sep 23 20:00:07 2019 UTC (4 years, 2 months ago) by triaxx
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base,
pkgsrc-2019Q3
Changes since 1.180: +5 -5
lines
Diff to previous 1.180 (colored)
postfix: Update to 3.4.7 upstream changes: ----------------- * Robustness: the tlsproxy(8) daemon could go into a loop, logging a flood of error messages. Problem reported by Andreas Schulze after enabling SMTP/TLS connection reuse. * Workaround: OpenSSL changed an SSL_Shutdown() non-error result value into an error result value, causing logfile noise. * Configuration: the new 'TLS fast shutdown' parameter name was implemented incorrectly. The documentation said "tls_fast_shutdown_enable", but the code said "tls_fast_shutdown". This was fixed by changing the code, because no-one is expected to override the default. * Performance: workaround for poor TCP loopback performance on LINUX, where getsockopt(..., TCP_MAXSEG, ...) reports a bogus TCP maximal segment size that is 1/2 to 1/3 of the real MSS. To avoid client-side Nagle delays or server-side delayed ACKs caused by multiple smaller-than-MSS writes, Postfix chooses a VSTREAM buffer size that is a small multiple of the reported bogus MSS. This workaround increases the multiplier from 2x to 4x. * Robustness: the Postfix Dovecot client could segfault (null pointer read) or cause an SMTP server assertion to fail when talking to a fake Dovecot server. The Postfix Dovecot client now logs a proper error instead. Problem reported by Tim Düsterhus.
Revision 1.180 / (download) - annotate - [select for diffs], Wed Jul 17 13:33:00 2019 UTC (4 years, 4 months ago) by triaxx
Branch: MAIN
Changes since 1.179: +7 -7
lines
Diff to previous 1.179 (colored)
postfix: update to 3.4.6
pkgsrc changes:
---------------
* change COMMENT to make pkglint happy (inspired by http://www.postfix.org/)
* update PLIST using make print-PLIST (missing @pkgdir)
upstream changes:
-----------------
20181125
Cleanup: dict_file_to_xxx() takes a list of file names
separated by CHARS_COMMA_SP. Shoe-horned into the existing
API, make it nicer when there is time. File: util/dict_file.c.
20181127
Cleanup: encapsulated clumsy 'read into VSTRING' code with
easier-to-use vstream_fread_buf() and vstream_fread_app()
primitives. Files: global/memcache_proto.c, global/record.c,
global/smtp_stream.c, global/smtp_stream.h, global/uxtext.c,
global/xtext.c, milter/milter8.c, util/dict_file.c,
util/hex_quote.c, util/netstring.c, util/vstream.c,
util/vstream.h. Verified with "make tests".
Cleanup: simplified the smtp_fread() API (introduced for
BDAT support), and changed the name to smtp_fread_buf().
Files: global/smtp_stream.c, smtpd/smtpd.c. Verified with
~megabyte BDAT commands.
Cleanup: simplified a tlsproxy-internal API. File:
tlsproxy/tlsproxy.c.
20181128
Initial support for key/certificate chain files that will
replace the proliferation of separate parameters for
RSA/DSA/ECC/etc. key and certificate files. Viktor
Dukhovni.
20181201
Cleanup: replaced the remaining unsafe VSTRING_AT_OFFSET()
calls with safe vstring_set_payload_size() calls, in code
that directly writes into VSTRING. Files: tls/tls_session.c,
tlsmgr/tlsmgr.c, util/casefold.c, util/vstring.c, util/vstring.h,
xsasl/xsasl_cyrus_client.c.
Cleanup: postscreen_command_time_limit did not need to be
a 'raw' parameter. This makes "postconf -x" behavior more
consistent. Files: global/mail_params.h, postscreen/postscreen.c.
Documentation: added text that the following parameter
values are not subject to Postfix parameter $name expansion:
default_rbl_reply, command_execution_directory, luser_relay,
smtpd_reject_footer. These have their own documented $name
substitution mechanism. File: proto/postconf.proto.
20181202
Bugfix: posttls-finger reported an error for UNIX-domain
connections, even if they did not fail. Found by Coverity.
File: posttls-finger/posttls-finger.c.
20181208
Documentation: add even more redundancy to the rate-delay
description. File: proto/postconf.proto.
20181210
Cleanup: code deduplication. File: util/dict_file.c.
20181226
Cleanup: code deduplication and better encapsulation with
PSC_DEL_CLIENT_STATE() and PSC_DEL_SERVER_STATE() macros.
Files: postscreen/postscreen.h, postscreen/postscreen_state.c.
Documentation: POSTSCREEN_README did not describe the
postscreen_post_queue_limit, and attributed the wrong reject
message to the postscreen_pre_queue_limit. Problem reported
by Michael Orlitzky. File: proto/POSTSCREEN_README.html.
(20181226-nonprod) Compatibility: removed support for OpenSSL
1.0.1 (not supported since December 31, 2016) and earlier
releases. This eliminated a large number of #ifdefs with
bitrot workarounds. Viktor Dukhovni. Files: global/mail_params.h,
posttls-finger/posttls-finger.c, tls/tls.h, tls/tls_certkey.c,
tls/tls_client.c, tls/tls_dane.c, tls/tls_dh.c, tls/tls_misc.c,
tls/tls_proxy_client_scan.c, tls/tls_rsa.c, tls/tls_server.c,
tls/tls_session.c.
(20181226-nonprod) Use the OpenSSL 1.0.2 and later API for
setting ECDHE curves. Viktor Dukhovni. Files: tls/tls.h,
tls/tls_client.c, tls/tls_dh.c.
(20181226-nonprod) Documentation update for TLS support.
Viktor Dukhovni. Files: mantools/postlink, proto/TLS_README.html,
proto/postconf.proto, src/sendmail/sendmail.c, src/smtpd/smtpd.c.
20181229
Explicit maps_file_find() and dict_file_lookup() methods
that decode base64 content. Decoding content is not built
into the dict->lookup() method, because that would complicate
the implementation of map nesting (inline, thash), map
composition (pipemap, unionmap), and map proxying. For
consistency, decoding base64 file content is also not built
into the maps_find() method. Files: util/dict.h.
util/dict_file.c, global/maps.[hc], postmap/postmap.c.
20190106
Documentation: documented the SRC_RHS_IS_FILE flag in
dict_open.c, and updated the -F description in the postmap
manpage. Files: util/dict_open.c, postmap/postmap.c.
(20190106-nonprod) Feature: support for files that combine
multiple (key, certificate, trust chain) instances in one
file, to avoid separate files for RSA, DSA, Elliptic Curve,
and so on. Viktor Dukhovni. Files: .indent.pro,
global/mail_params.h, posttls-finger/posttls-finger.c,
smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp_params.c,
smtp/smtp_proto.c, smtpd/smtpd.c, tls/tls.h, tls/tls_certkey.c,
tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c,
tls/tls_proxy_client_scan.c, tls/tls_proxy_server_print.c,
tls/tls_proxy_server_scan.c, tls/tls_server.c, tlsproxy/tlsproxy.c.
(20190106-nonprod) Create a second, no-key no-cert, SSL_CTX
for use with SNI. Viktor Dukhovni. Files: src/tls/tls.h,
src/tls/tls_client.c, src/tls/tls_misc.c, src/tls/tls_server.c.
(20190106-nonprod) Server-side SNI support. Viktor Dukhovni.
Files: src/global/mail_params.h, src/smtp/smtp.c,
src/smtpd/smtpd.c, src/tls/tls.h, src/tls/tls_certkey.c,
src/tls/tls_misc.c, src/tlsproxy/tlsproxy.c,
(20190106-nonprod) Configurable client-side SNI signal.
Viktor Dukhovni. Files: global/mail_params.h,
posttls-finger/posttls-finger.c, smtp/lmtp_params.c,
smtp/smtp.c, smtp/smtp.h, smtp/smtp_params.c, smtp/smtp_proto.c,
smtp/smtp_tls_policy.c, tls/tls.h, tls/tls_client.c,
tls/tls_proxy.h, tls/tls_proxy_client_print.c,
tls/tls_proxy_client_scan.c.
20190121
Logging: support for internal logging file, without using
syslog (it uses the new postlogd daemon instead). This
solves a usability problem for MacOS, may help getting
around systemd, and solves 99% of the problem for logging
to stdout in a container (hopefully we have 100% soon).
Enable by setting, for example, "maillog_file =
/var/log/postfix.log"). This works fine for daemons, and
with some limitations for non-daemon programs. See
RELEASE_NOTES for more details. Files: conf/master.cf,
conf/post-install, conf/postfix-files, conf/postfix-script,
mantools/postlink, proto/master, proto/postconf.proto,
global/mail_params.c, global/mail_params.h, global/mail_proto.h,
global/maillog_client.c, global/maillog_client.h,
master/dgram_server.c, master/event_server.c, master/mail_server.h,
master/master.c, master/master.h, master/master_ent.c,
master/master_listen.c, master/master_proto.h,
master/master_wakeup.c, master/multi_server.c,
master/single_server.c, master/trigger_server.c,
postalias/postalias.c, postconf/postconf_master.c,
postdrop/postdrop.c, postfix/postfix.c, postkick/postkick.c,
postlog/postlog.c, postlogd/postlogd.c, postmap/postmap.c,
postmulti/postmulti.c, postqueue/postqueue.c,
postsuper/postsuper.c, sendmail/sendmail.c, util/connect.h,
util/listen.h, util/logwriter.c, util/logwriter.h,
util/msg_logger.c, util/msg_logger.h, util/msg_output.c,
util/msg_output.h, util/unix_dgram_connect.c,
util/unix_dgram_listen.c.
Cleanup: cert/key/chain loading, plus unit tests to exercise
non-error and error cases. Viktor Dukhovni. Files: tls/*.pem,
tls*.pem.ref, tls/tls_certkey.c.
20190126
Safety: Postfix programs will log to either syslog or postlog
but not both; and postlogd forwards postlog logging to
syslog, when a configuration change removes the maillog_file
pathname, but some programs still use the old configuration.
Files: util/msg_syslog.[hc], util/msg_logger.c,
global/maillog_client.c, postlogd/postlogd.c,
Bugfix (introduced: Postfix 20110109, Postfix 2.10): watchdog
pipe file descriptor leak. This pipe provides one source
of liveness, data from this pipe is discarded, and therefore
this does not enable privilege escalation or DOS. File:
util/watchdog.c.
Feature: stdout logging support; requires "postfix start-fg"
and "maillog_file = /dev/stdout". Files: master/master.c,
conf/postfix-script.
20190127
Safety: when maillog_file is specified, 'postfix check' now
requires that the postlog service is enabled in master.cf.
Otherwise 'postfix start' etc. will log a fatal error. File:
conf/postfix-script.
Documentation: added policy_context example. File:
proto/SMTPD_POLICY_README.html.
20190128
Testing: run libtls tests under Valgrind. File tls/Makefile.in.
20190129
Safety: require that $maillog_file matches one of the
pathname prefixes specified in $maillog_file_prefixes. The
maillog file is created by root, and the prefixes limit the
damage from a single configuration error. Files:
global/mail_params.[hc], global/maillog_client.c.
20191201
Feature: "postfix logrotate" command with configurable
compression program and datestamp filename suffix. File:
conf/postfix-script.
20190202
Cleanup: log a warning when the client sends a malformed
SNI; log an info message when the client sends a valid SNI
that does not match the SNI lookup tables; update the
FORWARD_SECRECY_README logging examples. Viktor Dukhovni.
Files: proto/FORWARD_SECRECY_README.html, tls/tls.h,
tls/tls_client.c, tls/tls_misc.c.
20190208
Debugging: the master(8) daemon now logs a warning if a
master.cf entry is defined multiple times. File:
src/master/master_conf.c.
20190209
Debugging: tlsproxy(8) now logs more details about unexpected
configuration differences between the Postfix SMTP client
and the tlsproxy(8) daemon.
20190210
Documentation: Postfix 3.4.0 RELEASE NOTES.
Documentation: added BDAT_README.
Documentation: global TLS settings. Files: mantools/postlink,
smtp/smtp.c, tlsproxy/tlsproxy.c.
20190211
Cleanup: removed obsolete parameters: tls_dane_digest_agility,
tls_dane_trust_anchor_digest_enable; removed openssl_path
parameter from configuration difference checks in tlsproxy.
Files: global/mail_params.h, tls/tls_misc.c,
tls/tls_proxy_client_misc.c, tls/tls_proxy_client_print.c,
tls/tls_proxy_client_scan.c, tls/tls_proxy.h.
20190212
Cleanup: missing #ifdef USE_TLS. Files: smtp/smtp_session.c,
posttls-finger/posttls-finger.c.
20190217
Cleanup: when the master daemon runs with PID=1 (init mode),
reap orhpan processes from non-Postfix code running in the
same container, instead of terminating with a panic. File:
master/master_spawn.c.
20190218
Bugfix: tlsproxy did not enable DANE-style PKI because
libtls seems to have to accreted multiple init functions
instead of reusing the tls_client_init() and tls_client_start()
API. And some functions that do initialization don't even
have init in their name! Problem report by Andreas Schulze.
Viktor Dukhovni. Files: tls/tls_misc.c, tlsproxy/tlsproxy.c.
Workaround: Postfix libtls makes DANE-specific changes to
the shared SSL_CTX. To avoid false sharing, tlsproxy needs
to label the SSL_CTX cache with DANE bits until we can
remove the code that modifies SSL_CTX. File: tlsproxy/tlsproxy.c.
Cleanup: Postfix libtls changed the shared SSL_CTX to
override ciphers. instead of changing the SSL handle. To
avoid false sharing in tlsproxy, the changes are now made
to the SSL handle. Viktor Dukhovni. Files: tls/tls.h,
tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c.
20190219
Bugfix: in the Postfix SMTP client, TLS wrappermode was not
tested in tlsproxy mode. It needed some setup for buffering
and timeouts. Problem report by Andreas Schulze. File:
smtp/smtp_proto.c.
20190304
Bugfix: a reversed test broke TLS configurations that specify
the same filename for a private key and certificate. Reported
by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the
test. Files: tls/tls_certkey.c, tls/Makefile.in.
20190310
Bitrot: LINUX5s support, after some sanity checks with a
rawhide prerelease version. Files: makedefs, util/sys_defs.h.
Bugfix (introduced: 20181226): broken DANE trust anchor
file support, caused by left-over debris from the 20181226
TLS library overhaul. By intrigeri. File: tls/tls_dane.c.
Bugfix (introduced: Postfix-1.0.1): null pointer read, while
logging a warning after a corrupted bounce log file. File:
global/bounce_log.c.
Bugfix (introduced: Postfix-2.9.0): null pointer read, while
logging a warning after a postscreen_command_filter read
error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c
20190312
Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
has been producing false rejects starting with the Postfix
2.2 smtpd_end_of_data_restrictons, and for the same reasons,
does the same with the Postfix 3.4 BDAT command. The latter
was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
20190319
With message_size_limit=0 (which is NOT DOCUMENTED), BDAT
chunks were always rejected as too large. File: smtpd/smtpd.c
20190328
Bugfix (introduced: Postfix 3.0): LMTP connections over
UNIX-domain sockets were cached but not reused, due to a
cache lookup key mismatch. Therefore, idle cached connections
could exhaust LMTP server resources, resulting in two-second
pauses between email deliveries. This problem was investigated
by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
20190331
Documentation: tlsext_padding is not a tls_ssl_options
feature. File: proto/postconf.proto.
20190401
Portability: added "#undef sun" to util/unix_dgram_connect.c.
20190403
Bugfix (introduced: Postfix 2.3): a censoring filter broke
multiline Milter responses for header/body events. Problem
report by Andreas Thienemann. Files: util/printable.c,
util/stringops.h, smtpd/smtpd.c
Bugfix (introduced: Postfix 3.3): "smtp_mx_address_limit =
0" no longer meant 'unlimited'. Problem report by Luc Pardon.
File: smtp/smtp_addr.c.
20190615
Documentation: updated the BUGS section in the smtp(8) manpage
about TLS connection reuse. File: smtp/smtp.c.
Workaround for implementations that hang Postfix while
shutting down a TLS session, until Postfix times out. With
"tls_fast_shutdown_enable = yes" (the default), Postfix no
longer waits for the TLS peer to respond to a TLS 'close'
request. This is recommended with TLSv1.0 and later. Files:
global/mail_params.h, tls/tls_session.c, and documentation.
20190621
Bugfix (introduced: Postfix 3.0): the code to reset Postfix
SMTP server command counts was not called after a HaProxy
handshake failure, causing stale numbers to be reported.
The command counts are now reset in the function that reports
the counts. File: smtpd/smtpd.c.
Revision 1.179 / (download) - annotate - [select for diffs], Tue Apr 30 03:41:51 2019 UTC (4 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base,
pkgsrc-2019Q2
Changes since 1.178: +5 -5
lines
Diff to previous 1.178 (colored)
mail/postfix: update to 3.3.3
This announcement concerns fixes for problems that were introduced
with Postfix 3.0 and later. This is the final update for Postfix
3.0.
Fixed in Postfix 3.3 and later:
* When the master daemon runs with PID=1 (init mode), it will now
reap child processes from non-Postfix code running in the same
container, instead of terminating with a panic. Reported by
Tamas Gerczei.
Fixed in Postfix 3.0 and later:
* With smtputf8_enable=yes, table lookups could casefold the
search string when searching a lookup table that does not use
fixed-string keys (regexp, pcre, tcp, etc.).
* With the posttls-finger test program, connections to unix-domain
servers always resulted in "Failed to establish session" even
after a connection was established. Reported by Jaroslav Skarva.
Revision 1.178 / (download) - annotate - [select for diffs], Sat Dec 15 16:35:23 2018 UTC (4 years, 11 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4
Changes since 1.177: +5 -5
lines
Diff to previous 1.177 (colored)
mail/postfix: update to 3.3.2
Changes for all supported stable releases:
* Support for OpenSSL 1.1.1, and support for TLSv1.3-specific
features.
- Updated Postfix TLS documentation examples for TLSv1.3. See
FORWARD_SECRECY_README.
- New TLSv1.3-specific attributes in Postfix logging and in
Postfix "Received:" message headers: key exchange, server
signature, client signature.
- New option to selectively disable TLSv1.3 in *_tls_protocols
settings.
- New server-side support to avoid issuing multiple session
tickets.
- New support to allow OpenSSL >= 1.1.0 run-time micro version
bumps without logging Postfix warnings about library version
mismatches.
Fixed in all stable releases:
* Bugfix: smtpd_discard_ehlo_keywords could not disable "SMTPUTF8",
because some lookup table was using "EHLO_MASK_SMTPUTF8" instead.
* Bugfix: minor memory leak in DANE support when minting issuer
certs. This affects a tiny minority of use cases.
Fixed in Postfix 3.3.2:
* Bugfix: the Postfix build did not abort if the m4 command was
not installed, resulting in a broken postconf command.
Revision 1.177 / (download) - annotate - [select for diffs], Mon May 21 14:49:47 2018 UTC (5 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2
Changes since 1.176: +5 -5
lines
Diff to previous 1.176 (colored)
mail/postfix: update to 3.3.1
[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.3.1.html]
Fixed in Postfix 3.3:
* Postfix did not support running as a PID=1 process, which
complicated Postfix deployment in containers. The "postfix
start-fg" command will now run the Postfix master daemon as a
PID=1 process if possible. Thanks for inputs from Andreas
Schulze, Eray Aslan, and Viktor Dukhovni.
* Segfault in the postconf(1) command after it could not open a
Postfix database configuration file due to a file permission
error (dereferencing a null pointer). Reported by Andreas
Hasenack, fixed by Viktor Dukhovni.
Fixed in Postfix 3.3, 3.2, 3.1, 3.0:
* The luser_relay feature became a black hole, when the luser_relay
parameter was set to a non-existent local address (i.e. mail
disappeared silently). Reported by J?rgen Thomsen.
* Missing error propagation in the tlsproxy(8) daemon could result
in a segfault after TLS handshake error (dereferencing a
0xffff...ffff pointer). This daemon handles the TLS protocol
when a non-whitelisted client sends a STARTTLS command to
postscreen(8).
Revision 1.176 / (download) - annotate - [select for diffs], Wed Mar 21 15:28:45 2018 UTC (5 years, 8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base,
pkgsrc-2018Q1
Changes since 1.175: +5 -5
lines
Diff to previous 1.175 (colored)
mail/postfix: update to 3.3.0
Postfix stable release 3.3.0 is available. This release ends support
for legacy release Postfix 2.11.
The main changes are:
* Dual license: in addition to the historical IBM Public License
1.0, Postfix is now also distributed with the more recent Eclipse
Public License 2.0. Recipients can choose to take the software
under the license of their choice. Those who are more comfortable
with the IPL can continue with that license.
* The postconf command now warns about unknown parameter names
in a Postfix database configuration file. As with other unknown
parameter names, these warnings can help to find typos early.
* Container support: Postfix 3.3 will run in the foreground with
"postfix start-fg". This requires that Postfix multi-instance
support is disabled (the default). To collect Postfix syslog
information on the container's host, mount the host's /dev/log
socket into the container, for example with "docker run -v
/dev/log:/dev/log ...other options...", and specify a distinct
Postfix syslog_name setting in the container (for example with
"postconf syslog_name=the-name-here").
* Milter support: applications can now send RET and ENVID parameters
in SMFIR_CHGFROM (change envelope sender) requests.
* Postfix-generated From: headers with 'full name' information
are now formatted as "From: name <address>" by default. Specify
"header_from_format = obsolete" to get the earlier form "From:
address (name)".
* Interoperability: when Postfix IPv6 and IPv4 support are both
enabled, the Postfix SMTP client will now relax MX preferences
and attempt to schedule similar numbers of IPv4 and IPv6
addresses. This works around mail delivery problems when a
destination announces lots of primary MX addresses on IPv6, but
is reachable only over IPv4 (or vice versa). The new behavior
is controlled with the smtp_balance_mx_inet_protocols parameter.
* Compatibility safety net: with compatibility_level < 1, the
Postfix SMTP server now warns for mail that would be blocked
by the Postfix 2.10 smtpd_relay_restrictions feature, without
blocking that mail. There still is a steady trickle of sites
that upgrade from an earlier Postfix version.
Revision 1.175 / (download) - annotate - [select for diffs], Sun Feb 25 12:27:49 2018 UTC (5 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.174: +6 -6
lines
Diff to previous 1.174 (colored)
mail/postfix: update to 3.2.5
Update mail/postfix to 3.2.5.
[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.2.4.html]
This announcement concerns fixes for problems that were introduced
with Postfix 3.0 and later. Older supported releases are unaffected.
Fixed in Postfix 3.1 and later:
* DANE interoperability. Postfix builds with OpenSSL 1.0.0 or
1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS
records associated with an intermediate CA certificate. Problem
report and initial fix by Erwan Legrand.
Fixed in Postfix 3.0 and later:
* Missing dynamicmaps support in the Postfix sendmail command.
This broke authorized_submit_users settings that use a
dynamically-loaded map type. Problem reported by Ulrich Zehl.
Revision 1.174 / (download) - annotate - [select for diffs], Sat Dec 9 02:34:48 2017 UTC (6 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base,
pkgsrc-2017Q4
Changes since 1.173: +5 -5
lines
Diff to previous 1.173 (colored)
mail/postfix: Update to 3.2.4
[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.2.4.html]
This announcement concerns fixes for problems that were introduced
with Postfix 3.0 and later. Older supported releases are unaffected.
Fixed in Postfix 3.1 and later:
* DANE interoperability. Postfix builds with OpenSSL 1.0.0 or
1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS
records associated with an intermediate CA certificate. Problem
report and initial fix by Erwan Legrand.
Fixed in Postfix 3.0 and later:
* Missing dynamicmaps support in the Postfix sendmail command.
This broke authorized_submit_users settings that use a
dynamically-loaded map type. Problem reported by Ulrich Zehl.
Revision 1.173 / (download) - annotate - [select for diffs], Fri Oct 13 17:13:19 2017 UTC (6 years, 1 month ago) by taca
Branch: MAIN
Changes since 1.172: +5 -5
lines
Diff to previous 1.172 (colored)
pkgsrc/mail: Update to 3.2.3 [An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.2.3.html] This announcement concerns fixes for problems that were introduced with Postfix 3.2. Older releases are unaffected. Fixed in Postfix 3.2 and later: * Extension propagation was broken with "recipient_delimiter = .". This change reverts a change that was trying to be too clever. * The postqueue command would abort with a panic message after it experienced an output write error while listing the mail queue. This change restores a write error check that was lost with the Postfix 3.2 rewrite of the vbuf_print formatter. * Restored sanity checks for dynamically-specified width and precision in format strings (%*, %.*, and %*.*). These checks were lost with the Postfix 3.2 rewrite of the vbuf_print formatter.
Revision 1.172 / (download) - annotate - [select for diffs], Fri Jun 23 19:18:07 2017 UTC (6 years, 5 months ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base,
pkgsrc-2017Q3,
pkgsrc-2017Q2-base,
pkgsrc-2017Q2
Changes since 1.171: +3 -3
lines
Diff to previous 1.171 (colored)
Make NetBSD support version agnostic. Checks are against __NetBSD__Version__ anyway. Fixes NetBSD 8.99.1 build
Revision 1.171 / (download) - annotate - [select for diffs], Sat Jun 17 08:02:22 2017 UTC (6 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.170: +6 -6
lines
Diff to previous 1.170 (colored)
Update postfix to 3.2.2.
pkgsrc change: Add support for NetBSD 8.
This announcement (June 13, 2017) includes changes that were released
with an earlier update (June 10, 2017). The announcement was postponed
to avoid confusion due to repeated notification.
Fixed in all supported releases:
* Security: Berkeley DB versions 2 and later try to read settings
from a file DB_CONFIG in the current directory. This undocumented
feature may introduce undisclosed vulnerabilities resulting in
privilege escalation with Postfix set-gid programs (postdrop,
postqueue) before they chdir to the Postfix queue directory,
and with the postmap and postalias commands depending on whether
the user's current directory is writable by other users. This
fix does not change Postfix behavior for Berkeley DB versions
< 3, but it does reduce postmap and postalias 'create' performance
with Berkeley DB versions 3.0 .. 4.6.
Fixed in Postfix 3.2 and later:
* The SMTP server receive_override_options were not restored at
the end of an SMTP session, after the options were modified by
an smtpd_milter_maps setting of "DISABLE". Milter support
remained disabled for the life time of the smtpd process.
* After the Postfix 3.2 address/domain table lookup overhaul, the
check_sender_access and check_recipient_access features ignored
a non-default parent_domain_matches_subdomains setting.
Revision 1.170 / (download) - annotate - [select for diffs], Mon Apr 24 20:11:40 2017 UTC (6 years, 7 months ago) by fhajny
Branch: MAIN
Changes since 1.169: +6 -6
lines
Diff to previous 1.169 (colored)
Update mail/postfix to 3.2.0.
- Elliptic curve negotiation with OpenSSL >= 1.0.2. This changes the
default smtpd_tls_eecdh_grade setting to "auto", and introduces a
new parameter tls_eecdh_auto_curves with the names of curves that may
be negotiated.
- Stored-procedure support for MySQL databases.
- Cidr: table support for if/endif and negation (by prepending ! to a
pattern), just like regexp: and pcre: tables. See the cidr_table(5)
manpage for details.
- The postmap command and the inline: and texthash: maps now support
spaces in left-hand field of lookup table source text. Use double
quotes (") around a left-hand field that contains spaces, and use
backslash (\) to protect quotes in a left-hand field.
- Support for per-client Milter configuration (smtpd_milter_maps) that
overrides the main.cf smtpd_milters setting, and that has the same
syntax. A lookup result of "DISABLE" turns off Milter support for that
client.
- The local SMTP server IP address and port are available in the
policy delegation protocol (attribute names: server_address,
server_port), in the Milter protocol (macro names: {daemon_addr},
{daemon_port}), and in the XCLIENT protocol (attribute names:
DESTADDR, DESTPORT).
- For safety reasons, the Postfix sendmail -C option must specify an
authorized directory: the default configuration directory, a
directory that is listed in the default main.cf file with
alternate_config_directories or multi_instance_directories, otherwise
the command must be invoked with root privileges. This mitigates a
recurring "jail break" problem with the PHP mail() function.
- "PASS" and "STRIP" actions in header/body_checks. "STRIP" is similar
to "IGNORE" but also logs the action, and "PASS" disables header,
body, and Milter inspection for the remainder of the message content.
- The collate.pl script by Viktor Dukhovni for grouping Postfix
logfile records into "sessions" based on queue ID and process ID
information, in the auxiliary/collate directory of the Postfix source
tree.
Disabled or removed behavior:
- SMTPUTF8 support: Postfix 3.2 disables the 'transitional'
compatibility between the IDNA2003 and IDNA2008 standards for
internationalized domain names (domain names beyond the limits of
US-ASCII). This makes Postfix behavior consistent with contemporary
web browsers.
- Postfix 3.2 removes tentative features that were implemented before
the DANE spec was finalized: support for certificate usage
PKIX-EE(1), the ability to disable digest agility, and the ability to
disable support for "TLSA 2 [01] [12]" records that specify the digest
of a trust anchor.
Revision 1.168.2.1 / (download) - annotate - [select for diffs], Sun Apr 23 09:53:05 2017 UTC (6 years, 7 months ago) by bsiegert
Branch: pkgsrc-2017Q1
Changes since 1.168: +3 -3
lines
Diff to previous 1.168 (colored) next main 1.169 (colored)
Pullup ticket #5267 - requested by sevan
mail/postfix: build fix
Revisions pulled up:
- mail/postfix/Makefile 1.294
- mail/postfix/distinfo 1.169
- mail/postfix/patches/patch-aa 1.25
- mail/postfix/patches/patch-ai 1.38
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Apr 11 09:33:30 UTC 2017
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
pkgsrc/mail/postfix/patches: patch-aa patch-ai
Log Message:
Fix installation on Darwin:
LD_LIBRARY_PATH is not propagated when set with env, e.g.:
env LD_LIBRARY_PATH=path/to/lib ./script.sh
will not work (other variable names work correctly).
Revision 1.169 / (download) - annotate - [select for diffs], Tue Apr 11 09:33:30 2017 UTC (6 years, 8 months ago) by adam
Branch: MAIN
Changes since 1.168: +3 -3
lines
Diff to previous 1.168 (colored)
Fix installation on Darwin: LD_LIBRARY_PATH is not propagated when set with env, e.g.: env LD_LIBRARY_PATH=path/to/lib ./script.sh will not work (other variable names work correctly).
Revision 1.168 / (download) - annotate - [select for diffs], Sat Mar 4 06:26:24 2017 UTC (6 years, 9 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base
Branch point for: pkgsrc-2017Q1
Changes since 1.167: +5 -5
lines
Diff to previous 1.167 (colored)
Update postfix to 3.1.4.
Postfix stable release 3.1.4 is available, as well as legacy releases
3.0.8 and 2.11.9. There will be no further updates for Postfix 2.10.
Fixed with Postfix 3.1.4, 3.0.8, and 2.11.9:
* The postscreen daemon did not merge the client test status
information for concurrent sessions from the same IP address.
Thus, after one session recorded its successful tests in the
postscreen cache, a concurrent session from that same IP address
that passed fewer tests could later "wipe out" some of that
progress in the postscreen cache. The fix has proven itself for
five months in the development release, and should be safe to
use in the stable releases.
* The Postfix SMTP server falsely rejected a sender address when
validating a sender address with "smtpd_reject_unlisted_recipient
= yes" or with "reject_unlisted_sender". Cause: the address
validation code did not query sender_canonical_maps.
* The virtual delivery agent did not detect failure to skip to
the end of a mailbox file, so that mail would be delivered to
the beginning of the file. This could happen when a mailbox
file was already larger than the virtual mailbox size limit.
* The postsuper command logged an incorrect rename operation count
after creating a missing directory.
Fixed with Postfix 3.1.4 and 3.0.8:
* The Postfix SMTP server falsely rejected mail when a sender-dependent
"error" transport was configured. Cause: the SMTP server address
validation code was not updated when the
sender_dependent_default_transport_maps feature was introduced.
The fix has proven itself for six months in the development
release, and should be safe to use in the stable releases.
Unfortunately, Postfix 2.11 is too different to benefit from
the same fix.
* The Postfix SMTP server falsely rejected an SMTPUTF8 sender
address, when "smtpd_delay_reject = no".
Fixed with Postfix 3.1.4:
* The "postfix tls deploy-server-cert" command used the wrong
certificate and key file. This was caused by a cut-and-paste
error in the postfix-tls-script file.
Revision 1.167 / (download) - annotate - [select for diffs], Fri Nov 4 17:10:10 2016 UTC (7 years, 1 month ago) by sevan
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base,
pkgsrc-2016Q4
Changes since 1.166: +3 -3
lines
Diff to previous 1.166 (colored)
Add support for FreeBSD 11 & 12 via FreeBSD ports.
Revision 1.166 / (download) - annotate - [select for diffs], Mon Oct 31 04:19:07 2016 UTC (7 years, 1 month ago) by maya
Branch: MAIN
Changes since 1.165: +2 -2
lines
Diff to previous 1.165 (colored)
postfix: use pkgconfig instead of icu-config to find icu cflags and ldflags. should help PR pkg/51354: mail/postfix eai option does not work because of test in makedef. bump PKGREVISION
Revision 1.165 / (download) - annotate - [select for diffs], Sun Oct 9 12:28:19 2016 UTC (7 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.164: +5 -5
lines
Diff to previous 1.164 (colored)
Update postfix to 3.1.3.
Fixed with Postfix 3.1.3 and 3.0.7:
* The Postfix SMTP server did not reset a previous session's
failed/total command counts before rejecting a client that
exceeds request or concurrency rates. This resulted in incorrect
failed/total command counts being logged at the end of the
rejected session.
* The unionmap multi-table interface did not propagate table
lookup errors, resulting in false "user unknown" responses.
* The documentation was updated with a workaround for false "not
found" errors with MySQL map queries that contain UTF8-encoded
text. The workaround is to specify "option_group = client" in
Postfix MySQL configuration files. This will be the default
setting with Postfix 3.2 and later.
Revision 1.164 / (download) - annotate - [select for diffs], Sun Sep 18 17:10:28 2016 UTC (7 years, 2 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base,
pkgsrc-2016Q3
Changes since 1.163: +6 -6
lines
Diff to previous 1.163 (colored)
Update postfix to 3.1.2.
3.1.0
The main changes in no particular order are:
* "postfix tls" command to simplify setup of opportunistic TLS,
and to simplify SMTP server key/certificate management.
* Positive and negative DNS reply TTL support in postscreen(8).
* SASL AUTH rate limit in the Postfix SMTP server.
* A safety limit on the number of address verify requests.
* JSON-format Postfix queue listing.
* Destination-independent delivery rate delay
For details, see the RELEASE_NOTES file.
3.1.1
Fixed in all supported releases:
* The Milter "replace sender" (SMFIR_CHGFROM) request lost an
address that was added with sender_bcc_maps, resulting in a
"rcpt count mismatch" warning. Reported by Joerg Backschues.
This defect was introduced with Postfix 2.6.
* The "bad filetype" example in the header_checks(5) manpage
falsely rejected Content- headers with ``name="example";
x-apple-part-url="example.com"''. Reported by Cedric Knight.
This defect was introduced with Postfix 2.6.
3.1.2
Fixed with Postfix 3.1.2:
* Changes to make Postfix build with OpenSSL 1.1.0.
Fixed with Postfix 3.1.2 and 3.0.6:
* The makedefs script ignored readme_directory=pathname overrides.
Fix by Todd C. Olson.
* The tls_session_ticket_cipher documentation says that the default
cipher for TLS session tickets is aes-256-cbc, but the implemented
default was aes-128-cbc. Note that TLS session ticket keys are
rotated after 1/2 hour, to limit the impact of attacks on session
ticket keys.
Revision 1.163 / (download) - annotate - [select for diffs], Wed Mar 23 12:55:18 2016 UTC (7 years, 8 months ago) by gdt
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base,
pkgsrc-2016Q2,
pkgsrc-2016Q1-base,
pkgsrc-2016Q1
Changes since 1.162: +2 -2
lines
Diff to previous 1.162 (colored)
Fix netbsd-5 build by defining shlib methods Very surprisingly, postfix's build hard-codes shared library behavior in a giant case statement not only per OS but per version, essentially open-coding libtool while not being complete. This commit copies the netbsd-6 flags to netbsd-5, as a minimal change during the freeze to let this build on netbsd-5 (where it then works fine).
Revision 1.162 / (download) - annotate - [select for diffs], Tue Nov 3 23:27:17 2015 UTC (8 years, 1 month ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base,
pkgsrc-2015Q4
Changes since 1.161: +2 -1
lines
Diff to previous 1.161 (colored)
Add SHA512 digests for distfiles for mail category Problems found locating distfiles: Package mutt: missing distfile patch-1.5.24.rr.compressed.gz Package p5-Email-Valid: missing distfile Email-Valid-1.198.tar.gz Package pine: missing distfile fancy.patch.gz Package postgrey: missing distfile targrey-0.31-postgrey-1.34.patch Package qmail: missing distfile badrcptto.patch Package qmail: missing distfile outgoingip.patch Package qmail: missing distfile qmail-1.03-realrcptto-2006.12.10.patch Package qmail: missing distfile qmail-smtpd-viruscan-1.3.patch Package thunderbird24: missing distfile enigmail-1.7.2.tar.gz Package thunderbird31: missing distfile enigmail-1.7.2.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
Revision 1.161 / (download) - annotate - [select for diffs], Mon Sep 7 09:47:01 2015 UTC (8 years, 3 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base,
pkgsrc-2015Q3
Changes since 1.160: +7 -7
lines
Diff to previous 1.160 (colored)
Update mail/postfix to 3.0.2.
Database and regexp map functionality is now split into separate packages:
- postfix-cdb
- postfix-ldap
- postfix-lmdb
- postfix-mysql
- postfix-pcre
- postfix-pgsql
- postfix-sqlite
Upstream changelog follows.
Postfix 3.0.2
-------------
No delta against 2.11.6.
Postfix 3.0.1
-------------
- Build error when compiling the Postfix SMTP server with SASL support
but no TLS support.
- The DNS "resource record to text" converter, used for xxx_dns_reply_filter
pattern matching, appended a '.' to TXT record resource values.
- The postscreen(8) manpage specified an incorrect Postfix version number
for the postscreen_dnsbl_timeout parameter.
- The postfix-install script expanded macros in parameter values when
trying to detect parameter overrides, causing unnecessary main.cf updates
during "postfix start" etc.
- Some low-level cleanup of UTF-8 string handling with no visible change
in behavior (besides better performance).
Postfix 3.0.0
-------------
- SMTPUTF8 support for internationalized domain names and address
localparts as defined in RFC 6530 and related documents.
- Support for Postfix dynamically-linked libraries and database plugins.
- An OPT-IN safety net for the selective adoption of new Postfix default
settings. If you do nothing, the old Postfix default settings *should*
remain in effect (complain to your downstream maintainer if that is not
the case).
- Support for operations on multiple lookup tables. The
pipemap:{map1,map2...} database type implements a pipeline of lookup
tables where the result from one lookup table becomes a query for
the next table; the unionmap:{map1,map2,...} database type sends the
Revision 1.159.2.1 / (download) - annotate - [select for diffs], Wed Jul 22 20:16:12 2015 UTC (8 years, 4 months ago) by tron
Branch: pkgsrc-2015Q2
Changes since 1.159: +5 -5
lines
Diff to previous 1.159 (colored) next main 1.160 (colored)
Pullup ticket #4780 - requested by taca mail/postfix: security update Revisions pulled up: - mail/postfix/Makefile 1.284 - mail/postfix/distinfo 1.160 - mail/postfix/patches/patch-ai 1.33 --- Module Name: pkgsrc Committed By: taca Date: Wed Jul 22 00:25:37 UTC 2015 Modified Files: pkgsrc/mail/postfix: Makefile distinfo pkgsrc/mail/postfix/patches: patch-ai Log Message: Update postfix to 2.11.6, security release. With all supported Postfix releases, the default settings have been updated so that they no longer enable export-grade ciphers, and no longer enable the SSLv2 and SSLv3 protocols. These ciphers and protocols have little if any legitimate use today, and have instead become a vehicle for downgrade attacks. There are no other code changes. Postfix documentation has been updated to reflect the new default settings and their rationale; the RELEASE_NOTES give suggestions for how to enable the old ciphers and protocols if your infrastructure requires them. Finally, abandoning deprecated ciphers and protocols does not really improve TLS security without measures to better authenticate remote servers. Secure DNS and TLSA are steps in that direction.
Revision 1.160 / (download) - annotate - [select for diffs], Wed Jul 22 00:25:37 2015 UTC (8 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.159: +5 -5
lines
Diff to previous 1.159 (colored)
Update postfix to 2.11.6, security release. With all supported Postfix releases, the default settings have been updated so that they no longer enable export-grade ciphers, and no longer enable the SSLv2 and SSLv3 protocols. These ciphers and protocols have little if any legitimate use today, and have instead become a vehicle for downgrade attacks. There are no other code changes. Postfix documentation has been updated to reflect the new default settings and their rationale; the RELEASE_NOTES give suggestions for how to enable the old ciphers and protocols if your infrastructure requires them. Finally, abandoning deprecated ciphers and protocols does not really improve TLS security without measures to better authenticate remote servers. Secure DNS and TLSA are steps in that direction.
Revision 1.159 / (download) - annotate - [select for diffs], Sun Apr 19 15:32:48 2015 UTC (8 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base
Branch point for: pkgsrc-2015Q2
Changes since 1.158: +4 -4
lines
Diff to previous 1.158 (colored)
Update postfix to 2.11.5.
Fixed in Postfix 3.0 and 2.11:
* Preparation for OpenSSL 1.2 API changes.
Fixed in all supported releases:
* The sender_dependent_relayhost_maps feature ignored the relayhost
setting in the case of a DUNNO lookup result. It would use the
recipient domain instead.
Revision 1.158 / (download) - annotate - [select for diffs], Tue Feb 10 14:20:42 2015 UTC (8 years, 10 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base,
pkgsrc-2015Q1
Changes since 1.157: +4 -4
lines
Diff to previous 1.157 (colored)
Update postfix to 2.11.4. Postfix 2.11.4 only: * Fix a core dump when smtp_policy_maps specifies an invalid TLS level. * Fix a missing " in \%s\", in postconf(1) fatal error messages, which violated the C language spec. Reported by Iain Hibbert. All supported releases: * Stop excessive recursion in the cleanup server while recovering from a virtual alias expansion loop. Problem found at Two Sigma. * Stop exponential memory allocation with virtual alias expansion loops. This came to light after fixing the previous problem.
Revision 1.157 / (download) - annotate - [select for diffs], Tue Oct 21 13:06:12 2014 UTC (9 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base,
pkgsrc-2014Q4
Changes since 1.156: +4 -4
lines
Diff to previous 1.156 (colored)
Update postfix to 2.11.3.
Bugfix for Postfix 2.11, 2.10, 2.9 and 2.8:
* Fix for configurations that prepend message headers with Postfix
access maps, policy servers or Milter applications. Postfix now
hides its own Received: header from Milters and exposes prepended
headers to Milters, regardless of the mechanism used to prepend
a header. This fix reverts a partial solution that was released
on October 13, 2014, and replaces it with a complete solution.
Portability fix for Postfix 2.11:
* Portability fix for MacOS X 10.7.x (Darwin 11.x) build procedure.
Revision 1.156 / (download) - annotate - [select for diffs], Tue Oct 14 13:45:22 2014 UTC (9 years, 1 month ago) by taca
Branch: MAIN
Changes since 1.155: +4 -4
lines
Diff to previous 1.155 (colored)
Update postfix to 2.11.2.
Bugfixes for Postfix 2.11, 2.10, 2.9 and 2.8:
* Fix for DMARC implementations based on SPF policy plus DKIM
Milter. The PREPEND access/policy action added headers ABOVE
Postfix's own Received: header, exposing Postfix's own Received:
header to Milters (protocol violation) and hiding the PREPENDed
header from Milters. PREPENDed headers are now added BELOW
Postfix's own Received: header and remain visible to Milters.
* The Postfix SMTP server logged an incorrect client name in
reject messages for check_reverse_client_hostname_access and
check_reverse_client_hostname_{mx,ns}_access. They replied with
the verified client name, instead of the name that was rejected.
* The qmqpd daemon crashed with null pointer bug when logging a
lost connection while not in a mail transaction.
Revision 1.155 / (download) - annotate - [select for diffs], Mon Aug 25 16:00:54 2014 UTC (9 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base,
pkgsrc-2014Q3
Changes since 1.154: +3 -3
lines
Diff to previous 1.154 (colored)
Fix build on NetBSD 7.*.
Revision 1.154 / (download) - annotate - [select for diffs], Sun May 11 09:54:54 2014 UTC (9 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base,
pkgsrc-2014Q2
Changes since 1.153: +4 -4
lines
Diff to previous 1.153 (colored)
Update postfix to 2.11.1.
Bugfixes (fixed in Postfix 2.11 and Postfix 2.12):
* With connection caching enabled (the default), recipients could
be given to the wrong mail server. The root cause was an incorrect
predicate. Due to this, the Postfix SMTP client could under
rare conditions save and restore plaintext connections that
should not be cached, under a fixed lookup key that did not
distinguish by destination. Problem reported by Sahil Tandon.
* Enforce TLS when TLSA records exist, but all are unusable.
* Don't leak memory when TLSA records exist, but all are unusable.
Workarounds:
* Prepend "-I. -I../../include" to the compiler command-line
options, to avoid name clashes with non-Postfix header files.
Documentation cleanup:
* Corrected postconf(1) manpage for missing version attribution
and incorrect "author" formatting.
* The documentation for Postfix > 2.8 TLS activity logging was
incorrect. Loglevel 0 produces no logging. Instead, information
is logged only with loglevel 1 or higher.
Logging cleanup:
* The TLS client logged that an "Untrusted" TLS connection was
established instead of "Anonymous".
* For consistency, TLS policy lookup errors are now logged as
warnings.
Revision 1.153 / (download) - annotate - [select for diffs], Sun Feb 9 05:34:13 2014 UTC (9 years, 10 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base,
pkgsrc-2014Q1
Changes since 1.152: +8 -8
lines
Diff to previous 1.152 (colored)
Update postfix to 2.11.0. Quote from release announce:
The main changes in no particular order are:
* Support for PKI-less TLS server certificate verification with
DANE (DNS-based Authentication of Named Entities) where the CA
public key or the server certificate is identified via DNSSEC
lookup. This requires a DNS resolver that validates DNSSEC
replies. The problem with conventional PKI is that there are
literally hundreds of organizations world-wide that can provide
a certificate in anyone's name. DANE limits trust to the people
who control the target DNS zone and its parent zones.
* Support for LMDB databases. Originally developed as part of
OpenLDAP, LMDB is the first persistent Postfix database that
can be shared among multiple writers such as postscreen daemons
(Postfix already supported shared non-persistent memcached
caches). Postfix currently requires LMDB version 0.9.11 or
later. See LMDB_README for details and limitations.
* A new postscreen_dnsbl_whitelist_threshold feature to allow
clients to skip postscreen tests based on their DNSBL score.
This can eliminate email delays due to "after 220 greeting"
protocol tests, which otherwise require that a client reconnects
before it can deliver mail. Some providers such as Google don't
retry from the same IP address, and that can result in large
email delivery delays.
* The recipient_delimiter feature now supports different delimiters,
for example both "+" and "-". As before, this implementation
recognizes exactly one delimiter character per email address,
and exactly one address extension per email address.
* Advanced master.cf query/update support to access service
attributes as "name = value" pairs. For example to turn off
chroot on all services use "postconf -F '*/*/chroot = n'", and
to change/add a "-o name=value" setting use "postconf -P
smtp/inet/name = value". This was developed primarily to allow
automated tools to manage Postfix systems without having to
parse Postfix configuration files.
Revision 1.152 / (download) - annotate - [select for diffs], Thu Jan 16 15:56:58 2014 UTC (9 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.151: +4 -4
lines
Diff to previous 1.151 (colored)
Update postfix to 2.10.3.
Postfix 2.10.3, 2.9.9, and 2.8.17:
* Future proofing against OpenSSL library API changes. When support
for a bug workaround is removed from OpenSSL, the corresponding
named bit in tls_disable_workarounds will be ignored instead
of causing existing Postfix configurations to fail.
All supported releases:
* Future proofing against PCRE library API changes that introduce
the pcre_free_study() function.
* The postconf '-#' option reset prior options instead of adding
to them.
* Correct an error in MULTI_INSTANCE_README Makefile example.
* Correct an error in SASL_README PostgreSQL example.
* Correct a malformed error message in conf/post-install.
Revision 1.151 / (download) - annotate - [select for diffs], Mon Sep 30 15:21:15 2013 UTC (10 years, 2 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base,
pkgsrc-2013Q4
Changes since 1.150: +5 -5
lines
Diff to previous 1.150 (colored)
Update postfix package to 2.10.2. Here is brief changes.
2.10.2
* TLS Interoperability workaround: turn on SHA-2 digests by force. This
improves interoperability with clients and servers that deploy SHA-2 digests
without the required support for TLSv1.2-style digest negotiation.
* TLS Performance workaround: the Postfix SMTP server TLS session cache had
become ineffective because recent OpenSSL versions enable session tickets by
default, resulting in a different ticket encryption key for each smtpd(8)
process. The workaround turns off session tickets. Postfix 2.11 will enable
session tickets properly.
* TLS Interoperability workaround: Debian Exim versions before 4.80-3 may fail
to communicate with Postfix and possibly other MTAs, with the following Exim
SMTP client error message:
TLS error on connection to server-name [server-address]
(gnutls_handshake): The Diffie-Hellman prime sent by the server is not
acceptable (not long enough)
See the RELEASE_NOTES file for a Postfix SMTP server configuration
workaround.
* Bugfix (defect introduced: 1997): memory leak while forwarding mail with the
local(8) delivery agent, in code that handles a cleanup(8) server error.
2.10.1
* Workaround: down-stream maintainers fail to install the new
smtpd_relay_restrictions safety net, causing breakage that could have been
avoided. We now hard-code the safety net instead.
2.10.0
* Separation of relay policy (with smtpd_relay_restrictions) from spam policy
(with smtpd_{client, helo, sender, recipient}_restrictions), which makes
accidental open relay configuration less likely. The default is backwards
compatible.
* HAproxy load-balancer support for postscreen(8) and smtpd(8). The nginx
proxy was already supported by Postfix 2.9 smtpd(8), using XCLIENT commands.
* Support for the TLSv1 and TLSv2 protocols, as well as support to turn them
off if needed for inter-operability.
* Laptop-friendly configuration. By default, Postfix now uses UNIX-domain
sockets instead of FIFOs, and thus avoids MTIME file system updates on an
idle mail system.
* Revised postconf(1) command. The "-x" option expands $name in a parameter
value (both main.cf and master.cf); the "-o name=value" option overrides a
main.cf parameter setting; and postconf(1) now warns about a $name that has
no name=value setting.
* Sendmail-style "socketmap" lookup tables.
Revision 1.150 / (download) - annotate - [select for diffs], Fri Sep 6 14:08:18 2013 UTC (10 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base,
pkgsrc-2013Q3
Changes since 1.149: +6 -6
lines
Diff to previous 1.149 (colored)
Update postfix to 2.9.8.
Changes:
2.9.8
* TLS Interoperability workaround: turn on SHA-2 digests by force.
This improves interoperability with clients and servers that
deploy SHA-2 digests without the required support for TLSv1.2-style
digest negotiation.
* TLS Performance workaround: the Postfix SMTP server TLS session
cache had become ineffective because recent OpenSSL versions
enable session tickets by default, resulting in a different
ticket encryption key for each smtpd(8) process. The workaround
turns off session tickets. Postfix 2.11 will enable session
tickets properly.
* TLS Interoperability workaround: Debian Exim versions before
4.80-3 may fail to communicate with Postfix and possibly other
MTAs, with the following Exim SMTP client error message:
TLS error on connection to server-name [server-address]
(gnutls_handshake): The Diffie-Hellman prime sent by the
server is not acceptable (not long enough)
See the RELEASE_NOTES file for a Postfix SMTP server configuration
workaround.
* Bugfix (defect introduced: 1997): memory leak while forwarding
mail with the local(8) delivery agent, in code that handles a
cleanup(8) server error.
2.9.7
* Bugfix (introduced: Postfix 2.0): when myhostname is not listed in
mydestination, the trivial-rewrite resolver may log "do not list in both
mydestination and ". The fix is to re-resolve a domain-less address after
adding $myhostname as the surrogate domain, so that it pops out with the
right address-class label. Reported by Quanah Gibson-Mount.
* Bugfix (introduced: Postfix 2.3): don't reuse TCP connections when
smtp_tls_policy_maps is specified. TLS policies may depend on the remote
destination, but the Postfix <2.11 SMTP connection cache client does not
distinguish between different destinations that resolve to the same IP
address. Victor Duchovni. Found during Postfix 2.11 code maintenance.
* Bugfix (introduced: Postfix 2.2): don't reuse TCP connections when SASL
authentication is enabled. SASL passwords may depend on the remote SMTP
server hostname, but the Postfix <2.11 SMTP connection cache client does not
distinguish between different hostnames that resolve to the same IP
address. Found during Postfix 2.11 code maintenance.
Revision 1.149 / (download) - annotate - [select for diffs], Tue Feb 26 19:56:18 2013 UTC (10 years, 9 months ago) by garbled
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base,
pkgsrc-2013Q2,
pkgsrc-2013Q1-base,
pkgsrc-2013Q1
Changes since 1.148: +2 -1
lines
Diff to previous 1.148 (colored)
Add fix from PR44656 to fix sig6 in postfix/smtp when compiled with any type of DB support (like mysql, postgres, etc). Also fixes PR43637 Tested by me.
Revision 1.148 / (download) - annotate - [select for diffs], Wed Feb 13 14:31:31 2013 UTC (10 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.147: +5 -5
lines
Diff to previous 1.147 (colored)
Update Postfix to 2.9.6. Changes from 2.8.14 are too many to write here, please refer RELEASE_NOTES.
Revision 1.147 / (download) - annotate - [select for diffs], Tue Feb 5 15:58:38 2013 UTC (10 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.146: +4 -4
lines
Diff to previous 1.146 (colored)
Update postfix to 2.8.14.
* The postconf(1) master.cf options parser didn't support "clusters"
of daemon command-line option letters.
* The local(8) delivery agent dereferenced a null pointer while
delivering to null command (for example, "|" in a .forward
file). Reported by Gilles Chehade.
* A memory leak fix for tls_misc.c was documented but not included.
Revision 1.146 / (download) - annotate - [select for diffs], Thu Dec 13 16:23:13 2012 UTC (11 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base,
pkgsrc-2012Q4
Changes since 1.145: +5 -5
lines
Diff to previous 1.145 (colored)
Update postfix to 2.8.13.
Postfix 2.8 and later:
* The postscreen_access_list feature failed to ignore case in the
first character of a command (e.g., permit, reject, etc.).
Reported by Francis Picabia. (This fix is incorrectly listed
in the HISTORY files of earlier releases, and will be removed
with a future patch.)
All supported releases:
* Strip the datalink suffix (e.g., %eth0) from IPv6 addresses
returned by the system getaddrinfo() routine. Such suffixes
break the default mynetworks value, the Postfix SMTP server's
reverse/forward DNS name/address mapping check, and possibly
more.
* To eliminate the possibility of collisions with connection cache
lookup keys, the Postfix LDAP client now computes those lookup
keys by joining the number-valued connection properties with
ASCII null, just like it already did with the string-valued
connection properties.
* There was a memory leak during one-time TLS library initialization
(introduced with Postfix 2.5). Reported by Coverity.
* There was a memory leak in the unused oqmgr(8) program (introduced
with Postfix 2.3). Reported by Coverity.
Revision 1.145 / (download) - annotate - [select for diffs], Sun Aug 12 16:16:21 2012 UTC (11 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base,
pkgsrc-2012Q3
Changes since 1.144: +4 -4
lines
Diff to previous 1.144 (colored)
Update postfix to 2.8.12.
All supported releases:
* The local(8) delivery agent's BIFF client leaked an unprivileged
UDP socket. Fix by Jaroslav Skarvada. This bug was introduced
19990127.
* The SMTP server did not reject the AUTH command while a MAIL
FROM transaction was in progress. Reported by Timo Sirainen.
This bug was introduced 20000314.
Postfix 2.8 and later:
* The unused "pass" trigger client could close the wrong file
descriptors. This bug was introduced with Postfix 2.8.
Revision 1.144 / (download) - annotate - [select for diffs], Mon May 21 14:38:34 2012 UTC (11 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base,
pkgsrc-2012Q2
Changes since 1.143: +4 -4
lines
Diff to previous 1.143 (colored)
Update postfix to 2.8.11.
Changes from release announce:
* OpenSSL related (all supported Postfix versions).
o Some people have reported program crashes when the OpenSSL
library was updated while Postfix was accessing the Postfix
TLS session cache. To avoid this, the Postfix TLS session
cache ID now includes the OpenSSL library version number.
This cache ID is not shared via the network.
o The OpenSSL workaround introduced with the previous stable
and legacy releases did not compile with older gcc compilers.
These compilers can't handle #ifdef inside a macro invocation
(NOT: definition).
* postscreen(8) related (Postfix 2.9, Postfix 2.8).
o To avoid repeated warnings from postscreen(8) with "connect
to private/dnsblog service: Connection refused" on FreeBSD,
the dnsblog(8) daemon now uses the single_server program
driver instead of the multi_server driver. This one-line
code change has no performance impact for other systems,
and eliminates a high-frequency accept() race on a shared
socket that appears to cause trouble on FreeBSD. The same
single_server program driver has proven itself for many
years in smtpd(8). Problem reported by Sahil Tandon.
* Laptop-friendly support (all supported Postfix versions). A
little-known secret is that Postfix has always had support to
avoid unnecessary disk spin-up for MTIME updates, by doing
s/fifo/unix/ in master.cf (this is currently not supported on
Solaris systems). However, two minor fixes are needed to make
this bullet-proof.
o In laptop-friendly mode, the "postqueue -f" and "sendmail
-q" commands did not wait until their requests had reached
the pickup and qmgr servers before closing their UNIX-domain
request sockets.
o In laptop-friendly mode, the unused postkick command waited
for more than a minute because the event_drain() function
was comparing bitmasks incorrectly on systems with kqueue(2),
epoll(2) or /dev/poll support.
Revision 1.143 / (download) - annotate - [select for diffs], Sat Apr 28 13:58:47 2012 UTC (11 years, 7 months ago) by taca
Branch: MAIN
Changes since 1.142: +4 -4
lines
Diff to previous 1.142 (colored)
Update postfix package to 2.8.10.
Major changes with Postfix 2.8.10
---------------------------------
This release adds support to turn off the TLSv1.1 and TLSv1.2
protocols. Introduced with OpenSSL version 1.0.1, these are known
to cause inter-operability problems with for example hotmail.
The radical workaround is to temporarily turn off problematic
protocols globally:
/etc/postfix/main.cf:
smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtpd_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtpd_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
However, it may be better to temporarily turn off problematic
protocols for broken sites only:
/etc/postfix/main.cf:
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
/etc/postfix/tls_policy:
example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2
Important:
- Note the use of ":" instead of comma or space. Also, note that
there is NO space around the "=" in "protocols=".
- The smtp_tls_policy_maps lookup key must match the "next-hop"
destination that is given to the Postfix SMTP client. If you
override the next-hop destination with transport_maps, relayhost,
sender_dependent_relayhost_maps, or otherwise, you need to specify
the same destination for the smtp_tls_policy_maps lookup key.
Revision 1.142 / (download) - annotate - [select for diffs], Tue Mar 6 11:10:23 2012 UTC (11 years, 9 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base,
pkgsrc-2012Q1
Changes since 1.141: +4 -4
lines
Diff to previous 1.141 (colored)
Update postfix to 2.8.9.
Postfix stable release 2.8.9 is available. This contains fixes that
are already part of Postfix 2.9 and 2.10.
* The "change header" milter request could replace the wrong
header. A long header name could match a shorter one, because
a length check was done on the wrong string. Reported by
Vladimir Vassiliev.
* Core dump when postlog emitted the "usage" message, caused
by an extraneous null assignment. Reported by Kant (fnord.hammer).
You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.
Revision 1.139.2.1 / (download) - annotate - [select for diffs], Wed Feb 29 19:32:08 2012 UTC (11 years, 9 months ago) by spz
Branch: pkgsrc-2011Q4
Changes since 1.139: +3 -3
lines
Diff to previous 1.139 (colored) next main 1.140 (colored)
Pullup ticket #3691 - requested by tron mail/postfix: build fix Revisions pulled up: - mail/postfix/distinfo 1.141 - mail/postfix/patches/patch-ag 1.33 - mail/postfix/patches/patch-ai 1.27 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Mon Feb 27 03:01:30 UTC 2012 Modified Files: pkgsrc/mail/postfix: distinfo pkgsrc/mail/postfix/patches: patch-ag patch-ai Log Message: Build fix for NetBSD 6.0_BETA. To generate a diff of this commit: cvs rdiff -u -r1.140 -r1.141 pkgsrc/mail/postfix/distinfo cvs rdiff -u -r1.32 -r1.33 pkgsrc/mail/postfix/patches/patch-ag cvs rdiff -u -r1.26 -r1.27 pkgsrc/mail/postfix/patches/patch-ai
Revision 1.141 / (download) - annotate - [select for diffs], Mon Feb 27 03:01:30 2012 UTC (11 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.140: +3 -3
lines
Diff to previous 1.140 (colored)
Build fix for NetBSD 6.0_BETA.
Revision 1.140 / (download) - annotate - [select for diffs], Sun Feb 19 18:19:23 2012 UTC (11 years, 9 months ago) by tron
Branch: MAIN
Changes since 1.139: +4 -4
lines
Diff to previous 1.139 (colored)
Update "postfix" package to version 2.8.8. Changes since version 2.8.7: - The Postfix sqlite client, introduced with Postfix 2.8, had an embarassing bug in its quoting routine. As the result of a last-minute code cleanup before release, this routine returned the unquoted text instead of the quoted text. The opportunities for mis-use are limited: Postfix sqlite database files are usually owned by root, and Postfix daemons usually run with non-root privileges so they can't corrupt the database. This problem was reported by Rob McGee (rob0). - The Postfix 2.8.4 fix for local delivery agent database lookup errors was incomplete. The fix correctly added new code to detect database lookup errors with mailbox_transport_maps, mailbox_command_maps or fallback_transport_maps, but it failed to log the problem, and to produce a defer logfile record which is needed for "delayed mail" and "mail too old" delivery status notifications. - The trace(8) service, used for DSN SUCCESS notifications, did not distinguish between notifications for a non-bounce or a bounce message, causing it to "reply" to mail with the null sender address. Problem reported by Sabahattin Gucukoglu. - Support for Dovecot auth over TCP sockets, using code that already existed for testing purposes. Patrick Koetter kindly provided an update for the SASL_README file. - Workaround in the LDAP client for changes in the under-documented OpenLDAP API, by Victor Duchovni.
Revision 1.139 / (download) - annotate - [select for diffs], Mon Nov 7 15:36:07 2011 UTC (12 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base
Branch point for: pkgsrc-2011Q4
Changes since 1.138: +5 -5
lines
Diff to previous 1.138 (colored)
Update postfix pacakge to 2.8.7.
Postfix stable release 2.8.7 is available. This contains a workaround
for a problem that is fixed in Postfix 2.9.
* The postscreen daemon, which is not enabled by default, sent
non-compliant SMTP responses (220- followed by 421) when it
could not give a connection to a real smtpd process. These
responses caused some remote SMTP clients to return mail as
undeliverable.
The workaround is to hang up after sending 220- without sending
the 421 "sorry" reply; this is harmless.
The complete fix involves too much change for a stable release:
send the 220 greeting, wait for the EHLO command, then send
the 421 "sorry" reply and hang up.
Revision 1.138 / (download) - annotate - [select for diffs], Tue Oct 25 14:31:10 2011 UTC (12 years, 1 month ago) by taca
Branch: MAIN
Changes since 1.137: +4 -4
lines
Diff to previous 1.137 (colored)
Update postfix to 2.8.6. From release announce:
Postfix stable release 2.8.6, 2.7.7, 2.6.13 and 2.5.16 are available.
These contain fixes that are also included with the Postfix 2.9
experimental release.
* The Postfix SMTP daemon sent "bare" newline characters instead
of <CR><LF> when a header_checks REJECT pattern matched
multi-line header. This bug was introduced with Postfix 1.1.
* The Postfix SMTP daemon sent "bare" newline characters instead
of <CR><LF> when an smtpd_proxy_filter returned a multi-line
response. This bug was introduced with Postfix 2.1.
* For compatibility with future EAI (email address
internationalization) implementations, the Postfix MIME
processor no longer enforces the strict_mime_encoding_domain
check on unknown message subtypes such as message/global*.
This check is disabled by default.
* The Postfix master daemon could report a panic error
("master_spawn: at process limit") after the process limit
for some service was reduced with "postfix reload". This bug
existed in all Postfix versions.
You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.
Revision 1.137 / (download) - annotate - [select for diffs], Sat Sep 3 15:18:21 2011 UTC (12 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base,
pkgsrc-2011Q3
Changes since 1.136: +4 -4
lines
Diff to previous 1.136 (colored)
Update postfix pacakge to 2.8.5.
[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-2.8.5.html]
Postfix stable release 2.8.5, 2.7.6, 2.6.12, and 2.5.15 are available.
These contain fixes and workarounds for the Postfix Milter client
that were already included with the Postfix 2.9 experimental release.
* The Postfix Milter client logged a "milter miltername: malformed
reply" error when a Milter sent an SMTP response without
enhanced status code (i.e. "XXX Text" instead of "XXX X.X.X
Text").
* The Postfix Milter client sent a random {client_connections}
macro value when the remote SMTP client was not subject to
any smtpd_client_* limit. As a workaround, it now sends a
zero value instead.
Revision 1.136 / (download) - annotate - [select for diffs], Wed Jul 27 06:04:54 2011 UTC (12 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.135: +4 -4
lines
Diff to previous 1.135 (colored)
Update postfix package to 2.8.4.
Postfix stable release 2.8.4 is available. This contains fixes and
workarounds that were already included with the Postfix 2.9
experimental release. Where applicable these fixes will also be
made available for the legacy releases Postfix 2.5..2.7.
* Performance: a high load of DSN success notification requests
could slow down the queue manager. Solution: make the trace
client asynchronous, just like the bounce and defer clients.
* The local(8) delivery agent ignored table lookup errors in
mailbox_command_maps, mailbox_transport_maps, fallback_transport_maps
and (while bouncing mail to alias) alias owner lookup.
* Workaround: dbl.spamhaus.org rejects lookups with "No IP
queries" even if the name has an alphanumerical prefix. We
play safe, and skip both RHSBL and RHSWL queries for names
ending in a numerical suffix.
* The "sendmail -t" command reported "protocol error" instead
of "file too large", "no space left on device" etc.
* The Postfix Milter client reported a temporary error instead
of "file too large" in three cases.
* Linux kernel version 3 support. Linus Torvalds has reset the
counters for reasons not related to changes in code.
You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.
Revision 1.134.2.1 / (download) - annotate - [select for diffs], Wed May 11 03:14:38 2011 UTC (12 years, 7 months ago) by sbd
Branch: pkgsrc-2011Q1
Changes since 1.134: +4 -4
lines
Diff to previous 1.134 (colored) next main 1.135 (colored)
Pullup ticket #3426 - requested by taca mail/postfix security update Revisions pulled up: - mail/postfix/Makefile 1.239 - mail/postfix/distinfo 1.135 - mail/postfix/options.mk 1.36 --- Module Name: pkgsrc Committed By: taca Date: Tue May 10 13:38:24 UTC 2011 Modified Files: pkgsrc/mail/postfix: Makefile distinfo options.mk Log Message: Update postfix package to 2.8.3. * pkgsrc change: remoe mysql4 from PKG_OPTIONS. Securiy release for Memory corruption in Postfix SMTP server Cyrus SASL support: http://www.postfix.org/CVE-2011-1720.html 20110411 Cleanup: postscreen(8) and verify(8) daemons now lock their respective cache file exclusively upon open, to avoid massive cache corruption by unsupported sharing. Files: util/dict.h, util/dict_open.c, verify/verify.c, postscreen/postscreen.c. 20110414 Bugfix (introduced with Postfix SASL patch 20000314): don't reuse a server SASL handle after authentication failure. Problem reported by Thomas Jarosch of Intra2net AG. File: smtpd/smtpd_proto.c.
Revision 1.135 / (download) - annotate - [select for diffs], Tue May 10 13:38:23 2011 UTC (12 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base,
pkgsrc-2011Q2
Changes since 1.134: +4 -4
lines
Diff to previous 1.134 (colored)
Update postfix package to 2.8.3. * pkgsrc change: remoe mysql4 from PKG_OPTIONS. Securiy release for Memory corruption in Postfix SMTP server Cyrus SASL support: http://www.postfix.org/CVE-2011-1720.html 20110411 Cleanup: postscreen(8) and verify(8) daemons now lock their respective cache file exclusively upon open, to avoid massive cache corruption by unsupported sharing. Files: util/dict.h, util/dict_open.c, verify/verify.c, postscreen/postscreen.c. 20110414 Bugfix (introduced with Postfix SASL patch 20000314): don't reuse a server SASL handle after authentication failure. Problem reported by Thomas Jarosch of Intra2net AG. File: smtpd/smtpd_proto.c.
Revision 1.134 / (download) - annotate - [select for diffs], Tue Mar 22 09:37:27 2011 UTC (12 years, 8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base
Branch point for: pkgsrc-2011Q1
Changes since 1.133: +5 -5
lines
Diff to previous 1.133 (colored)
Update mail/postfix pacakge to 2.8.2.
Postfix stable release 2.8.2 is available. This release has minor
fixes that are already in the experimental (2.9) release.
- Bugfix: postscreen DNSBL scoring error. When a client disconnected
and then reconnected before all DNSBL results for the earlier
session arrived, DNSBL results for the earlier session would be
added to the score for the later session. This is very unlikely
to have affected any legitimate mail.
- Workaround: the SMTP client did not support mail to [ipv6:ipv6addr].
- Portability: FreeBSD closefrom() was back-ported to FreeBSD 7,
breaking FreeBSD 7.x support retroactively.
- Portability: the SUN compiler had trouble with a pointer expression
of the form ``("text1" "text2") + constant'' so we don't try to
be so clever.
Revision 1.132.2.1 / (download) - annotate - [select for diffs], Wed Mar 9 19:22:11 2011 UTC (12 years, 9 months ago) by tron
Branch: pkgsrc-2010Q4
Changes since 1.132: +5 -5
lines
Diff to previous 1.132 (colored) next main 1.133 (colored)
Pullup ticket #3384 - requested by taca
mail/postfix: security update
Revisions pulled up:
- mail/postfix/Makefile patch
- mail/postfix/distinfo patch
- mail/postfix/patches/patch-ag patch
---
Postfix legacy releases 2.7.3, 2.6.9, 2.5.12 and 2.4.16 are available.
These releases contain a fix for CVE-2011-0411 which allows plaintext
command injection with SMTP sessions over TLS. This defect was
introduced with Postfix version 2.2. The same flaw exists in other
implementations of the STARTTLS command.
Note: CVE-2011-0411 is an issue only for the minority of SMTP
clients that actually verify server certificates. Without server
certificate verification, clients are always vulnerable to
man-in-the-middle attacks that allow attackers to inject
plaintext commands or responses into SMTP sessions, and more.
Postfix 2.8 and 2.9 are not affected.
The following problems were fixed with the Postfix legacy releases:
* Fix for CVE-2011-0411: discard buffered plaintext input,
after reading the SMTP "STARTTLS" command or response.
* Fix to the local delivery agent: look up the "unextended"
address in the local aliases database, when that address has
a malformed address extension.
* Fix to virtual alias expansion: report a tempfail error,
instead of silently ignoring recipients that exceed the
virtual_alias_expansion_limit or the virtual_alias_recursion_limit.
* Fix for Solaris: the Postfix event engine was deaf for SIGHUP
and SIGALRM signals after the switch from select() to /dev/poll.
Symptoms were delayed "postfix reload" response, and killed
processes with watchdog timeout values under 100 seconds.
* Fix for HP-UX: the Postfix event engine was deaf for SIGALRM
signals. Symptoms were killed processes with watchdog timeout
values under 100 seconds.
* Fix for BSD-ish mkdir() to prevent maildir directories from
inheriting their group ownership from the parent directory.
* Fix to the SMTP client: missing support for mail to
[ipv6:ipv6addr] address literal destinations.
* FreeBSD back-ported closefrom() from FreeBSD 8x to 7x, breaking
Postfix builds retroactively.
Historical note:
Wietse Venema discovered the problem two weeks before the
Postfix 2.8 release, and silently fixed it pending further
investigation. While investigating the problem's scope and
impact, Victor Duchovni found that many other TLS applications
were also affected. At that point, CERT/CC was asked to coordinate
with the problem's resolution.
You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.
Revision 1.133 / (download) - annotate - [select for diffs], Sat Feb 26 08:58:59 2011 UTC (12 years, 9 months ago) by tron
Branch: MAIN
Changes since 1.132: +4 -8
lines
Diff to previous 1.132 (colored)
Update "postfix" package to version 2.8.1. Changes since version 2.7.2: Postfix stable release 2.8.0 is available. This release continues the move towards improving code and documentation, and making the system better prepared for changes in the threat environment. The postscreen daemon (a zombie blocker in front of Postfix) is now included with the stable release. postscreen now supports TLS and can log the rejected sender, recipient and helo information. See the POSTSCREEN_README file for recommended usage scenarios. Support for DNS whitelisting (permit_rhswl_client), and for pattern matching to filter the responses from DNS white/blacklist servers (e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]). Improved message tracking across SMTP-based content filters; the after-filter SMTP server can log the before-filter queue ID (the XCLIENT protocol was extended). Read-only support for sqlite databases. See sqlite_table(5) and SQLITE_README. Support for 'footers' that are appended to SMTP server "reject" responses. See "smtpd_reject_footer" in the postconf(5) manpage. This update was tested by Takahiro Kambe.
Revision 1.132 / (download) - annotate - [select for diffs], Sun Nov 28 18:14:10 2010 UTC (13 years ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base
Branch point for: pkgsrc-2010Q4
Changes since 1.131: +4 -4
lines
Diff to previous 1.131 (colored)
Update "postfix" package to version 2.7.2. Changes since version 2.7.1:
- Postfix no longer automatically appends the system default CA
(certificate authority) certificates, when it reads the CA
certificates specified with {smtp, lmtp, smtpd}_tls_CAfile or
with {smtp, lmtp, smtpd}_tls_CApath. This prevents third-party
certificates from getting mail relay permission with the
permit_tls_all_clientcerts feature. Unfortunately, this change
may cause compatibility problems with configurations that rely
on certificate verification for other purposes. To get the old
behavior, specify "tls_append_default_CA = yes".
- A prior fix for compatibility with Postfix < 2.3 was incomplete.
When pipe-to-command delivery fails with a signal, mail is now
correctly deferred, instead of being returned to sender.
- Poor smtpd_proxy_filter TCP performance over loopback (127.0.0.1)
connections was fixed by adapting the output buffer size to the MTU.
- The SMTP server no longer applies the reject_rhsbl_helo feature
to non-domain forms such as network addresses. This would cause
false positives with dbl.spamhaus.org.
- The Postfix SMTP server failed to deliver a "421" response and
hang up the connection after Milter error. Instead, the server
delivered a "503 Access denied" response and left the connection
open, due to some Postfix 1.1 workaround for RFC 2821.
- The milter_header_checks parser failed to enable any of the actions
that have no effect on message delivery (warn, replace, prepend,
ignore, dunno, and ok).
Revision 1.131 / (download) - annotate - [select for diffs], Tue Jun 8 15:14:34 2010 UTC (13 years, 6 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2010Q3-base,
pkgsrc-2010Q3,
pkgsrc-2010Q2-base,
pkgsrc-2010Q2
Changes since 1.130: +4 -4
lines
Diff to previous 1.130 (colored)
Postfix stable release 2.7.1 fixes one defect in the XFORWARD
implementation (for SMTP-based content filters), improves robustness,
and has updates for changes in system or library interfaces.
* Bugfix (introduced Postfix 2.6) in the XFORWARD implementation,
which sends remote SMTP client attributes through SMTP-based
content filters. The Postfix SMTP client did not skip "unknown"
SMTP client attributes, causing a syntax error when sending
an "unknown" client PORT attribute.
* Robustness: skip LDAP queries with non-ASCII search strings,
instead of failing with a database lookup error.
* Safety: Postfix processes now log a warning when a matchlist
has a #comment at the end of a line (for example mynetworks
or relay_domains).
* Portability: OpenSSL 1.0.0 changes the priority of anonymous
cyphers.
* Portability: Mac OS 10.6.3 requires <arpa/nameser_compat.h>
instead of <nameser8_compat.h>.
* Portability: Berkeley DB 5.x is now supported.
Revision 1.129.2.1 / (download) - annotate - [select for diffs], Sun Apr 25 18:16:59 2010 UTC (13 years, 7 months ago) by tron
Branch: pkgsrc-2010Q1
Changes since 1.129: +2 -2
lines
Diff to previous 1.129 (colored) next main 1.130 (colored)
Pullup ticket #3094 - requested by taca mail/postfix: build fix mail/postfix-current: build fix Revisions pulled up: - mail/postfix-current/distinfo 1.58 - mail/postfix-current/patches/patch-ag 1.22 - mail/postfix/distinfo 1.130 - mail/postfix/patches/patch-ag 1.30 --- Module Name: pkgsrc Committed By: taca Date: Fri Apr 16 15:32:59 UTC 2010 Modified Files: pkgsrc/mail/postfix: distinfo pkgsrc/mail/postfix-current: distinfo pkgsrc/mail/postfix-current/patches: patch-ag pkgsrc/mail/postfix/patches: patch-ag Log Message: Add patch to fix closefrom() problem on FreeBSD.
Revision 1.130 / (download) - annotate - [select for diffs], Fri Apr 16 15:32:58 2010 UTC (13 years, 7 months ago) by taca
Branch: MAIN
Changes since 1.129: +2 -2
lines
Diff to previous 1.129 (colored)
Add patch to fix closefrom() problem on FreeBSD.
Revision 1.129 / (download) - annotate - [select for diffs], Thu Feb 25 13:01:22 2010 UTC (13 years, 9 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2010Q1-base
Branch point for: pkgsrc-2010Q1
Changes since 1.128: +7 -7
lines
Diff to previous 1.128 (colored)
Updated mail/postfix to 2.7.0 Postfix stable release 2.7.0 is available. For the past several releases, the focus has moved towards improving the code and documentation, and updating the system for changing environments. - Improved before-queue content filter performance. With "smtpd_proxy_options = speed_adjust", the Postfix SMTP server receives the entire message before it connects to a before-queue content filter. Typically, this allows Postfix to handle the same mail load with fewer content filter processes. - Improved address verification performance. The verify database is now persistent by default, and it is automatically cleaned periodically, Under overload conditions, the Postfix SMTP server no longer waits up to 6 seconds for an address probe to complete. - Support for reputation management based on the local SMTP client IP address. This is typically implemented with "FILTER transportname:" actions in access maps or header/body checks, and mail delivery transports in master.cf with unique smtp_bind_address values. - The postscreen daemon (a zombie-blocker in front of Postfix) is still too rough for a stable release, and will be made "mature" in the Postfix 2.8 development cycle (however you can use Postfix 2.7 with the Postfix 2.8 postscreen and dnsblog executables and master.cf configuration; this code has already proven itself). No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations. You can find Postfix version 2.7.0 at the mirrors listed at http://www.postfix.org/ The same code is also available as Postfix snapshot 2.8-20100213. Updated versions of Postfix version 2.6, 2.5 and perhaps earlier will be released with the same fixes that were already included with Postfix versions 2.7 and 2.8.
Revision 1.127.2.1 / (download) - annotate - [select for diffs], Tue Sep 1 11:48:42 2009 UTC (14 years, 3 months ago) by tron
Branch: pkgsrc-2009Q2
Changes since 1.127: +4 -4
lines
Diff to previous 1.127 (colored) next main 1.128 (colored)
Pullup ticket #2879 - requested by martti
postfix: bug fix update
Revisions pulled up:
- mail/postfix/Makefile 1.229-1.230
- mail/postfix/distinfo 1.128
---
Module Name: pkgsrc
Committed By: heinz
Date: Sun Aug 9 21:15:31 UTC 2009
Modified Files:
pkgsrc/mail/postfix: Makefile
Log Message:
Enabled installation to DESTDIR. (OK by martti@).
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Aug 31 09:37:35 UTC 2009
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.6.5
The stable release Postfix 2.6.5 addresses the defects described
below (some already addressed with the not-announced Postfix 2.6.3
release). These defects are also addressed in the legacy releases
that are still maintained: Postfix 2.5.9, 2.4.13 and 2.3.19.
Do not use Postfix 2.6.4, 2.5.8, 2.4.12, 2.3.18, 2.7-20090807, and
2.7-20090807-nonprod. These contain a DNS workaround that causes
more trouble than it prevents. It is removed until further notice.
Defects fixed with Postfix 2.6.3, 2.5.9, 2.4.13 and 2.3.19:
- The Postfix Milter client got out of step with a Milter application
after the application sent a "quarantine" request at end-of-message
time. The Milter application would still be in the end-of-message
state, while Postfix would already be working on the next SMTP
event, typically, QUIT or MAIL FROM. In the latter case, Milter
responses for the previously-received email message would be
applied towards the next MAIL FROM transaction. This problem was
diagnosed with help from Alban Deniz.
Defects fixed with Postfix 2.6.5, 2.5.9, 2.4.13 and 2.3.19:
- The Postfix SMTP server would abort with an "unexpected lookup
table" error when an SMTPD policy server was mis-configured in a
particular way.
Revision 1.128 / (download) - annotate - [select for diffs], Mon Aug 31 09:37:35 2009 UTC (14 years, 3 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base,
pkgsrc-2009Q4,
pkgsrc-2009Q3-base,
pkgsrc-2009Q3
Changes since 1.127: +4 -4
lines
Diff to previous 1.127 (colored)
Updated mail/postfix to 2.6.5 The stable release Postfix 2.6.5 addresses the defects described below (some already addressed with the not-announced Postfix 2.6.3 release). These defects are also addressed in the legacy releases that are still maintained: Postfix 2.5.9, 2.4.13 and 2.3.19. Do not use Postfix 2.6.4, 2.5.8, 2.4.12, 2.3.18, 2.7-20090807, and 2.7-20090807-nonprod. These contain a DNS workaround that causes more trouble than it prevents. It is removed until further notice. Defects fixed with Postfix 2.6.3, 2.5.9, 2.4.13 and 2.3.19: - The Postfix Milter client got out of step with a Milter application after the application sent a "quarantine" request at end-of-message time. The Milter application would still be in the end-of-message state, while Postfix would already be working on the next SMTP event, typically, QUIT or MAIL FROM. In the latter case, Milter responses for the previously-received email message would be applied towards the next MAIL FROM transaction. This problem was diagnosed with help from Alban Deniz. Defects fixed with Postfix 2.6.5, 2.5.9, 2.4.13 and 2.3.19: - The Postfix SMTP server would abort with an "unexpected lookup table" error when an SMTPD policy server was mis-configured in a particular way.
Revision 1.127 / (download) - annotate - [select for diffs], Thu Jun 4 14:08:56 2009 UTC (14 years, 6 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base
Branch point for: pkgsrc-2009Q2
Changes since 1.126: +4 -4
lines
Diff to previous 1.126 (colored)
Updated mail/postfix to 2.6.2 Postfix stable release 2.6.2 fixes one defect in SASL support. This does not affect Postfix versions 2.5 and earlier. With plaintext SMTP sessions AND smtpd_tls_auth_only=yes AND smtp_sasl_auth_enable=yes, the SMTP server logged warnings for reject_*_sender_login_mismatch, instead of enforcing them. You can find Postfix version 2.6.2 at the mirrors listed at http://www.postfix.org/ The same fix is also available in Postfix snapshot 2.7-20090528. Postfix versions 2.5 and earlier are not affected.
Revision 1.126 / (download) - annotate - [select for diffs], Wed May 20 07:46:09 2009 UTC (14 years, 6 months ago) by martti
Branch: MAIN
Changes since 1.125: +4 -4
lines
Diff to previous 1.125 (colored)
Updated mail/postfix to 2.6.1 Postfix stable release 2.6.1 fixes one defect in Milter support. This does not affect Postfix versions 2.5 and earlier. - Queue file corruption under very specific conditions: (smtpd_milters or non_smtpd_milters) enabled, AND delay_warning_time enabled, AND mail delivery delays, AND short envelope sender addresses (e.g., sendmail command-line submissions with bare usernames as the sender, but not bounce messages). The queue file would be corrupted when the delay_warning_time record was marked as "done" after sending the "your mail is delayed" notice. The defect was introduced with Postfix 2.3, but it could not cause corruption before the change dated 20090427.
Revision 1.123.2.1 / (download) - annotate - [select for diffs], Wed May 13 12:19:28 2009 UTC (14 years, 7 months ago) by tron
Branch: pkgsrc-2009Q1
Changes since 1.123: +4 -4
lines
Diff to previous 1.123 (colored) next main 1.124 (colored)
Pullup ticket #2764 - requested by martti postfix: bug fix update Revisions pulled up: - mail/postfix/Makefile 1.223 - mail/postfix/distinfo 1.124 --- Module Name: pkgsrc Committed By: martti Date: Wed May 13 10:32:23 UTC 2009 Modified Files: pkgsrc/mail/postfix: Makefile distinfo Log Message: Updated mail/postfix to 2.5.7 - (low) The installation/upgrade procedure did not automatically create the data_directory. - (medium) In the "new queue manager", the _destination_rate_delay code needed to postpone the job scheduler updates after delivery completion, otherwise the scheduler could loop on blocked jobs. - (low) The queue manager used <transport>_concurrency_failed_cohort_limit instead of <transport>_destination_concurrency_failed_cohort_limit as documented. - (low) The SMTP client disabled MIME parsing despite non-empty settings for smtp_header_checks, smtp_mime_header_checks, smtp_nested_header_checks, or smtp_body_checks. - (medium) The postsuper command re-enabled the SIGHUP signal when it was set to "ignore". This could result in random "Postfix integrity check failed" errors at boot time (POSIX SIGHUP death), causing Postfix not to start automatically.
Revision 1.125 / (download) - annotate - [select for diffs], Wed May 13 10:33:23 2009 UTC (14 years, 7 months ago) by martti
Branch: MAIN
Changes since 1.124: +6 -6
lines
Diff to previous 1.124 (colored)
Updated mail/postfix to 2.6.0 - Multi-instance support introduces a new postmulti(1) command to create/add/remove/etc. additional Postfix instances. The familiar "postfix start" etc. commands now automatically start multiple Postfix instances. The good news: nothing changes when you use only one Postfix instance. See MULTI_INSTANCE_README for details. - Multi-instance support required that some files be moved from the non-shared $config_directory to the shared $daemon_directory. The affected files are postfix-script, postfix-files and post-install. - TLS (SSL) support was updated for elliptic curve encryption. This requires OpenSSL version 0.9.9 or later. The SMTP client no longer uses the SSLv2 protocol by default. See TLS_README for details. - The Milter client now supports all Sendmail 8.14 Milter requests, including requests for rejected recipient addresses, and requests to replace the envelope sender address. See MILTER_README for details. - Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To: headers to email messages with "remote" origins (these are origins that don't match $local_header_rewrite_clients). Adding such headers breaks DKIM signatures that explicitly cover non-present headers. For compatibility with existing logfile processing software, Postfix will log ``message-id=<>'' for email messages that have no Message-Id header. - Stress-adaptive behavior is now enabled by default. This allows the Postfix SMTP server to temporarily reduce time limits and error-count limits under conditions of overload, such as a malware attack or backscatter flood. See STRESS_README for details. No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations.
Revision 1.124 / (download) - annotate - [select for diffs], Wed May 13 10:32:23 2009 UTC (14 years, 7 months ago) by martti
Branch: MAIN
Changes since 1.123: +4 -4
lines
Diff to previous 1.123 (colored)
Updated mail/postfix to 2.5.7 - (low) The installation/upgrade procedure did not automatically create the data_directory. - (medium) In the "new queue manager", the _destination_rate_delay code needed to postpone the job scheduler updates after delivery completion, otherwise the scheduler could loop on blocked jobs. - (low) The queue manager used <transport>_concurrency_failed_cohort_limit instead of <transport>_destination_concurrency_failed_cohort_limit as documented. - (low) The SMTP client disabled MIME parsing despite non-empty settings for smtp_header_checks, smtp_mime_header_checks, smtp_nested_header_checks, or smtp_body_checks. - (medium) The postsuper command re-enabled the SIGHUP signal when it was set to "ignore". This could result in random "Postfix integrity check failed" errors at boot time (POSIX SIGHUP death), causing Postfix not to start automatically.
Revision 1.122.2.1 / (download) - annotate - [select for diffs], Mon Jan 5 12:30:21 2009 UTC (14 years, 11 months ago) by tron
Branch: pkgsrc-2008Q4
Changes since 1.122: +4 -4
lines
Diff to previous 1.122 (colored) next main 1.123 (colored)
Pullup ticket #2621 - requested by martti postfix: security update Revisions pulled up: - mail/postfix/Makefile 1.221 - mail/postfix/distinfo 1.123 --- Module Name: pkgsrc Committed By: martti Date: Mon Jan 5 10:25:34 UTC 2009 Modified Files: pkgsrc/mail/postfix: Makefile distinfo Log Message: Updated mail/postfix to 2.5.6 - Postfix 2.5: the SMTP server did not ask for a client certificate with "smtpd_tls_req_ccert = yes". Reported by Rob Foehl. - Postfix 2.5, 2.4 and 2.3: avoid reduced TCP performance when reusing an SMTP connection with a larger than 4096-byte TCP MSS value. In practice, this could happen only with loopback (localhost) connections.
Revision 1.123 / (download) - annotate - [select for diffs], Mon Jan 5 10:25:34 2009 UTC (14 years, 11 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2009Q1-base
Branch point for: pkgsrc-2009Q1
Changes since 1.122: +4 -4
lines
Diff to previous 1.122 (colored)
Updated mail/postfix to 2.5.6 - Postfix 2.5: the SMTP server did not ask for a client certificate with "smtpd_tls_req_ccert = yes". Reported by Rob Foehl. - Postfix 2.5, 2.4 and 2.3: avoid reduced TCP performance when reusing an SMTP connection with a larger than 4096-byte TCP MSS value. In practice, this could happen only with loopback (localhost) connections.
Revision 1.122 / (download) - annotate - [select for diffs], Mon Nov 3 00:47:17 2008 UTC (15 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base
Branch point for: pkgsrc-2008Q4
Changes since 1.121: +3 -3
lines
Diff to previous 1.121 (colored)
Make it build on NetBSD current (and NetBSD 5.x).
Revision 1.121 / (download) - annotate - [select for diffs], Thu Oct 16 09:40:20 2008 UTC (15 years, 1 month ago) by martti
Branch: MAIN
Changes since 1.120: +5 -1
lines
Diff to previous 1.120 (colored)
Added support for SQLite (pkg/39745 by Sébastien BOCAHU. No existing binary packages are affected so I didn't bump the revision...
Revision 1.120 / (download) - annotate - [select for diffs], Wed Sep 17 13:21:19 2008 UTC (15 years, 2 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2008Q3-base,
pkgsrc-2008Q3
Changes since 1.119: +3 -3
lines
Diff to previous 1.119 (colored)
Support newer DragonFly versions. From PR 39148.
Revision 1.116.6.2 / (download) - annotate - [select for diffs], Fri Sep 5 11:55:45 2008 UTC (15 years, 3 months ago) by ghen
Branch: pkgsrc-2008Q2
Changes since 1.116.6.1: +7 -7
lines
Diff to previous 1.116.6.1 (colored) to branchpoint 1.116 (colored) next main 1.117 (colored)
Pullup ticket 2518 - requested by martti
security update for postfix
- pkgsrc/mail/postfix/Makefile 1.219, 1.220
- pkgsrc/mail/postfix/distinfo 1.119
- pkgsrc/mail/postfix/patches/patch-aa 1.21
- pkgsrc/mail/postfix/patches/patch-ag 1.25
- pkgsrc/mail/postfix/patches/patch-ai 1.22
- pkgsrc/mail/postfix-current/Makefile 1.100, 1.101
- pkgsrc/mail/postfix-current/distinfo 1.46
- pkgsrc/mail/postfix-current/patches/patch-aa 1.19
- pkgsrc/mail/postfix-current/patches/patch-ag 1.17
- pkgsrc/mail/postfix-current/patches/patch-ai 1.20
Module Name: pkgsrc
Committed By: ghen
Date: Fri Aug 22 20:29:55 UTC 2008
Modified Files:
pkgsrc/mail/postfix: Makefile
pkgsrc/mail/postfix-current: Makefile
Log Message:
Add some (http) mirrors.
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Sep 4 08:25:20 UTC 2008
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
pkgsrc/mail/postfix/patches: patch-aa patch-ag patch-ai
Log Message:
Updated mail/postfix to 2.5.5
Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a
denial of service attack by a local user. There is no breach of
data confidentiality or data integrity. This problem was found by
the Postfix author during routine source code maintenance.
An on-line version of this announcement is available at
http://www.postfix.org/announcements/20080902.html
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Sep 4 08:25:31 UTC 2008
Modified Files:
pkgsrc/mail/postfix-current: Makefile distinfo
pkgsrc/mail/postfix-current/patches: patch-aa patch-ag patch-ai
Log Message:
Updated mail/postfix-current to 2.6.20080903
Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a
denial of service attack by a local user. There is no breach of
data confidentiality or data integrity. This problem was found by
the Postfix author during routine source code maintenance.
An on-line version of this announcement is available at
http://www.postfix.org/announcements/20080902.html
Revision 1.119 / (download) - annotate - [select for diffs], Thu Sep 4 08:25:19 2008 UTC (15 years, 3 months ago) by martti
Branch: MAIN
CVS Tags: cube-native-xorg-base,
cube-native-xorg
Changes since 1.118: +7 -7
lines
Diff to previous 1.118 (colored)
Updated mail/postfix to 2.5.5 Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a denial of service attack by a local user. There is no breach of data confidentiality or data integrity. This problem was found by the Postfix author during routine source code maintenance. An on-line version of this announcement is available at http://www.postfix.org/announcements/20080902.html
Revision 1.116.6.1 / (download) - annotate - [select for diffs], Mon Aug 18 09:46:08 2008 UTC (15 years, 3 months ago) by rtr
Branch: pkgsrc-2008Q2
Changes since 1.116: +4 -4
lines
Diff to previous 1.116 (colored)
pullup ticket #2495 - requested by martti
postfix: update package for security fixes
revisions pulled up:
pkgsrc/mail/postfix/Makefile 1.218
pkgsrc/mail/postfix/distinfo 1.118
Module Name: pkgsrc
Committed By: martti
Date: Mon Aug 18 07:13:41 UTC 2008
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.5.4
20080804
Bugfix: dangling pointer in vstring_sprintf_prepend().
File: util/vstring.c.
20080814
Security: some systems have changed their link() semantics,
and will hardlink a symlink, contrary to POSIX and XPG4.
Sebastian Krahmer, SuSE. File: util/safe_open.c.
The solution introduces the following incompatible change:
when the target of mail delivery is a symlink, the parent
directory of that symlink must now be writable by root only
(in addition to the already existing requirement that the
symlink itself is owned by root). This change will break
legitimate configurations that deliver mail to a symbolic
link in a directory with less restrictive permissions.
Revision 1.118 / (download) - annotate - [select for diffs], Mon Aug 18 07:13:41 2008 UTC (15 years, 3 months ago) by martti
Branch: MAIN
Changes since 1.117: +4 -4
lines
Diff to previous 1.117 (colored)
Updated mail/postfix to 2.5.4 20080804 Bugfix: dangling pointer in vstring_sprintf_prepend(). File: util/vstring.c. 20080814 Security: some systems have changed their link() semantics, and will hardlink a symlink, contrary to POSIX and XPG4. Sebastian Krahmer, SuSE. File: util/safe_open.c. The solution introduces the following incompatible change: when the target of mail delivery is a symlink, the parent directory of that symlink must now be writable by root only (in addition to the already existing requirement that the symlink itself is owned by root). This change will break legitimate configurations that deliver mail to a symbolic link in a directory with less restrictive permissions.
Revision 1.117 / (download) - annotate - [select for diffs], Tue Jul 29 05:14:15 2008 UTC (15 years, 4 months ago) by martti
Branch: MAIN
Changes since 1.116: +4 -4
lines
Diff to previous 1.116 (colored)
Updated mail/postfix to 2.5.3 When a mailbox file is not owned by its recipient, the local and virtual delivery agents now log a warning and defer delivery. Specify "strict_mailbox_ownership = no" to ignore such ownership discrepancies. [HISTORY] 20080509 Bugfix: null-terminate CN comment string after sanitization. File: smtpd/smtpd.c. 20080603 Workaround: avoid "bad address pattern" errors with non-address patterns in namadr_list_match() calls. File: util/match_ops.c. 20080620 Bugfix (introduced 20080207): "cleanup -v" panic because the new "SMTP reply" request flag did not have a printable name. File: global/cleanup_strflags.c. Cleanup: using "Before-queue content filter", RFC3848 information was not added to the headers. Carlos Velasco. File smtpd/smtpd.c. 20080717 Cleanup: a poorly-implemented integer overflow check for TCP MSS calculation had the unexpected effect that people broke Postfix on LP64 systems while attempting to silence a compiler warning. File: util/vstream_tweak.c. 20080725 Paranoia: defer delivery when a mailbox file is not owned by the recipient. Requested by Sebastian Krahmer, SuSE. Specify "strict_mailbox_ownership=no" to ignore ownership discrepancies. Files: local/mailbox.c, virtual/mailbox.c.
Revision 1.116 / (download) - annotate - [select for diffs], Mon Feb 18 17:45:34 2008 UTC (15 years, 9 months ago) by ghen
Branch: MAIN
CVS Tags: pkgsrc-2008Q2-base,
pkgsrc-2008Q1-base,
pkgsrc-2008Q1,
cwrapper
Branch point for: pkgsrc-2008Q2
Changes since 1.115: +6 -9
lines
Diff to previous 1.115 (colored)
Update Postfix to version 2.5.1 (ok martti). Major changes over 2.4.x are: - TLS (SSL) support was streamlined further, and provides a new security level based on certificate fingerprints instead of CA signatures. See TLS_README for details. - Milter support was updated from the Sendmail 8.13 feature set and now includes most of the features that were introduced with Sendmail 8.14. See MILTER_README for details. - Stress-adaptive configuration was introduced. This allows the Postfix SMTP server to temporarily adjust its rules under conditions of overload, such as a malware attack or backscatter flood. See STRESS_README for details. [pkgsrc: this obsoletes the "postfix-stress" option which provided the same functionality via a distribution patch] - The queue manager scheduler was refined. It now provides per-transport scheduling controls and allows for adjustment of the sensitivity to mail delivery (non-)errors. See SCHEDULER_README. - Security was improved by introducing a Postfix-owned data_directory for storage of randomness, caches and other non-queue data. This change avoids future security loopholes due to untrusted data sitting in root-owned files or in root-owned directories. Writes to legacy files in root-owned directories are automatically redirected to files in the new data_directory. No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations.
Revision 1.115 / (download) - annotate - [select for diffs], Mon Jan 14 13:29:24 2008 UTC (15 years, 11 months ago) by ghen
Branch: MAIN
Changes since 1.114: +4 -1
lines
Diff to previous 1.114 (colored)
Add the postfix stress-adaptive behaviour patch via an option "postfix-stress" (disabled by default). This functionality will be included in Postfix 2.5 but has been proven very succesful on the mailing lists so Wietse provided a patch for Postfix 2.3 and 2.4. See http://www.postfix.org/STRESS_README.html#adapt for configuration details.
Revision 1.113.2.1 / (download) - annotate - [select for diffs], Mon Oct 22 10:39:13 2007 UTC (16 years, 1 month ago) by ghen
Branch: pkgsrc-2007Q3
Changes since 1.113: +4 -4
lines
Diff to previous 1.113 (colored) next main 1.114 (colored)
Pullup ticket 2210 - requested by marrti
bugfix update for postfix
- pkgsrc/mail/postfix/Makefile 1.208
- pkgsrc/mail/postfix/distinfo 1.114
Module Name: pkgsrc
Committed By: martti
Date: Mon Oct 22 06:15:20 UTC 2007
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.4.6
- A remote SMTP client TLS certificate with an unparsable canonical
name triggered a panic error in the Postfix SMTP server (attempt
to allocate zero-length memory) while sending a request to an
SMTPD policy server.
- On backup MX servers where the queue file system is mounted with
"atime" (file read/execute access time) updates disabled, the
flush daemon would trigger mail delivery attempts once every 1000
seconds, thus rendering the maximal_backoff_time setting useless
for backup MX service.
Revision 1.114 / (download) - annotate - [select for diffs], Mon Oct 22 06:15:19 2007 UTC (16 years, 1 month ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base,
pkgsrc-2007Q4
Changes since 1.113: +4 -4
lines
Diff to previous 1.113 (colored)
Updated mail/postfix to 2.4.6 - A remote SMTP client TLS certificate with an unparsable canonical name triggered a panic error in the Postfix SMTP server (attempt to allocate zero-length memory) while sending a request to an SMTPD policy server. - On backup MX servers where the queue file system is mounted with "atime" (file read/execute access time) updates disabled, the flush daemon would trigger mail delivery attempts once every 1000 seconds, thus rendering the maximal_backoff_time setting useless for backup MX service.
Revision 1.113 / (download) - annotate - [select for diffs], Mon Aug 13 07:05:38 2007 UTC (16 years, 4 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2007Q3-base
Branch point for: pkgsrc-2007Q3
Changes since 1.112: +4 -4
lines
Diff to previous 1.112 (colored)
Updated mail/postfix to 2.4.5
MILTER bugfix:
When a milter replied with ACCEPT at or before the first RCPT
command, the cleanup server would apply the non_smtpd_milters
setting as if the message was a local submission. Problem
reported by Jukka Salmi.
MILTER bugfix:
Problem with header updates after body updates. Reported by
Jose-Marcio Martins da Cruz.
MILTER robustness:
Assorted cleanups to harden error handling in the Postfix Milter
client.
SASL workaround for Postfix SMTP client:
Some non-Cyrus SASL SMTP servers require SASL login without
authzid (authoriZation ID), i.e. the client must send only the
authcid (authentiCation ID) + the authcid's password. This is
now the default Postfix SMTP client behavior.
Loopback TCP performance workaround:
Some systems exhibited poor SMTP and Milter performance with
loopback (127.0.0.1) connections. Problem reported by Mark
Martinec.
MILTER bugfix:
When a milter replied with ACCEPT at or before the first RCPT
command, the cleanup server would apply the non_smtpd_milters
setting as if the message was a local submission. Problem
reported by Jukka Salmi.
MILTER bugfix:
Problem with header updates after body updates. Reported by
Jose-Marcio Martins da Cruz.
MILTER robustness:
Assorted cleanups to harden error handling in the Postfix Milter
client.
SASL workaround for Postfix SMTP client:
Some non-Cyrus SASL SMTP servers require SASL login without
authzid (authoriZation ID), i.e. the client must send only the
Revision 1.112 / (download) - annotate - [select for diffs], Fri Jun 1 03:34:07 2007 UTC (16 years, 6 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2007Q2-base,
pkgsrc-2007Q2
Changes since 1.111: +5 -5
lines
Diff to previous 1.111 (colored)
Updated mail/postfix to 2.4.3 20070425 Bugfix: don't falsely report "lost connection from localhost[127.0.0.1]" when Postfix is being portscanned. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c. 20070430 Robustness: recommend a "0" process limit for policy servers to avoid "connection refused" problems when the smtpd process limit exceeds the default process limit. File: proto/SMTPD_POLICY_README.html. 20070501 Safety: when IPv6 (or IPv4) is turned off, don't treat an IPv6 (or IPv4) connection from e.g. inetd as if it comes from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c. 20070508 Bugfix: Content-Transfer-Encoding: attribute values are case insensitive. File: src/cleanup/cleanup_message.c. 20070514 Bugfix: mailbox_transport(_maps) and fallback_transport(_maps) were broken when used with the error(8) or discard(8) transports. Cause: insufficient documentation. Files: error/error.c, discard/discard.c. 20070520 Bugfix (problem introduced Postfix 2.3): when DSN support was introduced it broke "agressive" recipient duplicate elimination with "enable_original_recipient = no". File: cleanup/cleanup_out_recipient.c. 20070529 Bugfix (introduced Postfix 2.3): the sendmail/postdrop commands would hang when trying to submit a message larger than the per-message size limit. File: postdrop/postdrop.c. 20070530 Sabotage the saboteur who insists on breaking Postfix by adding gethostbyname() calls that cause maildir delivery to fail when the machine name is not found in /etc/hosts, or that cause Postfix processes to hang when the network is down. 20070531 Portability: Victor helpfully pointed out that change 20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.
Revision 1.111 / (download) - annotate - [select for diffs], Wed May 2 05:02:48 2007 UTC (16 years, 7 months ago) by martti
Branch: MAIN
Changes since 1.110: +4 -4
lines
Diff to previous 1.110 (colored)
Updated mail/postfix to 2.4.1 20070331 Bugfix (introduced Postfix 2.3): segfault with HOLD action in access/header_checks/body_checks on 64-bit platforms. File: cleanup/cleanup_api.c. 20070402 Portability (introduced 20070325): the fix for hardlinks and symlinks in postfix-install forgot to work around shells where "IFS=/ command" makes the IFS setting permanent. This is allowed by some broken standard, and affects Solaris. File: postfix-install. Portability (introduced 20070212): the workaround for non-existent library bugs with descriptors >= FD_SETSIZE broke with "fcntl F_DUPFD: Invalid argument" on 64-bit Solaris. Files: master/multi_server.c, *qmgr/qmgr_transport.c. 20070421 Cleanup: on (Linux) platforms that cripple signal handlers with deadlock, "postfix stop" now forcefully stops all the processes in the master's process group, not just the master process alone. File: conf/postfix-script.
Revision 1.110 / (download) - annotate - [select for diffs], Tue Apr 3 07:27:51 2007 UTC (16 years, 8 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2007Q1-base,
pkgsrc-2007Q1
Changes since 1.109: +7 -7
lines
Diff to previous 1.109 (colored)
Updated mail/postfix to 2.4.0 The footprint of new features with Postfix 2.4.0 is significantly smaller than with earlier releases. And that is the whole point of approaching completeness: fewer visible changes. Below is a brief summary of what has changed. See the RELEASE_NOTES file for more, including compatibility issues that may affect your site. The HISTORY file gives a blow-by-blow account of what happened over the past year. Wietse - Postfix can now manage thousands of connections without needing special main.cf, master.cf, or compile-time tweaks, on systems with BSD kqueue, Solaris /dev/poll, or Linux epoll support. - Milter support for message body replacement. The resulting queue files are backwards compatible with Postfix 2.3. The existing Milter support for message header manipulations was revised and is now implemented by much simpler code. - Minor improvements in TLS session cache management and in the implementation of certificate fingerprint based authentication. A more extensive revision of TLS internals will appear first in Postfix 2.5 snapshots. - Improvements in queue manager performance when deferring large amounts of mail, or when delivering mail with lots of recipients. - Workarounds for SMTP servers that reply and hang up prematurely, for file system clocks that are out of sync, and for broken kernel lock management in POP servers.
Revision 1.109 / (download) - annotate - [select for diffs], Thu Feb 15 06:24:04 2007 UTC (16 years, 9 months ago) by martti
Branch: MAIN
Changes since 1.108: +4 -4
lines
Diff to previous 1.108 (colored)
Updated mail/postfix to 2.3.7 - postmap support for NIS maps was broken with Postfix 2.3. - Workaround to avoid breaking digital signatures for malformed MIME attachments. - Incorrect handling of ![address] forms in match lists. such as mynetworks, inet_interfaces etc.
Revision 1.108 / (download) - annotate - [select for diffs], Wed Dec 13 06:16:56 2006 UTC (17 years ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base,
pkgsrc-2006Q4
Changes since 1.107: +4 -4
lines
Diff to previous 1.107 (colored)
Updated mail/postfix to 2.3.5 - On Redhat Linux, a Postfix daemon could lock up while logging a warning from a signal handler before exiting. This is remedied by a low-cost re-entrancy guard for signal handlers that never return. - Message headers longer than 65535 broke the Milter protocol. To make matters worse the cleanup server could then dereference a null pointer. When Milter support is enabled, the length of each message header is now limited to 60000. - Several fixes to improve worst-case behavior of the (new) queue manager with multi-recipient mail. The queue manager now reads new recipients earlier from the queue file, instead of becoming starved while waiting for the slowest in-memory recipients to complete; and it now reads recipients in smaller chunks to avoid spending too much time not talking to delivery agents. - With remote SMTP server tarpit delays larger than the Postfix SMTP client's smtp_rset_timeout (default: 20s), the client would get out of sync with the server while reusing a connection. The symptoms were "recipient rejected .. in reply to DATA". - On FreeBSD 6.2, some Postfix daemon processes would complain once with "Error 0" after "postfix reload" and then recover. This warning is now logged only when the problem persists.
Revision 1.107 / (download) - annotate - [select for diffs], Tue Nov 7 07:08:26 2006 UTC (17 years, 1 month ago) by martti
Branch: MAIN
Changes since 1.106: +6 -6
lines
Diff to previous 1.106 (colored)
Updated mail/postfix to 2.3.4
Postfix 2.3 Patch 04 fixes minor problems as detailed in the change
history below. The patch as well as complete source code tarballs
were uploaded last week to the mirrors listed at http://www.postfix.org/
20060831
Bugfix (introduced with initial implementation): missing
"dict_errno = 0" caused mis-leading error messages after
non-error lookup failure. Victor Duchovni. File:
util/dict_cidr.c.
Robustness: the default TLS cipher lists were changed from
!foo:ALL into ALL:!foo. Victor Duchovni. Files:
global/mail_params.h and documentation.
20060902
Bugfix (introduced Postfix 2.3): the LMTP client stripped
"inet": from the next-hop destination, but still used the
complete next-hop from the delivery request. File:
smtp/smtp_connect.c.
20060903
Cleanup: record loop detection. File: global/record.c.
20060929
Workaround: AIX 5.[1-3] getaddrinfo() creates socket address
structures with a non-zero port value. This breaks the
smtp_bind_address etc. features, and breaks inet_interfaces
settings with only one IP address. Problem reported by
Hamish Marson. Files: util/sock_addr.[hc], util/myaddrinfo.c.
Bugfix (introduced with the Postfix TLS patch): memory leak
in verify_extract_peer(). The OpenSSL documentation provides
no information on how subjectAltNames are managed. Sam
Rushing, ironport. File: tls/tls_client.c.
Bugfix (introduced with Postfix 2.2): smtp_generic_maps
turned on MIME conversion. File: smtp/smtp_proto.c.
Workaround: don't send SIZE information in the MAIL FROM
command when message content will be subject to 8bit ->
quoted-printable conversion. File: smtp/smtp_proto.c.
20061002
Compatibility: Sendmail now invokes the Milter connect
action with the verified hostname instead of the name
obtained with PTR lookup. File: smtpd/smtpd.c.
20061004
Cleanup: force space between mailq queueid+status and file
size items. File: showq/showq.c.
20061015
Cleanup: convert the Milter {mail_addr} and {rcpt_addr}
macro values to external form. File: smtpd/smtpd_milter.c.
Cleanup: the Milter {mail_addr} and {rcpt_addr} macros are
now available with non-SMTP mail. File: cleanup/cleanup_milter.c.
Cleanup: convert addresses in Milter recipient add/delete
requests to internal form. File: cleanup/cleanup_milter.c.
Cleanup: with non-SMTP mail, convert addresses in simulated
MAIL FROM and RCPT TO events to external form. File:
cleanup/cleanup_milter.c.
20061017
Cleanup: removed spurious warning when the cleanup server
attempts to bounce mail with soft_bounce=yes. Problem
reported by Ralf Hildebrandt. File: cleanup/cleanup_bounce.c.
Bugfix: null pointer bug when receiving a non-protocol
response on a cached SMTP/LMTP connection. Report by Brian
Kantor. Fix by Victor Duchovni. File: smtp/smtp_reuse.c.
Revision 1.106 / (download) - annotate - [select for diffs], Wed Oct 18 09:26:53 2006 UTC (17 years, 1 month ago) by martti
Branch: MAIN
Changes since 1.105: +1 -2
lines
Diff to previous 1.105 (colored)
Remove patch-ab and "rm -f auxiliary/MacOSX/Postfix.StartupItem/Postfix" in post-extract. I exchanges few mails with Wietse and he refused to fix the "==" lines and instructed me to simply remove the offending file. Instead of having a patch for a file which is not used by pkgsrc I think it makes sense to remove it.
Revision 1.105 / (download) - annotate - [select for diffs], Wed Oct 18 05:50:42 2006 UTC (17 years, 1 month ago) by martti
Branch: MAIN
Changes since 1.104: +2 -1
lines
Diff to previous 1.104 (colored)
Fix for test ... == ...
Revision 1.104 / (download) - annotate - [select for diffs], Sat Sep 16 15:29:36 2006 UTC (17 years, 2 months ago) by hira
Branch: MAIN
CVS Tags: pkgsrc-2006Q3-base,
pkgsrc-2006Q3
Changes since 1.103: +2 -2
lines
Diff to previous 1.103 (colored)
Add missing RCS Id.
Revision 1.103 / (download) - annotate - [select for diffs], Thu Aug 31 18:44:50 2006 UTC (17 years, 3 months ago) by martti
Branch: MAIN
Changes since 1.102: +6 -6
lines
Diff to previous 1.102 (colored)
Updated mail/postfix-2.3.3 - File corruption while executing a Milter "header insert" action with headers-only mail (found with dk-filter). Delivery agents would go into an infinite loop because some queue file update had been done in the wrong order. As a precaution, delivery agents now detect such loops, and the queue manager now saves such mail to the "corrupt" directory. - Segmentation fault in the SMTP client while saving a cached connection with unsent data. Postfix indexed some table with -1, because some I/O cleanup had been done in the wrong order. The same problem should exist in Postfix 2.2. - Postfix no longer announces its name in delivery status notifications. All other details of the default bounce text remain unchanged. The reason for this change is that too many people believe that Wietse provides a free helpdesk service that solves all their email problems.
Revision 1.102 / (download) - annotate - [select for diffs], Fri Aug 11 12:34:25 2006 UTC (17 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.101: +3 -2
lines
Diff to previous 1.101 (colored)
Accept NetBSD 4.* as NETBSD4 to compile on NetBSD current. Bump PKGREVISION.
Revision 1.98.2.1 / (download) - annotate - [select for diffs], Tue Aug 1 00:19:03 2006 UTC (17 years, 4 months ago) by salo
Branch: pkgsrc-2006Q2
Changes since 1.98: +4 -4
lines
Diff to previous 1.98 (colored) next main 1.99 (colored)
Pullup ticket 1767 - requested by ghen
bugfix update for postfix
Patch provided by the submitter.
This patch is a back-port of fixes from Postfix 2.3. The main
changes are:
- The PostgreSQL client was updated after major database API changes
in response to PostgreSQL security issues. This breaks support for
PGSQL versions prior to 8.1.4, 8.0.8, 7.4.13, and 7.3.15. Support
for these older releases requires major code changes that will have
to wait until Postfix 2.4.
- The Postfix SMTP client enforced Mandatory TLS only when talking
to an ESMTP server; enforcement did not happen if Postfix could
somehow be forced to send HELO instead of EHLO. This is minor
compared to the DNS spoofing issues that were fixed with Postfix
2.2.10.
Revision 1.101 / (download) - annotate - [select for diffs], Mon Jul 31 04:57:45 2006 UTC (17 years, 4 months ago) by martti
Branch: MAIN
Changes since 1.100: +4 -4
lines
Diff to previous 1.100 (colored)
Updated mail/postfix to 2.3.2 - Corrupted queue file after a request to modify a short message header, when that header was the last one in the message. - Panic after spurious Milter request when a client was rejected with "smtpd_delay_reject = no". - The Milter client is now more tolerant for redundant "data cleanup" requests. This avoids panic() calls for harmless conditions.
Revision 1.100 / (download) - annotate - [select for diffs], Tue Jul 25 05:04:29 2006 UTC (17 years, 4 months ago) by martti
Branch: MAIN
Changes since 1.99: +4 -4
lines
Diff to previous 1.99 (colored)
Updated mail/postfix to 2.3.1 Main changes in TLS support: - The Postfix SMTP client enforced mandatory TLS only when talking to an ESMTP server; enforcement did not happen if Postfix could somehow be forced to send HELO instead of EHLO. This problem also exists in Postfix 2.2, where it is is fixed with Postfix 2.2 patch 11. This is minor compared to the DNS spoofing issues that were fixed with Postfix 2.2.10. - Workaround for an interoperability problem introduced with Postfix 2.3. Some buggy TLS client implementations were unable to deliver mail because the Postfix SMTP server didn't send a TLS session ID. To disable the workaround specify "smtpd_tls_always_issue_session_ids = no"; this allows non-buggy TLS clients to save some space. Main changes in Milter support: - Safety measure. After "postsuper -r", mail is no longer inspected by the Milters specified with the non_smtpd_milters parameter. This measure prevents a bad interaction with external content filters: Milters would receive incorrect SMTP client information, and could be tricked into signing or allowing untrusted messages. This change does not affect Milter applications that run behind an after-queue content filter. The behavior is detailed in the postsuper(1) manual page.
Revision 1.99 / (download) - annotate - [select for diffs], Thu Jul 13 09:57:51 2006 UTC (17 years, 5 months ago) by martti
Branch: MAIN
Changes since 1.98: +6 -7
lines
Diff to previous 1.98 (colored)
Updated mail/postfix to 2.3.0 This is the first version in the 2.3.x series, please see the release notes for full list of changes since 2.2.x before upgrading your current installation.
Revision 1.98 / (download) - annotate - [select for diffs], Tue Jun 27 04:40:50 2006 UTC (17 years, 5 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base
Branch point for: pkgsrc-2006Q2
Changes since 1.97: +2 -1
lines
Diff to previous 1.97 (colored)
Fix default value of smtp_sasl_tls_security_options to use $smtp_sasl_security_options (as documented in postconf(5)) instead of $var_smtp_sasl_opts, which is never defined. This is a bug that exists in the Postfix-2.2.x series but has been fixed in the (current) Postfix-2.3.x series. This fixes PR pkg/29631 by Christoph Badura. Bump the PKGREVISION to 1.
Revision 1.96.2.1 / (download) - annotate - [select for diffs], Sun Apr 9 19:53:03 2006 UTC (17 years, 8 months ago) by salo
Branch: pkgsrc-2006Q1
Changes since 1.96: +4 -4
lines
Diff to previous 1.96 (colored) next main 1.97 (colored)
Pullup ticket 1340 - requested by martti
postfix update
Revisions pulled up:
- pkgsrc/mail/postfix/Makefile 1.179
- pkgsrc/mail/postfix/distinfo 1.97
Module Name: pkgsrc
Committed By: martti
Date: Fri Apr 7 09:08:30 UTC 2006
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.2.10
- "sendmail -t" did not remove the CR from lines ending in CRLF.
- Workaround for fatal errors in PCRE maps when an expression in
() matches empty text (the PCRE library returns an inappropriate
error code).
- Fixes for non-security bugs that Coverity found in code that
handles impossible error conditions.
Revision 1.97 / (download) - annotate - [select for diffs], Fri Apr 7 09:08:29 2006 UTC (17 years, 8 months ago) by martti
Branch: MAIN
Changes since 1.96: +4 -4
lines
Diff to previous 1.96 (colored)
Updated mail/postfix to 2.2.10 - "sendmail -t" did not remove the CR from lines ending in CRLF. - Workaround for fatal errors in PCRE maps when an expression in () matches empty text (the PCRE library returns an inappropriate error code). - Fixes for non-security bugs that Coverity found in code that handles impossible error conditions.
Revision 1.96 / (download) - annotate - [select for diffs], Mon Feb 27 07:10:59 2006 UTC (17 years, 9 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base
Branch point for: pkgsrc-2006Q1
Changes since 1.95: +4 -4
lines
Diff to previous 1.95 (colored)
Fix pkg/32498 - install PREFIX/sbin/qshape Updated postfix to 2.2.9 Most of this patch hardens the TLS implementation against DNS-based attacks, and eliminates some anomalies from the TLS per-site policy engine. See the TLS_README document for tips on how to avoid DNS-based attacks that can change the server hostname that Postfix uses for logging, for TLS per-site policies, and for server certificate verification. The patch also adds a workaround that prevents Postfix from repeatedly trying to deliver mail to domains with a malformed MX record (for example, with a null MX hostname). Postfix 2.2.9 bounces such mail immediately.
Revision 1.94.2.1 / (download) - annotate - [select for diffs], Tue Jan 10 15:55:51 2006 UTC (17 years, 11 months ago) by salo
Branch: pkgsrc-2005Q4
Changes since 1.94: +5 -5
lines
Diff to previous 1.94 (colored) next main 1.95 (colored)
Pullup ticket 1012 - requested by Martti Kuparinen
postfix packages bugfix update
Revisions pulled up:
- pkgsrc/mail/postfix/Makefile 1.175
- pkgsrc/mail/postfix/distinfo 1.95
- pkgsrc/mail/postfix/patches/patch-ai 1.15
- pkgsrc/mail/postfix-current/Makefile 1.55
- pkgsrc/mail/postfix-current/distinfo 1.20
- pkgsrc/mail/postfix-current/options.mk 1.12
Module Name: pkgsrc
Committed By: martti
Date: Tue Jan 10 06:38:15 UTC 2006
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
pkgsrc/mail/postfix/patches: patch-ai
Log Message:
Updated postfix to 2.2.8
Postfix 2.2.8 backs out a workaround for broken servers/firewalls
that created more problems than it solved.
- The Postfix 2.2.6 paranoia about malformed remote server replies
caused "multiple delivery" problems or "no delivery" problems with
broken servers/firewalls. Postfix still logs a warning but no longer
defers delivery.
---
Module Name: pkgsrc
Committed By: martti
Date: Tue Jan 10 06:39:00 UTC 2006
Modified Files:
pkgsrc/mail/postfix-current: Makefile distinfo options.mk
Log Message:
Updated postfix-current to 2.3-20060103
Revision 1.95 / (download) - annotate - [select for diffs], Tue Jan 10 06:38:15 2006 UTC (17 years, 11 months ago) by martti
Branch: MAIN
Changes since 1.94: +5 -5
lines
Diff to previous 1.94 (colored)
Updated postfix to 2.2.8 Postfix 2.2.8 backs out a workaround for broken servers/firewalls that created more problems than it solved. - The Postfix 2.2.6 paranoia about malformed remote server replies caused "multiple delivery" problems or "no delivery" problems with broken servers/firewalls. Postfix still logs a warning but no longer defers delivery.
Revision 1.94 / (download) - annotate - [select for diffs], Thu Dec 1 06:46:40 2005 UTC (18 years ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base
Branch point for: pkgsrc-2005Q4
Changes since 1.93: +4 -6
lines
Diff to previous 1.93 (colored)
Updated mail/postfix to 2.2.6 Postfix 2.2 patch 06 catches up with minor fixes that were fielded earlier in the experimental Postfix 2.3 snapshots.
Revision 1.89.2.2 / (download) - annotate - [select for diffs], Mon Nov 21 23:24:31 2005 UTC (18 years ago) by salo
Branch: pkgsrc-2005Q3
Changes since 1.89.2.1: +1 -2
lines
Diff to previous 1.89.2.1 (colored) to branchpoint 1.89 (colored) next main 1.90 (colored)
Pullup ticket 911 - requested by Martti Kuparinen postfix bugfix Revisions pulled up: - pkgsrc/mail/postfix/Makefile 1.168 - pkgsrc/mail/postfix/distinfo 1.93 - pkgsrc/mail/postfix/patches/patch-ac removed - pkgsrc/mail/postfix-current/Makefile 1.46 - pkgsrc/mail/postfix-current/distinfo 1.18 - pkgsrc/mail/postfix-current/patches/patch-ac removed Module Name: pkgsrc Committed By: martti Date: Wed Nov 16 06:53:14 UTC 2005 Modified Files: pkgsrc/mail/postfix: Makefile distinfo pkgsrc/mail/postfix-current: Makefile distinfo Removed Files: pkgsrc/mail/postfix-current/patches: patch-ac pkgsrc/mail/postfix/patches: patch-ac Log Message: Removed patch-ac as it was no longer needed (and in fact should not be used) according to Wietse Venema. PKGREVISION++
Revision 1.93 / (download) - annotate - [select for diffs], Wed Nov 16 06:53:13 2005 UTC (18 years ago) by martti
Branch: MAIN
Changes since 1.92: +1 -2
lines
Diff to previous 1.92 (colored)
Removed patch-ac as it was no longer needed (and in fact should not be used) according to Wietse Venema. PKGREVISION++
Revision 1.89.2.1 / (download) - annotate - [select for diffs], Tue Nov 15 11:42:44 2005 UTC (18 years ago) by salo
Branch: pkgsrc-2005Q3
Changes since 1.89: +3 -3
lines
Diff to previous 1.89 (colored)
Pullup ticket 905 - requested by Martti Kuparinen
portability fixes for postfix
Revisions pulled up:
- pkgsrc/mail/postfix/distinfo 1.90, 1.91, 1.92
- pkgsrc/mail/postfix/patches/patch-ag 1.17, 1.18
- pkgsrc/mail/postfix/patches/patch-ai 1.14
- pkgsrc/mail/postfix-current/distinfo 1.15, 1.16, 1.17
- pkgsrc/mail/postfix-current/patches/patch-ag 1.10, 1.11
- pkgsrc/mail/postfix-current/patches/patch-ai 1.11
Module Name: pkgsrc
Committed By: joerg
Date: Thu Oct 13 13:06:38 UTC 2005
Modified Files:
pkgsrc/mail/postfix: distinfo
pkgsrc/mail/postfix/patches: patch-ai
Log Message:
Treat DragonFly as FreeBSD 4 to let Postfix build.
---
Module Name: pkgsrc
Committed By: martti
Date: Sat Nov 12 05:19:25 UTC 2005
Modified Files:
pkgsrc/mail/postfix: distinfo
pkgsrc/mail/postfix/patches: patch-ag
Log Message:
Make this compile on NetBSD 2.1. Does not affect other versions so no
version bump. Fixes pkg/31952.
---
Module Name: pkgsrc
Committed By: martti
Date: Sat Nov 12 05:23:18 UTC 2005
Modified Files:
pkgsrc/mail/postfix-current: distinfo
pkgsrc/mail/postfix-current/patches: patch-ag
Log Message:
Make this compile on NetBSD 2.1. Does not affect other versions so no
version bump. Fixes same problem as pkg/31952.
---
Module Name: pkgsrc
Committed By: martti
Date: Sun Nov 13 10:37:10 UTC 2005
Modified Files:
pkgsrc/mail/postfix: distinfo
pkgsrc/mail/postfix-current: distinfo
pkgsrc/mail/postfix-current/patches: patch-ag
pkgsrc/mail/postfix/patches: patch-ag
Log Message:
Regenerate the patches not to add NetBSD stuff inside Mac OS X section.
---
Module Name: pkgsrc
Committed By: martti
Date: Tue Nov 15 10:43:20 UTC 2005
Modified Files:
pkgsrc/mail/postfix-current: distinfo
pkgsrc/mail/postfix-current/patches: patch-ai
Log Message:
Treat DragonFly as FreeBSD 4 to let Postfix build.
Revision 1.92 / (download) - annotate - [select for diffs], Sun Nov 13 10:37:09 2005 UTC (18 years, 1 month ago) by martti
Branch: MAIN
Changes since 1.91: +2 -2
lines
Diff to previous 1.91 (colored)
Regenerate the patches not to add NetBSD stuff inside Mac OS X section.
Revision 1.91 / (download) - annotate - [select for diffs], Sat Nov 12 05:19:24 2005 UTC (18 years, 1 month ago) by martti
Branch: MAIN
Changes since 1.90: +2 -2
lines
Diff to previous 1.90 (colored)
Make this compile on NetBSD 2.1. Does not affect other versions so no version bump. Fixes pkg/31952.
Revision 1.90 / (download) - annotate - [select for diffs], Thu Oct 13 13:06:38 2005 UTC (18 years, 2 months ago) by joerg
Branch: MAIN
Changes since 1.89: +2 -2
lines
Diff to previous 1.89 (colored)
Treat DragonFly as FreeBSD 4 to let Postfix build.
Revision 1.89 / (download) - annotate - [select for diffs], Tue Sep 6 08:10:58 2005 UTC (18 years, 3 months ago) by abs
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base
Branch point for: pkgsrc-2005Q3
Changes since 1.88: +2 -2
lines
Diff to previous 1.88 (colored)
Fix NetBSD statvfs check to be >= 299000900 not >= 200040000 No pkgrevision bumps needed.
Revision 1.88 / (download) - annotate - [select for diffs], Fri Jul 22 06:12:44 2005 UTC (18 years, 4 months ago) by martti
Branch: MAIN
Changes since 1.87: +4 -4
lines
Diff to previous 1.87 (colored)
Updated postfix to 2.2.5 Postfix 2.2.5 addresses some portability problems with LP64 platforms that broke SMTP connection caching, and makes SMTP connection caching more failure tolerant. These fixes are back-ported from the experimental (2.3) release series. The connection caching protocol has changed, so you will need to "postfix reload" after upgrading.
Revision 1.87 / (download) - annotate - [select for diffs], Thu Jun 23 07:58:48 2005 UTC (18 years, 5 months ago) by martti
Branch: MAIN
Changes since 1.86: +4 -4
lines
Diff to previous 1.86 (colored)
Updated postfix to 2.2.4
20050517
Bugfix: in a DSN report, the original recipient should not
be xtext encoded. File: bounce/bounce_notify_util.c.
20050523
Bugfix: mymalloc() panic with mistyped server host list.
File: global/dict_pgsql.c.
20040530
Bugfix: TLS MUST_NOPEERMATCH didn't work (inherited from
TLS patch), and a dangling pointer in the corresponding
error handling. File: smtp/smtp_proto.c.
20050615
Cleanup: the SMTP client now sends QUIT when the initial
HELO handshake fails. it still doesn't send QUIT when the
server greets with a [45]XX code, as that is handled in the
connection management code before a session context exists.
File: smtp/smtp_connect.c.
20050616
Bugfix: missing or mis-placed va_end() macros, found in
Postfix 2.3 code review. Files: util/netstring.c,
util/myaddrinfo.c, util/attr_clnt.c, util/vstream.c.
20050621
Portability: file descriptor passing is available for Tru64
UNIX, but AIX4 and IRIX6 will have to do without. This means
no SMTP connection caching for those platforms. Albert
Chin. File: util/sys_defs.h.
Revision 1.86 / (download) - annotate - [select for diffs], Wed May 4 05:20:40 2005 UTC (18 years, 7 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base,
pkgsrc-2005Q2
Changes since 1.85: +4 -4
lines
Diff to previous 1.85 (colored)
Updated postfix to 2.2.3 - SASL inter-operability problem causing Sendmail servers to hang up on Postfix. - Panic when a fall-back relay could not be used for a variety of reasons.
Revision 1.85 / (download) - annotate - [select for diffs], Mon Apr 4 18:13:32 2005 UTC (18 years, 8 months ago) by martti
Branch: MAIN
Changes since 1.84: +6 -6
lines
Diff to previous 1.84 (colored)
Updated postfix to 2.2.2 - A more usable REPLACE action in header/body_checks. The old version produced unexpected results. - Portability to HP-UX. - Two harmless defects in the SMTP and LMTP clients that go back to before the first Postfix release, and that were found while doing code maintenance on the experimental release.
Revision 1.82.2.1 / (download) - annotate - [select for diffs], Mon Apr 4 08:14:31 2005 UTC (18 years, 8 months ago) by salo
Branch: pkgsrc-2005Q1
Changes since 1.82: +2 -2
lines
Diff to previous 1.82 (colored) next main 1.83 (colored)
Pullup ticket 420 - requested by Takahiro Kambe build fix for postfix Revisions pulled up: - pkgsrc/mail/postfix/distinfo 1.84 - pkgsrc/mail/postfix/patches/patch-ai 1.13 Module Name: pkgsrc Committed By: xtraeme Date: Tue Mar 22 18:09:33 UTC 2005 Modified Files: pkgsrc/mail/postfix: distinfo pkgsrc/mail/postfix/patches: patch-ai Log Message: NetBSD-3.x support.
Revision 1.84 / (download) - annotate - [select for diffs], Tue Mar 22 18:09:33 2005 UTC (18 years, 8 months ago) by xtraeme
Branch: MAIN
Changes since 1.83: +2 -2
lines
Diff to previous 1.83 (colored)
NetBSD-3.x support.
Revision 1.83 / (download) - annotate - [select for diffs], Tue Mar 22 10:43:50 2005 UTC (18 years, 8 months ago) by cjs
Branch: MAIN
Changes since 1.82: +5 -13
lines
Diff to previous 1.82 (colored)
Postfix 2.2.1 import. New features since 2.1.x: - built-in IPv6 and TLS (we no longer use patches--beware config changes!) - more sophisticated LDAP/MySQL/PostgreSQL support, with freeform queries - SMTP client-side connection reuse - by default, no longer rewrite message headers in mail from remote clients - can use your ISP account name for mail destined outside your machine - can selectively turn off ESMTP features in client or server - remote SMTP client resource control (the anvil server) - support for CDB, SDBM and NIS+ databases is now built into Postfix - new SMTP access control features - and more Caution: - You MUST stop 2.1.x and earlier versions before upgrading. - Use the postfix upgrade program to upgrade your main.cf/master.cf.
Revision 1.82 / (download) - annotate - [select for diffs], Thu Feb 24 09:59:26 2005 UTC (18 years, 9 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base
Branch point for: pkgsrc-2005Q1
Changes since 1.81: +4 -1
lines
Diff to previous 1.81 (colored)
Add RMD160 digests.
Revision 1.81 / (download) - annotate - [select for diffs], Wed Feb 9 06:55:10 2005 UTC (18 years, 10 months ago) by martti
Branch: MAIN
Changes since 1.80: +3 -3
lines
Diff to previous 1.80 (colored)
Updated postfix to 2.1.5nb5 * New IPv6 patch
Revision 1.78.2.1 / (download) - annotate - [select for diffs], Thu Jan 27 05:14:48 2005 UTC (18 years, 10 months ago) by snj
Branch: pkgsrc-2004Q4
Changes since 1.78: +1 -2
lines
Diff to previous 1.78 (colored) next main 1.79 (colored)
Pullup ticket 241 - requested by Kimmo Suominen
build fix for postfix
Revisions pulled up:
- pkgsrc/mail/postfix/distinfo 1.80
- pkgsrc/mail/postfix/options.mk 1.14
- pkgsrc/mail/postfix/files/patch-inet6-ni_withscopeid 1.1
- pkgsrc/mail/postfix/patches/patch-aj removed
Module Name: pkgsrc
Committed By: kim
Date: Tue Dec 28 16:13:28 UTC 2004
Modified Files:
pkgsrc/mail/postfix: distinfo options.mk
Added Files:
pkgsrc/mail/postfix/files: patch-inet6-ni_withscopeid
Removed Files:
pkgsrc/mail/postfix/patches: patch-aj
Log Message:
Apply NI_WITHSCOPEID patch only if the inet6 option is enabled.
Closes PR pkg/28756
Revision 1.80 / (download) - annotate - [select for diffs], Tue Dec 28 16:13:28 2004 UTC (18 years, 11 months ago) by kim
Branch: MAIN
Changes since 1.79: +1 -2
lines
Diff to previous 1.79 (colored)
Apply NI_WITHSCOPEID patch only if the inet6 option is enabled. Closes PR pkg/28756
Revision 1.79 / (download) - annotate - [select for diffs], Thu Dec 23 13:51:27 2004 UTC (18 years, 11 months ago) by kim
Branch: MAIN
Changes since 1.78: +2 -1
lines
Diff to previous 1.78 (colored)
Fix "postfix/smtp killed by signal 11" problem.
Revision 1.78 / (download) - annotate - [select for diffs], Fri Dec 17 19:36:01 2004 UTC (18 years, 11 months ago) by kim
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base
Branch point for: pkgsrc-2004Q4
Changes since 1.77: +2 -1
lines
Diff to previous 1.77 (colored)
Make this compile on -current without NI_WITHSCOPEID Closes PR pkg/28686
Revision 1.77 / (download) - annotate - [select for diffs], Tue Nov 30 20:54:38 2004 UTC (19 years ago) by jlam
Branch: MAIN
Changes since 1.76: +2 -2
lines
Diff to previous 1.76 (colored)
Use bdb.buildlink3.mk to get the DB library to use for the "hash" map type. All platforms now support the "hash" map type as a result. Remove the explicit dependencies on db4 and db2 on non-Linux and Linux, respectively. Bump the PKGREVISION.
Revision 1.76 / (download) - annotate - [select for diffs], Thu Sep 23 16:10:07 2004 UTC (19 years, 2 months ago) by martti
Branch: MAIN
Changes since 1.75: +6 -6
lines
Diff to previous 1.75 (colored)
Updated postfix to 2.1.5 - The code to eliminate the local MTA from an MX address list did not handle the case that the local MTA could appear with different MX preferences in both inet_interfaces and proxy_interfaces. - The SMTP server's kiss-of-death message "421 Timeout exceeded" wasn't guarded by setjmp(). - The SMTP server didn't update the per-session error counter when a client was denied access with smtpd_delay_reject=no. - The Postfix sendmail command leaked file descriptors when it was unable to execute the postdrop mail submission command. - The bounce daemon sent the wrong type of bounce message when a - Plus some portability, safety and documentation fixes.
Revision 1.75 / (download) - annotate - [select for diffs], Wed Aug 11 06:51:31 2004 UTC (19 years, 4 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base,
pkgsrc-2004Q3
Changes since 1.74: +1 -2
lines
Diff to previous 1.74 (colored)
This patch can only apply cleanly if "inet6" is a build option. Move it to a file that's applied at post-patch time only if "inet6" is specified. This fixes building postfix on systems that don't support IPv6.
Revision 1.74 / (download) - annotate - [select for diffs], Tue Aug 10 16:49:47 2004 UTC (19 years, 4 months ago) by schmonz
Branch: MAIN
Changes since 1.73: +4 -2
lines
Diff to previous 1.73 (colored)
Define RESOLVE_H_NEEDS_NAMESER8_COMPAT_H for Mac OS X, and include <nameser8_compat.h> before <resolv.h> if it's defined. Along with Johnny's recent buildlink3 fixes, this fixes the build for me on Mac OS X Server 10.3.4. Should address pkg/26584.
Revision 1.73 / (download) - annotate - [select for diffs], Sat Aug 7 16:56:53 2004 UTC (19 years, 4 months ago) by jlam
Branch: MAIN
Changes since 1.72: +3 -1
lines
Diff to previous 1.72 (colored)
Support building STARTTLS support into Postfix without IPv6.
Revision 1.72 / (download) - annotate - [select for diffs], Sat Aug 7 07:58:32 2004 UTC (19 years, 4 months ago) by jlam
Branch: MAIN
Changes since 1.71: +1 -6
lines
Diff to previous 1.71 (colored)
Reduce the number of patches needed by Postfix by using the subst framework and also by explicitly specifying more default values for Postfix parameters. Also pass -I/usr/pkg/include/sasl to the compiler when building using Cyrus SASLv2, which allows me to remove the patches that added an unnecessary USE_SASL2_AUTH check.
Revision 1.71 / (download) - annotate - [select for diffs], Wed Aug 4 20:49:43 2004 UTC (19 years, 4 months ago) by jlam
Branch: MAIN
Changes since 1.70: +3 -3
lines
Diff to previous 1.70 (colored)
Use the TLS+IPv6 patch that corresponds to Postfix-2.1.4.
Revision 1.70 / (download) - annotate - [select for diffs], Thu Jul 29 10:15:39 2004 UTC (19 years, 4 months ago) by martti
Branch: MAIN
Changes since 1.69: +5 -5
lines
Diff to previous 1.69 (colored)
Updated postfix to 2.1.4 * Bug fixes
Revision 1.69 / (download) - annotate - [select for diffs], Mon Jul 19 22:04:40 2004 UTC (19 years, 4 months ago) by jlam
Branch: MAIN
Changes since 1.68: +2 -2
lines
Diff to previous 1.68 (colored)
Install more of the example configuration files into installed examples directory. Back out modification to postfix-install that was ignoring our setting for config_directory.
Revision 1.68 / (download) - annotate - [select for diffs], Sun Jul 18 19:16:31 2004 UTC (19 years, 4 months ago) by jlam
Branch: MAIN
Changes since 1.67: +3 -3
lines
Diff to previous 1.67 (colored)
Use FILES_SUBST_SED instead of local make targets to do the same thing. FILES_SUBST_SED substitutes for @FOO@, so use that format for things to be replaced.
Revision 1.65.2.1 / (download) - annotate - [select for diffs], Thu Jul 8 08:33:49 2004 UTC (19 years, 5 months ago) by agc
Branch: pkgsrc-2004Q2
Changes since 1.65: +12 -17
lines
Diff to previous 1.65 (colored) next main 1.66 (colored)
Pullup ticket 47 to the pkgsrc-2004Q2 branch, requested by Martti Kuparinen. Update postfix to 2.1.3. Module Name: pkgsrc Committed By: martti Date: Mon Jun 21 16:13:24 UTC 2004 Modified Files: pkgsrc/mail/postfix: Makefile PLIST PLIST.tls distinfo pkgsrc/mail/postfix/patches: patch-aa patch-ae patch-af patch-ag patch-ai Removed Files: pkgsrc/mail/postfix/patches: patch-ad patch-ba patch-bb patch-bc patch-bd Log Message: Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
Revision 1.67 / (download) - annotate - [select for diffs], Tue Jun 22 05:12:44 2004 UTC (19 years, 5 months ago) by martti
Branch: MAIN
Changes since 1.66: +3 -3
lines
Diff to previous 1.66 (colored)
New IPv6 patch * Bugfix: Misplaced myfree() caused a small memory leak. * Removed the colon (:) from the characters XFORWARD replaces by a question mark (IPv6 addresses looked like 2001?610?1108?5010?1 in logging).
Revision 1.66 / (download) - annotate - [select for diffs], Mon Jun 21 16:13:23 2004 UTC (19 years, 5 months ago) by martti
Branch: MAIN
Changes since 1.65: +12 -17
lines
Diff to previous 1.65 (colored)
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
Revision 1.65 / (download) - annotate - [select for diffs], Sun Jun 6 01:12:52 2004 UTC (19 years, 6 months ago) by grant
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base
Branch point for: pkgsrc-2004Q2
Changes since 1.64: +3 -3
lines
Diff to previous 1.64 (colored)
correct checksum for postfix-pg.postfix-2.0.0.2.patch
Revision 1.64 / (download) - annotate - [select for diffs], Fri May 21 08:10:41 2004 UTC (19 years, 6 months ago) by martti
Branch: MAIN
Changes since 1.63: +3 -3
lines
Diff to previous 1.63 (colored)
Use the latest IPv6 patch
Revision 1.63 / (download) - annotate - [select for diffs], Wed May 5 06:55:28 2004 UTC (19 years, 7 months ago) by martti
Branch: MAIN
Changes since 1.62: +5 -5
lines
Diff to previous 1.62 (colored)
Updated postfix to 2.0.20 - The postdrop mail submission command could die with SIGHUP and abort mail submission. This was observed with mail from cron jobs. - The MySQL client aborted with complaints about multiple attempts to register the same lookup table. This was observed in the proxymap daemon. - As a workaround for agressive SMTP command pipelining clients, the Postfix SMTP server now allows SMTP clients to overshoot the SMTP server recipient limit without triggering the server hard error limit, as long as the number of excess recipients stays within a hard-coded overshoot limit of 1000. If you have such clients then you also need to specify "smtpd_error_sleep_time = 0" or else performance will be poor. - The LMTP client attempted to reuse a connection after timeout, causing protocol synchronization errors. - The trivial-rewrite server could core dump after temporary table lookup failure. This was not observed in Postfix 2.0.
Revision 1.62 / (download) - annotate - [select for diffs], Tue May 4 19:59:06 2004 UTC (19 years, 7 months ago) by minskim
Branch: MAIN
Changes since 1.61: +2 -1
lines
Diff to previous 1.61 (colored)
statvfs fix for postfix and postfix-current on NetBSD-current>=2.0D. Patch provided by John R. Shannon in PR pkg/25430.
Revision 1.61 / (download) - annotate - [select for diffs], Wed Apr 14 12:55:20 2004 UTC (19 years, 8 months ago) by minskim
Branch: MAIN
Changes since 1.60: +2 -2
lines
Diff to previous 1.60 (colored)
Remove hardcoded "-ldb" from makedefs, because pkgsrc provides a correct option. This fixes PR pkg/25176.
Revision 1.60 / (download) - annotate - [select for diffs], Sun Apr 11 02:23:46 2004 UTC (19 years, 8 months ago) by kim
Branch: MAIN
Changes since 1.59: +2 -2
lines
Diff to previous 1.59 (colored)
Make this compile on 2.x as well (as NETBSD1).
Revision 1.59 / (download) - annotate - [select for diffs], Thu Mar 25 12:58:37 2004 UTC (19 years, 8 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2004Q1-base,
pkgsrc-2004Q1
Changes since 1.58: +3 -3
lines
Diff to previous 1.58 (colored)
New IPv6 patch
Revision 1.58 / (download) - annotate - [select for diffs], Wed Mar 17 19:29:29 2004 UTC (19 years, 8 months ago) by martti
Branch: MAIN
Changes since 1.57: +3 -3
lines
Diff to previous 1.57 (colored)
New IPv6 patch.
Revision 1.57 / (download) - annotate - [select for diffs], Sun Mar 14 07:30:14 2004 UTC (19 years, 9 months ago) by martti
Branch: MAIN
Changes since 1.56: +3 -3
lines
Diff to previous 1.56 (colored)
Updated postfix to 2.0.19 - When mail is submitted at a high rate with the Postfix sendmail command, the pickup daemon is keps busy long enough that it it terminated by the watchdog timer (a feature that prevents Postfix from locking up permanently). - Malformed addresses in SMTP commands could result in table looks with zero-length search strings, causing trouble with NIS lookups.
Revision 1.56 / (download) - annotate - [select for diffs], Sat Mar 6 06:47:41 2004 UTC (19 years, 9 months ago) by grant
Branch: MAIN
Changes since 1.55: +5 -1
lines
Diff to previous 1.55 (colored)
ressurect external patch checksums lost in last commit.
Revision 1.55 / (download) - annotate - [select for diffs], Fri Mar 5 22:59:32 2004 UTC (19 years, 9 months ago) by grant
Branch: MAIN
Changes since 1.54: +6 -7
lines
Diff to previous 1.54 (colored)
don't patch the same file twice, don't patch multiple files in a single patch.
Revision 1.54 / (download) - annotate - [select for diffs], Mon Feb 16 09:31:06 2004 UTC (19 years, 9 months ago) by martti
Branch: MAIN
Changes since 1.53: +3 -1
lines
Diff to previous 1.53 (colored)
Added optional postgresql support
Revision 1.53 / (download) - annotate - [select for diffs], Wed Jan 28 16:03:03 2004 UTC (19 years, 10 months ago) by martti
Branch: MAIN
Changes since 1.52: +3 -3
lines
Diff to previous 1.52 (colored)
New IPv6 patch
Revision 1.52 / (download) - annotate - [select for diffs], Fri Jan 23 12:03:44 2004 UTC (19 years, 10 months ago) by martti
Branch: MAIN
Changes since 1.51: +2 -1
lines
Diff to previous 1.51 (colored)
Make this work on Linux.
Revision 1.51 / (download) - annotate - [select for diffs], Fri Jan 23 06:25:26 2004 UTC (19 years, 10 months ago) by martti
Branch: MAIN
Changes since 1.50: +3 -3
lines
Diff to previous 1.50 (colored)
Updated postfix to 2.0.18
- A change in the line reading routines caused unexpected results
with lines ending in EOF. This change is undone.
- A portability problem with the test command ("test -e" is not
supported on older systems, while "test -f" does the job).
Revision 1.50 / (download) - annotate - [select for diffs], Wed Jan 21 06:56:48 2004 UTC (19 years, 10 months ago) by martti
Branch: MAIN
Changes since 1.49: +8 -6
lines
Diff to previous 1.49 (colored)
Updated postfix to 2.0.17 - Portability to MacOSX: Bind8 compatibility, core dumps in mailq and postdrop, and changes in netinfo support. - Elimination of some DNS lookup problems in third-party library routines (typically resulting in localhost not being found). - More agressive delivery to sites that defer a lot of mail. - Correction of a few obscure error messages. - Several small documentation fixes. - Minor fixes for robustness problems that no-one has experienced.
Revision 1.49 / (download) - annotate - [select for diffs], Tue Jan 20 19:37:45 2004 UTC (19 years, 10 months ago) by martin
Branch: MAIN
Changes since 1.48: +3 -3
lines
Diff to previous 1.48 (colored)
Apply the SASL2 cure to smtp and lmtp to. This makes outgoing authenticated mail work.
Revision 1.48 / (download) - annotate - [select for diffs], Fri Oct 3 15:04:52 2003 UTC (20 years, 2 months ago) by christos
Branch: MAIN
CVS Tags: pkgsrc-2003Q4-base,
pkgsrc-2003Q4
Changes since 1.47: +2 -1
lines
Diff to previous 1.47 (colored)
enable use of sasl2
Revision 1.47 / (download) - annotate - [select for diffs], Thu Oct 2 10:39:12 2003 UTC (20 years, 2 months ago) by martti
Branch: MAIN
Changes since 1.46: +5 -5
lines
Diff to previous 1.46 (colored)
Updated postfix to 2.0.16 * bug fixes * new IPv6 patch
Revision 1.46 / (download) - annotate - [select for diffs], Mon Sep 1 10:42:33 2003 UTC (20 years, 3 months ago) by martti
Branch: MAIN
Changes since 1.45: +5 -5
lines
Diff to previous 1.45 (colored)
Updated postfix to 2.0.14 * Produce a warning when host:port specifies a badly formatted numerical port. * New IPv6 patch.
Revision 1.45 / (download) - annotate - [select for diffs], Wed Jul 2 16:42:08 2003 UTC (20 years, 5 months ago) by martti
Branch: MAIN
Changes since 1.44: +5 -5
lines
Diff to previous 1.44 (colored)
Updated postfix to 2.0.13 - After "postfix reload", the master daemon now warns when the inet_interfaces parameter setting has changed, and ignores the change, instead of passing incorrect information to the smtp server. - After the postdrop command change with Postfix 2.0.11, the postcat command no longer recognized "maildrop" queue files as valid. - Mail could bounce when two messages were delivered simultaneously to a non-existent mailbox file. The safe_open() code that prevents race condition exploits will now try a little harder when it actually encounters a race condition. - Updated the IPv6 patch.
Revision 1.44 / (download) - annotate - [select for diffs], Mon Jun 16 08:29:22 2003 UTC (20 years, 6 months ago) by martti
Branch: MAIN
Changes since 1.43: +5 -5
lines
Diff to previous 1.43 (colored)
Updated postfix to 2.0.12 - Stricter smtpd input checks rejected invalid addresses starting with @. - Stricter postdrop input checks broke "sendmail -bs". - New "postcat -q" (search the queue for the named file) support from snapshot release because I can no longer see people suffer. - Allow <@site,@site:address> route addresses in SMTP commands. This address form was deprecated years ago. - "sendmail -q<time>" without -bd option now exits immediately, instead of waiting for input and screwing up system boot sequences. - The Postfix LMTP client used the wrong service name, causing trouble with SASL 2.1.13. - Turned off non-blocking write to pipe because too many systems gave an unexpected write() result, causing partial delivery of messages to commands like procmail.
Revision 1.43 / (download) - annotate - [select for diffs], Sun May 25 05:31:09 2003 UTC (20 years, 6 months ago) by taca
Branch: MAIN
Changes since 1.42: +5 -5
lines
Diff to previous 1.42 (colored)
Update postfix to 2.0.10. - Ugly but harmless warnings from nqmgr after "postsuper -r" to requeue files that already had some recipients delivered. - The proxy_read_maps parameter did not recognize "," as separator. - The local delibery agent now defers delivery after .forward etc. file read error. - The message_size_limit was applied when running "newaliases", so that the result alias database could be truncated on systems with very small message size limits. The official release changes for bugfixes and portability issues only.
Revision 1.42 / (download) - annotate - [select for diffs], Wed May 21 09:24:01 2003 UTC (20 years, 6 months ago) by martti
Branch: MAIN
Changes since 1.41: +3 -1
lines
Diff to previous 1.41 (colored)
Updated the IPv6 patch. IPv6 support is activated by setting POSTFIX_USE_INET6=YES in /etc/mk.conf before building this package.
Revision 1.41 / (download) - annotate - [select for diffs], Thu May 1 14:07:57 2003 UTC (20 years, 7 months ago) by jmmv
Branch: MAIN
Changes since 1.40: +3 -3
lines
Diff to previous 1.40 (colored)
- Move all "share" files to share/examples/postfix; all of them are used as samples, either by the user or by bsd.pkg.install.mk. - Correctly handle configuration files, that is, avoid touching the conf directory directly. - Use OWN_DIRS to handle the spool directory. - Run post-install through an INSTALL script. - Sort PLIST after all these changes. - Bump PKGREVISION to 1.
Revision 1.40 / (download) - annotate - [select for diffs], Mon Apr 21 06:25:50 2003 UTC (20 years, 7 months ago) by martti
Branch: MAIN
Changes since 1.39: +3 -3
lines
Diff to previous 1.39 (colored)
Updated postfix to 2.0.9 - The SMTP client did not deliver a partial last line when someone submitted 8BITMIME mail not ending in newline via /usr/sbin/sendmail while MIME input processing was turned off, and MIME 8bit->7bit conversion was requested upon delivery.
Revision 1.39 / (download) - annotate - [select for diffs], Thu Apr 17 06:22:18 2003 UTC (20 years, 8 months ago) by martti
Branch: MAIN
Changes since 1.38: +6 -8
lines
Diff to previous 1.38 (colored)
Updated postfix to 2.0.8 - Postfix processes now abort when given a net/mask pattern with a non-zero host portion (for example, 168.100.189.2/28), instead of risking to become an open mail relay. - Workaround for file system clock drift that caused Postfix to ignore new mail (this could happen with queue file systems mounted from a server).
Revision 1.38 / (download) - annotate - [select for diffs], Fri Mar 21 05:21:24 2003 UTC (20 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.37: +4 -4
lines
Diff to previous 1.37 (colored)
Update ipv6+tls patch in comment (and distinfo).
Revision 1.37 / (download) - annotate - [select for diffs], Thu Mar 20 22:23:21 2003 UTC (20 years, 8 months ago) by christos
Branch: MAIN
Changes since 1.36: +4 -3
lines
Diff to previous 1.36 (colored)
- upgrade to 2.0.7 - add kim's recipient canonicalization patch. NOTE: TLS was disabled and is still disabled in this version.
Revision 1.36 / (download) - annotate - [select for diffs], Fri Mar 7 03:08:34 2003 UTC (20 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.35: +3 -1
lines
Diff to previous 1.35 (colored)
Update tls+ipv6 patch in comment. Is it still need commented out? (Though I can't test completely either...)
Revision 1.35 / (download) - annotate - [select for diffs], Thu Mar 6 06:24:58 2003 UTC (20 years, 9 months ago) by martti
Branch: MAIN
Changes since 1.34: +3 -5
lines
Diff to previous 1.34 (colored)
Updated postfix to 2.0.6 Postfix 2.0 patchlevel 6 intends to protect vulnerable Sendmail systems against exploitation of a remote buffer overflow problem that is described in CERT advisory CA-2003-07. - Postfix now truncates non-address information in message address headers (comments, etc.) to 250 characters per address. This should rarely present a problem. Reportedly, junk mail from poorly written software can trigger the protection, but that is no great loss. - Some little fixes to documentation.
Revision 1.34 / (download) - annotate - [select for diffs], Tue Mar 4 07:11:41 2003 UTC (20 years, 9 months ago) by martti
Branch: MAIN
Changes since 1.33: +5 -5
lines
Diff to previous 1.33 (colored)
Updated postfix to 2.0.5 - The SMTP server's hard and soft error limits were off by one. With "smtpd_hard_error_limit = 1", Postfix will now disconnect after the first error, instead of the second one. - The proxymap server could deadlock when the mydestination parameter setting included a proxymapped lookup table. - Some little fixes to documentation.
Revision 1.33 / (download) - annotate - [select for diffs], Sun Feb 23 13:18:26 2003 UTC (20 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.32: +3 -3
lines
Diff to previous 1.32 (colored)
Use correct tls+ipv6 patch (still in comment). Previous was for different postfix snapshot.
Revision 1.32 / (download) - annotate - [select for diffs], Sun Feb 23 04:31:26 2003 UTC (20 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.31: +3 -1
lines
Diff to previous 1.31 (colored)
Make tls+ipv6 patch up to date. NOT tested at all and still commented out.
Revision 1.31 / (download) - annotate - [select for diffs], Fri Feb 21 11:49:56 2003 UTC (20 years, 9 months ago) by martti
Branch: MAIN
Changes since 1.30: +4 -6
lines
Diff to previous 1.30 (colored)
Updated postfix to 2.0.4 - The format of maildir filenames is synchronized with the present version of the maildir definition document. This format was already adopted by the 20030126 snapshot release. - The time limit on delivery to external commands was not enforced. This was broken probably some time before the first public Postfix release. - Duplicate elimination after virtual alias expansion works again. This was broken with the introduction of the original recipient attribute. - The local pickup daemon dropped incomplete records from local submissions. This was broken somewhere in the middle of 2002.
Revision 1.30 / (download) - annotate - [select for diffs], Fri Jan 31 23:53:05 2003 UTC (20 years, 10 months ago) by lukem
Branch: MAIN
CVS Tags: netbsd-1-6-1-base,
netbsd-1-6-1
Changes since 1.29: +2 -3
lines
Diff to previous 1.29 (colored)
+ Use PKG_SYSCONFDIR (/usr/pkg/etc/postfix) instead of /etc/postfix for
configuration.
+ Document how to use /etc/rc.conf.d/postfix on NetBSD 1.5 and newer
to start /usr/pkg/sbin/postfix instead of /usr/sbin/postfix
+ Ensure that the postfix user and the postfix & maildrop groups exist.
Adds Darwin support, and prevents a working NetBSD postfix setup from being
broken on a "make install" of this package because the package used to
change /etc/postfix/{post-install,postfix-files,postfix-script}.
These changes are mostly from Amitai Schlair <schmonz@netbsd.org>,
with some tweaks by me. (Thanks Amitai!)
Revision 1.29 / (download) - annotate - [select for diffs], Sun Jan 26 13:20:08 2003 UTC (20 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.28: +3 -1
lines
Diff to previous 1.28 (colored)
- Use the latest IPv6+TLS patch (tls+ipv6-1.12-pf-2.0.3), and include it in distinfo. (still commented out.) - Comment out POSTFIX_USE_TLS part in Makefile since the patch is out of date now.
Revision 1.28 / (download) - annotate - [select for diffs], Sat Jan 25 07:22:19 2003 UTC (20 years, 10 months ago) by martti
Branch: MAIN
Changes since 1.27: +4 -4
lines
Diff to previous 1.27 (colored)
Updated postfix to 2.0.3 - Postfix 2.0 broke relocated table lookup results with mail not rejected at the SMTP port, causing "User has moved to" text to be deleted. - A widely used maildir filename generating algorithm was broken. This affects all Postfix versions with maildir support. Instead of TIME.PID_COUNT.HOST Postfix now uses TIME.DEVICE_INODE.HOST. - Postfix 2.0 gave incorrect FILTER_README instructions for sites that wish to disable virtual alias mapping before the content filter.
Revision 1.27 / (download) - annotate - [select for diffs], Wed Jan 15 17:15:04 2003 UTC (20 years, 11 months ago) by martti
Branch: MAIN
Changes since 1.26: +5 -6
lines
Diff to previous 1.26 (colored)
Updated postfix to 2.0.2 - Added MAILER-DAEMON to the list of always recognized local addresses, since it is generated by Postfix bounces. - Bugfix: transport_errno was not reset upon successful transport map wildcard lookup after an earlier failure. - Cleanup: unnecessary warnings from the proxymap client after proxymap server disconnect. - Cleanup: Patrik Rak found a few more chattr invocations that were missed 20021209. Files: postfix-install, conf/post-install. - Cleanup: the pcre-config command can produce null outputs. - Bugfix: the virtual(8) Makefile included $(AUXLIBS) in the dependencies. - Bugfix: fixed in the snapshots 20030105 but missed in the stable release. "sendmail -bs" tried to access the proxymap service. It should not try to open any user/domain/uce related tables at all.
Revision 1.26 / (download) - annotate - [select for diffs], Mon Jan 6 09:15:49 2003 UTC (20 years, 11 months ago) by martti
Branch: MAIN
Changes since 1.25: +7 -11
lines
Diff to previous 1.25 (colored)
Updated postfix to 2.0.0.2 IMPORTANT: read the documents in /usr/pkg/share/doc/postfix/ before upgrading from Postfix 1.1. Hightlights: - MIME support (including 8bit->7bit conversion and more accurate matching of MIME headers in message bodies) - completely rewritten RBL client code - smarter handling of DNS lookup errors in UCE restrictions - virtual delivery agent without transport map for every domain - a long list of other things that are meant to improve performance or functionality without compromising what already existed.
Revision 1.25 / (download) - annotate - [select for diffs], Sun Nov 24 16:37:56 2002 UTC (21 years ago) by martti
Branch: MAIN
Changes since 1.24: +3 -3
lines
Diff to previous 1.24 (colored)
Updated postfix to 1.1.12 - The garbage in "user@garbage"@domain address forms may cause the SMTP or LMTP client to terminate with a fatal error exit because garbage/tcp is not an existing service. This cannot be abused to cause the SMTP or LMTP client to send data into unauthorized ports.
Revision 1.24 / (download) - annotate - [select for diffs], Mon Jul 22 10:39:26 2002 UTC (21 years, 4 months ago) by martti
Branch: MAIN
CVS Tags: pkgviews-base,
pkgviews,
netbsd-1-6-RELEASE-base,
netbsd-1-6
Changes since 1.23: +3 -1
lines
Diff to previous 1.23 (colored)
Added support for TLS. To use this, set POSTFIX_USE_TLS=YES in /etc/mk.conf. To verify the TLS support, type # /usr/pkg/sbin/postconf | grep tls Submitted by Dawid Szymanski in pkg/17570.
Revision 1.23 / (download) - annotate - [select for diffs], Wed Jul 17 22:34:45 2002 UTC (21 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.22: +2 -1
lines
Diff to previous 1.22 (colored)
parse T_AAAA responses. patch sent to wietse.
Revision 1.22 / (download) - annotate - [select for diffs], Thu Jun 27 04:47:54 2002 UTC (21 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.21: +2 -1
lines
Diff to previous 1.21 (colored)
accept emails with domains with AAAA only. the patch was sent to wietse already.
Revision 1.18.2.1 / (download) - annotate - [select for diffs], Sun Jun 23 18:51:59 2002 UTC (21 years, 5 months ago) by jlam
Branch: buildlink2
Changes since 1.18: +4 -4
lines
Diff to previous 1.18 (colored) next main 1.19 (colored)
Merge from pkgsrc-current to buildlink2 branch.
Revision 1.21 / (download) - annotate - [select for diffs], Thu Jun 6 13:48:33 2002 UTC (21 years, 6 months ago) by martti
Branch: MAIN
CVS Tags: buildlink2-base
Changes since 1.20: +3 -3
lines
Diff to previous 1.20 (colored)
Updated postfix to 1.1.11 * Cleanup: Mailbox-Line: message header labels should be X-Mailbox-Line: labels * The SMTP server now disallows RCPT TO:<"">, just like it disallows RCPT TO:<> * Replace domain.name by domain.tld in the example config files * The Postfix sendmail command did not export the MAIL_CONFIG environment setting to the postdrop command
Revision 1.20 / (download) - annotate - [select for diffs], Wed May 15 07:09:23 2002 UTC (21 years, 7 months ago) by martti
Branch: MAIN
Changes since 1.19: +3 -3
lines
Diff to previous 1.19 (colored)
Updated postfix to 1.1.10 (released 2002-05-14) - Bugfix: the new code for header address quoting sometimes did not null terminate strings so that arbitrary garbage could appear at the end of message headers. - Safety: user@domain@domain is no longer accepted by the permit_mx_backup UCE restriction (unless Postfix is configured with "resolve_dequoted_address = no").
Revision 1.19 / (download) - annotate - [select for diffs], Tue May 14 06:57:24 2002 UTC (21 years, 7 months ago) by martti
Branch: MAIN
Changes since 1.18: +4 -4
lines
Diff to previous 1.18 (colored)
Updated postfix to 1.1.9 * add a MESSAGE file to describe how to activate postfix (pkg/13335) Changes: * Close user@domain@postfix-style.virtual.domain source routing relaying loophole involving postfix-style virtual domains with @virtual.domain catch-all patterns * mail_addr_map() used the "wrong" @ character in addresses with multiple @. * For address localpart quoting, now quote @ as a special character everywhere, except when resolving addresses. Previously, the @ was nowhere quoted as a special character, not even in SMTP commands. * Don't allow an OK access rule lookup result for user@domain@postfix-style.virtual.domain. * Quote unquoted address localparts that need quoting. * The SMTP client logged and bounced the CNAME expanded recipient address, and thereby complicated trouble shooting. * The SMTP and LMTP clients bounced the quoted recipient address, resulting in too much quoting in bounce reports. * The LDAP client used the "wrong" @ character in addresses with multiple @. * Forwards "postqueue -r" compatibility with the additional queue file records that are stored by snapshot 20050512. * Specify "resolve_dequoted_address = no" to prevent Postfix from looking inside quotes for extra @ etc. characters when resolving an address. This behavior is technically more correct, but it opens a mail relay loophole with "user @domain"@domain when relaying mail to a Sendmail system.
Revision 1.18 / (download) - annotate - [select for diffs], Sun May 5 14:46:27 2002 UTC (21 years, 7 months ago) by martti
Branch: MAIN
Branch point for: buildlink2
Changes since 1.17: +3 -3
lines
Diff to previous 1.17 (colored)
Updated postfix to 1.1.8 - Postfix no longer attempts to build with GDBM support - The Postfix SMTP client forgot to quote whitespace etc. in a sender or recipient address when DNS lookup was turned off - Better error reporting in the postqueue command
Revision 1.17 / (download) - annotate - [select for diffs], Tue Apr 2 09:34:40 2002 UTC (21 years, 8 months ago) by martti
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH003
Changes since 1.16: +3 -3
lines
Diff to previous 1.16 (colored)
Updated postfix to 1.1.7 - Violation of the defer_transports setting: the flush server could trigger mail delivery (as if ETRN was sent) while doing some internal housekeeping of per-destination logfiles. - Virtual mapping was broken for addresses with embedded whitespace in the recipient local part. - When the super-user runs "mailq" or "postqueue -p" (list mail queue) while the mail system is down, the postqueue command runs the showq command directly. However, postqueue did not pass on non-default configuration directory settings to the showq command, so that showq would report the default mail queue instead.
Revision 1.16 / (download) - annotate - [select for diffs], Wed Mar 27 13:10:18 2002 UTC (21 years, 8 months ago) by martti
Branch: MAIN
Changes since 1.15: +2 -2
lines
Diff to previous 1.15 (colored)
Use maildrop as the default gid. PR#16034
Revision 1.15 / (download) - annotate - [select for diffs], Wed Mar 27 07:17:09 2002 UTC (21 years, 8 months ago) by martti
Branch: MAIN
Changes since 1.14: +4 -4
lines
Diff to previous 1.14 (colored)
Updated postfix to 1.1.6 - The new code avoids problems with SMTP servers that will not receive mail with lines longer than the 1000 characters that are allowed by the SMTP standard. - The new code is more graceful in the handling of abnormally long message headers. It will no longer switch from "message header" to "message body" mode in the middle of an abnormally long message header line.
Revision 1.14 / (download) - annotate - [select for diffs], Sat Mar 16 18:06:39 2002 UTC (21 years, 9 months ago) by martti
Branch: MAIN
Changes since 1.13: +3 -1
lines
Diff to previous 1.13 (colored)
* Install main.cf and master.cf to /etc/postfix if they don't exist * Fixed some hardcoded paths (should fix pkg/13987)
Revision 1.13 / (download) - annotate - [select for diffs], Wed Mar 13 08:10:09 2002 UTC (21 years, 9 months ago) by martti
Branch: MAIN
Changes since 1.12: +4 -4
lines
Diff to previous 1.12 (colored)
Updated postfix to 1.1.5 - With patch 04, automatic change detection of DBM files was slightly broken (incremental updates would no longer be detected). The fix is to use separate file handles for locking and for change detection. - The trivial-rewrite server could dereference a dangling pointer after stripping a source route (@domain,domain:) from an address while append_at_myorigin=no. Although this setting is unsupported, Postfix should not SIGSEGV anyway. - The SMTP server replied with 552 (too much mail) when rejecting mail content. The SMTP standard defines no reply code for this situation, but one could argue that 550 is more appropriate. And so it shall be.
Revision 1.12 / (download) - annotate - [select for diffs], Wed Mar 6 15:07:54 2002 UTC (21 years, 9 months ago) by martti
Branch: MAIN
Changes since 1.11: +7 -9
lines
Diff to previous 1.11 (colored)
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
Revision 1.11 / (download) - annotate - [select for diffs], Sat Dec 1 12:40:52 2001 UTC (22 years ago) by martti
Branch: MAIN
Changes since 1.10: +3 -1
lines
Diff to previous 1.10 (colored)
Added the checksum for the IPv6 patch (POSTFIX_USE_INET6=YES)
Revision 1.10 / (download) - annotate - [select for diffs], Thu Nov 22 11:43:07 2001 UTC (22 years ago) by martti
Branch: MAIN
Changes since 1.9: +3 -3
lines
Diff to previous 1.9 (colored)
Updated to 20010228pl8. Changes since 20010228pl4nb1:
20010917
Bugfix: an address extension could be appended multiple
times to the result of a canonical or virtual map lookup.
File: global/mail_addr_map.c. Fix by Victor Duchovni,
Morgan Stanley.
Bugfix: because split_addr() would split an address even
when there was no data before the recipient delimiter, the
above bug could cause an address to grow exponentially in
size. Problem reported by Victor Duchovni, Morgan Stanley.
File: global/split_addr.c.
20010918
Bugfix: the mail_addr_map() fix was almost but not quite
right. It took two clever people and several iterations of
email to really fix the mail_addr_map() problem. Thanks
to Victor Duchovni and Liviu Daia.
20011016
Bugfix: As of 20000625, Errors-To: was broken, because the
code to extract the address was not moved from recipient
address rewriting to sender address rewriting. Problem
reported by Roelof Osinga @ nisser.com. File:
cleanup/cleanup_message.c.
20011023
Bugfix: the FILTER_README content filtering example had
not been updated to include the sendmail "-i" command line
option.
20011029
Bugfix: virtual map expansion terminated early because the
detection of self-referential entries was flawed. File:
cleanup/cleanup_map1n.c.
20011031
Bugfix: mail_date() mis-formatted negative time zone offsets
with fractional hours (-03-30 instead of -0330). Fix by
Chad House, greyfirst.ca. File: global/mail_date.c.
20011103
Bugfix: Postfix would log the wrong error text when locally
submitted mail was deferred due to "soft_bounce = yes".
Bugfix: The LDAP client dropped any entries that don't have
the result_attribute, but errored out when a DN didn't
exist. The behavior is now consistent: treat non-existant
DN's in a special result attribute expansion the same as
DN's with no attribute. LaMont Jones, HP.
20011114
Bugfix: reset the smtpd command transaction log between
deliveries. File: smtpd/smtpd.c.
20011115
Bugfix: reset the smtpd command transaction log between
non-deliveries. File: smtpd/smtpd.c.
Revision 1.9 / (download) - annotate - [select for diffs], Mon Nov 12 05:07:19 2001 UTC (22 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.8: +1 -3
lines
Diff to previous 1.8 (colored)
remove IPv6 patch for safety. it seems that IPv6 patch has bad sideeffect on relaying determination.
Revision 1.8 / (download) - annotate - [select for diffs], Thu Aug 9 08:14:12 2001 UTC (22 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.7: +5 -5
lines
Diff to previous 1.7 (colored)
upgrade to 20010228-pl04. changes can be found below: ftp://ftp.yoyo.org/pub/mirrors/postfix/official/postfix-20010228-pl04.RELEASE_NOTES
Revision 1.7 / (download) - annotate - [select for diffs], Thu Jun 7 09:23:20 2001 UTC (22 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.6: +6 -6
lines
Diff to previous 1.6 (colored)
upgrade to postfix-20010228-pl03. changes since pl02: 20010501 Bugfix: The SMTP server's 550 in reply to DATA should be a 554 response. And it wasn't Sendmail. Claus Assman. Bugfix: the INSTALL.sh test for non-interactive upgrade broke rooted installations that specify settings via the environment. Simon Mudd. Bugfix: mailq output is now really flushed one message at a time. File: sendmail/sendmail.c. 20010507 Bugfix: with soft_bounce=yes, the SMTP server would log 5xx replies even though it would send 4xx replies to the client (Phil Howard, ipal.net). File: smtpd/smtpd_check.c. 20010523 Bugfix: postsuper's temporary file detection logic needed fixing. Bugfix: memory leak in the LDAP client module. Alain Thivillon, France Teaser - Groupe Firstream. 20010525 Bugfix: the SMTP and LMTP clients claimed that a queue file needed to be delivered again (even when all recipients were erased from the queue file) when no QUIT or RSET reply was received (by default, this does not happen with SMTP mail because the SMTP client does not wait for QUIT replies and does not send RSET to deliver mail). As a result of the same bug the LMTP client followed a dangling pointer when sending QUIT after process idle timeout while the LMTP server had disconnected. Files: smtp/smtp_proto.c, lmtp/lmtp_proto.c.
Revision 1.6 / (download) - annotate - [select for diffs], Tue May 15 01:33:35 2001 UTC (22 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.5: +3 -3
lines
Diff to previous 1.5 (colored)
upgrade ipv6 patch. more fix for reverse lookup (!INET6 case)
Revision 1.5 / (download) - annotate - [select for diffs], Mon May 14 17:38:02 2001 UTC (22 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.4: +3 -3
lines
Diff to previous 1.4 (colored)
use latest IPv6 patch. corrects !INET6 behavior (NetBSD PR 12876).
Revision 1.4 / (download) - annotate - [select for diffs], Thu May 3 00:24:12 2001 UTC (22 years, 7 months ago) by itojun
Branch: MAIN
CVS Tags: netbsd-1-5-PATCH001
Changes since 1.3: +6 -6
lines
Diff to previous 1.3 (colored)
use postfix 20010228-pl02 from wietse.
20010403
Workaround: the mysql library can return null pointers
rather than zero-length strings.
20010404
Ergonomics: log additional information about the reason
why "mail for XXX loops back to myself", when the local
machine is the best MX host. File: smtp/smtp_addr.c.
20010406
Changed some noisy LDAP client warnings into optional
logging. LaMont Jones, util/dict_ldap.c.
20010411
Bugfix: the SMTP server now replies with 550 instead of
503 when it receives the DATA command without having received
a valid recipient address. This is needed for the Sendmail
client-side pipelining implementation. Problem reported by
Lutz Jaenicke. File: smtpd/smtpd.c.
Cleanup: shut up if chattr fails on Reiserfs and other file
systems that do not support the respective attributes.
Files: conf/postfix-script-{no,}sgid.
20010413
Ergonomics: Postfix applications now warn when a DB or DBM
file is out of date, and recommend to rebuild the table.
Files: util/dict_db.c, util/dict_dbm.c.
20010414
Bugfix: with a non-default inet_interfaces setting, the
master ignored host information in master.cf host:port
settings. Fix by Jun-ichiro itojun Hagino @ iijlab.net.
Files: master/master.h, master/master_ent.c.
20010426
Bugfix: the SMTP server did not parse invalid MAIL FROM or
RCPT TO addresses such as <first last <user@domain>> the
way it was supposed to do. I thought this was taken care
of years ago. File: smtpd/smtpd.c.
20010427
Bugfix: smtpd would reject mail instead of replying with
a 4xx temporary error code when, for example, an LDAP or
mysql server was unavailable. Remotely based on a fix by
Robert Kiessling @ de.easynet.net. File: smtpd/smtpd_check.c.
Revision 1.3 / (download) - annotate - [select for diffs], Tue Apr 24 00:52:13 2001 UTC (22 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.2: +2 -2
lines
Diff to previous 1.2 (colored)
upgrade IPv6 patch (not really IPv6 problem, but a problem in patch to fix bug in original that is tickled by IPv6). avoid SEGV on reload.
Revision 1.2 / (download) - annotate - [select for diffs], Fri Apr 20 13:10:02 2001 UTC (22 years, 7 months ago) by agc
Branch: MAIN
Changes since 1.1: +4 -1
lines
Diff to previous 1.1 (colored)
Move to sha1 digests, and add distfile sizes.
Revision 1.1 / (download) - annotate - [select for diffs], Tue Apr 17 11:34:50 2001 UTC (22 years, 7 months ago) by agc
Branch: MAIN
+ move the distfile digest/checksum value from files/md5 to distinfo + move the patch digest/checksum values from files/patch-sum to distinfo