20161205
Cleanup: log the sender address when rejecting a too large
message size in a "MAIL FROM:<sender> SIZE=nnn" command.
File: smtpd/smtpd.c.
20161206
Bugfix (introduced: Postfix 3.0): when receiving a MAIL
FROM...SMTPUTF8 command while smtpd_delay_reject=no, enable
SMTPUTF8 support before processing smtpd_sender_restrictions.
Problem reported by Viktor Dukhovni. File: smtpd/smtpd.c.
Bugfix (introduced: Postfix 3.0): when receiving a
VRFY...SMTPUTF8 command, enable SMTPUTF8 support while
processing smtpd_recipient_restrictions. File: smtpd/smtpd.c.
20161220
Bugfix (introduced: Postfix 2.1.0): the Postfix SMTP daemon
did not query sender_canonical_maps when rejecting unknown
senders with "smtpd_reject_unlisted_recipient = yes" or
with reject_unlisted_sender. Stephen R. van den Berg (Mr.
procmail). Files: smtpd/smtpd.c, smtpd/smtpd_check.c.
20161223
Bugfix (introduced: Postfix 3.2 snapshots): the makedefs
script produced a garbled CCARGS setting when no suitable
ICU library was found. File: makedefs.
Incompatible changes with snapshot 20161204
===========================================
Postfix 3.2 removes tentative features that were implemented
before the DANE spec was finalized:
- Support for certificate usage PKIX-EE(1),
- The ability to disable digest agility. Postfix 3.2 always behaves
as if "tls_dane_digest_agility = on.
- The ability to disable support for "TLSA 2 [01] [12]" records
that specify the digest of a trust anchor. Postfix 3.2 always
behaves as if "tls_dane_trust_anchor_digest_enable = yes".
The only reason to use post-stage is because the port needs to do
"things" at a later time, like some plist manipulation.
While there, fold post-install in do-install targets when they are
defined.
PR: 214780
Submitted by: mat
Exp-run by: antoine
Sponsored by: Absolight
20161105
Bugfix (introduced: Postfix 1.1): the postsuper command did
not count a successful rename operation after error recovery.
Problem reported by Markus Sch_nhaber. File: postsuper/postsuper.c.
Cleanup: error reporting for IDNA (non-ASCII domain name)
conversion errors, and enable_idna2003_compatibility
configuration. File: util/midna_domain.c.
Incompatible changes with snapshot 20161103
===========================================
Postfix 3.2 by default disables the 'transitional' compatibility
between IDNA2003 and IDNA2008, when converting UTF-8 domain names
to/from the ASCII form that is used in DNS lookups. This makes
Postfix behavior consistent with current versions of the Firefox
and Chrome web browsers. Specify "enable_idna2003_compatibility =
yes" for historical behavior.
This affects the conversion of, for example, the German sz and the
Greek zeta. See http://unicode.org/cldr/utility/idna.jsp for more
examples.
Major changes with snapshot 20161031
====================================
The smtpd_milter_maps feature supports per-client Milter configuration.
This overrides the global smtpd_milters setting and has the same syntax.
A lookup result of "DISABLE" turns off Milter support.
Changelog:
20161007
Bitrot: API for the ersatz inet_ntop() function, when
compiling with -DNO_IPV6 (which exists only for debugging).
Files: util/sys_defs.h, util/sys_compat.c.
20161008
Feature: smtp_tcp_port, similar to the existing lmtp_tcp_port.
Files: mantools/postlink, proto/postconf.proto,
global/mail_params.h, smtp/smtp.c, smtp/smtp_connect.c,
smtp/smtp_params.c.
Feature: "PASS" and "STRIP" actions in header/body_checks.
"STRIP" is similar to "IGNORE" but also logs the action,
and "PASS" disables header, body, and Milter inspection for
the remainder of the message content. Contributed by Hobbit.
Files: cleanup/cleanup_message.c, global/header_body_checks.c.
Changelog:
==========
20160925
Bugfix (introduced: Postfix 2.11): changed the default MySQL
option_group value to "client" to enable the reading of
"client" option group settings in the MySQL option file.
Specify an empty option_group value to get backwards-compatible
behavior. This fixes a "not found" problem with Postfix
queries that contain UTF8-encoded non-ASCII text. Based
on a fix by John Fawcett. Files: global/dict_mysql.c,
proto/mysql_table.
Incompatible changes with snapshot 20160925
===========================================
In the Postfix MySQL database client, the default option_group value
has changed to "client", to enable reading of "client" option group
settings in the MySQL options file. This fixes a "not found" problem
with Postfix queries that contain UTF8-encoded non-ASCII text.
Specify an empty option_group value (option_group =) to get
backwards-compatible behavior.
Changelog:
20160918
after rejected SMTP commands. As before, the SMTP server
does not forward SASL login information to other Postfix
subsystems, and it does not receive SASL login information
in XFORWARD commands. File/smtpd/smtpd.c.
- Clean up the Makefile.
- Follow some upstream recommendations (--with-data-packaging=archive,
--disable-renaming, -DICU_NO_USER_DATA_OVERRIDE).
- Patch makefiles to install static libraries with INSTALL_DATA so they
aren't stripped.
- Patch config/mh-bsd-gcc to sync with config/mh-linux-gcc.
- Fix endianness detection in ICU. The code wanted to use BYTE_ORDER
defined in machine/endian.h, but this isn't visible because ICU is
compiled with _XOPEN_SOURCE. Patch the code to use _BYTE_ORDER instead.
- Compile ICU with C++11 compiler to enable move constructors.
- Patch ICU to fix a problem with atomics in the case of a C++11 compiler
without C++11 header <atomic> (like Clang on FreeBSD 9).
- Bump all ports that depend on it due to library version change.
- Add USES=compiler:c++0x to some ports that pick up -std=c++0x from ICU
pkgconfig files.
- Add USES=compiler:c++11-lib to graphics/libcdr01 because it also needs
a C++11 runtime library now. Add this to all ports that depend on it
so their executables load the right libstdc++.so on FreeBSD 9.
PR: 205120
Exp-run by: antoine
Approved by: portmgr (antoine)
Changelog:
20160908
Documentation: add a pointer to hosts(5) and services(5)
for symbolic host and port syntax. File: proto/master.
20160911
Bugfix (introduced: Postfix 3.0): the SMTP daemon did not
reset a previous session's command counts before rejecting
a client that exceeds request or concurrency rates. File:
smtpd/smtpd.c.
20160912
Feature: preserve the new file mtimes when installing
Postfix. Ond_ej Lyson_k. Wietse made this conditional on
the presence of a new -keep-new-mtime flag. File: postfix-install.
20160917
Bugfix: unionmap did not propagate table lookup errors.
Based on patch by Roel van Meer. Files: util/dict_union.c,
util/dict_union_test.*.
Cleanup: added unit test for pipemap. Files: util/dict_pipe.c,
util/dict_pipe_test.*.
Documentation: added a note about the order of search
patterns and table lookup order. Files: proto/canonical,
proto/generic, proto/virtual.
20160808
Cleanup: preserve the new file mtimes when installing Postfix.
Ond[m~Yej Lyson[m~[k. File: postfix-install. REVERTED 20160828.
20160819
Bugfix (introduced: Postfix 3.0): the makedefs script ignored
readme_directory=pathname overrides. Fix by Todd C. Olson.
File: makedefs.
20160821
Bugfix (introduced: Postfix 3.0): the tls_session_ticket_cipher
documentation says aes-256-cbc, but the implementation was
using aes-128-cbc (note that Postfix SMTP server and client
processes have a limited life time).
20160828
Bitrot: fixes for incompatible OpenSSL 1.1.0 API changes.
Viktor Dukhovni. Files: posttls-finger/posttls-finger.c,
tls/tls.h, tls/tls_dane.c, tls/tls_verify.c, tls/tls_server.c,
tls/tls_client.c.
Cleanup: disable reuse of ECDH ephemeral keys. Viktor
Dukhovni. File: tls/tls_misc.h.
MFH: 2016Q3
20160728
Bugfix (introduced: 20090614): with concurrent connections
from the same client IP address, and after-220 tests enabled,
postscreen could overwrite the cached "all tests completed"
result of one connection that completed the after-220 tests,
with the "some tests not completed" result of a concurrent
connection where the client hung up before completing the
after-220 tests. Files: postscreen_misc.c, postscreen_state.c,
postscreen.h, postscreen_tests.c, postscreen.c, postscreen_smtpd.c,
postscreen_early.c.
20160730
Cleanup: don't try to optimize away postscreen cache updates.
File: postscreen_misc.c.
Cleanup: removed compatibility crutches that emulated a
historical data organization from four years ago. Files:
postscreen/postscreen.[hc], postscreen/postscreen_early.c,
postscreen/postscreen_smtpd.c, postscreen/postscreen_tests.c.
20160618
Bugfix(introduced: 20091121): with the introduction of
sender_dependent_default_transport_maps, the SMTP daemon
was not updated. This resulted in false rejects with
sender-dependent "error" transports. Based on a fix by
Russell Yanofsky. Files: global/resolve_clnt.c,
global/resolve_clnt.h, smtpd/smtpd_check.c, smtpd/smtpd_check.h,
smtpd/smtpd_milter.c, smtpd/smtpd_resolve.c, smtpd/smtpd_resolve.h.
20160619
Refinements to the 20160618 fix. For more consistent results
with sender address validation, use the recipient address
(if available) as the sender-dependent address resolver
context. For better caching, pass sender context with all
attempts to resolve an email address. File: smtpd/smtpd.c,
smtpd/smtpd_check.c, smtpd/smtpd_milter.c.
20160625
Cleanup: the Postfix SMTP server now passes network address
and port information to the Cyrus SASL library. Build with
``make makefiles "CCARGS=$CCARGS -DNO_IP_CYRUS_SASL_AUTH"''
for backwards compatibility. Files: makedefs,
smtpd/smtpd_sasl_glue.c, xsasl/xsasl.h, xsasl/xsasl_cyrus_server.c,
xsasl/xsasl_server.c.
Cleanup: dnsblog manpage. File: dnsblog/dnsblog.c.
- fix build with LibreSSL [1]
20160601
Cleanup: moved parsing of '!' operators from cidr_match.c
to dict_cidr.c. Files: util/cidr_match.[hc], util/dict_cidr.c,
util/match_ops.c.
20160604
Cleanup: made parsing of '!' operators in regexp and pcre
tables consistent with cidr tables. Files: util/dict_regexp.c,
util/dict_pcre.c.
20160605
Cleanup: integer wrap-around detection in the MySQL and
PostgreSQL clients. This is totally non-critical because
Postfix strings are size-limited by design. Files:
global/dict_mysqql.c, global/dict_pgsql.c.
20160607
Documentation: dnsblog.
20160609
Documentation: postsuper(1) manpage text for multiple -[dhH]
options. File: postsuper/postsuper.c.
20160611
Cleanup: Postfix SMTP server local IP address and port
attributes in the policy delegation protocol (attribute
names: server_address, server_port), in the Milter protocol
(macro names: {daemon_addr}, {daemon_port}) and in the
XCLIENT protocol (attribute names: DESTADDR, DESTPORT).
Files: proto/MILTER_README.html, proto/SMTPD_POLICY_README.html,
cleanup/cleanup.h, cleanup/cleanup_milter.c, global/mail_proto.h,
milter/milter.h, smtpd/smtpd.c, smtpd/smtpd.h, smtpd/smtpd_check.c,
smtpd/smtpd_haproxy.c, smtpd/smtpd_milter.c, smtpd/smtpd_peer.c.
20140612
Bugfix: missing server address/port conversion. File:
smtpd/smtpd_peer.c.
Submitted by: brnrd@ [1]
Obtained from: http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/mail/postfix/stable/patches/ [1]
20160526
Feature: cidr tables now support if/endif and negation (by
prepending "!" to a pattern), just like regexp and pcre
tables. The primarily purpose is to improve readability of
complex tables. Files: util/cidr_match.[hc], util/dict_cidr.c,
proto/cidr_table.
Cleanup: make regexp: and pcre: parser warning messages more
similar. Files: dict_regexp.c, dict_pcre.c.
20160521
Bugfix (introduced: Postfix beta): the never-used function
mvect_free() attempted to free memory that it has not
allocated. File: util/mvect.c.
Cleanup: existing if/endif support for pcre and regexp
tables, in preparation for new if/endif support for cidr
tables. Files: util/dict_regexp.c, util/dict_pcre.c.
Changelog:
20160330
The collate.pl script by Viktor Dukhovni for grouping Postfix
logfile records into "sessions" based on queue ID and process
ID information. Files: auxiliary/collate/*.
20160407
Treat SASL_FAIL and SASL_NOMEM as temporary errors.
Markus Benning. File: xsasl/xsasl_cyrus_server.c.
20160410
Bugfix (introduced: Postfix 2.6): the "bad filetype"
header_checks pattern falsely rejected Content-Mumble headers
with ``name="example"; x-apple-part-url="example.com"''.
Fixed by respecting the ";" separator between content
attribute values. Reported by Cedric Knight. File:
proto/header_checks.
20160515
Portability: OpenBSD 6.0. Files: makedefs, util/sys_defs.h,
dns/dns_str_resflags.c.
MFH: 2016Q2
- change comment to reflect this is a Experimental version
- fix CONFLICTS
Changes:
20160227
Cleanup: remember multiple BCC actions in access maps.
Files: smtpd/smtpd.h, smtpd/smtpd.c, smtpd/smtpd_check.c,
smtpd/smtpd_state.c, proto/access.
20160228
Documentation: STRESS_README. File: proto/STRESS_README.html.
20160229
Documentation: postmulti manpage. File: postmulti/postmulti.c.
20160305
Future-proofing: detect integer overflow before it happens.
After-the-fact detection relies on assumptions about
undefined behavior that are invalidated by compilers. Files:
util/mymalloc.c, util/vstring.c.
20160310
Bugfix (introduced: Postfix 2.6): the Milter SMFIR_CHGFROM
(replace sender) request lost the sender_bcc_maps address.
Fixed by moving some record keeping to the sender output function.
Files: cleanup/cleanup_envelope.c, cleanup/cleanuop_addr.c,
cleanup/cleanup_milter.c, cleanup/cleanup.h, regression tests.
20160314
Future-proofing: detect integer overflow before it happens.
After-the-fact detection relies on assumptions about
undefined behavior that are invalidated by compilers. Files:
global/off_cvt.c.
Cleanup: include <sys/types.h> once, instead of making it
system-dependent. File: util/sys_defs.h.
Cleanup: make sorting in "make depend" locale-independent.
Files: */Makefile.in.
- rework SASL OPTIONS
Dovecot SASL does not need any dependency, from now it will be always build into postfix
- EAI is now mandantory, else mails can be lost
- add support for FreeBSD 10.3 mailwrapper (install mailer.conf into LOCALBASE/mail instead /etc/mail)
- add better reload support to rc script
- display correct path in pkg-message
- add support for postfix-sasl slave port
- remove nativ SPF support, patch is no longer maintained and there are alternatives in the ports tree
- remove VDA support (seems VDA project is dead and unmaintaned)
Many Thanks to all testers!
PR: 195662
PR: 205162
- install postfix specific mailer.conf.postfix into DATADIR [2]
- make EAI the default, postfix will reject messages if build
w.o. EAI and compatibility_level is set to a value >=1 [3]
- use new notation instead PATCH_DIST_STRIP
- bump PORTREVISION
1) detect if the port is installed without TERM, in this case
do not ask the to make postfix the default mailer and respect
the env POSTFIX_DEFAULT_MTA. This helps tools like salt,
ansible, cfengine and puppet during the first package installation.
2) $DATADIR/mailer.conf.postfix can be used by the tools in 1)
3) Issue noted by Melissa Pilgrim by PM
Short description of the issue:
If compatibility_level is set to a value >= 1, then postfix set
smtputf8_enable=yes. For more information see
$ postconf -d | grep compatibility_level
and
http://www.postfix.org/SMTPUTF8_README.html
MFH: 2016Q1
- Support multiple values in *_OLD_CMD, i.e. we can now fix both "/usr/bin/python" and "/usr/bin/env python" at the same time
- Default *_OLD_CMD values are now always appended, so you don't need to specify them in individual ports
- Add lua support (depends on USES=lua)
- Add more default values, such as "/usr/bin/env foo" for python, perl, bash, ruby and lua
- Shebangfix now matches whole words, e.g. we will no longer (erroneously) replace "/usr/bin/perl5.005" with "${perl_CMD}5.005" (but "/usr/bin/perl -tt" is still (correctly) replaced with "${perl_CMD} -tt")
Note that *_OLD_CMD items containing spaces must now be quoted (e.g. perl_OLD_CMD=/bin/perl /usr/bin/perl "/usr/bin/env perl")
Update shebangfix usage according to new rules in many ports:
- Remove *_OLD_CMD for patterns now replaced by default
- Quote custom *_OLD_CMD which contain spaces
Fix shebangfix usage in many ports (irrelevant to infrastructure change):
- Remove redundant SHEBANG_LANG (no need to duplicate default langs)
- Remove redundant *_CMD (such as python_CMD=${LOCALBASE}/bin/python${PYTHON_VER} when USES=python is present)
- Never use *_OLD_CMD in REINPLACE_CMD matchers, these should always look for exact string
Approved by: portmgr (bapt)
Differential Revision: D3756
- use target helpers
ChangeLog:
20150722
The COMPATIBILITY_README text and HTML files were not
installed. File: conf/postfix-files.
20150903
Workaround: disable DNSSEC support for AIX 7x and earlier.
The AIX 6/7 resolver(5) API defines RES_USE_DNSSEC without
defining the "ad" bit. Viktor Dukhovni. Files: makedefs,
proto/INSTALL.html, dns/dns.h.
20150923
Bugfix (introduced: 20120531-617): the Postfix SMTP server
used a larger-than-1 VSTREAM buffer to read the HAProxy
connection hand-off information. This broke TLS wrappermode,
as the TLS helo packet would end up in the plaintext VSTREAM
buffer. Reported by Lukas Erlacher. File: smtpd/smtpd_haproxy.c.
20150924
Bugfix (introduced: 20090216-24): incorrect postmulti error
message. Reported by Patrik Koetter. Fix by Viktor Dukhovni.
File: postmulti/postmulti.c.
Workaround: don't create a new instance when the template
main.cf and master.cf files are missing, as happens on
Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script.
20150925
Bugfix (introduced: 19970309, fixed 20150421 in development
release): reset errno before calling readdir(), in order
to distinguish between an end-of-directory and an error
condition. File: scandir.c.
20150930
Bugfix (introduced: 20040124): Milter client panic while
adding a header, because the PREPEND action used the same
output function for header_checks and body_checks. Viktor
Dukhovni and Wietse. File: cleanup/cleanup_message.c.
Bugfix (introduced: 20031128): xtext_unquote() did not
propagate error reports from xtext_unquote_append(), causing
the decoder to return partial ouput, instead of rejecting
malformed input. Fix by Krzysztof Wojta. File: global/xtext.c.
20151003
Bugfix (copied from xtext): uxtext_unquote() did not propagate
error reports from uxtext_unquote_append(), causing the
decoder to return partial output, instead of rejecting
malformed input. Found by searching the code for similar
error patterns as with xtext_unquote(). File: global/uxtext.c.
Bugfix (introduced: 20141130, fixed around 20150607 in
development release): the DNS multi-query clients forgot
to save and restore h_errno when evaluating the aggregate
result. File: dns/dns_lookup.c.
20150501
Support for Linux 4.*, and some simplification for future
makedefs files. Files: makedefs, util/sys_defs.h.
20150718
Security: opportunistic TLS by default uses "medium" or
stronger ciphers instead of "export" or stronger. See the
RELEASE_NOTES file for how to get the old settings back.
Files: global/mail_params.h, proto/TLS_README.html,
proto/postconf.proto, and files derived from those.
20150719
Security: Postfix TLS support by default no longer uses
SSLv2 or SSLv3. See the RELEASE_NOTES file for how to get
the old settings back. Files: global/mail_params.h,
proto/postconf.proto, and files derived from those.
Incompatible change with Postfix 2.11.6 / 3.0.2
-------------------------------------------------
As of the middle of 2015, all supported Postfix releases no longer
enable "export" grade ciphers for opportunistic TLS, and no longer
use the deprecated SSLv2 and SSLv3 protocols for mandatory or
opportunistic TLS.
These changes are very unlikely to cause problems with server-to-server
communication over the Internet, but they may result in interoperability
problems with ancient client or server implementations on internal
networks. To address this problem, you can revert the changes with:
Postfix SMTP client settings:
lmtp_tls_ciphers = export
smtp_tls_ciphers = export
lmtp_tls_protocols = !SSLv2
smtp_tls_protocols = !SSLv2
lmtp_tls_mandatory_protocols = !SSLv2
smtp_tls_mandatory_protocols = !SSLv2
Postfix SMTP server settings:
smtpd_tls_ciphers = export
smtpd_tls_protocols =
smtpd_tls_mandatory_protocols = !SSLv2
These settings, if put in main.cf, affect all Postfix SMTP client
or server communication, which may be undesirable. To be more
selective, use "-o name=value" parameter overrides on specific
services in master.cf. Execute the command "postfix reload" to make
the changes effective.
This stemmed from older VDA patches which provided a default patch which only
used 'long' for its data types and a '64bit' patch which used 'long long'.
On 32bit systems 'long' is limited to a 2GB quota while on 64bit systems it will
not be. They later renamed the '64bit' patch to be 'bigquota'. They no longer
provide a 'bigquota' patch due to less demand as most systems are 64bit
today and do not have the small 2GB quota limitation with the 'long' type.
The description of '32bit' was not accurate or useful anymore.
Upstream discussion: http://sourceforge.net/p/vda/mailman/message/24713171/
- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.
While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.
Also, replace some EXTRACT_SUFX occurences with USES=tar:*.
Checked by: make fetch-urlall-list
With hat: portmgr
Sponsored by: Absolight
- rename OPTIONS to match default name of most ports
- SASL2 -> SASL
- OPENLDAP -> LDAP
- install main.cf and master.cf with the @sample macro
- rework pkg-install
- fix wrong permission for /var/db/postfix [1]
- sets WANT_OPENLDAP_SASL option for openldap port when
postfix LDAP_SASL option is set [2]
- make usage of new ${opt}_DEPENDS notation
Release 3.0.1 or 3.0.2 is now a strong candidate to become the new
default mail/postfix port (missing components are VDA and SPF).
Changelog:
20150211
Cleanup: strncasecmp_utf8() streamlining. Files: util/stringops.h,
util/allascii.c, util/strcasecmp_utf8.c.
20150214
Bugfix (introduced: Postfix 3.0): missing #ifdef USE_TLS
inside #ifdef USE_SASL_AUTH. Viktor Dukhovni. File:
smtpd/smtpd.c.
20150217
Cleanup: missing <string.h> include. File: util/allascii.c.
20150221
Bugfix (introduced: Postfix 3.0): don't append '.' to the
DNS resource record value, when converting TXT records to
the string form that is used used by xxx_dns_reply_filter.
File: dns/dns_strrecord.c.
20150313
Documentation: incorrect Postfix version number for
postscreen_dnsbl_timeout. Quanah Gibson-Mount. File:
postscreen/postscreen.c.
20150324
Bugfix (introduced: Postfix 2.6): sender_dependent_relayhost_maps
ignored the relayhost setting in the case of a DUNNO lookup
result. It would use the recipient domain instead. Viktor
Dukhovni. Wietse took the pieces of code that enforce the
precedence of a sender-dependent relayhost, the global
relayhost, and the recipient domain, and put that code
together in once place so that it is easier to maintain.
File: trivial-rewrite/resolve.c.
20150328
Bugfix (introduced: Postfix 1.1.0): post-install expanded
macros in parameter values when trying to detect parameter
overrides, causing unnecessary main.cf updates during Postfix
start-up. Julian Reich, Viktor Dukhovni, and Wietse. File:
conf/post-install.
20150330
Bitrot: prepare for future changes in OpenSSL API. Viktor
Dukhovni. File: tls_dane.c.
PR: 198215 [1]
PR: 198857 [2]
- cleanup MASTER_SITES
- enable new pie parameter (build with -fPIC)
[1] keep the port as postfix-current until we are sure
the new distributed layout will not change
(location of libs, dynamicmaps.cf.d, postfix-files.d ...)
Release announcement:
http://www.postfix.org/announcements/postfix-3.0.0.html
Release Notes:
ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-3.0.0.RELEASE_NOTES
Approved by: sahil (implicit)
- fix build on FreeBSD 11 [1]
- use OPENSSL=yes instead including Mk/bsd.openssl.mk
- enable TLS as default option.
Postfix uses a secure default configuration if TLS is not configured.
$ postconf -d | grep use_tls
lmtp_use_tls = no
postscreen_use_tls = $smtpd_use_tls
smtp_use_tls = no
smtpd_use_tls = no
tlsproxy_use_tls = $smtpd_use_tls
Changes:
Many fixes, improvements and cleanups. The list is really to long,
please read the original Changelog on your favor postfix mirror.
[1] Noted by sbruno@
- use new AUXLIBS_(CDB|LDAP|LMDB|MYSQL|PCRE|PGSQL) build instructions
- use OPTIONS_SUB
- install posttls-finger
- build dynamic AUXLIBS (shared=yes and dynamicmaps=yes)
- set META_DIRECTORY to DAEMONDIR (this may change in future to ETCDIR)
Parts from HISTORY (heavily shortened)
20141126
Cleanup: report nullmx DNS records as "domain does not
accept mail", instead of "invalid DNS response". The Postfix
SMTP client already bounced mail for such domains, and the
Postfix SMTP server already rejected such domains with
reject_unknown_sender/recipient_domain. This introduces a
new SMTP server configuration parameter nullmx_reject_code
(default: 556).
20141127
Feature: DNS reply filter, configured with smtp_dns_reply_filter,
20141130
Cleanup: when searching multiple DNS record types for a
specific name, and not all queries return the same result
status, do not blindly return the last query's rcode and
diagnostic text. Instead, return rcode and text that is
consistent with the aggregate result status.
Documentation: added note on Milter-signing bounces.
20141202
Cleanup: to increase clarity. rename DNS result status from
DNS_UNAVAIL to DNS_NULLMX. If someone uses the same zero-length
name trick with some other resource type, then we will worry
about that later.
20141203
Feature: support to match UTF8 domain names against ASCII
names in TLS certificates.
20141212
Cleanup: nullmx SMTP reply codes 550 and 556, and enhanced
status codes X.1.10 and X.7.27. The nullmx SMTP reply codes
are no longer configurable.
20141224
Cleanup: the compile-time argument typechecks for attribute-value
APIs are now by default implemented with inline functions.
Compile with -DNO_INLINE to implement the argument typechecks
with ternary operators and unreachable assignments.
20141227
Feature: smtp_address_verify_target (default: rcpt) that
determines what protocol stage decides if a recipient is
valid. Specify "data" for servers that reject recipients
after the DATA command.
20141228
Cleanup: the IDNA conversion routines now accept both
ASCII and UTF8 inputs. The functions als verify that
either their result is a valid ASCII domain name or that
it converts into a valid ASCII domain name.
Approved by: sahil (implicit)
- add OPTION for Email Address Internationalization
(EAI, RFC 6531..6533) [1]
- sort OPTIONS_DEFINE
- fix build and install for non root users,
(sgid and group for sbin/postdrop and sbin/postqueue was lost if build
as non root and installed with sudo)
- install /var/spool/postfix directories with correct owner/mode
- use $WRKDIR instead of /tmp
Changes:
20141021
Per IETF TLS WG consensus, the tls_session_ticket_cipher
default setting was changed from aes-128-cbc to aes-256-cbc.
Take that, you quantum computer attackers! Viktor Dukhovni.
Files: proto/postconf.proto, global/mail_params.h.
20141024
Cleanup: added $smtpd_mumble_restrictions to the proxy_read_maps
default setting. File: global/mail_params.h.
Documentation: different header/body checks for MX service
and SMTP submissions. File: proto/BUILTIN_FILTER_README.html.
Cleanup: don't send "bare" original recipient in SMTP DSN
attributes. File: cleanup/cleanup_addr.c.
Feature: smtp-sink -N option to suppress DSN announcement.
File: smtpstone/smtp-sink.c.
20141025
Bugfix (introduced: Postfix 2,11): core dump when
smtp_policy_maps specifies an invalid TLS level. Viktor
Dukhovni. File: smtp/smtp_tls_policy.c.
20141103
Logging: when a connection is closed, log the request counts
for unimplemented STARTTLS or AUTH commands separately,
instead of logging such commands as "unknown". File:
smtpd/smtpd.c.
20141106
Cleanup: set errno to ETIMEDOUT after postscreen handshake
timeout event, so that warnings report the correct error.
File: tlsproxy/tlsproxy.c.
PR: 194786 [1]
Submitted by: Mark Martinec
Approved by: sahil (imlicit)
- use PORTDOCS macro
- remove check for OSVERSION >= 800037
- fix OPENLDAP_VER usage
- always call set-permissions in post-install to set correct spool/postfix/* permissions
this is required with pkg to support non interrupted upgrade
Approved by: sahil (explicit)
- Mk/bsd.database.mk rewrite, new default to db5.
- db6 is eligible by default only if installed on the system.
- Bump PORTREVISION of all ports that directly depend on BerkeleyDB or
where USE_BDB is found in the port's directory
- Patch a few ports such that they will pick up or work with newer
versions.
- Add UPDATING entry
- Drive-by format fix for pks
- Drop BerkeleyDB option from mail/popular for now, requires more work.
- Exp-run logs linked from the PR below.
- Ports that do not build (IGNORE, BROKEN, etc.) have pro-forma changes
for new Berkeley DB, but are untested.
NOTE: please read UPDATING and the Wiki page before proceeding!
Announcement: http://lists.freebsd.org/pipermail/freebsd-ports-announce/2014-August/000090.html
Wiki reference: https://wiki.freebsd.org/Ports/BerkeleyDBCleanup
PR: 192690
Approved by: portmgr (implicit, PORTREVISION bump on unstaged ports)