kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/mail/postfix/PLIST

223 lines
5.8 KiB
Text
Raw Normal View History

postfix: update to 3.4.6 pkgsrc changes: --------------- * change COMMENT to make pkglint happy (inspired by http://www.postfix.org/) * update PLIST using make print-PLIST (missing @pkgdir) upstream changes: ----------------- 20181125 Cleanup: dict_file_to_xxx() takes a list of file names separated by CHARS_COMMA_SP. Shoe-horned into the existing API, make it nicer when there is time. File: util/dict_file.c. 20181127 Cleanup: encapsulated clumsy 'read into VSTRING' code with easier-to-use vstream_fread_buf() and vstream_fread_app() primitives. Files: global/memcache_proto.c, global/record.c, global/smtp_stream.c, global/smtp_stream.h, global/uxtext.c, global/xtext.c, milter/milter8.c, util/dict_file.c, util/hex_quote.c, util/netstring.c, util/vstream.c, util/vstream.h. Verified with "make tests". Cleanup: simplified the smtp_fread() API (introduced for BDAT support), and changed the name to smtp_fread_buf(). Files: global/smtp_stream.c, smtpd/smtpd.c. Verified with ~megabyte BDAT commands. Cleanup: simplified a tlsproxy-internal API. File: tlsproxy/tlsproxy.c. 20181128 Initial support for key/certificate chain files that will replace the proliferation of separate parameters for RSA/DSA/ECC/etc. key and certificate files. Viktor Dukhovni. 20181201 Cleanup: replaced the remaining unsafe VSTRING_AT_OFFSET() calls with safe vstring_set_payload_size() calls, in code that directly writes into VSTRING. Files: tls/tls_session.c, tlsmgr/tlsmgr.c, util/casefold.c, util/vstring.c, util/vstring.h, xsasl/xsasl_cyrus_client.c. Cleanup: postscreen_command_time_limit did not need to be a 'raw' parameter. This makes "postconf -x" behavior more consistent. Files: global/mail_params.h, postscreen/postscreen.c. Documentation: added text that the following parameter values are not subject to Postfix parameter $name expansion: default_rbl_reply, command_execution_directory, luser_relay, smtpd_reject_footer. These have their own documented $name substitution mechanism. File: proto/postconf.proto. 20181202 Bugfix: posttls-finger reported an error for UNIX-domain connections, even if they did not fail. Found by Coverity. File: posttls-finger/posttls-finger.c. 20181208 Documentation: add even more redundancy to the rate-delay description. File: proto/postconf.proto. 20181210 Cleanup: code deduplication. File: util/dict_file.c. 20181226 Cleanup: code deduplication and better encapsulation with PSC_DEL_CLIENT_STATE() and PSC_DEL_SERVER_STATE() macros. Files: postscreen/postscreen.h, postscreen/postscreen_state.c. Documentation: POSTSCREEN_README did not describe the postscreen_post_queue_limit, and attributed the wrong reject message to the postscreen_pre_queue_limit. Problem reported by Michael Orlitzky. File: proto/POSTSCREEN_README.html. (20181226-nonprod) Compatibility: removed support for OpenSSL 1.0.1 (not supported since December 31, 2016) and earlier releases. This eliminated a large number of #ifdefs with bitrot workarounds. Viktor Dukhovni. Files: global/mail_params.h, posttls-finger/posttls-finger.c, tls/tls.h, tls/tls_certkey.c, tls/tls_client.c, tls/tls_dane.c, tls/tls_dh.c, tls/tls_misc.c, tls/tls_proxy_client_scan.c, tls/tls_rsa.c, tls/tls_server.c, tls/tls_session.c. (20181226-nonprod) Use the OpenSSL 1.0.2 and later API for setting ECDHE curves. Viktor Dukhovni. Files: tls/tls.h, tls/tls_client.c, tls/tls_dh.c. (20181226-nonprod) Documentation update for TLS support. Viktor Dukhovni. Files: mantools/postlink, proto/TLS_README.html, proto/postconf.proto, src/sendmail/sendmail.c, src/smtpd/smtpd.c. 20181229 Explicit maps_file_find() and dict_file_lookup() methods that decode base64 content. Decoding content is not built into the dict->lookup() method, because that would complicate the implementation of map nesting (inline, thash), map composition (pipemap, unionmap), and map proxying. For consistency, decoding base64 file content is also not built into the maps_find() method. Files: util/dict.h. util/dict_file.c, global/maps.[hc], postmap/postmap.c. 20190106 Documentation: documented the SRC_RHS_IS_FILE flag in dict_open.c, and updated the -F description in the postmap manpage. Files: util/dict_open.c, postmap/postmap.c. (20190106-nonprod) Feature: support for files that combine multiple (key, certificate, trust chain) instances in one file, to avoid separate files for RSA, DSA, Elliptic Curve, and so on. Viktor Dukhovni. Files: .indent.pro, global/mail_params.h, posttls-finger/posttls-finger.c, smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp_params.c, smtp/smtp_proto.c, smtpd/smtpd.c, tls/tls.h, tls/tls_certkey.c, tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c, tls/tls_proxy_server_print.c, tls/tls_proxy_server_scan.c, tls/tls_server.c, tlsproxy/tlsproxy.c. (20190106-nonprod) Create a second, no-key no-cert, SSL_CTX for use with SNI. Viktor Dukhovni. Files: src/tls/tls.h, src/tls/tls_client.c, src/tls/tls_misc.c, src/tls/tls_server.c. (20190106-nonprod) Server-side SNI support. Viktor Dukhovni. Files: src/global/mail_params.h, src/smtp/smtp.c, src/smtpd/smtpd.c, src/tls/tls.h, src/tls/tls_certkey.c, src/tls/tls_misc.c, src/tlsproxy/tlsproxy.c, (20190106-nonprod) Configurable client-side SNI signal. Viktor Dukhovni. Files: global/mail_params.h, posttls-finger/posttls-finger.c, smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp.h, smtp/smtp_params.c, smtp/smtp_proto.c, smtp/smtp_tls_policy.c, tls/tls.h, tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c. 20190121 Logging: support for internal logging file, without using syslog (it uses the new postlogd daemon instead). This solves a usability problem for MacOS, may help getting around systemd, and solves 99% of the problem for logging to stdout in a container (hopefully we have 100% soon). Enable by setting, for example, "maillog_file = /var/log/postfix.log"). This works fine for daemons, and with some limitations for non-daemon programs. See RELEASE_NOTES for more details. Files: conf/master.cf, conf/post-install, conf/postfix-files, conf/postfix-script, mantools/postlink, proto/master, proto/postconf.proto, global/mail_params.c, global/mail_params.h, global/mail_proto.h, global/maillog_client.c, global/maillog_client.h, master/dgram_server.c, master/event_server.c, master/mail_server.h, master/master.c, master/master.h, master/master_ent.c, master/master_listen.c, master/master_proto.h, master/master_wakeup.c, master/multi_server.c, master/single_server.c, master/trigger_server.c, postalias/postalias.c, postconf/postconf_master.c, postdrop/postdrop.c, postfix/postfix.c, postkick/postkick.c, postlog/postlog.c, postlogd/postlogd.c, postmap/postmap.c, postmulti/postmulti.c, postqueue/postqueue.c, postsuper/postsuper.c, sendmail/sendmail.c, util/connect.h, util/listen.h, util/logwriter.c, util/logwriter.h, util/msg_logger.c, util/msg_logger.h, util/msg_output.c, util/msg_output.h, util/unix_dgram_connect.c, util/unix_dgram_listen.c. Cleanup: cert/key/chain loading, plus unit tests to exercise non-error and error cases. Viktor Dukhovni. Files: tls/*.pem, tls*.pem.ref, tls/tls_certkey.c. 20190126 Safety: Postfix programs will log to either syslog or postlog but not both; and postlogd forwards postlog logging to syslog, when a configuration change removes the maillog_file pathname, but some programs still use the old configuration. Files: util/msg_syslog.[hc], util/msg_logger.c, global/maillog_client.c, postlogd/postlogd.c, Bugfix (introduced: Postfix 20110109, Postfix 2.10): watchdog pipe file descriptor leak. This pipe provides one source of liveness, data from this pipe is discarded, and therefore this does not enable privilege escalation or DOS. File: util/watchdog.c. Feature: stdout logging support; requires "postfix start-fg" and "maillog_file = /dev/stdout". Files: master/master.c, conf/postfix-script. 20190127 Safety: when maillog_file is specified, 'postfix check' now requires that the postlog service is enabled in master.cf. Otherwise 'postfix start' etc. will log a fatal error. File: conf/postfix-script. Documentation: added policy_context example. File: proto/SMTPD_POLICY_README.html. 20190128 Testing: run libtls tests under Valgrind. File tls/Makefile.in. 20190129 Safety: require that $maillog_file matches one of the pathname prefixes specified in $maillog_file_prefixes. The maillog file is created by root, and the prefixes limit the damage from a single configuration error. Files: global/mail_params.[hc], global/maillog_client.c. 20191201 Feature: "postfix logrotate" command with configurable compression program and datestamp filename suffix. File: conf/postfix-script. 20190202 Cleanup: log a warning when the client sends a malformed SNI; log an info message when the client sends a valid SNI that does not match the SNI lookup tables; update the FORWARD_SECRECY_README logging examples. Viktor Dukhovni. Files: proto/FORWARD_SECRECY_README.html, tls/tls.h, tls/tls_client.c, tls/tls_misc.c. 20190208 Debugging: the master(8) daemon now logs a warning if a master.cf entry is defined multiple times. File: src/master/master_conf.c. 20190209 Debugging: tlsproxy(8) now logs more details about unexpected configuration differences between the Postfix SMTP client and the tlsproxy(8) daemon. 20190210 Documentation: Postfix 3.4.0 RELEASE NOTES. Documentation: added BDAT_README. Documentation: global TLS settings. Files: mantools/postlink, smtp/smtp.c, tlsproxy/tlsproxy.c. 20190211 Cleanup: removed obsolete parameters: tls_dane_digest_agility, tls_dane_trust_anchor_digest_enable; removed openssl_path parameter from configuration difference checks in tlsproxy. Files: global/mail_params.h, tls/tls_misc.c, tls/tls_proxy_client_misc.c, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c, tls/tls_proxy.h. 20190212 Cleanup: missing #ifdef USE_TLS. Files: smtp/smtp_session.c, posttls-finger/posttls-finger.c. 20190217 Cleanup: when the master daemon runs with PID=1 (init mode), reap orhpan processes from non-Postfix code running in the same container, instead of terminating with a panic. File: master/master_spawn.c. 20190218 Bugfix: tlsproxy did not enable DANE-style PKI because libtls seems to have to accreted multiple init functions instead of reusing the tls_client_init() and tls_client_start() API. And some functions that do initialization don't even have init in their name! Problem report by Andreas Schulze. Viktor Dukhovni. Files: tls/tls_misc.c, tlsproxy/tlsproxy.c. Workaround: Postfix libtls makes DANE-specific changes to the shared SSL_CTX. To avoid false sharing, tlsproxy needs to label the SSL_CTX cache with DANE bits until we can remove the code that modifies SSL_CTX. File: tlsproxy/tlsproxy.c. Cleanup: Postfix libtls changed the shared SSL_CTX to override ciphers. instead of changing the SSL handle. To avoid false sharing in tlsproxy, the changes are now made to the SSL handle. Viktor Dukhovni. Files: tls/tls.h, tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c. 20190219 Bugfix: in the Postfix SMTP client, TLS wrappermode was not tested in tlsproxy mode. It needed some setup for buffering and timeouts. Problem report by Andreas Schulze. File: smtp/smtp_proto.c. 20190304 Bugfix: a reversed test broke TLS configurations that specify the same filename for a private key and certificate. Reported by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the test. Files: tls/tls_certkey.c, tls/Makefile.in. 20190310 Bitrot: LINUX5s support, after some sanity checks with a rawhide prerelease version. Files: makedefs, util/sys_defs.h. Bugfix (introduced: 20181226): broken DANE trust anchor file support, caused by left-over debris from the 20181226 TLS library overhaul. By intrigeri. File: tls/tls_dane.c. Bugfix (introduced: Postfix-1.0.1): null pointer read, while logging a warning after a corrupted bounce log file. File: global/bounce_log.c. Bugfix (introduced: Postfix-2.9.0): null pointer read, while logging a warning after a postscreen_command_filter read error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c 20190312 Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce has been producing false rejects starting with the Postfix 2.2 smtpd_end_of_data_restrictons, and for the same reasons, does the same with the Postfix 3.4 BDAT command. The latter was reported by Andreas Schulze. File: smtpd/smtpd_check.c. 20190319 With message_size_limit=0 (which is NOT DOCUMENTED), BDAT chunks were always rejected as too large. File: smtpd/smtpd.c 20190328 Bugfix (introduced: Postfix 3.0): LMTP connections over UNIX-domain sockets were cached but not reused, due to a cache lookup key mismatch. Therefore, idle cached connections could exhaust LMTP server resources, resulting in two-second pauses between email deliveries. This problem was investigated by Juliana Rodrigueiro. File: smtp/smtp_connect.c. 20190331 Documentation: tlsext_padding is not a tls_ssl_options feature. File: proto/postconf.proto. 20190401 Portability: added "#undef sun" to util/unix_dgram_connect.c. 20190403 Bugfix (introduced: Postfix 2.3): a censoring filter broke multiline Milter responses for header/body events. Problem report by Andreas Thienemann. Files: util/printable.c, util/stringops.h, smtpd/smtpd.c Bugfix (introduced: Postfix 3.3): "smtp_mx_address_limit = 0" no longer meant 'unlimited'. Problem report by Luc Pardon. File: smtp/smtp_addr.c. 20190615 Documentation: updated the BUGS section in the smtp(8) manpage about TLS connection reuse. File: smtp/smtp.c. Workaround for implementations that hang Postfix while shutting down a TLS session, until Postfix times out. With "tls_fast_shutdown_enable = yes" (the default), Postfix no longer waits for the TLS peer to respond to a TLS 'close' request. This is recommended with TLSv1.0 and later. Files: global/mail_params.h, tls/tls_session.c, and documentation. 20190621 Bugfix (introduced: Postfix 3.0): the code to reset Postfix SMTP server command counts was not called after a HaProxy handshake failure, causing stale numbers to be reported. The command counts are now reset in the function that reports the counts. File: smtpd/smtpd.c.
2019-07-17 15:33:00 +02:00
@comment $NetBSD: PLIST,v 1.31 2019/07/17 13:33:00 triaxx Exp $
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
2002-03-06 16:07:54 +01:00
bin/mailq
bin/newaliases
Update mail/postfix to 3.0.2. Database and regexp map functionality is now split into separate packages: - postfix-cdb - postfix-ldap - postfix-lmdb - postfix-mysql - postfix-pcre - postfix-pgsql - postfix-sqlite Upstream changelog follows. Postfix 3.0.2 ------------- No delta against 2.11.6. Postfix 3.0.1 ------------- - Build error when compiling the Postfix SMTP server with SASL support but no TLS support. - The DNS "resource record to text" converter, used for xxx_dns_reply_filter pattern matching, appended a '.' to TXT record resource values. - The postscreen(8) manpage specified an incorrect Postfix version number for the postscreen_dnsbl_timeout parameter. - The postfix-install script expanded macros in parameter values when trying to detect parameter overrides, causing unnecessary main.cf updates during "postfix start" etc. - Some low-level cleanup of UTF-8 string handling with no visible change in behavior (besides better performance). Postfix 3.0.0 ------------- - SMTPUTF8 support for internationalized domain names and address localparts as defined in RFC 6530 and related documents. - Support for Postfix dynamically-linked libraries and database plugins. - An OPT-IN safety net for the selective adoption of new Postfix default settings. If you do nothing, the old Postfix default settings *should* remain in effect (complain to your downstream maintainer if that is not the case). - Support for operations on multiple lookup tables. The pipemap:{map1,map2...} database type implements a pipeline of lookup tables where the result from one lookup table becomes a query for the next table; the unionmap:{map1,map2,...} database type sends the
2015-09-07 11:47:01 +02:00
lib/postfix/libpostfix-dns.so
lib/postfix/libpostfix-global.so
lib/postfix/libpostfix-master.so
lib/postfix/libpostfix-tls.so
lib/postfix/libpostfix-util.so
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
2005-03-28 10:53:07 +02:00
libexec/postfix/anvil
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
libexec/postfix/bounce
libexec/postfix/cleanup
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
2005-03-28 10:53:07 +02:00
libexec/postfix/discard
Update Postfix to 2.9.6. Changes from 2.8.14 are too many to write here, please refer RELEASE_NOTES.
2013-02-13 15:31:31 +01:00
libexec/postfix/dnsblog
Update mail/postfix to 3.0.2. Database and regexp map functionality is now split into separate packages: - postfix-cdb - postfix-ldap - postfix-lmdb - postfix-mysql - postfix-pcre - postfix-pgsql - postfix-sqlite Upstream changelog follows. Postfix 3.0.2 ------------- No delta against 2.11.6. Postfix 3.0.1 ------------- - Build error when compiling the Postfix SMTP server with SASL support but no TLS support. - The DNS "resource record to text" converter, used for xxx_dns_reply_filter pattern matching, appended a '.' to TXT record resource values. - The postscreen(8) manpage specified an incorrect Postfix version number for the postscreen_dnsbl_timeout parameter. - The postfix-install script expanded macros in parameter values when trying to detect parameter overrides, causing unnecessary main.cf updates during "postfix start" etc. - Some low-level cleanup of UTF-8 string handling with no visible change in behavior (besides better performance). Postfix 3.0.0 ------------- - SMTPUTF8 support for internationalized domain names and address localparts as defined in RFC 6530 and related documents. - Support for Postfix dynamically-linked libraries and database plugins. - An OPT-IN safety net for the selective adoption of new Postfix default settings. If you do nothing, the old Postfix default settings *should* remain in effect (complain to your downstream maintainer if that is not the case). - Support for operations on multiple lookup tables. The pipemap:{map1,map2...} database type implements a pipeline of lookup tables where the result from one lookup table becomes a query for the next table; the unionmap:{map1,map2,...} database type sends the
2015-09-07 11:47:01 +02:00
libexec/postfix/dynamicmaps.cf
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
libexec/postfix/error
libexec/postfix/flush
libexec/postfix/lmtp
libexec/postfix/local
Update mail/postfix to 3.0.2. Database and regexp map functionality is now split into separate packages: - postfix-cdb - postfix-ldap - postfix-lmdb - postfix-mysql - postfix-pcre - postfix-pgsql - postfix-sqlite Upstream changelog follows. Postfix 3.0.2 ------------- No delta against 2.11.6. Postfix 3.0.1 ------------- - Build error when compiling the Postfix SMTP server with SASL support but no TLS support. - The DNS "resource record to text" converter, used for xxx_dns_reply_filter pattern matching, appended a '.' to TXT record resource values. - The postscreen(8) manpage specified an incorrect Postfix version number for the postscreen_dnsbl_timeout parameter. - The postfix-install script expanded macros in parameter values when trying to detect parameter overrides, causing unnecessary main.cf updates during "postfix start" etc. - Some low-level cleanup of UTF-8 string handling with no visible change in behavior (besides better performance). Postfix 3.0.0 ------------- - SMTPUTF8 support for internationalized domain names and address localparts as defined in RFC 6530 and related documents. - Support for Postfix dynamically-linked libraries and database plugins. - An OPT-IN safety net for the selective adoption of new Postfix default settings. If you do nothing, the old Postfix default settings *should* remain in effect (complain to your downstream maintainer if that is not the case). - Support for operations on multiple lookup tables. The pipemap:{map1,map2...} database type implements a pipeline of lookup tables where the result from one lookup table becomes a query for the next table; the unionmap:{map1,map2,...} database type sends the
2015-09-07 11:47:01 +02:00
libexec/postfix/main.cf.proto
libexec/postfix/makedefs.out
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
libexec/postfix/master
Update mail/postfix to 3.0.2. Database and regexp map functionality is now split into separate packages: - postfix-cdb - postfix-ldap - postfix-lmdb - postfix-mysql - postfix-pcre - postfix-pgsql - postfix-sqlite Upstream changelog follows. Postfix 3.0.2 ------------- No delta against 2.11.6. Postfix 3.0.1 ------------- - Build error when compiling the Postfix SMTP server with SASL support but no TLS support. - The DNS "resource record to text" converter, used for xxx_dns_reply_filter pattern matching, appended a '.' to TXT record resource values. - The postscreen(8) manpage specified an incorrect Postfix version number for the postscreen_dnsbl_timeout parameter. - The postfix-install script expanded macros in parameter values when trying to detect parameter overrides, causing unnecessary main.cf updates during "postfix start" etc. - Some low-level cleanup of UTF-8 string handling with no visible change in behavior (besides better performance). Postfix 3.0.0 ------------- - SMTPUTF8 support for internationalized domain names and address localparts as defined in RFC 6530 and related documents. - Support for Postfix dynamically-linked libraries and database plugins. - An OPT-IN safety net for the selective adoption of new Postfix default settings. If you do nothing, the old Postfix default settings *should* remain in effect (complain to your downstream maintainer if that is not the case). - Support for operations on multiple lookup tables. The pipemap:{map1,map2...} database type implements a pipeline of lookup tables where the result from one lookup table becomes a query for the next table; the unionmap:{map1,map2,...} database type sends the
2015-09-07 11:47:01 +02:00
libexec/postfix/master.cf.proto
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
2002-03-06 16:07:54 +01:00
libexec/postfix/nqmgr
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
libexec/postfix/oqmgr
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
libexec/postfix/pickup
libexec/postfix/pipe
Updated mail/postfix to 2.6.0 - Multi-instance support introduces a new postmulti(1) command to create/add/remove/etc. additional Postfix instances. The familiar "postfix start" etc. commands now automatically start multiple Postfix instances. The good news: nothing changes when you use only one Postfix instance. See MULTI_INSTANCE_README for details. - Multi-instance support required that some files be moved from the non-shared $config_directory to the shared $daemon_directory. The affected files are postfix-script, postfix-files and post-install. - TLS (SSL) support was updated for elliptic curve encryption. This requires OpenSSL version 0.9.9 or later. The SMTP client no longer uses the SSLv2 protocol by default. See TLS_README for details. - The Milter client now supports all Sendmail 8.14 Milter requests, including requests for rejected recipient addresses, and requests to replace the envelope sender address. See MILTER_README for details. - Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To: headers to email messages with "remote" origins (these are origins that don't match $local_header_rewrite_clients). Adding such headers breaks DKIM signatures that explicitly cover non-present headers. For compatibility with existing logfile processing software, Postfix will log ``message-id=<>'' for email messages that have no Message-Id header. - Stress-adaptive behavior is now enabled by default. This allows the Postfix SMTP server to temporarily reduce time limits and error-count limits under conditions of overload, such as a malware attack or backscatter flood. See STRESS_README for details. No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations.
2009-05-13 12:33:23 +02:00
libexec/postfix/post-install
libexec/postfix/postfix-files
libexec/postfix/postfix-script
Update postfix to 3.1.2. 3.1.0 The main changes in no particular order are: * "postfix tls" command to simplify setup of opportunistic TLS, and to simplify SMTP server key/certificate management. * Positive and negative DNS reply TTL support in postscreen(8). * SASL AUTH rate limit in the Postfix SMTP server. * A safety limit on the number of address verify requests. * JSON-format Postfix queue listing. * Destination-independent delivery rate delay For details, see the RELEASE_NOTES file. 3.1.1 Fixed in all supported releases: * The Milter "replace sender" (SMFIR_CHGFROM) request lost an address that was added with sender_bcc_maps, resulting in a "rcpt count mismatch" warning. Reported by Joerg Backschues. This defect was introduced with Postfix 2.6. * The "bad filetype" example in the header_checks(5) manpage falsely rejected Content- headers with ``name="example"; x-apple-part-url="example.com"''. Reported by Cedric Knight. This defect was introduced with Postfix 2.6. 3.1.2 Fixed with Postfix 3.1.2: * Changes to make Postfix build with OpenSSL 1.1.0. Fixed with Postfix 3.1.2 and 3.0.6: * The makedefs script ignored readme_directory=pathname overrides. Fix by Todd C. Olson. * The tls_session_ticket_cipher documentation says that the default cipher for TLS session tickets is aes-256-cbc, but the implemented default was aes-128-cbc. Note that TLS session ticket keys are rotated after 1/2 hour, to limit the impact of attacks on session ticket keys.
2016-09-18 19:10:28 +02:00
libexec/postfix/postfix-tls-script
Updated mail/postfix to 2.6.0 - Multi-instance support introduces a new postmulti(1) command to create/add/remove/etc. additional Postfix instances. The familiar "postfix start" etc. commands now automatically start multiple Postfix instances. The good news: nothing changes when you use only one Postfix instance. See MULTI_INSTANCE_README for details. - Multi-instance support required that some files be moved from the non-shared $config_directory to the shared $daemon_directory. The affected files are postfix-script, postfix-files and post-install. - TLS (SSL) support was updated for elliptic curve encryption. This requires OpenSSL version 0.9.9 or later. The SMTP client no longer uses the SSLv2 protocol by default. See TLS_README for details. - The Milter client now supports all Sendmail 8.14 Milter requests, including requests for rejected recipient addresses, and requests to replace the envelope sender address. See MILTER_README for details. - Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To: headers to email messages with "remote" origins (these are origins that don't match $local_header_rewrite_clients). Adding such headers breaks DKIM signatures that explicitly cover non-present headers. For compatibility with existing logfile processing software, Postfix will log ``message-id=<>'' for email messages that have no Message-Id header. - Stress-adaptive behavior is now enabled by default. This allows the Postfix SMTP server to temporarily reduce time limits and error-count limits under conditions of overload, such as a malware attack or backscatter flood. See STRESS_README for details. No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations.
2009-05-13 12:33:23 +02:00
libexec/postfix/postfix-wrapper
postfix: update to 3.4.6 pkgsrc changes: --------------- * change COMMENT to make pkglint happy (inspired by http://www.postfix.org/) * update PLIST using make print-PLIST (missing @pkgdir) upstream changes: ----------------- 20181125 Cleanup: dict_file_to_xxx() takes a list of file names separated by CHARS_COMMA_SP. Shoe-horned into the existing API, make it nicer when there is time. File: util/dict_file.c. 20181127 Cleanup: encapsulated clumsy 'read into VSTRING' code with easier-to-use vstream_fread_buf() and vstream_fread_app() primitives. Files: global/memcache_proto.c, global/record.c, global/smtp_stream.c, global/smtp_stream.h, global/uxtext.c, global/xtext.c, milter/milter8.c, util/dict_file.c, util/hex_quote.c, util/netstring.c, util/vstream.c, util/vstream.h. Verified with "make tests". Cleanup: simplified the smtp_fread() API (introduced for BDAT support), and changed the name to smtp_fread_buf(). Files: global/smtp_stream.c, smtpd/smtpd.c. Verified with ~megabyte BDAT commands. Cleanup: simplified a tlsproxy-internal API. File: tlsproxy/tlsproxy.c. 20181128 Initial support for key/certificate chain files that will replace the proliferation of separate parameters for RSA/DSA/ECC/etc. key and certificate files. Viktor Dukhovni. 20181201 Cleanup: replaced the remaining unsafe VSTRING_AT_OFFSET() calls with safe vstring_set_payload_size() calls, in code that directly writes into VSTRING. Files: tls/tls_session.c, tlsmgr/tlsmgr.c, util/casefold.c, util/vstring.c, util/vstring.h, xsasl/xsasl_cyrus_client.c. Cleanup: postscreen_command_time_limit did not need to be a 'raw' parameter. This makes "postconf -x" behavior more consistent. Files: global/mail_params.h, postscreen/postscreen.c. Documentation: added text that the following parameter values are not subject to Postfix parameter $name expansion: default_rbl_reply, command_execution_directory, luser_relay, smtpd_reject_footer. These have their own documented $name substitution mechanism. File: proto/postconf.proto. 20181202 Bugfix: posttls-finger reported an error for UNIX-domain connections, even if they did not fail. Found by Coverity. File: posttls-finger/posttls-finger.c. 20181208 Documentation: add even more redundancy to the rate-delay description. File: proto/postconf.proto. 20181210 Cleanup: code deduplication. File: util/dict_file.c. 20181226 Cleanup: code deduplication and better encapsulation with PSC_DEL_CLIENT_STATE() and PSC_DEL_SERVER_STATE() macros. Files: postscreen/postscreen.h, postscreen/postscreen_state.c. Documentation: POSTSCREEN_README did not describe the postscreen_post_queue_limit, and attributed the wrong reject message to the postscreen_pre_queue_limit. Problem reported by Michael Orlitzky. File: proto/POSTSCREEN_README.html. (20181226-nonprod) Compatibility: removed support for OpenSSL 1.0.1 (not supported since December 31, 2016) and earlier releases. This eliminated a large number of #ifdefs with bitrot workarounds. Viktor Dukhovni. Files: global/mail_params.h, posttls-finger/posttls-finger.c, tls/tls.h, tls/tls_certkey.c, tls/tls_client.c, tls/tls_dane.c, tls/tls_dh.c, tls/tls_misc.c, tls/tls_proxy_client_scan.c, tls/tls_rsa.c, tls/tls_server.c, tls/tls_session.c. (20181226-nonprod) Use the OpenSSL 1.0.2 and later API for setting ECDHE curves. Viktor Dukhovni. Files: tls/tls.h, tls/tls_client.c, tls/tls_dh.c. (20181226-nonprod) Documentation update for TLS support. Viktor Dukhovni. Files: mantools/postlink, proto/TLS_README.html, proto/postconf.proto, src/sendmail/sendmail.c, src/smtpd/smtpd.c. 20181229 Explicit maps_file_find() and dict_file_lookup() methods that decode base64 content. Decoding content is not built into the dict->lookup() method, because that would complicate the implementation of map nesting (inline, thash), map composition (pipemap, unionmap), and map proxying. For consistency, decoding base64 file content is also not built into the maps_find() method. Files: util/dict.h. util/dict_file.c, global/maps.[hc], postmap/postmap.c. 20190106 Documentation: documented the SRC_RHS_IS_FILE flag in dict_open.c, and updated the -F description in the postmap manpage. Files: util/dict_open.c, postmap/postmap.c. (20190106-nonprod) Feature: support for files that combine multiple (key, certificate, trust chain) instances in one file, to avoid separate files for RSA, DSA, Elliptic Curve, and so on. Viktor Dukhovni. Files: .indent.pro, global/mail_params.h, posttls-finger/posttls-finger.c, smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp_params.c, smtp/smtp_proto.c, smtpd/smtpd.c, tls/tls.h, tls/tls_certkey.c, tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c, tls/tls_proxy_server_print.c, tls/tls_proxy_server_scan.c, tls/tls_server.c, tlsproxy/tlsproxy.c. (20190106-nonprod) Create a second, no-key no-cert, SSL_CTX for use with SNI. Viktor Dukhovni. Files: src/tls/tls.h, src/tls/tls_client.c, src/tls/tls_misc.c, src/tls/tls_server.c. (20190106-nonprod) Server-side SNI support. Viktor Dukhovni. Files: src/global/mail_params.h, src/smtp/smtp.c, src/smtpd/smtpd.c, src/tls/tls.h, src/tls/tls_certkey.c, src/tls/tls_misc.c, src/tlsproxy/tlsproxy.c, (20190106-nonprod) Configurable client-side SNI signal. Viktor Dukhovni. Files: global/mail_params.h, posttls-finger/posttls-finger.c, smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp.h, smtp/smtp_params.c, smtp/smtp_proto.c, smtp/smtp_tls_policy.c, tls/tls.h, tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c. 20190121 Logging: support for internal logging file, without using syslog (it uses the new postlogd daemon instead). This solves a usability problem for MacOS, may help getting around systemd, and solves 99% of the problem for logging to stdout in a container (hopefully we have 100% soon). Enable by setting, for example, "maillog_file = /var/log/postfix.log"). This works fine for daemons, and with some limitations for non-daemon programs. See RELEASE_NOTES for more details. Files: conf/master.cf, conf/post-install, conf/postfix-files, conf/postfix-script, mantools/postlink, proto/master, proto/postconf.proto, global/mail_params.c, global/mail_params.h, global/mail_proto.h, global/maillog_client.c, global/maillog_client.h, master/dgram_server.c, master/event_server.c, master/mail_server.h, master/master.c, master/master.h, master/master_ent.c, master/master_listen.c, master/master_proto.h, master/master_wakeup.c, master/multi_server.c, master/single_server.c, master/trigger_server.c, postalias/postalias.c, postconf/postconf_master.c, postdrop/postdrop.c, postfix/postfix.c, postkick/postkick.c, postlog/postlog.c, postlogd/postlogd.c, postmap/postmap.c, postmulti/postmulti.c, postqueue/postqueue.c, postsuper/postsuper.c, sendmail/sendmail.c, util/connect.h, util/listen.h, util/logwriter.c, util/logwriter.h, util/msg_logger.c, util/msg_logger.h, util/msg_output.c, util/msg_output.h, util/unix_dgram_connect.c, util/unix_dgram_listen.c. Cleanup: cert/key/chain loading, plus unit tests to exercise non-error and error cases. Viktor Dukhovni. Files: tls/*.pem, tls*.pem.ref, tls/tls_certkey.c. 20190126 Safety: Postfix programs will log to either syslog or postlog but not both; and postlogd forwards postlog logging to syslog, when a configuration change removes the maillog_file pathname, but some programs still use the old configuration. Files: util/msg_syslog.[hc], util/msg_logger.c, global/maillog_client.c, postlogd/postlogd.c, Bugfix (introduced: Postfix 20110109, Postfix 2.10): watchdog pipe file descriptor leak. This pipe provides one source of liveness, data from this pipe is discarded, and therefore this does not enable privilege escalation or DOS. File: util/watchdog.c. Feature: stdout logging support; requires "postfix start-fg" and "maillog_file = /dev/stdout". Files: master/master.c, conf/postfix-script. 20190127 Safety: when maillog_file is specified, 'postfix check' now requires that the postlog service is enabled in master.cf. Otherwise 'postfix start' etc. will log a fatal error. File: conf/postfix-script. Documentation: added policy_context example. File: proto/SMTPD_POLICY_README.html. 20190128 Testing: run libtls tests under Valgrind. File tls/Makefile.in. 20190129 Safety: require that $maillog_file matches one of the pathname prefixes specified in $maillog_file_prefixes. The maillog file is created by root, and the prefixes limit the damage from a single configuration error. Files: global/mail_params.[hc], global/maillog_client.c. 20191201 Feature: "postfix logrotate" command with configurable compression program and datestamp filename suffix. File: conf/postfix-script. 20190202 Cleanup: log a warning when the client sends a malformed SNI; log an info message when the client sends a valid SNI that does not match the SNI lookup tables; update the FORWARD_SECRECY_README logging examples. Viktor Dukhovni. Files: proto/FORWARD_SECRECY_README.html, tls/tls.h, tls/tls_client.c, tls/tls_misc.c. 20190208 Debugging: the master(8) daemon now logs a warning if a master.cf entry is defined multiple times. File: src/master/master_conf.c. 20190209 Debugging: tlsproxy(8) now logs more details about unexpected configuration differences between the Postfix SMTP client and the tlsproxy(8) daemon. 20190210 Documentation: Postfix 3.4.0 RELEASE NOTES. Documentation: added BDAT_README. Documentation: global TLS settings. Files: mantools/postlink, smtp/smtp.c, tlsproxy/tlsproxy.c. 20190211 Cleanup: removed obsolete parameters: tls_dane_digest_agility, tls_dane_trust_anchor_digest_enable; removed openssl_path parameter from configuration difference checks in tlsproxy. Files: global/mail_params.h, tls/tls_misc.c, tls/tls_proxy_client_misc.c, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c, tls/tls_proxy.h. 20190212 Cleanup: missing #ifdef USE_TLS. Files: smtp/smtp_session.c, posttls-finger/posttls-finger.c. 20190217 Cleanup: when the master daemon runs with PID=1 (init mode), reap orhpan processes from non-Postfix code running in the same container, instead of terminating with a panic. File: master/master_spawn.c. 20190218 Bugfix: tlsproxy did not enable DANE-style PKI because libtls seems to have to accreted multiple init functions instead of reusing the tls_client_init() and tls_client_start() API. And some functions that do initialization don't even have init in their name! Problem report by Andreas Schulze. Viktor Dukhovni. Files: tls/tls_misc.c, tlsproxy/tlsproxy.c. Workaround: Postfix libtls makes DANE-specific changes to the shared SSL_CTX. To avoid false sharing, tlsproxy needs to label the SSL_CTX cache with DANE bits until we can remove the code that modifies SSL_CTX. File: tlsproxy/tlsproxy.c. Cleanup: Postfix libtls changed the shared SSL_CTX to override ciphers. instead of changing the SSL handle. To avoid false sharing in tlsproxy, the changes are now made to the SSL handle. Viktor Dukhovni. Files: tls/tls.h, tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c. 20190219 Bugfix: in the Postfix SMTP client, TLS wrappermode was not tested in tlsproxy mode. It needed some setup for buffering and timeouts. Problem report by Andreas Schulze. File: smtp/smtp_proto.c. 20190304 Bugfix: a reversed test broke TLS configurations that specify the same filename for a private key and certificate. Reported by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the test. Files: tls/tls_certkey.c, tls/Makefile.in. 20190310 Bitrot: LINUX5s support, after some sanity checks with a rawhide prerelease version. Files: makedefs, util/sys_defs.h. Bugfix (introduced: 20181226): broken DANE trust anchor file support, caused by left-over debris from the 20181226 TLS library overhaul. By intrigeri. File: tls/tls_dane.c. Bugfix (introduced: Postfix-1.0.1): null pointer read, while logging a warning after a corrupted bounce log file. File: global/bounce_log.c. Bugfix (introduced: Postfix-2.9.0): null pointer read, while logging a warning after a postscreen_command_filter read error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c 20190312 Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce has been producing false rejects starting with the Postfix 2.2 smtpd_end_of_data_restrictons, and for the same reasons, does the same with the Postfix 3.4 BDAT command. The latter was reported by Andreas Schulze. File: smtpd/smtpd_check.c. 20190319 With message_size_limit=0 (which is NOT DOCUMENTED), BDAT chunks were always rejected as too large. File: smtpd/smtpd.c 20190328 Bugfix (introduced: Postfix 3.0): LMTP connections over UNIX-domain sockets were cached but not reused, due to a cache lookup key mismatch. Therefore, idle cached connections could exhaust LMTP server resources, resulting in two-second pauses between email deliveries. This problem was investigated by Juliana Rodrigueiro. File: smtp/smtp_connect.c. 20190331 Documentation: tlsext_padding is not a tls_ssl_options feature. File: proto/postconf.proto. 20190401 Portability: added "#undef sun" to util/unix_dgram_connect.c. 20190403 Bugfix (introduced: Postfix 2.3): a censoring filter broke multiline Milter responses for header/body events. Problem report by Andreas Thienemann. Files: util/printable.c, util/stringops.h, smtpd/smtpd.c Bugfix (introduced: Postfix 3.3): "smtp_mx_address_limit = 0" no longer meant 'unlimited'. Problem report by Luc Pardon. File: smtp/smtp_addr.c. 20190615 Documentation: updated the BUGS section in the smtp(8) manpage about TLS connection reuse. File: smtp/smtp.c. Workaround for implementations that hang Postfix while shutting down a TLS session, until Postfix times out. With "tls_fast_shutdown_enable = yes" (the default), Postfix no longer waits for the TLS peer to respond to a TLS 'close' request. This is recommended with TLSv1.0 and later. Files: global/mail_params.h, tls/tls_session.c, and documentation. 20190621 Bugfix (introduced: Postfix 3.0): the code to reset Postfix SMTP server command counts was not called after a HaProxy handshake failure, causing stale numbers to be reported. The command counts are now reset in the function that reports the counts. File: smtpd/smtpd.c.
2019-07-17 15:33:00 +02:00
libexec/postfix/postlogd
Updated mail/postfix to 2.6.0 - Multi-instance support introduces a new postmulti(1) command to create/add/remove/etc. additional Postfix instances. The familiar "postfix start" etc. commands now automatically start multiple Postfix instances. The good news: nothing changes when you use only one Postfix instance. See MULTI_INSTANCE_README for details. - Multi-instance support required that some files be moved from the non-shared $config_directory to the shared $daemon_directory. The affected files are postfix-script, postfix-files and post-install. - TLS (SSL) support was updated for elliptic curve encryption. This requires OpenSSL version 0.9.9 or later. The SMTP client no longer uses the SSLv2 protocol by default. See TLS_README for details. - The Milter client now supports all Sendmail 8.14 Milter requests, including requests for rejected recipient addresses, and requests to replace the envelope sender address. See MILTER_README for details. - Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To: headers to email messages with "remote" origins (these are origins that don't match $local_header_rewrite_clients). Adding such headers breaks DKIM signatures that explicitly cover non-present headers. For compatibility with existing logfile processing software, Postfix will log ``message-id=<>'' for email messages that have no Message-Id header. - Stress-adaptive behavior is now enabled by default. This allows the Postfix SMTP server to temporarily reduce time limits and error-count limits under conditions of overload, such as a malware attack or backscatter flood. See STRESS_README for details. No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations.
2009-05-13 12:33:23 +02:00
libexec/postfix/postmulti-script
Update "postfix" package to version 2.8.1. Changes since version 2.7.2: Postfix stable release 2.8.0 is available. This release continues the move towards improving code and documentation, and making the system better prepared for changes in the threat environment. The postscreen daemon (a zombie blocker in front of Postfix) is now included with the stable release. postscreen now supports TLS and can log the rejected sender, recipient and helo information. See the POSTSCREEN_README file for recommended usage scenarios. Support for DNS whitelisting (permit_rhswl_client), and for pattern matching to filter the responses from DNS white/blacklist servers (e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]). Improved message tracking across SMTP-based content filters; the after-filter SMTP server can log the before-filter queue ID (the XCLIENT protocol was extended). Read-only support for sqlite databases. See sqlite_table(5) and SQLITE_README. Support for 'footers' that are appended to SMTP server "reject" responses. See "smtpd_reject_footer" in the postconf(5) manpage. This update was tested by Takahiro Kambe.
2011-02-26 09:58:59 +01:00
libexec/postfix/postscreen
Updated postfix to 2.0.2 - Added MAILER-DAEMON to the list of always recognized local addresses, since it is generated by Postfix bounces. - Bugfix: transport_errno was not reset upon successful transport map wildcard lookup after an earlier failure. - Cleanup: unnecessary warnings from the proxymap client after proxymap server disconnect. - Cleanup: Patrik Rak found a few more chattr invocations that were missed 20021209. Files: postfix-install, conf/post-install. - Cleanup: the pcre-config command can produce null outputs. - Bugfix: the virtual(8) Makefile included $(AUXLIBS) in the dependencies. - Bugfix: fixed in the snapshots 20030105 but missed in the stable release. "sendmail -bs" tried to access the proxymap service. It should not try to open any user/domain/uce related tables at all.
2003-01-15 18:15:04 +01:00
libexec/postfix/proxymap
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
libexec/postfix/qmgr
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
2002-03-06 16:07:54 +01:00
libexec/postfix/qmqpd
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
2005-03-28 10:53:07 +02:00
libexec/postfix/scache
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
libexec/postfix/showq
libexec/postfix/smtp
libexec/postfix/smtpd
libexec/postfix/spawn
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
2005-03-28 10:53:07 +02:00
libexec/postfix/tlsmgr
Update "postfix" package to version 2.8.1. Changes since version 2.7.2: Postfix stable release 2.8.0 is available. This release continues the move towards improving code and documentation, and making the system better prepared for changes in the threat environment. The postscreen daemon (a zombie blocker in front of Postfix) is now included with the stable release. postscreen now supports TLS and can log the rejected sender, recipient and helo information. See the POSTSCREEN_README file for recommended usage scenarios. Support for DNS whitelisting (permit_rhswl_client), and for pattern matching to filter the responses from DNS white/blacklist servers (e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]). Improved message tracking across SMTP-based content filters; the after-filter SMTP server can log the before-filter queue ID (the XCLIENT protocol was extended). Read-only support for sqlite databases. See sqlite_table(5) and SQLITE_README. Support for 'footers' that are appended to SMTP server "reject" responses. See "smtpd_reject_footer" in the postconf(5) manpage. This update was tested by Takahiro Kambe.
2011-02-26 09:58:59 +01:00
libexec/postfix/tlsproxy
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
libexec/postfix/trivial-rewrite
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
libexec/postfix/verify
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
2002-03-06 16:07:54 +01:00
libexec/postfix/virtual
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
man/man1/mailq.1
man/man1/newaliases.1
man/man1/postalias.1
man/man1/postcat.1
man/man1/postconf.1
man/man1/postdrop.1
Update postfix to 3.1.2. 3.1.0 The main changes in no particular order are: * "postfix tls" command to simplify setup of opportunistic TLS, and to simplify SMTP server key/certificate management. * Positive and negative DNS reply TTL support in postscreen(8). * SASL AUTH rate limit in the Postfix SMTP server. * A safety limit on the number of address verify requests. * JSON-format Postfix queue listing. * Destination-independent delivery rate delay For details, see the RELEASE_NOTES file. 3.1.1 Fixed in all supported releases: * The Milter "replace sender" (SMFIR_CHGFROM) request lost an address that was added with sender_bcc_maps, resulting in a "rcpt count mismatch" warning. Reported by Joerg Backschues. This defect was introduced with Postfix 2.6. * The "bad filetype" example in the header_checks(5) manpage falsely rejected Content- headers with ``name="example"; x-apple-part-url="example.com"''. Reported by Cedric Knight. This defect was introduced with Postfix 2.6. 3.1.2 Fixed with Postfix 3.1.2: * Changes to make Postfix build with OpenSSL 1.1.0. Fixed with Postfix 3.1.2 and 3.0.6: * The makedefs script ignored readme_directory=pathname overrides. Fix by Todd C. Olson. * The tls_session_ticket_cipher documentation says that the default cipher for TLS session tickets is aes-256-cbc, but the implemented default was aes-128-cbc. Note that TLS session ticket keys are rotated after 1/2 hour, to limit the impact of attacks on session ticket keys.
2016-09-18 19:10:28 +02:00
man/man1/postfix-tls.1
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
man/man1/postfix.1
man/man1/postkick.1
man/man1/postlock.1
man/man1/postlog.1
man/man1/postmap.1
Updated mail/postfix to 2.6.0 - Multi-instance support introduces a new postmulti(1) command to create/add/remove/etc. additional Postfix instances. The familiar "postfix start" etc. commands now automatically start multiple Postfix instances. The good news: nothing changes when you use only one Postfix instance. See MULTI_INSTANCE_README for details. - Multi-instance support required that some files be moved from the non-shared $config_directory to the shared $daemon_directory. The affected files are postfix-script, postfix-files and post-install. - TLS (SSL) support was updated for elliptic curve encryption. This requires OpenSSL version 0.9.9 or later. The SMTP client no longer uses the SSLv2 protocol by default. See TLS_README for details. - The Milter client now supports all Sendmail 8.14 Milter requests, including requests for rejected recipient addresses, and requests to replace the envelope sender address. See MILTER_README for details. - Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To: headers to email messages with "remote" origins (these are origins that don't match $local_header_rewrite_clients). Adding such headers breaks DKIM signatures that explicitly cover non-present headers. For compatibility with existing logfile processing software, Postfix will log ``message-id=<>'' for email messages that have no Message-Id header. - Stress-adaptive behavior is now enabled by default. This allows the Postfix SMTP server to temporarily reduce time limits and error-count limits under conditions of overload, such as a malware attack or backscatter flood. See STRESS_README for details. No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations.
2009-05-13 12:33:23 +02:00
man/man1/postmulti.1
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
2002-03-06 16:07:54 +01:00
man/man1/postqueue.1
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
man/man1/postsuper.1
Install qshape(1) manpage. Bump PKGREVISION.
2007-04-25 15:09:35 +02:00
man/man1/qshape.1
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
man/man1/sendmail.1
man/man5/access.5
man/man5/aliases.5
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
man/man5/body_checks.5
Updated mail/postfix to 2.3.0 This is the first version in the 2.3.x series, please see the release notes for full list of changes since 2.2.x before upgrading your current installation.
2006-07-13 11:57:51 +02:00
man/man5/bounce.5
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
man/man5/canonical.5
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
man/man5/cidr_table.5
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
2005-03-28 10:53:07 +02:00
man/man5/generic.5
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
man/man5/header_checks.5
man/man5/ldap_table.5
Update postfix to 2.11.0. Quote from release announce: The main changes in no particular order are: * Support for PKI-less TLS server certificate verification with DANE (DNS-based Authentication of Named Entities) where the CA public key or the server certificate is identified via DNSSEC lookup. This requires a DNS resolver that validates DNSSEC replies. The problem with conventional PKI is that there are literally hundreds of organizations world-wide that can provide a certificate in anyone's name. DANE limits trust to the people who control the target DNS zone and its parent zones. * Support for LMDB databases. Originally developed as part of OpenLDAP, LMDB is the first persistent Postfix database that can be shared among multiple writers such as postscreen daemons (Postfix already supported shared non-persistent memcached caches). Postfix currently requires LMDB version 0.9.11 or later. See LMDB_README for details and limitations. * A new postscreen_dnsbl_whitelist_threshold feature to allow clients to skip postscreen tests based on their DNSBL score. This can eliminate email delays due to "after 220 greeting" protocol tests, which otherwise require that a client reconnects before it can deliver mail. Some providers such as Google don't retry from the same IP address, and that can result in large email delivery delays. * The recipient_delimiter feature now supports different delimiters, for example both "+" and "-". As before, this implementation recognizes exactly one delimiter character per email address, and exactly one address extension per email address. * Advanced master.cf query/update support to access service attributes as "name = value" pairs. For example to turn off chroot on all services use "postconf -F '*/*/chroot = n'", and to change/add a "-o name=value" setting use "postconf -P smtp/inet/name = value". This was developed primarily to allow automated tools to manage Postfix systems without having to parse Postfix configuration files.
2014-02-09 06:34:13 +01:00
man/man5/lmdb_table.5
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
2005-03-28 10:53:07 +02:00
man/man5/master.5
Update Postfix to 2.9.6. Changes from 2.8.14 are too many to write here, please refer RELEASE_NOTES.
2013-02-13 15:31:31 +01:00
man/man5/memcache_table.5
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
man/man5/mysql_table.5
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
2005-03-28 10:53:07 +02:00
man/man5/nisplus_table.5
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
man/man5/pcre_table.5
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
man/man5/pgsql_table.5
man/man5/postconf.5
Updated mail/postfix to 2.6.0 - Multi-instance support introduces a new postmulti(1) command to create/add/remove/etc. additional Postfix instances. The familiar "postfix start" etc. commands now automatically start multiple Postfix instances. The good news: nothing changes when you use only one Postfix instance. See MULTI_INSTANCE_README for details. - Multi-instance support required that some files be moved from the non-shared $config_directory to the shared $daemon_directory. The affected files are postfix-script, postfix-files and post-install. - TLS (SSL) support was updated for elliptic curve encryption. This requires OpenSSL version 0.9.9 or later. The SMTP client no longer uses the SSLv2 protocol by default. See TLS_README for details. - The Milter client now supports all Sendmail 8.14 Milter requests, including requests for rejected recipient addresses, and requests to replace the envelope sender address. See MILTER_README for details. - Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To: headers to email messages with "remote" origins (these are origins that don't match $local_header_rewrite_clients). Adding such headers breaks DKIM signatures that explicitly cover non-present headers. For compatibility with existing logfile processing software, Postfix will log ``message-id=<>'' for email messages that have no Message-Id header. - Stress-adaptive behavior is now enabled by default. This allows the Postfix SMTP server to temporarily reduce time limits and error-count limits under conditions of overload, such as a malware attack or backscatter flood. See STRESS_README for details. No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations.
2009-05-13 12:33:23 +02:00
man/man5/postfix-wrapper.5
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
man/man5/regexp_table.5
man/man5/relocated.5
Update postfix to 2.11.0. Quote from release announce: The main changes in no particular order are: * Support for PKI-less TLS server certificate verification with DANE (DNS-based Authentication of Named Entities) where the CA public key or the server certificate is identified via DNSSEC lookup. This requires a DNS resolver that validates DNSSEC replies. The problem with conventional PKI is that there are literally hundreds of organizations world-wide that can provide a certificate in anyone's name. DANE limits trust to the people who control the target DNS zone and its parent zones. * Support for LMDB databases. Originally developed as part of OpenLDAP, LMDB is the first persistent Postfix database that can be shared among multiple writers such as postscreen daemons (Postfix already supported shared non-persistent memcached caches). Postfix currently requires LMDB version 0.9.11 or later. See LMDB_README for details and limitations. * A new postscreen_dnsbl_whitelist_threshold feature to allow clients to skip postscreen tests based on their DNSBL score. This can eliminate email delays due to "after 220 greeting" protocol tests, which otherwise require that a client reconnects before it can deliver mail. Some providers such as Google don't retry from the same IP address, and that can result in large email delivery delays. * The recipient_delimiter feature now supports different delimiters, for example both "+" and "-". As before, this implementation recognizes exactly one delimiter character per email address, and exactly one address extension per email address. * Advanced master.cf query/update support to access service attributes as "name = value" pairs. For example to turn off chroot on all services use "postconf -F '*/*/chroot = n'", and to change/add a "-o name=value" setting use "postconf -P smtp/inet/name = value". This was developed primarily to allow automated tools to manage Postfix systems without having to parse Postfix configuration files.
2014-02-09 06:34:13 +01:00
man/man5/socketmap_table.5
Update "postfix" package to version 2.8.1. Changes since version 2.7.2: Postfix stable release 2.8.0 is available. This release continues the move towards improving code and documentation, and making the system better prepared for changes in the threat environment. The postscreen daemon (a zombie blocker in front of Postfix) is now included with the stable release. postscreen now supports TLS and can log the rejected sender, recipient and helo information. See the POSTSCREEN_README file for recommended usage scenarios. Support for DNS whitelisting (permit_rhswl_client), and for pattern matching to filter the responses from DNS white/blacklist servers (e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]). Improved message tracking across SMTP-based content filters; the after-filter SMTP server can log the before-filter queue ID (the XCLIENT protocol was extended). Read-only support for sqlite databases. See sqlite_table(5) and SQLITE_README. Support for 'footers' that are appended to SMTP server "reject" responses. See "smtpd_reject_footer" in the postconf(5) manpage. This update was tested by Takahiro Kambe.
2011-02-26 09:58:59 +01:00
man/man5/sqlite_table.5
Updated mail/postfix to 2.3.0 This is the first version in the 2.3.x series, please see the release notes for full list of changes since 2.2.x before upgrading your current installation.
2006-07-13 11:57:51 +02:00
man/man5/tcp_table.5
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
man/man5/transport.5
man/man5/virtual.5
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
2005-03-28 10:53:07 +02:00
man/man8/anvil.8
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
man/man8/bounce.8
man/man8/cleanup.8
man/man8/defer.8
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
2005-03-28 10:53:07 +02:00
man/man8/discard.8
Update "postfix" package to version 2.8.1. Changes since version 2.7.2: Postfix stable release 2.8.0 is available. This release continues the move towards improving code and documentation, and making the system better prepared for changes in the threat environment. The postscreen daemon (a zombie blocker in front of Postfix) is now included with the stable release. postscreen now supports TLS and can log the rejected sender, recipient and helo information. See the POSTSCREEN_README file for recommended usage scenarios. Support for DNS whitelisting (permit_rhswl_client), and for pattern matching to filter the responses from DNS white/blacklist servers (e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]). Improved message tracking across SMTP-based content filters; the after-filter SMTP server can log the before-filter queue ID (the XCLIENT protocol was extended). Read-only support for sqlite databases. See sqlite_table(5) and SQLITE_README. Support for 'footers' that are appended to SMTP server "reject" responses. See "smtpd_reject_footer" in the postconf(5) manpage. This update was tested by Takahiro Kambe.
2011-02-26 09:58:59 +01:00
man/man8/dnsblog.8
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
man/man8/error.8
man/man8/flush.8
man/man8/lmtp.8
man/man8/local.8
man/man8/master.8
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
man/man8/oqmgr.8
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
man/man8/pickup.8
man/man8/pipe.8
postfix: update to 3.4.6 pkgsrc changes: --------------- * change COMMENT to make pkglint happy (inspired by http://www.postfix.org/) * update PLIST using make print-PLIST (missing @pkgdir) upstream changes: ----------------- 20181125 Cleanup: dict_file_to_xxx() takes a list of file names separated by CHARS_COMMA_SP. Shoe-horned into the existing API, make it nicer when there is time. File: util/dict_file.c. 20181127 Cleanup: encapsulated clumsy 'read into VSTRING' code with easier-to-use vstream_fread_buf() and vstream_fread_app() primitives. Files: global/memcache_proto.c, global/record.c, global/smtp_stream.c, global/smtp_stream.h, global/uxtext.c, global/xtext.c, milter/milter8.c, util/dict_file.c, util/hex_quote.c, util/netstring.c, util/vstream.c, util/vstream.h. Verified with "make tests". Cleanup: simplified the smtp_fread() API (introduced for BDAT support), and changed the name to smtp_fread_buf(). Files: global/smtp_stream.c, smtpd/smtpd.c. Verified with ~megabyte BDAT commands. Cleanup: simplified a tlsproxy-internal API. File: tlsproxy/tlsproxy.c. 20181128 Initial support for key/certificate chain files that will replace the proliferation of separate parameters for RSA/DSA/ECC/etc. key and certificate files. Viktor Dukhovni. 20181201 Cleanup: replaced the remaining unsafe VSTRING_AT_OFFSET() calls with safe vstring_set_payload_size() calls, in code that directly writes into VSTRING. Files: tls/tls_session.c, tlsmgr/tlsmgr.c, util/casefold.c, util/vstring.c, util/vstring.h, xsasl/xsasl_cyrus_client.c. Cleanup: postscreen_command_time_limit did not need to be a 'raw' parameter. This makes "postconf -x" behavior more consistent. Files: global/mail_params.h, postscreen/postscreen.c. Documentation: added text that the following parameter values are not subject to Postfix parameter $name expansion: default_rbl_reply, command_execution_directory, luser_relay, smtpd_reject_footer. These have their own documented $name substitution mechanism. File: proto/postconf.proto. 20181202 Bugfix: posttls-finger reported an error for UNIX-domain connections, even if they did not fail. Found by Coverity. File: posttls-finger/posttls-finger.c. 20181208 Documentation: add even more redundancy to the rate-delay description. File: proto/postconf.proto. 20181210 Cleanup: code deduplication. File: util/dict_file.c. 20181226 Cleanup: code deduplication and better encapsulation with PSC_DEL_CLIENT_STATE() and PSC_DEL_SERVER_STATE() macros. Files: postscreen/postscreen.h, postscreen/postscreen_state.c. Documentation: POSTSCREEN_README did not describe the postscreen_post_queue_limit, and attributed the wrong reject message to the postscreen_pre_queue_limit. Problem reported by Michael Orlitzky. File: proto/POSTSCREEN_README.html. (20181226-nonprod) Compatibility: removed support for OpenSSL 1.0.1 (not supported since December 31, 2016) and earlier releases. This eliminated a large number of #ifdefs with bitrot workarounds. Viktor Dukhovni. Files: global/mail_params.h, posttls-finger/posttls-finger.c, tls/tls.h, tls/tls_certkey.c, tls/tls_client.c, tls/tls_dane.c, tls/tls_dh.c, tls/tls_misc.c, tls/tls_proxy_client_scan.c, tls/tls_rsa.c, tls/tls_server.c, tls/tls_session.c. (20181226-nonprod) Use the OpenSSL 1.0.2 and later API for setting ECDHE curves. Viktor Dukhovni. Files: tls/tls.h, tls/tls_client.c, tls/tls_dh.c. (20181226-nonprod) Documentation update for TLS support. Viktor Dukhovni. Files: mantools/postlink, proto/TLS_README.html, proto/postconf.proto, src/sendmail/sendmail.c, src/smtpd/smtpd.c. 20181229 Explicit maps_file_find() and dict_file_lookup() methods that decode base64 content. Decoding content is not built into the dict->lookup() method, because that would complicate the implementation of map nesting (inline, thash), map composition (pipemap, unionmap), and map proxying. For consistency, decoding base64 file content is also not built into the maps_find() method. Files: util/dict.h. util/dict_file.c, global/maps.[hc], postmap/postmap.c. 20190106 Documentation: documented the SRC_RHS_IS_FILE flag in dict_open.c, and updated the -F description in the postmap manpage. Files: util/dict_open.c, postmap/postmap.c. (20190106-nonprod) Feature: support for files that combine multiple (key, certificate, trust chain) instances in one file, to avoid separate files for RSA, DSA, Elliptic Curve, and so on. Viktor Dukhovni. Files: .indent.pro, global/mail_params.h, posttls-finger/posttls-finger.c, smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp_params.c, smtp/smtp_proto.c, smtpd/smtpd.c, tls/tls.h, tls/tls_certkey.c, tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c, tls/tls_proxy_server_print.c, tls/tls_proxy_server_scan.c, tls/tls_server.c, tlsproxy/tlsproxy.c. (20190106-nonprod) Create a second, no-key no-cert, SSL_CTX for use with SNI. Viktor Dukhovni. Files: src/tls/tls.h, src/tls/tls_client.c, src/tls/tls_misc.c, src/tls/tls_server.c. (20190106-nonprod) Server-side SNI support. Viktor Dukhovni. Files: src/global/mail_params.h, src/smtp/smtp.c, src/smtpd/smtpd.c, src/tls/tls.h, src/tls/tls_certkey.c, src/tls/tls_misc.c, src/tlsproxy/tlsproxy.c, (20190106-nonprod) Configurable client-side SNI signal. Viktor Dukhovni. Files: global/mail_params.h, posttls-finger/posttls-finger.c, smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp.h, smtp/smtp_params.c, smtp/smtp_proto.c, smtp/smtp_tls_policy.c, tls/tls.h, tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c. 20190121 Logging: support for internal logging file, without using syslog (it uses the new postlogd daemon instead). This solves a usability problem for MacOS, may help getting around systemd, and solves 99% of the problem for logging to stdout in a container (hopefully we have 100% soon). Enable by setting, for example, "maillog_file = /var/log/postfix.log"). This works fine for daemons, and with some limitations for non-daemon programs. See RELEASE_NOTES for more details. Files: conf/master.cf, conf/post-install, conf/postfix-files, conf/postfix-script, mantools/postlink, proto/master, proto/postconf.proto, global/mail_params.c, global/mail_params.h, global/mail_proto.h, global/maillog_client.c, global/maillog_client.h, master/dgram_server.c, master/event_server.c, master/mail_server.h, master/master.c, master/master.h, master/master_ent.c, master/master_listen.c, master/master_proto.h, master/master_wakeup.c, master/multi_server.c, master/single_server.c, master/trigger_server.c, postalias/postalias.c, postconf/postconf_master.c, postdrop/postdrop.c, postfix/postfix.c, postkick/postkick.c, postlog/postlog.c, postlogd/postlogd.c, postmap/postmap.c, postmulti/postmulti.c, postqueue/postqueue.c, postsuper/postsuper.c, sendmail/sendmail.c, util/connect.h, util/listen.h, util/logwriter.c, util/logwriter.h, util/msg_logger.c, util/msg_logger.h, util/msg_output.c, util/msg_output.h, util/unix_dgram_connect.c, util/unix_dgram_listen.c. Cleanup: cert/key/chain loading, plus unit tests to exercise non-error and error cases. Viktor Dukhovni. Files: tls/*.pem, tls*.pem.ref, tls/tls_certkey.c. 20190126 Safety: Postfix programs will log to either syslog or postlog but not both; and postlogd forwards postlog logging to syslog, when a configuration change removes the maillog_file pathname, but some programs still use the old configuration. Files: util/msg_syslog.[hc], util/msg_logger.c, global/maillog_client.c, postlogd/postlogd.c, Bugfix (introduced: Postfix 20110109, Postfix 2.10): watchdog pipe file descriptor leak. This pipe provides one source of liveness, data from this pipe is discarded, and therefore this does not enable privilege escalation or DOS. File: util/watchdog.c. Feature: stdout logging support; requires "postfix start-fg" and "maillog_file = /dev/stdout". Files: master/master.c, conf/postfix-script. 20190127 Safety: when maillog_file is specified, 'postfix check' now requires that the postlog service is enabled in master.cf. Otherwise 'postfix start' etc. will log a fatal error. File: conf/postfix-script. Documentation: added policy_context example. File: proto/SMTPD_POLICY_README.html. 20190128 Testing: run libtls tests under Valgrind. File tls/Makefile.in. 20190129 Safety: require that $maillog_file matches one of the pathname prefixes specified in $maillog_file_prefixes. The maillog file is created by root, and the prefixes limit the damage from a single configuration error. Files: global/mail_params.[hc], global/maillog_client.c. 20191201 Feature: "postfix logrotate" command with configurable compression program and datestamp filename suffix. File: conf/postfix-script. 20190202 Cleanup: log a warning when the client sends a malformed SNI; log an info message when the client sends a valid SNI that does not match the SNI lookup tables; update the FORWARD_SECRECY_README logging examples. Viktor Dukhovni. Files: proto/FORWARD_SECRECY_README.html, tls/tls.h, tls/tls_client.c, tls/tls_misc.c. 20190208 Debugging: the master(8) daemon now logs a warning if a master.cf entry is defined multiple times. File: src/master/master_conf.c. 20190209 Debugging: tlsproxy(8) now logs more details about unexpected configuration differences between the Postfix SMTP client and the tlsproxy(8) daemon. 20190210 Documentation: Postfix 3.4.0 RELEASE NOTES. Documentation: added BDAT_README. Documentation: global TLS settings. Files: mantools/postlink, smtp/smtp.c, tlsproxy/tlsproxy.c. 20190211 Cleanup: removed obsolete parameters: tls_dane_digest_agility, tls_dane_trust_anchor_digest_enable; removed openssl_path parameter from configuration difference checks in tlsproxy. Files: global/mail_params.h, tls/tls_misc.c, tls/tls_proxy_client_misc.c, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c, tls/tls_proxy.h. 20190212 Cleanup: missing #ifdef USE_TLS. Files: smtp/smtp_session.c, posttls-finger/posttls-finger.c. 20190217 Cleanup: when the master daemon runs with PID=1 (init mode), reap orhpan processes from non-Postfix code running in the same container, instead of terminating with a panic. File: master/master_spawn.c. 20190218 Bugfix: tlsproxy did not enable DANE-style PKI because libtls seems to have to accreted multiple init functions instead of reusing the tls_client_init() and tls_client_start() API. And some functions that do initialization don't even have init in their name! Problem report by Andreas Schulze. Viktor Dukhovni. Files: tls/tls_misc.c, tlsproxy/tlsproxy.c. Workaround: Postfix libtls makes DANE-specific changes to the shared SSL_CTX. To avoid false sharing, tlsproxy needs to label the SSL_CTX cache with DANE bits until we can remove the code that modifies SSL_CTX. File: tlsproxy/tlsproxy.c. Cleanup: Postfix libtls changed the shared SSL_CTX to override ciphers. instead of changing the SSL handle. To avoid false sharing in tlsproxy, the changes are now made to the SSL handle. Viktor Dukhovni. Files: tls/tls.h, tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c. 20190219 Bugfix: in the Postfix SMTP client, TLS wrappermode was not tested in tlsproxy mode. It needed some setup for buffering and timeouts. Problem report by Andreas Schulze. File: smtp/smtp_proto.c. 20190304 Bugfix: a reversed test broke TLS configurations that specify the same filename for a private key and certificate. Reported by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the test. Files: tls/tls_certkey.c, tls/Makefile.in. 20190310 Bitrot: LINUX5s support, after some sanity checks with a rawhide prerelease version. Files: makedefs, util/sys_defs.h. Bugfix (introduced: 20181226): broken DANE trust anchor file support, caused by left-over debris from the 20181226 TLS library overhaul. By intrigeri. File: tls/tls_dane.c. Bugfix (introduced: Postfix-1.0.1): null pointer read, while logging a warning after a corrupted bounce log file. File: global/bounce_log.c. Bugfix (introduced: Postfix-2.9.0): null pointer read, while logging a warning after a postscreen_command_filter read error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c 20190312 Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce has been producing false rejects starting with the Postfix 2.2 smtpd_end_of_data_restrictons, and for the same reasons, does the same with the Postfix 3.4 BDAT command. The latter was reported by Andreas Schulze. File: smtpd/smtpd_check.c. 20190319 With message_size_limit=0 (which is NOT DOCUMENTED), BDAT chunks were always rejected as too large. File: smtpd/smtpd.c 20190328 Bugfix (introduced: Postfix 3.0): LMTP connections over UNIX-domain sockets were cached but not reused, due to a cache lookup key mismatch. Therefore, idle cached connections could exhaust LMTP server resources, resulting in two-second pauses between email deliveries. This problem was investigated by Juliana Rodrigueiro. File: smtp/smtp_connect.c. 20190331 Documentation: tlsext_padding is not a tls_ssl_options feature. File: proto/postconf.proto. 20190401 Portability: added "#undef sun" to util/unix_dgram_connect.c. 20190403 Bugfix (introduced: Postfix 2.3): a censoring filter broke multiline Milter responses for header/body events. Problem report by Andreas Thienemann. Files: util/printable.c, util/stringops.h, smtpd/smtpd.c Bugfix (introduced: Postfix 3.3): "smtp_mx_address_limit = 0" no longer meant 'unlimited'. Problem report by Luc Pardon. File: smtp/smtp_addr.c. 20190615 Documentation: updated the BUGS section in the smtp(8) manpage about TLS connection reuse. File: smtp/smtp.c. Workaround for implementations that hang Postfix while shutting down a TLS session, until Postfix times out. With "tls_fast_shutdown_enable = yes" (the default), Postfix no longer waits for the TLS peer to respond to a TLS 'close' request. This is recommended with TLSv1.0 and later. Files: global/mail_params.h, tls/tls_session.c, and documentation. 20190621 Bugfix (introduced: Postfix 3.0): the code to reset Postfix SMTP server command counts was not called after a HaProxy handshake failure, causing stale numbers to be reported. The command counts are now reset in the function that reports the counts. File: smtpd/smtpd.c.
2019-07-17 15:33:00 +02:00
man/man8/postlogd.8
Update Postfix to 2.9.6. Changes from 2.8.14 are too many to write here, please refer RELEASE_NOTES.
2013-02-13 15:31:31 +01:00
man/man8/postscreen.8
Updated postfix to 2.0.2 - Added MAILER-DAEMON to the list of always recognized local addresses, since it is generated by Postfix bounces. - Bugfix: transport_errno was not reset upon successful transport map wildcard lookup after an earlier failure. - Cleanup: unnecessary warnings from the proxymap client after proxymap server disconnect. - Cleanup: Patrik Rak found a few more chattr invocations that were missed 20021209. Files: postfix-install, conf/post-install. - Cleanup: the pcre-config command can produce null outputs. - Bugfix: the virtual(8) Makefile included $(AUXLIBS) in the dependencies. - Bugfix: fixed in the snapshots 20030105 but missed in the stable release. "sendmail -bs" tried to access the proxymap service. It should not try to open any user/domain/uce related tables at all.
2003-01-15 18:15:04 +01:00
man/man8/proxymap.8
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
man/man8/qmgr.8
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
2002-03-06 16:07:54 +01:00
man/man8/qmqpd.8
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
2005-03-28 10:53:07 +02:00
man/man8/scache.8
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
man/man8/showq.8
man/man8/smtp.8
man/man8/smtpd.8
man/man8/spawn.8
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
2005-03-28 10:53:07 +02:00
man/man8/tlsmgr.8
Update "postfix" package to version 2.8.1. Changes since version 2.7.2: Postfix stable release 2.8.0 is available. This release continues the move towards improving code and documentation, and making the system better prepared for changes in the threat environment. The postscreen daemon (a zombie blocker in front of Postfix) is now included with the stable release. postscreen now supports TLS and can log the rejected sender, recipient and helo information. See the POSTSCREEN_README file for recommended usage scenarios. Support for DNS whitelisting (permit_rhswl_client), and for pattern matching to filter the responses from DNS white/blacklist servers (e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]). Improved message tracking across SMTP-based content filters; the after-filter SMTP server can log the before-filter queue ID (the XCLIENT protocol was extended). Read-only support for sqlite databases. See sqlite_table(5) and SQLITE_README. Support for 'footers' that are appended to SMTP server "reject" responses. See "smtpd_reject_footer" in the postconf(5) manpage. This update was tested by Takahiro Kambe.
2011-02-26 09:58:59 +01:00
man/man8/tlsproxy.8
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
man/man8/trace.8
resurrect, after nuking the right files in the wrong dir.
2001-03-20 14:02:04 +01:00
man/man8/trivial-rewrite.8
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
man/man8/verify.8
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
2002-03-06 16:07:54 +01:00
man/man8/virtual.8
sbin/postalias
sbin/postcat
sbin/postconf
sbin/postdrop
sbin/postfix
sbin/postkick
sbin/postlock
sbin/postlog
sbin/postmap
Added sbin/postmulti to PLIST. PKGREVISION++
2009-05-14 19:12:10 +02:00
sbin/postmulti
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
2002-03-06 16:07:54 +01:00
sbin/postqueue
sbin/postsuper
Fix pkg/32498 - install PREFIX/sbin/qshape Updated postfix to 2.2.9 Most of this patch hardens the TLS implementation against DNS-based attacks, and eliminates some anomalies from the TLS per-site policy engine. See the TLS_README document for tips on how to avoid DNS-based attacks that can change the server hostname that Postfix uses for logging, for TLS per-site policies, and for server certificate verification. The patch also adds a workaround that prevents Postfix from repeatedly trying to deliver mail to domains with a malformed MX record (for example, with a null MX hostname). Postfix 2.2.9 bounces such mail immediately.
2006-02-27 08:10:59 +01:00
sbin/qshape
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
2002-03-06 16:07:54 +01:00
sbin/sendmail
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
share/doc/postfix/AAAREADME
Updated postfix to 2.0.0.2 IMPORTANT: read the documents in /usr/pkg/share/doc/postfix/ before upgrading from Postfix 1.1. Hightlights: - MIME support (including 8bit->7bit conversion and more accurate matching of MIME headers in message bodies) - completely rewritten RBL client code - smarter handling of DNS lookup errors in UCE restrictions - virtual delivery agent without transport map for every domain - a long list of other things that are meant to improve performance or functionality without compromising what already existed.
2003-01-06 10:15:49 +01:00
share/doc/postfix/ADDRESS_CLASS_README
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
share/doc/postfix/ADDRESS_REWRITING_README
share/doc/postfix/ADDRESS_VERIFICATION_README
share/doc/postfix/BACKSCATTER_README
share/doc/postfix/BASIC_CONFIGURATION_README
share/doc/postfix/BUILTIN_FILTER_README
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
2005-03-28 10:53:07 +02:00
share/doc/postfix/CDB_README
Update postfix to 3.1.2. 3.1.0 The main changes in no particular order are: * "postfix tls" command to simplify setup of opportunistic TLS, and to simplify SMTP server key/certificate management. * Positive and negative DNS reply TTL support in postscreen(8). * SASL AUTH rate limit in the Postfix SMTP server. * A safety limit on the number of address verify requests. * JSON-format Postfix queue listing. * Destination-independent delivery rate delay For details, see the RELEASE_NOTES file. 3.1.1 Fixed in all supported releases: * The Milter "replace sender" (SMFIR_CHGFROM) request lost an address that was added with sender_bcc_maps, resulting in a "rcpt count mismatch" warning. Reported by Joerg Backschues. This defect was introduced with Postfix 2.6. * The "bad filetype" example in the header_checks(5) manpage falsely rejected Content- headers with ``name="example"; x-apple-part-url="example.com"''. Reported by Cedric Knight. This defect was introduced with Postfix 2.6. 3.1.2 Fixed with Postfix 3.1.2: * Changes to make Postfix build with OpenSSL 1.1.0. Fixed with Postfix 3.1.2 and 3.0.6: * The makedefs script ignored readme_directory=pathname overrides. Fix by Todd C. Olson. * The tls_session_ticket_cipher documentation says that the default cipher for TLS session tickets is aes-256-cbc, but the implemented default was aes-128-cbc. Note that TLS session ticket keys are rotated after 1/2 hour, to limit the impact of attacks on session ticket keys.
2016-09-18 19:10:28 +02:00
share/doc/postfix/COMPATIBILITY_README
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
2005-03-28 10:53:07 +02:00
share/doc/postfix/CONNECTION_CACHE_README
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
share/doc/postfix/CONTENT_INSPECTION_README
share/doc/postfix/DATABASE_README
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
2002-03-06 16:07:54 +01:00
share/doc/postfix/DB_README
share/doc/postfix/DEBUG_README
Updated mail/postfix to 2.3.0 This is the first version in the 2.3.x series, please see the release notes for full list of changes since 2.2.x before upgrading your current installation.
2006-07-13 11:57:51 +02:00
share/doc/postfix/DSN_README
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
2002-03-06 16:07:54 +01:00
share/doc/postfix/ETRN_README
share/doc/postfix/FILTER_README
Update postfix to 2.11.0. Quote from release announce: The main changes in no particular order are: * Support for PKI-less TLS server certificate verification with DANE (DNS-based Authentication of Named Entities) where the CA public key or the server certificate is identified via DNSSEC lookup. This requires a DNS resolver that validates DNSSEC replies. The problem with conventional PKI is that there are literally hundreds of organizations world-wide that can provide a certificate in anyone's name. DANE limits trust to the people who control the target DNS zone and its parent zones. * Support for LMDB databases. Originally developed as part of OpenLDAP, LMDB is the first persistent Postfix database that can be shared among multiple writers such as postscreen daemons (Postfix already supported shared non-persistent memcached caches). Postfix currently requires LMDB version 0.9.11 or later. See LMDB_README for details and limitations. * A new postscreen_dnsbl_whitelist_threshold feature to allow clients to skip postscreen tests based on their DNSBL score. This can eliminate email delays due to "after 220 greeting" protocol tests, which otherwise require that a client reconnects before it can deliver mail. Some providers such as Google don't retry from the same IP address, and that can result in large email delivery delays. * The recipient_delimiter feature now supports different delimiters, for example both "+" and "-". As before, this implementation recognizes exactly one delimiter character per email address, and exactly one address extension per email address. * Advanced master.cf query/update support to access service attributes as "name = value" pairs. For example to turn off chroot on all services use "postconf -F '*/*/chroot = n'", and to change/add a "-o name=value" setting use "postconf -P smtp/inet/name = value". This was developed primarily to allow automated tools to manage Postfix systems without having to parse Postfix configuration files.
2014-02-09 06:34:13 +01:00
share/doc/postfix/FORWARD_SECRECY_README
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
2002-03-06 16:07:54 +01:00
share/doc/postfix/INSTALL
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
2005-03-28 10:53:07 +02:00
share/doc/postfix/IPV6_README
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
2002-03-06 16:07:54 +01:00
share/doc/postfix/LDAP_README
share/doc/postfix/LINUX_README
Update postfix to 2.11.0. Quote from release announce: The main changes in no particular order are: * Support for PKI-less TLS server certificate verification with DANE (DNS-based Authentication of Named Entities) where the CA public key or the server certificate is identified via DNSSEC lookup. This requires a DNS resolver that validates DNSSEC replies. The problem with conventional PKI is that there are literally hundreds of organizations world-wide that can provide a certificate in anyone's name. DANE limits trust to the people who control the target DNS zone and its parent zones. * Support for LMDB databases. Originally developed as part of OpenLDAP, LMDB is the first persistent Postfix database that can be shared among multiple writers such as postscreen daemons (Postfix already supported shared non-persistent memcached caches). Postfix currently requires LMDB version 0.9.11 or later. See LMDB_README for details and limitations. * A new postscreen_dnsbl_whitelist_threshold feature to allow clients to skip postscreen tests based on their DNSBL score. This can eliminate email delays due to "after 220 greeting" protocol tests, which otherwise require that a client reconnects before it can deliver mail. Some providers such as Google don't retry from the same IP address, and that can result in large email delivery delays. * The recipient_delimiter feature now supports different delimiters, for example both "+" and "-". As before, this implementation recognizes exactly one delimiter character per email address, and exactly one address extension per email address. * Advanced master.cf query/update support to access service attributes as "name = value" pairs. For example to turn off chroot on all services use "postconf -F '*/*/chroot = n'", and to change/add a "-o name=value" setting use "postconf -P smtp/inet/name = value". This was developed primarily to allow automated tools to manage Postfix systems without having to parse Postfix configuration files.
2014-02-09 06:34:13 +01:00
share/doc/postfix/LMDB_README
- Move all "share" files to share/examples/postfix; all of them are used as samples, either by the user or by bsd.pkg.install.mk. - Correctly handle configuration files, that is, avoid touching the conf directory directly. - Use OWN_DIRS to handle the spool directory. - Run post-install through an INSTALL script. - Sort PLIST after all these changes. - Bump PKGREVISION to 1.
2003-05-01 16:07:56 +02:00
share/doc/postfix/LOCAL_RECIPIENT_README
share/doc/postfix/MAILDROP_README
Update Postfix to 2.9.6. Changes from 2.8.14 are too many to write here, please refer RELEASE_NOTES.
2013-02-13 15:31:31 +01:00
share/doc/postfix/MEMCACHE_README
Updated mail/postfix to 2.3.0 This is the first version in the 2.3.x series, please see the release notes for full list of changes since 2.2.x before upgrading your current installation.
2006-07-13 11:57:51 +02:00
share/doc/postfix/MILTER_README
Updated mail/postfix to 2.6.0 - Multi-instance support introduces a new postmulti(1) command to create/add/remove/etc. additional Postfix instances. The familiar "postfix start" etc. commands now automatically start multiple Postfix instances. The good news: nothing changes when you use only one Postfix instance. See MULTI_INSTANCE_README for details. - Multi-instance support required that some files be moved from the non-shared $config_directory to the shared $daemon_directory. The affected files are postfix-script, postfix-files and post-install. - TLS (SSL) support was updated for elliptic curve encryption. This requires OpenSSL version 0.9.9 or later. The SMTP client no longer uses the SSLv2 protocol by default. See TLS_README for details. - The Milter client now supports all Sendmail 8.14 Milter requests, including requests for rejected recipient addresses, and requests to replace the envelope sender address. See MILTER_README for details. - Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To: headers to email messages with "remote" origins (these are origins that don't match $local_header_rewrite_clients). Adding such headers breaks DKIM signatures that explicitly cover non-present headers. For compatibility with existing logfile processing software, Postfix will log ``message-id=<>'' for email messages that have no Message-Id header. - Stress-adaptive behavior is now enabled by default. This allows the Postfix SMTP server to temporarily reduce time limits and error-count limits under conditions of overload, such as a malware attack or backscatter flood. See STRESS_README for details. No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations.
2009-05-13 12:33:23 +02:00
share/doc/postfix/MULTI_INSTANCE_README
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
2002-03-06 16:07:54 +01:00
share/doc/postfix/MYSQL_README
share/doc/postfix/NFS_README
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
share/doc/postfix/OVERVIEW
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
2002-03-06 16:07:54 +01:00
share/doc/postfix/PACKAGE_README
share/doc/postfix/PCRE_README
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
share/doc/postfix/PGSQL_README
Update "postfix" package to version 2.8.1. Changes since version 2.7.2: Postfix stable release 2.8.0 is available. This release continues the move towards improving code and documentation, and making the system better prepared for changes in the threat environment. The postscreen daemon (a zombie blocker in front of Postfix) is now included with the stable release. postscreen now supports TLS and can log the rejected sender, recipient and helo information. See the POSTSCREEN_README file for recommended usage scenarios. Support for DNS whitelisting (permit_rhswl_client), and for pattern matching to filter the responses from DNS white/blacklist servers (e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]). Improved message tracking across SMTP-based content filters; the after-filter SMTP server can log the before-filter queue ID (the XCLIENT protocol was extended). Read-only support for sqlite databases. See sqlite_table(5) and SQLITE_README. Support for 'footers' that are appended to SMTP server "reject" responses. See "smtpd_reject_footer" in the postconf(5) manpage. This update was tested by Takahiro Kambe.
2011-02-26 09:58:59 +01:00
share/doc/postfix/POSTSCREEN_README
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
share/doc/postfix/QSHAPE_README
- Move all "share" files to share/examples/postfix; all of them are used as samples, either by the user or by bsd.pkg.install.mk. - Correctly handle configuration files, that is, avoid touching the conf directory directly. - Use OWN_DIRS to handle the spool directory. - Run post-install through an INSTALL script. - Sort PLIST after all these changes. - Bump PKGREVISION to 1.
2003-05-01 16:07:56 +02:00
share/doc/postfix/RELEASE_NOTES
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
2002-03-06 16:07:54 +01:00
share/doc/postfix/RESTRICTION_CLASS_README
share/doc/postfix/SASL_README
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
share/doc/postfix/SCHEDULER_README
share/doc/postfix/SMTPD_ACCESS_README
share/doc/postfix/SMTPD_POLICY_README
share/doc/postfix/SMTPD_PROXY_README
Update "postfix" package to version 2.8.1. Changes since version 2.7.2: Postfix stable release 2.8.0 is available. This release continues the move towards improving code and documentation, and making the system better prepared for changes in the threat environment. The postscreen daemon (a zombie blocker in front of Postfix) is now included with the stable release. postscreen now supports TLS and can log the rejected sender, recipient and helo information. See the POSTSCREEN_README file for recommended usage scenarios. Support for DNS whitelisting (permit_rhswl_client), and for pattern matching to filter the responses from DNS white/blacklist servers (e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]). Improved message tracking across SMTP-based content filters; the after-filter SMTP server can log the before-filter queue ID (the XCLIENT protocol was extended). Read-only support for sqlite databases. See sqlite_table(5) and SQLITE_README. Support for 'footers' that are appended to SMTP server "reject" responses. See "smtpd_reject_footer" in the postconf(5) manpage. This update was tested by Takahiro Kambe.
2011-02-26 09:58:59 +01:00
share/doc/postfix/SOHO_README
share/doc/postfix/SQLITE_README
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
share/doc/postfix/STANDARD_CONFIGURATION_README
Update Postfix to version 2.5.1 (ok martti). Major changes over 2.4.x are: - TLS (SSL) support was streamlined further, and provides a new security level based on certificate fingerprints instead of CA signatures. See TLS_README for details. - Milter support was updated from the Sendmail 8.13 feature set and now includes most of the features that were introduced with Sendmail 8.14. See MILTER_README for details. - Stress-adaptive configuration was introduced. This allows the Postfix SMTP server to temporarily adjust its rules under conditions of overload, such as a malware attack or backscatter flood. See STRESS_README for details. [pkgsrc: this obsoletes the "postfix-stress" option which provided the same functionality via a distribution patch] - The queue manager scheduler was refined. It now provides per-transport scheduling controls and allows for adjustment of the sensitivity to mail delivery (non-)errors. See SCHEDULER_README. - Security was improved by introducing a Postfix-owned data_directory for storage of randomness, caches and other non-queue data. This change avoids future security loopholes due to untrusted data sitting in root-owned files or in root-owned directories. Writes to legacy files in root-owned directories are automatically redirected to files in the new data_directory. No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations.
2008-02-18 18:45:34 +01:00
share/doc/postfix/STRESS_README
Updated mail/postfix to 2.4.0 The footprint of new features with Postfix 2.4.0 is significantly smaller than with earlier releases. And that is the whole point of approaching completeness: fewer visible changes. Below is a brief summary of what has changed. See the RELEASE_NOTES file for more, including compatibility issues that may affect your site. The HISTORY file gives a blow-by-blow account of what happened over the past year. Wietse - Postfix can now manage thousands of connections without needing special main.cf, master.cf, or compile-time tweaks, on systems with BSD kqueue, Solaris /dev/poll, or Linux epoll support. - Milter support for message body replacement. The resulting queue files are backwards compatible with Postfix 2.3. The existing Milter support for message header manipulations was revised and is now implemented by much simpler code. - Minor improvements in TLS session cache management and in the implementation of certificate fingerprint based authentication. A more extensive revision of TLS internals will appear first in Postfix 2.5 snapshots. - Improvements in queue manager performance when deferring large amounts of mail, or when delivering mail with lots of recipients. - Workarounds for SMTP servers that reply and hang up prematurely, for file system clocks that are out of sync, and for broken kernel lock management in POP servers.
2007-04-03 09:27:50 +02:00
share/doc/postfix/TLS_LEGACY_README
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
2005-03-28 10:53:07 +02:00
share/doc/postfix/TLS_README
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
share/doc/postfix/TUNING_README
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
2002-03-06 16:07:54 +01:00
share/doc/postfix/ULTRIX_README
share/doc/postfix/UUCP_README
share/doc/postfix/VERP_README
share/doc/postfix/VIRTUAL_README
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
2004-06-21 18:13:23 +02:00
share/doc/postfix/XCLIENT_README
share/doc/postfix/XFORWARD_README
Install more of the example configuration files into installed examples directory. Back out modification to postfix-install that was ignoring our setting for config_directory.
2004-07-20 00:04:40 +02:00
share/examples/postfix/LICENSE
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
2005-03-28 10:53:07 +02:00
share/examples/postfix/TLS_LICENSE
Install more of the example configuration files into installed examples directory. Back out modification to postfix-install that was ignoring our setting for config_directory.
2004-07-20 00:04:40 +02:00
share/examples/postfix/access
share/examples/postfix/aliases
Updated mail/postfix to 2.3.0 This is the first version in the 2.3.x series, please see the release notes for full list of changes since 2.2.x before upgrading your current installation.
2006-07-13 11:57:51 +02:00
share/examples/postfix/bounce.cf.default
Install more of the example configuration files into installed examples directory. Back out modification to postfix-install that was ignoring our setting for config_directory.
2004-07-20 00:04:40 +02:00
share/examples/postfix/canonical
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
2005-03-28 10:53:07 +02:00
share/examples/postfix/generic
Install more of the example configuration files into installed examples directory. Back out modification to postfix-install that was ignoring our setting for config_directory.
2004-07-20 00:04:40 +02:00
share/examples/postfix/header_checks
Missing mailer.conf from PLIST.
2004-07-24 01:39:00 +02:00
share/examples/postfix/mailer.conf
- Move all "share" files to share/examples/postfix; all of them are used as samples, either by the user or by bsd.pkg.install.mk. - Correctly handle configuration files, that is, avoid touching the conf directory directly. - Use OWN_DIRS to handle the spool directory. - Run post-install through an INSTALL script. - Sort PLIST after all these changes. - Bump PKGREVISION to 1.
2003-05-01 16:07:56 +02:00
share/examples/postfix/main.cf
Install more of the example configuration files into installed examples directory. Back out modification to postfix-install that was ignoring our setting for config_directory.
2004-07-20 00:04:40 +02:00
share/examples/postfix/main.cf.default
- Move all "share" files to share/examples/postfix; all of them are used as samples, either by the user or by bsd.pkg.install.mk. - Correctly handle configuration files, that is, avoid touching the conf directory directly. - Use OWN_DIRS to handle the spool directory. - Run post-install through an INSTALL script. - Sort PLIST after all these changes. - Bump PKGREVISION to 1.
2003-05-01 16:07:56 +02:00
share/examples/postfix/master.cf
Install more of the example configuration files into installed examples directory. Back out modification to postfix-install that was ignoring our setting for config_directory.
2004-07-20 00:04:40 +02:00
share/examples/postfix/relocated
Convert to use PLIST_VARS instead of manually passing "@comment " through PLIST_SUBST to the plist module.
2008-04-13 00:42:57 +02:00
${PLIST.csasl}share/examples/postfix/smtpd.conf
Install more of the example configuration files into installed examples directory. Back out modification to postfix-install that was ignoring our setting for config_directory.
2004-07-20 00:04:40 +02:00
share/examples/postfix/transport
share/examples/postfix/virtual
postfix: update to 3.4.6 pkgsrc changes: --------------- * change COMMENT to make pkglint happy (inspired by http://www.postfix.org/) * update PLIST using make print-PLIST (missing @pkgdir) upstream changes: ----------------- 20181125 Cleanup: dict_file_to_xxx() takes a list of file names separated by CHARS_COMMA_SP. Shoe-horned into the existing API, make it nicer when there is time. File: util/dict_file.c. 20181127 Cleanup: encapsulated clumsy 'read into VSTRING' code with easier-to-use vstream_fread_buf() and vstream_fread_app() primitives. Files: global/memcache_proto.c, global/record.c, global/smtp_stream.c, global/smtp_stream.h, global/uxtext.c, global/xtext.c, milter/milter8.c, util/dict_file.c, util/hex_quote.c, util/netstring.c, util/vstream.c, util/vstream.h. Verified with "make tests". Cleanup: simplified the smtp_fread() API (introduced for BDAT support), and changed the name to smtp_fread_buf(). Files: global/smtp_stream.c, smtpd/smtpd.c. Verified with ~megabyte BDAT commands. Cleanup: simplified a tlsproxy-internal API. File: tlsproxy/tlsproxy.c. 20181128 Initial support for key/certificate chain files that will replace the proliferation of separate parameters for RSA/DSA/ECC/etc. key and certificate files. Viktor Dukhovni. 20181201 Cleanup: replaced the remaining unsafe VSTRING_AT_OFFSET() calls with safe vstring_set_payload_size() calls, in code that directly writes into VSTRING. Files: tls/tls_session.c, tlsmgr/tlsmgr.c, util/casefold.c, util/vstring.c, util/vstring.h, xsasl/xsasl_cyrus_client.c. Cleanup: postscreen_command_time_limit did not need to be a 'raw' parameter. This makes "postconf -x" behavior more consistent. Files: global/mail_params.h, postscreen/postscreen.c. Documentation: added text that the following parameter values are not subject to Postfix parameter $name expansion: default_rbl_reply, command_execution_directory, luser_relay, smtpd_reject_footer. These have their own documented $name substitution mechanism. File: proto/postconf.proto. 20181202 Bugfix: posttls-finger reported an error for UNIX-domain connections, even if they did not fail. Found by Coverity. File: posttls-finger/posttls-finger.c. 20181208 Documentation: add even more redundancy to the rate-delay description. File: proto/postconf.proto. 20181210 Cleanup: code deduplication. File: util/dict_file.c. 20181226 Cleanup: code deduplication and better encapsulation with PSC_DEL_CLIENT_STATE() and PSC_DEL_SERVER_STATE() macros. Files: postscreen/postscreen.h, postscreen/postscreen_state.c. Documentation: POSTSCREEN_README did not describe the postscreen_post_queue_limit, and attributed the wrong reject message to the postscreen_pre_queue_limit. Problem reported by Michael Orlitzky. File: proto/POSTSCREEN_README.html. (20181226-nonprod) Compatibility: removed support for OpenSSL 1.0.1 (not supported since December 31, 2016) and earlier releases. This eliminated a large number of #ifdefs with bitrot workarounds. Viktor Dukhovni. Files: global/mail_params.h, posttls-finger/posttls-finger.c, tls/tls.h, tls/tls_certkey.c, tls/tls_client.c, tls/tls_dane.c, tls/tls_dh.c, tls/tls_misc.c, tls/tls_proxy_client_scan.c, tls/tls_rsa.c, tls/tls_server.c, tls/tls_session.c. (20181226-nonprod) Use the OpenSSL 1.0.2 and later API for setting ECDHE curves. Viktor Dukhovni. Files: tls/tls.h, tls/tls_client.c, tls/tls_dh.c. (20181226-nonprod) Documentation update for TLS support. Viktor Dukhovni. Files: mantools/postlink, proto/TLS_README.html, proto/postconf.proto, src/sendmail/sendmail.c, src/smtpd/smtpd.c. 20181229 Explicit maps_file_find() and dict_file_lookup() methods that decode base64 content. Decoding content is not built into the dict->lookup() method, because that would complicate the implementation of map nesting (inline, thash), map composition (pipemap, unionmap), and map proxying. For consistency, decoding base64 file content is also not built into the maps_find() method. Files: util/dict.h. util/dict_file.c, global/maps.[hc], postmap/postmap.c. 20190106 Documentation: documented the SRC_RHS_IS_FILE flag in dict_open.c, and updated the -F description in the postmap manpage. Files: util/dict_open.c, postmap/postmap.c. (20190106-nonprod) Feature: support for files that combine multiple (key, certificate, trust chain) instances in one file, to avoid separate files for RSA, DSA, Elliptic Curve, and so on. Viktor Dukhovni. Files: .indent.pro, global/mail_params.h, posttls-finger/posttls-finger.c, smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp_params.c, smtp/smtp_proto.c, smtpd/smtpd.c, tls/tls.h, tls/tls_certkey.c, tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c, tls/tls_proxy_server_print.c, tls/tls_proxy_server_scan.c, tls/tls_server.c, tlsproxy/tlsproxy.c. (20190106-nonprod) Create a second, no-key no-cert, SSL_CTX for use with SNI. Viktor Dukhovni. Files: src/tls/tls.h, src/tls/tls_client.c, src/tls/tls_misc.c, src/tls/tls_server.c. (20190106-nonprod) Server-side SNI support. Viktor Dukhovni. Files: src/global/mail_params.h, src/smtp/smtp.c, src/smtpd/smtpd.c, src/tls/tls.h, src/tls/tls_certkey.c, src/tls/tls_misc.c, src/tlsproxy/tlsproxy.c, (20190106-nonprod) Configurable client-side SNI signal. Viktor Dukhovni. Files: global/mail_params.h, posttls-finger/posttls-finger.c, smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp.h, smtp/smtp_params.c, smtp/smtp_proto.c, smtp/smtp_tls_policy.c, tls/tls.h, tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c. 20190121 Logging: support for internal logging file, without using syslog (it uses the new postlogd daemon instead). This solves a usability problem for MacOS, may help getting around systemd, and solves 99% of the problem for logging to stdout in a container (hopefully we have 100% soon). Enable by setting, for example, "maillog_file = /var/log/postfix.log"). This works fine for daemons, and with some limitations for non-daemon programs. See RELEASE_NOTES for more details. Files: conf/master.cf, conf/post-install, conf/postfix-files, conf/postfix-script, mantools/postlink, proto/master, proto/postconf.proto, global/mail_params.c, global/mail_params.h, global/mail_proto.h, global/maillog_client.c, global/maillog_client.h, master/dgram_server.c, master/event_server.c, master/mail_server.h, master/master.c, master/master.h, master/master_ent.c, master/master_listen.c, master/master_proto.h, master/master_wakeup.c, master/multi_server.c, master/single_server.c, master/trigger_server.c, postalias/postalias.c, postconf/postconf_master.c, postdrop/postdrop.c, postfix/postfix.c, postkick/postkick.c, postlog/postlog.c, postlogd/postlogd.c, postmap/postmap.c, postmulti/postmulti.c, postqueue/postqueue.c, postsuper/postsuper.c, sendmail/sendmail.c, util/connect.h, util/listen.h, util/logwriter.c, util/logwriter.h, util/msg_logger.c, util/msg_logger.h, util/msg_output.c, util/msg_output.h, util/unix_dgram_connect.c, util/unix_dgram_listen.c. Cleanup: cert/key/chain loading, plus unit tests to exercise non-error and error cases. Viktor Dukhovni. Files: tls/*.pem, tls*.pem.ref, tls/tls_certkey.c. 20190126 Safety: Postfix programs will log to either syslog or postlog but not both; and postlogd forwards postlog logging to syslog, when a configuration change removes the maillog_file pathname, but some programs still use the old configuration. Files: util/msg_syslog.[hc], util/msg_logger.c, global/maillog_client.c, postlogd/postlogd.c, Bugfix (introduced: Postfix 20110109, Postfix 2.10): watchdog pipe file descriptor leak. This pipe provides one source of liveness, data from this pipe is discarded, and therefore this does not enable privilege escalation or DOS. File: util/watchdog.c. Feature: stdout logging support; requires "postfix start-fg" and "maillog_file = /dev/stdout". Files: master/master.c, conf/postfix-script. 20190127 Safety: when maillog_file is specified, 'postfix check' now requires that the postlog service is enabled in master.cf. Otherwise 'postfix start' etc. will log a fatal error. File: conf/postfix-script. Documentation: added policy_context example. File: proto/SMTPD_POLICY_README.html. 20190128 Testing: run libtls tests under Valgrind. File tls/Makefile.in. 20190129 Safety: require that $maillog_file matches one of the pathname prefixes specified in $maillog_file_prefixes. The maillog file is created by root, and the prefixes limit the damage from a single configuration error. Files: global/mail_params.[hc], global/maillog_client.c. 20191201 Feature: "postfix logrotate" command with configurable compression program and datestamp filename suffix. File: conf/postfix-script. 20190202 Cleanup: log a warning when the client sends a malformed SNI; log an info message when the client sends a valid SNI that does not match the SNI lookup tables; update the FORWARD_SECRECY_README logging examples. Viktor Dukhovni. Files: proto/FORWARD_SECRECY_README.html, tls/tls.h, tls/tls_client.c, tls/tls_misc.c. 20190208 Debugging: the master(8) daemon now logs a warning if a master.cf entry is defined multiple times. File: src/master/master_conf.c. 20190209 Debugging: tlsproxy(8) now logs more details about unexpected configuration differences between the Postfix SMTP client and the tlsproxy(8) daemon. 20190210 Documentation: Postfix 3.4.0 RELEASE NOTES. Documentation: added BDAT_README. Documentation: global TLS settings. Files: mantools/postlink, smtp/smtp.c, tlsproxy/tlsproxy.c. 20190211 Cleanup: removed obsolete parameters: tls_dane_digest_agility, tls_dane_trust_anchor_digest_enable; removed openssl_path parameter from configuration difference checks in tlsproxy. Files: global/mail_params.h, tls/tls_misc.c, tls/tls_proxy_client_misc.c, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c, tls/tls_proxy.h. 20190212 Cleanup: missing #ifdef USE_TLS. Files: smtp/smtp_session.c, posttls-finger/posttls-finger.c. 20190217 Cleanup: when the master daemon runs with PID=1 (init mode), reap orhpan processes from non-Postfix code running in the same container, instead of terminating with a panic. File: master/master_spawn.c. 20190218 Bugfix: tlsproxy did not enable DANE-style PKI because libtls seems to have to accreted multiple init functions instead of reusing the tls_client_init() and tls_client_start() API. And some functions that do initialization don't even have init in their name! Problem report by Andreas Schulze. Viktor Dukhovni. Files: tls/tls_misc.c, tlsproxy/tlsproxy.c. Workaround: Postfix libtls makes DANE-specific changes to the shared SSL_CTX. To avoid false sharing, tlsproxy needs to label the SSL_CTX cache with DANE bits until we can remove the code that modifies SSL_CTX. File: tlsproxy/tlsproxy.c. Cleanup: Postfix libtls changed the shared SSL_CTX to override ciphers. instead of changing the SSL handle. To avoid false sharing in tlsproxy, the changes are now made to the SSL handle. Viktor Dukhovni. Files: tls/tls.h, tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c. 20190219 Bugfix: in the Postfix SMTP client, TLS wrappermode was not tested in tlsproxy mode. It needed some setup for buffering and timeouts. Problem report by Andreas Schulze. File: smtp/smtp_proto.c. 20190304 Bugfix: a reversed test broke TLS configurations that specify the same filename for a private key and certificate. Reported by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the test. Files: tls/tls_certkey.c, tls/Makefile.in. 20190310 Bitrot: LINUX5s support, after some sanity checks with a rawhide prerelease version. Files: makedefs, util/sys_defs.h. Bugfix (introduced: 20181226): broken DANE trust anchor file support, caused by left-over debris from the 20181226 TLS library overhaul. By intrigeri. File: tls/tls_dane.c. Bugfix (introduced: Postfix-1.0.1): null pointer read, while logging a warning after a corrupted bounce log file. File: global/bounce_log.c. Bugfix (introduced: Postfix-2.9.0): null pointer read, while logging a warning after a postscreen_command_filter read error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c 20190312 Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce has been producing false rejects starting with the Postfix 2.2 smtpd_end_of_data_restrictons, and for the same reasons, does the same with the Postfix 3.4 BDAT command. The latter was reported by Andreas Schulze. File: smtpd/smtpd_check.c. 20190319 With message_size_limit=0 (which is NOT DOCUMENTED), BDAT chunks were always rejected as too large. File: smtpd/smtpd.c 20190328 Bugfix (introduced: Postfix 3.0): LMTP connections over UNIX-domain sockets were cached but not reused, due to a cache lookup key mismatch. Therefore, idle cached connections could exhaust LMTP server resources, resulting in two-second pauses between email deliveries. This problem was investigated by Juliana Rodrigueiro. File: smtp/smtp_connect.c. 20190331 Documentation: tlsext_padding is not a tls_ssl_options feature. File: proto/postconf.proto. 20190401 Portability: added "#undef sun" to util/unix_dgram_connect.c. 20190403 Bugfix (introduced: Postfix 2.3): a censoring filter broke multiline Milter responses for header/body events. Problem report by Andreas Thienemann. Files: util/printable.c, util/stringops.h, smtpd/smtpd.c Bugfix (introduced: Postfix 3.3): "smtp_mx_address_limit = 0" no longer meant 'unlimited'. Problem report by Luc Pardon. File: smtp/smtp_addr.c. 20190615 Documentation: updated the BUGS section in the smtp(8) manpage about TLS connection reuse. File: smtp/smtp.c. Workaround for implementations that hang Postfix while shutting down a TLS session, until Postfix times out. With "tls_fast_shutdown_enable = yes" (the default), Postfix no longer waits for the TLS peer to respond to a TLS 'close' request. This is recommended with TLSv1.0 and later. Files: global/mail_params.h, tls/tls_session.c, and documentation. 20190621 Bugfix (introduced: Postfix 3.0): the code to reset Postfix SMTP server command counts was not called after a HaProxy handshake failure, causing stale numbers to be reported. The command counts are now reset in the function that reports the counts. File: smtpd/smtpd.c.
2019-07-17 15:33:00 +02:00
@pkgdir var/spool/postfix/trace
@pkgdir var/spool/postfix/saved
@pkgdir var/spool/postfix/public
@pkgdir var/spool/postfix/private
@pkgdir var/spool/postfix/pid
@pkgdir var/spool/postfix/maildrop
@pkgdir var/spool/postfix/incoming
@pkgdir var/spool/postfix/hold
@pkgdir var/spool/postfix/flush
@pkgdir var/spool/postfix/deferred
@pkgdir var/spool/postfix/defer
@pkgdir var/spool/postfix/corrupt
@pkgdir var/spool/postfix/bounce
@pkgdir var/spool/postfix/active
@pkgdir var/db/postfix
@pkgdir libexec/postfix/postfix-files.d
@pkgdir libexec/postfix/dynamicmaps.cf.d
Reference in a new issue Copy permalink