Update postfix package to 2.10.2. Here is brief changes.

2.10.2

* TLS Interoperability workaround: turn on SHA-2 digests by force. This
  improves interoperability with clients and servers that deploy SHA-2 digests
  without the required support for TLSv1.2-style digest negotiation.

* TLS Performance workaround: the Postfix SMTP server TLS session cache had
  become ineffective because recent OpenSSL versions enable session tickets by
  default, resulting in a different ticket encryption key for each smtpd(8)
  process. The workaround turns off session tickets. Postfix 2.11 will enable
  session tickets properly.

* TLS Interoperability workaround: Debian Exim versions before 4.80-3 may fail
  to communicate with Postfix and possibly other MTAs, with the following Exim
  SMTP client error message:

	TLS error on connection to server-name [server-address]
	(gnutls_handshake): The Diffie-Hellman prime sent by the server is not
	acceptable (not long enough)

  See the RELEASE_NOTES file for a Postfix SMTP server configuration
  workaround.

* Bugfix (defect introduced: 1997): memory leak while forwarding mail with the
  local(8) delivery agent, in code that handles a cleanup(8) server error.


2.10.1

* Workaround: down-stream maintainers fail to install the new
  smtpd_relay_restrictions safety net, causing breakage that could have been
  avoided. We now hard-code the safety net instead.


2.10.0

* Separation of relay policy (with smtpd_relay_restrictions) from spam policy
  (with smtpd_{client, helo, sender, recipient}_restrictions), which makes
  accidental open relay configuration less likely. The default is backwards
  compatible.

* HAproxy load-balancer support for postscreen(8) and smtpd(8). The nginx
  proxy was already supported by Postfix 2.9 smtpd(8), using XCLIENT commands.

* Support for the TLSv1 and TLSv2 protocols, as well as support to turn them
  off if needed for inter-operability.

* Laptop-friendly configuration. By default, Postfix now uses UNIX-domain
  sockets instead of FIFOs, and thus avoids MTIME file system updates on an
  idle mail system.

* Revised postconf(1) command. The "-x" option expands $name in a parameter
  value (both main.cf and master.cf); the "-o name=value" option overrides a
  main.cf parameter setting; and postconf(1) now warns about a $name that has
  no name=value setting.

* Sendmail-style "socketmap" lookup tables.

mail/postfix/Makefile

@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.266 2013/09/06 14:08:18 taca Exp $
+# $NetBSD: Makefile,v 1.267 2013/09/30 15:21:15 taca Exp $
 
-DISTNAME=	postfix-2.9.8
+DISTNAME=	postfix-2.10.2
 CATEGORIES=	mail
 MASTER_SITES=	ftp://ftp.porcupine.org/mirrors/postfix-release/official/
 MASTER_SITES+=	http://postfix.it-austria.net/releases/official/

mail/postfix/distinfo

@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.150 2013/09/06 14:08:18 taca Exp $
+$NetBSD: distinfo,v 1.151 2013/09/30 15:21:15 taca Exp $
 
-SHA1 (postfix-2.9.8.tar.gz) = 392f09ecaf6ccb5e7e40d96d26f37f2602f6198f
-RMD160 (postfix-2.9.8.tar.gz) = a907383209f00210217b13e9eefc841666371e68
-Size (postfix-2.9.8.tar.gz) = 3769844 bytes
+SHA1 (postfix-2.10.2.tar.gz) = 4721024784d071c3e663d610db17f8bd99821f3d
+RMD160 (postfix-2.10.2.tar.gz) = c5c7ecdc1a4e27b8eba2125e22f39860488db0e0
+Size (postfix-2.10.2.tar.gz) = 3828326 bytes
 SHA1 (patch-aa) = 2115fd7af5776a14fdbfc88a5ad3bc668a6762db
 SHA1 (patch-ag) = 60d752b6c8db971d92ca0017c63329ad446209c5
-SHA1 (patch-ai) = 619bab1c9f5a30929086ff2414dca8cff6c4c37e
+SHA1 (patch-ai) = 959013a2af5a2304fe6bae59a09cc13c92fc3d4c
 SHA1 (patch-src_dns_dns__lookup.c) = 1e4e94f0929d351c5cdb606ac2f61c1e07224ca5

mail/postfix/patches/patch-ai

@@ -1,9 +1,9 @@
-$NetBSD: patch-ai,v 1.29 2013/09/06 14:08:18 taca Exp $
+$NetBSD: patch-ai,v 1.30 2013/09/30 15:21:15 taca Exp $
 
 Make this pkgsrc friendly.
 Add support for NetBSD 5.x, NetBSD 6.x and DragonFly BSD.
 
---- makedefs.orig	2012-11-29 23:53:34.000000000 +0000
+--- makedefs.orig	2013-02-04 01:33:13.000000000 +0000
 +++ makedefs
 @@ -155,6 +155,8 @@ case "$SYSTEM.$RELEASE" in
  		;;
@@ -25,7 +25,7 @@ Add support for NetBSD 5.x, NetBSD 6.x and DragonFly BSD.
     BSD/OS.2*)	SYSTYPE=BSDI2
  		;;
     BSD/OS.3*)	SYSTYPE=BSDI3
-@@ -225,13 +231,6 @@ case "$SYSTEM.$RELEASE" in
+@@ -226,13 +232,6 @@ case "$SYSTEM.$RELEASE" in
  		esac
  		;;
     ULTRIX.4*)	SYSTYPE=ULTRIX4
@@ -39,41 +39,89 @@ Add support for NetBSD 5.x, NetBSD 6.x and DragonFly BSD.
  		for l in syslog resolv; do
  		    if [ -f /usr/local/lib/lib$l.a ]; then
  			SYSLIBS="$SYSLIBS -l$l"
-@@ -269,25 +268,8 @@ case "$SYSTEM.$RELEASE" in
+@@ -270,31 +269,8 @@ case "$SYSTEM.$RELEASE" in
  		esac;;
  		# Tested with RedHat 3.03 on 20020729.
      Linux.1*)	SYSTYPE=LINUX1
--		SYSLIBS="-ldb"
+-		case "$CCARGS" in
+-		 *-DNO_DB*) ;;
+-		 *) SYSLIBS="-ldb";;
+-		esac
  		;;
      Linux.2*)	SYSTYPE=LINUX2
--		# Postfix no longer needs DB 1.85 compatibility
--		if [ -f /usr/include/db.h ]
--		then
--		    : we are all set
--		elif [ -f /usr/include/db/db.h ]
--		then
--		    CCARGS="$CCARGS -I/usr/include/db"
--		else
--		    # No, we're not going to try db1 db2 db3 etc.
--		    # On a properly installed system, Postfix builds
--		    # by including <db.h> and by linking with -ldb
--		    echo "No <db.h> include file found." 1>&2
--		    echo "Install the appropriate db*-devel package first." 1>&2
--		    echo "See the RELEASE_NOTES file for more information." 1>&2
--		    exit 1
--		fi
- 		# GDBM locks the DBM .pag file after open. This breaks postmap.
- 		# if [ -f /usr/include/gdbm-ndbm.h ]
- 		# then
-@@ -298,7 +280,6 @@ case "$SYSTEM.$RELEASE" in
- 		#     CCARGS="$CCARGS -DHAS_DBM -DPATH_NDBM_H='<gdbm/ndbm.h>'"
- 		#     GDBM_LIBS=gdbm
- 		# fi
--		SYSLIBS="-ldb"
+-		case "$CCARGS" in
+-		 *-DNO_DB*) ;;
+-		 *) if [ -f /usr/include/db.h ]
+-		    then
+-			: we are all set
+-		    elif [ -f /usr/include/db/db.h ]
+-		    then
+-			CCARGS="$CCARGS -I/usr/include/db"
+-		    else
+-			# No, we're not going to try db1 db2 db3 etc.
+-			# On a properly installed system, Postfix builds
+-			# by including <db.h> and by linking with -ldb
+-			echo "No <db.h> include file found." 1>&2
+-			echo "Install the appropriate db*-devel package first." 1>&2
+-			exit 1
+-		    fi
+-		    SYSLIBS="-ldb"
+-		    ;;
+-		esac
  		for name in nsl resolv $GDBM_LIBS
  		do
  		    for lib in /usr/lib64 /lib64 /usr/lib /lib
-@@ -427,25 +408,13 @@ EOF
+@@ -348,24 +324,6 @@ EOF
+ 		esac
+ 		;;
+     Linux.3*)	SYSTYPE=LINUX3
+-		case "$CCARGS" in
+-		 *-DNO_DB*) ;;
+-		 *) if [ -f /usr/include/db.h ]
+-		    then
+-			: we are all set
+-		    elif [ -f /usr/include/db/db.h ]
+-		    then
+-			CCARGS="$CCARGS -I/usr/include/db"
+-		    else
+-			# On a properly installed system, Postfix builds
+-			# by including <db.h> and by linking with -ldb
+-			echo "No <db.h> include file found." 1>&2
+-			echo "Install the appropriate db*-devel package first." 1>&2
+-			exit 1
+-		    fi
+-		    SYSLIBS="-ldb"
+-		    ;;
+-		esac
+ 		for name in nsl resolv
+ 		do
+ 		    for lib in /usr/lib64 /lib64 /usr/lib /usr/lib/* /lib /lib/*
+@@ -379,24 +337,6 @@ EOF
+ 		;;
+      GNU.0*|GNU/kFreeBSD.[567]*)
+      		SYSTYPE=GNU0
+-		case "$CCARGS" in
+-		 *-DNO_DB*) ;;
+-		 *) if [ -f /usr/include/db.h ]
+-		    then
+-			: we are all set
+-		    elif [ -f /usr/include/db/db.h ]
+-		    then
+-			CCARGS="$CCARGS -I/usr/include/db"
+-		    else
+-			# On a properly installed system, Postfix builds
+-			# by including <db.h> and by linking with -ldb
+-			echo "No <db.h> include file found." 1>&2
+-			echo "Install the appropriate db*-devel package first." 1>&2
+-			exit 1
+-		    fi
+-		    SYSLIBS="-ldb"
+-		    ;;
+-		esac
+ 		for name in nsl resolv
+ 		do
+ 		    for lib in /usr/lib64 /lib64 /usr/lib /lib
+@@ -427,25 +367,13 @@ EOF
  HP-UX.A.09.*)	SYSTYPE=HPUX9
  		SYSLIBS=-ldbm
  		CCARGS="$CCARGS -DMISSING_USLEEP"