3.1.0
The main changes in no particular order are:
* "postfix tls" command to simplify setup of opportunistic TLS,
and to simplify SMTP server key/certificate management.
* Positive and negative DNS reply TTL support in postscreen(8).
* SASL AUTH rate limit in the Postfix SMTP server.
* A safety limit on the number of address verify requests.
* JSON-format Postfix queue listing.
* Destination-independent delivery rate delay
For details, see the RELEASE_NOTES file.
3.1.1
Fixed in all supported releases:
* The Milter "replace sender" (SMFIR_CHGFROM) request lost an
address that was added with sender_bcc_maps, resulting in a
"rcpt count mismatch" warning. Reported by Joerg Backschues.
This defect was introduced with Postfix 2.6.
* The "bad filetype" example in the header_checks(5) manpage
falsely rejected Content- headers with ``name="example";
x-apple-part-url="example.com"''. Reported by Cedric Knight.
This defect was introduced with Postfix 2.6.
3.1.2
Fixed with Postfix 3.1.2:
* Changes to make Postfix build with OpenSSL 1.1.0.
Fixed with Postfix 3.1.2 and 3.0.6:
* The makedefs script ignored readme_directory=pathname overrides.
Fix by Todd C. Olson.
* The tls_session_ticket_cipher documentation says that the default
cipher for TLS session tickets is aes-256-cbc, but the implemented
default was aes-128-cbc. Note that TLS session ticket keys are
rotated after 1/2 hour, to limit the impact of attacks on session
ticket keys.
Database and regexp map functionality is now split into separate packages:
- postfix-cdb
- postfix-ldap
- postfix-lmdb
- postfix-mysql
- postfix-pcre
- postfix-pgsql
- postfix-sqlite
Upstream changelog follows.
Postfix 3.0.2
-------------
No delta against 2.11.6.
Postfix 3.0.1
-------------
- Build error when compiling the Postfix SMTP server with SASL support
but no TLS support.
- The DNS "resource record to text" converter, used for xxx_dns_reply_filter
pattern matching, appended a '.' to TXT record resource values.
- The postscreen(8) manpage specified an incorrect Postfix version number
for the postscreen_dnsbl_timeout parameter.
- The postfix-install script expanded macros in parameter values when
trying to detect parameter overrides, causing unnecessary main.cf updates
during "postfix start" etc.
- Some low-level cleanup of UTF-8 string handling with no visible change
in behavior (besides better performance).
Postfix 3.0.0
-------------
- SMTPUTF8 support for internationalized domain names and address
localparts as defined in RFC 6530 and related documents.
- Support for Postfix dynamically-linked libraries and database plugins.
- An OPT-IN safety net for the selective adoption of new Postfix default
settings. If you do nothing, the old Postfix default settings *should*
remain in effect (complain to your downstream maintainer if that is not
the case).
- Support for operations on multiple lookup tables. The
pipemap:{map1,map2...} database type implements a pipeline of lookup
tables where the result from one lookup table becomes a query for
the next table; the unionmap:{map1,map2,...} database type sends the
The main changes in no particular order are:
* Support for PKI-less TLS server certificate verification with
DANE (DNS-based Authentication of Named Entities) where the CA
public key or the server certificate is identified via DNSSEC
lookup. This requires a DNS resolver that validates DNSSEC
replies. The problem with conventional PKI is that there are
literally hundreds of organizations world-wide that can provide
a certificate in anyone's name. DANE limits trust to the people
who control the target DNS zone and its parent zones.
* Support for LMDB databases. Originally developed as part of
OpenLDAP, LMDB is the first persistent Postfix database that
can be shared among multiple writers such as postscreen daemons
(Postfix already supported shared non-persistent memcached
caches). Postfix currently requires LMDB version 0.9.11 or
later. See LMDB_README for details and limitations.
* A new postscreen_dnsbl_whitelist_threshold feature to allow
clients to skip postscreen tests based on their DNSBL score.
This can eliminate email delays due to "after 220 greeting"
protocol tests, which otherwise require that a client reconnects
before it can deliver mail. Some providers such as Google don't
retry from the same IP address, and that can result in large
email delivery delays.
* The recipient_delimiter feature now supports different delimiters,
for example both "+" and "-". As before, this implementation
recognizes exactly one delimiter character per email address,
and exactly one address extension per email address.
* Advanced master.cf query/update support to access service
attributes as "name = value" pairs. For example to turn off
chroot on all services use "postconf -F '*/*/chroot = n'", and
to change/add a "-o name=value" setting use "postconf -P
smtp/inet/name = value". This was developed primarily to allow
automated tools to manage Postfix systems without having to
parse Postfix configuration files.
Postfix stable release 2.8.0 is available. This release continues the
move towards improving code and documentation, and making the system
better prepared for changes in the threat environment.
The postscreen daemon (a zombie blocker in front of Postfix) is now
included with the stable release. postscreen now supports TLS and can
log the rejected sender, recipient and helo information. See the
POSTSCREEN_README file for recommended usage scenarios.
Support for DNS whitelisting (permit_rhswl_client), and for pattern
matching to filter the responses from DNS white/blacklist servers
(e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]).
Improved message tracking across SMTP-based content filters; the
after-filter SMTP server can log the before-filter queue ID (the
XCLIENT protocol was extended).
Read-only support for sqlite databases. See sqlite_table(5) and
SQLITE_README.
Support for 'footers' that are appended to SMTP server "reject"
responses. See "smtpd_reject_footer" in the postconf(5) manpage.
This update was tested by Takahiro Kambe.
Postfix stable release 2.7.0 is available. For the past several
releases, the focus has moved towards improving the code and
documentation, and updating the system for changing environments.
- Improved before-queue content filter performance. With
"smtpd_proxy_options = speed_adjust", the Postfix SMTP server
receives the entire message before it connects to a before-queue
content filter. Typically, this allows Postfix to handle the same
mail load with fewer content filter processes.
- Improved address verification performance. The verify database
is now persistent by default, and it is automatically cleaned
periodically, Under overload conditions, the Postfix SMTP server
no longer waits up to 6 seconds for an address probe to complete.
- Support for reputation management based on the local SMTP client
IP address. This is typically implemented with "FILTER transportname:"
actions in access maps or header/body checks, and mail delivery
transports in master.cf with unique smtp_bind_address values.
- The postscreen daemon (a zombie-blocker in front of Postfix) is
still too rough for a stable release, and will be made "mature"
in the Postfix 2.8 development cycle (however you can use Postfix
2.7 with the Postfix 2.8 postscreen and dnsblog executables and
master.cf configuration; this code has already proven itself).
No functionality has been removed, but it is a good idea to review
the RELEASE_NOTES file for the usual minor incompatibilities or
limitations.
You can find Postfix version 2.7.0 at the mirrors listed at
http://www.postfix.org/
The same code is also available as Postfix snapshot 2.8-20100213.
Updated versions of Postfix version 2.6, 2.5 and perhaps earlier
will be released with the same fixes that were already included
with Postfix versions 2.7 and 2.8.
- Multi-instance support introduces a new postmulti(1) command to
create/add/remove/etc. additional Postfix instances. The familiar
"postfix start" etc. commands now automatically start multiple
Postfix instances. The good news: nothing changes when you use
only one Postfix instance. See MULTI_INSTANCE_README for details.
- Multi-instance support required that some files be moved from
the non-shared $config_directory to the shared $daemon_directory.
The affected files are postfix-script, postfix-files and post-install.
- TLS (SSL) support was updated for elliptic curve encryption. This
requires OpenSSL version 0.9.9 or later. The SMTP client no longer
uses the SSLv2 protocol by default. See TLS_README for details.
- The Milter client now supports all Sendmail 8.14 Milter requests,
including requests for rejected recipient addresses, and requests
to replace the envelope sender address. See MILTER_README for
details.
- Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To:
headers to email messages with "remote" origins (these are origins
that don't match $local_header_rewrite_clients). Adding such
headers breaks DKIM signatures that explicitly cover non-present
headers. For compatibility with existing logfile processing
software, Postfix will log ``message-id=<>'' for email messages
that have no Message-Id header.
- Stress-adaptive behavior is now enabled by default. This allows
the Postfix SMTP server to temporarily reduce time limits and
error-count limits under conditions of overload, such as a malware
attack or backscatter flood. See STRESS_README for details.
No functionality has been removed, but it is a good idea to review
the RELEASE_NOTES file for the usual minor incompatibilities or
limitations.
- TLS (SSL) support was streamlined further, and provides a new security level
based on certificate fingerprints instead of CA signatures. See TLS_README
for details.
- Milter support was updated from the Sendmail 8.13 feature set and now
includes most of the features that were introduced with Sendmail 8.14. See
MILTER_README for details.
- Stress-adaptive configuration was introduced. This allows the Postfix SMTP
server to temporarily adjust its rules under conditions of overload, such as
a malware attack or backscatter flood. See STRESS_README for details.
[pkgsrc: this obsoletes the "postfix-stress" option which provided the same
functionality via a distribution patch]
- The queue manager scheduler was refined. It now provides per-transport
scheduling controls and allows for adjustment of the sensitivity to mail
delivery (non-)errors. See SCHEDULER_README.
- Security was improved by introducing a Postfix-owned data_directory for
storage of randomness, caches and other non-queue data. This change avoids
future security loopholes due to untrusted data sitting in root-owned files
or in root-owned directories. Writes to legacy files in root-owned
directories are automatically redirected to files in the new data_directory.
No functionality has been removed, but it is a good idea to review the
RELEASE_NOTES file for the usual minor incompatibilities or limitations.
The footprint of new features with Postfix 2.4.0 is significantly
smaller than with earlier releases. And that is the whole point of
approaching completeness: fewer visible changes.
Below is a brief summary of what has changed. See the RELEASE_NOTES
file for more, including compatibility issues that may affect your
site. The HISTORY file gives a blow-by-blow account of what happened
over the past year.
Wietse
- Postfix can now manage thousands of connections without needing
special main.cf, master.cf, or compile-time tweaks, on systems with
BSD kqueue, Solaris /dev/poll, or Linux epoll support.
- Milter support for message body replacement. The resulting queue
files are backwards compatible with Postfix 2.3. The existing Milter
support for message header manipulations was revised and is now
implemented by much simpler code.
- Minor improvements in TLS session cache management and in the
implementation of certificate fingerprint based authentication. A
more extensive revision of TLS internals will appear first in Postfix
2.5 snapshots.
- Improvements in queue manager performance when deferring large
amounts of mail, or when delivering mail with lots of recipients.
- Workarounds for SMTP servers that reply and hang up prematurely,
for file system clocks that are out of sync, and for broken kernel
lock management in POP servers.
This is the first version in the 2.3.x series, please see the release notes
for full list of changes since 2.2.x before upgrading your current
installation.
- install PREFIX/sbin/qshape
Updated postfix to 2.2.9
Most of this patch hardens the TLS implementation against DNS-based
attacks, and eliminates some anomalies from the TLS per-site policy
engine. See the TLS_README document for tips on how to avoid
DNS-based attacks that can change the server hostname that Postfix
uses for logging, for TLS per-site policies, and for server
certificate verification.
The patch also adds a workaround that prevents Postfix from repeatedly
trying to deliver mail to domains with a malformed MX record (for
example, with a null MX hostname). Postfix 2.2.9 bounces such mail
immediately.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
as samples, either by the user or by bsd.pkg.install.mk.
- Correctly handle configuration files, that is, avoid touching the conf
directory directly.
- Use OWN_DIRS to handle the spool directory.
- Run post-install through an INSTALL script.
- Sort PLIST after all these changes.
- Bump PKGREVISION to 1.
configuration.
+ Document how to use /etc/rc.conf.d/postfix on NetBSD 1.5 and newer
to start /usr/pkg/sbin/postfix instead of /usr/sbin/postfix
+ Ensure that the postfix user and the postfix & maildrop groups exist.
Adds Darwin support, and prevents a working NetBSD postfix setup from being
broken on a "make install" of this package because the package used to
change /etc/postfix/{post-install,postfix-files,postfix-script}.
These changes are mostly from Amitai Schlair <schmonz@netbsd.org>,
with some tweaks by me. (Thanks Amitai!)
- Added MAILER-DAEMON to the list of always recognized local
addresses, since it is generated by Postfix bounces.
- Bugfix: transport_errno was not reset upon successful
transport map wildcard lookup after an earlier failure.
- Cleanup: unnecessary warnings from the proxymap client
after proxymap server disconnect.
- Cleanup: Patrik Rak found a few more chattr invocations
that were missed 20021209. Files: postfix-install,
conf/post-install.
- Cleanup: the pcre-config command can produce null outputs.
- Bugfix: the virtual(8) Makefile included $(AUXLIBS) in the
dependencies.
- Bugfix: fixed in the snapshots 20030105 but missed in the
stable release. "sendmail -bs" tried to access the proxymap
service. It should not try to open any user/domain/uce
related tables at all.
IMPORTANT: read the documents in /usr/pkg/share/doc/postfix/ before
upgrading from Postfix 1.1.
Hightlights:
- MIME support (including 8bit->7bit conversion and more
accurate matching of MIME headers in message bodies)
- completely rewritten RBL client code
- smarter handling of DNS lookup errors in UCE restrictions
- virtual delivery agent without transport map for every domain
- a long list of other things that are meant to improve performance
or functionality without compromising what already existed.
Remove `-p' from mkdir arguments, it is already part of ${MKDIR}.
While here substitute a couple of ${PREFIX} by `%D' in
`@exec ${MKDIR} ...' lines and add a couple of missing `%D' in such lines too!
Major changes with release-20010228
===================================
Postfix produces DSN formatted bounced/delayed mail notifications.
The human-readable text still exists, so that users will not have
to be unnecessarily confused by all the ugliness of RFC 1894. Full
DSN support will be later.
This release introduces full content filtering through an external
process. This involves an incompatible change in queue file format.
Mail is delivered to content filtering software via an existing
mail delivery agent, and is re-injected into Postfix via an existing
mail submission agent. See examples in the FILTER_README file.
Depending on how the filter is implemented, you can expect to lose
a factor of 2 to 4 in delivery performance of SMTP transit mail,
more if the content filtering software needs lots of CPU or memory.
Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick
and dirty emergency content filter that looks at non-header lines
one line at a time (including MIME headers inside the message body).
Details in conf/sample-filter.cf.
The header_checks and body_checks features can be used to strip
out unwanted data. Specify IGNORE on the right-hand side and the
data will disappear from the mail.
Support for SASL (RFC 2554) authentication in the SMTP server and
in the SMTP and LMTP clients. See the SASL_README file for more
details. This file still needs better examples.
Postfix now ships with an LMTP delivery agent that can deliver over
local/remote TCP sockets and over local UNIX-domain sockets. The
LMTP_README file gives example, but still needs to be revised.
Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination
logfiles with information about what mail is queued for selected
destinations. See the file ETRN_README for details.
The mailbox locking style is now fully configurable at runtime.
The new configuration parameter is called "mailbox_delivery_lock".
Depending on the operating system type, mailboxes can be locked
with one or more of "flock", "fcntl" or "dotlock". The command
"postconf -l" shows the available locking styles. The default
mailbox locking style is system dependent. This change affects
all mailbox and all "/file/name" deliveries by the Postfix local
delivery agent.
