- File corruption while executing a Milter "header insert" action
with headers-only mail (found with dk-filter). Delivery agents
would go into an infinite loop because some queue file update
had been done in the wrong order. As a precaution, delivery
agents now detect such loops, and the queue manager now saves
such mail to the "corrupt" directory.
- Segmentation fault in the SMTP client while saving a cached
connection with unsent data. Postfix indexed some table with -1,
because some I/O cleanup had been done in the wrong order. The
same problem should exist in Postfix 2.2.
- Postfix no longer announces its name in delivery status notifications.
All other details of the default bounce text remain unchanged.
The reason for this change is that too many people believe that
Wietse provides a free helpdesk service that solves all their
email problems.
- Corrupted queue file after a request to modify a short message
header, when that header was the last one in the message.
- Panic after spurious Milter request when a client was rejected
with "smtpd_delay_reject = no".
- The Milter client is now more tolerant for redundant "data cleanup"
requests. This avoids panic() calls for harmless conditions.
Main changes in TLS support:
- The Postfix SMTP client enforced mandatory TLS only when talking
to an ESMTP server; enforcement did not happen if Postfix could
somehow be forced to send HELO instead of EHLO. This problem also
exists in Postfix 2.2, where it is is fixed with Postfix 2.2
patch 11. This is minor compared to the DNS spoofing issues that
were fixed with Postfix 2.2.10.
- Workaround for an interoperability problem introduced with Postfix
2.3. Some buggy TLS client implementations were unable to deliver
mail because the Postfix SMTP server didn't send a TLS session
ID. To disable the workaround specify "smtpd_tls_always_issue_session_ids
= no"; this allows non-buggy TLS clients to save some space.
Main changes in Milter support:
- Safety measure. After "postsuper -r", mail is no longer inspected
by the Milters specified with the non_smtpd_milters parameter.
This measure prevents a bad interaction with external content
filters: Milters would receive incorrect SMTP client information,
and could be tricked into signing or allowing untrusted messages.
This change does not affect Milter applications that run behind
an after-queue content filter. The behavior is detailed in the
postsuper(1) manual page.
This is the first version in the 2.3.x series, please see the release notes
for full list of changes since 2.2.x before upgrading your current
installation.
$smtp_sasl_security_options (as documented in postconf(5)) instead of
$var_smtp_sasl_opts, which is never defined. This is a bug that exists
in the Postfix-2.2.x series but has been fixed in the (current)
Postfix-2.3.x series. This fixes PR pkg/29631 by Christoph Badura.
Bump the PKGREVISION to 1.
- "sendmail -t" did not remove the CR from lines ending in CRLF.
- Workaround for fatal errors in PCRE maps when an expression in
() matches empty text (the PCRE library returns an inappropriate
error code).
- Fixes for non-security bugs that Coverity found in code that
handles impossible error conditions.
- install PREFIX/sbin/qshape
Updated postfix to 2.2.9
Most of this patch hardens the TLS implementation against DNS-based
attacks, and eliminates some anomalies from the TLS per-site policy
engine. See the TLS_README document for tips on how to avoid
DNS-based attacks that can change the server hostname that Postfix
uses for logging, for TLS per-site policies, and for server
certificate verification.
The patch also adds a workaround that prevents Postfix from repeatedly
trying to deliver mail to domains with a malformed MX record (for
example, with a null MX hostname). Postfix 2.2.9 bounces such mail
immediately.
Postfix 2.2.8 backs out a workaround for broken servers/firewalls
that created more problems than it solved.
- The Postfix 2.2.6 paranoia about malformed remote server replies
caused "multiple delivery" problems or "no delivery" problems with
broken servers/firewalls. Postfix still logs a warning but no longer
defers delivery.
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
Postfix 2.2.5 addresses some portability problems with LP64 platforms
that broke SMTP connection caching, and makes SMTP connection
caching more failure tolerant. These fixes are back-ported from
the experimental (2.3) release series.
The connection caching protocol has changed, so you will need to
"postfix reload" after upgrading.
20050517
Bugfix: in a DSN report, the original recipient should not
be xtext encoded. File: bounce/bounce_notify_util.c.
20050523
Bugfix: mymalloc() panic with mistyped server host list.
File: global/dict_pgsql.c.
20040530
Bugfix: TLS MUST_NOPEERMATCH didn't work (inherited from
TLS patch), and a dangling pointer in the corresponding
error handling. File: smtp/smtp_proto.c.
20050615
Cleanup: the SMTP client now sends QUIT when the initial
HELO handshake fails. it still doesn't send QUIT when the
server greets with a [45]XX code, as that is handled in the
connection management code before a session context exists.
File: smtp/smtp_connect.c.
20050616
Bugfix: missing or mis-placed va_end() macros, found in
Postfix 2.3 code review. Files: util/netstring.c,
util/myaddrinfo.c, util/attr_clnt.c, util/vstream.c.
20050621
Portability: file descriptor passing is available for Tru64
UNIX, but AIX4 and IRIX6 will have to do without. This means
no SMTP connection caching for those platforms. Albert
Chin. File: util/sys_defs.h.
- SASL inter-operability problem causing Sendmail servers to hang up on Postfix.
- Panic when a fall-back relay could not be used for a variety of reasons.
- A more usable REPLACE action in header/body_checks. The old
version produced unexpected results.
- Portability to HP-UX.
- Two harmless defects in the SMTP and LMTP clients that go back
to before the first Postfix release, and that were found while
doing code maintenance on the experimental release.
New features since 2.1.x:
- built-in IPv6 and TLS (we no longer use patches--beware config changes!)
- more sophisticated LDAP/MySQL/PostgreSQL support, with freeform queries
- SMTP client-side connection reuse
- by default, no longer rewrite message headers in mail from remote clients
- can use your ISP account name for mail destined outside your machine
- can selectively turn off ESMTP features in client or server
- remote SMTP client resource control (the anvil server)
- support for CDB, SDBM and NIS+ databases is now built into Postfix
- new SMTP access control features
- and more
Caution:
- You MUST stop 2.1.x and earlier versions before upgrading.
- Use the postfix upgrade program to upgrade your main.cf/master.cf.
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
type. All platforms now support the "hash" map type as a result.
Remove the explicit dependencies on db4 and db2 on non-Linux and Linux,
respectively. Bump the PKGREVISION.
- The code to eliminate the local MTA from an MX address list did
not handle the case that the local MTA could appear with different
MX preferences in both inet_interfaces and proxy_interfaces.
- The SMTP server's kiss-of-death message "421 Timeout exceeded"
wasn't guarded by setjmp().
- The SMTP server didn't update the per-session error counter when
a client was denied access with smtpd_delay_reject=no.
- The Postfix sendmail command leaked file descriptors when it was
unable to execute the postdrop mail submission command.
- The bounce daemon sent the wrong type of bounce message when a
- Plus some portability, safety and documentation fixes.
framework and also by explicitly specifying more default values for
Postfix parameters. Also pass -I/usr/pkg/include/sasl to the compiler
when building using Cyrus SASLv2, which allows me to remove the patches
that added an unnecessary USE_SASL2_AUTH check.
for each package can be determined by invoking:
make show-var VARNAME=PKG_OPTIONS_VAR
The old options are still supported unless the variable named in
PKG_OPTIONS_VAR is set within make(1) (usually via /etc/mk.conf).
