![[BACK]](/http/cvsweb.netbsd.org/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / mail / postfix
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
*: recursive bump for icu 76 shlib major version bump
*: revbump for icu downgrade
*: recursive bump for icu 76.1 shlib bump
Reset PKGREVISION along with updating postfix to 3.9.0.
revbump after icu and protobuf updates
postfix*: update to 3.8.4
20230815
Bugfix (bug introduced: 20140218): when opportunistic TLS fails
during or after the handshake, don't require that a probe
message spent a minimum time-in-queue before falling back to
plaintext. Problem reported by Serg. File: smtp/smtp.h.
20230819
Bugfix (defect introduced: 19980207): the valid_hostname()
check in the Postfix DNS client library was blocking unusual
but legitimate wildcard names (*.name) in some DNS lookup
results and lookup requests. Examples:
name class/type value
*.one.example IN CNAME *.other.example
*.other.example IN A 10.0.0.1
*.other.example IN TLSA ..certificate info...
Such syntax is blesed in RFC 1034 section 4.3.3.
This problem was reported first in the context of TLSA
record lookups. Files: util/valid_hostname.[hc],
dns/dns_lookup.c.
20230929
Bugfix (defect introduced Postfix 2.5, 20080104): the Postfix
SMTP server was waiting for a client command instead of
replying immediately, after a client certificate verification
error in TLS wrappermode. Reported by Andreas Kinzler. File:
smtpd/smtpd.c.
20231006
Usability: the Postfix SMTP server now attempts to log the
SASL username after authentication failure. In Postfix
logging, this appends ", sasl_username=xxx" after the reason
for SASL authentication failure. The logging replaces an
unavailable reason with "(reason unavailable)", and replaces
an unavailable sasl_username with "(unavailable)". Based
on code by Jozsef Kadlecsik. Files: xsasl/xsasl_server.c,
xsasl/xsasl_cyrus_server.c, smtpd/smtpd_sasl_glue.c.
20231026
Bugfix (defect introduced: Postfix 2.11): in forward_path,
the expression ${recipient_delimiter} would expand to an
empty string when a recipient address had no recipient
delimiter. Fixed by restoring Postfix 2.10 behavior to use
a configured recipient delimiter value. Reported by Tod
A. Sandman. Files: proto/postconf.proto, local/local_expand.c.
20231221
Security: with "smtpd_forbid_bare_newline = yes" (default
"no" for Postfix < 3.9), reply with "Error: bare <LF>
received" and disconnect when an SMTP client sends a line
ending in <LF>, violating the RFC 5321 requirement that
lines must end in <CR><LF>. This prevents SMTP smuggling
attacks that target a recipient at a Postfix server. For
backwards compatibility, local clients are excluded by
default with "smtpd_forbid_bare_newline_exclusions =
$mynetworks". Files: mantools/postlink, proto/postconf.proto,
global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h,
smtpd/smtpd.c.
*: recursive bump for icu 74.1
*: bump for openssl 3
postfix: Update to 3.8.0
upstream changes:
-----------------
Postfix 3.7.8
o Support to look up DNS SRV records in the Postfix SMTP/LMTP client, Based
on code by Tomas Korbar (Red Hat). For example, with "use_srv_lookup =
submission" and "relayhost = example.com:submission", the Postfix SMTP
client will look up DNS SRV records for _submission._tcp.example.com, and
will relay email through the hosts and ports that are specified with those
records.
o TLS obsolescence: Postfix now treats the "export" and "low" cipher grade
settings as "medium". The "export" and "low" grades are no longer supported
in OpenSSL 1.1.1, the minimum version required in Postfix 3.6.0 and later.
Also, Postfix default settings now exclude deprecated or unused ciphers
(SEED, IDEA, 3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms
(DH, ECDH), and public key algorithm (DSS).
o Attack resistance: the Postfix SMTP server can now aggregate
smtpd_client_*_rate and smtpd_client_*_count statistics by network block
instead of by IP address, to raise the bar against a memory exhaustion
attack in the anvil(8) server; Postfix TLS support unconditionally disables
TLS renegotiation in the middle of an SMTP connection, to avoid a CPU
exhaustion attack.
o The PostgreSQL client encoding is now configurable with the "encoding"
Postfix configuration file attribute. The default is "UTF8". Previously the
encoding was hard-coded as "LATIN1", which is not useful in the context of
SMTP.
o The postconf command now warns for #comment in or after a Postfix parameter
value. Postfix programs do not support #comment after other text, and treat
that as input.
revbump after textproc/icu update
mail/postfix: update to 3.7.4
Postfix 3.7.4 (2023-01-22)
* Workaround: with OpenSSL 3 and later always turn on
SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
opportunities for TLS session reuse. This is safe because the SMTP
protocol implements application-level framing, and is therefore not
affected by TLS truncation attacks. Fix by Viktor Dukhovni.
* Workaround: OpenSSL 3.x EVP_get_digestbyname() can return
lazily-bound handles for digest implementations. In sufficiently
hostile configurations, Postfix could mistakenly believe that a digest
algorithm is available, and fail when it is not. A similar workaround
may be needed for EVP_get_cipherbyname(). Fix by Viktor Dukhovni.
* Bugfix (bug introduced in Postfix 2.11): the checkok() macro in
tls/tls_fprint.c evaluated its argument unconditionally; it should
evaluate the argument only if there was no prior error. Found during
code review.
* Bugfix (bug introduced in Postfix 2.8): postscreen died with a
segmentation violation when postscreen_dnsbl_threshold < 1. It
should reject such input with a fatal error instead. Discovered by
Benny Pedersen.
* Bitrot: fixes for linker warnings from newer Darwin (MacOS)
versions. Viktor Dukhovni.
* Portability: Linux 6 support.
* Added missing documentation that cidr:, pcre: and regexp: tables
support inline specification only in Postfix 3.7 and later.
massive revision bump after textproc/icu update
mail/postfix: update to 3.7.2
3.7.0 (2022-02-07)
* Support to inline the content of small cidr:, pcre:, and regexp:
tables in Postfix parameter values. An example is the new
smtpd_forbidden_commands default value, "CONNECT GET POST
regexp:{{/^[^A-Z]/ Thrash}}", to quickly drop connections from
clients that send garbage.
* To make the maillog_file feature more useful, including stdout
logging from a container, the postlog(1) command is now set-gid
postdrop, so that unprivileged programs can use it to write
logging through the postlogd(8) daemon. This required hardening
the postlog(1) command against privilege escalation attacks.
* Support for library APIs: OpenSSL 3.0.0, PCRE2, Berkeley DB 18.
* Postfix programs now randomize the initial state of in-memory
hash tables, to defend against hash collision attacks involving
a large number of attacker-chosen lookup keys. Presently, the
only known opportunity for such attacks involves remote SMTP
client IPv6 addresses in the anvil(8) service, and requires
making hundreds of short-lived connections per second while
cycling through thousands of different client IP addresses.
* Updated defense against remote clients or servers that 'trickle'
SMTP or LMTP traffic. This replaces the old per-record deadlines
with per-request deadlines and minimum data rates.
* Many typofixes by raf and Wietse.
3.7.1 (2022-04-18)
* (problem introduced: Postfix 2.7) The milter_header_checks maps
are now opened before the cleanup(8) server enters the chroot
jail. Problem reported by Jesper Dybdal.
* In an internal client module, "host or service not found" was
a fatal error, causing the milter_default_action setting to be
ignored. It is now a non-fatal error, just like a failure to
connect. Problem reported by Christian Degenkolb.
* The proxy_read_maps default value was missing up to 27 parameter
names. The corresponding lookup tables were not automatically
authorized for use with the proxymap(8) service. The parameter
names were ending in _checks, _reply_footer, _reply_filter,
_command_filter, and _delivery_status_filter.
* (problem introduced: Postfix 3.0) With dynamic map loading
enabled, an attempt to create a map with "postmap regexp:path"
would result in a bogus error message "Is the postfix-regexp
package installed?" instead of "unsupported map type for this
operation". This happened with all non-dynamic map types (static,
cidr, etc.) that have no 'bulk create' support. Problem reported
by Greg Klanderman.
* In PCRE_README, "pcre2 --libs" should be "pcre2 --libs8". Problem
reported by Carlos Velasco.
* Documented in the postlogd(8) daemon manpage that the Postfix
>= 3.7 postlog(1) command can run with setgid permissions.
3.7.2 (2022-04-28)
This reverts an overly complex change in the postscreen SMTP engine
(made during Postfix 3.7 development), and replaces it with much
simpler code. The bad change was crashing postscreen on some systems
after receiving malformed input (for example, a TLS "hello" message).
*: recursive bump for perl 5.36
revbump for textproc/icu update
postfix: Update to 3.6.4
upstream changes:
-----------------
Fixed in Postfix 3.6.4, 3.5.14, 3.4.24, 3.3.21:
o Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient
entries in postconf output. This was caused by an incomplete fix to send
SMTP session transcripts to $bounce_notice_recipient. Reported by Vincent
Lefevre.
o Bug introduced in Postfix 3.0: the proxymap daemon did not automatically
authorize proxied maps inside pipemap (example:
pipemap:{proxy:maptype:mapname, ...}) or inside unionmap. Problem reported
by Mirko Vogt.
o Bug introduced in Postfix 2.5: off-by-one error while writing a string
terminator. This code passed all memory corruption tests, presumably
because it wrote over an alignment padding byte, or over an adjacent
character byte that was never read. Reported by Robert Siemer.
Fixed in Postfix 3.6.4, 3.5.14, 3.4.24:
o The proxymap daemon did not automatically authorize map features added
after Postfix 3.3, caused by missing *_maps parameter names in the
proxy_read_maps default value. Found during code maintenance.
postfix: fix install on macOS
revbump for icu and libffi
mail/postfix: update to 3.6.3
Quote from release announce:
Fixed in Postfix 3.6.3, 3.5.13, 3.4.23, 3.3.20:
* (problem introduced in Postfix 2.4, released in 2007): queue
file corruption after a Milter (for example, MIMEDefang) made
a request to replace the message body with a copy of that message
body plus additional text (for example, a SpamAssassin report).
The most likely impacts were a) the queue manager reporting a
fatal error resulting in email delivery delays, or b) the queue
manager reporting the corruption and moving the message to the
corrupt queue for damaged messages.
However, a determined adversary could craft an email message
that would trigger the bug, and insert into its queue file a
content filter destination or a redirect email address. Postfix
would then deliver the message headers there, in most cases
without delivering the message body. With enough experimentation,
an attacker could make Postfix deliver both the message headers
and body.
Some details of a successful attack depend on the Milter
implementation, and on the Postfix and Milter configuration
details; these can be determined remotely through experimentation.
Failed experiments may be detected when the queue manager
terminates with a fatal error, or when the queue manager moves
damaged files to the "corrupt" queue as evidence.
Technical details: when Postfix executes a "replace body" Milter
request it will reuse queue file storage that was used by the
existing email message body. If the new body is larger, Postfix
will append body content to the end of the queue file. The
corruption happened when a Milter (for example, MIMEDefang)
made a request to replace the body of a message with a new body
that contained a copy of the original body plus some new text,
and the original body contained a line longer than $line_length_limit
bytes (for example, an image encoded in base64 without hard or
soft line breaks). In queue files, Postfix stores a long text
line as multiple records with up to $line_length_limit bytes
each. Unfortunately, Postfix's "replace body" support did not
account for the additional queue file space needed to store the
second etc. record headers. And thus, the last record(s) of a
long text line could overwrite one or more queue file records
immediately after the space that was previously occupied by the
original message body.
Problem report by Benoit Panizzon.
* (problem introduced in Postfix 2.10, released in 2012): The
postconf "-x" option could produce incorrect output, because
multiple functions were implicitly sharing a buffer for
intermediate results. Problem report by raf, root cause analysis
by Viktor Dukhovni.
* (problem introduced in Postfix 2.11, released in 2013): The
check_ccert_access feature worked as expected, but produced a
spurious warning when Postfix was built without SASL support.
Fix by Brad Barden.
* Fix for a compiler warning due to a missing 'const' qualifier
when compiling Postfix with OpenSSL 3. Depending on compiler
settings this could cause the build to fail.
Fixed in Postfix 3.6:
* The known_tcp_ports settings had no effect. It also wasn't fully
implemented. Problem report by Peter.
* Fix for missing space between a hostname and warning text.
postfix: let the RC script work unprivileged This takes advantage of the introduction of the SYSCONFBASE variable. Tested on NetBSD/amd64. Bumps PKGREVISION.
mail/postfix: add blocklist PKG_OPTIONS and fix build problem * Add blocklist PKG_OPTIONS. * Fix build problem on no blocklist/blacklist supported system. (Reported by Matthias Ferdinand on pkgsrc-users@.) Bump PKGREVISION.
mail/postfix: update to 3.6.0
Postfix stable release 3.6.0 is available. This ends the support
for legacy release Postfix 3.2.
The main changes are below. See the RELEASE_NOTES file for further
details.
Incompatible changes:
* This release requires "postfix stop" before updating, or before
backing out to an earlier release, because some internal protocols
have changed. Otherwise, long-running daemons (pickup, qmgr,
verify, tlsproxy, postscreen) may fail to communicate with the
rest of Postfix, causing mail delivery delays until Postfix is
restarted.
* Respectful logging. Postfix version 3.6 deprecates terminology
that implies white is better than black. Instead, Postfix prefers
'allowlist', 'denylist', and variations on those words. This
change affects Postfix documentation, and postscreen parameters
and logging.
To keep the old postscreen logging set "respectful_logging =
no" in main.cf before setting "compatibility_level = 3.6". In
any case, the old postscreen parameter names will keep working
as before.
Other changes:
* The minimum supported OpenSSL version is 1.1.1, which will reach
the end of life by 2023-09-11. Postfix 3.6 is expected to reach
the end of support in 2025. Until then, Postfix will be updated
as needed for compatibility with OpenSSL.
The default fingerprint digest has changed from md5 to sha256
(Postfix 3.6 with compatibility_level >= 3.6). With a lower
compatibility_level setting, Postfix defaults to using md5, and
logs a warning when a Postfix configuration specifies no explicit
digest type.
The export-grade Diffie-Hellman key exchange is no longer
supported, and the tlsproxy_tls_dh512_param_file parameter is
ignored,
* Better error messages when someone configures an incorrect
program in master.cf. To recognize such mistakes, every Postfix
internal service, including the postdrop command, announces the
name of its protocol before doing any other I/O, and every
Postfix client program, including the Postfix sendmail command,
will verify that the protocol name matches what it expects.
* Fine-grained control over the envelope sender address for
submission with the Postfix sendmail (or postdrop) commands.
Example:
/etc/postfix/main.cf:
# Allow root and postfix full control, anyone else can only
# send mail as themselves. Use "uid:" followed by the numerical
# UID when the UID has no entry in the UNIX password file.
local_login_sender_maps =
inline:{ { root = *}, { postfix = * } },
pcre:/etc/postfix/login_senders
/etc/postfix/login_senders:
# Allow both the bare username and the user@domain forms.
/(.+)/ $1 $[email protected]
* Threaded bounces. This allows mail readers to present a
non-delivery, delayed delivery, or successful delivery notification
in the same email thread as the original message.
Unfortunately, this also makes it easy for users to mistakenly
delete the whole email thread (all related messages), instead
of deleting only the delivery status notification.
To enable, specify "enable_threaded_bounces = yes".
* Postfix by default no longer uses the services(5) database to
look up the TCP ports for SMTP and LMTP services. Instead, this
information is configured with the new known_tcp_ports configuration
parameter (default: lmtp=24, smtp=25, smtps=submissions=465,
submission=587). When a service is not specified in known_tcp_ports,
Postfix will still query the services(5) database.
* Starting with Postfix version 3.6, the compatibility level is
"3.6". In future Postfix releases, the compatibility level will
be the Postfix version that introduced the last incompatible
change. The level is formatted as 'major.minor.patch', where
'patch' is usually omitted and defaults to zero. Earlier
compatibility levels are 0, 1 and 2.
This also introduces main.cf and master.cf support for the
<=level, < level, and other operators to compare compatibility
levels. With the standard <=, <, etc. operators, compatibility
level 3.10 would be less than 3.9, which is undesirable.
*: recursive bump for perl 5.34
revbump for textproc/icu
postfix: updated to 3.5.8 Fixed in Postfix version 3.5.8: [Postfix 3.5 and later] The Postfix SMTP client inserted <CR><LF> into message headers with lines longer than $line_length_limit (default: 2048), causing all subsequent header content to become message body content. Reported by Andreas Weigel. Fixed in Postfix versions 3.5.8, 3.4.18, 3.3.15, 3.2.20: [Postfix 2.8 and later] The postscreen daemon did not save a copy of the postscreen_dnsbl_reply_map lookup result. This has no effect when the recommended texthash: lookup table is used, but it could result in stale data with other lookup tables. [Postfix 2.3 and later] After deleting a recipient with a Milter, the Postfix recipient duplicate filter was not updated; the filter suppressed requests to add the recipient back. Reported by Mehmet Avcioglu. [Postfix 2.3 and later] Memory leak: the static: maps did not free their casefolding buffer. [Postfix 2.2 and later] With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a TLS handshake, after processing an XCLIENT command. Reported by Aki Tuomi. [Postfix 2.0 and later] The smtp_sasl_mechanism_filter implementation ignored table lookup errors, treating them as 'not found'. [Postfix alpha and later] The code that looks for Delivered-To: headers ignored headers longer than $line_length_limit (default: 2048).
*: Recursive revbump from textproc/icu-68.1
postfix: Needs m4 tool
*: bump PKGREVISION for perl-5.32.
mail/postfix: update to 3.5.3
Update postfix and related pacakges to 3.5.3.
Quote freom release announce.
Postfix 3.5.3, 3.4.13:
* TLS handshake failure in the Postfix SMTP server during SNI
processing, after the server-side TLS engine sent a TLSv1.3
HelloRetryRequest (HRR) to a remote SMTP client. Reported by
J??n M??t??, fixed by Viktor Dukhovni.
Postfix versions 3.5.3, 3.4.13, 3.3.11, 3.2.16:
* The command "postfix tls deploy-server-cert" did not handle a
missing optional argument. This bug was introduced in Postfix
3.1.
Revbump for icu
mail/postfix: update to 3.5.1
Update postfix to 3.5.1.
3.5.0 (2020-03-16)
Postfix stable release 3.5.0 is available. Support has ended for
legacy release Postfix 3.1.
The main changes are below. See the RELEASE_NOTES file for further details.
* Support for the haproxy v2 protocol. The Postfix implementation
supports TCP over IPv4 and IPv6, as well as non-proxied
connections; the latter are typically used for heartbeat tests.
* Support to force-expire email messages. This introduces new
postsuper(1) command-line options to request expiration, and
additional information in mailq(1) or postqueue(1) output.
* The Postfix SMTP and LMTP client support a list of nexthop
destinations separated by comma or whitespace. These destinations
will be tried in the specified order. Examples:
/etc/postfix/main.cf:
relayhost = foo.example, bar.example
default_transport = smtp:foo.example, bar.example
Incompatible changes:
* Logging: Postfix daemon processes now log the from= and to=
addresses in external (quoted) form in non-debug logging (info,
warning, etc.). This means that when an address localpart
contains spaces or other special characters, the localpart will
be quoted, for example:
from=<"name with spaces"@example.com>
Specify "info_log_address_format = internal" for backwards compatibility.
* Postfix now normalizes IP addresses received with XCLIENT,
XFORWARD, or with the HaProxy protocol, for consistency with
direct connections to Postfix. This may change the appearance
of logging, and the way that check_client_access will match
subnets of an IPv6 address.
3.5.1 (2020-04-20)
Postfix versions 3.5.1, 3.4.11, 3.3.9, 3.2.14:
* Bitrot workaround for broken builds after an incompatible change
in GCC 10.
* Bitrot workaround for broken DANE/DNSSEC support after an
incompatible change in GLIBC 2.31. This change avoids the need
for new options in /etc/resolv.conf.
Recursive revision bump after textproc/icu update
postfix: update to 3.4.9
upstream changes:
-----------------
Fixed in all supported stable releases:
Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were broken while adding support for negative DNS response caching in postscreen. Postfix was inadvertently changed to call res_query() instead of res_search(). Reported by Jaroslav Skarvada.
Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro overrides from a Milter application. Postfix now evaluates the Milter macros for an SMTP CONNECT event after the Postfix-to-Milter connection is negotiated. Problem reported by David Bürgin.
Bug (introduced: Postfix 3.0): sanitize (remote) server responses before storing them in the verify database, to avoid Postfix warnings about malformed UTF8. Found during code maintenance.
mail/postfix: fix insufficient permissions for var/spool/postfix/...
pkgsrc changes:
---------------
* Remove the subdirectories of var/spool/postfix to avoid insufficient
permissions when upgrading (Thanks Matthias!).
*: Recursive revision bump for openssl 1.1.1.
postfix: Update to 3.4.7 upstream changes: ----------------- * Robustness: the tlsproxy(8) daemon could go into a loop, logging a flood of error messages. Problem reported by Andreas Schulze after enabling SMTP/TLS connection reuse. * Workaround: OpenSSL changed an SSL_Shutdown() non-error result value into an error result value, causing logfile noise. * Configuration: the new 'TLS fast shutdown' parameter name was implemented incorrectly. The documentation said "tls_fast_shutdown_enable", but the code said "tls_fast_shutdown". This was fixed by changing the code, because no-one is expected to override the default. * Performance: workaround for poor TCP loopback performance on LINUX, where getsockopt(..., TCP_MAXSEG, ...) reports a bogus TCP maximal segment size that is 1/2 to 1/3 of the real MSS. To avoid client-side Nagle delays or server-side delayed ACKs caused by multiple smaller-than-MSS writes, Postfix chooses a VSTREAM buffer size that is a small multiple of the reported bogus MSS. This workaround increases the multiplier from 2x to 4x. * Robustness: the Postfix Dovecot client could segfault (null pointer read) or cause an SMTP server assertion to fail when talking to a fake Dovecot server. The Postfix Dovecot client now logs a proper error instead. Problem reported by Tim Düsterhus.
Bump PKGREVISIONs for perl 5.30.0
postfix: update to 3.4.6
pkgsrc changes:
---------------
* change COMMENT to make pkglint happy (inspired by http://www.postfix.org/)
* update PLIST using make print-PLIST (missing @pkgdir)
upstream changes:
-----------------
20181125
Cleanup: dict_file_to_xxx() takes a list of file names
separated by CHARS_COMMA_SP. Shoe-horned into the existing
API, make it nicer when there is time. File: util/dict_file.c.
20181127
Cleanup: encapsulated clumsy 'read into VSTRING' code with
easier-to-use vstream_fread_buf() and vstream_fread_app()
primitives. Files: global/memcache_proto.c, global/record.c,
global/smtp_stream.c, global/smtp_stream.h, global/uxtext.c,
global/xtext.c, milter/milter8.c, util/dict_file.c,
util/hex_quote.c, util/netstring.c, util/vstream.c,
util/vstream.h. Verified with "make tests".
Cleanup: simplified the smtp_fread() API (introduced for
BDAT support), and changed the name to smtp_fread_buf().
Files: global/smtp_stream.c, smtpd/smtpd.c. Verified with
~megabyte BDAT commands.
Cleanup: simplified a tlsproxy-internal API. File:
tlsproxy/tlsproxy.c.
20181128
Initial support for key/certificate chain files that will
replace the proliferation of separate parameters for
RSA/DSA/ECC/etc. key and certificate files. Viktor
Dukhovni.
20181201
Cleanup: replaced the remaining unsafe VSTRING_AT_OFFSET()
calls with safe vstring_set_payload_size() calls, in code
that directly writes into VSTRING. Files: tls/tls_session.c,
tlsmgr/tlsmgr.c, util/casefold.c, util/vstring.c, util/vstring.h,
xsasl/xsasl_cyrus_client.c.
Cleanup: postscreen_command_time_limit did not need to be
a 'raw' parameter. This makes "postconf -x" behavior more
consistent. Files: global/mail_params.h, postscreen/postscreen.c.
Documentation: added text that the following parameter
values are not subject to Postfix parameter $name expansion:
default_rbl_reply, command_execution_directory, luser_relay,
smtpd_reject_footer. These have their own documented $name
substitution mechanism. File: proto/postconf.proto.
20181202
Bugfix: posttls-finger reported an error for UNIX-domain
connections, even if they did not fail. Found by Coverity.
File: posttls-finger/posttls-finger.c.
20181208
Documentation: add even more redundancy to the rate-delay
description. File: proto/postconf.proto.
20181210
Cleanup: code deduplication. File: util/dict_file.c.
20181226
Cleanup: code deduplication and better encapsulation with
PSC_DEL_CLIENT_STATE() and PSC_DEL_SERVER_STATE() macros.
Files: postscreen/postscreen.h, postscreen/postscreen_state.c.
Documentation: POSTSCREEN_README did not describe the
postscreen_post_queue_limit, and attributed the wrong reject
message to the postscreen_pre_queue_limit. Problem reported
by Michael Orlitzky. File: proto/POSTSCREEN_README.html.
(20181226-nonprod) Compatibility: removed support for OpenSSL
1.0.1 (not supported since December 31, 2016) and earlier
releases. This eliminated a large number of #ifdefs with
bitrot workarounds. Viktor Dukhovni. Files: global/mail_params.h,
posttls-finger/posttls-finger.c, tls/tls.h, tls/tls_certkey.c,
tls/tls_client.c, tls/tls_dane.c, tls/tls_dh.c, tls/tls_misc.c,
tls/tls_proxy_client_scan.c, tls/tls_rsa.c, tls/tls_server.c,
tls/tls_session.c.
(20181226-nonprod) Use the OpenSSL 1.0.2 and later API for
setting ECDHE curves. Viktor Dukhovni. Files: tls/tls.h,
tls/tls_client.c, tls/tls_dh.c.
(20181226-nonprod) Documentation update for TLS support.
Viktor Dukhovni. Files: mantools/postlink, proto/TLS_README.html,
proto/postconf.proto, src/sendmail/sendmail.c, src/smtpd/smtpd.c.
20181229
Explicit maps_file_find() and dict_file_lookup() methods
that decode base64 content. Decoding content is not built
into the dict->lookup() method, because that would complicate
the implementation of map nesting (inline, thash), map
composition (pipemap, unionmap), and map proxying. For
consistency, decoding base64 file content is also not built
into the maps_find() method. Files: util/dict.h.
util/dict_file.c, global/maps.[hc], postmap/postmap.c.
20190106
Documentation: documented the SRC_RHS_IS_FILE flag in
dict_open.c, and updated the -F description in the postmap
manpage. Files: util/dict_open.c, postmap/postmap.c.
(20190106-nonprod) Feature: support for files that combine
multiple (key, certificate, trust chain) instances in one
file, to avoid separate files for RSA, DSA, Elliptic Curve,
and so on. Viktor Dukhovni. Files: .indent.pro,
global/mail_params.h, posttls-finger/posttls-finger.c,
smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp_params.c,
smtp/smtp_proto.c, smtpd/smtpd.c, tls/tls.h, tls/tls_certkey.c,
tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c,
tls/tls_proxy_client_scan.c, tls/tls_proxy_server_print.c,
tls/tls_proxy_server_scan.c, tls/tls_server.c, tlsproxy/tlsproxy.c.
(20190106-nonprod) Create a second, no-key no-cert, SSL_CTX
for use with SNI. Viktor Dukhovni. Files: src/tls/tls.h,
src/tls/tls_client.c, src/tls/tls_misc.c, src/tls/tls_server.c.
(20190106-nonprod) Server-side SNI support. Viktor Dukhovni.
Files: src/global/mail_params.h, src/smtp/smtp.c,
src/smtpd/smtpd.c, src/tls/tls.h, src/tls/tls_certkey.c,
src/tls/tls_misc.c, src/tlsproxy/tlsproxy.c,
(20190106-nonprod) Configurable client-side SNI signal.
Viktor Dukhovni. Files: global/mail_params.h,
posttls-finger/posttls-finger.c, smtp/lmtp_params.c,
smtp/smtp.c, smtp/smtp.h, smtp/smtp_params.c, smtp/smtp_proto.c,
smtp/smtp_tls_policy.c, tls/tls.h, tls/tls_client.c,
tls/tls_proxy.h, tls/tls_proxy_client_print.c,
tls/tls_proxy_client_scan.c.
20190121
Logging: support for internal logging file, without using
syslog (it uses the new postlogd daemon instead). This
solves a usability problem for MacOS, may help getting
around systemd, and solves 99% of the problem for logging
to stdout in a container (hopefully we have 100% soon).
Enable by setting, for example, "maillog_file =
/var/log/postfix.log"). This works fine for daemons, and
with some limitations for non-daemon programs. See
RELEASE_NOTES for more details. Files: conf/master.cf,
conf/post-install, conf/postfix-files, conf/postfix-script,
mantools/postlink, proto/master, proto/postconf.proto,
global/mail_params.c, global/mail_params.h, global/mail_proto.h,
global/maillog_client.c, global/maillog_client.h,
master/dgram_server.c, master/event_server.c, master/mail_server.h,
master/master.c, master/master.h, master/master_ent.c,
master/master_listen.c, master/master_proto.h,
master/master_wakeup.c, master/multi_server.c,
master/single_server.c, master/trigger_server.c,
postalias/postalias.c, postconf/postconf_master.c,
postdrop/postdrop.c, postfix/postfix.c, postkick/postkick.c,
postlog/postlog.c, postlogd/postlogd.c, postmap/postmap.c,
postmulti/postmulti.c, postqueue/postqueue.c,
postsuper/postsuper.c, sendmail/sendmail.c, util/connect.h,
util/listen.h, util/logwriter.c, util/logwriter.h,
util/msg_logger.c, util/msg_logger.h, util/msg_output.c,
util/msg_output.h, util/unix_dgram_connect.c,
util/unix_dgram_listen.c.
Cleanup: cert/key/chain loading, plus unit tests to exercise
non-error and error cases. Viktor Dukhovni. Files: tls/*.pem,
tls*.pem.ref, tls/tls_certkey.c.
20190126
Safety: Postfix programs will log to either syslog or postlog
but not both; and postlogd forwards postlog logging to
syslog, when a configuration change removes the maillog_file
pathname, but some programs still use the old configuration.
Files: util/msg_syslog.[hc], util/msg_logger.c,
global/maillog_client.c, postlogd/postlogd.c,
Bugfix (introduced: Postfix 20110109, Postfix 2.10): watchdog
pipe file descriptor leak. This pipe provides one source
of liveness, data from this pipe is discarded, and therefore
this does not enable privilege escalation or DOS. File:
util/watchdog.c.
Feature: stdout logging support; requires "postfix start-fg"
and "maillog_file = /dev/stdout". Files: master/master.c,
conf/postfix-script.
20190127
Safety: when maillog_file is specified, 'postfix check' now
requires that the postlog service is enabled in master.cf.
Otherwise 'postfix start' etc. will log a fatal error. File:
conf/postfix-script.
Documentation: added policy_context example. File:
proto/SMTPD_POLICY_README.html.
20190128
Testing: run libtls tests under Valgrind. File tls/Makefile.in.
20190129
Safety: require that $maillog_file matches one of the
pathname prefixes specified in $maillog_file_prefixes. The
maillog file is created by root, and the prefixes limit the
damage from a single configuration error. Files:
global/mail_params.[hc], global/maillog_client.c.
20191201
Feature: "postfix logrotate" command with configurable
compression program and datestamp filename suffix. File:
conf/postfix-script.
20190202
Cleanup: log a warning when the client sends a malformed
SNI; log an info message when the client sends a valid SNI
that does not match the SNI lookup tables; update the
FORWARD_SECRECY_README logging examples. Viktor Dukhovni.
Files: proto/FORWARD_SECRECY_README.html, tls/tls.h,
tls/tls_client.c, tls/tls_misc.c.
20190208
Debugging: the master(8) daemon now logs a warning if a
master.cf entry is defined multiple times. File:
src/master/master_conf.c.
20190209
Debugging: tlsproxy(8) now logs more details about unexpected
configuration differences between the Postfix SMTP client
and the tlsproxy(8) daemon.
20190210
Documentation: Postfix 3.4.0 RELEASE NOTES.
Documentation: added BDAT_README.
Documentation: global TLS settings. Files: mantools/postlink,
smtp/smtp.c, tlsproxy/tlsproxy.c.
20190211
Cleanup: removed obsolete parameters: tls_dane_digest_agility,
tls_dane_trust_anchor_digest_enable; removed openssl_path
parameter from configuration difference checks in tlsproxy.
Files: global/mail_params.h, tls/tls_misc.c,
tls/tls_proxy_client_misc.c, tls/tls_proxy_client_print.c,
tls/tls_proxy_client_scan.c, tls/tls_proxy.h.
20190212
Cleanup: missing #ifdef USE_TLS. Files: smtp/smtp_session.c,
posttls-finger/posttls-finger.c.
20190217
Cleanup: when the master daemon runs with PID=1 (init mode),
reap orhpan processes from non-Postfix code running in the
same container, instead of terminating with a panic. File:
master/master_spawn.c.
20190218
Bugfix: tlsproxy did not enable DANE-style PKI because
libtls seems to have to accreted multiple init functions
instead of reusing the tls_client_init() and tls_client_start()
API. And some functions that do initialization don't even
have init in their name! Problem report by Andreas Schulze.
Viktor Dukhovni. Files: tls/tls_misc.c, tlsproxy/tlsproxy.c.
Workaround: Postfix libtls makes DANE-specific changes to
the shared SSL_CTX. To avoid false sharing, tlsproxy needs
to label the SSL_CTX cache with DANE bits until we can
remove the code that modifies SSL_CTX. File: tlsproxy/tlsproxy.c.
Cleanup: Postfix libtls changed the shared SSL_CTX to
override ciphers. instead of changing the SSL handle. To
avoid false sharing in tlsproxy, the changes are now made
to the SSL handle. Viktor Dukhovni. Files: tls/tls.h,
tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c.
20190219
Bugfix: in the Postfix SMTP client, TLS wrappermode was not
tested in tlsproxy mode. It needed some setup for buffering
and timeouts. Problem report by Andreas Schulze. File:
smtp/smtp_proto.c.
20190304
Bugfix: a reversed test broke TLS configurations that specify
the same filename for a private key and certificate. Reported
by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the
test. Files: tls/tls_certkey.c, tls/Makefile.in.
20190310
Bitrot: LINUX5s support, after some sanity checks with a
rawhide prerelease version. Files: makedefs, util/sys_defs.h.
Bugfix (introduced: 20181226): broken DANE trust anchor
file support, caused by left-over debris from the 20181226
TLS library overhaul. By intrigeri. File: tls/tls_dane.c.
Bugfix (introduced: Postfix-1.0.1): null pointer read, while
logging a warning after a corrupted bounce log file. File:
global/bounce_log.c.
Bugfix (introduced: Postfix-2.9.0): null pointer read, while
logging a warning after a postscreen_command_filter read
error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c
20190312
Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
has been producing false rejects starting with the Postfix
2.2 smtpd_end_of_data_restrictons, and for the same reasons,
does the same with the Postfix 3.4 BDAT command. The latter
was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
20190319
With message_size_limit=0 (which is NOT DOCUMENTED), BDAT
chunks were always rejected as too large. File: smtpd/smtpd.c
20190328
Bugfix (introduced: Postfix 3.0): LMTP connections over
UNIX-domain sockets were cached but not reused, due to a
cache lookup key mismatch. Therefore, idle cached connections
could exhaust LMTP server resources, resulting in two-second
pauses between email deliveries. This problem was investigated
by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
20190331
Documentation: tlsext_padding is not a tls_ssl_options
feature. File: proto/postconf.proto.
20190401
Portability: added "#undef sun" to util/unix_dgram_connect.c.
20190403
Bugfix (introduced: Postfix 2.3): a censoring filter broke
multiline Milter responses for header/body events. Problem
report by Andreas Thienemann. Files: util/printable.c,
util/stringops.h, smtpd/smtpd.c
Bugfix (introduced: Postfix 3.3): "smtp_mx_address_limit =
0" no longer meant 'unlimited'. Problem report by Luc Pardon.
File: smtp/smtp_addr.c.
20190615
Documentation: updated the BUGS section in the smtp(8) manpage
about TLS connection reuse. File: smtp/smtp.c.
Workaround for implementations that hang Postfix while
shutting down a TLS session, until Postfix times out. With
"tls_fast_shutdown_enable = yes" (the default), Postfix no
longer waits for the TLS peer to respond to a TLS 'close'
request. This is recommended with TLSv1.0 and later. Files:
global/mail_params.h, tls/tls_session.c, and documentation.
20190621
Bugfix (introduced: Postfix 3.0): the code to reset Postfix
SMTP server command counts was not called after a HaProxy
handshake failure, causing stale numbers to be reported.
The command counts are now reset in the function that reports
the counts. File: smtpd/smtpd.c.
postfix: fix PR pkg/54338 pkgsrc changes: --------------- * Remove -DHAS_EAI since it does not appear anywhere * Add pkg-config to USE_TOOLS since patch-ai introduces it * Bump revision since binaries are now linked to icui18n
all: replace SUBST_SED with the simpler SUBST_VARS pkglint -Wall -r --only "substitution command" -F With manual review and indentation fixes since pkglint doesn't get that part correct in every case.
mail/postfix: update to 3.3.3
This announcement concerns fixes for problems that were introduced
with Postfix 3.0 and later. This is the final update for Postfix
3.0.
Fixed in Postfix 3.3 and later:
* When the master daemon runs with PID=1 (init mode), it will now
reap child processes from non-Postfix code running in the same
container, instead of terminating with a panic. Reported by
Tamas Gerczei.
Fixed in Postfix 3.0 and later:
* With smtputf8_enable=yes, table lookups could casefold the
search string when searching a lookup table that does not use
fixed-string keys (regexp, pcre, tcp, etc.).
* With the posttls-finger test program, connections to unix-domain
servers always resulted in "Failed to establish session" even
after a connection was established. Reported by Jaroslav Skarva.
Recursive revbump from textproc/icu
mail/postfix: update to 3.3.2
Changes for all supported stable releases:
* Support for OpenSSL 1.1.1, and support for TLSv1.3-specific
features.
- Updated Postfix TLS documentation examples for TLSv1.3. See
FORWARD_SECRECY_README.
- New TLSv1.3-specific attributes in Postfix logging and in
Postfix "Received:" message headers: key exchange, server
signature, client signature.
- New option to selectively disable TLSv1.3 in *_tls_protocols
settings.
- New server-side support to avoid issuing multiple session
tickets.
- New support to allow OpenSSL >= 1.1.0 run-time micro version
bumps without logging Postfix warnings about library version
mismatches.
Fixed in all stable releases:
* Bugfix: smtpd_discard_ehlo_keywords could not disable "SMTPUTF8",
because some lookup table was using "EHLO_MASK_SMTPUTF8" instead.
* Bugfix: minor memory leak in DANE support when minting issuer
certs. This affects a tiny minority of use cases.
Fixed in Postfix 3.3.2:
* Bugfix: the Postfix build did not abort if the m4 command was
not installed, resulting in a broken postconf command.
revbump after updating textproc/icu
Recursive bump for perl5-5.28.0
Recursive revbump from textproc/icu-62.1
*: Move SUBST_STAGE from post-patch to pre-configure Performing substitutions during post-patch breaks tools such as mkpatches, making it very difficult to regenerate correct patches after making changes, and often leading to substituted string replacements being committed.
mail/postfix: update to 3.3.1
[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.3.1.html]
Fixed in Postfix 3.3:
* Postfix did not support running as a PID=1 process, which
complicated Postfix deployment in containers. The "postfix
start-fg" command will now run the Postfix master daemon as a
PID=1 process if possible. Thanks for inputs from Andreas
Schulze, Eray Aslan, and Viktor Dukhovni.
* Segfault in the postconf(1) command after it could not open a
Postfix database configuration file due to a file permission
error (dereferencing a null pointer). Reported by Andreas
Hasenack, fixed by Viktor Dukhovni.
Fixed in Postfix 3.3, 3.2, 3.1, 3.0:
* The luser_relay feature became a black hole, when the luser_relay
parameter was set to a non-existent local address (i.e. mail
disappeared silently). Reported by J?rgen Thomsen.
* Missing error propagation in the tlsproxy(8) daemon could result
in a segfault after TLS handshake error (dereferencing a
0xffff...ffff pointer). This daemon handles the TLS protocol
when a non-whitelisted client sends a STARTTLS command to
postscreen(8).
revbump after icu update
mail/postfix: reset PKGREVISION Reset PKGREVISION along with update to 3.2.4.
Revbump after textproc/icu update
pkgsrc/mail: Update to 3.2.3 [An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.2.3.html] This announcement concerns fixes for problems that were introduced with Postfix 3.2. Older releases are unaffected. Fixed in Postfix 3.2 and later: * Extension propagation was broken with "recipient_delimiter = .". This change reverts a change that was trying to be too clever. * The postqueue command would abort with a panic message after it experienced an output write error while listing the mail queue. This change restores a write error check that was lost with the Postfix 3.2 rewrite of the vbuf_print formatter. * Restored sanity checks for dynamically-specified width and precision in format strings (%*, %.*, and %*.*). These checks were lost with the Postfix 3.2 rewrite of the vbuf_print formatter.
revbump for requiring ICU 59.x
Update mail/postfix to 3.2.0.
- Elliptic curve negotiation with OpenSSL >= 1.0.2. This changes the
default smtpd_tls_eecdh_grade setting to "auto", and introduces a
new parameter tls_eecdh_auto_curves with the names of curves that may
be negotiated.
- Stored-procedure support for MySQL databases.
- Cidr: table support for if/endif and negation (by prepending ! to a
pattern), just like regexp: and pcre: tables. See the cidr_table(5)
manpage for details.
- The postmap command and the inline: and texthash: maps now support
spaces in left-hand field of lookup table source text. Use double
quotes (") around a left-hand field that contains spaces, and use
backslash (\) to protect quotes in a left-hand field.
- Support for per-client Milter configuration (smtpd_milter_maps) that
overrides the main.cf smtpd_milters setting, and that has the same
syntax. A lookup result of "DISABLE" turns off Milter support for that
client.
- The local SMTP server IP address and port are available in the
policy delegation protocol (attribute names: server_address,
server_port), in the Milter protocol (macro names: {daemon_addr},
{daemon_port}), and in the XCLIENT protocol (attribute names:
DESTADDR, DESTPORT).
- For safety reasons, the Postfix sendmail -C option must specify an
authorized directory: the default configuration directory, a
directory that is listed in the default main.cf file with
alternate_config_directories or multi_instance_directories, otherwise
the command must be invoked with root privileges. This mitigates a
recurring "jail break" problem with the PHP mail() function.
- "PASS" and "STRIP" actions in header/body_checks. "STRIP" is similar
to "IGNORE" but also logs the action, and "PASS" disables header,
body, and Milter inspection for the remainder of the message content.
- The collate.pl script by Viktor Dukhovni for grouping Postfix
logfile records into "sessions" based on queue ID and process ID
information, in the auxiliary/collate directory of the Postfix source
tree.
Disabled or removed behavior:
- SMTPUTF8 support: Postfix 3.2 disables the 'transitional'
compatibility between the IDNA2003 and IDNA2008 standards for
internationalized domain names (domain names beyond the limits of
US-ASCII). This makes Postfix behavior consistent with contemporary
web browsers.
- Postfix 3.2 removes tentative features that were implemented before
the DANE spec was finalized: support for certificate usage
PKIX-EE(1), the ability to disable digest agility, and the ability to
disable support for "TLSA 2 [01] [12]" records that specify the digest
of a trust anchor.
Pullup ticket #5267 - requested by sevan
mail/postfix: build fix
Revisions pulled up:
- mail/postfix/Makefile 1.294
- mail/postfix/distinfo 1.169
- mail/postfix/patches/patch-aa 1.25
- mail/postfix/patches/patch-ai 1.38
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Apr 11 09:33:30 UTC 2017
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
pkgsrc/mail/postfix/patches: patch-aa patch-ai
Log Message:
Fix installation on Darwin:
LD_LIBRARY_PATH is not propagated when set with env, e.g.:
env LD_LIBRARY_PATH=path/to/lib ./script.sh
will not work (other variable names work correctly).
Revbump after icu update
Fix installation on Darwin: LD_LIBRARY_PATH is not propagated when set with env, e.g.: env LD_LIBRARY_PATH=path/to/lib ./script.sh will not work (other variable names work correctly).
Make the postfix user/group names variables.
Update postfix to 3.1.2.
3.1.0
The main changes in no particular order are:
* "postfix tls" command to simplify setup of opportunistic TLS,
and to simplify SMTP server key/certificate management.
* Positive and negative DNS reply TTL support in postscreen(8).
* SASL AUTH rate limit in the Postfix SMTP server.
* A safety limit on the number of address verify requests.
* JSON-format Postfix queue listing.
* Destination-independent delivery rate delay
For details, see the RELEASE_NOTES file.
3.1.1
Fixed in all supported releases:
* The Milter "replace sender" (SMFIR_CHGFROM) request lost an
address that was added with sender_bcc_maps, resulting in a
"rcpt count mismatch" warning. Reported by Joerg Backschues.
This defect was introduced with Postfix 2.6.
* The "bad filetype" example in the header_checks(5) manpage
falsely rejected Content- headers with ``name="example";
x-apple-part-url="example.com"''. Reported by Cedric Knight.
This defect was introduced with Postfix 2.6.
3.1.2
Fixed with Postfix 3.1.2:
* Changes to make Postfix build with OpenSSL 1.1.0.
Fixed with Postfix 3.1.2 and 3.0.6:
* The makedefs script ignored readme_directory=pathname overrides.
Fix by Todd C. Olson.
* The tls_session_ticket_cipher documentation says that the default
cipher for TLS session tickets is aes-256-cbc, but the implemented
default was aes-128-cbc. Note that TLS session ticket keys are
rotated after 1/2 hour, to limit the impact of attacks on session
ticket keys.
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
Recursive revbump from textproc/icu 57.1
Bump PKGREVISION for security/openssl ABI bump.
Recursive revbump from textproc/icu
Set smtputf8_enable=no by default (no EAI), avoid warning spewage. Suggested by Marc Baudoin. PKGREVISION++
Update mail/postfix to 3.0.2.
Database and regexp map functionality is now split into separate packages:
- postfix-cdb
- postfix-ldap
- postfix-lmdb
- postfix-mysql
- postfix-pcre
- postfix-pgsql
- postfix-sqlite
Upstream changelog follows.
Postfix 3.0.2
-------------
No delta against 2.11.6.
Postfix 3.0.1
-------------
- Build error when compiling the Postfix SMTP server with SASL support
but no TLS support.
- The DNS "resource record to text" converter, used for xxx_dns_reply_filter
pattern matching, appended a '.' to TXT record resource values.
- The postscreen(8) manpage specified an incorrect Postfix version number
for the postscreen_dnsbl_timeout parameter.
- The postfix-install script expanded macros in parameter values when
trying to detect parameter overrides, causing unnecessary main.cf updates
during "postfix start" etc.
- Some low-level cleanup of UTF-8 string handling with no visible change
in behavior (besides better performance).
Postfix 3.0.0
-------------
- SMTPUTF8 support for internationalized domain names and address
localparts as defined in RFC 6530 and related documents.
- Support for Postfix dynamically-linked libraries and database plugins.
- An OPT-IN safety net for the selective adoption of new Postfix default
settings. If you do nothing, the old Postfix default settings *should*
remain in effect (complain to your downstream maintainer if that is not
the case).
- Support for operations on multiple lookup tables. The
pipemap:{map1,map2...} database type implements a pipeline of lookup
tables where the result from one lookup table becomes a query for
the next table; the unionmap:{map1,map2,...} database type sends the
Simplify MESSAGE.NetBSD by removing {start,stop,reload}_cmd, which are
unnecessary to set. From Edgar Fuss in PR pkg/50049.
Bump revision.
Pullup ticket #4780 - requested by taca mail/postfix: security update Revisions pulled up: - mail/postfix/Makefile 1.284 - mail/postfix/distinfo 1.160 - mail/postfix/patches/patch-ai 1.33 --- Module Name: pkgsrc Committed By: taca Date: Wed Jul 22 00:25:37 UTC 2015 Modified Files: pkgsrc/mail/postfix: Makefile distinfo pkgsrc/mail/postfix/patches: patch-ai Log Message: Update postfix to 2.11.6, security release. With all supported Postfix releases, the default settings have been updated so that they no longer enable export-grade ciphers, and no longer enable the SSLv2 and SSLv3 protocols. These ciphers and protocols have little if any legitimate use today, and have instead become a vehicle for downgrade attacks. There are no other code changes. Postfix documentation has been updated to reflect the new default settings and their rationale; the RELEASE_NOTES give suggestions for how to enable the old ciphers and protocols if your infrastructure requires them. Finally, abandoning deprecated ciphers and protocols does not really improve TLS security without measures to better authenticate remote servers. Secure DNS and TLSA are steps in that direction.
Update postfix to 2.11.6, security release. With all supported Postfix releases, the default settings have been updated so that they no longer enable export-grade ciphers, and no longer enable the SSLv2 and SSLv3 protocols. These ciphers and protocols have little if any legitimate use today, and have instead become a vehicle for downgrade attacks. There are no other code changes. Postfix documentation has been updated to reflect the new default settings and their rationale; the RELEASE_NOTES give suggestions for how to enable the old ciphers and protocols if your infrastructure requires them. Finally, abandoning deprecated ciphers and protocols does not really improve TLS security without measures to better authenticate remote servers. Secure DNS and TLSA are steps in that direction.
Recursive PKGREVISION bump for all packages mentioning 'perl', having a PKGNAME of p5-*, or depending such a package, for perl-5.22.0.
Update postfix to 2.11.5.
Fixed in Postfix 3.0 and 2.11:
* Preparation for OpenSSL 1.2 API changes.
Fixed in all supported releases:
* The sender_dependent_relayhost_maps feature ignored the relayhost
setting in the case of a DUNNO lookup result. It would use the
recipient domain instead.
Move Berkeley DB compilation definition from options.mk to Makefile and remove "bdb" option. Because Berkeley DB is always mandatory, it does not make sense to force users to enable "bdb" option to use Berkeley DB.
Revbump after updating textproc/icu
Update postfix to 2.11.4. Postfix 2.11.4 only: * Fix a core dump when smtp_policy_maps specifies an invalid TLS level. * Fix a missing " in \%s\", in postconf(1) fatal error messages, which violated the C language spec. Reported by Iain Hibbert. All supported releases: * Stop excessive recursion in the cleanup server while recovering from a virtual alias expansion loop. Problem found at Two Sigma. * Stop exponential memory allocation with virtual alias expansion loops. This came to light after fixing the previous problem.
Update postfix to 2.11.3.
Bugfix for Postfix 2.11, 2.10, 2.9 and 2.8:
* Fix for configurations that prepend message headers with Postfix
access maps, policy servers or Milter applications. Postfix now
hides its own Received: header from Milters and exposes prepended
headers to Milters, regardless of the mechanism used to prepend
a header. This fix reverts a partial solution that was released
on October 13, 2014, and replaces it with a complete solution.
Portability fix for Postfix 2.11:
* Portability fix for MacOS X 10.7.x (Darwin 11.x) build procedure.
Update postfix to 2.11.2.
Bugfixes for Postfix 2.11, 2.10, 2.9 and 2.8:
* Fix for DMARC implementations based on SPF policy plus DKIM
Milter. The PREPEND access/policy action added headers ABOVE
Postfix's own Received: header, exposing Postfix's own Received:
header to Milters (protocol violation) and hiding the PREPENDed
header from Milters. PREPENDed headers are now added BELOW
Postfix's own Received: header and remain visible to Milters.
* The Postfix SMTP server logged an incorrect client name in
reject messages for check_reverse_client_hostname_access and
check_reverse_client_hostname_{mx,ns}_access. They replied with
the verified client name, instead of the name that was rejected.
* The qmqpd daemon crashed with null pointer bug when logging a
lost connection while not in a mail transaction.
Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles.
Revbump after updating libwebp and icu
Bump for perl-5.20.0. Do it for all packages that * mention perl, or * have a directory name starting with p5-*, or * depend on a package starting with p5- like last time, for 5.18, where this didn't lead to complaints. Let me know if you have any this time.
Update postfix to 2.11.1.
Bugfixes (fixed in Postfix 2.11 and Postfix 2.12):
* With connection caching enabled (the default), recipients could
be given to the wrong mail server. The root cause was an incorrect
predicate. Due to this, the Postfix SMTP client could under
rare conditions save and restore plaintext connections that
should not be cached, under a fixed lookup key that did not
distinguish by destination. Problem reported by Sahil Tandon.
* Enforce TLS when TLSA records exist, but all are unusable.
* Don't leak memory when TLSA records exist, but all are unusable.
Workarounds:
* Prepend "-I. -I../../include" to the compiler command-line
options, to avoid name clashes with non-Postfix header files.
Documentation cleanup:
* Corrected postconf(1) manpage for missing version attribution
and incorrect "author" formatting.
* The documentation for Postfix > 2.8 TLS activity logging was
incorrect. Loglevel 0 produces no logging. Instead, information
is logged only with loglevel 1 or higher.
Logging cleanup:
* The TLS client logged that an "Untrusted" TLS connection was
established instead of "Anonymous".
* For consistency, TLS policy lookup errors are now logged as
warnings.
recursive bump from icu shlib major bump.
Recursive PKGREVISION bump for OpenSSL API version bump.
Update postfix to 2.11.0. Quote from release announce:
The main changes in no particular order are:
* Support for PKI-less TLS server certificate verification with
DANE (DNS-based Authentication of Named Entities) where the CA
public key or the server certificate is identified via DNSSEC
lookup. This requires a DNS resolver that validates DNSSEC
replies. The problem with conventional PKI is that there are
literally hundreds of organizations world-wide that can provide
a certificate in anyone's name. DANE limits trust to the people
who control the target DNS zone and its parent zones.
* Support for LMDB databases. Originally developed as part of
OpenLDAP, LMDB is the first persistent Postfix database that
can be shared among multiple writers such as postscreen daemons
(Postfix already supported shared non-persistent memcached
caches). Postfix currently requires LMDB version 0.9.11 or
later. See LMDB_README for details and limitations.
* A new postscreen_dnsbl_whitelist_threshold feature to allow
clients to skip postscreen tests based on their DNSBL score.
This can eliminate email delays due to "after 220 greeting"
protocol tests, which otherwise require that a client reconnects
before it can deliver mail. Some providers such as Google don't
retry from the same IP address, and that can result in large
email delivery delays.
* The recipient_delimiter feature now supports different delimiters,
for example both "+" and "-". As before, this implementation
recognizes exactly one delimiter character per email address,
and exactly one address extension per email address.
* Advanced master.cf query/update support to access service
attributes as "name = value" pairs. For example to turn off
chroot on all services use "postconf -F '*/*/chroot = n'", and
to change/add a "-o name=value" setting use "postconf -P
smtp/inet/name = value". This was developed primarily to allow
automated tools to manage Postfix systems without having to
parse Postfix configuration files.
Update postfix to 2.10.3.
Postfix 2.10.3, 2.9.9, and 2.8.17:
* Future proofing against OpenSSL library API changes. When support
for a bug workaround is removed from OpenSSL, the corresponding
named bit in tls_disable_workarounds will be ignored instead
of causing existing Postfix configurations to fail.
All supported releases:
* Future proofing against PCRE library API changes that introduce
the pcre_free_study() function.
* The postconf '-#' option reset prior options instead of adding
to them.
* Correct an error in MULTI_INSTANCE_README Makefile example.
* Correct an error in SASL_README PostgreSQL example.
* Correct a malformed error message in conf/post-install.
Revbump after updating textproc/icu
Update postfix package to 2.10.2. Here is brief changes.
2.10.2
* TLS Interoperability workaround: turn on SHA-2 digests by force. This
improves interoperability with clients and servers that deploy SHA-2 digests
without the required support for TLSv1.2-style digest negotiation.
* TLS Performance workaround: the Postfix SMTP server TLS session cache had
become ineffective because recent OpenSSL versions enable session tickets by
default, resulting in a different ticket encryption key for each smtpd(8)
process. The workaround turns off session tickets. Postfix 2.11 will enable
session tickets properly.
* TLS Interoperability workaround: Debian Exim versions before 4.80-3 may fail
to communicate with Postfix and possibly other MTAs, with the following Exim
SMTP client error message:
TLS error on connection to server-name [server-address]
(gnutls_handshake): The Diffie-Hellman prime sent by the server is not
acceptable (not long enough)
See the RELEASE_NOTES file for a Postfix SMTP server configuration
workaround.
* Bugfix (defect introduced: 1997): memory leak while forwarding mail with the
local(8) delivery agent, in code that handles a cleanup(8) server error.
2.10.1
* Workaround: down-stream maintainers fail to install the new
smtpd_relay_restrictions safety net, causing breakage that could have been
avoided. We now hard-code the safety net instead.
2.10.0
* Separation of relay policy (with smtpd_relay_restrictions) from spam policy
(with smtpd_{client, helo, sender, recipient}_restrictions), which makes
accidental open relay configuration less likely. The default is backwards
compatible.
* HAproxy load-balancer support for postscreen(8) and smtpd(8). The nginx
proxy was already supported by Postfix 2.9 smtpd(8), using XCLIENT commands.
* Support for the TLSv1 and TLSv2 protocols, as well as support to turn them
off if needed for inter-operability.
* Laptop-friendly configuration. By default, Postfix now uses UNIX-domain
sockets instead of FIFOs, and thus avoids MTIME file system updates on an
idle mail system.
* Revised postconf(1) command. The "-x" option expands $name in a parameter
value (both main.cf and master.cf); the "-o name=value" option overrides a
main.cf parameter setting; and postconf(1) now warns about a $name that has
no name=value setting.
* Sendmail-style "socketmap" lookup tables.
Update postfix to 2.9.8.
Changes:
2.9.8
* TLS Interoperability workaround: turn on SHA-2 digests by force.
This improves interoperability with clients and servers that
deploy SHA-2 digests without the required support for TLSv1.2-style
digest negotiation.
* TLS Performance workaround: the Postfix SMTP server TLS session
cache had become ineffective because recent OpenSSL versions
enable session tickets by default, resulting in a different
ticket encryption key for each smtpd(8) process. The workaround
turns off session tickets. Postfix 2.11 will enable session
tickets properly.
* TLS Interoperability workaround: Debian Exim versions before
4.80-3 may fail to communicate with Postfix and possibly other
MTAs, with the following Exim SMTP client error message:
TLS error on connection to server-name [server-address]
(gnutls_handshake): The Diffie-Hellman prime sent by the
server is not acceptable (not long enough)
See the RELEASE_NOTES file for a Postfix SMTP server configuration
workaround.
* Bugfix (defect introduced: 1997): memory leak while forwarding
mail with the local(8) delivery agent, in code that handles a
cleanup(8) server error.
2.9.7
* Bugfix (introduced: Postfix 2.0): when myhostname is not listed in
mydestination, the trivial-rewrite resolver may log "do not list in both
mydestination and ". The fix is to re-resolve a domain-less address after
adding $myhostname as the surrogate domain, so that it pops out with the
right address-class label. Reported by Quanah Gibson-Mount.
* Bugfix (introduced: Postfix 2.3): don't reuse TCP connections when
smtp_tls_policy_maps is specified. TLS policies may depend on the remote
destination, but the Postfix <2.11 SMTP connection cache client does not
distinguish between different destinations that resolve to the same IP
address. Victor Duchovni. Found during Postfix 2.11 code maintenance.
* Bugfix (introduced: Postfix 2.2): don't reuse TCP connections when SASL
authentication is enabled. SASL passwords may depend on the remote SMTP
server hostname, but the Postfix <2.11 SMTP connection cache client does not
distinguish between different hostnames that resolve to the same IP
address. Found during Postfix 2.11 code maintenance.
Ensure postfix is largefile aware on SunOS. Bump PKGREVISION.
Bump all packages for perl-5.18, that a) refer 'perl' in their Makefile, or b) have a directory name of p5-*, or c) have any dependency on any p5-* package Like last time, where this caused no complaints.
Massive revbump after updating graphics/ilmbase, graphics/openexr, textproc/icu.
Bump PKGREVISION for mysql default change to 55.
Update Postfix to 2.9.6. Changes from 2.8.14 are too many to write here, please refer RELEASE_NOTES.
PKGREVISION bumps for the security/openssl 1.0.1d update.
Update postfix to 2.8.14.
* The postconf(1) master.cf options parser didn't support "clusters"
of daemon command-line option letters.
* The local(8) delivery agent dereferenced a null pointer while
delivering to null command (for example, "|" in a .forward
file). Reported by Gilles Chehade.
* A memory leak fix for tls_misc.c was documented but not included.
Revbump after graphics/jpeg and textproc/icu
recursive bump from cyrus-sasl libsasl2 shlib major bump.
Update postfix to 2.8.13.
Postfix 2.8 and later:
* The postscreen_access_list feature failed to ignore case in the
first character of a command (e.g., permit, reject, etc.).
Reported by Francis Picabia. (This fix is incorrectly listed
in the HISTORY files of earlier releases, and will be removed
with a future patch.)
All supported releases:
* Strip the datalink suffix (e.g., %eth0) from IPv6 addresses
returned by the system getaddrinfo() routine. Such suffixes
break the default mynetworks value, the Postfix SMTP server's
reverse/forward DNS name/address mapping check, and possibly
more.
* To eliminate the possibility of collisions with connection cache
lookup keys, the Postfix LDAP client now computes those lookup
keys by joining the number-valued connection properties with
ASCII null, just like it already did with the string-valued
connection properties.
* There was a memory leak during one-time TLS library initialization
(introduced with Postfix 2.5). Reported by Coverity.
* There was a memory leak in the unused oqmgr(8) program (introduced
with Postfix 2.3). Reported by Coverity.
Drop PKG_DESTDIR_SUPPORT setting, "user-destdir" is default these days.
Bump all packages that use perl, or depend on a p5-* package, or are called p5-*. I hope that's all of them.
CONFLICTS with nullmailer-[0-9]*
Update postfix to 2.8.12.
All supported releases:
* The local(8) delivery agent's BIFF client leaked an unprivileged
UDP socket. Fix by Jaroslav Skarvada. This bug was introduced
19990127.
* The SMTP server did not reject the AUTH command while a MAIL
FROM transaction was in progress. Reported by Timo Sirainen.
This bug was introduced 20000314.
Postfix 2.8 and later:
* The unused "pass" trigger client could close the wrong file
descriptors. This bug was introduced with Postfix 2.8.
Update postfix to 2.8.11.
Changes from release announce:
* OpenSSL related (all supported Postfix versions).
o Some people have reported program crashes when the OpenSSL
library was updated while Postfix was accessing the Postfix
TLS session cache. To avoid this, the Postfix TLS session
cache ID now includes the OpenSSL library version number.
This cache ID is not shared via the network.
o The OpenSSL workaround introduced with the previous stable
and legacy releases did not compile with older gcc compilers.
These compilers can't handle #ifdef inside a macro invocation
(NOT: definition).
* postscreen(8) related (Postfix 2.9, Postfix 2.8).
o To avoid repeated warnings from postscreen(8) with "connect
to private/dnsblog service: Connection refused" on FreeBSD,
the dnsblog(8) daemon now uses the single_server program
driver instead of the multi_server driver. This one-line
code change has no performance impact for other systems,
and eliminates a high-frequency accept() race on a shared
socket that appears to cause trouble on FreeBSD. The same
single_server program driver has proven itself for many
years in smtpd(8). Problem reported by Sahil Tandon.
* Laptop-friendly support (all supported Postfix versions). A
little-known secret is that Postfix has always had support to
avoid unnecessary disk spin-up for MTIME updates, by doing
s/fifo/unix/ in master.cf (this is currently not supported on
Solaris systems). However, two minor fixes are needed to make
this bullet-proof.
o In laptop-friendly mode, the "postqueue -f" and "sendmail
-q" commands did not wait until their requests had reached
the pickup and qmgr servers before closing their UNIX-domain
request sockets.
o In laptop-friendly mode, the unused postkick command waited
for more than a minute because the event_drain() function
was comparing bitmasks incorrectly on systems with kqueue(2),
epoll(2) or /dev/poll support.
Update postfix package to 2.8.10.
Major changes with Postfix 2.8.10
---------------------------------
This release adds support to turn off the TLSv1.1 and TLSv1.2
protocols. Introduced with OpenSSL version 1.0.1, these are known
to cause inter-operability problems with for example hotmail.
The radical workaround is to temporarily turn off problematic
protocols globally:
/etc/postfix/main.cf:
smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtpd_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtpd_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
However, it may be better to temporarily turn off problematic
protocols for broken sites only:
/etc/postfix/main.cf:
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
/etc/postfix/tls_policy:
example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2
Important:
- Note the use of ":" instead of comma or space. Also, note that
there is NO space around the "=" in "protocols=".
- The smtp_tls_policy_maps lookup key must match the "next-hop"
destination that is given to the Postfix SMTP client. If you
override the next-hop destination with transport_maps, relayhost,
sender_dependent_relayhost_maps, or otherwise, you need to specify
the same destination for the smtp_tls_policy_maps lookup key.
Recursive bump from icu shlib major bumped to 49.
Fix for recent SunOS platforms where support for NIS+ was dropped.
Update postfix to 2.8.9.
Postfix stable release 2.8.9 is available. This contains fixes that
are already part of Postfix 2.9 and 2.10.
* The "change header" milter request could replace the wrong
header. A long header name could match a shorter one, because
a length check was done on the wrong string. Reported by
Vladimir Vassiliev.
* Core dump when postlog emitted the "usage" message, caused
by an extraneous null assignment. Reported by Kant (fnord.hammer).
You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.
More pcre PKGREVISION bumps.
Update "postfix" package to version 2.8.8. Changes since version 2.8.7: - The Postfix sqlite client, introduced with Postfix 2.8, had an embarassing bug in its quoting routine. As the result of a last-minute code cleanup before release, this routine returned the unquoted text instead of the quoted text. The opportunities for mis-use are limited: Postfix sqlite database files are usually owned by root, and Postfix daemons usually run with non-root privileges so they can't corrupt the database. This problem was reported by Rob McGee (rob0). - The Postfix 2.8.4 fix for local delivery agent database lookup errors was incomplete. The fix correctly added new code to detect database lookup errors with mailbox_transport_maps, mailbox_command_maps or fallback_transport_maps, but it failed to log the problem, and to produce a defer logfile record which is needed for "delayed mail" and "mail too old" delivery status notifications. - The trace(8) service, used for DSN SUCCESS notifications, did not distinguish between notifications for a non-bounce or a bounce message, causing it to "reply" to mail with the null sender address. Problem reported by Sabahattin Gucukoglu. - Support for Dovecot auth over TCP sockets, using code that already existed for testing purposes. Patrick Koetter kindly provided an update for the SASL_README file. - Workaround in the LDAP client for changes in the under-documented OpenLDAP API, by Victor Duchovni.
Update postfix pacakge to 2.8.7.
Postfix stable release 2.8.7 is available. This contains a workaround
for a problem that is fixed in Postfix 2.9.
* The postscreen daemon, which is not enabled by default, sent
non-compliant SMTP responses (220- followed by 421) when it
could not give a connection to a real smtpd process. These
responses caused some remote SMTP clients to return mail as
undeliverable.
The workaround is to hang up after sending 220- without sending
the 421 "sorry" reply; this is harmless.
The complete fix involves too much change for a stable release:
send the 220 greeting, wait for the EHLO command, then send
the 421 "sorry" reply and hang up.
Update postfix to 2.8.6. From release announce:
Postfix stable release 2.8.6, 2.7.7, 2.6.13 and 2.5.16 are available.
These contain fixes that are also included with the Postfix 2.9
experimental release.
* The Postfix SMTP daemon sent "bare" newline characters instead
of <CR><LF> when a header_checks REJECT pattern matched
multi-line header. This bug was introduced with Postfix 1.1.
* The Postfix SMTP daemon sent "bare" newline characters instead
of <CR><LF> when an smtpd_proxy_filter returned a multi-line
response. This bug was introduced with Postfix 2.1.
* For compatibility with future EAI (email address
internationalization) implementations, the Postfix MIME
processor no longer enforces the strict_mime_encoding_domain
check on unknown message subtypes such as message/global*.
This check is disabled by default.
* The Postfix master daemon could report a panic error
("master_spawn: at process limit") after the process limit
for some service was reduced with "postfix reload". This bug
existed in all Postfix versions.
You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.
Update postfix pacakge to 2.8.5.
[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-2.8.5.html]
Postfix stable release 2.8.5, 2.7.6, 2.6.12, and 2.5.15 are available.
These contain fixes and workarounds for the Postfix Milter client
that were already included with the Postfix 2.9 experimental release.
* The Postfix Milter client logged a "milter miltername: malformed
reply" error when a Milter sent an SMTP response without
enhanced status code (i.e. "XXX Text" instead of "XXX X.X.X
Text").
* The Postfix Milter client sent a random {client_connections}
macro value when the remote SMTP client was not subject to
any smtpd_client_* limit. As a workaround, it now sends a
zero value instead.
Update postfix package to 2.8.4.
Postfix stable release 2.8.4 is available. This contains fixes and
workarounds that were already included with the Postfix 2.9
experimental release. Where applicable these fixes will also be
made available for the legacy releases Postfix 2.5..2.7.
* Performance: a high load of DSN success notification requests
could slow down the queue manager. Solution: make the trace
client asynchronous, just like the bounce and defer clients.
* The local(8) delivery agent ignored table lookup errors in
mailbox_command_maps, mailbox_transport_maps, fallback_transport_maps
and (while bouncing mail to alias) alias owner lookup.
* Workaround: dbl.spamhaus.org rejects lookups with "No IP
queries" even if the name has an alphanumerical prefix. We
play safe, and skip both RHSBL and RHSWL queries for names
ending in a numerical suffix.
* The "sendmail -t" command reported "protocol error" instead
of "file too large", "no space left on device" etc.
* The Postfix Milter client reported a temporary error instead
of "file too large" in three cases.
* Linux kernel version 3 support. Linus Torvalds has reset the
counters for reasons not related to changes in code.
You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.
recursive bump from icu shlib major bump.
Pullup ticket #3426 - requested by taca mail/postfix security update Revisions pulled up: - mail/postfix/Makefile 1.239 - mail/postfix/distinfo 1.135 - mail/postfix/options.mk 1.36 --- Module Name: pkgsrc Committed By: taca Date: Tue May 10 13:38:24 UTC 2011 Modified Files: pkgsrc/mail/postfix: Makefile distinfo options.mk Log Message: Update postfix package to 2.8.3. * pkgsrc change: remoe mysql4 from PKG_OPTIONS. Securiy release for Memory corruption in Postfix SMTP server Cyrus SASL support: http://www.postfix.org/CVE-2011-1720.html 20110411 Cleanup: postscreen(8) and verify(8) daemons now lock their respective cache file exclusively upon open, to avoid massive cache corruption by unsupported sharing. Files: util/dict.h, util/dict_open.c, verify/verify.c, postscreen/postscreen.c. 20110414 Bugfix (introduced with Postfix SASL patch 20000314): don't reuse a server SASL handle after authentication failure. Problem reported by Thomas Jarosch of Intra2net AG. File: smtpd/smtpd_proto.c.
Update postfix package to 2.8.3. * pkgsrc change: remoe mysql4 from PKG_OPTIONS. Securiy release for Memory corruption in Postfix SMTP server Cyrus SASL support: http://www.postfix.org/CVE-2011-1720.html 20110411 Cleanup: postscreen(8) and verify(8) daemons now lock their respective cache file exclusively upon open, to avoid massive cache corruption by unsupported sharing. Files: util/dict.h, util/dict_open.c, verify/verify.c, postscreen/postscreen.c. 20110414 Bugfix (introduced with Postfix SASL patch 20000314): don't reuse a server SASL handle after authentication failure. Problem reported by Thomas Jarosch of Intra2net AG. File: smtpd/smtpd_proto.c.
Update mail/postfix pacakge to 2.8.2.
Postfix stable release 2.8.2 is available. This release has minor
fixes that are already in the experimental (2.9) release.
- Bugfix: postscreen DNSBL scoring error. When a client disconnected
and then reconnected before all DNSBL results for the earlier
session arrived, DNSBL results for the earlier session would be
added to the score for the later session. This is very unlikely
to have affected any legitimate mail.
- Workaround: the SMTP client did not support mail to [ipv6:ipv6addr].
- Portability: FreeBSD closefrom() was back-ported to FreeBSD 7,
breaking FreeBSD 7.x support retroactively.
- Portability: the SUN compiler had trouble with a pointer expression
of the form ``("text1" "text2") + constant'' so we don't try to
be so clever.
Pullup ticket #3384 - requested by taca
mail/postfix: security update
Revisions pulled up:
- mail/postfix/Makefile patch
- mail/postfix/distinfo patch
- mail/postfix/patches/patch-ag patch
---
Postfix legacy releases 2.7.3, 2.6.9, 2.5.12 and 2.4.16 are available.
These releases contain a fix for CVE-2011-0411 which allows plaintext
command injection with SMTP sessions over TLS. This defect was
introduced with Postfix version 2.2. The same flaw exists in other
implementations of the STARTTLS command.
Note: CVE-2011-0411 is an issue only for the minority of SMTP
clients that actually verify server certificates. Without server
certificate verification, clients are always vulnerable to
man-in-the-middle attacks that allow attackers to inject
plaintext commands or responses into SMTP sessions, and more.
Postfix 2.8 and 2.9 are not affected.
The following problems were fixed with the Postfix legacy releases:
* Fix for CVE-2011-0411: discard buffered plaintext input,
after reading the SMTP "STARTTLS" command or response.
* Fix to the local delivery agent: look up the "unextended"
address in the local aliases database, when that address has
a malformed address extension.
* Fix to virtual alias expansion: report a tempfail error,
instead of silently ignoring recipients that exceed the
virtual_alias_expansion_limit or the virtual_alias_recursion_limit.
* Fix for Solaris: the Postfix event engine was deaf for SIGHUP
and SIGALRM signals after the switch from select() to /dev/poll.
Symptoms were delayed "postfix reload" response, and killed
processes with watchdog timeout values under 100 seconds.
* Fix for HP-UX: the Postfix event engine was deaf for SIGALRM
signals. Symptoms were killed processes with watchdog timeout
values under 100 seconds.
* Fix for BSD-ish mkdir() to prevent maildir directories from
inheriting their group ownership from the parent directory.
* Fix to the SMTP client: missing support for mail to
[ipv6:ipv6addr] address literal destinations.
* FreeBSD back-ported closefrom() from FreeBSD 8x to 7x, breaking
Postfix builds retroactively.
Historical note:
Wietse Venema discovered the problem two weeks before the
Postfix 2.8 release, and silently fixed it pending further
investigation. While investigating the problem's scope and
impact, Victor Duchovni found that many other TLS applications
were also affected. At that point, CERT/CC was asked to coordinate
with the problem's resolution.
You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.
Update "postfix" package to version 2.8.1. Changes since version 2.7.2: Postfix stable release 2.8.0 is available. This release continues the move towards improving code and documentation, and making the system better prepared for changes in the threat environment. The postscreen daemon (a zombie blocker in front of Postfix) is now included with the stable release. postscreen now supports TLS and can log the rejected sender, recipient and helo information. See the POSTSCREEN_README file for recommended usage scenarios. Support for DNS whitelisting (permit_rhswl_client), and for pattern matching to filter the responses from DNS white/blacklist servers (e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]). Improved message tracking across SMTP-based content filters; the after-filter SMTP server can log the before-filter queue ID (the XCLIENT protocol was extended). Read-only support for sqlite databases. See sqlite_table(5) and SQLITE_README. Support for 'footers' that are appended to SMTP server "reject" responses. See "smtpd_reject_footer" in the postconf(5) manpage. This update was tested by Takahiro Kambe.
Update "postfix" package to version 2.7.2. Changes since version 2.7.1:
- Postfix no longer automatically appends the system default CA
(certificate authority) certificates, when it reads the CA
certificates specified with {smtp, lmtp, smtpd}_tls_CAfile or
with {smtp, lmtp, smtpd}_tls_CApath. This prevents third-party
certificates from getting mail relay permission with the
permit_tls_all_clientcerts feature. Unfortunately, this change
may cause compatibility problems with configurations that rely
on certificate verification for other purposes. To get the old
behavior, specify "tls_append_default_CA = yes".
- A prior fix for compatibility with Postfix < 2.3 was incomplete.
When pipe-to-command delivery fails with a signal, mail is now
correctly deferred, instead of being returned to sender.
- Poor smtpd_proxy_filter TCP performance over loopback (127.0.0.1)
connections was fixed by adapting the output buffer size to the MTU.
- The SMTP server no longer applies the reject_rhsbl_helo feature
to non-domain forms such as network addresses. This would cause
false positives with dbl.spamhaus.org.
- The Postfix SMTP server failed to deliver a "421" response and
hang up the connection after Milter error. Instead, the server
delivered a "503 Access denied" response and left the connection
open, due to some Postfix 1.1 workaround for RFC 2821.
- The milter_header_checks parser failed to enable any of the actions
that have no effect on message delivery (warn, replace, prepend,
ignore, dunno, and ok).
Reset maintainer.
Change LICENSE to cpl-1.0. This has only minor wording differences from postfix-license, of the same level of importance as changing the name of the copyright holder, rather than in the nature of the terms. Everyone believes that postfix is Open Source, and this causes postfix to fall under DEFAULT_ACCEPTABLE_LICENSES. ok martti@
Postfix stable release 2.7.1 fixes one defect in the XFORWARD
implementation (for SMTP-based content filters), improves robustness,
and has updates for changes in system or library interfaces.
* Bugfix (introduced Postfix 2.6) in the XFORWARD implementation,
which sends remote SMTP client attributes through SMTP-based
content filters. The Postfix SMTP client did not skip "unknown"
SMTP client attributes, causing a syntax error when sending
an "unknown" client PORT attribute.
* Robustness: skip LDAP queries with non-ASCII search strings,
instead of failing with a database lookup error.
* Safety: Postfix processes now log a warning when a matchlist
has a #comment at the end of a line (for example mynetworks
or relay_domains).
* Portability: OpenSSL 1.0.0 changes the priority of anonymous
cyphers.
* Portability: Mac OS 10.6.3 requires <arpa/nameser_compat.h>
instead of <nameser8_compat.h>.
* Portability: Berkeley DB 5.x is now supported.
marked as CONFLICTS with esmtp>=1.2 (bin/mailq and/or bin/newaliases)
Updated mail/postfix to 2.7.0 Postfix stable release 2.7.0 is available. For the past several releases, the focus has moved towards improving the code and documentation, and updating the system for changing environments. - Improved before-queue content filter performance. With "smtpd_proxy_options = speed_adjust", the Postfix SMTP server receives the entire message before it connects to a before-queue content filter. Typically, this allows Postfix to handle the same mail load with fewer content filter processes. - Improved address verification performance. The verify database is now persistent by default, and it is automatically cleaned periodically, Under overload conditions, the Postfix SMTP server no longer waits up to 6 seconds for an address probe to complete. - Support for reputation management based on the local SMTP client IP address. This is typically implemented with "FILTER transportname:" actions in access maps or header/body checks, and mail delivery transports in master.cf with unique smtp_bind_address values. - The postscreen daemon (a zombie-blocker in front of Postfix) is still too rough for a stable release, and will be made "mature" in the Postfix 2.8 development cycle (however you can use Postfix 2.7 with the Postfix 2.8 postscreen and dnsblog executables and master.cf configuration; this code has already proven itself). No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations. You can find Postfix version 2.7.0 at the mirrors listed at http://www.postfix.org/ The same code is also available as Postfix snapshot 2.8-20100213. Updated versions of Postfix version 2.6, 2.5 and perhaps earlier will be released with the same fixes that were already included with Postfix versions 2.7 and 2.8.
Pullup ticket #2879 - requested by martti
postfix: bug fix update
Revisions pulled up:
- mail/postfix/Makefile 1.229-1.230
- mail/postfix/distinfo 1.128
---
Module Name: pkgsrc
Committed By: heinz
Date: Sun Aug 9 21:15:31 UTC 2009
Modified Files:
pkgsrc/mail/postfix: Makefile
Log Message:
Enabled installation to DESTDIR. (OK by martti@).
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Aug 31 09:37:35 UTC 2009
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.6.5
The stable release Postfix 2.6.5 addresses the defects described
below (some already addressed with the not-announced Postfix 2.6.3
release). These defects are also addressed in the legacy releases
that are still maintained: Postfix 2.5.9, 2.4.13 and 2.3.19.
Do not use Postfix 2.6.4, 2.5.8, 2.4.12, 2.3.18, 2.7-20090807, and
2.7-20090807-nonprod. These contain a DNS workaround that causes
more trouble than it prevents. It is removed until further notice.
Defects fixed with Postfix 2.6.3, 2.5.9, 2.4.13 and 2.3.19:
- The Postfix Milter client got out of step with a Milter application
after the application sent a "quarantine" request at end-of-message
time. The Milter application would still be in the end-of-message
state, while Postfix would already be working on the next SMTP
event, typically, QUIT or MAIL FROM. In the latter case, Milter
responses for the previously-received email message would be
applied towards the next MAIL FROM transaction. This problem was
diagnosed with help from Alban Deniz.
Defects fixed with Postfix 2.6.5, 2.5.9, 2.4.13 and 2.3.19:
- The Postfix SMTP server would abort with an "unexpected lookup
table" error when an SMTPD policy server was mis-configured in a
particular way.
Updated mail/postfix to 2.6.5 The stable release Postfix 2.6.5 addresses the defects described below (some already addressed with the not-announced Postfix 2.6.3 release). These defects are also addressed in the legacy releases that are still maintained: Postfix 2.5.9, 2.4.13 and 2.3.19. Do not use Postfix 2.6.4, 2.5.8, 2.4.12, 2.3.18, 2.7-20090807, and 2.7-20090807-nonprod. These contain a DNS workaround that causes more trouble than it prevents. It is removed until further notice. Defects fixed with Postfix 2.6.3, 2.5.9, 2.4.13 and 2.3.19: - The Postfix Milter client got out of step with a Milter application after the application sent a "quarantine" request at end-of-message time. The Milter application would still be in the end-of-message state, while Postfix would already be working on the next SMTP event, typically, QUIT or MAIL FROM. In the latter case, Milter responses for the previously-received email message would be applied towards the next MAIL FROM transaction. This problem was diagnosed with help from Alban Deniz. Defects fixed with Postfix 2.6.5, 2.5.9, 2.4.13 and 2.3.19: - The Postfix SMTP server would abort with an "unexpected lookup table" error when an SMTPD policy server was mis-configured in a particular way.
Enabled installation to DESTDIR. (OK by martti@).
Updated mail/postfix to 2.6.2 Postfix stable release 2.6.2 fixes one defect in SASL support. This does not affect Postfix versions 2.5 and earlier. With plaintext SMTP sessions AND smtpd_tls_auth_only=yes AND smtp_sasl_auth_enable=yes, the SMTP server logged warnings for reject_*_sender_login_mismatch, instead of enforcing them. You can find Postfix version 2.6.2 at the mirrors listed at http://www.postfix.org/ The same fix is also available in Postfix snapshot 2.7-20090528. Postfix versions 2.5 and earlier are not affected.
Updated mail/postfix to 2.6.1 Postfix stable release 2.6.1 fixes one defect in Milter support. This does not affect Postfix versions 2.5 and earlier. - Queue file corruption under very specific conditions: (smtpd_milters or non_smtpd_milters) enabled, AND delay_warning_time enabled, AND mail delivery delays, AND short envelope sender addresses (e.g., sendmail command-line submissions with bare usernames as the sender, but not bounce messages). The queue file would be corrupted when the delay_warning_time record was marked as "done" after sending the "your mail is delayed" notice. The defect was introduced with Postfix 2.3, but it could not cause corruption before the change dated 20090427.
Use standard location for LICENSE line (in MAINTAINER/HOMEPAGE/COMMENT block). Uncomment some commented out LICENSE lines while here.
Added sbin/postmulti to PLIST. PKGREVISION++
Pullup ticket #2764 - requested by martti postfix: bug fix update Revisions pulled up: - mail/postfix/Makefile 1.223 - mail/postfix/distinfo 1.124 --- Module Name: pkgsrc Committed By: martti Date: Wed May 13 10:32:23 UTC 2009 Modified Files: pkgsrc/mail/postfix: Makefile distinfo Log Message: Updated mail/postfix to 2.5.7 - (low) The installation/upgrade procedure did not automatically create the data_directory. - (medium) In the "new queue manager", the _destination_rate_delay code needed to postpone the job scheduler updates after delivery completion, otherwise the scheduler could loop on blocked jobs. - (low) The queue manager used <transport>_concurrency_failed_cohort_limit instead of <transport>_destination_concurrency_failed_cohort_limit as documented. - (low) The SMTP client disabled MIME parsing despite non-empty settings for smtp_header_checks, smtp_mime_header_checks, smtp_nested_header_checks, or smtp_body_checks. - (medium) The postsuper command re-enabled the SIGHUP signal when it was set to "ignore". This could result in random "Postfix integrity check failed" errors at boot time (POSIX SIGHUP death), causing Postfix not to start automatically.
Updated mail/postfix to 2.6.0 - Multi-instance support introduces a new postmulti(1) command to create/add/remove/etc. additional Postfix instances. The familiar "postfix start" etc. commands now automatically start multiple Postfix instances. The good news: nothing changes when you use only one Postfix instance. See MULTI_INSTANCE_README for details. - Multi-instance support required that some files be moved from the non-shared $config_directory to the shared $daemon_directory. The affected files are postfix-script, postfix-files and post-install. - TLS (SSL) support was updated for elliptic curve encryption. This requires OpenSSL version 0.9.9 or later. The SMTP client no longer uses the SSLv2 protocol by default. See TLS_README for details. - The Milter client now supports all Sendmail 8.14 Milter requests, including requests for rejected recipient addresses, and requests to replace the envelope sender address. See MILTER_README for details. - Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To: headers to email messages with "remote" origins (these are origins that don't match $local_header_rewrite_clients). Adding such headers breaks DKIM signatures that explicitly cover non-present headers. For compatibility with existing logfile processing software, Postfix will log ``message-id=<>'' for email messages that have no Message-Id header. - Stress-adaptive behavior is now enabled by default. This allows the Postfix SMTP server to temporarily reduce time limits and error-count limits under conditions of overload, such as a malware attack or backscatter flood. See STRESS_README for details. No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations.
Updated mail/postfix to 2.5.7 - (low) The installation/upgrade procedure did not automatically create the data_directory. - (medium) In the "new queue manager", the _destination_rate_delay code needed to postpone the job scheduler updates after delivery completion, otherwise the scheduler could loop on blocked jobs. - (low) The queue manager used <transport>_concurrency_failed_cohort_limit instead of <transport>_destination_concurrency_failed_cohort_limit as documented. - (low) The SMTP client disabled MIME parsing despite non-empty settings for smtp_header_checks, smtp_mime_header_checks, smtp_nested_header_checks, or smtp_body_checks. - (medium) The postsuper command re-enabled the SIGHUP signal when it was set to "ignore". This could result in random "Postfix integrity check failed" errors at boot time (POSIX SIGHUP death), causing Postfix not to start automatically.
Activated LICENSE=...
Pullup ticket #2621 - requested by martti postfix: security update Revisions pulled up: - mail/postfix/Makefile 1.221 - mail/postfix/distinfo 1.123 --- Module Name: pkgsrc Committed By: martti Date: Mon Jan 5 10:25:34 UTC 2009 Modified Files: pkgsrc/mail/postfix: Makefile distinfo Log Message: Updated mail/postfix to 2.5.6 - Postfix 2.5: the SMTP server did not ask for a client certificate with "smtpd_tls_req_ccert = yes". Reported by Rob Foehl. - Postfix 2.5, 2.4 and 2.3: avoid reduced TCP performance when reusing an SMTP connection with a larger than 4096-byte TCP MSS value. In practice, this could happen only with loopback (localhost) connections.
Updated mail/postfix to 2.5.6 - Postfix 2.5: the SMTP server did not ask for a client certificate with "smtpd_tls_req_ccert = yes". Reported by Rob Foehl. - Postfix 2.5, 2.4 and 2.3: avoid reduced TCP performance when reusing an SMTP connection with a larger than 4096-byte TCP MSS value. In practice, this could happen only with loopback (localhost) connections.
Pullup ticket 2518 - requested by martti
security update for postfix
- pkgsrc/mail/postfix/Makefile 1.219, 1.220
- pkgsrc/mail/postfix/distinfo 1.119
- pkgsrc/mail/postfix/patches/patch-aa 1.21
- pkgsrc/mail/postfix/patches/patch-ag 1.25
- pkgsrc/mail/postfix/patches/patch-ai 1.22
- pkgsrc/mail/postfix-current/Makefile 1.100, 1.101
- pkgsrc/mail/postfix-current/distinfo 1.46
- pkgsrc/mail/postfix-current/patches/patch-aa 1.19
- pkgsrc/mail/postfix-current/patches/patch-ag 1.17
- pkgsrc/mail/postfix-current/patches/patch-ai 1.20
Module Name: pkgsrc
Committed By: ghen
Date: Fri Aug 22 20:29:55 UTC 2008
Modified Files:
pkgsrc/mail/postfix: Makefile
pkgsrc/mail/postfix-current: Makefile
Log Message:
Add some (http) mirrors.
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Sep 4 08:25:20 UTC 2008
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
pkgsrc/mail/postfix/patches: patch-aa patch-ag patch-ai
Log Message:
Updated mail/postfix to 2.5.5
Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a
denial of service attack by a local user. There is no breach of
data confidentiality or data integrity. This problem was found by
the Postfix author during routine source code maintenance.
An on-line version of this announcement is available at
http://www.postfix.org/announcements/20080902.html
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Sep 4 08:25:31 UTC 2008
Modified Files:
pkgsrc/mail/postfix-current: Makefile distinfo
pkgsrc/mail/postfix-current/patches: patch-aa patch-ag patch-ai
Log Message:
Updated mail/postfix-current to 2.6.20080903
Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a
denial of service attack by a local user. There is no breach of
data confidentiality or data integrity. This problem was found by
the Postfix author during routine source code maintenance.
An on-line version of this announcement is available at
http://www.postfix.org/announcements/20080902.html
Updated mail/postfix to 2.5.5 Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a denial of service attack by a local user. There is no breach of data confidentiality or data integrity. This problem was found by the Postfix author during routine source code maintenance. An on-line version of this announcement is available at http://www.postfix.org/announcements/20080902.html
Add some (http) mirrors.
pullup ticket #2495 - requested by martti
postfix: update package for security fixes
revisions pulled up:
pkgsrc/mail/postfix/Makefile 1.218
pkgsrc/mail/postfix/distinfo 1.118
Module Name: pkgsrc
Committed By: martti
Date: Mon Aug 18 07:13:41 UTC 2008
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.5.4
20080804
Bugfix: dangling pointer in vstring_sprintf_prepend().
File: util/vstring.c.
20080814
Security: some systems have changed their link() semantics,
and will hardlink a symlink, contrary to POSIX and XPG4.
Sebastian Krahmer, SuSE. File: util/safe_open.c.
The solution introduces the following incompatible change:
when the target of mail delivery is a symlink, the parent
directory of that symlink must now be writable by root only
(in addition to the already existing requirement that the
symlink itself is owned by root). This change will break
legitimate configurations that deliver mail to a symbolic
link in a directory with less restrictive permissions.
Updated mail/postfix to 2.5.4 20080804 Bugfix: dangling pointer in vstring_sprintf_prepend(). File: util/vstring.c. 20080814 Security: some systems have changed their link() semantics, and will hardlink a symlink, contrary to POSIX and XPG4. Sebastian Krahmer, SuSE. File: util/safe_open.c. The solution introduces the following incompatible change: when the target of mail delivery is a symlink, the parent directory of that symlink must now be writable by root only (in addition to the already existing requirement that the symlink itself is owned by root). This change will break legitimate configurations that deliver mail to a symbolic link in a directory with less restrictive permissions.
Updated mail/postfix to 2.5.3 When a mailbox file is not owned by its recipient, the local and virtual delivery agents now log a warning and defer delivery. Specify "strict_mailbox_ownership = no" to ignore such ownership discrepancies. [HISTORY] 20080509 Bugfix: null-terminate CN comment string after sanitization. File: smtpd/smtpd.c. 20080603 Workaround: avoid "bad address pattern" errors with non-address patterns in namadr_list_match() calls. File: util/match_ops.c. 20080620 Bugfix (introduced 20080207): "cleanup -v" panic because the new "SMTP reply" request flag did not have a printable name. File: global/cleanup_strflags.c. Cleanup: using "Before-queue content filter", RFC3848 information was not added to the headers. Carlos Velasco. File smtpd/smtpd.c. 20080717 Cleanup: a poorly-implemented integer overflow check for TCP MSS calculation had the unexpected effect that people broke Postfix on LP64 systems while attempting to silence a compiler warning. File: util/vstream_tweak.c. 20080725 Paranoia: defer delivery when a mailbox file is not owned by the recipient. Requested by Sebastian Krahmer, SuSE. Specify "strict_mailbox_ownership=no" to ignore ownership discrepancies. Files: local/mailbox.c, virtual/mailbox.c.
Set data_directory's default to "/var/db/postfix" and create it properly install stage. It should be fix some problem; running tls and find command's error on start. Bump PKGREVISION.
Update Postfix to version 2.5.1 (ok martti). Major changes over 2.4.x are: - TLS (SSL) support was streamlined further, and provides a new security level based on certificate fingerprints instead of CA signatures. See TLS_README for details. - Milter support was updated from the Sendmail 8.13 feature set and now includes most of the features that were introduced with Sendmail 8.14. See MILTER_README for details. - Stress-adaptive configuration was introduced. This allows the Postfix SMTP server to temporarily adjust its rules under conditions of overload, such as a malware attack or backscatter flood. See STRESS_README for details. [pkgsrc: this obsoletes the "postfix-stress" option which provided the same functionality via a distribution patch] - The queue manager scheduler was refined. It now provides per-transport scheduling controls and allows for adjustment of the sensitivity to mail delivery (non-)errors. See SCHEDULER_README. - Security was improved by introducing a Postfix-owned data_directory for storage of randomness, caches and other non-queue data. This change avoids future security loopholes due to untrusted data sitting in root-owned files or in root-owned directories. Writes to legacy files in root-owned directories are automatically redirected to files in the new data_directory. No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations.
Move SASL conditionals to options.mk.
Per the process outlined in revbump(1), perform a recursive revbump on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@
Drop the "dovecot-sasl" option and instead enable dovecot SASL support by default (this doesn't actually depend on Dovecot for building, the code is shipped with Postfix). Set the default value for smtpd_sasl_type to "dovecot" unless cyrus SASL is enabled, too. This ensures backwards compatibility for most cases. Ok with martti, joerg.
Don't add smtpd.conf as a conf file in the dovecot-sasl case, because it doesn't exist unless sasl is defined, causing building with options dovecot-sasl and not sasl to fail.
Based on some feedback, comment out the newly added LICENSE=xxx for now. I'll re-activate this later when the global license stuff is activated.
Added LICENSE=postfix-license
Pullup ticket 2210 - requested by marrti
bugfix update for postfix
- pkgsrc/mail/postfix/Makefile 1.208
- pkgsrc/mail/postfix/distinfo 1.114
Module Name: pkgsrc
Committed By: martti
Date: Mon Oct 22 06:15:20 UTC 2007
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.4.6
- A remote SMTP client TLS certificate with an unparsable canonical
name triggered a panic error in the Postfix SMTP server (attempt
to allocate zero-length memory) while sending a request to an
SMTPD policy server.
- On backup MX servers where the queue file system is mounted with
"atime" (file read/execute access time) updates disabled, the
flush daemon would trigger mail delivery attempts once every 1000
seconds, thus rendering the maximal_backoff_time setting useless
for backup MX service.
Updated mail/postfix to 2.4.6 - A remote SMTP client TLS certificate with an unparsable canonical name triggered a panic error in the Postfix SMTP server (attempt to allocate zero-length memory) while sending a request to an SMTPD policy server. - On backup MX servers where the queue file system is mounted with "atime" (file read/execute access time) updates disabled, the flush daemon would trigger mail delivery attempts once every 1000 seconds, thus rendering the maximal_backoff_time setting useless for backup MX service.
Honor PKGMANDIR.
Updated mail/postfix to 2.4.5
MILTER bugfix:
When a milter replied with ACCEPT at or before the first RCPT
command, the cleanup server would apply the non_smtpd_milters
setting as if the message was a local submission. Problem
reported by Jukka Salmi.
MILTER bugfix:
Problem with header updates after body updates. Reported by
Jose-Marcio Martins da Cruz.
MILTER robustness:
Assorted cleanups to harden error handling in the Postfix Milter
client.
SASL workaround for Postfix SMTP client:
Some non-Cyrus SASL SMTP servers require SASL login without
authzid (authoriZation ID), i.e. the client must send only the
authcid (authentiCation ID) + the authcid's password. This is
now the default Postfix SMTP client behavior.
Loopback TCP performance workaround:
Some systems exhibited poor SMTP and Milter performance with
loopback (127.0.0.1) connections. Problem reported by Mark
Martinec.
MILTER bugfix:
When a milter replied with ACCEPT at or before the first RCPT
command, the cleanup server would apply the non_smtpd_milters
setting as if the message was a local submission. Problem
reported by Jukka Salmi.
MILTER bugfix:
Problem with header updates after body updates. Reported by
Jose-Marcio Martins da Cruz.
MILTER robustness:
Assorted cleanups to harden error handling in the Postfix Milter
client.
SASL workaround for Postfix SMTP client:
Some non-Cyrus SASL SMTP servers require SASL login without
authzid (authoriZation ID), i.e. the client must send only the
Updated mail/postfix to 2.4.3 20070425 Bugfix: don't falsely report "lost connection from localhost[127.0.0.1]" when Postfix is being portscanned. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c. 20070430 Robustness: recommend a "0" process limit for policy servers to avoid "connection refused" problems when the smtpd process limit exceeds the default process limit. File: proto/SMTPD_POLICY_README.html. 20070501 Safety: when IPv6 (or IPv4) is turned off, don't treat an IPv6 (or IPv4) connection from e.g. inetd as if it comes from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c. 20070508 Bugfix: Content-Transfer-Encoding: attribute values are case insensitive. File: src/cleanup/cleanup_message.c. 20070514 Bugfix: mailbox_transport(_maps) and fallback_transport(_maps) were broken when used with the error(8) or discard(8) transports. Cause: insufficient documentation. Files: error/error.c, discard/discard.c. 20070520 Bugfix (problem introduced Postfix 2.3): when DSN support was introduced it broke "agressive" recipient duplicate elimination with "enable_original_recipient = no". File: cleanup/cleanup_out_recipient.c. 20070529 Bugfix (introduced Postfix 2.3): the sendmail/postdrop commands would hang when trying to submit a message larger than the per-message size limit. File: postdrop/postdrop.c. 20070530 Sabotage the saboteur who insists on breaking Postfix by adding gethostbyname() calls that cause maildir delivery to fail when the machine name is not found in /etc/hosts, or that cause Postfix processes to hang when the network is down. 20070531 Portability: Victor helpfully pointed out that change 20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.
Use INSTALL_MAN instead of INSTALL_SCRIPT to install qshape.1
Updated mail/postfix to 2.4.1 20070331 Bugfix (introduced Postfix 2.3): segfault with HOLD action in access/header_checks/body_checks on 64-bit platforms. File: cleanup/cleanup_api.c. 20070402 Portability (introduced 20070325): the fix for hardlinks and symlinks in postfix-install forgot to work around shells where "IFS=/ command" makes the IFS setting permanent. This is allowed by some broken standard, and affects Solaris. File: postfix-install. Portability (introduced 20070212): the workaround for non-existent library bugs with descriptors >= FD_SETSIZE broke with "fcntl F_DUPFD: Invalid argument" on 64-bit Solaris. Files: master/multi_server.c, *qmgr/qmgr_transport.c. 20070421 Cleanup: on (Linux) platforms that cripple signal handlers with deadlock, "postfix stop" now forcefully stops all the processes in the master's process group, not just the master process alone. File: conf/postfix-script.
Install qshape(1) manpage. Bump PKGREVISION.
Updated mail/postfix to 2.4.0 The footprint of new features with Postfix 2.4.0 is significantly smaller than with earlier releases. And that is the whole point of approaching completeness: fewer visible changes. Below is a brief summary of what has changed. See the RELEASE_NOTES file for more, including compatibility issues that may affect your site. The HISTORY file gives a blow-by-blow account of what happened over the past year. Wietse - Postfix can now manage thousands of connections without needing special main.cf, master.cf, or compile-time tweaks, on systems with BSD kqueue, Solaris /dev/poll, or Linux epoll support. - Milter support for message body replacement. The resulting queue files are backwards compatible with Postfix 2.3. The existing Milter support for message header manipulations was revised and is now implemented by much simpler code. - Minor improvements in TLS session cache management and in the implementation of certificate fingerprint based authentication. A more extensive revision of TLS internals will appear first in Postfix 2.5 snapshots. - Improvements in queue manager performance when deferring large amounts of mail, or when delivering mail with lots of recipients. - Workarounds for SMTP servers that reply and hang up prematurely, for file system clocks that are out of sync, and for broken kernel lock management in POP servers.
Some pkglint fixes.
Add an option to use dovecot for SASL.
Updated mail/postfix to 2.3.7 - postmap support for NIS maps was broken with Postfix 2.3. - Workaround to avoid breaking digital signatures for malformed MIME attachments. - Incorrect handling of ![address] forms in match lists. such as mynetworks, inet_interfaces etc.
Updated mail/postfix to 2.3.5 - On Redhat Linux, a Postfix daemon could lock up while logging a warning from a signal handler before exiting. This is remedied by a low-cost re-entrancy guard for signal handlers that never return. - Message headers longer than 65535 broke the Milter protocol. To make matters worse the cleanup server could then dereference a null pointer. When Milter support is enabled, the length of each message header is now limited to 60000. - Several fixes to improve worst-case behavior of the (new) queue manager with multi-recipient mail. The queue manager now reads new recipients earlier from the queue file, instead of becoming starved while waiting for the slowest in-memory recipients to complete; and it now reads recipients in smaller chunks to avoid spending too much time not talking to delivery agents. - With remote SMTP server tarpit delays larger than the Postfix SMTP client's smtp_rset_timeout (default: 20s), the client would get out of sync with the server while reusing a connection. The symptoms were "recipient rejected .. in reply to DATA". - On FreeBSD 6.2, some Postfix daemon processes would complain once with "Error 0" after "postfix reload" and then recover. This warning is now logged only when the problem persists.
Added CHECK_HEADERS_SKIP to make the package pass the test. The postfix configuration variables look exactly like the ones produced by the configure scripts. Added POSTFIX_QUEUE_DIR to BUILD_DEFS to make it visible why VARBASE can be configured.
Updated mail/postfix to 2.3.4
Postfix 2.3 Patch 04 fixes minor problems as detailed in the change
history below. The patch as well as complete source code tarballs
were uploaded last week to the mirrors listed at http://www.postfix.org/
20060831
Bugfix (introduced with initial implementation): missing
"dict_errno = 0" caused mis-leading error messages after
non-error lookup failure. Victor Duchovni. File:
util/dict_cidr.c.
Robustness: the default TLS cipher lists were changed from
!foo:ALL into ALL:!foo. Victor Duchovni. Files:
global/mail_params.h and documentation.
20060902
Bugfix (introduced Postfix 2.3): the LMTP client stripped
"inet": from the next-hop destination, but still used the
complete next-hop from the delivery request. File:
smtp/smtp_connect.c.
20060903
Cleanup: record loop detection. File: global/record.c.
20060929
Workaround: AIX 5.[1-3] getaddrinfo() creates socket address
structures with a non-zero port value. This breaks the
smtp_bind_address etc. features, and breaks inet_interfaces
settings with only one IP address. Problem reported by
Hamish Marson. Files: util/sock_addr.[hc], util/myaddrinfo.c.
Bugfix (introduced with the Postfix TLS patch): memory leak
in verify_extract_peer(). The OpenSSL documentation provides
no information on how subjectAltNames are managed. Sam
Rushing, ironport. File: tls/tls_client.c.
Bugfix (introduced with Postfix 2.2): smtp_generic_maps
turned on MIME conversion. File: smtp/smtp_proto.c.
Workaround: don't send SIZE information in the MAIL FROM
command when message content will be subject to 8bit ->
quoted-printable conversion. File: smtp/smtp_proto.c.
20061002
Compatibility: Sendmail now invokes the Milter connect
action with the verified hostname instead of the name
obtained with PTR lookup. File: smtpd/smtpd.c.
20061004
Cleanup: force space between mailq queueid+status and file
size items. File: showq/showq.c.
20061015
Cleanup: convert the Milter {mail_addr} and {rcpt_addr}
macro values to external form. File: smtpd/smtpd_milter.c.
Cleanup: the Milter {mail_addr} and {rcpt_addr} macros are
now available with non-SMTP mail. File: cleanup/cleanup_milter.c.
Cleanup: convert addresses in Milter recipient add/delete
requests to internal form. File: cleanup/cleanup_milter.c.
Cleanup: with non-SMTP mail, convert addresses in simulated
MAIL FROM and RCPT TO events to external form. File:
cleanup/cleanup_milter.c.
20061017
Cleanup: removed spurious warning when the cleanup server
attempts to bounce mail with soft_bounce=yes. Problem
reported by Ralf Hildebrandt. File: cleanup/cleanup_bounce.c.
Bugfix: null pointer bug when receiving a non-protocol
response on a cached SMTP/LMTP connection. Report by Brian
Kantor. Fix by Victor Duchovni. File: smtp/smtp_reuse.c.
More pkglint -Wall fixes.
Remove patch-ab and "rm -f auxiliary/MacOSX/Postfix.StartupItem/Postfix" in post-extract. I exchanges few mails with Wietse and he refused to fix the "==" lines and instructed me to simply remove the offending file. Instead of having a patch for a file which is not used by pkgsrc I think it makes sense to remove it.
Substitute _file_ with i to make pkglint happy.
Split SUBST_SED.postfix
Fixed few pkglint warnings.
Fixed few pkglint warnings.
Fixed few pkglint warnings.
Updated mail/postfix-2.3.3 - File corruption while executing a Milter "header insert" action with headers-only mail (found with dk-filter). Delivery agents would go into an infinite loop because some queue file update had been done in the wrong order. As a precaution, delivery agents now detect such loops, and the queue manager now saves such mail to the "corrupt" directory. - Segmentation fault in the SMTP client while saving a cached connection with unsent data. Postfix indexed some table with -1, because some I/O cleanup had been done in the wrong order. The same problem should exist in Postfix 2.2. - Postfix no longer announces its name in delivery status notifications. All other details of the default bounce text remain unchanged. The reason for this change is that too many people believe that Wietse provides a free helpdesk service that solves all their email problems.
Accept NetBSD 4.* as NETBSD4 to compile on NetBSD current. Bump PKGREVISION.
Pullup ticket 1767 - requested by ghen
bugfix update for postfix
Patch provided by the submitter.
This patch is a back-port of fixes from Postfix 2.3. The main
changes are:
- The PostgreSQL client was updated after major database API changes
in response to PostgreSQL security issues. This breaks support for
PGSQL versions prior to 8.1.4, 8.0.8, 7.4.13, and 7.3.15. Support
for these older releases requires major code changes that will have
to wait until Postfix 2.4.
- The Postfix SMTP client enforced Mandatory TLS only when talking
to an ESMTP server; enforcement did not happen if Postfix could
somehow be forced to send HELO instead of EHLO. This is minor
compared to the DNS spoofing issues that were fixed with Postfix
2.2.10.
Updated mail/postfix to 2.3.2 - Corrupted queue file after a request to modify a short message header, when that header was the last one in the message. - Panic after spurious Milter request when a client was rejected with "smtpd_delay_reject = no". - The Milter client is now more tolerant for redundant "data cleanup" requests. This avoids panic() calls for harmless conditions.
Updated mail/postfix to 2.3.1 Main changes in TLS support: - The Postfix SMTP client enforced mandatory TLS only when talking to an ESMTP server; enforcement did not happen if Postfix could somehow be forced to send HELO instead of EHLO. This problem also exists in Postfix 2.2, where it is is fixed with Postfix 2.2 patch 11. This is minor compared to the DNS spoofing issues that were fixed with Postfix 2.2.10. - Workaround for an interoperability problem introduced with Postfix 2.3. Some buggy TLS client implementations were unable to deliver mail because the Postfix SMTP server didn't send a TLS session ID. To disable the workaround specify "smtpd_tls_always_issue_session_ids = no"; this allows non-buggy TLS clients to save some space. Main changes in Milter support: - Safety measure. After "postsuper -r", mail is no longer inspected by the Milters specified with the non_smtpd_milters parameter. This measure prevents a bad interaction with external content filters: Milters would receive incorrect SMTP client information, and could be tricked into signing or allowing untrusted messages. This change does not affect Milter applications that run behind an after-queue content filter. The behavior is detailed in the postsuper(1) manual page.
Updated mail/postfix to 2.3.0 This is the first version in the 2.3.x series, please see the release notes for full list of changes since 2.2.x before upgrading your current installation.
Fix default value of smtp_sasl_tls_security_options to use $smtp_sasl_security_options (as documented in postconf(5)) instead of $var_smtp_sasl_opts, which is never defined. This is a bug that exists in the Postfix-2.2.x series but has been fixed in the (current) Postfix-2.3.x series. This fixes PR pkg/29631 by Christoph Badura. Bump the PKGREVISION to 1.
Conflict with courier-mta.
Modify packages that set PKG_USERS and PKG_GROUPS to follow the new syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.
Pullup ticket 1340 - requested by martti
postfix update
Revisions pulled up:
- pkgsrc/mail/postfix/Makefile 1.179
- pkgsrc/mail/postfix/distinfo 1.97
Module Name: pkgsrc
Committed By: martti
Date: Fri Apr 7 09:08:30 UTC 2006
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.2.10
- "sendmail -t" did not remove the CR from lines ending in CRLF.
- Workaround for fatal errors in PCRE maps when an expression in
() matches empty text (the PCRE library returns an inappropriate
error code).
- Fixes for non-security bugs that Coverity found in code that
handles impossible error conditions.
Updated mail/postfix to 2.2.10 - "sendmail -t" did not remove the CR from lines ending in CRLF. - Workaround for fatal errors in PCRE maps when an expression in () matches empty text (the PCRE library returns an inappropriate error code). - Fixes for non-security bugs that Coverity found in code that handles impossible error conditions.
Added USE_TOOLS+=perl
Fix pkg/32498 - install PREFIX/sbin/qshape Updated postfix to 2.2.9 Most of this patch hardens the TLS implementation against DNS-based attacks, and eliminates some anomalies from the TLS per-site policy engine. See the TLS_README document for tips on how to avoid DNS-based attacks that can change the server hostname that Postfix uses for logging, for TLS per-site policies, and for server certificate verification. The patch also adds a workaround that prevents Postfix from repeatedly trying to deliver mail to domains with a malformed MX record (for example, with a null MX hostname). Postfix 2.2.9 bounces such mail immediately.
Use SUBST framework for mailer.conf as well.
Pullup ticket 1012 - requested by Martti Kuparinen
postfix packages bugfix update
Revisions pulled up:
- pkgsrc/mail/postfix/Makefile 1.175
- pkgsrc/mail/postfix/distinfo 1.95
- pkgsrc/mail/postfix/patches/patch-ai 1.15
- pkgsrc/mail/postfix-current/Makefile 1.55
- pkgsrc/mail/postfix-current/distinfo 1.20
- pkgsrc/mail/postfix-current/options.mk 1.12
Module Name: pkgsrc
Committed By: martti
Date: Tue Jan 10 06:38:15 UTC 2006
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
pkgsrc/mail/postfix/patches: patch-ai
Log Message:
Updated postfix to 2.2.8
Postfix 2.2.8 backs out a workaround for broken servers/firewalls
that created more problems than it solved.
- The Postfix 2.2.6 paranoia about malformed remote server replies
caused "multiple delivery" problems or "no delivery" problems with
broken servers/firewalls. Postfix still logs a warning but no longer
defers delivery.
---
Module Name: pkgsrc
Committed By: martti
Date: Tue Jan 10 06:39:00 UTC 2006
Modified Files:
pkgsrc/mail/postfix-current: Makefile distinfo options.mk
Log Message:
Updated postfix-current to 2.3-20060103
Updated postfix to 2.2.8 Postfix 2.2.8 backs out a workaround for broken servers/firewalls that created more problems than it solved. - The Postfix 2.2.6 paranoia about malformed remote server replies caused "multiple delivery" problems or "no delivery" problems with broken servers/firewalls. Postfix still logs a warning but no longer defers delivery.
Bump PKGREVISION due to mysql.buildlink3.mk changes (default mysql pkg has been changed to 5.x). Reminded by wiz... thanks.
Pullup ticket 992 - requested by Martti Kuparinen
run-time directory handling fix for mail/{postfix,postfix-current}
Revisions pulled up:
- pkgsrc/mail/postfix/Makefile 1.173
- pkgsrc/mail/postfix-current/Makefile 1.53
Module Name: pkgsrc
Committed By: martti
Date: Sat Dec 31 15:16:18 UTC 2005
Modified Files:
pkgsrc/mail/postfix: Makefile
pkgsrc/mail/postfix-current: Makefile
Log Message:
Add ${POSTFIX_QUEUE_DIR}/etc to OWN_DIRS. Suggested by Jeremy C. Reed.
Add ${POSTFIX_QUEUE_DIR}/etc to OWN_DIRS. Suggested by Jeremy C. Reed.
Pullup ticket 982 - requested by Martti Kuparinen
improve rc script usability of mail/postfix and mail/postfix-current
Revisions pulled up:
- pkgsrc/mail/postfix/Makefile 1.172
- pkgsrc/mail/postfix-current/Makefile 1.52
- pkgsrc/mail/postfix-current/files/postfix.sh 1.4
- pkgsrc/mail/postfix/files/postfix.sh 1.5
Module Name: pkgsrc
Committed By: martti
Date: Fri Dec 30 06:29:41 UTC 2005
Modified Files:
pkgsrc/mail/postfix: Makefile
pkgsrc/mail/postfix-current: Makefile
pkgsrc/mail/postfix-current/files: postfix.sh
pkgsrc/mail/postfix/files: postfix.sh
Log Message:
Make sure ${spooletcdir} exists. Bump PKGREVISION as this affects
the binary package.
Make sure ${spooletcdir} exists. Bump PKGREVISION as this affects
the binary package.
Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk automatically detects whether we want the pkginstall machinery to be used by the package Makefile.
Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
Updated mail/postfix to 2.2.6 Postfix 2.2 patch 06 catches up with minor fixes that were fielded earlier in the experimental Postfix 2.3 snapshots.
Pullup ticket 911 - requested by Martti Kuparinen postfix bugfix Revisions pulled up: - pkgsrc/mail/postfix/Makefile 1.168 - pkgsrc/mail/postfix/distinfo 1.93 - pkgsrc/mail/postfix/patches/patch-ac removed - pkgsrc/mail/postfix-current/Makefile 1.46 - pkgsrc/mail/postfix-current/distinfo 1.18 - pkgsrc/mail/postfix-current/patches/patch-ac removed Module Name: pkgsrc Committed By: martti Date: Wed Nov 16 06:53:14 UTC 2005 Modified Files: pkgsrc/mail/postfix: Makefile distinfo pkgsrc/mail/postfix-current: Makefile distinfo Removed Files: pkgsrc/mail/postfix-current/patches: patch-ac pkgsrc/mail/postfix/patches: patch-ac Log Message: Removed patch-ac as it was no longer needed (and in fact should not be used) according to Wietse Venema. PKGREVISION++
Removed patch-ac as it was no longer needed (and in fact should not be used) according to Wietse Venema. PKGREVISION++
The real user name in PKG_USERS does not need to be escaped with double backslashes anymore. A single backslash is enough. Changed the definition in all affected packages. For those that are not caught, an additional check is placed into bsd.pkginstall.mk.
Pullup ticket 637 - requested by Grant Beattie
portability fix for postfix
Revisions pulled up:
- pkgsrc/mail/postfix/Makefile 1.166
- pkgsrc/mail/postfix/options.mk 1.20
Module Name: pkgsrc
Committed By: grant
Date: Sun Jul 31 03:46:05 UTC 2005
Modified Files:
pkgsrc/mail/postfix: Makefile options.mk
Log Message:
use ${LDFLAGS} in AUXLIBS so the chosen libdb can be found at runtime.
fixes build on Solaris.
use ${LDFLAGS} in AUXLIBS so the chosen libdb can be found at runtime.
fixes build on Solaris.
Updated postfix to 2.2.5 Postfix 2.2.5 addresses some portability problems with LP64 platforms that broke SMTP connection caching, and makes SMTP connection caching more failure tolerant. These fixes are back-ported from the experimental (2.3) release series. The connection caching protocol has changed, so you will need to "postfix reload" after upgrading.
Updated postfix to 2.2.4
20050517
Bugfix: in a DSN report, the original recipient should not
be xtext encoded. File: bounce/bounce_notify_util.c.
20050523
Bugfix: mymalloc() panic with mistyped server host list.
File: global/dict_pgsql.c.
20040530
Bugfix: TLS MUST_NOPEERMATCH didn't work (inherited from
TLS patch), and a dangling pointer in the corresponding
error handling. File: smtp/smtp_proto.c.
20050615
Cleanup: the SMTP client now sends QUIT when the initial
HELO handshake fails. it still doesn't send QUIT when the
server greets with a [45]XX code, as that is handled in the
connection management code before a session context exists.
File: smtp/smtp_connect.c.
20050616
Bugfix: missing or mis-placed va_end() macros, found in
Postfix 2.3 code review. Files: util/netstring.c,
util/myaddrinfo.c, util/attr_clnt.c, util/vstream.c.
20050621
Portability: file descriptor passing is available for Tru64
UNIX, but AIX4 and IRIX6 will have to do without. This means
no SMTP connection caching for those platforms. Albert
Chin. File: util/sys_defs.h.
Removed POSTFIX_EXAMPLE_FILES loop as it's no longer used. Noted by Yannick Gravel in a private mail.
Updated postfix to 2.2.3 - SASL inter-operability problem causing Sendmail servers to hang up on Postfix. - Panic when a fall-back relay could not be used for a variety of reasons.
Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.
Updated postfix to 2.2.2 - A more usable REPLACE action in header/body_checks. The old version produced unexpected results. - Portability to HP-UX. - Two harmless defects in the SMTP and LMTP clients that go back to before the first Postfix release, and that were found while doing code maintenance on the experimental release.
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
Postfix 2.2.1 import. New features since 2.1.x: - built-in IPv6 and TLS (we no longer use patches--beware config changes!) - more sophisticated LDAP/MySQL/PostgreSQL support, with freeform queries - SMTP client-side connection reuse - by default, no longer rewrite message headers in mail from remote clients - can use your ISP account name for mail destined outside your machine - can selectively turn off ESMTP features in client or server - remote SMTP client resource control (the anvil server) - support for CDB, SDBM and NIS+ databases is now built into Postfix - new SMTP access control features - and more Caution: - You MUST stop 2.1.x and earlier versions before upgrading. - Use the postfix upgrade program to upgrade your main.cf/master.cf.
Updated postfix to 2.1.5nb5 * New IPv6 patch
The default location of the pkgsrc-installed rc.d scripts is now under share/examples/rc.d. The variable name already was named RCD_SCRIPTS_EXAMPLEDIR. This is from ideas from Greg Woods and others. Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism (as requested by wiz).
Fix "postfix/smtp killed by signal 11" problem.
Rename ALL_TARGET to BUILD_TARGET for consistency with other *_TARGETs. Suggested by Roland Illig, ok'd by various.
Fix thinko with previous commit -- the builtin db1 is okay to use. Bump the PKGREVISION to note the change in the default.
Use bdb.buildlink3.mk to get the DB library to use for the "hash" map type. All platforms now support the "hash" map type as a result. Remove the explicit dependencies on db4 and db2 on non-Linux and Linux, respectively. Bump the PKGREVISION.
Remove -g from compilation flags.
Updated postfix to 2.1.5 - The code to eliminate the local MTA from an MX address list did not handle the case that the local MTA could appear with different MX preferences in both inet_interfaces and proxy_interfaces. - The SMTP server's kiss-of-death message "421 Timeout exceeded" wasn't guarded by setjmp(). - The SMTP server didn't update the per-session error counter when a client was denied access with smtpd_delay_reject=no. - The Postfix sendmail command leaked file descriptors when it was unable to execute the postdrop mail submission command. - The bounce daemon sent the wrong type of bounce message when a - Plus some portability, safety and documentation fixes.
Support building STARTTLS support into Postfix without IPv6.
Reduce the number of patches needed by Postfix by using the subst framework and also by explicitly specifying more default values for Postfix parameters. Also pass -I/usr/pkg/include/sasl to the compiler when building using Cyrus SASLv2, which allows me to remove the patches that added an unnecessary USE_SASL2_AUTH check.
Rename Makefile.options to options.mk in the packages that I maintain. This follows the example of the mail/dovecot package, as suggested by <schmonz>.
Replace a few instances of ${PKGBASE} with "postfix". This has no effect
in this package, but simplifies maintaining the postfix-current package by
minimizing diffs between the two.
Convert to use bsd.options.mk. The relevant options variable to set for each package can be determined by invoking: make show-var VARNAME=PKG_OPTIONS_VAR The old options are still supported unless the variable named in PKG_OPTIONS_VAR is set within make(1) (usually via /etc/mk.conf).
Updated postfix to 2.1.4 * Bug fixes
Add CONFLICTS with the upcoming mail/fastforward update.
Teach the MESSAGE files about DOCDIR.
Install more of the example configuration files into installed examples directory. Back out modification to postfix-install that was ignoring our setting for config_directory.
Stop the proliferation of <PKG>_USE_<FOO> yes/no variables in the mail/postfix package -- create a new option "POSTFIX_OPTIONS" that is a list of optional add-ons that will be built into Postfix. Currently, it accepts any of "inet6 ldap mysql mysql4 prce sasl tls". Move the existing POSTFIX_USE_* variables into bsd.pkg.obsolete.mk. Also split out the optional add-ons into a separate Makefile.options so that the main Makefile workflow is a bit easier to understand. Lastly, collapse the pre-install target into the do-install target we run custom code for the whole install process anyway. Approved by martti.
The sample-*.cf files aren't installed, so refer the user to the SASL_README file for more info.
Rename POSTFIX_SPOOL to POSTFIX_QUEUE_DIR to more closely match the Postfix terminology.
Don't blindly run the post-install script; instead, tell the user to do so in the MESSAGE file. This makes upgrading existing Postfix installations less annoying.
Rename SHAREDIR to EXAMPLEDIR to more accurately reflect the contents and location of that directory.
/var/spool/postfix is stored in the Makefile variable POSTFIX_SPOOL. Be pedantic and substitute for it so that if we ever have a way to change it, postfix.sh will still be correct.
Use FILES_SUBST_SED instead of local make targets to do the same thing. FILES_SUBST_SED substitutes for @FOO@, so use that format for things to be replaced.
Pullup ticket 47 to the pkgsrc-2004Q2 branch, requested by Martti Kuparinen. Update postfix to 2.1.3. Module Name: pkgsrc Committed By: martti Date: Mon Jun 21 16:13:24 UTC 2004 Modified Files: pkgsrc/mail/postfix: Makefile PLIST PLIST.tls distinfo pkgsrc/mail/postfix/patches: patch-aa patch-ae patch-af patch-ag patch-ai Removed Files: pkgsrc/mail/postfix/patches: patch-ad patch-ba patch-bb patch-bc patch-bd Log Message: Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
New IPv6 patch * Bugfix: Misplaced myfree() caused a small memory leak. * Removed the colon (:) from the characters XFORWARD replaces by a question mark (IPv6 addresses looked like 2001?610?1108?5010?1 in logging).
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
Use the latest IPv6 patch
Updated postfix to 2.0.20 - The postdrop mail submission command could die with SIGHUP and abort mail submission. This was observed with mail from cron jobs. - The MySQL client aborted with complaints about multiple attempts to register the same lookup table. This was observed in the proxymap daemon. - As a workaround for agressive SMTP command pipelining clients, the Postfix SMTP server now allows SMTP clients to overshoot the SMTP server recipient limit without triggering the server hard error limit, as long as the number of excess recipients stays within a hard-coded overshoot limit of 1000. If you have such clients then you also need to specify "smtpd_error_sleep_time = 0" or else performance will be poor. - The LMTP client attempted to reuse a connection after timeout, causing protocol synchronization errors. - The trivial-rewrite server could core dump after temporary table lookup failure. This was not observed in Postfix 2.0.
Drop localized *_USE_LDAP definitions and consistently use USE_OPENLDAP instead. As announced on tech-pkg. Most notably affected are Postfix, sendmail, Samba and cyrus-saslauthd. Be sure to update your mk.conf accordingly.
indent a couple of blocks, minor whitespace tweak
Correct variable names for BUILDLINK_PREFIX.db*; BUILDLINK_PREFIX.db is only valid with buildlink2, but not with buildlink3. This fixes PR pkg/25175.
db4 is needed in Linux when POSTFIX_USE_LDAP=YES (pkg/25120 by Jukka Salmi)
New IPv6 patch
New IPv6 patch.
Updated postfix to 2.0.19 - When mail is submitted at a high rate with the Postfix sendmail command, the pickup daemon is keps busy long enough that it it terminated by the watchdog timer (a feature that prevents Postfix from locking up permanently). - Malformed addresses in SMTP commands could result in table looks with zero-length search strings, causing trouble with NIS lookups.
add CONFLICT on sendmail, which also installs bin/mailq and bin/newaliases.
install rc.subr-style script on all platforms but NetBSD-1.5 and above (which already has a suitable /etc/rc.d/postfix).
move BUILD_DEFS outside of their respective conditionals, so the not defined/value output is shown at the start of the build.
move NetBSD specific MESSAGE to its own file.
run postfix's post-install with "command_directory=prefix/sbin" argument so it can find postconf. bump PKGREVISION.
Added optional postgresql support
New IPv6 patch
Make this work on Linux.
Updated postfix to 2.0.18
- A change in the line reading routines caused unexpected results
with lines ending in EOF. This change is undone.
- A portability problem with the test command ("test -e" is not
supported on older systems, while "test -f" does the job).
Updated postfix to 2.0.17 - Portability to MacOSX: Bind8 compatibility, core dumps in mailq and postdrop, and changes in netinfo support. - Elimination of some DNS lookup problems in third-party library routines (typically resulting in localhost not being found). - More agressive delivery to sites that defer a lot of mail. - Correction of a few obscure error messages. - Several small documentation fixes. - Minor fixes for robustness problems that no-one has experienced.
bl3ify
no need for PLIST_SUBST+=PKG_SYSCONFDIR
Pullup an installation fix from Johnny Lam to the pkgsrc-2003Q4 branch, requested by Jeremy Reed. revision 1.110 date: 2003/11/26 06:03:41; author: jlam; state: Exp; lines: +2 -2 Only install smtpd.conf if we're using SASL. Fixes bulk build breakage from Al's 20031124 results.
Only install smtpd.conf if we're using SASL. Fixes bulk build breakage from Al's 20031124 results.
A few more whitespace nits.
Whitespace fixes and rearrange a few lines to group related stuff together.
* With SASL2, the correct pwcheck_method to use the /etc/sasldb2 is "auxprop". * Modify the package so that the smtpd.conf file is initially stored with the other example files and copied over to its true location via CONF_FILES. This allows modifying the postfix installation to use some other SASL authenticaion method, e.g. PLAIN with saslauthd through TLS. * Only allow using one SASL library or the other, and prefer SASL2 to SASL1.
Sync with cyrus-sasl2's buildlink2.mk reality.
Be the MAINTAINER for this package.
enable use of sasl2
Updated postfix to 2.0.16 * bug fixes * new IPv6 patch
Updated postfix to 2.0.14 * Produce a warning when host:port specifies a badly formatted numerical port. * New IPv6 patch.
s/netbsd.org/NetBSD.org/
Updated postfix to 2.0.13 - After "postfix reload", the master daemon now warns when the inet_interfaces parameter setting has changed, and ignores the change, instead of passing incorrect information to the smtp server. - After the postdrop command change with Postfix 2.0.11, the postcat command no longer recognized "maildrop" queue files as valid. - Mail could bounce when two messages were delivered simultaneously to a non-existent mailbox file. The safe_open() code that prevents race condition exploits will now try a little harder when it actually encounters a race condition. - Updated the IPv6 patch.
Updated postfix to 2.0.12 - Stricter smtpd input checks rejected invalid addresses starting with @. - Stricter postdrop input checks broke "sendmail -bs". - New "postcat -q" (search the queue for the named file) support from snapshot release because I can no longer see people suffer. - Allow <@site,@site:address> route addresses in SMTP commands. This address form was deprecated years ago. - "sendmail -q<time>" without -bd option now exits immediately, instead of waiting for input and screwing up system boot sequences. - The Postfix LMTP client used the wrong service name, causing trouble with SASL 2.1.13. - Turned off non-blocking write to pipe because too many systems gave an unexpected write() result, causing partial delivery of messages to commands like procmail.
Use tech-pkg@ in favor of packages@ as MAINTAINER for orphaned packages. Should anybody feel like they could be the maintainer for any of thewe packages, please adjust.
Remove commented out PKGREVISION line.
Update postfix to 2.0.10. - Ugly but harmless warnings from nqmgr after "postsuper -r" to requeue files that already had some recipients delivered. - The proxy_read_maps parameter did not recognize "," as separator. - The local delibery agent now defers delivery after .forward etc. file read error. - The message_size_limit was applied when running "newaliases", so that the result alias database could be truncated on systems with very small message size limits. The official release changes for bugfixes and portability issues only.
Updated the IPv6 patch. IPv6 support is activated by setting POSTFIX_USE_INET6=YES in /etc/mk.conf before building this package.
Dependency bumps, needed because of devel/pth's major bump, and related dependency bumps.
- Move all "share" files to share/examples/postfix; all of them are used as samples, either by the user or by bsd.pkg.install.mk. - Correctly handle configuration files, that is, avoid touching the conf directory directly. - Use OWN_DIRS to handle the spool directory. - Run post-install through an INSTALL script. - Sort PLIST after all these changes. - Bump PKGREVISION to 1.
Updated postfix to 2.0.9 - The SMTP client did not deliver a partial last line when someone submitted 8BITMIME mail not ending in newline via /usr/sbin/sendmail while MIME input processing was turned off, and MIME 8bit->7bit conversion was requested upon delivery.
Updated postfix to 2.0.8 - Postfix processes now abort when given a net/mask pattern with a non-zero host portion (for example, 168.100.189.2/28), instead of risking to become an open mail relay. - Workaround for file system clock drift that caused Postfix to ignore new mail (this could happen with queue file systems mounted from a server).
Update ipv6+tls patch in comment (and distinfo).
Undo PKGREVISION bump (not necessary since the whole package was updated to 2.0.7).
Add PKGREVISION=1 [wiz told me so]
- upgrade to 2.0.7 - add kim's recipient canonicalization patch. NOTE: TLS was disabled and is still disabled in this version.
(1) Publicly export the value of _OPSYS_RPATH_NAME as RPATH_FLAG;
Makefiles simply need to use this value often, for better or for
worse.
(2) Create a new variable FIX_RPATH that lists variables that should
be cleansed of -R or -rpath values if ${_USE_RPATH} is "no". By
default, FIX_RPATH contains LIBS, X11_LDFLAGS, and LDFLAGS, and
additional variables may be appended from package Makefiles.
Update tls+ipv6 patch in comment. Is it still need commented out? (Though I can't test completely either...)
Updated postfix to 2.0.6 Postfix 2.0 patchlevel 6 intends to protect vulnerable Sendmail systems against exploitation of a remote buffer overflow problem that is described in CERT advisory CA-2003-07. - Postfix now truncates non-address information in message address headers (comments, etc.) to 250 characters per address. This should rarely present a problem. Reportedly, junk mail from poorly written software can trigger the protection, but that is no great loss. - Some little fixes to documentation.
Updated postfix to 2.0.5 - The SMTP server's hard and soft error limits were off by one. With "smtpd_hard_error_limit = 1", Postfix will now disconnect after the first error, instead of the second one. - The proxymap server could deadlock when the mydestination parameter setting included a proxymapped lookup table. - Some little fixes to documentation.
Use correct tls+ipv6 patch (still in comment). Previous was for different postfix snapshot.
Make tls+ipv6 patch up to date. NOT tested at all and still commented out.
Updated postfix to 2.0.4 - The format of maildir filenames is synchronized with the present version of the maildir definition document. This format was already adopted by the 20030126 snapshot release. - The time limit on delivery to external commands was not enforced. This was broken probably some time before the first public Postfix release. - Duplicate elimination after virtual alias expansion works again. This was broken with the introduction of the original recipient attribute. - The local pickup daemon dropped incomplete records from local submissions. This was broken somewhere in the middle of 2002.
+ Use PKG_SYSCONFDIR (/usr/pkg/etc/postfix) instead of /etc/postfix for
configuration.
+ Document how to use /etc/rc.conf.d/postfix on NetBSD 1.5 and newer
to start /usr/pkg/sbin/postfix instead of /usr/sbin/postfix
+ Ensure that the postfix user and the postfix & maildrop groups exist.
Adds Darwin support, and prevents a working NetBSD postfix setup from being
broken on a "make install" of this package because the package used to
change /etc/postfix/{post-install,postfix-files,postfix-script}.
These changes are mostly from Amitai Schlair <[email protected]>,
with some tweaks by me. (Thanks Amitai!)
Instead of including bsd.pkg.install.mk directly in a package Makefile, have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set to "YES". This enforces the requirement that bsd.pkg.install.mk be included at the end of a package Makefile. Idea suggested by Julio M. Merino Vidal <jmmv at menta.net>.
- Use the latest IPv6+TLS patch (tls+ipv6-1.12-pf-2.0.3), and include it in distinfo. (still commented out.) - Comment out POSTFIX_USE_TLS part in Makefile since the patch is out of date now.
Updated postfix to 2.0.3 - Postfix 2.0 broke relocated table lookup results with mail not rejected at the SMTP port, causing "User has moved to" text to be deleted. - A widely used maildir filename generating algorithm was broken. This affects all Postfix versions with maildir support. Instead of TIME.PID_COUNT.HOST Postfix now uses TIME.DEVICE_INODE.HOST. - Postfix 2.0 gave incorrect FILTER_README instructions for sites that wish to disable virtual alias mapping before the content filter.
Use the latest IPv6+TLS patch (it's still commented-out).
Updated postfix to 2.0.2 - Added MAILER-DAEMON to the list of always recognized local addresses, since it is generated by Postfix bounces. - Bugfix: transport_errno was not reset upon successful transport map wildcard lookup after an earlier failure. - Cleanup: unnecessary warnings from the proxymap client after proxymap server disconnect. - Cleanup: Patrik Rak found a few more chattr invocations that were missed 20021209. Files: postfix-install, conf/post-install. - Cleanup: the pcre-config command can produce null outputs. - Bugfix: the virtual(8) Makefile included $(AUXLIBS) in the dependencies. - Bugfix: fixed in the snapshots 20030105 but missed in the stable release. "sendmail -bs" tried to access the proxymap service. It should not try to open any user/domain/uce related tables at all.
Re-organized the IPv6 patch stuff. The IPv6 support is still commented-out even though it seems to work now. Why commented-out? This patch also includes a TLS patch and I don't know if it's better/more stable/whatever compared to the existing TLS patch. What I'd like to have is a separate patch for IPv6 and TLS. According to the author this is available in the near future.
Updated postfix to 2.0.0.2 IMPORTANT: read the documents in /usr/pkg/share/doc/postfix/ before upgrading from Postfix 1.1. Hightlights: - MIME support (including 8bit->7bit conversion and more accurate matching of MIME headers in message bodies) - completely rewritten RBL client code - smarter handling of DNS lookup errors in UCE restrictions - virtual delivery agent without transport map for every domain - a long list of other things that are meant to improve performance or functionality without compromising what already existed.
- Added support for LDAP (provided by Ron Roskens in PR#19173, minor path fixes by me) - Sorted POSTFIX_USE_xxx options
Updated postfix to 1.1.12 - The garbage in "user@garbage"@domain address forms may cause the SMTP or LMTP client to terminate with a fatal error exit because garbage/tcp is not an existing service. This cannot be abused to cause the SMTP or LMTP client to send data into unauthorized ports.
Convert to buildlink2.
Depends on cyrus-sasl with its version. (Postfix's document claims it works with cyrus-sasl 1.5.5 at least.)
Added support for TLS. To use this, set POSTFIX_USE_TLS=YES in /etc/mk.conf. To verify the TLS support, type # /usr/pkg/sbin/postconf | grep tls Submitted by Dawid Szymanski in pkg/17570.
Make fils recognize compile options (POSTFIX_USE_MYSQL, ...)
Fixes PR 17465 by Dawid Szymanski <[email protected]>
Merge from pkgsrc-current to buildlink2 branch.
Honor "${CC}" and "${CFLAGS}" during build. This fixes PR pkg/17052
by Mipam.
Updated postfix to 1.1.11 * Cleanup: Mailbox-Line: message header labels should be X-Mailbox-Line: labels * The SMTP server now disallows RCPT TO:<"">, just like it disallows RCPT TO:<> * Replace domain.name by domain.tld in the example config files * The Postfix sendmail command did not export the MAIL_CONFIG environment setting to the postdrop command
Updated postfix to 1.1.10 (released 2002-05-14) - Bugfix: the new code for header address quoting sometimes did not null terminate strings so that arbitrary garbage could appear at the end of message headers. - Safety: user@domain@domain is no longer accepted by the permit_mx_backup UCE restriction (unless Postfix is configured with "resolve_dequoted_address = no").
Updated postfix to 1.1.9 * add a MESSAGE file to describe how to activate postfix (pkg/13335) Changes: * Close user@[email protected] source routing relaying loophole involving postfix-style virtual domains with @virtual.domain catch-all patterns * mail_addr_map() used the "wrong" @ character in addresses with multiple @. * For address localpart quoting, now quote @ as a special character everywhere, except when resolving addresses. Previously, the @ was nowhere quoted as a special character, not even in SMTP commands. * Don't allow an OK access rule lookup result for user@[email protected]. * Quote unquoted address localparts that need quoting. * The SMTP client logged and bounced the CNAME expanded recipient address, and thereby complicated trouble shooting. * The SMTP and LMTP clients bounced the quoted recipient address, resulting in too much quoting in bounce reports. * The LDAP client used the "wrong" @ character in addresses with multiple @. * Forwards "postqueue -r" compatibility with the additional queue file records that are stored by snapshot 20050512. * Specify "resolve_dequoted_address = no" to prevent Postfix from looking inside quotes for extra @ etc. characters when resolving an address. This behavior is technically more correct, but it opens a mail relay loophole with "user @domain"@domain when relaying mail to a Sendmail system.
Updated postfix to 1.1.8 - Postfix no longer attempts to build with GDBM support - The Postfix SMTP client forgot to quote whitespace etc. in a sender or recipient address when DNS lookup was turned off - Better error reporting in the postqueue command
Updated postfix to 1.1.7 - Violation of the defer_transports setting: the flush server could trigger mail delivery (as if ETRN was sent) while doing some internal housekeeping of per-destination logfiles. - Virtual mapping was broken for addresses with embedded whitespace in the recipient local part. - When the super-user runs "mailq" or "postqueue -p" (list mail queue) while the mail system is down, the postqueue command runs the showq command directly. However, postqueue did not pass on non-default configuration directory settings to the showq command, so that showq would report the default mail queue instead.
Updated postfix to 1.1.6 - The new code avoids problems with SMTP servers that will not receive mail with lines longer than the 1000 characters that are allowed by the SMTP standard. - The new code is more graceful in the handling of abnormally long message headers. It will no longer switch from "message header" to "message body" mode in the middle of an abnormally long message header line.
solaris install can only create one directory at a time
Added optional support for MySQL. To use this, set POSTFIX_USE_MYSQL=YES in /etc/mk.conf. To verify the MySQL support, type # /usr/pkg/sbin/postconf -m mysql Submitted by Dawid Szymañski in a private mail.
* Install main.cf and master.cf to /etc/postfix if they don't exist * Fixed some hardcoded paths (should fix pkg/13987)
Updated postfix to 1.1.5 - With patch 04, automatic change detection of DBM files was slightly broken (incremental updates would no longer be detected). The fix is to use separate file handles for locking and for change detection. - The trivial-rewrite server could dereference a dangling pointer after stripping a source route (@domain,domain:) from an address while append_at_myorigin=no. Although this setting is unsupported, Postfix should not SIGSEGV anyway. - The SMTP server replied with 552 (too much mail) when rejecting mail content. The SMTP standard defines no reply code for this situation, but one could argue that 550 is more appropriate. And so it shall be.
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
Deprecate POSTFIX_USE_SASL_AUTH in favor of more generic USE_SASL.
s/root/${ROOT_USER}/g, now that the definition appears in the
defs.${OPSYS}.mk files.
Remove definitions of POSTFIX_USE_PCRE and POSTFIX_USE_SASL_AUTH, which I forgot to remove them before the previous committing ;-)
Add optional SMTP authentication support with cyrus-sasl. It is enabled by POSTFIX_USE_SASL_AUTH.
Enable IPv6 support again, this time as an optional feature. Set POSTFIX_USE_INET6=YES in /etc/mk.conf to activate the IPv6 support. Please note that this IPv6 patch is NOT fully tested and has some known security issues!
* Use ${MAKE_ENV} in do-configure. Without this small fix I wasn't able to
use PCRE with postfix.
* Move BUILD_DEFS+=POSTFIX_USE_PCRE inside ".if defined(POSTFIX_USE_PCRE)"
Changed POSTFIX_PCRE to POSTFIX_USE_PCRE
Correct configuration for pcre.
Updated to 20010228pl8. Changes since 20010228pl4nb1:
20010917
Bugfix: an address extension could be appended multiple
times to the result of a canonical or virtual map lookup.
File: global/mail_addr_map.c. Fix by Victor Duchovni,
Morgan Stanley.
Bugfix: because split_addr() would split an address even
when there was no data before the recipient delimiter, the
above bug could cause an address to grow exponentially in
size. Problem reported by Victor Duchovni, Morgan Stanley.
File: global/split_addr.c.
20010918
Bugfix: the mail_addr_map() fix was almost but not quite
right. It took two clever people and several iterations of
email to really fix the mail_addr_map() problem. Thanks
to Victor Duchovni and Liviu Daia.
20011016
Bugfix: As of 20000625, Errors-To: was broken, because the
code to extract the address was not moved from recipient
address rewriting to sender address rewriting. Problem
reported by Roelof Osinga @ nisser.com. File:
cleanup/cleanup_message.c.
20011023
Bugfix: the FILTER_README content filtering example had
not been updated to include the sendmail "-i" command line
option.
20011029
Bugfix: virtual map expansion terminated early because the
detection of self-referential entries was flawed. File:
cleanup/cleanup_map1n.c.
20011031
Bugfix: mail_date() mis-formatted negative time zone offsets
with fractional hours (-03-30 instead of -0330). Fix by
Chad House, greyfirst.ca. File: global/mail_date.c.
20011103
Bugfix: Postfix would log the wrong error text when locally
submitted mail was deferred due to "soft_bounce = yes".
Bugfix: The LDAP client dropped any entries that don't have
the result_attribute, but errored out when a DN didn't
exist. The behavior is now consistent: treat non-existant
DN's in a special result attribute expansion the same as
DN's with no attribute. LaMont Jones, HP.
20011114
Bugfix: reset the smtpd command transaction log between
deliveries. File: smtpd/smtpd.c.
20011115
Bugfix: reset the smtpd command transaction log between
non-deliveries. File: smtpd/smtpd.c.
remove IPv6 patch for safety. it seems that IPv6 patch has bad sideeffect on relaying determination.
Wildcard dependency on pcre. Addresses pkg/13754.
upgrade to 20010228-pl04. changes can be found below: ftp://ftp.yoyo.org/pub/mirrors/postfix/official/postfix-20010228-pl04.RELEASE_NOTES
upgrade to postfix-20010228-pl03. changes since pl02: 20010501 Bugfix: The SMTP server's 550 in reply to DATA should be a 554 response. And it wasn't Sendmail. Claus Assman. Bugfix: the INSTALL.sh test for non-interactive upgrade broke rooted installations that specify settings via the environment. Simon Mudd. Bugfix: mailq output is now really flushed one message at a time. File: sendmail/sendmail.c. 20010507 Bugfix: with soft_bounce=yes, the SMTP server would log 5xx replies even though it would send 4xx replies to the client (Phil Howard, ipal.net). File: smtpd/smtpd_check.c. 20010523 Bugfix: postsuper's temporary file detection logic needed fixing. Bugfix: memory leak in the LDAP client module. Alain Thivillon, France Teaser - Groupe Firstream. 20010525 Bugfix: the SMTP and LMTP clients claimed that a queue file needed to be delivered again (even when all recipients were erased from the queue file) when no QUIT or RSET reply was received (by default, this does not happen with SMTP mail because the SMTP client does not wait for QUIT replies and does not send RSET to deliver mail). As a result of the same bug the LMTP client followed a dangling pointer when sending QUIT after process idle timeout while the LMTP server had disconnected. Files: smtp/smtp_proto.c, lmtp/lmtp_proto.c.
upgrade ipv6 patch. more fix for reverse lookup (!INET6 case)
use latest IPv6 patch. corrects !INET6 behavior (NetBSD PR 12876).
use postfix 20010228-pl02 from wietse.
20010403
Workaround: the mysql library can return null pointers
rather than zero-length strings.
20010404
Ergonomics: log additional information about the reason
why "mail for XXX loops back to myself", when the local
machine is the best MX host. File: smtp/smtp_addr.c.
20010406
Changed some noisy LDAP client warnings into optional
logging. LaMont Jones, util/dict_ldap.c.
20010411
Bugfix: the SMTP server now replies with 550 instead of
503 when it receives the DATA command without having received
a valid recipient address. This is needed for the Sendmail
client-side pipelining implementation. Problem reported by
Lutz Jaenicke. File: smtpd/smtpd.c.
Cleanup: shut up if chattr fails on Reiserfs and other file
systems that do not support the respective attributes.
Files: conf/postfix-script-{no,}sgid.
20010413
Ergonomics: Postfix applications now warn when a DB or DBM
file is out of date, and recommend to rebuild the table.
Files: util/dict_db.c, util/dict_dbm.c.
20010414
Bugfix: with a non-default inet_interfaces setting, the
master ignored host information in master.cf host:port
settings. Fix by Jun-ichiro itojun Hagino @ iijlab.net.
Files: master/master.h, master/master_ent.c.
20010426
Bugfix: the SMTP server did not parse invalid MAIL FROM or
RCPT TO addresses such as <first last <user@domain>> the
way it was supposed to do. I thought this was taken care
of years ago. File: smtpd/smtpd.c.
20010427
Bugfix: smtpd would reject mail instead of replying with
a 4xx temporary error code when, for example, an LDAP or
mysql server was unavailable. Remotely based on a fix by
Robert Kiessling @ de.easynet.net. File: smtpd/smtpd_check.c.
upgrade IPv6 patch (not really IPv6 problem, but a problem in patch to fix bug in original that is tickled by IPv6). avoid SEGV on reload.
upgrade IPv6 patch. correct kame stack determination. from hubert
fix pkgname to be legal - postfix-20010228-pl1 is *not* Remember: NO '-' IN PKG VERSION!
Remove unneeded '-' before ${MKDIR} or ${INSTALL_DATA_DIR}
use latest IPv6 patch. (1) issue with host:port syntax in master.cf (original bug, tickled by IPv6 support) (2) use RBL check only for IPv4 addrs
upgrade to 20010228-pl01. 20010313 Bugfix: the RFC 822 untokenizer quoted newlines inside comments. File: global/tok822_parse.c. 20010316 Cleanup: removed an extraneous warning when a queue file write error happened. 20010321 Workaround: LMTP connection caching never worked for destinations starting with unix: or inet:. File: lmtp/lmtp_connect.c. 20010322 Portability: Solaris <2.6 does not have srandom() and random() in libc. File: util/rand_sleep.c. It does not have to be cryptographically strong. Bugfix: the fast ETRN flush server could not handle [ipaddr] or domain names with one-character hostname part. This fix changes the destination to logfile name mapping, so that you need to populate the new files with "sendmail -q". The old files go away automatically. File: flush/flush.c. 20010327 Speed up mailq (sendmail -bp) display by flushing output after each file. File: showq/showq.c. Portability: missing string.h includes, %p wants (void *), Lamont Jones, HP. 20010328 Bugfix: swapped logic caused cleanup to stall when the queue file size exceeded the file size limit by less than one the VSTREAM buffer size, so that the "file too big" was detected after flushing the last queue file record. File: cleanup/cleanup.c. 20010329 Portability: workaround for missing prototype problem in dict_ldap.c. This module should move to the global directory, because it depends on Postfix main.cf parameter information.
pull latest IPv6 patch. corrects source address selection on outgoing, if config has "inet_interfaces=127.0.0.1". reported by thorpej.
resurrect, after nuking the right files in the wrong dir.
replaced by postfix pkg
Move files from postfix-current to postfix, as that's actually the
latest release (it's also in the base src).
Adresses PR 12426 by Martti Kuparinen <[email protected]>
Cleanup MKDIR usage => INSTALL_*_DIR XXX need to teach pkglint to be more picky about this
Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.
Update to postfix-19991231pl13, since the pl12 distfile isn't available any more. Fixes pkg/11725 by Damon Brodie.
upgrade to patchlevel 12. patchlevel 11 -> 12 While processing massive amounts of one-recipient mail, the Postfix queue manager could deadlock for 10 seconds while sending a bounce message. In order to remedy this, all queue manager bounce send requests are now executed asynchronously. This problem was reported by El Bunzo (webpower.nl) and by Tiger Technologies (tigertech.com).
Update to postfix-19991231-pl11. Update provided by Mipam in private mail. Remove bogus MANCOMPRESSED_IF_MANZ.
$() -> ${}
Replace MIRROR_DISTFILES and NO_CDROM with the more descriptive and
more fine-grained NO_{BIN,SRC}_ON_{FTP,CDROM} definitions.
MIRROR_DISTFILES and NO_CDROM are now dead.
Update to postfix-19991231-pl08 Major changes with postfix-19991231-pl08: ========================================= Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. Incompatible changes with postfix-19991231-pl07: ================================================ As required by RFC 822, Postfix now inserts a generic destination message header when no destination header is present. The text is specified via the undisclosed_recipients_header configuration parameter (default: "To: undisclosed-recipients:;").
Add optional support for Perl Compatible Regular Expressions (POSTFIX_PCRE)
and Variable Envelope Return Paths (POSTFIX_VERP). Handle MANINSTALL using
separate PLIST.{catinstall,maninstall} files. Record the setting of all 3.
Some more changes besides the update to which Simon beat me: Create the /var/spool/postfix on install so that "postfix check" can create the directories below it. Create /etc/postfix/postfix-scrip on "make install". Make the library Makefiles DTRT on systems that don't understand MKXXX=no. Remover owner write permission from "maildrop" binary. Adjust offsets in a couple of patches.
Update Postfix to 19991231-pl06. Addresses PR pkg/9844 from Oleg Polyanski.
replaced some commands by their ${COMMAND} counterparts
Eek, where did the "PKGNAME= mhonarc-2.2.0" come from in the previous commit??
Remove "-" from package version - noted by Hubert Feyrer.
Update to postfix 19990906-pl02. From the release notes: Incompatible changes with postfix-19990906 ========================================== - On systems that use user.lock files to protect system mailboxes against simultaneous updates, Postfix now uses /file/name.lock files while delivering to files specified in aliases/forward/include files. This is a no-op when the recipient lacks directory write permission. - The LDAP client code no longer looks up a name containing "*" because it could be abused. See the LDAP_README file for how to restore previous behavior. - The Postfix to PCRE interface now expects PCRE version 2.08. Postfix is no longer compatible with PCRE versions prior to 2.06. Major changes with postfix-19990906 =================================== Several bugfixes, none related to security. See the HISTORY file for a complete list of changes. - Postfix is now distributed under IBM Public License Version 1.0 which does not carry the controversial termination clause. The new license does have a requirement that contributors make source code available. - INSTALL.sh install/upgrade procedure that replaces existing programs and shell scripts instead of overwriting them, and that leaves existing queue files and configuration files alone. - The ugly Delivered-To: header can now be turned off selectively. The default setting is: "prepend_delivered_header = command, file, forward". Turning off the Delivered-To: header when forwarding mail is not recommended. - mysql client support by Scott Cotton and Joshua Marcus, Internet Consultants Group, Inc. See the file MYSQL_README for instructions. - reject_unauth_destination SMTP recipient restriction that rejects destinations not in $relay_domains. Unlike the check_relay_domains restriction, reject_unauth_destination ignores the client hostname. By Lamont Jones of Hewlett-Packard. - reject_unauth_pipelining SMTP *anything* restriction to stop mail from spammers that improperly use SMTP command pipelining to speed up their deliveries. - Postfix "sendmail" now issues a warning and drops privileges if installed set-uid root. - No more duplicate delivery when "postfix reload" is immediately followed by "sendmail -q". - No more "invalid argument" errors when a Postfix daemon opens a DB/DBM file while some other process is changing the file. - Portability to the Mac OS X Server, Reliant Unix, AIX 3.2.5 and Ultrix 4.3.
CAPITAL_OPSYS and OS_MAJOR_VERSION are used in one package Makefile, but calculated every time bsd.prefs.mk is read. Correct the situation, and only calculate these when they are needed. Also save a few more cycles by hardcoding the LOWER_OPSYS values for known operating systems, rather than using expensive shell echo and tr commands every time bsd.prefs.mk is read.
Some packages use bsd-style .mk files when building, and so any manual pages that are installed will be gzip-compressed, if MANZ is set, or not if MANZ is not set. If the package uses bsd-style .mk files, the variable MANCOMPRESSED_IF_MANZ should be set to a value of "yes" in the package Makefile. This replaces the previous method of specific inclusion of bsd.prefs.mk, followed by a check for MANZ and conditional assignment of MANCOMPRESSED. Add appropriate documentation, and change all necessary ocurrences in package Makefiles.
argh, package was renamed. compensate
Update to 19990601
Make this work on linux (and possibly solaris) and fix a few hardcoded path bugs: - pass OPSYS to Makefile.inc, don't hardcode NETBSD1 - command_directory, daemon_directory, share_directory, man_directory were hard-coded to /usr/pkg, bleh! - and so was the ROOT_PATH.
Repeat after me: use of the period character as the chown(8) owner/group separator is obsolete.
Fix package list handling.
Add trailing "/" to home page URL to avoid redirect on access.
pkglint: - Rename package from "postfix-19990317pl05" to "postfix-19990317p05". - Remove unnecessary and wrong usage of "DISTFILES".
Make installation work with "MANZ=1".
remove the dash from the package name
postfix-19990317-pl0 package... Based on the version perry imported.