Bugfix (introduced: Postfix 3.0): the tls_session_ticket_cipher
documentation says aes-256-cbc, but the implementation was
- using aes-128-cbc (note that Postfix SMTP server and client
- processes have a limited life time).
+ using aes-128-cbc (note that Postfix session ticket keys
+ are rotated after 1/2 hour, to limit the impact of attacks
+ on session ticket keys).
20160828
Viktor Dukhovni. Files: posttls-finger/posttls-finger.c,
tls/tls.h, tls/tls_dane.c, tls/tls_verify.c, tls/tls_server.c,
tls/tls_client.c.
+
+20160911
+
+ Bugfix (introduced: Postfix 3.0): the SMTP daemon did not
+ reset a previous session's command counts before rejecting
+ a client that exceeds request or concurrency rates. File:
+ smtpd/smtpd.c.
+
+20160917
+
+ Bugfix (introduced: Postfix 3.0): the unionmap did not
+ propagate table lookup errors. Based on patch by Roel van
+ Meer. Files: util/dict_union.c, util/dict_union_test.*.
+
+20160925
+
+ Workaround (problem introduced: Postfix 2.11): to avoid
+ false "not found" errors with MySQL map queries that contain
+ UTF8-encoded text, specify "option_group = client" in Postfix
+ MySQL configuration files. This will be the default setting
+ with Postfix 3.2 and later.
# Don't forget the leading "AND"!
additional_conditions = AND status = 'paid'
+# This is necessary to make UTF8 queries work for Postfix 2.11 .. 3.1,
+# and is the default setting as of Postfix 3.2,
+option_group = client
+
A\bAd\bdd\bdi\bit\bti\bio\bon\bna\bal\bl n\bno\bot\bte\bes\bs
+Postfix 3.2 and later read [\b[c\bcl\bli\bie\ben\bnt\bt]\b] option group settings by default. To
+disable this, specify no o\bop\bpt\bti\bio\bon\bn_\b_f\bfi\bil\ble\be and specify "o\bop\bpt\bti\bio\bon\bn_\b_g\bgr\bro\bou\bup\bp =\b=" (i.e. an
+empty value).
+
+Postfix 3.1 and earlier don't read [\b[c\bcl\bli\bie\ben\bnt\bt]\b] option group settings unless a non-
+empty o\bop\bpt\bti\bio\bon\bn_\b_f\bfi\bil\ble\be or o\bop\bpt\bti\bio\bon\bn_\b_g\bgr\bro\bou\bup\bp value are specified. To enable this, specify,
+for example "o\bop\bpt\bti\bio\bon\bn_\b_g\bgr\bro\bou\bup\bp =\b= c\bcl\bli\bie\ben\bnt\bt".
+
The MySQL configuration interface setup allows for multiple mysql databases:
you can use one for a virtual table, one for an access table, and one for an
aliases table if you want.
If you upgrade from Postfix 2.11 or earlier, read RELEASE_NOTES-3.0
before proceeding.
+Workaround - UTF8 support in Postfix MySQL queries
+--------------------------------------------------
+
+Someone reported false "not found" errors with MySQL map queries
+that contain UTF8-encoded text. To avoid such errors, specify
+"option_group = client" in Postfix MySQL configuration files. This
+will be the default setting with Postfix 3.2 and later.
+
Major changes - address verification safety
-------------------------------------------
where_field = alias
# Don't forget the leading "AND"!
additional_conditions = AND status = 'paid'
+
+# This is necessary to make UTF8 queries work for Postfix 2.11 .. 3.1,
+# and is the default setting as of Postfix 3.2,
+option_group = client
</pre>
<h2>Additional notes</h2>
+<p> Postfix 3.2 and later read <b>[client]</b> option group settings
+by default. To disable this, specify no <b>option_file</b> and
+specify "<b>option_group =</b>" (i.e. an empty value). </p>
+
+<p> Postfix 3.1 and earlier don't read <b>[client]</b> option group
+settings unless a non-empty <b>option_file</b> or <b>option_group</b>
+value are specified. To enable this, specify, for example
+"<b>option_group = client</b>". </p>
+
<p> The MySQL configuration interface setup allows for multiple
mysql databases: you can use one for a virtual table, one for an
access table, and one for an aliases table if you want. </p>
<b>option_group</b>
Read options from the given group.
+ Postfix 3.1 and earlier don't read <b>[client]</b> option group set-
+ tings unless a non-empty <b>option_file</b> or <b>option_group</b> value are
+ specified. To enable this, specify, for example, "<b>option_group =</b>
+ <b>client</b>".
+
This parameter is available with Postfix 2.11 and later.
<b>tls_cert_file</b>
This parameter is available with Postfix 2.11 and later.
<b>tls_key_file</b>
- File containing the private key corresponding to <b>tls_cert_file</b>.
+ File containing the private key corresponding to <b>tls_cert_file</b>.
This parameter is available with Postfix 2.11 and later.
<b>tls_CAfile</b>
- File containing certificates for all of the X509 Certification
- Authorities the client will recognize. Takes precedence over
+ File containing certificates for all of the X509 Certification
+ Authorities the client will recognize. Takes precedence over
<b>tls_CApath</b>.
This parameter is available with Postfix 2.11 and later.
<b>tls_CApath</b>
- Directory containing X509 Certification Authority certificates
+ Directory containing X509 Certification Authority certificates
in separate individual files.
This parameter is available with Postfix 2.11 and later.
<b>tls_verify_cert (default: no)</b>
- Verify that the server's name matches the common name in the
+ Verify that the server's name matches the common name in the
certificate.
This parameter is available with Postfix 2.11 and later.
<b>OBSOLETE QUERY INTERFACE</b>
- This section describes an interface that is deprecated as of Postfix
- 2.2. It is replaced by the more general <b>query</b> interface described
- above. If the <b>query</b> parameter is defined, the legacy parameters
- described here ignored. Please migrate to the new interface as the
+ This section describes an interface that is deprecated as of Postfix
+ 2.2. It is replaced by the more general <b>query</b> interface described
+ above. If the <b>query</b> parameter is defined, the legacy parameters
+ described here ignored. Please migrate to the new interface as the
legacy interface may be removed in a future release.
- The following parameters can be used to fill in a SELECT template
+ The following parameters can be used to fill in a SELECT template
statement of the form:
SELECT [<b>select_field</b>]
[<b>additional_conditions</b>]
The specifier %s is replaced by the search string, and is escaped so if
- it contains single quotes or other odd characters, it will not cause a
+ it contains single quotes or other odd characters, it will not cause a
parse error, or worse, a security problem.
<b>select_field</b>
.IP "\fBoption_group\fR"
Read options from the given group.
.sp
+Postfix 3.1 and earlier don't read \fB[client]\fR option
+group settings unless a non\-empty \fBoption_file\fR or
+\fBoption_group\fR value are specified. To enable this,
+specify, for example, "\fBoption_group = client\fR".
+.sp
This parameter is available with Postfix 2.11 and later.
.IP "\fBtls_cert_file\fR"
File containing client's X509 certificate.
where_field = alias
# Don't forget the leading "AND"!
additional_conditions = AND status = 'paid'
+
+# This is necessary to make UTF8 queries work for Postfix 2.11 .. 3.1,
+# and is the default setting as of Postfix 3.2,
+option_group = client
</pre>
<h2>Additional notes</h2>
+<p> Postfix 3.2 and later read <b>[client]</b> option group settings
+by default. To disable this, specify no <b>option_file</b> and
+specify "<b>option_group =</b>" (i.e. an empty value). </p>
+
+<p> Postfix 3.1 and earlier don't read <b>[client]</b> option group
+settings unless a non-empty <b>option_file</b> or <b>option_group</b>
+value are specified. To enable this, specify, for example
+"<b>option_group = client</b>". </p>
+
<p> The MySQL configuration interface setup allows for multiple
mysql databases: you can use one for a virtual table, one for an
access table, and one for an aliases table if you want. </p>
# .IP "\fBoption_group\fR"
# Read options from the given group.
# .sp
+# Postfix 3.1 and earlier don't read \fB[client]\fR option
+# group settings unless a non-empty \fBoption_file\fR or
+# \fBoption_group\fR value are specified. To enable this,
+# specify, for example, "\fBoption_group = client\fR".
+# .sp
# This parameter is available with Postfix 2.11 and later.
# .IP "\fBtls_cert_file\fR"
# File containing client's X509 certificate.
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20160828"
-#define MAIL_VERSION_NUMBER "3.1.2"
+#define MAIL_RELEASE_DATE "20161001"
+#define MAIL_VERSION_NUMBER "3.1.3"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
case 0:
+ /*
+ * Reset the per-command counters.
+ */
+ for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) {
+ cmdp->success_count = cmdp->total_count = 0;
+ if (cmdp->name == 0)
+ break;
+ }
+
/*
* In TLS wrapper mode, turn on TLS using code that is shared with
* the STARTTLS command. This code does not return when the handshake
var_smtpd_sasl_opts);
#endif
- /*
- * Reset the per-command counters.
- */
- for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) {
- cmdp->success_count = cmdp->total_count = 0;
- if (cmdp->name == 0)
- break;
- }
-
/*
* The command read/execute loop.
*/
for (cpp = dict_union->map_union->argv; (dict_type_name = *cpp) != 0; cpp++) {
if ((map = dict_handle(dict_type_name)) == 0)
msg_panic("%s: dictionary \"%s\" not found", myname, dict_type_name);
- if ((result = dict_get(map, query)) == 0)
- continue;
- if (VSTRING_LEN(dict_union->re_buf) > 0)
- VSTRING_ADDCH(dict_union->re_buf, ',');
- vstring_strcat(dict_union->re_buf, result);
+ if ((result = dict_get(map, query)) != 0) {
+ if (VSTRING_LEN(dict_union->re_buf) > 0)
+ VSTRING_ADDCH(dict_union->re_buf, ',');
+ vstring_strcat(dict_union->re_buf, result);
+ } else if (map->error != 0) {
+ DICT_ERR_VAL_RETURN(dict, map->error, 0);
+ }
}
DICT_ERR_VAL_RETURN(dict, DICT_ERR_NONE,
VSTRING_LEN(dict_union->re_buf) > 0 ?
projects / thirdparty / postfix.git / commitdiff
