postfix-3.11-20250223

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 34109c2385b6f97e3ae2c1a84dcf1ddb994545d1..2cae52077c73d6c1633da5000d3b42b45c3f649a 100644 (file)
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -28995,3 +28995,10 @@ Apologies for any names omitted.
        Bugfix (defect introduced: Postfix 3.10): Postfix SMTP
        client segfault while reporting a 'certificate expired'
        event. Problem reported by Oemer Gueven. File: tls/tls_verify.c.
+
+20250221
+
+       Bugfix (defect introduced: 20250210): a recent 'fix' for the
+       default smtp_tls_dane_insecure_mx_policy setting resulted in
+       unnecessary 'dnssec_probe' warnings, on systems that disable
+       DNSSEC lookups (the default). File: smtp/smtp_addr.c.

diff --git a/postfix/README_FILES/TLSRPT_README b/postfix/README_FILES/TLSRPT_README
index 415342e6a86739c51f65255d0a956813452cc264..91e72b526cd410e561a9f8f512f827692a495b86 100644 (file)
--- a/postfix/README_FILES/TLSRPT_README
+++ b/postfix/README_FILES/TLSRPT_README
@@ -49,8 +49,8 @@ TLSRPT information, are implemented and maintained by sys4 at https://
 github.com/sys4/libtlsrpt and https://github.com/sys4/tlsrpt-reporter,
 respectively.
 
-The Postfix implementation supports TLSRPT or domains with DANE (Postfix built-
-in) and MTA-STS (through an smtp_tls_policy_maps plug-in).
+The Postfix implementation supports TLSRPT for domains with DANE (Postfix
+built-in) and MTA-STS (through an smtp_tls_policy_maps plug-in).
 
 The Postfix smtp(8) client process implements the SMTP client engine. With
 "smtp_tls_connection_reuse = no", the smtp(8) client process also implements

diff --git a/postfix/html/SASL_README.html b/postfix/html/SASL_README.html
index f07a2da95ee536d8c77f5da0d970ae470b12fd89..c47672a50716d9bd106d38c5e7ad374a8f4e48e1 100644 (file)
--- a/postfix/html/SASL_README.html
+++ b/postfix/html/SASL_README.html
@@ -178,7 +178,7 @@ later. </p>
 <p> Dovecot is a POP/IMAP server that has its own configuration to
 authenticate POP/IMAP clients. When the Postfix SMTP server uses
 Dovecot SASL, it reuses parts of this configuration.  Consult the
-<a href="https://wiki.dovecot.org">Dovecot documentation</a> for how
+<a href="https://doc.dovecot.org">Dovecot documentation</a> for how
 to configure and operate the Dovecot authentication server.  </p>
 
 <h4><a name="server_dovecot_comm">Postfix to Dovecot SASL communication</a></h4>

diff --git a/postfix/html/TLSRPT_README.html b/postfix/html/TLSRPT_README.html
index bc22acf3b4f836dbb76d6d31ee9d7e02e418f8a9..877c41e3a3de1f5ea8ee7581b2bf8516ac39cf40 100644 (file)
--- a/postfix/html/TLSRPT_README.html
+++ b/postfix/html/TLSRPT_README.html
@@ -99,7 +99,7 @@ fetch, and report TLSRPT information, are implemented and maintained
 by sys4 at <a href="https://github.com/sys4/libtlsrpt">https://github.com/sys4/libtlsrpt</a> and
 <a href="https://github.com/sys4/tlsrpt-reporter">https://github.com/sys4/tlsrpt-reporter</a>, respectively. </p>
 
-<p> The Postfix implementation supports TLSRPT or domains with DANE
+<p> The Postfix implementation supports TLSRPT for domains with DANE
 (Postfix built-in) and MTA-STS (through an <a href="#mta-sts">
 smtp_tls_policy_maps plug-in</a>). </p>
 

diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html
index d50fc840fba583e0d581248ec14e95e91df23db8..bf1dd473c390d0eaac8560786e5d7b61a5e1fb2f 100644 (file)
--- a/postfix/proto/SASL_README.html
+++ b/postfix/proto/SASL_README.html
@@ -178,7 +178,7 @@ later. </p>
 <p> Dovecot is a POP/IMAP server that has its own configuration to
 authenticate POP/IMAP clients. When the Postfix SMTP server uses
 Dovecot SASL, it reuses parts of this configuration.  Consult the
-<a href="https://wiki.dovecot.org">Dovecot documentation</a> for how
+<a href="https://doc.dovecot.org">Dovecot documentation</a> for how
 to configure and operate the Dovecot authentication server.  </p>
 
 <h4><a name="server_dovecot_comm">Postfix to Dovecot SASL communication</a></h4>

diff --git a/postfix/proto/TLSRPT_README.html b/postfix/proto/TLSRPT_README.html
index 8f09e90981357072aa0b027ab906147d6f46cb58..7778a673cad8e04c08eb328bdb4b111099a4bf06 100644 (file)
--- a/postfix/proto/TLSRPT_README.html
+++ b/postfix/proto/TLSRPT_README.html
@@ -99,7 +99,7 @@ fetch, and report TLSRPT information, are implemented and maintained
 by sys4 at https://github.com/sys4/libtlsrpt and
 https://github.com/sys4/tlsrpt-reporter, respectively. </p>
 
-<p> The Postfix implementation supports TLSRPT or domains with DANE
+<p> The Postfix implementation supports TLSRPT for domains with DANE
 (Postfix built-in) and MTA-STS (through an <a href="#mta-sts">
 smtp_tls_policy_maps plug-in</a>). </p>
 

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index cb9dc1de966bf786ddae0534df761c0d81e35951..f1ebb226f86f1f1f630081c83cbfd0a456833f0c 100644 (file)
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE      "20250217"
+#define MAIL_RELEASE_DATE      "20250223"
 #define MAIL_VERSION_NUMBER    "3.11"
 
 #ifdef SNAPSHOT

diff --git a/postfix/src/smtp/smtp_addr.c b/postfix/src/smtp/smtp_addr.c
index b7a63a4ffd00b44f42ddd2b1cb3c7a2f48f7421b..476ac87c42bb757e7d3e507292648d767e1e5d5c 100644 (file)
--- a/postfix/src/smtp/smtp_addr.c
+++ b/postfix/src/smtp/smtp_addr.c
@@ -299,7 +299,8 @@ static DNS_RR *smtp_addr_list(DNS_RR *mx_names, DSN_BUF *why)
     if (mx_names->dnssec_valid)
        res_opt = RES_USE_DNSSEC;
 #ifdef USE_TLS
-    else if (smtp_tls_insecure_mx_policy > TLS_LEV_MAY)
+    else if (smtp_tls_insecure_mx_policy > TLS_LEV_MAY
+            && smtp_dns_support == SMTP_DNS_DNSSEC)
        res_opt = RES_USE_DNSSEC;
 #endif