Cleanup: documentation, in preparation for the Postfix 2.8
stable release.
+
+20110117
+
+ Bugfix (introduced Postfix alpha, or thereabouts): on HP-UX
+ the Postfix event engine was deaf for SIGALRM signals.
+ Symptoms were killed processes when the watchdog timeout
+ was less than max_idle. The fix is the same as Solaris fix
+ 20110109. Since we can't know what other systems need this,
+ the workaround is enabled by default. Files: util/sys_defs.h.
+
+ Cleanup: "smtpd_tls_eecdh_grade = strong" by default, instead
+ of snapshot-only. File: global/mail_params.h, proto/postconf.proto.
+
+ Cleanup: missing "#include <errno.h>" in util/watchdog.c.
+
+ Bugfix: when compiled without -DUSE_TLS, tlsproxy used the
+ wrong server skeleton (multi_server instead of event_server).
+ File: tlsproxy/tlsproxy.c.
+
+ Workaround: added a panic check for code that is mis-compiled
+ by the HP-UX compiler. File: postscreen/postscreen.c,
+ postscreen/postscreen.h, postscreen/postscreen_state.c.
If you upgrade from Postfix 2.6 or earlier, read RELEASE_NOTES-2.7
before proceeding.
+Major changes - restart Postfix
+-------------------------------
+
+If you upgrade from Postfix 2.6 or earlier, you must execute "postfix
+stop" and "postfix start" before you can use the postscreen(8)
+daemon. This is needed because the Postfix 2.6 "pass" master service
+type did not work reliably on some systems.
+
+If you upgrade from Postfix 2.7, or from Postfix 2.8 before July
+25, 2010, you must execute "postfix reload" (or "postfix stop"
+followed by "postfix start"). This is needed because the queue
+manager to delivery agent protocol has changed. Failure to do this
+results in repeated logging of warnings with:
+
+ warning: unexpected attribute rewrite_context ...
+
+If the warning does not go away after restarting Postfix, examine
+the output from this command:
+
+ strings -af /usr/libexec/postfix/* | grep mail_version=
+
+(where /usr/libexec/postfix is the value of main.cf:daemon_directory)
+and update the executables that have a version string that differs
+from the other programs.
+
Major changes - DNSBL/DNSWL support
-----------------------------------
This prevents a client from being logged as "NEW" after its record
expired only a little while ago.
-[Incompat 20091008] If you upgrade from Postfix 2.6 or earlier, you
-must stop and start the Postfix master daemon before you can use
-the postscreen(8) daemon. This is needed because the Postfix 2.6
-"pass" master service type did not work reliably on some systems.
-
[Feature 20091008] Prototype postscreen(8) server that runs a number
of time-consuming checks in parallel for all incoming SMTP connections,
before clients are allowed to talk to a real Postfix SMTP server.
Things to do after the stable release:
+ events.c: cache the side effects of file descriptor event
+ enable/disable operations in user space, and do bulk kernel
+ updates at event_loop() time. This can eliminate costly
+ system calls with successive event disable/enable operations
+ on the same file descriptor. This can also eliminate the
+ need for tricky code that tries to avoid the expense of
+ successive disable/enable operations. Such code is likely
+ to introduce bugs.
+
When does it pay off to send domains in the active queue
to a DNS prefetch daemon? Could this generalize to a dynamic
transport map that piggy-backs domains with the same MX
<dl>
<dt><b>none</b></dt> <dd> Don't use EECDH. Ciphers based on EECDH key
-exchange will be disabled. This is the default in official Postfix
-releases (<a href="postconf.5.html#mail_version">mail_version</a> = major.minor.patchlevel). </dd>
+exchange will be disabled. This is the default in Postfix versions
+2.6 and 2.7. </dd>
<dt><b>strong</b></dt> <dd> Use EECDH with approximately 128
bits of security at a reasonable computational cost. This is the
current best-practice trade-off between security and computational
-efficiency. This is the default in Postfix snapshot releases
-(<a href="postconf.5.html#mail_version">mail_version</a> = major.minor-releasedate). </dd>
+efficiency. This is the default in Postfix version 2.8 and later.
+</dd>
<dt><b>ultra</b></dt> <dd> Use EECDH with approximately 192 bits of
security at computational cost that is approximately twice as high
The available choices are:
.IP "\fBnone\fR"
Don't use EECDH. Ciphers based on EECDH key
-exchange will be disabled. This is the default in official Postfix
-releases (mail_version = major.minor.patchlevel).
+exchange will be disabled. This is the default in Postfix versions
+2.6 and 2.7.
.IP "\fBstrong\fR"
Use EECDH with approximately 128
bits of security at a reasonable computational cost. This is the
current best-practice trade-off between security and computational
-efficiency. This is the default in Postfix snapshot releases
-(mail_version = major.minor-releasedate).
+efficiency. This is the default in Postfix version 2.8 and later.
.IP "\fBultra\fR"
Use EECDH with approximately 192 bits of
security at computational cost that is approximately twice as high
<dl>
<dt><b>none</b></dt> <dd> Don't use EECDH. Ciphers based on EECDH key
-exchange will be disabled. This is the default in official Postfix
-releases (mail_version = major.minor.patchlevel). </dd>
+exchange will be disabled. This is the default in Postfix versions
+2.6 and 2.7. </dd>
<dt><b>strong</b></dt> <dd> Use EECDH with approximately 128
bits of security at a reasonable computational cost. This is the
current best-practice trade-off between security and computational
-efficiency. This is the default in Postfix snapshot releases
-(mail_version = major.minor-releasedate). </dd>
+efficiency. This is the default in Postfix version 2.8 and later.
+</dd>
<dt><b>ultra</b></dt> <dd> Use EECDH with approximately 192 bits of
security at computational cost that is approximately twice as high
extern char *var_smtpd_tls_dh1024_param_file;
#define VAR_SMTPD_TLS_EECDH "smtpd_tls_eecdh_grade"
-#ifdef SNAPSHOT
#define DEF_SMTPD_TLS_EECDH "strong"
-#else
-#define DEF_SMTPD_TLS_EECDH "none"
-#endif
extern char *var_smtpd_tls_eecdh;
#define VAR_SMTPD_TLS_LOGLEVEL "smtpd_tls_loglevel"
extern char *var_tlsp_tls_dh1024_param_file;
#define VAR_TLSP_TLS_EECDH "tlsproxy_tls_eecdh_grade"
-#ifdef SNAPSHOT
#define DEF_TLSP_TLS_EECDH "$" VAR_SMTPD_TLS_EECDH
-#else
-#define DEF_TLSP_TLS_EECDH "$" VAR_SMTPD_TLS_EECDH
-#endif
extern char *var_tlsp_tls_eecdh;
#define VAR_TLSP_TLS_LOGLEVEL "tlsproxy_tls_loglevel"
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20110116"
+#define MAIL_RELEASE_DATE "20110117"
#define MAIL_VERSION_NUMBER "2.9"
#ifdef SNAPSHOT
int psc_stress_cmd_time_limit; /* stressed command limit */
int psc_normal_cmd_time_limit; /* normal command time limit */
int psc_stress; /* stress level */
-int psc_check_queue_length_lowat; /* stress low-water mark */
-int psc_check_queue_length_hiwat; /* stress high-water mark */
+int psc_lowat_check_queue_length; /* stress low-water mark */
+int psc_hiwat_check_queue_length; /* stress high-water mark */
DICT *psc_dnsbl_reply; /* DNSBL name mapper */
HTABLE *psc_client_concurrency; /* per-client concurrency */
psc_normal_greet_wait =
get_mail_conf_time(VAR_PSC_GREET_WAIT, DEF_PSC_GREET_WAIT, 1, 0);
- psc_check_queue_length_lowat = .7 * var_psc_pre_queue_limit;
- psc_check_queue_length_hiwat = .9 * var_psc_pre_queue_limit;
+ psc_lowat_check_queue_length = .7 * var_psc_pre_queue_limit;
+ psc_hiwat_check_queue_length = .9 * var_psc_pre_queue_limit;
if (msg_verbose)
msg_info(VAR_PSC_CMD_TIME ": stress=%d normal=%d lowat=%d hiwat=%d",
psc_stress_cmd_time_limit, psc_normal_cmd_time_limit,
- psc_check_queue_length_lowat, psc_check_queue_length_hiwat);
+ psc_lowat_check_queue_length, psc_hiwat_check_queue_length);
+
+ if (psc_lowat_check_queue_length == 0)
+ msg_panic("compiler error: 0.7 * %d = %d", var_psc_pre_queue_limit,
+ psc_lowat_check_queue_length);
+ if (psc_hiwat_check_queue_length == 0)
+ msg_panic("compiler error: 0.9 * %d = %d", var_psc_pre_queue_limit,
+ psc_hiwat_check_queue_length);
/*
* Per-client concurrency.
extern int psc_stress_cmd_time_limit; /* stressed command limit */
extern int psc_normal_cmd_time_limit; /* normal command time limit */
extern int psc_stress; /* stress level */
-extern int psc_check_queue_length_lowat;/* stress low-water mark */
-extern int psc_check_queue_length_hiwat;/* stress high-water mark */
+extern int psc_lowat_check_queue_length;/* stress low-water mark */
+extern int psc_hiwat_check_queue_length;/* stress high-water mark */
extern DICT *psc_dnsbl_reply; /* DNSBL name mapper */
extern HTABLE *psc_client_concurrency; /* per-client concurrency */
extern void psc_acl_pre_jail_init(void);
extern ARGV *psc_acl_parse(const char *, const char *);
-extern int psc_acl_eval(PSC_STATE *,ARGV *, const char *);
+extern int psc_acl_eval(PSC_STATE *, ARGV *, const char *);
/* LICENSE
/* .ad
* Update the stress level.
*/
if (psc_stress == 0
- && psc_check_queue_length >= psc_check_queue_length_hiwat) {
+ && psc_check_queue_length >= psc_hiwat_check_queue_length) {
psc_stress = 1;
msg_info("entering STRESS mode with %d connections",
psc_check_queue_length);
* Update the stress level.
*/
if (psc_stress != 0
- && psc_check_queue_length <= psc_check_queue_length_lowat) {
+ && psc_check_queue_length <= psc_lowat_check_queue_length) {
psc_stress = 0;
msg_info("leaving STRESS mode with %d connections",
psc_check_queue_length);
* (including logging) and then invoke the tlsp_service() routine to log
* the message that says why this program will not run.
*/
- multi_server_main(argc, argv, tlsp_service,
+ event_server_main(argc, argv, tlsp_service,
0);
}
#define USE_SYSV_POLL
#ifndef NO_DEVPOLL
# define EVENTS_STYLE EVENTS_STYLE_DEVPOLL
-# define USE_WATCHDOG_PIPE
#endif
/*
extern const char *inet_ntop(int, const void *, char *, size_t);
extern int inet_pton(int, const char *, void *);
+#endif
+
+ /*
+ * Workaround: after a watchdog alarm signal, wake up from select/poll/etc.
+ * by writing to a pipe. Solaris needs this, and HP-UX apparently, too. The
+ * run-time cost is negligible so we just turn it on for all systems. As a
+ * side benefit, making this code system-independent will simplify the
+ * detection of bit-rot problems.
+ */
+#ifndef NO_WATCHDOG_PIPE
+#define USE_WATCHDOG_PIPE
#endif
/*
* watchdog timeout is less than the max_idle time.
*/
#ifdef USE_WATCHDOG_PIPE
+#include <errno.h>
#include <iostuff.h>
#include <events.h>
projects / thirdparty / postfix.git / commitdiff
