src/dns/ DNS client library
src/global/ Postfix-specific support routines
+ src/milter/ Postfix Milter (mail filter) client
+ src/tls/ TLS client and server support
src/util/ General-purpose support routines
+ src/xsasl/ SASL plug-in API
Command-line utilities:
src/postlock/ Postfix locking for shell scripts
src/postlog/ Postfix logging for shell scripts
src/postmap/ Postfix lookup table management
+ src/postmulti/ Postfix multi-instance manager
src/postqueue/ Postfix queue control program
src/postsuper/ Postfix house keeping program
src/sendmail/ Sendmail compatibility interface
src/bounce/ Bounce or defer mail
src/cleanup/ Canonicalize and enqueue mail
src/discard/ Trivial discard mailer
+ src/dnsblog/ DNS agent for postscreen
src/error/ Trivial error mailer
+ src/flush/ Support for ETRN, sendmail -qI, sendmail -qR
src/local/ Local delivery
src/master/ Postfix resident superserver
src/oqmgr/ Old queue manager
src/pickup/ Local pickup
src/pipe/ Pipe delivery
+ src/postscreen/ Zombie blocker
+ src/proxymap/ Table lookup proxy agent
src/qmgr/ Queue manager
src/qmqpd/ QMQPD server
+ src/scache/ Postfix SMTP session cache
src/showq/ List Postfix queue status
src/smtp/ SMTP and LMTP client
src/smtpd/ SMTP server
src/spawn/ Run non-Postfix server
src/tlsmgr/ TLS session keys and random pool
+ src/tlsproxy/ TLS proxy for postscreen
src/trivial-rewrite/ Address rewriting and resolving
src/verify/ address verification service
src/virtual/ virtual mailbox-only delivery agent
# Note: avoid hash files here. Use btree instead.
address_verify_map = btree:$data_directory/verify_cache
+ # Shared persistent cache (requires Postfix 2.9 or later).
+ address_verify_map = proxy:btree:$data_directory/verify_cache
+ # Disable automatic cache cleanup in all Postfix instances except
+ # for one instance that will be responsible for cache cleanup.
+ # address_verify_cache_cleanup_interval = 0
+
+ # Shared memory cache (requires Postfix 2.9 or later).
+ # See memcache_table(5) for details.
+ address_verify_map = memcache:/etc/postfix/verify-memcache.cf
+
# Default setting for Postfix 2.6 and earlier.
# This uses non-persistent storage only.
address_verify_map =
p\bpg\bgs\bsq\bql\bl (read-only)
Perform PostgreSQL database lookups. Configuration details are given in
pgsql_table(5).
- p\bpr\bro\box\bxy\by (read-only)
+ p\bpr\bro\box\bxy\by (read-write)
Access information via the Postfix proxymap(8) service. The lookup
table name syntax is "proxy:type:table".
r\bre\beg\bge\bex\bxp\bp (read-only)
appear on the permanent access list.
NOTE: To share a postscreen(8) cache between multiple postscreen(8)
- instances, use "postscreen_cache_map = proxy:btree:/path/to/file". This
- requires Postfix 2.9 or later; earlier proxymap(8) implementations don't
- support cache cleanup. For an alternative approach see the memcache_table
- (5) manpage.
+ instances, use "postscreen_cache_map = proxy:btree:$data_directory/
+ postscreen_cache", and disable cache cleanup
+ (postscreen_cache_cleanup_interval = 0) in all postscreen(8) instances
+ except one that is responsible for cache cleanup.
+
+ postscreen(8) cache sharing requires Postfix 2.9 or later; earlier proxymap
+ (8) implementations don't support cache cleanup.
+
+ For an alternative postscreen(8) cache sharing approach see the
+ memcache_table(5) manpage.
When the SMTP client address appears on the temporary whitelist, postscreen(8)
logs this with the client address and port number as:
-The stable Postfix release is called postfix-2.8.x where 2=major
-release number, 8=minor release number, x=patchlevel. The stable
+The stable Postfix release is called postfix-2.9.x where 2=major
+release number, 9=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
-postfix-2.9-yyyymmdd where yyyymmdd is the release date (yyyy=year,
+postfix-2.10-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
-If you upgrade from Postfix 2.7 or earlier, read RELEASE_NOTES-2.8
+If you upgrade from Postfix 2.8 or earlier, read RELEASE_NOTES-2.9
before proceeding.
-
-Incompatible changes with snapshot 20120114
-===========================================
-
-Instead of terminating immediately with a "fatal" message when a
-database file can't be opened, a Postfix daemon program now logs
-an "error" message, and continues execution with reduced functionality.
-
-Specify "daemon_table_open_error_is_fatal = yes" to get the
-historical behavior (immediate termination with "fatal" message).
-
-Logfile-based alerting systems may need to be updated to look for
-"error" messages in addition to "fatal" messages.
-
-By default the Postfix SMTP server no longer reports transcripts
-of sessions where a client command is rejected because a table is
-unavailable. To receive such reports, add the new "data" class to
-the notify_classes parameter value. The reports will be sent to the
-error_notice_recipient address as before. This class is also used
-by the Postfix SMTP client to report about sessions that fail because
-a table is unavailable
-
-Major changes with snapshot 20120114
-====================================
-
-Gradual degradation after database file open error. Instead of
-terminating immediately with a "fatal" message, a Postfix daemon
-program logs an "error" message, and continues execution with reduced
-functionality.
-
-Features that don't depend on the unavailable table will keep
-working; features that depend on the table will fail, and will be
-logged with a "warning" message. For the sake of sanity, the number
-of "error"s over the life of a process is limited to 13.
-
-Specify "daemon_table_open_error_is_fatal = yes" to get the
-historical behavior (immediate termination with "fatal" message).
-
-When the notify_classes parameter contains the new "data" class,
-the Postfix SMTP client and server will report transcripts of
-sessions with errors because a table is unavailable.
-
-Major changes with snapshot 20120108
-====================================
-
-The LDAP, *SQL and memcache clients now "catch" table lookup errors
-in the "domain" feature, instead of terminating with a fatal error.
-
-Major changes with snapshot 20120102
-====================================
-
-Degrade gradually when some or all network protocols specified
-with inet_protocols are unavailable, instead of terminating with a
-fatal error. This eliminates build errors on non-standard systems
-where opening an IPv4 socket results in an error, and on non-standard
-systems where opening an IPv6 socket results in an error. In the
-worst case, the master daemon will log a message that it disables
-all type "inet" services. This will still allow local submission
-and local delivery.
-
-Major changes with snapshot 20111222
-====================================
-
-The Postfix SMTP server now "catches" errors with database lookups
-in mynetworks, TLS client certificate tables, debug_peer_list,
-smtpd_client_event_limit_exceptions, permit_mx_backup_networks and
-local_header_rewrite_clients, and reports "server configuration
-error" or "table lookup error" instead of terminating with a fatal
-error.
-
-Major changes with snapshot 20111229
-====================================
-
-The trivial-rewrite server now "catches" errors with database lookups
-in virtual_alias_domains, relay_domains, virtual_mailbox_domains,
-instead of terminating with a fatal error. This means fewer occasions
-where trivial-rewrite clients (such as the SMTP server) will appear
-to hang.
-
-Incompatible changes with snapshot 20111218
-===========================================
-
-To support external SASL authentication, the Postfix SMTP server
-now always checks the smtpd_sender_login_maps table, even without
-having "smtpd_sasl_auth_enable = yes" in main.cf.
-
-Major changes with snapshot 20111218
-====================================
-
-Support for external SASL authentication via the XCLIENT command.
-This is used to accept SASL authentication from an SMTP proxy such
-as NGINX. This support works even without having to specify
-"smtpd_sasl_auth_enable = yes" in main.cf.
-
-Major changes with snapshot 20111213
-====================================
-
-Support for a persistent backup database in the memcache client.
-The memcache client updates the memcache whenever it looks up or
-modifies information in the persistent database.
-
-Support for proxymap-over-tcp (proxy:maptype:mapname@host:port) is
-under development.
-
-Elimination of dependencies on the libmemcache library. Postfix
-memcache support is now compiled in by default.
-
-Major changes with snapshot 20111209
-====================================
-
-memcache lookup and update support. This provides a way to share
-postscreen(8) or verify(8) caches between Postfix instances. The
-Postfix memcache client can't be used for security-sensitive
-information, and it supports only libmemcache version 1.4.0. See
-MEMCACHE_README and memcache_table(5) for details and limitations.
-
-Incompatible changes with snapshot 20111205
-===========================================
-
-Postfix now logs the result of succesful TLS negotiation with TLS
-logging levels of 0. See the smtp_tls_loglevel and smtpd_tls_loglevel
-descriptions in the postconf(5) manpage for other minor differences.
-
-Major changes with snapshot 20111205
-====================================
-
-Support for TLS public key fingerprint matching in the Postfix SMTP
-client (in smtp_tls_policy_maps) and server (in check_ccert access
-maps). Public key fingerprints are inherently more specific than
-fingerprints over the entire certificate.
-
-Revision of Postfix TLS logging. The main difference is that Postfix
-now logs the result of succesful TLS negotiation with TLS logging
-levels of 0. See the smtp_tls_loglevel and smtpd_tls_loglevel
-descriptions in the postconf(5) manpage for other minor differences.
-
-Major changes with snapshot 20111203
-====================================
-
-Support for time-dependent sender addresses of address verification
-probes. The default address, double-bounce, may end up on spammer
-blacklists. Although Postfix discards mail for this address, such
-mail still uses up network bandwidth and server resources. Specify
-an address_verify_sender_ttl value of several hours or more to
-frustrate address harvesting.
-
-Major changes with snapshot 20111120
-====================================
-
-Eliminated the postconf limitation documented on 20111113 as "lack
-of support for per-service parameter name spaces in master.cf,
-meaning that "-o user-defined-name=value" always results in an
-"unused parameter" warning". This brings the total cost of the
-postconf upgrade to some 55 person-hours, 600 lines of code, and
-300 lines of comments or documentation.
-
-Major changes with snapshot 20111118
-====================================
-
-The "postconf -M" (display master.cf) command now supports filtering.
-For example, specify "postconf -M inet" to display only services
-that listen on the network.
-
-Incompatible changes with snapshot 20111113
-===========================================
-
-The postconf command now logs warnings about unused "name=value"
-entries in main.cf, and about unused "-o name=value" entries in
-master.cf. Such entries are the result of feature creep in Postfix,
-and of mis-typed names. Once the configurations are cleaned up,
-Postfix configuration changes will be more robust.
-
-Major changes with snapshot 20111113
-====================================
-
-postconf support to warn about unused "name=value" entries in
-main.cf, and about unused "-o name=value" entries in master.cf.
-This should help to eliminate common errors with mis-typed names.
-
-The only known limitation is lack of support for per-service parameter
-name spaces in master.cf, meaning that "-o user-defined-name=value"
-always results in an "unused parameter" warning.
-
-This completes an effort that expanded postconf.c by 553 lines of
-code that were designed, written, tested and documented (in 250
-lines) at the cost of 35 person-hours, spread out over 7 days.
-
-Major changes with snapshot 20111108
-====================================
-
-postconf support for parameter names that are generated automatically
-from master.cf entries (delivery agents, spawn services), and for
-parameter names that are defined with main.cf smtpd_restriction_classes.
-This increases the postconf output size with 70 lines or more.
-
-Major changes with snapshot 20111106
-====================================
-
-"postconf -M" support to print master.cf entries, and "postconf -f"
-support to fold long main.cf or master.cf lines for human readability.
-
-Incompatible changes with snapshot 20111106
-===========================================
-
-To work around broken remote SMTP servers, the Postfix SMTP client
-by default no longer appends the "AUTH=<>" option to the MAIL FROM
-command. Specify "smtp_send_dummy_mail_auth = yes" to restore the
-old behavior.
-
-Incompatible changes with snapshot 20111012
-===========================================
-
-For consistency with the SMTP standard, the smtp_line_length_limit
-default value was increased from 990 characters to 998 (i.e. 1000
-characters including <CR><LF>). Specify "smtp_line_length_limit =
-990" to restore historical Postfix behavior.
-
-To simplify integration with third-party applications, the Postfix
-sendmail command now always transforms all input lines ending in
-<CR><LF> into UNIX format (lines ending in <LF>). Specify
-"sendmail_fix_line_endings = strict" to restore historical Postfix
-behavior (i.e. convert all input lines ending in <CR><LF> only if
-the first line ends in <CR><LF>).
-
-Incompatible changes with snapshot 20110918
-===========================================
-
-The following changes were made in default settings, in preparation
-for general availability of IPv6:
-
-- The default inet_protocols value is now "all" instead of "ipv4",
- meaning use both IPv4 and IPv6. As a compatibility workaround
- for sites without global IPv6 connectivity, the commands "make
- upgrade" and "postfix upgrade-configuration" append "inet_protocols
- = ipv4" to main.cf when no explicit inet_protocols setting is
- present. This workaround will be removed in a future release.
-
-- The default smtp_address_preference value is now "any" instead
- of "ipv6", meaning choose randomly between IPv6 and IPv4. With
- this the Postfix SMTP client will have more success delivering
- mail to sites that have problematic IPv6 configurations.
-
-Incompatible changes with snapshot 20110321
-===========================================
-
-You need to "postfix reload" after upgrade from snapshot 20110320.
-The hash_queue_names algorithm was changed for better performance
-with long queue IDs.
-
-Incompatible changes with snapshot 20110320
-===========================================
-
-If you enable support for long queue file names, you need to be
-aware that these file names are not compatible with Postfix <= 2.8.
-If you must migrate to Postfix <= 2.8, you must first convert all
-long queue file names into short names, otherwise the old Postfix
-version will complain.
-
-The conversion procedure before migration to Postfix <= 2.8 is:
-
- # postfix stop
- # postconf enable_long_queue_ids=no
- # postsuper
-
-Run the postsuper command repeatedly until it no longer reports
-queue file name changes.
-
-Major changes with snapshot 20110320
-====================================
-
-Support for long, non-repeating, queue IDs (queue file names). The
-benefit of non-repeating names is simpler logfile analysis, and
-easier queue migration (there is no need to run "postsuper" to
-change queue file names that don't match their message file inode
-number).
-
-Specify "enable_long_queue_ids = yes" to enable the feature. This
-does not change the names of existing queue files. See postconf(5)
-or postconf.5.html#enable_long_queue_ids for a detailed description
-of the differences with the old short queue IDs.
-
-This changes new Postfix queue IDs from the short form 0FCEE9247A9
-into the longer form 3Ps0FS1Zhtz1PFjb, and changes new Message-ID
-header values from YYMMDDHHMMSS.queueid@myhostname into the shorter
-form queueid@myhostname.
-
-See the note on "Incompatible changes" for a backwards migration
-procedure to convert long queue file names into a form that is
-compatible with Postfix <= 2.8.
-
-Incompatible changes with snapshot 20110313
-===========================================
-
-Use "postfix reload" after "make upgrade" on a running Postfix
-system. This is needed because the protocol between postscreen(8)
-and dnsblog(8) has changed.
-
-Major changes with snapshot 20110228
-====================================
-
-postscreen(8) support to force remote SMTP clients to implement
-proper MX lookup policy. By listening on both primary and backup
-MX addresses, postscreen(8) can deny the temporary whitelist status
-to clients that connect only to backup MX hosts, and prevent them
-from talking to a Postfix SMTP server process.
-
-Example: when 1.2.3.4 is a local backup IP address, specify
-"postscreen_whitelist_interfaces = !1.2.3.4 static:all".
-
-Incompatible changes with snapshot 20110219
-===========================================
-
-The Postfix SMTP and QMQP servers now log "hostname X does not
-resolve to address Y", when a "reverse hostname" lookup result does
-not resolve to the client IP address. Until now these servers logged
-"Y: hostname X verification failed" or "Y: address not listed for
-hostname X" depending on the details of the error.
-
-Major changes with snapshot 20110219
-====================================
-
-Postfix now uses long integers for message_size_limit, mailbox_size_limit
-and virtual_mailbox_limit. On LP64 systems (64-bit long and pointer,
-but 32-bit integer), these limits can now exceed 2GB.
-
-Major changes with snapshot 20110212
-====================================
-
-Support for per-record deadlines. These change the behavior of
-Postfix timeout parameters, from a time limit per read or write
-system call, to a time limit to send or receive a complete record
-(an SMTP command line, SMTP response line, SMTP message content
-line, or TLS protocol message). This limits the impact from hostile
-peers that trickle data one byte at a time.
-
-The new configuration parameters and their default settings are:
-smtpd_per_record_deadline (normal: no, overload: yes),
-smtp_per_record_deadline (no), and lmtp_per_record_deadline (no).
-
-Note: when per-record deadlines are enabled, a short timeout may
-cause problems with TLS over very slow network connections. The
-reasons are that a TLS protocol message can be up to 16 kbytes long
-(with TLSv1), and that an entire TLS protocol message must be sent
-or received within the per-record deadline.
-
-Per-record deadlines were introduced with postscreen(8). This program
-does not receive mail, and therefore has no problems with TLS over
-slow connections.
-
-Incompatible changes with snapshot 20110130
-===========================================
-
-The VSTREAM error flags are now split into separate read and write
-error flags. As a result of this change, all programs that use
-VSTREAMs MUST be recompiled.
--- /dev/null
+The stable Postfix release is called postfix-2.9.x where 2=major
+release number, 9=minor release number, x=patchlevel. The stable
+release never changes except for patches that address bugs or
+emergencies. Patches change the patchlevel and the release date.
+
+New features are developed in snapshot releases. These are called
+postfix-2.10-yyyymmdd where yyyymmdd is the release date (yyyy=year,
+mm=month, dd=day). Patches are never issued for snapshot releases;
+instead, a new snapshot is released.
+
+The mail_release_date configuration parameter (format: yyyymmdd)
+specifies the release date of a stable release or snapshot release.
+
+If you upgrade from Postfix 2.7 or earlier, read RELEASE_NOTES-2.8
+before proceeding.
+
+Major changes - critical
+------------------------
+
+[Incompat 20110321] You need to "postfix reload" after upgrade from
+snapshot 20110320 or earlier. The hash_queue_names algorithm was
+changed to provide better performance with long queue IDs.
+
+[Incompat 20110313] Use "postfix reload" after "make upgrade" on a
+running Postfix system. This is needed because the protocol between
+postscreen(8) and dnsblog(8) has changed.
+
+Major changes - library API
+---------------------------
+
+[Incompat 20110130] The VSTREAM error flags are now split into
+separate read and write error flags. As a result of this change,
+all programs that use Postfix VSTREAMs MUST be recompiled.
+
+Major changes - compatibility
+-----------------------------
+
+[Incompat 20111012] For consistency with the SMTP standard, the
+(client-side) smtp_line_length_limit default value was increased
+from 990 characters to 999 (i.e. 1000 characters including <CR><LF>).
+Specify "smtp_line_length_limit = 990" to restore historical Postfix
+behavior.
+
+[Incompat 20111012] To simplify integration with third-party
+applications, the Postfix sendmail command now always transforms
+all input lines ending in <CR><LF> into UNIX format (lines ending
+in <LF>). Specify "sendmail_fix_line_endings = strict" to restore
+historical Postfix behavior (i.e. convert all input lines ending
+in <CR><LF> only if the first line ends in <CR><LF>).
+
+[Incompat 20111106] To work around broken remote SMTP servers, the
+Postfix SMTP client by default no longer appends the "AUTH=<>"
+option to the MAIL FROM command. Specify "smtp_send_dummy_mail_auth
+= yes" to restore the old behavior.
+
+Major changes - gradual degradation
+-----------------------------------
+
+[Incompat 20120114] Logfile-based alerting systems may need to be
+updated to look for "error" messages in addition to "fatal" messages.
+Specify "daemon_table_open_error_is_fatal = yes" to get the historical
+behavior (immediate termination with "fatal" message).
+
+[Feature 20120114] Instead of terminating immediately with a "fatal"
+message when a database file can't be opened, a Postfix daemon
+program now logs an "error" message, and continues execution with
+reduced functionality. For the sake of sanity, the number of
+"errors" over the life of a process is limited to 13.
+
+Features that don't depend on the unavailable table will continue
+to work; attempts to use features that depend on the table will
+fail, and will be logged with a "warning" message.
+
+[Feature 20120108] Instead of terminating with a fatal error, the
+LDAP, *SQL and memcache clients now handle table lookup errors in
+the "domain" feature, instead of terminating with a fatal error.
+
+[Feature 20120102] Degrade gradually when some or all network
+protocols specified with inet_protocols are unavailable, instead
+of terminating with a fatal error. This eliminates build errors on
+non-standard systems where opening an IPv4 socket results in an
+error, and on non-standard systems where opening an IPv6 socket
+results in an error. In the worst case, the master daemon will log
+a message that it disables all type "inet" services. This will still
+allow local submission and local delivery.
+
+[Feature 20111222] Instead of terminating with a fatal error, the
+Postfix SMTP server now handles errors with database lookups in
+mynetworks, TLS client certificate tables, debug_peer_list,
+smtpd_client_event_limit_exceptions, permit_mx_backup_networks and
+local_header_rewrite_clients, and reports "server local data error"
+or "temporary lookup error".
+
+[Feature 20111229] Instead of terminating with a fatal error, the
+trivial-rewrite server now handles errors with database lookups in
+virtual_alias_domains, relay_domains, virtual_mailbox_domains. This
+means fewer occasions where trivial-rewrite clients (such as the
+SMTP server) will appear to hang.
+
+Major changes - long queue IDs
+------------------------------
+
+Postfix 2.9 introduces support for non-repeating queue IDs (also
+used as queue file names). These names are encoded in a mix of upper
+case, lower case and decimal digit characters. Long queue IDs are
+disabled by default to avoid breaking tools that parse logfiles and
+that expect queue IDs with the smaller [A-F0-9] character set.
+
+[Incompat 20110320] If you enable support for long queue file names,
+you need to be aware that these file names are not compatible with
+Postfix <= 2.8. If you must migrate back to Postfix <= 2.8, you
+must first convert all long queue file names into short names,
+otherwise the old Postfix version will complain.
+
+The conversion procedure before migration to Postfix <= 2.8 is:
+
+ # postfix stop
+ # postconf enable_long_queue_ids=no
+ # postsuper
+
+Run the postsuper command repeatedly until it no longer reports
+queue file name changes.
+
+[Feature 20110320] Support for long, non-repeating, queue IDs (queue
+file names). The benefit of non-repeating names is simpler logfile
+analysis, and easier queue migration (if you don't merge different
+queues, there is no need to run "postsuper" to change queue file
+names that don't match their message file inode number).
+
+Specify "enable_long_queue_ids = yes" to enable the feature. This
+does not change the names of existing queue files. See postconf(5)
+or postconf.5.html#enable_long_queue_ids for a detailed description
+of the differences with the old short queue IDs.
+
+This changes new Postfix queue IDs from the short form 0FCEE9247A9
+into the longer form 3Ps0FS1Zhtz1PFjb, and changes new Message-ID
+header values from YYMMDDHHMMSS.queueid@myhostname into the shorter
+form queueid@myhostname.
+
+Major changes - memcache
+------------------------
+
+[Feature 20111209] memcache lookup and update support. This provides
+a way to share postscreen(8) or verify(8) caches between Postfix
+instances. See MEMCACHE_README and memcache_table(5) for details
+and limitations.
+
+[Feature 20111213] Support for a persistent backup database in the
+memcache client. The memcache client updates the memcache whenever
+it looks up or modifies information in the persistent database.
+
+Major changes - postconf
+------------------------
+
+The postconf command was restructured - it now warns about unused
+parameter name=value settings in main.cf or master.cf (likely to
+be mistakes), it now understands "dynamic" parameter names such as
+parameters whose name depends on the name of a master.cf entry, and
+it can display main.cf and master.cf in a more user-friendly format.
+
+[Feature 20120117] support for legacy database parameter names
+(main.cf parameter names that are generated by prepending a suffix
+to the database name).
+
+[Feature 20111118] The "postconf -M" (display master.cf) command
+now supports filtering. For example, specify "postconf -M inet"
+to display only services that listen on the network.
+
+[Feature 20111113] postconf support to warn about unused "name=value"
+entries in main.cf, and about unused "-o name=value" entries in
+master.cf. This should help to eliminate common errors with mis-typed
+names.
+
+[Feature 20111108] postconf support for parameter names that are
+generated automatically from master.cf entries (delivery agents,
+spawn services), and for parameter names that are defined with
+main.cf smtpd_restriction_classes.
+
+[Feature 20111106] "postconf -M" support to print master.cf entries,
+and "postconf -f" support to fold long main.cf or master.cf lines
+for human readability.
+
+Major changes - trickle defense
+-------------------------------
+
+[Feature 20110212] Support for per-record deadlines. These change
+the behavior of Postfix timeout parameters, from a time limit per
+read or write system call, to a time limit to send or receive a
+complete record (an SMTP command line, SMTP response line, SMTP
+message content line, or TLS protocol message). This limits the
+impact from hostile peers that trickle data one byte at a time.
+
+The new configuration parameters and their default settings are:
+smtpd_per_record_deadline (normal: no, overload: yes),
+smtp_per_record_deadline (no), and lmtp_per_record_deadline (no).
+
+Note: when per-record deadlines are enabled, a short time limit may
+cause problems with TLS over very slow network connections. The
+reason is that a TLS protocol message can be up to 16 kbytes long
+(with TLSv1), and that an entire TLS protocol message must be sent
+or received within the per-record deadline.
+
+Per-record deadlines were introduced with postscreen(8) in Postfix
+2.8. This program does not receive mail, and therefore it has no
+problems with TLS over slow connections.
+
+Major changes - postscreen
+--------------------------
+
+[Feature 20111211] The proxymap(8) server can now be used to share
+postscreen(8) or verify(8) caches between Postfix instances. Support
+for proxymap-over-TCP, to share a Postfix database between hosts,
+is expected to be completed in the Postfix 2.10 development cycle.
+
+[Feature 20111209] memcache lookup and update support. This provides
+a way to share postscreen(8) or verify(8) caches between Postfix
+instances.
+
+[Feature 20110228] postscreen(8) support to force remote SMTP clients
+to implement proper MX lookup policy. By listening on both primary
+and backup MX addresses, postscreen(8) can deny the temporary
+whitelist status to clients that connect only to backup MX hosts,
+and prevent them from talking to a Postfix SMTP server process.
+
+Example: when 1.2.3.4 is a local backup IP address, specify
+"postscreen_whitelist_interfaces = !1.2.3.4 static:all".
+
+Major changes - tls
+-------------------
+
+[Incompat 20111205] Postfix now logs the result of successful TLS
+negotiation with TLS logging levels of 0. See the smtp_tls_loglevel
+and smtpd_tls_loglevel descriptions in the postconf(5) manpage for
+other minor differences.
+
+[Feature 20111205] Support for TLS public key fingerprint matching
+in the Postfix SMTP client (in smtp_tls_policy_maps) and server (in
+check_ccert access maps). Public key fingerprints are inherently
+more specific than fingerprints over the entire certificate.
+
+[Feature 20111205] Revision of Postfix TLS logging. The main
+difference is that Postfix now logs the result of successful TLS
+negotiation with TLS logging levels of 0. See the smtp_tls_loglevel
+and smtpd_tls_loglevel descriptions in the postconf(5) manpage for
+other minor differences.
+
+Major changes - sasl authentication
+-----------------------------------
+
+[Incompat 20111218] To support external SASL authentication, e.g.,
+in an NGINX proxy daemon, the Postfix SMTP server now always checks
+the smtpd_sender_login_maps table, even without having
+"smtpd_sasl_auth_enable = yes" in main.cf.
+
+[Feature 20111218] Support for external SASL authentication via the
+XCLIENT command. This is used to accept SASL authentication from
+an SMTP proxy such as NGINX. This support works even without having
+to specify "smtpd_sasl_auth_enable = yes" in main.cf.
+
+[Incompat 20111106] To work around broken remote SMTP servers, the
+Postfix SMTP client by default no longer appends the "AUTH=<>"
+option to the MAIL FROM command. Specify "smtp_send_dummy_mail_auth
+= yes" to restore the old behavior.
+
+Major changes - large file support
+----------------------------------
+
+[Feature 20110219] Postfix now uses long integers for message_size_limit,
+mailbox_size_limit and virtual_mailbox_limit. On LP64 systems (64-bit
+long and pointer, but 32-bit integer), these limits can now exceed
+2GB.
+
+Major changes - ipv6
+--------------------
+
+[Incompat 20110918] The following changes were made in default
+settings, in preparation for general availability of IPv6:
+
+- The default inet_protocols value is now "all" instead of "ipv4",
+ meaning use both IPv4 and IPv6.
+
+ To avoid an unexpected loss of performance for sites without
+ global IPv6 connectivity, the commands "make upgrade" and "postfix
+ upgrade-configuration" now append "inet_protocols = ipv4" to
+ main.cf when no explicit inet_protocols setting is already present.
+ This workaround will be removed in a future release.
+
+- The default smtp_address_preference value is now "any" instead
+ of "ipv6", meaning choose randomly between IPv6 and IPv4. With
+ this the Postfix SMTP client will have more success delivering
+ mail to sites that have problematic IPv6 configurations.
+
+Major changes - address verification
+------------------------------------
+
+[Feature 20111211] The proxymap(8) server can now be used to share
+postscreen(8) or verify(8) caches between Postfix instances. Support
+for proxymap-over-TCP, to share a Postfix database between hosts,
+is expected to be completed in the Postfix 2.10 development cycle.
+
+[Feature 20111209] memcache lookup and update support. This provides
+a way to share postscreen(8) or verify(8) caches between Postfix
+instances.
+
+[Feature 20111203] Support for time-dependent sender addresses
+of address verification probes. The default address, double-bounce,
+may end up on spammer blacklists. Although Postfix discards mail
+for this address, such mail still uses up network bandwidth and
+server resources. Specify an address_verify_sender_ttl value of
+several hours or more to frustrate address harvesting.
+
+Major changes - session transcript notification
+-----------------------------------------------
+
+[Incompat 20120114] By default the Postfix SMTP server no longer
+reports transcripts of sessions where a client command is rejected
+because a lookup table is unavailable. Postfix now implements gradual
+degradation, for example, the SMTP server keeps running instead of
+terminating with a fatal error. This change in error handling would
+result in a very large number of "transcript of session" email
+notifications when an LDAP or *SQL server goes down).
+
+To receive such reports, add the new "data" class to the notify_classes
+parameter value. The reports will be sent to the error_notice_recipient
+address as before. This class is also used by the Postfix SMTP
+client to report about sessions that fail because a table is
+unavailable.
+
+Major changes - logging
+----------------------------------------
+
+[Incompat 20111205] Postfix now logs the result of successful TLS
+negotiation with TLS logging levels of 0. See the smtp_tls_loglevel
+and smtpd_tls_loglevel descriptions in the postconf(5) manpage for
+other minor differences.
+
+[Incompat 20110219] The Postfix SMTP and QMQP servers now log
+"hostname X does not resolve to address Y", when a "reverse hostname"
+lookup result does not resolve to the client IP address. Until now
+these servers logged "Y: hostname X verification failed" or "Y:
+address not listed for hostname X" which people found confusing.
}
# Postfix 2.9.
- # Safety net for incompatible changes in IPv6 defaults. This
- # requires that the default is "inet_protocols = ipv4" when
- # IPv6 support is not compiled in. See util/sys_defs.h.
+ # Safety net for incompatible changes in IPv6 defaults.
+ # PLEASE DO NOT REMOVE THIS CODE. ITS PURPOSE IS TO AVOID AN
+ # UNEXPECTED DROP IN PERFORMANCE AFTER UPGRADING FROM POSTFIX
+ # BEFORE 2.9.
+ # This code assumes that the default is "inet_protocols = ipv4"
+ # when IPv6 support is not compiled in. See util/sys_defs.h.
test "`$POSTCONF -dh inet_protocols`" = "ipv4" ||
test -n "`$POSTCONF -c $config_directory -nh inet_protocols`" || {
# Note: avoid hash files here. Use btree instead.
<a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:$<a href="postconf.5.html#data_directory">data_directory</a>/verify_cache
+ # Shared persistent cache (requires Postfix 2.9 or later).
+ <a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="proxymap.8.html">proxy</a>:btree:$<a href="postconf.5.html#data_directory">data_directory</a>/verify_cache
+ # Disable automatic cache cleanup in all Postfix instances except
+ # for one instance that will be responsible for cache cleanup.
+ # <a href="postconf.5.html#address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a> = 0
+
+ # Shared memory cache (requires Postfix 2.9 or later).
+ # See <a href="memcache_table.5.html">memcache_table(5)</a> for details.
+ <a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="memcache_table.5.html">memcache</a>:/etc/postfix/verify-memcache.cf
+
# Default setting for Postfix 2.6 and earlier.
# This uses non-persistent storage only.
<a href="postconf.5.html#address_verify_map">address_verify_map</a> =
<dd> Perform PostgreSQL database lookups. Configuration details
are given in <a href="pgsql_table.5.html">pgsql_table(5)</a>. </dd>
-<dt> <b>proxy</b> (read-only) </dt>
+<dt> <b>proxy</b> (read-write) </dt>
<dd> Access information via the Postfix <a href="proxymap.8.html">proxymap(8)</a> service. The
lookup table name syntax is "<a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html">type:table</a>". </dd>
<blockquote> <p> NOTE: To share a <a href="postscreen.8.html">postscreen(8)</a> cache between
multiple <a href="postscreen.8.html">postscreen(8)</a> instances, use "<tt><a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> =
-<a href="proxymap.8.html">proxy</a>:btree:/path/to/file</tt>". This requires Postfix 2.9 or
-later; earlier <a href="proxymap.8.html">proxymap(8)</a> implementations don't support cache
-cleanup. For an alternative approach see the <a href="memcache_table.5.html">memcache_table(5)</a>
-manpage. </p> </blockquote>
+<a href="proxymap.8.html">proxy</a>:btree:$<a href="postconf.5.html#data_directory">data_directory</a>/postscreen_cache</tt>", and disable
+cache cleanup (<a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> = 0) in all
+<a href="postscreen.8.html">postscreen(8)</a> instances except one that is responsible for cache
+cleanup. </p> <p> <a href="postscreen.8.html">postscreen(8)</a> cache sharing requires Postfix 2.9
+or later; earlier <a href="proxymap.8.html">proxymap(8)</a> implementations don't support cache
+cleanup. </p> <p> For an alternative <a href="postscreen.8.html">postscreen(8)</a> cache sharing
+approach see the <a href="memcache_table.5.html">memcache_table(5)</a> manpage. </p> </blockquote>
<p> When the SMTP client address appears on the temporary
whitelist, <a href="postscreen.8.html">postscreen(8)</a> logs this with the client address and port
Perform lookups using the PostgreSQL proto-
col. This is described in <a href="pgsql_table.5.html"><b>pgsql_table</b>(5)</a>.
- <b>proxy</b> (read-only)
+ <b>proxy</b> (read-write)
A lookup table that is implemented via the
Postfix <a href="proxymap.8.html"><b>proxymap</b>(8)</a> service. The table name
syntax is <i>type</i><b>:</b><i>name</i>.
.IP "\fBpgsql\fR (read-only)"
Perform lookups using the PostgreSQL protocol. This is described
in \fBpgsql_table\fR(5).
-.IP "\fBproxy\fR (read-only)"
+.IP "\fBproxy\fR (read-write)"
A lookup table that is implemented via the Postfix
\fBproxymap\fR(8) service. The table name syntax is
\fItype\fB:\fIname\fR.
# Note: avoid hash files here. Use btree instead.
address_verify_map = btree:$data_directory/verify_cache
+ # Shared persistent cache (requires Postfix 2.9 or later).
+ address_verify_map = proxy:btree:$data_directory/verify_cache
+ # Disable automatic cache cleanup in all Postfix instances except
+ # for one instance that will be responsible for cache cleanup.
+ # address_verify_cache_cleanup_interval = 0
+
+ # Shared memory cache (requires Postfix 2.9 or later).
+ # See memcache_table(5) for details.
+ address_verify_map = memcache:/etc/postfix/verify-memcache.cf
+
# Default setting for Postfix 2.6 and earlier.
# This uses non-persistent storage only.
address_verify_map =
<dd> Perform PostgreSQL database lookups. Configuration details
are given in pgsql_table(5). </dd>
-<dt> <b>proxy</b> (read-only) </dt>
+<dt> <b>proxy</b> (read-write) </dt>
<dd> Access information via the Postfix proxymap(8) service. The
lookup table name syntax is "proxy:type:table". </dd>
<blockquote> <p> NOTE: To share a postscreen(8) cache between
multiple postscreen(8) instances, use "<tt>postscreen_cache_map =
-proxy:btree:/path/to/file</tt>". This requires Postfix 2.9 or
-later; earlier proxymap(8) implementations don't support cache
-cleanup. For an alternative approach see the memcache_table(5)
-manpage. </p> </blockquote>
+proxy:btree:$data_directory/postscreen_cache</tt>", and disable
+cache cleanup (postscreen_cache_cleanup_interval = 0) in all
+postscreen(8) instances except one that is responsible for cache
+cleanup. </p> <p> postscreen(8) cache sharing requires Postfix 2.9
+or later; earlier proxymap(8) implementations don't support cache
+cleanup. </p> <p> For an alternative postscreen(8) cache sharing
+approach see the memcache_table(5) manpage. </p> </blockquote>
<p> When the SMTP client address appears on the temporary
whitelist, postscreen(8) logs this with the client address and port
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20120117"
-#define MAIL_VERSION_NUMBER "2.9"
+#define MAIL_RELEASE_DATE "20120118"
+#define MAIL_VERSION_NUMBER "2.10"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
/* .IP "\fBpgsql\fR (read-only)"
/* Perform lookups using the PostgreSQL protocol. This is described
/* in \fBpgsql_table\fR(5).
-/* .IP "\fBproxy\fR (read-only)"
+/* .IP "\fBproxy\fR (read-write)"
/* A lookup table that is implemented via the Postfix
/* \fBproxymap\fR(8) service. The table name syntax is
/* \fItype\fB:\fIname\fR.
projects / thirdparty / postfix.git / commitdiff
