= yes" if you need backwards compatibility. Fix by Victor
Duchovni, BC added by Wietse. Files: tls/tls_verify.c,
tls/tls_misc.c, proto/TLS_README.html, global/mail_params.h.
+
+20130210
+
+ Bugfix: an error handler for smtp_tls_policy_maps lookups
+ was never invoked. File: smtp/smtp_session.c.
A command written as
- % command
+ $ command
should be executed as an unprivileged user.
print a README file without backspace characters, use the col(1) command. For
example:
- % col -bx <file | lpr
+ $ col -bx <file | lpr
In order to view the manual pages before installing Postfix, point your MANPATH
environment variable to the "man" subdirectory; be sure to use an absolute
path.
- % export MANPATH; MANPATH="`pwd`/man:$MANPATH"
- % setenv MANPATH "`pwd`/man:$MANPATH"
+ $ export MANPATH; MANPATH="`pwd`/man:$MANPATH"
+ $ setenv MANPATH "`pwd`/man:$MANPATH"
Of particular interest is the postconf(5) manual page that lists all the 500+
configuration parameters. The HTML version of this text makes it easy to
AIX 3.2.5, 4.1.x, 4.2.0, 4.3.x, 5.2
BSD/OS 2.x, 3.x, 4.x
- Darwin 1.x
- FreeBSD 2.x, 3.x, 4.x, 5.x
+ FreeBSD 2.x .. 9.x
HP-UX 9.x, 10.x, 11.x
IRIX 5.x, 6.x
- Linux Debian 1.3.1, 2.x, 3.x
- Linux RedHat 3.x (January 2004) - 9.x
- Linux Slackware 3.x, 4.x, 7.x
- Linux SuSE 5.x, 6.x, 7.x
- Linux Ubuntu 4.10..7.04
+ Linux Debian 1.3.1 and later
+ Linux RedHat 3.x (January 2004) and later
+ Linux Slackware 3.x and later
+ Linux SuSE 5.x and later
+ Linux Ubuntu 4.10 and later
Mac OS X
NEXTSTEP 3.x
- NetBSD 1.x
+ NetBSD 1.x and later
OPENSTEP 4.x
OSF1.V3 - OSF1.V5 (Digital UNIX)
Reliant UNIX 5.x
- Rhapsody 5.x
SunOS 4.1.4 (March 2007)
SunOS 5.4 - 5.10 (Solaris 2.4..10)
Ultrix 4.x (well, that was long ago)
how to ..." you should be able to recover by running the following command from
the Postfix top-level directory:
- % make -f Makefile.init makefiles
+ $ make -f Makefile.init makefiles
If you copied the Postfix source code after building it on another machine, it
is a good idea to cd into the top-level directory and first do this:
- % make tidy
+ $ make tidy
This will get rid of any system dependencies left over from compiling the
software elsewhere.
for your system, just cd into the top-level Postfix directory of the source
tree and type:
- % make
+ $ make
To build with a non-default compiler, you need to specify the name of the
compiler. Here are a few examples:
- % make makefiles CC=/opt/SUNWspro/bin/cc (Solaris)
- % make
+ $ make makefiles CC=/opt/SUNWspro/bin/cc (Solaris)
+ $ make
- % make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX)
- % make
+ $ make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX)
+ $ make
- % make makefiles CC="purify cc"
- % make
+ $ make makefiles CC="purify cc"
+ $ make
and so on. In some cases, optimization is turned off automatically.
of Postfix configuration files. In order to build Postfix with a configuration
directory other than /etc/postfix, use:
- % make makefiles CCARGS='-DDEF_CONFIG_DIR=\"/some/where\"'
- % make
+ $ make makefiles CCARGS='-DDEF_CONFIG_DIR=\"/some/where\"'
+ $ make
IMPORTANT: Be sure to get the quotes right. These details matter a lot.
The general method to override Postfix compile-time features is as follows:
- % make makefiles name=value name=value...
- % make
+ $ make makefiles name=value name=value...
+ $ make
The following is an extensive list of names and values.
expect to run more than 1000 mail delivery processes, you may need to override
the definition of the FD_SETSIZE macro to make select() work correctly:
- % make makefiles CCARGS=-DFD_SETSIZE=2048
+ $ make makefiles CCARGS=-DFD_SETSIZE=2048
Warning: the above has no effect on some Linux versions. Apparently, on these
systems the FD_SETSIZE value can be changed only by using undocumented
If the command
- % make
+ $ make
is successful, then you can proceed to install Postfix (section 6).
maillog, /var/log/mail, /var/log/syslog, or something else. Typically, the
pathname is defined in the /etc/syslog.conf file.
- % egrep '(reject|warning|error|fatal|panic):' /some/log/file
+ $ egrep '(reject|warning|error|fatal|panic):' /some/log/file
Note: the most important error message is logged first. Later messages are not
as useful.
In order to inspect the mail queue, use one of the following commands:
- % mailq
+ $ mailq
- % sendmail -bp
+ $ sendmail -bp
- % postqueue -p
+ $ postqueue -p
See also the "Care and feeding" section 12 below.
maillog, /var/log/mail, /var/log/syslog, or something else. Typically, the
pathname is defined in the /etc/syslog.conf file.
- % egrep '(reject|warning|error|fatal|panic):' /some/log/file
+ $ egrep '(reject|warning|error|fatal|panic):' /some/log/file
Note: the most important error message is logged first. Later messages are not
as useful.
In order to inspect the mail queue, use one of the following commands:
- % mailq
+ $ mailq
- % sendmail -bp
+ $ sendmail -bp
- % postqueue -p
+ $ postqueue -p
See also the "Care and feeding" section 12 below.
maillog, /var/log/mail, /var/log/syslog, or something else. Typically, the
pathname is defined in the /etc/syslog.conf file.
- % egrep '(reject|warning|error|fatal|panic):' /some/log/file
+ $ egrep '(reject|warning|error|fatal|panic):' /some/log/file
Note: the most important error message is logged first. Later messages are not
as useful.
In order to inspect the mail queue, use one of the following commands:
- % mailq
+ $ mailq
- % sendmail -bp
+ $ sendmail -bp
- % postqueue -p
+ $ postqueue -p
See also the "Care and feeding" section 12 below.
logs "reject" actions but not "permit" actions). Specify
"smtpd_log_access_permit_actions = static:all" to log all "permit"-style
actions, or specify a list of explicit action names. More details
-are in the postconf(5) manpage. Major changes - postconf
+are in the postconf(5) manpage.
+
+Major changes - postconf
------------------------
[Incompat 20121224] The postconf command produces more warnings:
-------------------
[Incompat 20130203] Thanks to OpenSSL documentation, the Postfix
-2.9.0..2.9.5 SMTP client and server computed incorrect TLS certificate
-PUBLIC-KEY fingerprints. Support for certificate PUBLIC-KEY finger
-prints was introduced with Postfix 2.9; there is no known problem
-with the certificate fingerprint algorithms available since Postfix
-2.2.
+2.9.0..2.9.5 SMTP client and server server used an incorrect procedure
+to compute TLS certificate PUBLIC-KEY fingerprints (these may be
+used in the check_ccert_access and in smtp_tls_policy_maps features).
+Support for certificate PUBLIC-KEY finger prints was introduced
+with Postfix 2.9; there is no known problem with the certificate
+fingerprint algorithms available since Postfix 2.2.
Certificate PUBLIC-KEY finger prints may be used in the Postfix
SMTP server (with "check_ccert_access") and in the Postfix SMTP
<blockquote>
<pre>
-% command
+$ command
</pre>
</blockquote>
<blockquote>
<pre>
-% col -bx <file | lpr
+$ col -bx <file | lpr
</pre>
</blockquote>
<blockquote>
<pre>
-% export MANPATH; MANPATH="`pwd`/man:$MANPATH"
-% setenv MANPATH "`pwd`/man:$MANPATH"
+$ export MANPATH; MANPATH="`pwd`/man:$MANPATH"
+$ setenv MANPATH "`pwd`/man:$MANPATH"
</pre>
</blockquote>
<p>
AIX 3.2.5, 4.1.x, 4.2.0, 4.3.x, 5.2 <br>
BSD/OS 2.x, 3.x, 4.x <br>
-Darwin 1.x <br>
-FreeBSD 2.x, 3.x, 4.x, 5.x <br>
+FreeBSD 2.x .. 9.x <br>
HP-UX 9.x, 10.x, 11.x <br>
IRIX 5.x, 6.x <br>
-Linux Debian 1.3.1, 2.x, 3.x <br>
-Linux RedHat 3.x (January 2004) - 9.x <br>
-Linux Slackware 3.x, 4.x, 7.x <br>
-Linux SuSE 5.x, 6.x, 7.x <br>
-Linux Ubuntu 4.10..7.04<br>
+Linux Debian 1.3.1 and later <br>
+Linux RedHat 3.x (January 2004) and later <br>
+Linux Slackware 3.x and later <br>
+Linux SuSE 5.x and later <br>
+Linux Ubuntu 4.10 and later<br>
Mac OS X <br>
NEXTSTEP 3.x <br>
-NetBSD 1.x <br>
+NetBSD 1.x and later <br>
OPENSTEP 4.x <br>
OSF1.V3 - OSF1.V5 (Digital UNIX) <br>
Reliant UNIX 5.x <br>
-Rhapsody 5.x <br>
SunOS 4.1.4 (March 2007) <br>
SunOS 5.4 - 5.10 (Solaris 2.4..10) <br>
Ultrix 4.x (well, that was long ago) <br>
<blockquote>
<pre>
-% make -f Makefile.init makefiles
+$ make -f Makefile.init makefiles
</pre>
</blockquote>
<blockquote>
<pre>
-% make tidy
+$ make tidy
</pre>
</blockquote>
<blockquote>
<pre>
-% make
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% make makefiles CC=/opt/SUNWspro/bin/cc (Solaris)
-% make
+$ make makefiles CC=/opt/SUNWspro/bin/cc (Solaris)
+$ make
-% make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX)
-% make
+$ make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX)
+$ make
-% make makefiles CC="purify cc"
-% make
+$ make makefiles CC="purify cc"
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% make makefiles CCARGS='-DDEF_CONFIG_DIR=\"/some/where\"'
-% make
+$ make makefiles CCARGS='-DDEF_CONFIG_DIR=\"/some/where\"'
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% make makefiles name=value name=value...
-% make
+$ make makefiles name=value name=value...
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% make makefiles CCARGS=-DFD_SETSIZE=2048
+$ make makefiles CCARGS=-DFD_SETSIZE=2048
</pre>
</blockquote>
<blockquote>
<pre>
-% make
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% egrep '(reject|warning|error|fatal|panic):' /some/log/file
+$ egrep '(reject|warning|error|fatal|panic):' /some/log/file
</pre>
</blockquote>
<blockquote>
<pre>
-% mailq
+$ mailq
-% sendmail -bp
+$ sendmail -bp
-% postqueue -p
+$ postqueue -p
</pre>
</blockquote>
<blockquote>
<pre>
-% egrep '(reject|warning|error|fatal|panic):' /some/log/file
+$ egrep '(reject|warning|error|fatal|panic):' /some/log/file
</pre>
</blockquote>
<blockquote>
<pre>
-% mailq
+$ mailq
-% sendmail -bp
+$ sendmail -bp
-% postqueue -p
+$ postqueue -p
</pre>
</blockquote>
<blockquote>
<pre>
-% egrep '(reject|warning|error|fatal|panic):' /some/log/file
+$ egrep '(reject|warning|error|fatal|panic):' /some/log/file
</pre>
</blockquote>
<blockquote>
<pre>
-% mailq
+$ mailq
-% sendmail -bp
+$ sendmail -bp
-% postqueue -p
+$ postqueue -p
</pre>
</blockquote>
</blockquote>
<p> The Postfix SMTP server and client log the peer (leaf) certificate
-fingerprint and public key fingerprint when TLS loglevel is 1 or
+fingerprint and public key fingerprint when the TLS loglevel is 2 or
higher. </p>
<p> <b>Note:</b> Postfix 2.9.0–2.9.5 computed the public key
</blockquote>
<p> The Postfix SMTP server and client log the peer (leaf) certificate
-fingerprint and public key fingerprint when TLS loglevel is 1 or
+fingerprint and public key fingerprint when the TLS loglevel is 2 or
higher. </p>
<p> <b>Note:</b> Postfix 2.9.0–2.9.5 computed the public key
.in -4
.PP
The Postfix SMTP server and client log the peer (leaf) certificate
-fingerprint and public key fingerprint when TLS loglevel is 1 or
+fingerprint and public key fingerprint when the TLS loglevel is 2 or
higher.
.PP
\fBNote:\fR Postfix 2.9.0–2.9.5 computed the public key
.in -4
.PP
The Postfix SMTP server and client log the peer (leaf) certificate
-fingerprint and public key fingerprint when TLS loglevel is 1 or
+fingerprint and public key fingerprint when the TLS loglevel is 2 or
higher.
.PP
\fBNote:\fR Postfix 2.9.0–2.9.5 computed the public key
<blockquote>
<pre>
-% command
+$ command
</pre>
</blockquote>
<blockquote>
<pre>
-% col -bx <file | lpr
+$ col -bx <file | lpr
</pre>
</blockquote>
<blockquote>
<pre>
-% export MANPATH; MANPATH="`pwd`/man:$MANPATH"
-% setenv MANPATH "`pwd`/man:$MANPATH"
+$ export MANPATH; MANPATH="`pwd`/man:$MANPATH"
+$ setenv MANPATH "`pwd`/man:$MANPATH"
</pre>
</blockquote>
<p>
AIX 3.2.5, 4.1.x, 4.2.0, 4.3.x, 5.2 <br>
BSD/OS 2.x, 3.x, 4.x <br>
-Darwin 1.x <br>
-FreeBSD 2.x, 3.x, 4.x, 5.x <br>
+FreeBSD 2.x .. 9.x <br>
HP-UX 9.x, 10.x, 11.x <br>
IRIX 5.x, 6.x <br>
-Linux Debian 1.3.1, 2.x, 3.x <br>
-Linux RedHat 3.x (January 2004) - 9.x <br>
-Linux Slackware 3.x, 4.x, 7.x <br>
-Linux SuSE 5.x, 6.x, 7.x <br>
-Linux Ubuntu 4.10..7.04<br>
+Linux Debian 1.3.1 and later <br>
+Linux RedHat 3.x (January 2004) and later <br>
+Linux Slackware 3.x and later <br>
+Linux SuSE 5.x and later <br>
+Linux Ubuntu 4.10 and later<br>
Mac OS X <br>
NEXTSTEP 3.x <br>
-NetBSD 1.x <br>
+NetBSD 1.x and later <br>
OPENSTEP 4.x <br>
OSF1.V3 - OSF1.V5 (Digital UNIX) <br>
Reliant UNIX 5.x <br>
-Rhapsody 5.x <br>
SunOS 4.1.4 (March 2007) <br>
SunOS 5.4 - 5.10 (Solaris 2.4..10) <br>
Ultrix 4.x (well, that was long ago) <br>
<blockquote>
<pre>
-% make -f Makefile.init makefiles
+$ make -f Makefile.init makefiles
</pre>
</blockquote>
<blockquote>
<pre>
-% make tidy
+$ make tidy
</pre>
</blockquote>
<blockquote>
<pre>
-% make
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% make makefiles CC=/opt/SUNWspro/bin/cc (Solaris)
-% make
+$ make makefiles CC=/opt/SUNWspro/bin/cc (Solaris)
+$ make
-% make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX)
-% make
+$ make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX)
+$ make
-% make makefiles CC="purify cc"
-% make
+$ make makefiles CC="purify cc"
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% make makefiles CCARGS='-DDEF_CONFIG_DIR=\"/some/where\"'
-% make
+$ make makefiles CCARGS='-DDEF_CONFIG_DIR=\"/some/where\"'
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% make makefiles name=value name=value...
-% make
+$ make makefiles name=value name=value...
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% make makefiles CCARGS=-DFD_SETSIZE=2048
+$ make makefiles CCARGS=-DFD_SETSIZE=2048
</pre>
</blockquote>
<blockquote>
<pre>
-% make
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% egrep '(reject|warning|error|fatal|panic):' /some/log/file
+$ egrep '(reject|warning|error|fatal|panic):' /some/log/file
</pre>
</blockquote>
<blockquote>
<pre>
-% mailq
+$ mailq
-% sendmail -bp
+$ sendmail -bp
-% postqueue -p
+$ postqueue -p
</pre>
</blockquote>
<blockquote>
<pre>
-% egrep '(reject|warning|error|fatal|panic):' /some/log/file
+$ egrep '(reject|warning|error|fatal|panic):' /some/log/file
</pre>
</blockquote>
<blockquote>
<pre>
-% mailq
+$ mailq
-% sendmail -bp
+$ sendmail -bp
-% postqueue -p
+$ postqueue -p
</pre>
</blockquote>
<blockquote>
<pre>
-% egrep '(reject|warning|error|fatal|panic):' /some/log/file
+$ egrep '(reject|warning|error|fatal|panic):' /some/log/file
</pre>
</blockquote>
<blockquote>
<pre>
-% mailq
+$ mailq
-% sendmail -bp
+$ sendmail -bp
-% postqueue -p
+$ postqueue -p
</pre>
</blockquote>
</blockquote>
<p> The Postfix SMTP server and client log the peer (leaf) certificate
-fingerprint and public key fingerprint when TLS loglevel is 1 or
+fingerprint and public key fingerprint when the TLS loglevel is 2 or
higher. </p>
<p> <b>Note:</b> Postfix 2.9.0–2.9.5 computed the public key
</blockquote>
<p> The Postfix SMTP server and client log the peer (leaf) certificate
-fingerprint and public key fingerprint when TLS loglevel is 1 or
+fingerprint and public key fingerprint when the TLS loglevel is 2 or
higher. </p>
<p> <b>Note:</b> Postfix 2.9.0–2.9.5 computed the public key
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20130204"
-#define MAIL_VERSION_NUMBER "2.10-RC1"
+#define MAIL_RELEASE_DATE "20130211"
+#define MAIL_VERSION_NUMBER "2.10.0"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
#undef FREE_RETURN
#define FREE_RETURN(x) do { myfree(saved_policy); return (x); } while (0)
- if ((lookup = maps_find(tls_policy, site_name, 0)) == 0)
+ if ((lookup = maps_find(tls_policy, site_name, 0)) == 0) {
+ if (tls_policy->error) {
+ msg_fatal("%s: %s lookup error for %s",
+ session->state->request->queue_id,
+ tls_policy->title, site_name);
+ /* XXX session->stream has no longjmp context yet. */
+ }
return (0);
-
- if (tls_policy->error) {
- msg_warn("%s: %s lookup error for %s",
- session->state->request->queue_id,
- tls_policy->title, site_name);
- vstream_longjmp(session->stream, SMTP_ERR_DATA);
}
if (cbuf == 0)
cbuf = vstring_alloc(10);
projects / thirdparty / postfix.git / commitdiff
