From: Wietse Venema Date: Wed, 27 Feb 2019 05:00:00 +0000 (-0500) Subject: postfix-3.4.0 X-Git-Tag: v3.4.0^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b521e8bf50780006cc2063f959e16f2d34920cec;p=thirdparty%2Fpostfix.git postfix-3.4.0 --- diff --git a/postfix/README_FILES/DATABASE_README b/postfix/README_FILES/DATABASE_README index 97287f32a..99e10a755 100644 --- a/postfix/README_FILES/DATABASE_README +++ b/postfix/README_FILES/DATABASE_README @@ -269,7 +269,8 @@ To find out what database types your Postfix system supports, use the "ppooss {result1. ..., resultn}". Each table query returns a random choice from the specified results. The first and last characters of the "randmap: " table name must be "{" and "}". Within these, individual maps are - separated with comma or whitespace. + separated with comma or whitespace. To give a specific result more + weight, specify it multiple times. rreeggeexxpp (read-only) A lookup table based on regular expressions. The file format is described in regexp_table(5). The lookup table name as used in "regexp: diff --git a/postfix/README_FILES/FORWARD_SECRECY_README b/postfix/README_FILES/FORWARD_SECRECY_README index cf1bf1398..0d3fb12c7 100644 --- a/postfix/README_FILES/FORWARD_SECRECY_README +++ b/postfix/README_FILES/FORWARD_SECRECY_README @@ -219,8 +219,8 @@ EEEECCDDHH CClliieenntt ssuuppppoorrtt ((PPoossttffiix This works "out of the box" with no need for additional configuration. -Postfix >= 3.2 supports the curve negotitation API of OpenSSL >= 1.0.2. The -list of candidate curves can be changed via the "tls_eecdh_auto_curves" +Postfix >= 3.2 supports the curve negotiation API of OpenSSL >= 1.0.2. The list +of candidate curves can be changed via the "tls_eecdh_auto_curves" configuration parameter, which can be used to select a prioritized list of supported curves (most preferred first) on both the Postfix SMTP server and SMTP client. The default list is suitable for most users. @@ -426,7 +426,7 @@ multiple lines for readability): In the above connections, the "key-exchange" value records the "Diffie-Hellman" algorithm used for key agreement. The "server-signature" value records the -public key algoritm used by the server to sign the key exchange. The "server- +public key algorithm used by the server to sign the key exchange. The "server- digest" value records any hash algorithm used to prepare the data for signing. With "ED25519" and "ED448", no separate hash algorithm is used. diff --git a/postfix/README_FILES/SMTPUTF8_README b/postfix/README_FILES/SMTPUTF8_README index c2aa7ca36..5496a3b0d 100644 --- a/postfix/README_FILES/SMTPUTF8_README +++ b/postfix/README_FILES/SMTPUTF8_README @@ -253,12 +253,21 @@ localparts (and in headers) as before. The vast majority of email software is perfectly capable of handling such email, even if pre-SMTPUTF8 standards do not support such practice. -However, when you specify "smtputf8_enable = yes", Postfix requires that non- -ASCII address information is encoded in UTF-8 and will reject other encodings -such as ISO-8859. It is not practical for Postfix to support multiple encodings -at the same time. There is no problem with RFC 2047 encodings such as "=?ISO- -8859-1?Q?text?=", because those use only characters from the ASCII -characterset. +RReejjeeccttiinngg nnoonn--UUTTFF88 aaddddrreesssseess + +With "smtputf8_enable = yes", Postfix requires that non-ASCII address +information is encoded in UTF-8 and will reject other encodings such as ISO- +8859. It is not practical for Postfix to support multiple encodings at the same +time. There is no problem with RFC 2047 encodings such as "=?ISO-8859- +1?Q?text?=", because those use only characters from the ASCII characterset. + +RReejjeeccttiinngg nnoonn--AASSCCIIII aaddddrreesssseess iinn nnoonn--SSMMTTPPUUTTFF88 ttrraannssaaccttiioonnss + +Setting "strict_smtputf8 = yes" in addition to "smtputf8_enable = yes" will +enable stricter enforcement of the SMTPUTF8 protocol. Specifically, the Postfix +SMTP server will not only reject non-UTF8 sender or recipient addresses, it +will in addition accept UTF-8 sender or recipient addresses only when the +client requests an SMTPUTF8 mail transaction. CCoommppaattiibbiilliittyy wwiitthh IIDDNNAA22000033 diff --git a/postfix/html/DATABASE_README.html b/postfix/html/DATABASE_README.html index dc10dd50e..fedb86230 100644 --- a/postfix/html/DATABASE_README.html +++ b/postfix/html/DATABASE_README.html @@ -403,7 +403,8 @@ databases. The lookup table name syntax is "proxy: Each table query returns a random choice from the specified results. The first and last characters of the "randmap:" table name must be "{" and "}". Within these, individual maps are separated with comma -or whitespace. +or whitespace. To give a specific result more weight, specify it +multiple times.
regexp (read-only)
diff --git a/postfix/html/FORWARD_SECRECY_README.html b/postfix/html/FORWARD_SECRECY_README.html index fe619c8a4..3bdb047f3 100644 --- a/postfix/html/FORWARD_SECRECY_README.html +++ b/postfix/html/FORWARD_SECRECY_README.html @@ -298,7 +298,7 @@ table.

This works "out of the box" with no need for additional configuration.

-

Postfix ≥ 3.2 supports the curve negotitation API of OpenSSL +

Postfix ≥ 3.2 supports the curve negotiation API of OpenSSL ≥ 1.0.2. The list of candidate curves can be changed via the "tls_eecdh_auto_curves" configuration parameter, which can be used to select a prioritized list of supported curves (most preferred @@ -549,7 +549,7 @@ postfix/smtp[process-id]:

In the above connections, the "key-exchange" value records the "Diffie-Hellman" algorithm used for key agreement. The "server-signature" value -records the public key algoritm used by the server to sign the key exchange. +records the public key algorithm used by the server to sign the key exchange. The "server-digest" value records any hash algorithm used to prepare the data for signing. With "ED25519" and "ED448", no separate hash algorithm is used.

diff --git a/postfix/html/SMTPUTF8_README.html b/postfix/html/SMTPUTF8_README.html index 3a90f31cb..1a3c8d5f1 100644 --- a/postfix/html/SMTPUTF8_README.html +++ b/postfix/html/SMTPUTF8_README.html @@ -346,12 +346,23 @@ in address localparts (and in headers) as before. The vast majority of email software is perfectly capable of handling such email, even if pre-SMTPUTF8 standards do not support such practice.

-

However, when you specify "smtputf8_enable = yes", Postfix +

Rejecting non-UTF8 addresses

+ +

With "smtputf8_enable = yes", Postfix requires that non-ASCII address information is encoded in UTF-8 and will reject other encodings such as ISO-8859. It is not practical for Postfix to support multiple encodings at the same time. There is no problem with RFC 2047 encodings such as "=?ISO-8859-1?Q?text?=", -because those use only characters from the ASCII characterset.

+because those use only characters from the ASCII characterset.

+ +

Rejecting non-ASCII addresses in non-SMTPUTF8 transactions

+ +

Setting "strict_smtputf8 = yes" in addition to "smtputf8_enable += yes" will enable stricter enforcement of the SMTPUTF8 protocol. +Specifically, the Postfix SMTP server will not only reject non-UTF8 +sender or recipient addresses, it will in addition accept UTF-8 +sender or recipient addresses only when the client requests an +SMTPUTF8 mail transaction.

Compatibility with IDNA2003

@@ -362,8 +373,8 @@ This makes Postfix behavior consistent with current versions of the Firefox and Chrome web browsers. Specify "enable_idna2003_compatibility = yes" to get the historical behavior.

-This affects the conversion of domain names that contain for example -the German sz (ß) and the Greek zeta (ς). See +

This affects the conversion of domain names that contain for +example the German sz (ß) and the Greek zeta (ς). See http://unicode.org/cldr/utility/idna.jsp for more examples.

Credits

diff --git a/postfix/proto/DATABASE_README.html b/postfix/proto/DATABASE_README.html index 828772e78..19bb9ae32 100644 --- a/postfix/proto/DATABASE_README.html +++ b/postfix/proto/DATABASE_README.html @@ -403,7 +403,8 @@ databases. The lookup table name syntax is "proxy:type:table". Each table query returns a random choice from the specified results. The first and last characters of the "randmap:" table name must be "{" and "}". Within these, individual maps are separated with comma -or whitespace. +or whitespace. To give a specific result more weight, specify it +multiple times.
regexp (read-only)
diff --git a/postfix/proto/FORWARD_SECRECY_README.html b/postfix/proto/FORWARD_SECRECY_README.html index 30fb5329d..eee8b0961 100644 --- a/postfix/proto/FORWARD_SECRECY_README.html +++ b/postfix/proto/FORWARD_SECRECY_README.html @@ -298,7 +298,7 @@ table.

This works "out of the box" with no need for additional configuration.

-

Postfix ≥ 3.2 supports the curve negotitation API of OpenSSL +

Postfix ≥ 3.2 supports the curve negotiation API of OpenSSL ≥ 1.0.2. The list of candidate curves can be changed via the "tls_eecdh_auto_curves" configuration parameter, which can be used to select a prioritized list of supported curves (most preferred @@ -549,7 +549,7 @@ postfix/smtp[process-id]:

In the above connections, the "key-exchange" value records the "Diffie-Hellman" algorithm used for key agreement. The "server-signature" value -records the public key algoritm used by the server to sign the key exchange. +records the public key algorithm used by the server to sign the key exchange. The "server-digest" value records any hash algorithm used to prepare the data for signing. With "ED25519" and "ED448", no separate hash algorithm is used.

diff --git a/postfix/proto/SMTPUTF8_README.html b/postfix/proto/SMTPUTF8_README.html index 381b3e074..9389297ad 100644 --- a/postfix/proto/SMTPUTF8_README.html +++ b/postfix/proto/SMTPUTF8_README.html @@ -346,12 +346,23 @@ in address localparts (and in headers) as before. The vast majority of email software is perfectly capable of handling such email, even if pre-SMTPUTF8 standards do not support such practice.

-

However, when you specify "smtputf8_enable = yes", Postfix +

Rejecting non-UTF8 addresses

+ +

With "smtputf8_enable = yes", Postfix requires that non-ASCII address information is encoded in UTF-8 and will reject other encodings such as ISO-8859. It is not practical for Postfix to support multiple encodings at the same time. There is no problem with RFC 2047 encodings such as "=?ISO-8859-1?Q?text?=", -because those use only characters from the ASCII characterset.

+because those use only characters from the ASCII characterset.

+ +

Rejecting non-ASCII addresses in non-SMTPUTF8 transactions

+ +

Setting "strict_smtputf8 = yes" in addition to "smtputf8_enable += yes" will enable stricter enforcement of the SMTPUTF8 protocol. +Specifically, the Postfix SMTP server will not only reject non-UTF8 +sender or recipient addresses, it will in addition accept UTF-8 +sender or recipient addresses only when the client requests an +SMTPUTF8 mail transaction.

Compatibility with IDNA2003

@@ -362,8 +373,8 @@ This makes Postfix behavior consistent with current versions of the Firefox and Chrome web browsers. Specify "enable_idna2003_compatibility = yes" to get the historical behavior.

-This affects the conversion of domain names that contain for example -the German sz (ß) and the Greek zeta (ς). See +

This affects the conversion of domain names that contain for +example the German sz (ß) and the Greek zeta (ς). See http://unicode.org/cldr/utility/idna.jsp for more examples.

Credits

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 87ee978c0..2c37eb68e 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20190221" -#define MAIL_VERSION_NUMBER "3.4.0-RC3" +#define MAIL_RELEASE_DATE "20190227" +#define MAIL_VERSION_NUMBER "3.4.0" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE