to take the software under the license of their choice.
Those who are more comfortable with the IPL can continue
with that license. File: LICENSE.
+
+20180217
+
+ Cleanup: added missing *_maps parameters to the default
+ proxy_read_maps setting. Files: global/mail_params.h,
+ mantools/missing-proxy-read-maps.
between the server and client will resist decryption even if the server's long-
term authentication keys are later compromised.
-Postfix >= 3.2 supports the curve negotitation API of OpenSSL >= 1.0.2. The
-list of candidate curves can be changed via the "tls_eecdh_auto_curves"
+Postfix >= 3.2 supports the curve negotiation API of OpenSSL >= 1.0.2. The list
+of candidate curves can be changed via the "tls_eecdh_auto_curves"
configuration parameter, which can be used to select a prioritized list of
supported curves (most preferred first) on both the Postfix SMTP server and
SMTP client. The default list is suitable for most users.
This is the Postfix 3.3 (stable) release.
The stable Postfix release is called postfix-3.3.x where 3=major
-release number, 3=minor release number, x=patchlevel. The stable
+release number, 3=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-3.4-yyyymmdd where yyyymmdd is the release date (yyyy=year,
-mm=month, dd=day). Patches are never issued for snapshot releases;
+mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
[20180106] With compatibility_level < 1, the Postfix SMTP server
now warns for mail that would be blocked by the Postfix 2.10
-smtpd_relay_restrictions feature. This extends the safety net for
-sites that upgrade from earlier Postfix versions (questions on the
-postfix-users list show a steady trickle). See COMPATIBILITY_README
-for details.
+smtpd_relay_restrictions feature, without blocking that mail. This
+extends the compatibility safety net for sites that upgrade from
+earlier Postfix versions (questions on the postfix-users list show
+there is a steady trickle). See COMPATIBILITY_README for details.
Major changes - configuration
-----------------------------
-[20170617] The postconf command warns about unknown parameter names
-in a Postfix database configuration file, specified as an absolute
-pathname.
+[20170617] The postconf command now warns about unknown parameter
+names in a Postfix database configuration file. As with other unknown
+parameter names, these warnings can help to find typos early.
[20180113] New read-only service_name parameter that contains the
-master.cf service name. This parameter is set only in daemon
-processes. This allows, for example, setting the syslog_name in
-master.cf with "-o syslog_name=postfix/$service_name" for the
-"submission", "smtps", and "relay" services.
+master.cf service name of a Postfix daemon process (it that is empty
+in a non-daemon process). This can make Postfix SMTP server logging
+logging distinct by setting the syslog_name in master.cf with "-o
+syslog_name=postfix/$service_name" for the "submission" and "smtps"
+services, and can make Postfix SMTP client distinct by setting "-o
+syslog_name=postfix/$service_name" for the "relay" service.
Major changes - container support
---------------------------------
[20171218] Preliminary support to run Postfix in the foreground,
-with "postfix start-fg". This requires that multi-instance support
-is disabled.
+with "postfix start-fg". This requires that Postfix multi-instance
+support is disabled. To receive Postfix syslog information on the
+container's host, mount the host's /dev/log socket inside the
+container (example: "docker run -v /dev/log:/dev/log ..."), and
+specify a distinct Postfix "syslog_name" prefix that identifies the
+logging from the Postfix instance. Postfix does not log systemd
+events.
Major changes - database support
---------------------------------
---------------------------------
[20170617] Additional paranoia in the VSTRING implementation: a
-null byte after the end of vstring buffers so that C-style string
-operations won't scribble past the end; earlier detection of bad
-length and precision format string specifiers (this just improves
-error handling, as format strings cannot be specified externally).
+null byte after the end of vstring buffers (this is a safety net
+so that C-style string operations won't scribble past the end);
+earlier detection of bad length and precision format string specifiers
+(these are the result of programming error, as Postfix format strings
+cannot be specified externally).
Major changes - milter support
------------------------------
-[20170221] The Postfix Milter client no longer encloses single-letter
-macro names inside {}, even though this form is supported since
-Sendmail version 8.7.
-
[20171223] Milter applications can now send RET and ENVID parameters
in SMFIR_CHGFROM (change envelope sender) requests.
Major changes - mixed IPv6/IPv4 support
---------------------------------------
-[20170505] Workaround for mail delivery problems with destinations
-that announce primarily IPv6 MX addresses but that are unreachable
-over IPv6, when the smtp_address_limit eliminates most or all IPv4
-addresses. This includes the case that Postfix IPv6 support is
-turned on, but the local machine has no IPv6 connectivity.
-
-The Postfix SMTP client will now attempt to schedule similar numbers
-of IPv4 and IPv6 addresses. Specify "smtp_balance_mx_inet_protocols
+[20170505] Workaround for mail delivery problems when 1) both Postfix
+IPv6 and IPv4 support are enabled, 2) some destination announces
+more primary IPv6 MX addresses than primary IPv4 MX addresses, 3)
+the destination is unreachable over IPv6, and 4) Postfix runs into
+the smtp_mx_address_limit before it can try to deliver over IPv4.
+
+When both Postfix IPv6 and IPv4 support are enabled, the Postfix
+SMTP client will now relax MX preferences so that it can schedule
+similar numbers of IPv4 and IPv6 destination addresses. This ensures
+that an IPv6 connectivity problem will not prevent mail from being
+delivered over IPv4 (and vice versa). Specify "smtp_balance_inet_protocols
= no" to disable this workaround.
Major changes - xclient
Things to do before the stable release:
- Spell-check, double-word check, and HTML validator check.
+ Spell-check, double-word check, HTML validator check,
+ mantools/missing-proxy-read-maps check.
Disable -DSNAPSHOT and -DNONPROD in makedefs.
- Add $smtpd_sender_login_maps to proxy_read_maps.
-
After I/O error, store errno in VSTREAM object before errno
may be overwritten.
if the server's long-term authentication keys are <i>later</i>
compromised. </p>
-<p> Postfix ≥ 3.2 supports the curve negotitation API of OpenSSL
+<p> Postfix ≥ 3.2 supports the curve negotiation API of OpenSSL
≥ 1.0.2. The list of candidate curves can be changed via the
"<a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a>" configuration parameter, which can be used
to select a prioritized list of supported curves (most preferred
<p> Note: with Postfix ≤ 3.2 the "setting <a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a>
= <b>no</b>" breaks address verification for addresses that are
aliased or otherwise rewritten (Postfix is unable to store the
-addres verification result under the original probe destination
+address verification result under the original probe destination
address; instead, it can store the result only under the rewritten
address). </p>
-</ul>
-
<p> This feature is available in Postfix 2.1 and later. Postfix
version 2.0 behaves as if this parameter is always set to <b>yes</b>.
Postfix versions before 2.0 have no support for the original recipient
specifies the action after address probe failure due to a temporary
problem (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). <br> This feature breaks for
aliased addresses with "<a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> = no" (Postfix
-≤ 3.2). <br> This feature is avaiable in Postfix 2.1 and later.
+≤ 3.2). <br> This feature is available in Postfix 2.1 and later.
</dd>
</dl>
Note: with Postfix <= 3.2 the "setting enable_original_recipient
= \fBno\fR" breaks address verification for addresses that are
aliased or otherwise rewritten (Postfix is unable to store the
-addres verification result under the original probe destination
+address verification result under the original probe destination
address; instead, it can store the result only under the rewritten
address).
-.br
.PP
This feature is available in Postfix 2.1 and later. Postfix
version 2.0 behaves as if this parameter is always set to \fByes\fR.
aliased addresses with "enable_original_recipient = no" (Postfix
<= 3.2).
.br
-This feature is avaiable in Postfix 2.1 and later.
+This feature is available in Postfix 2.1 and later.
.br
.br
.PP
--- /dev/null
+#!/usr/bin/perl
+
+# Compares the list of parameter names that end in _maps in
+# proxy_read_maps, against the list of all parameter names that end
+# in _maps, and outputs the missing mail_params.h lines.
+
+$command = "bin/postconf -dh proxy_read_maps | tr ' ' '\12'";
+open(PROXY_READ_MAPS, "$command|")
+ || die "can't execute $command: !$\n";
+while (<PROXY_READ_MAPS>) {
+ chomp;
+ next unless /\$(.+_maps)$/;
+ $proxy_read_maps{$1} = 1;
+}
+close(PROXY_READ_MAPS) || die "close $command: $!\n";
+
+$mail_params_h = "src/global/mail_params.h";
+open(MAIL_PARAMS, "<$mail_params_h")
+ || die "Open $mail_params_h";
+while ($line = <MAIL_PARAMS>) {
+ chomp;
+ if ($line =~ /^#define\s+(\S+)\s+"(\S+)"/) {
+ $mail_params{$2} = $1;
+ } elsif ($line =~/^#define\s+(\S+)\s+"address_verify_" VAR_SND_DEF_XPORT_MAPS/) {
+ $mail_params{"address_verify_sender_dependent_default_transport_maps"} = $1;
+ }
+}
+close(MAIL_PARAMS) || die "close $mail_params_h: !$\n";
+
+$command = "bin/postconf -H";
+open(ALL_PARAM_NAMES, "$command|")
+ || die "can't execute $command: !$\n";
+while ($param_name = <ALL_PARAM_NAMES>) {
+ chomp($param_name);
+ next unless ($param_name =~ /_maps$/);
+ next if ($param_name =~ /^(proxy_read|proxy_write)_maps$/);
+ next if defined($proxy_read_maps{$param_name});
+ die "unknown parameter: $param_name\n"
+ unless defined($mail_params{$param_name});
+ print "\t\t\t\t\" \$\" $mail_params{$param_name} \\\n";
+}
if the server's long-term authentication keys are <i>later</i>
compromised. </p>
-<p> Postfix ≥ 3.2 supports the curve negotitation API of OpenSSL
+<p> Postfix ≥ 3.2 supports the curve negotiation API of OpenSSL
≥ 1.0.2. The list of candidate curves can be changed via the
"tls_eecdh_auto_curves" configuration parameter, which can be used
to select a prioritized list of supported curves (most preferred
<p> Note: with Postfix ≤ 3.2 the "setting enable_original_recipient
= <b>no</b>" breaks address verification for addresses that are
aliased or otherwise rewritten (Postfix is unable to store the
-addres verification result under the original probe destination
+address verification result under the original probe destination
address; instead, it can store the result only under the rewritten
address). </p>
-</ul>
-
<p> This feature is available in Postfix 2.1 and later. Postfix
version 2.0 behaves as if this parameter is always set to <b>yes</b>.
Postfix versions before 2.0 have no support for the original recipient
specifies the action after address probe failure due to a temporary
problem (default: defer_if_permit). <br> This feature breaks for
aliased addresses with "enable_original_recipient = no" (Postfix
-≤ 3.2). <br> This feature is avaiable in Postfix 2.1 and later.
+≤ 3.2). <br> This feature is available in Postfix 2.1 and later.
</dd>
</dl>
#define DEF_DEF_TRANSPORT MAIL_SERVICE_SMTP
extern char *var_def_transport;
-#define VAR_SND_DEF_XPORT_MAPS "sender_dependent_" VAR_DEF_TRANSPORT "_maps"
+#define VAR_SND_DEF_XPORT_MAPS "sender_dependent_default_transport_maps"
#define DEF_SND_DEF_XPORT_MAPS ""
extern char *var_snd_def_xport_maps;
-#define VAR_NULL_DEF_XPORT_MAPS_KEY "empty_address_" VAR_DEF_TRANSPORT "_maps_lookup_key"
+#define VAR_NULL_DEF_XPORT_MAPS_KEY "empty_address_default_transport_maps_lookup_key"
#define DEF_NULL_DEF_XPORT_MAPS_KEY "<>"
extern char *var_null_def_xport_maps_key;
" $" VAR_HELO_CHECKS \
" $" VAR_MAIL_CHECKS \
" $" VAR_RELAY_CHECKS \
- " $" VAR_RCPT_CHECKS
+ " $" VAR_RCPT_CHECKS \
+ " $" VAR_VRFY_SND_DEF_XPORT_MAPS \
+ " $" VAR_VRFY_RELAY_MAPS \
+ " $" VAR_VRFY_XPORT_MAPS \
+ " $" VAR_FBCK_TRANSP_MAPS \
+ " $" VAR_LMTP_EHLO_DIS_MAPS \
+ " $" VAR_LMTP_PIX_BUG_MAPS \
+ " $" VAR_LMTP_SASL_PASSWD \
+ " $" VAR_LMTP_TLS_POLICY \
+ " $" VAR_MAILBOX_CMD_MAPS \
+ " $" VAR_MBOX_TRANSP_MAPS \
+ " $" VAR_PSC_EHLO_DIS_MAPS \
+ " $" VAR_RBL_REPLY_MAPS \
+ " $" VAR_SND_RELAY_MAPS \
+ " $" VAR_SMTP_EHLO_DIS_MAPS \
+ " $" VAR_SMTP_PIX_BUG_MAPS \
+ " $" VAR_SMTP_SASL_PASSWD \
+ " $" VAR_SMTP_TLS_POLICY \
+ " $" VAR_SMTPD_EHLO_DIS_MAPS \
+ " $" VAR_SMTPD_MILTER_MAPS \
+ " $" VAR_VIRT_GID_MAPS \
+ " $" VAR_VIRT_UID_MAPS \
+ " $" VAR_SND_DEF_XPORT_MAPS
extern char *var_proxy_read_maps;
#define VAR_PROXY_WRITE_MAPS "proxy_write_maps"
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20180203"
+#define MAIL_RELEASE_DATE "20180217"
#define MAIL_VERSION_NUMBER "3.4"
#ifdef SNAPSHOT
projects / thirdparty / postfix.git / commitdiff
