complicating troubleshooting. The fix is to log additional
context to clarify that this "no match" condition is for
smtpd_log_access_permit_actions. File: smtpd/smtpd_check.c.
+
+20150709
+
+ Cleanup: un-break some DNS unit tests by replacing non-portable
+ numerical flags with portable symbolic names in the verbose
+ command output. Files: dns/dns_str_resflags.c, dns/dns_lookup.c,
+ dns/Makefile.in, many *.ref files.
specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 2.11 or earlier, read RELEASE_NOTES-3.0
+before proceeding.
Major changes - address verification safety
-------------------------------------------
parameter. Originally, this was implemented to share the same SMTPD
policy service endpoint among multiple check_policy_service clients.
-Incompatible change with Postfix snapshot 20150721
-==================================================
-
Major changes - tls
-------------------
talk TLS and not plaintext. For details see the
smtp_tls_dane_insecure_mx_policy configuration parameter.
-[Incompat 20150719] The default Diffie-Hellman non-export prime was
-updated from 1024 to 2048 bits, because SMTP clients are starting
-to reject TLS handshakes with primes smaller than 2048 bits.
-
-Historically, this prime size is not negotiable, and each site needs
-to determine which prime size works best for the majority of its
-clients. See FORWARD_SECRECY_README for some hints in the quick-start
-section.
-
[Incompat 20150721] As of the middle of 2015, all supported Postfix
releases no longer enable "export" grade ciphers for opportunistic
TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for
services in master.cf. Execute the command "postfix reload" to make
the changes effective.
+[Incompat 20150719] The default Diffie-Hellman non-export prime was
+updated from 1024 to 2048 bits, because SMTP clients are starting
+to reject TLS handshakes with primes smaller than 2048 bits.
+
+Historically, this prime size is not negotiable, and each site needs
+to determine which prime size works best for the majority of its
+clients. See FORWARD_SECRECY_README for some hints in the quick-start
+section.
+
Fix "make test" bitrot.
+ Document dns_ncache_ttl_fix_enable use case in POSTSCREEN_README
+ and RELEASE_NOTES.
+
Remove this file from the stable release.
Things to do after the stable release:
# and certificate). After the new certificate and key are
# deployed any obsolete keys and certificates may be removed
# by hand. The \fIkeyfile\fR and \fIcertfile\fR filenames
-# are relative to the Postfix configuration directory.
+# may be relative to the Postfix configuration directory.
# .IP "\fBoutput-server-csr\fR [\fB-k \fIkeyfile\fR] [\fIhostname\fB...\fR]"
# Write to stdout a certificate signing request (CSR) for the
# specified \fIkeyfile\fR.
# .sp
-# Instead of a filename, \fIkeyfile\fR may specify one of the
+# Instead of an absolute pathname or a pathname relative to
+# $config_directory, \fIkeyfile\fR may specify one of the
# supported key algorithm names (see "\fBpostconf -T
# public-key-algorithms\fR"). In that case, the corresponding
# setting from main.cf is used to locate the \fIkeyfile\fR.
# the specified \fIkeyfile\fR values. The default \fIhostname\fR
# is the value of the \fBmyhostname\fR main.cf parameter.
# .sp
-# Instead of filenames, the \fIkeyfile\fR list may specify
+# Instead of absolute pathnames or pathnames relative to
+# $config_directory, the \fIkeyfile\fR list may specify
# names of supported public key algorithms (see "\fBpostconf
# -T public-key-algorithms\fR"). In that case, the actual
# \fIkeyfile\fR list uses the values of the corresponding
to deploy the generated key and certificate). After the new
certificate and key are deployed any obsolete keys and certifi-
cates may be removed by hand. The <i>keyfile</i> and <i>certfile</i> file-
- names are relative to the Postfix configuration directory.
+ names may be relative to the Postfix configuration directory.
<b>output-server-csr</b> [<b>-k</b> <i>keyfile</i>] [<i>hostname</i><b>...</b>]
Write to stdout a certificate signing request (CSR) for the
specified <i>keyfile</i>.
- Instead of a filename, <i>keyfile</i> may specify one of the supported
- key algorithm names (see "<b>postconf -T public-key-algorithms</b>").
- In that case, the corresponding setting from <a href="postconf.5.html">main.cf</a> is used to
+ Instead of an absolute pathname or a pathname relative to $<a href="postconf.5.html#config_directory">con</a>-
+ <a href="postconf.5.html#config_directory">fig_directory</a>, <i>keyfile</i> may specify one of the supported key
+ algorithm names (see "<b>postconf -T public-key-algorithms</b>"). In
+ that case, the corresponding setting from <a href="postconf.5.html">main.cf</a> is used to
locate the <i>keyfile</i>. The default <i>keyfile</i> value is <b>rsa</b>.
- Zero or more <i>hostname</i> values can be specified. The default
+ Zero or more <i>hostname</i> values can be specified. The default
<i>hostname</i> is the value of <b><a href="postconf.5.html#myhostname">myhostname</a></b> <a href="postconf.5.html">main.cf</a> parameter.
<b>output-server-tlsa</b> [<b>-h</b> <i>hostname</i>] [<i>keyfile</i><b>...</b>]
- Write to stdout a DANE TLSA RRset suitable for a port 25 SMTP
+ Write to stdout a DANE TLSA RRset suitable for a port 25 SMTP
server on host <i>hostname</i> with keys from any of the specified <i>key-</i>
- <i>file</i> values. The default <i>hostname</i> is the value of the <b>myhost-</b>
+ <i>file</i> values. The default <i>hostname</i> is the value of the <b>myhost-</b>
<b>name</b> <a href="postconf.5.html">main.cf</a> parameter.
- Instead of filenames, the <i>keyfile</i> list may specify names of sup-
- ported public key algorithms (see "<b>postconf -T public-key-algo-</b>
- <b>rithms</b>"). In that case, the actual <i>keyfile</i> list uses the values
- of the corresponding Postfix server TLS key file parameters. If
- a parameter value is empty or equal to <b>none</b>, then no TLSA record
+ Instead of absolute pathnames or pathnames relative to $<a href="postconf.5.html#config_directory">con</a>-
+ <a href="postconf.5.html#config_directory">fig_directory</a>, the <i>keyfile</i> list may specify names of supported
+ public key algorithms (see "<b>postconf -T public-key-algorithms</b>").
+ In that case, the actual <i>keyfile</i> list uses the values of the
+ corresponding Postfix server TLS key file parameters. If a
+ parameter value is empty or equal to <b>none</b>, then no TLSA record
is output for that algorithm.
The default <i>keyfile</i> list consists of the two supported algo-
and certificate). After the new certificate and key are
deployed any obsolete keys and certificates may be removed
by hand. The \fIkeyfile\fR and \fIcertfile\fR filenames
-are relative to the Postfix configuration directory.
+may be relative to the Postfix configuration directory.
.IP "\fBoutput\-server\-csr\fR [\fB\-k \fIkeyfile\fR] [\fIhostname\fB...\fR]"
Write to stdout a certificate signing request (CSR) for the
specified \fIkeyfile\fR.
.sp
-Instead of a filename, \fIkeyfile\fR may specify one of the
+Instead of an absolute pathname or a pathname relative to
+$config_directory, \fIkeyfile\fR may specify one of the
supported key algorithm names (see "\fBpostconf \-T
public\-key\-algorithms\fR"). In that case, the corresponding
setting from main.cf is used to locate the \fIkeyfile\fR.
the specified \fIkeyfile\fR values. The default \fIhostname\fR
is the value of the \fBmyhostname\fR main.cf parameter.
.sp
-Instead of filenames, the \fIkeyfile\fR list may specify
+Instead of absolute pathnames or pathnames relative to
+$config_directory, the \fIkeyfile\fR list may specify
names of supported public key algorithms (see "\fBpostconf
\-T public\-key\-algorithms\fR"). In that case, the actual
\fIkeyfile\fR list uses the values of the corresponding
SHELL = /bin/sh
SRCS = dns_lookup.c dns_rr.c dns_strerror.c dns_strtype.c dns_rr_to_pa.c \
dns_sa_to_rr.c dns_rr_eq_sa.c dns_rr_to_sa.c dns_strrecord.c \
- dns_rr_filter.c
+ dns_rr_filter.c dns_str_resflags.c
OBJS = dns_lookup.o dns_rr.o dns_strerror.o dns_strtype.o dns_rr_to_pa.o \
dns_sa_to_rr.o dns_rr_eq_sa.o dns_rr_to_sa.o dns_strrecord.o \
- dns_rr_filter.o
+ dns_rr_filter.o dns_str_resflags.o
HDRS = dns.h
TESTSRC = test_dns_lookup.c test_alias_token.c
DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE)
@$(EXPORT) make -f Makefile.in Makefile 1>&2
# do not edit below this line - it is generated by 'make depend'
+dns_lookup.o: dns.h
+dns_lookup.o: dns_lookup.c
dns_lookup.o: ../../include/argv.h
dns_lookup.o: ../../include/check_arg.h
dns_lookup.o: ../../include/dict.h
dns_lookup.o: ../../include/vbuf.h
dns_lookup.o: ../../include/vstream.h
dns_lookup.o: ../../include/vstring.h
-dns_lookup.o: dns.h
-dns_lookup.o: dns_lookup.c
-dns_rr.o: ../../include/check_arg.h
-dns_rr.o: ../../include/msg.h
-dns_rr.o: ../../include/myaddrinfo.h
-dns_rr.o: ../../include/mymalloc.h
-dns_rr.o: ../../include/myrand.h
-dns_rr.o: ../../include/sock_addr.h
-dns_rr.o: ../../include/sys_defs.h
-dns_rr.o: ../../include/vbuf.h
-dns_rr.o: ../../include/vstring.h
-dns_rr.o: dns.h
-dns_rr.o: dns_rr.c
+dns_rr_eq_sa.o: dns.h
+dns_rr_eq_sa.o: dns_rr_eq_sa.c
dns_rr_eq_sa.o: ../../include/check_arg.h
dns_rr_eq_sa.o: ../../include/msg.h
dns_rr_eq_sa.o: ../../include/myaddrinfo.h
dns_rr_eq_sa.o: ../../include/sys_defs.h
dns_rr_eq_sa.o: ../../include/vbuf.h
dns_rr_eq_sa.o: ../../include/vstring.h
-dns_rr_eq_sa.o: dns.h
-dns_rr_eq_sa.o: dns_rr_eq_sa.c
+dns_rr_filter.o: dns.h
+dns_rr_filter.o: dns_rr_filter.c
dns_rr_filter.o: ../../include/argv.h
dns_rr_filter.o: ../../include/check_arg.h
dns_rr_filter.o: ../../include/dict.h
dns_rr_filter.o: ../../include/vbuf.h
dns_rr_filter.o: ../../include/vstream.h
dns_rr_filter.o: ../../include/vstring.h
-dns_rr_filter.o: dns.h
-dns_rr_filter.o: dns_rr_filter.c
+dns_rr.o: dns.h
+dns_rr.o: dns_rr.c
+dns_rr.o: ../../include/check_arg.h
+dns_rr.o: ../../include/msg.h
+dns_rr.o: ../../include/myaddrinfo.h
+dns_rr.o: ../../include/mymalloc.h
+dns_rr.o: ../../include/myrand.h
+dns_rr.o: ../../include/sock_addr.h
+dns_rr.o: ../../include/sys_defs.h
+dns_rr.o: ../../include/vbuf.h
+dns_rr.o: ../../include/vstring.h
+dns_rr_to_pa.o: dns.h
+dns_rr_to_pa.o: dns_rr_to_pa.c
dns_rr_to_pa.o: ../../include/check_arg.h
dns_rr_to_pa.o: ../../include/msg.h
dns_rr_to_pa.o: ../../include/myaddrinfo.h
dns_rr_to_pa.o: ../../include/sys_defs.h
dns_rr_to_pa.o: ../../include/vbuf.h
dns_rr_to_pa.o: ../../include/vstring.h
-dns_rr_to_pa.o: dns.h
-dns_rr_to_pa.o: dns_rr_to_pa.c
+dns_rr_to_sa.o: dns.h
+dns_rr_to_sa.o: dns_rr_to_sa.c
dns_rr_to_sa.o: ../../include/check_arg.h
dns_rr_to_sa.o: ../../include/msg.h
dns_rr_to_sa.o: ../../include/myaddrinfo.h
dns_rr_to_sa.o: ../../include/sys_defs.h
dns_rr_to_sa.o: ../../include/vbuf.h
dns_rr_to_sa.o: ../../include/vstring.h
-dns_rr_to_sa.o: dns.h
-dns_rr_to_sa.o: dns_rr_to_sa.c
+dns_sa_to_rr.o: dns.h
+dns_sa_to_rr.o: dns_sa_to_rr.c
dns_sa_to_rr.o: ../../include/check_arg.h
dns_sa_to_rr.o: ../../include/msg.h
dns_sa_to_rr.o: ../../include/myaddrinfo.h
dns_sa_to_rr.o: ../../include/sys_defs.h
dns_sa_to_rr.o: ../../include/vbuf.h
dns_sa_to_rr.o: ../../include/vstring.h
-dns_sa_to_rr.o: dns.h
-dns_sa_to_rr.o: dns_sa_to_rr.c
+dns_strerror.o: dns.h
+dns_strerror.o: dns_strerror.c
dns_strerror.o: ../../include/check_arg.h
dns_strerror.o: ../../include/myaddrinfo.h
dns_strerror.o: ../../include/sock_addr.h
dns_strerror.o: ../../include/sys_defs.h
dns_strerror.o: ../../include/vbuf.h
dns_strerror.o: ../../include/vstring.h
-dns_strerror.o: dns.h
-dns_strerror.o: dns_strerror.c
+dns_strrecord.o: dns.h
+dns_strrecord.o: dns_strrecord.c
dns_strrecord.o: ../../include/check_arg.h
dns_strrecord.o: ../../include/msg.h
dns_strrecord.o: ../../include/myaddrinfo.h
dns_strrecord.o: ../../include/sys_defs.h
dns_strrecord.o: ../../include/vbuf.h
dns_strrecord.o: ../../include/vstring.h
-dns_strrecord.o: dns.h
-dns_strrecord.o: dns_strrecord.c
+dns_str_resflags.o: dns.h
+dns_str_resflags.o: dns_str_resflags.c
+dns_str_resflags.o: ../../include/check_arg.h
+dns_str_resflags.o: ../../include/myaddrinfo.h
+dns_str_resflags.o: ../../include/name_mask.h
+dns_str_resflags.o: ../../include/sock_addr.h
+dns_str_resflags.o: ../../include/sys_defs.h
+dns_str_resflags.o: ../../include/vbuf.h
+dns_str_resflags.o: ../../include/vstring.h
+dns_strtype.o: dns.h
+dns_strtype.o: dns_strtype.c
dns_strtype.o: ../../include/check_arg.h
dns_strtype.o: ../../include/myaddrinfo.h
dns_strtype.o: ../../include/sock_addr.h
dns_strtype.o: ../../include/sys_defs.h
dns_strtype.o: ../../include/vbuf.h
dns_strtype.o: ../../include/vstring.h
-dns_strtype.o: dns.h
-dns_strtype.o: dns_strtype.c
+test_dns_lookup.o: dns.h
test_dns_lookup.o: ../../include/argv.h
test_dns_lookup.o: ../../include/check_arg.h
test_dns_lookup.o: ../../include/mail_params.h
test_dns_lookup.o: ../../include/vbuf.h
test_dns_lookup.o: ../../include/vstream.h
test_dns_lookup.o: ../../include/vstring.h
-test_dns_lookup.o: dns.h
test_dns_lookup.o: test_dns_lookup.c
#endif
+ /*
+ * dns_str_resflags.c
+ */
+const char *dns_str_resflags(unsigned long);
+
/* LICENSE
/* .ad
/* .fi
for (type = va_arg(ap, unsigned); type != 0; type = next) {
next = va_arg(ap, unsigned);
if (msg_verbose)
- msg_info("lookup %s type %s flags %d",
- name, dns_strtype(type), flags);
+ msg_info("lookup %s type %s flags %s",
+ name, dns_strtype(type), dns_str_resflags(flags));
status = dns_lookup_x(name, type, flags, rrlist ? &rr : (DNS_RR **) 0,
fqdn, why, rcode, lflags);
if (rrlist && rr)
for (type = *types++; type != 0; type = next) {
next = *types++;
if (msg_verbose)
- msg_info("lookup %s type %s flags %d",
- name, dns_strtype(type), flags);
+ msg_info("lookup %s type %s flags %s",
+ name, dns_strtype(type), dns_str_resflags(flags));
status = dns_lookup_x(name, type, flags, rrlist ? &rr : (DNS_RR **) 0,
fqdn, why, rcode, lflags);
if (rrlist && rr)
--- /dev/null
+/*++
+/* NAME
+/* dns_str_resflags 3
+/* SUMMARY
+/* convert resolver flags to printable form
+/* SYNOPSIS
+/* #include <dns.h>
+/*
+/* const char *dns_str_resflags(mask)
+/* unsigned long mask;
+/* DESCRIPTION
+/* dns_str_resflags() converts RES_* resolver(5) flags from internal
+/* form to printable string. Individual flag names are separated
+/* with '|'. The result is overwritten with each call.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* Google, Inc.
+/* 111 8th Avenue
+/* New York, NY 10011, USA
+/*--*/
+
+ /*
+ * System library.
+ */
+#include <sys_defs.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+
+ /*
+ * Utility library.
+ */
+#include <name_mask.h>
+
+ /*
+ * DNS library.
+ */
+#include <dns.h>
+
+ /*
+ * Application-specific.
+ */
+
+ /*
+ * This list overlaps with dns_res_opt_masks[] in smtp.c, but there we
+ * permit only a small subset of all possible flags.
+ */
+static const LONG_NAME_MASK resflag_table[] = {
+ "RES_INIT", RES_INIT,
+ "RES_DEBUG", RES_DEBUG,
+ "RES_AAONLY", RES_AAONLY,
+ "RES_USEVC", RES_USEVC,
+ "RES_PRIMARY", RES_PRIMARY,
+ "RES_IGNTC", RES_IGNTC,
+ "RES_RECURSE", RES_RECURSE,
+ "RES_DEFNAMES", RES_DEFNAMES,
+ "RES_STAYOPEN", RES_STAYOPEN,
+ "RES_DNSRCH", RES_DNSRCH,
+ "RES_INSECURE1", RES_INSECURE1,
+ "RES_INSECURE2", RES_INSECURE2,
+ "RES_NOALIASES", RES_NOALIASES,
+ "RES_USE_INET6", RES_USE_INET6,
+ "RES_ROTATE", RES_ROTATE,
+ "RES_NOCHECKNAME", RES_NOCHECKNAME,
+ "RES_USE_EDNS0", RES_USE_EDNS0,
+ "RES_USE_DNSSEC", RES_USE_DNSSEC,
+#ifdef RES_KEEPTSIG
+ "RES_KEEPTSIG", RES_KEEPTSIG,
+#endif
+#ifdef RES_BLAST
+ "RES_BLAST", RES_BLAST,
+#endif
+#ifdef RES_USEBSTRING
+ "RES_USEBSTRING", RES_USEBSTRING,
+#endif
+#ifdef RES_NSID
+ "RES_NSID", RES_NSID,
+#endif
+#ifdef RES_NOIP6DOTINT
+ "RES_NOIP6DOTINT", RES_NOIP6DOTINT,
+#endif
+#ifdef RES_USE_DNAME
+ "RES_USE_DNAME", RES_USE_DNAME,
+#endif
+#ifdef RES_NO_NIBBLE2
+ "RES_NO_NIBBLE2", RES_NO_NIBBLE2,
+#endif
+#ifdef RES_SNGLKUP
+ "RES_SNGLKUP", RES_SNGLKUP,
+#endif
+#ifdef RES_SNGLKUPREOP
+ "RES_SNGLKUPREOP", RES_SNGLKUPREOP,
+#endif
+#ifdef RES_NOTLDQUERY
+ "RES_NOTLDQUERY", RES_NOTLDQUERY,
+#endif
+ 0,
+};
+
+/* dns_str_resflags - convert RES_* resolver flags to printable form */
+
+const char *dns_str_resflags(unsigned long mask)
+{
+ static VSTRING *buf;
+
+ if (buf == 0)
+ buf = vstring_alloc(20);
+ return (str_long_name_mask_opt(buf, "dsns_str_resflags", resflag_table,
+ mask, NAME_MASK_NUMBER | NAME_MASK_PIPE));
+}
-./test_dns_lookup: lookup 1.0.0.127.zen.spamhaus.org type A flags 2097152
+./test_dns_lookup: lookup 1.0.0.127.zen.spamhaus.org type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: 1.0.0.127.zen.spamhaus.org (A): Host not found
./test_dns_lookup: dns_get_answer: type SOA for zen.spamhaus.org
./test_dns_lookup: warning: Host or domain name not found. Name service error for name=1.0.0.127.zen.spamhaus.org type=A: Host not found (rcode=3)
1.0.0.127.zen.spamhaus.org: fqdn: zen.spamhaus.org
ad: 0, rr: zen.spamhaus.org. TTL IN SOA - - D D D D D
-./test_dns_lookup: lookup 1.0.0.127.b.barracudacentral.org type A flags 2097152
+./test_dns_lookup: lookup 1.0.0.127.b.barracudacentral.org type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: 1.0.0.127.b.barracudacentral.org (A): Host not found
./test_dns_lookup: warning: Host or domain name not found. Name service error for name=1.0.0.127.b.barracudacentral.org type=A: Host not found (rcode=3)
-./test_dns_lookup: lookup 1.0.0.127.bl.spamcop.net type A flags 2097152
+./test_dns_lookup: lookup 1.0.0.127.bl.spamcop.net type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: 1.0.0.127.bl.spamcop.net (A): Host not found
./test_dns_lookup: dns_get_answer: type SOA for bl.spamcop.net
./test_dns_lookup: warning: Host or domain name not found. Name service error for name=1.0.0.127.bl.spamcop.net type=A: Host not found (rcode=3)
-./test_dns_lookup: lookup 1.0.0.127.zen.spamhaus.org type A flags 2097152
+./test_dns_lookup: lookup 1.0.0.127.zen.spamhaus.org type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: 1.0.0.127.zen.spamhaus.org (A): Host not found
./test_dns_lookup: warning: Host or domain name not found. Name service error for name=1.0.0.127.zen.spamhaus.org type=A: Host not found (rcode=3)
-./test_dns_lookup: lookup 1.0.0.127.b.barracudacentral.org type A flags 2097152
+./test_dns_lookup: lookup 1.0.0.127.b.barracudacentral.org type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: 1.0.0.127.b.barracudacentral.org (A): Host not found
./test_dns_lookup: warning: Host or domain name not found. Name service error for name=1.0.0.127.b.barracudacentral.org type=A: Host not found (rcode=3)
-./test_dns_lookup: lookup 1.0.0.127.bl.spamcop.net type A flags 2097152
+./test_dns_lookup: lookup 1.0.0.127.bl.spamcop.net type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: 1.0.0.127.bl.spamcop.net (A): Host not found
./test_dns_lookup: warning: Host or domain name not found. Name service error for name=1.0.0.127.bl.spamcop.net type=A: Host not found (rcode=3)
-./test_dns_lookup: lookup 2.0.0.127.zen.spamhaus.org type A flags 2097152
+./test_dns_lookup: lookup 2.0.0.127.zen.spamhaus.org type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: 2.0.0.127.zen.spamhaus.org (A): OK
./test_dns_lookup: dns_get_answer: type A for 2.0.0.127.zen.spamhaus.org
2.0.0.127.zen.spamhaus.org: fqdn: 2.0.0.127.zen.spamhaus.org
ad: 0, rr: 2.0.0.127.zen.spamhaus.org. TTL IN A 127.0.0.D
-./test_dns_lookup: lookup 2.0.0.127.b.barracudacentral.org type A flags 2097152
+./test_dns_lookup: lookup 2.0.0.127.b.barracudacentral.org type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: 2.0.0.127.b.barracudacentral.org (A): OK
./test_dns_lookup: dns_get_answer: type A for 2.0.0.127.b.barracudacentral.org
2.0.0.127.b.barracudacentral.org: fqdn: 2.0.0.127.b.barracudacentral.org
ad: 0, rr: 2.0.0.127.b.barracudacentral.org. TTL IN A 127.0.0.D
-./test_dns_lookup: lookup 2.0.0.127.bl.spamcop.net type A flags 2097152
+./test_dns_lookup: lookup 2.0.0.127.bl.spamcop.net type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: 2.0.0.127.bl.spamcop.net (A): OK
./test_dns_lookup: dns_get_answer: type A for 2.0.0.127.bl.spamcop.net
2.0.0.127.bl.spamcop.net: fqdn: 2.0.0.127.bl.spamcop.net
-./test_dns_lookup: lookup spike.porcupine.org type A flags 2097152
+./test_dns_lookup: lookup spike.porcupine.org type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: spike.porcupine.org (A): OK
./test_dns_lookup: dns_get_answer: type A for spike.porcupine.org
./test_dns_lookup: dict_regexp_lookup: error.reg: spike.porcupine.org. 3600 IN A 168.100.189.2
./test_dns_lookup: maps_find: DNS reply filter: regexp:error.reg(0,lock|fold_fix): spike.porcupine.org. 3600 IN A 168.100.189.2 = oops
./test_dns_lookup: warning: DNS reply filter: unknown DNS filter action: "oops"
-./test_dns_lookup: lookup spike.porcupine.org type AAAA flags 2097152
+./test_dns_lookup: lookup spike.porcupine.org type AAAA flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: spike.porcupine.org (AAAA): OK
./test_dns_lookup: dns_get_answer: type AAAA for spike.porcupine.org
./test_dns_lookup: dict_regexp_lookup: error.reg: spike.porcupine.org. 3600 IN AAAA 2604:8d00:189::2
-./test_dns_lookup: lookup porcupine.org type MX flags 2097152
+./test_dns_lookup: lookup porcupine.org type MX flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: porcupine.org (MX): OK
./test_dns_lookup: dns_get_answer: type MX for porcupine.org
./test_dns_lookup: dns_get_answer: type MX for porcupine.org
./test_dns_lookup: dns_get_answer: type MX for porcupine.org
-./test_dns_lookup: lookup porcupine.org type A flags 2097152
+./test_dns_lookup: lookup porcupine.org type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: porcupine.org (A): Host found but no data record of requested type
ad: 0, rr: porcupine.org. 3600 IN MX 10 spike.porcupine.org.
ad: 0, rr: porcupine.org. 3600 IN MX 20 fist.porcupine.org.
-./test_dns_lookup: lookup spike.porcupine.org type A flags 2097152
+./test_dns_lookup: lookup spike.porcupine.org type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: spike.porcupine.org (A): OK
./test_dns_lookup: dns_get_answer: type A for spike.porcupine.org
./test_dns_lookup: dict_regexp_lookup: no-a.reg: spike.porcupine.org. 3600 IN A 168.100.189.2
./test_dns_lookup: maps_find: DNS reply filter: regexp:no-a.reg(0,lock|fold_fix): spike.porcupine.org. 3600 IN A 168.100.189.2 = ignore
./test_dns_lookup: ignoring DNS RR: spike.porcupine.org. 3600 IN A 168.100.189.2
-./test_dns_lookup: lookup spike.porcupine.org type AAAA flags 2097152
+./test_dns_lookup: lookup spike.porcupine.org type AAAA flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: spike.porcupine.org (AAAA): OK
./test_dns_lookup: dns_get_answer: type AAAA for spike.porcupine.org
./test_dns_lookup: dict_regexp_lookup: no-a.reg: spike.porcupine.org. 3600 IN AAAA 2604:8d00:189::2
-./test_dns_lookup: lookup spike.porcupine.org type A flags 2097152
+./test_dns_lookup: lookup spike.porcupine.org type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: spike.porcupine.org (A): OK
./test_dns_lookup: dns_get_answer: type A for spike.porcupine.org
./test_dns_lookup: dict_regexp_lookup: no-aaaa.reg: spike.porcupine.org. 3600 IN A 168.100.189.2
./test_dns_lookup: maps_find: DNS reply filter: spike.porcupine.org. 3600 IN A 168.100.189.2: not found
-./test_dns_lookup: lookup spike.porcupine.org type AAAA flags 2097152
+./test_dns_lookup: lookup spike.porcupine.org type AAAA flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: spike.porcupine.org (AAAA): OK
./test_dns_lookup: dns_get_answer: type AAAA for spike.porcupine.org
./test_dns_lookup: dict_regexp_lookup: no-aaaa.reg: spike.porcupine.org. 3600 IN AAAA 2604:8d00:189::2
./test_dns_lookup: ignoring DNS RR: porcupine.org. 3600 IN MX 10 spike.porcupine.org.
./test_dns_lookup: ignoring DNS RR: porcupine.org. 3600 IN MX 20 fist.porcupine.org.
./test_dns_lookup: ignoring DNS RR: porcupine.org. 3600 IN MX 30 m1.porcupine.org.
-./test_dns_lookup: lookup porcupine.org type MX flags 2097152
+./test_dns_lookup: lookup porcupine.org type MX flags RES_USE_DNSSEC
./test_dns_lookup: maps_find: DNS reply filter: regexp:no-mx.reg(0,lock|fold_fix): porcupine.org. 3600 IN MX 10 spike.porcupine.org. = ignore
./test_dns_lookup: maps_find: DNS reply filter: regexp:no-mx.reg(0,lock|fold_fix): porcupine.org. 3600 IN MX 20 fist.porcupine.org. = ignore
./test_dns_lookup: maps_find: DNS reply filter: regexp:no-mx.reg(0,lock|fold_fix): porcupine.org. 3600 IN MX 30 m1.porcupine.org. = ignore
-./test_dns_lookup: lookup nullmx.porcupine.org type MX flags 2097152
+./test_dns_lookup: lookup nullmx.porcupine.org type MX flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: nullmx.porcupine.org (MX): OK
./test_dns_lookup: dns_get_answer: type MX for nullmx.porcupine.org
-./test_dns_lookup: lookup nullmx.porcupine.org type A flags 2097152
+./test_dns_lookup: lookup nullmx.porcupine.org type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: nullmx.porcupine.org (A): OK
./test_dns_lookup: dns_get_answer: type A for nullmx.porcupine.org
nullmx.porcupine.org: fqdn: nullmx.porcupine.org
-./test_dns_lookup: lookup nxdomain.porcupine.org type MX flags 2097152
+./test_dns_lookup: lookup nxdomain.porcupine.org type MX flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: nxdomain.porcupine.org (MX): Host not found
-./test_dns_lookup: lookup nxdomain.porcupine.org type A flags 2097152
+./test_dns_lookup: lookup nxdomain.porcupine.org type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: nxdomain.porcupine.org (A): Host not found
./test_dns_lookup: warning: Host or domain name not found. Name service error for name=nxdomain.porcupine.org type=A: Host not found (rcode=3)
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20160221"
+#define MAIL_RELEASE_DATE "20160224"
#define MAIL_VERSION_NUMBER "3.2"
#ifdef SNAPSHOT
projects / thirdparty / postfix.git / commitdiff
