Commit Graph

33 Commits

Author SHA1 Message Date
tron
56bb44cae5 Build new Postfix components dnsblog(8), postscreen(8) and tlsproxy(8)
and install new documentation files.
2011-03-02 22:24:55 +00:00
tron
c1bec41104 Fix build of Postfix 2.8.1. 2011-03-02 20:12:29 +00:00
tron
d14acb8d0b Resolve conflicts from last import. 2011-03-02 19:56:37 +00:00
tron
ff6d749d99 Import Postfix 2.8.1. Changes since version 2.7.*:
Postfix stable release 2.8.0 is available. This release continues the
move towards improving code and documentation, and making the system
better prepared for changes in the threat environment.

The postscreen daemon (a zombie blocker in front of Postfix) is now
included with the stable release. postscreen now supports TLS and can
log the rejected sender, recipient and helo information. See the
POSTSCREEN_README file for recommended usage scenarios.

Support for DNS whitelisting (permit_rhswl_client), and for pattern
matching to filter the responses from DNS white/blacklist servers
(e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]).

Improved message tracking across SMTP-based content filters; the
after-filter SMTP server can log the before-filter queue ID (the
XCLIENT protocol was extended).

Read-only support for sqlite databases. See sqlite_table(5) and
SQLITE_README.

Support for 'footers' that are appended to SMTP server "reject"
responses. See "smtpd_reject_footer" in the postconf(5) manpage.
2011-03-02 19:31:23 +00:00
tron
ad49390408 Move default definition of "PKGROOT" inside the "HAVE_CYRUS_SASL" block
as it shouldn't be used anywhere else.
2011-02-15 23:17:02 +00:00
christos
99c6c22267 From Anon Ymous:
1) libsaslc is an SASL client only.
2) dovecot is an SASL server only.
3) cyrus-sasl is both a client and a server.
4) postfix allows us to have multiple SASL servers and clients.
5) The SASL server to use at runtime is determined by the setting of
   "smtpd_sasl_type" in main.cf (note that is smtpd_ not smtp_).  If
   that is not set, then it defaults to the value of
   DEF_SERVER_SASL_TYPE at build time, which if not set, defaults to
   "cyrus".  See postfix/dist/src/global/mail_params.h.
6) The SASL client to use at runtime is determined by the setting of
   "smtp_sasl_type" in main.cf.  If that is not set, then it defaults
   to the value of DEF_CLIENT_SASL_TYPE at build time, which if not
   set, defaults to "cyrus".  See postfix/dist/src/global/mail_params.h.
7) If MKCRYPTO is "no", libsaslc will not link as it requires the
   crypto libraries, so libsaslc cannot be enabled (as it was before)
   without crypto.
8) I have made the definition of DEF_CLIENT_SASL_TYPE conditional on
   MKCRYPTO due to (7).  Without crypto it will default to cyrus.
9) HAVE_CYRUS_SASL is _never_ defined during a normal build and _never_
   should be!  It is there for the convenience of users who wish to
   install cyrus-sasl and rebuild postfix with it.  It is also very
   useful for testing if it is suspected that something might be wrong
   with libsaslc.  PLEASE DO NOT REMOVE IT!
2011-02-15 16:19:33 +00:00
christos
8ee9afa985 fix typos. 2011-02-13 05:45:47 +00:00
christos
ed60d7cf1f change the variable to USE_LIB_SASL that can be set to saslc or cyrus 2011-02-13 05:12:55 +00:00
christos
e0ddd90246 don't hard-code /usr/pkg 2011-02-13 01:53:50 +00:00
christos
326b019630 change the saslc define to USE_ and test against "no" instead of just defined. 2011-02-13 01:50:03 +00:00
christos
44dcb1b9f4 better dependency support for saslc. 2011-02-13 00:41:20 +00:00
christos
18b1a8268b Add SASL client support using the libsaslc(3) library.
From Anon Ymous
2011-02-12 19:07:08 +00:00
tron
b7f896571b Resolve conflicts from last import. 2010-11-27 10:41:16 +00:00
tron
d1d83b6f73 Import Postfix 2.7.2. Changes since Postfix 2.7.1:
- Postfix no longer automatically appends the system default CA
  (certificate authority) certificates, when it reads the CA
  certificates specified with {smtp, lmtp, smtpd}_tls_CAfile or
  with {smtp, lmtp, smtpd}_tls_CApath.  This prevents third-party
  certificates from getting mail relay permission with the
  permit_tls_all_clientcerts feature.  Unfortunately, this change
  may cause compatibility problems with configurations that rely
  on certificate verification for other purposes.  To get the old
  behavior, specify "tls_append_default_CA = yes".
- A prior fix for compatibility with Postfix < 2.3 was incomplete.
  When pipe-to-command delivery fails with a signal, mail is now
  correctly deferred, instead of being returned to sender.
- Poor smtpd_proxy_filter TCP performance over loopback (127.0.0.1)
  connections was fixed by adapting the output buffer size to the
  MTU.
- The SMTP server no longer applies the reject_rhsbl_helo feature
  to non-domain forms such as network addresses.  This would cause
  false positives with dbl.spamhaus.org.
- The Postfix SMTP server failed to deliver a "421" response and
  hang up the connection after Milter error.  Instead, the server
  delivered a "503 Access denied" response and left the connection
  open, due to some Postfix 1.1 workaround for RFC 2821.
- The milter_header_checks parser failed to enable any of the actions
  that have no effect on message delivery (warn, replace, prepend,
  ignore, dunno, and ok).
2010-11-27 10:34:30 +00:00
mrg
363e39cc2c don't list tlsmgr twice; espcially one of them being outside of
the ${MKCRYPTO} != no check.
2010-07-11 05:37:32 +00:00
tron
e64aeb6ffd Adapt makefiles for Postfix 2.7.1 (at least first past). 2010-06-17 18:35:45 +00:00
tron
6941d836af Resolve conflicts from last import. 2010-06-17 18:18:14 +00:00
tron
28e9a2d236 Import Postfix 2.7.1. Major changes since Postfix 2.6.6:
- Improved before-queue content filter performance. With
  "smtpd_proxy_options = speed_adjust", the Postfix SMTP server
  receives the entire message before it connects to a before-queue
  content filter. Typically, this allows Postfix to handle the same
  mail load with fewer content filter processes.
- Improved address verification performance. The verify database is now
  persistent by default, and it is automatically cleaned periodically. Under
  overload conditions, the Postfix SMTP server no longer waits up to 6 seconds
  for an address probe to complete.
- Support for reputation management based on the local SMTP client IP address.
  This is typically implemented with "FILTER transportname:" actions in access
  maps or header/body checks, and mail delivery transports in master.cf with
  unique smtp_bind_address values.
2010-06-17 18:05:47 +00:00
riz
b7916d4669 Wrap a call to tls_level_lookup() in #if USE_TLS to allow
postfix to build with MKCRYPTO=no.

OK tron@
2010-06-10 17:06:01 +00:00
tron
cac5ad4489 Resolve conflicts caused by import of Postfix 2.6.6. 2010-04-17 10:29:17 +00:00
tron
daa220de10 Import Postfix 2.6.6. Changes since version 2.6.5:
- "postmulti -p command" did not skip disabled instances.
- In the multi_instance_wrapper parameter, the expansion of
  $command_directory and $daemon_directory was broken.
- The address_verify_poll_count parameter value was not made
  stress-dependent by default. This defeated the purpose of making other
  settings stress-dependent by default with Postfix 2.6.
- Milter applications would hang up after receiving an unexpected
  SMFIC_HEADER (mail header) command. This problem happened with Milters
  that (legitimately) do not send replies for SMFIC_RCPT (recipient
  address) or SMFIC_DATA (start of message) commands.
- Core dump while an printing error message for a malformed %<letter>
  sequence in LDAP, MySQL or PostgreSQL lookup table configuration.
- Mail with zero recipients was forever stuck in the queue. This happened
  when "postsuper -r" was run after all the recipients of a message were
  delivered (or bounced), but before the message was deleted from the queue.
- With hostnames such as 1-2-3-4, the valid_hostname() fuction did not
  recognize the '-' as a non-numeric character, causing a legitimate name
  to be rejected as "invalid".
- The VRFY command did not accept a mailbox address inside <>.
2010-04-17 10:23:40 +00:00
jnemeth
c686421e4b PR/42874 - Henning Petersen -- misplaced } 2010-02-23 16:41:01 +00:00
njoly
82d9c2fa0b Add nint_table.h and nint_vars.h to generated list files. 2010-02-19 13:55:46 +00:00
tron
165eb454ca Resolve conflicts from last import. 2009-08-31 17:57:09 +00:00
tron
05fa9772ea Import Postfix 2.6.5. Changes since Postfix 2.6.2:
- The Postfix Milter client got out of step with a Milter application
  after the application sent a "quarantine" request at end-of-message
  time. The Milter application would still be in the end-of-message
  state, while Postfix would already be working on the next SMTP
  event, typically, QUIT or MAIL FROM. In the latter case, Milter
  responses for the previously-received email message would be applied
  towards the next MAIL FROM transaction. This problem was diagnosed
  with help from Alban Deniz.
- The Postfix SMTP server would abort with an "unexpected lookup table"
  error when an SMTPD policy server was mis-configured in a particular way.
2009-08-31 17:53:31 +00:00
christos
badcaee3ff constify ciphers per new openssl 2009-07-20 17:17:56 +00:00
tron
3136f6eb81 Don't install "post-install" and "postfix-files" to the example directory
any more just to remove them later. Problem noted by Thomas Klausner
on "current-users" mailing list.
2009-06-27 21:12:12 +00:00
tron
4e1f96faf8 Mirror the file system structure of the installed files in the structure
of the Makefiles as suggested by Christos Zoulas.
2009-06-25 18:21:50 +00:00
tron
7d5e451c60 Switch to building Postfix 2.6.2 via "external/ibm-public/postfix". 2009-06-23 17:58:22 +00:00
tron
93e822e975 Install all helper scripts to "/usr/libexec/postfix" which is were Postfix
expects them now. Remove all comments indicating that they should be
in that directory.
2009-06-23 17:55:06 +00:00
tron
1faf39be0f Add makefile framework to build Postfix 2.6.2. Don't turn it on yet as
the Postfix 2.6.2 binary doesn't work yet because it cannot
find "/usr/libexec/postfix/postfix-script".
2009-06-23 15:02:51 +00:00
tron
b492933390 (Re-)apply NetBSD specific patches. 2009-06-23 11:41:05 +00:00
tron
41fbaed053 Import Postfix 2.6.2. 2009-06-23 10:08:14 +00:00