- The Postfix SMTP daemon sent "bare" newline characters instead of
<CR><LF> when a header_checks REJECT pattern matched multi-line
header. This bug was introduced with Postfix 1.1.
- The Postfix SMTP daemon sent "bare" newline characters instead of
<CR><LF> when an smtpd_proxy_filter returned a multi-line
response. This bug was introduced with Postfix 2.1.
- For compatibility with future EAI (email address
internationalization) implementations, the Postfix MIME processor no
longer enforces the strict_mime_encoding_domain check on unknown
message subtypes such as message/global*. This check is disabled by
default.
- The Postfix master daemon could report a panic error ("master_spawn:
at process limit") after the process limit for some service was
reduced with "postfix reload". This bug existed in all Postfix
versions.
- The Postfix Milter client logged a "milter miltername: malformed reply"
error when a Milter sent an SMTP response without enhanced status code
(i.e. "XXX Text" instead of "XXX X.X.X Text").
- The Postfix Milter client sent a random {client_connections} macro value
when the remote SMTP client was not subject to any smtpd_client_* limit.
As a workaround, it now sends a zero value instead.
- Performance: a high load of DSN success notification requests could
slow down the queue manager. Solution: make the trace client
asynchronous, just like the bounce and defer clients.
- The local(8) delivery agent ignored table lookup errors in
mailbox_command_maps, mailbox_transport_maps, fallback_transport_maps
and (while bouncing mail to alias) alias owner lookup.
- Workaround: dbl.spamhaus.org rejects lookups with "No IP queries" even
if the name has an alphanumerical prefix. We play safe, and skip both
RHSBL and RHSWL queries for names ending in a numerical suffix.
- The "sendmail -t" command reported "protocol error" instead of "file
too large", "no space left on device" etc.
- The Postfix Milter client reported a temporary error instead of
"file too large" in three cases.
Push -Wno-array-bounds down to the cases that depend on it.
Selectively disable warnings for 3rd party software or non-trivial
issues to be reviewed later to get clang -Werror to build most of the
tree.
Postfix releases 2.8.3, 2.7.4, 2.6.10 and 2.5.13 are available. These contain
a fix for CVE-2011-1720 which affects Postfix SMTP server configurations that
use Cyrus SASL authentication. Besides full releases, patches are available
for Postfix 1.1 and later.
This defect was introduced with the Postfix SASL patch, and is present in all
Postfix versions where the command "postconf mail_release_date" reports a
value of 20000314 (March 14, 2000) or greater.
Note: CVE-2011-1720 does not affect Postfix SMTP servers that use Dovecot
SASL authentication. It also does not affect the common Postfix SMTP server
configurations that use only Cyrus SASL mechanisms PLAIN and LOGIN.
More details will be available at http://www.postfix.org/CVE-2011-1720.html.
- Bugfix: postscreen DNSBL scoring error. When a client disconnected
and then reconnected before all DNSBL results for the earlier
session arrived, DNSBL results for the earlier session would be
added to the score for the later session. This is very unlikely
to have affected any legitimate mail.
- Workaround: the SMTP client did not support mail to [ipv6:ipv6addr].
Postfix stable release 2.8.0 is available. This release continues the
move towards improving code and documentation, and making the system
better prepared for changes in the threat environment.
The postscreen daemon (a zombie blocker in front of Postfix) is now
included with the stable release. postscreen now supports TLS and can
log the rejected sender, recipient and helo information. See the
POSTSCREEN_README file for recommended usage scenarios.
Support for DNS whitelisting (permit_rhswl_client), and for pattern
matching to filter the responses from DNS white/blacklist servers
(e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]).
Improved message tracking across SMTP-based content filters; the
after-filter SMTP server can log the before-filter queue ID (the
XCLIENT protocol was extended).
Read-only support for sqlite databases. See sqlite_table(5) and
SQLITE_README.
Support for 'footers' that are appended to SMTP server "reject"
responses. See "smtpd_reject_footer" in the postconf(5) manpage.
1) libsaslc is an SASL client only.
2) dovecot is an SASL server only.
3) cyrus-sasl is both a client and a server.
4) postfix allows us to have multiple SASL servers and clients.
5) The SASL server to use at runtime is determined by the setting of
"smtpd_sasl_type" in main.cf (note that is smtpd_ not smtp_). If
that is not set, then it defaults to the value of
DEF_SERVER_SASL_TYPE at build time, which if not set, defaults to
"cyrus". See postfix/dist/src/global/mail_params.h.
6) The SASL client to use at runtime is determined by the setting of
"smtp_sasl_type" in main.cf. If that is not set, then it defaults
to the value of DEF_CLIENT_SASL_TYPE at build time, which if not
set, defaults to "cyrus". See postfix/dist/src/global/mail_params.h.
7) If MKCRYPTO is "no", libsaslc will not link as it requires the
crypto libraries, so libsaslc cannot be enabled (as it was before)
without crypto.
8) I have made the definition of DEF_CLIENT_SASL_TYPE conditional on
MKCRYPTO due to (7). Without crypto it will default to cyrus.
9) HAVE_CYRUS_SASL is _never_ defined during a normal build and _never_
should be! It is there for the convenience of users who wish to
install cyrus-sasl and rebuild postfix with it. It is also very
useful for testing if it is suspected that something might be wrong
with libsaslc. PLEASE DO NOT REMOVE IT!
- Postfix no longer automatically appends the system default CA
(certificate authority) certificates, when it reads the CA
certificates specified with {smtp, lmtp, smtpd}_tls_CAfile or
with {smtp, lmtp, smtpd}_tls_CApath. This prevents third-party
certificates from getting mail relay permission with the
permit_tls_all_clientcerts feature. Unfortunately, this change
may cause compatibility problems with configurations that rely
on certificate verification for other purposes. To get the old
behavior, specify "tls_append_default_CA = yes".
- A prior fix for compatibility with Postfix < 2.3 was incomplete.
When pipe-to-command delivery fails with a signal, mail is now
correctly deferred, instead of being returned to sender.
- Poor smtpd_proxy_filter TCP performance over loopback (127.0.0.1)
connections was fixed by adapting the output buffer size to the
MTU.
- The SMTP server no longer applies the reject_rhsbl_helo feature
to non-domain forms such as network addresses. This would cause
false positives with dbl.spamhaus.org.
- The Postfix SMTP server failed to deliver a "421" response and
hang up the connection after Milter error. Instead, the server
delivered a "503 Access denied" response and left the connection
open, due to some Postfix 1.1 workaround for RFC 2821.
- The milter_header_checks parser failed to enable any of the actions
that have no effect on message delivery (warn, replace, prepend,
ignore, dunno, and ok).
- Improved before-queue content filter performance. With
"smtpd_proxy_options = speed_adjust", the Postfix SMTP server
receives the entire message before it connects to a before-queue
content filter. Typically, this allows Postfix to handle the same
mail load with fewer content filter processes.
- Improved address verification performance. The verify database is now
persistent by default, and it is automatically cleaned periodically. Under
overload conditions, the Postfix SMTP server no longer waits up to 6 seconds
for an address probe to complete.
- Support for reputation management based on the local SMTP client IP address.
This is typically implemented with "FILTER transportname:" actions in access
maps or header/body checks, and mail delivery transports in master.cf with
unique smtp_bind_address values.
- "postmulti -p command" did not skip disabled instances.
- In the multi_instance_wrapper parameter, the expansion of
$command_directory and $daemon_directory was broken.
- The address_verify_poll_count parameter value was not made
stress-dependent by default. This defeated the purpose of making other
settings stress-dependent by default with Postfix 2.6.
- Milter applications would hang up after receiving an unexpected
SMFIC_HEADER (mail header) command. This problem happened with Milters
that (legitimately) do not send replies for SMFIC_RCPT (recipient
address) or SMFIC_DATA (start of message) commands.
- Core dump while an printing error message for a malformed %<letter>
sequence in LDAP, MySQL or PostgreSQL lookup table configuration.
- Mail with zero recipients was forever stuck in the queue. This happened
when "postsuper -r" was run after all the recipients of a message were
delivered (or bounced), but before the message was deleted from the queue.
- With hostnames such as 1-2-3-4, the valid_hostname() fuction did not
recognize the '-' as a non-numeric character, causing a legitimate name
to be rejected as "invalid".
- The VRFY command did not accept a mailbox address inside <>.
- The Postfix Milter client got out of step with a Milter application
after the application sent a "quarantine" request at end-of-message
time. The Milter application would still be in the end-of-message
state, while Postfix would already be working on the next SMTP
event, typically, QUIT or MAIL FROM. In the latter case, Milter
responses for the previously-received email message would be applied
towards the next MAIL FROM transaction. This problem was diagnosed
with help from Alban Deniz.
- The Postfix SMTP server would abort with an "unexpected lookup table"
error when an SMTPD policy server was mis-configured in a particular way.