1f8ae20c33
2.4.2 through 2.4.5 include various build, milter, and other fixes.
213 lines
9.0 KiB
Plaintext
213 lines
9.0 KiB
Plaintext
The stable Postfix release is called postfix-2.4.x where 2=major
|
|
release number, 4=minor release number, x=patchlevel. The stable
|
|
release never changes except for patches that address bugs or
|
|
emergencies. Patches change the patchlevel and the release date.
|
|
|
|
New features are developed in snapshot releases. These are called
|
|
postfix-2.5-yyyymmdd where yyyymmdd is the release date (yyyy=year,
|
|
mm=month, dd=day). Patches are never issued for snapshot releases;
|
|
instead, a new snapshot is released.
|
|
|
|
The mail_release_date configuration parameter (format: yyyymmdd)
|
|
specifies the release date of a stable release or snapshot release.
|
|
|
|
Incompatibility with Postfix 2.4.4
|
|
==================================
|
|
|
|
By default, the Postfix Cyrus SASL client no longer sends a SASL
|
|
authoriZation ID (authzid); it sends only the SASL authentiCation
|
|
ID (authcid) plus the authcid's password. Specify "send_cyrus_sasl_authzid
|
|
= yes" to get the old behavior, which is to send the (authzid,
|
|
authcid, password), with the authzid equal to the authcid. This
|
|
workaround for non-Cyrus SASL servers is back-ported from Postfix
|
|
2.5.
|
|
|
|
Release notes for Postfix 2.4.0
|
|
===============================
|
|
|
|
Major changes - critical
|
|
------------------------
|
|
|
|
See RELEASE_NOTES-2.3 if you upgrade from Postfix 2.2 or earlier.
|
|
|
|
[Incompat 20070122] To take advantage of the new support for BSD
|
|
kqueue, Linux epoll, or Solaris /dev/poll, you must restart (not
|
|
reload) Postfix after upgrading from Postfix 2.3.
|
|
|
|
[Incompat 20061209] If you upgrade Postfix without restarting, you
|
|
MUST execute "postfix reload", otherwise the queue manager may log
|
|
a warnings with:
|
|
|
|
warning: connect to transport retry: Connection refused
|
|
|
|
[Incompat 20061209] The upgrade procedure adds a new "retry" service
|
|
to the master.cf file. If you make the mistake of copying old
|
|
Postfix configuration files over the new files, the queue manager
|
|
may log warnings with:
|
|
|
|
warning: connect to transport retry: Connection refused
|
|
|
|
To fix your master.cf file, use "postfix upgrade-configuration"
|
|
followed by "postfix reload".
|
|
|
|
Major changes - safety
|
|
----------------------
|
|
|
|
[Incompat 20070222] As a safety measure, Postfix now by default
|
|
creates mailbox dotlock files on all systems. This prevents problems
|
|
with GNU POP3D which subverts kernel locking by creating a new
|
|
mailbox file and deleting the old one.
|
|
|
|
Major changes - Milter support
|
|
------------------------------
|
|
|
|
[Feature 20070121] The support for Milter header modification
|
|
requests was revised. With minimal change in the on-disk representation,
|
|
the code was greatly simplified, and regression tests were updated
|
|
to ensure that old errors were not re-introduced. The queue file
|
|
format is entirely backwards compatible with Postfix 2.3.
|
|
|
|
[Feature 20070116] Support for Milter requests to replace the message
|
|
body. Postfix now implements all the header/body modification
|
|
requests that are available with Sendmail 8.13.
|
|
|
|
[Incompat 20070116] A new field is added to the queue file "size"
|
|
record that specifies the message content length. Postfix 2.3 and
|
|
older Postfix 2.4 snapshots will ignore this field, and will report
|
|
the message size as it was before the body was replaced.
|
|
|
|
Major changes - TLS support
|
|
---------------------------
|
|
|
|
[Incompat 20061214] The check_smtpd_policy client sends TLS certificate
|
|
attributes (client ccert_subject, ccert_issuer) only after successful
|
|
client certificate verification. The reason is that the certification
|
|
verification status itself is not available in the policy request.
|
|
|
|
[Incompat 20061214] The check_smtpd_policy client sends TLS certificate
|
|
fingerprint information even when the certificate itself was not
|
|
verified.
|
|
|
|
[Incompat 20061214] The remote SMTP client TLS certificate fingerprint
|
|
can be used for access control even when the certificate itself was
|
|
not verified.
|
|
|
|
[Incompat 20061006] The format of SMTP server TLS session cache
|
|
lookup keys has changed. The lookup key now includes the master.cf
|
|
service name.
|
|
|
|
Major changes - performance
|
|
---------------------------
|
|
|
|
[Feature 20070212] Better support for systems that run thousands
|
|
of Postfix processes. Postfix now supports FreeBSD kqueue(2),
|
|
Solaris poll(7d) and Linux epoll(4) as more scalable alternatives
|
|
to the traditional select(2) system call, and uses poll(2) when
|
|
examining a single file descriptor for readability or writability.
|
|
These features are supported on sufficiently recent versions of
|
|
FreeBSD, NetBSD, OpenBSD, Solaris and Linux; support for other
|
|
systems will be added as evidence becomes available that usable
|
|
implementations exist.
|
|
|
|
[Incompat 20070201] Some default settings have been adjusted to
|
|
better match contemporary requirements:
|
|
|
|
- queue_run_delay and minimal_backoff_time were reduced from 1000s
|
|
to 300s so that deliveries are retried earlier after the first
|
|
failure.
|
|
|
|
- ipc_idle was reduced from 100s to 5s, so that tlsmgr and scache
|
|
clients will more quickly release unused file handles.
|
|
|
|
[Feature 20061209] Improved worst-case (old and new) queue manager
|
|
performance when deferring or bouncing large amounts of mail. Instead
|
|
of talking to the bounce or defer service synchronously, this work
|
|
is now done in the background by the error or retry service.
|
|
|
|
[Feature 20061209] Improved worst-case (new) queue manager performance
|
|
when delivering multi-recipient mail. The queue manager now proactively
|
|
reads recipients from the queue file, instead of waiting for the
|
|
slowest deliveries to complete before reading in new recipients.
|
|
This introduces two parameters: default_recipient_refill_limit (how
|
|
many recipient slots to refill at a time) and
|
|
default_recipient_refill_delay (how long to wait between refill
|
|
operations). These two parameters act as defaults for optional
|
|
per-transport settings.
|
|
|
|
Major changes - delivery status notifications
|
|
---------------------------------------------
|
|
|
|
[Incompat 20061209] Small changes were made to the default bounce
|
|
message templates, to prevent HTML-aware software from hiding or
|
|
removing the text "<postmaster>", and producing misleading text.
|
|
|
|
[Incompat 20060806] Postfix no longer announces its name in delivery
|
|
status notifications. Users believe that Wietse provides a free
|
|
help desk service that solves all their email problems.
|
|
|
|
Major changes - ETRN support
|
|
----------------------------
|
|
|
|
[Feature 20061217] More precise queue flushing with the ETRN,
|
|
"postqueue -s site", and "sendmail -qRsite" commands, after
|
|
minimization of race conditions. New per-queue-file flushing with
|
|
"postqueue -i queueid" and "sendmail -qIqueueid".
|
|
|
|
Major changes - small office/home office support
|
|
------------------------------------------------
|
|
|
|
[Incompat 20061217] Postfix no longer requires a domain name. It
|
|
uses "localdomain" as the default Internet domain name when no
|
|
domain is specified via main.cf or via the machine's hostname.
|
|
|
|
Major changes - SMTP access control
|
|
-----------------------------------
|
|
|
|
[Incompat 20061214] The check_smtpd_policy client sends TLS certificate
|
|
attributes (client ccert_subject, ccert_issuer) only after successful
|
|
client certificate verification. The reason is that the certification
|
|
verification status itself is not available in the policy request.
|
|
|
|
[Incompat 20061214] The check_smtpd_policy client sends TLS certificate
|
|
fingerprint information even when the certificate itself was not
|
|
verified.
|
|
|
|
[Incompat 20061214] The remote SMTP client TLS certificate fingerprint
|
|
can be used for
|
|
access control even when the certificate itself was not verified.
|
|
|
|
[Incompat 20061209] The Postfix installation procedure no longer
|
|
updates main.cf with "unknown_local_recipient_reject_code = 450".
|
|
Four years after the introduction of mandatory recipient validation,
|
|
this transitional tool is no longer neeed.
|
|
|
|
Major changes - workarounds
|
|
---------------------------
|
|
|
|
[Incompat 20070222] As a safety measure, Postfix now by default
|
|
creates mailbox dotlock files on all systems. This prevents problems
|
|
with GNU POP3D which subverts kernel locking by creating a new
|
|
mailbox file and deleting the old one.
|
|
|
|
[Feature 20061209] Better interoperability with non-conforming SMTP
|
|
servers that reply and disconnect before Postfix has sent the
|
|
complete message content.
|
|
|
|
[Feature 20061209] Better support for queue file systems on file
|
|
servers with drifting clocks. Clock skew can be a problem, because
|
|
Postfix does not deliver mail until the local clock catches up with
|
|
the queue file's last modification time stamp. On systems with
|
|
usable futimes() or equivalent (Solaris, *BSD, MacOS, but not Linux),
|
|
Postfix now always explicitly sets the queue file last modification
|
|
time stamps while creating a queue file. On systems without usable
|
|
futimes() (Linux, and ancient versions of Solaris, SunOS and *BSD)
|
|
Postfix keeps using the slower utime() system call to update queue
|
|
file time stamps when the file system clock is off with respect to
|
|
the local system clock, and logs a warning.
|
|
|
|
[Feature 20061006] Individual CISCO PIX bug workarounds are now
|
|
on/off configurable. This introduces new parameters: smtp_pix_workarounds
|
|
(default: disable_esmtp, delay_dotcrlf) and smtp_pix_workaround_maps
|
|
(workarounds indexed by server IP address). The default settings
|
|
are backwards compatible.
|