938 lines
42 KiB
Plaintext
938 lines
42 KiB
Plaintext
==============================================================
|
|
NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE
|
|
==============================================================
|
|
Before upgrading from Postfix 1.1 you must stop Postfix ("postfix
|
|
stop"). Some internal protocols have changed. No mail will be
|
|
lost if you fail to stop and restart Postfix, but Postfix won't be
|
|
able to receive any new mail, either.
|
|
==============================================================
|
|
NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE
|
|
==============================================================
|
|
|
|
In the text below, changes are labeled with the Postfix snapshot
|
|
that introduced the change, and whether the change introduced a
|
|
feature, an incompatibility, or whether the feature is obsolete.
|
|
If you upgrade from a later Postfix version, then you do not have
|
|
to worry about incompatibilities introduced in earlier versions.
|
|
|
|
Official Postfix releases are called a.b.c where a=major release
|
|
number, b=minor release number, c=patchlevel. Snapshot releases
|
|
are now called a.b.c-yyyymmdd where yyyymmdd is the release date
|
|
(yyyy=year, mm=month, dd=day). The mail_release_date configuration
|
|
parameter contains the release date (both for official release and
|
|
snapshot release). Patches change the patchlevel and the release
|
|
date. Snapshots change only the release date, unless they include
|
|
the same bugfixes as a patch release.
|
|
|
|
Incompatible changes with Postfix version 2.0.8 (released 20030415)
|
|
===================================================================
|
|
|
|
Too many people mess up their net/mask patterns, causing open
|
|
mail relay problems. Postfix processes now abort when given a
|
|
net/mask pattern with a non-zero host portion (for example,
|
|
168.100.189.2/28), and suggest to specify the proper net/mask
|
|
pattern instead (for example, 168.100.189.0/28).
|
|
|
|
Major changes with Postfix version 2.0.8 (released 20030415)
|
|
============================================================
|
|
|
|
Workaround for file system clock drift that caused Postfix to ignore
|
|
new mail (this could happen with file systems mounted from a server).
|
|
Postfix now logs a warning and proceeds with only slightly reduced
|
|
performance, instead of ignoring new mail.
|
|
|
|
Incompatible changes with Postfix version 2.0.6 (released 20030305)
|
|
===================================================================
|
|
|
|
Postfix truncates non-address information in message address headers
|
|
(comments, etc.) to 250 characters per address, in order to protect
|
|
vulnerable Sendmail systems against exploitation of a remote buffer
|
|
overflow problem (CERT advisory CA-2003-07).
|
|
|
|
Incompatible changes with Postfix version 2.0.5 (released 20030301)
|
|
===================================================================
|
|
|
|
The smtpd_hard_error_limit and smtpd_soft_error_limit values now
|
|
behave as documented, that is, smtpd_hard_error_limit=1 causes
|
|
Postfix to disconnect upon the first client error. Previously,
|
|
there was an off-by-one error causing Postfix to change behavior
|
|
after smtpd_hard/soft_error_limit+1 errors.
|
|
|
|
Incompatible changes with Postfix version 2.0.4 (released 20030219)
|
|
===================================================================
|
|
|
|
The maildir file naming algorithm has changed in accordance with
|
|
an updated version of http://cr.yp.to/proto/maildir.html. The name
|
|
is now TIME.VdevIinum.HOST
|
|
|
|
Incompatible changes with Postfix version 2.0.3 (released 20030124)
|
|
===================================================================
|
|
|
|
The maildir file naming algorithm has changed. Pending a usable
|
|
version of http://cr.yp.to/proto/maildir.html, the name is now
|
|
TIME.DEV_INUM.HOST.
|
|
|
|
Incompatible changes with Postfix version 2.0.1 (released 20030112)
|
|
===================================================================
|
|
|
|
If you upgrade from Postfix 1.1 you need to restart Postfix.
|
|
|
|
If you upgrade from Postfix 2.0 you need to "reload" Postfix.
|
|
|
|
Version 2.0.1 introduces the proxymap service for centralized table
|
|
lookup. The upgrade procedure adds the proxymap service to the
|
|
master.cf file. If you see errors about problems contacting the
|
|
proxymap service, then you did not properly upgrade Postfix.
|
|
|
|
The Postfix SMTP server now by default looks up the UNIX passwd
|
|
file via the new proxymap service, in order to make chrooted
|
|
operation easier.
|
|
|
|
The Postfix build procedure now uses the pcre-config utility (part
|
|
of PCRE version 3) to find out the pathnames of the PCRE include
|
|
file and object library, instead of probing /usr/include and/or
|
|
/usr/lib. To build with PCRE version 2 support you will have to
|
|
specify pathnames as described in PCRE_README. To build without
|
|
PCRE support, specify: make Makefiles CCARGS="-DNO_PRCE".
|
|
|
|
Major changes with Postfix version 2.0.1 (released 20030112)
|
|
============================================================
|
|
|
|
This release introduces the proxymap service for Postfix lookup
|
|
table access. This can be used to overcome chroot restrictions in
|
|
the Postfix SMTP server (specify proxy:unix:passwd.byname for
|
|
password file lookup through the proxymap server) and can be used
|
|
to consolidate the number of open tables by sharing one open table
|
|
among multiple processes (specify proxy:mysql:/file/name to avoid
|
|
"too many connections" conditions). The proxy_read_maps parameter
|
|
specifies what maps are approved for access via the proxy service
|
|
(only map references starting with "proxy:" are considered approved).
|
|
|
|
Major changes with Postfix version 2.0.0 (released 20021222, 20021223)
|
|
======================================================================
|
|
|
|
First comes the bad news - things that may break when you upgrade
|
|
from Postfix 1.1. Then comes the good news - things that evolved
|
|
in snapshots over the past year.
|
|
|
|
For the release notes of Postfix 1.1 and earlier, see the
|
|
RELEASE_NOTES-1.1 file.
|
|
|
|
Unknown Recipients are now rejected by default
|
|
==============================================
|
|
|
|
[Incompatibility 20021209] The Postfix SMTP server now rejects mail
|
|
for $mydestination domain recipients that it does not know about.
|
|
This keeps undeliverable mail out of your queue.
|
|
|
|
[Incompatibility 20021209] To avoid losing mail when upgrading from
|
|
Postfix 1.1, you need to review the LOCAL_RECIPIENT_README file if
|
|
one of the following is true:
|
|
|
|
- You define $mydestination domain recipients in files other than
|
|
/etc/passwd or /etc/aliases. For example, you define $mydestination
|
|
domain recipients in the $virtual_mailbox_maps files.
|
|
- You run the Postfix SMTP server chrooted (see master.cf).
|
|
- You redefined the local delivery agent in master.cf.
|
|
- You redefined the "local_transport" setting in main.cf.
|
|
- You use the mailbox_transport feature of the Postfix local delivery agent.
|
|
- You use the fallback_transport feature of the Postfix local delivery agent.
|
|
- You use the luser_relay feature of the Postfix local delivery agent.
|
|
|
|
Name change of virtual domain tables
|
|
====================================
|
|
|
|
This release introduces separation of lookup tables for addresses
|
|
and for domain names of virtual domains.
|
|
|
|
[Incompat 20021209] the virtual_maps parameter is replaced by
|
|
virtual_alias_maps (for address lookups) and virtual_alias_domains
|
|
(for the names of what were formerly called "Postfix-style virtual
|
|
domains").
|
|
|
|
For backwards compatibility with Postfix version 1.1, the new
|
|
virtual_alias_maps parameter defaults to $virtual_maps, and the
|
|
new virtual_alias_domains parameter defaults to $virtual_alias_maps.
|
|
This means that you can still keep all information about a domain
|
|
in one file, just like before.
|
|
|
|
For details, see the virtual(5) and sample-virtual.cf files.
|
|
|
|
[Incompat 20021209] the virtual_mailbox_maps parameter now has a
|
|
companion parameter called virtual_mailbox_domains (for the names
|
|
of domains served by the virtual delivery agent). virtual_mailbox_maps
|
|
is now used for address lookups only.
|
|
|
|
For backwards compatibility with Postfix version 1.1,, the new
|
|
virtual_mailbox_domains parameter defaults to $virtual_mailbox_maps.
|
|
This means that you can still keep all information about a domain
|
|
in one file, just like before.
|
|
|
|
For details, see the VIRTUAL_README file.
|
|
|
|
[Incompat 20021209] If you use the "advanced content filter"
|
|
technique, you MUST NOT override the virtual aliases and virtual
|
|
mailbox settings in the SMTP server that receives mail from the
|
|
content filter, or else mail for virtual recipients will be rejected
|
|
with "User unknown".
|
|
|
|
For details, see the FILTER_README file.
|
|
|
|
Incompatible queue file format changes
|
|
======================================
|
|
|
|
[Incompat 20020527] Queue files created with the header/body_checks
|
|
"FILTER" feature are not compatible with "postqueue -r" (move queue
|
|
files back to the maildrop directory) of previous Postfix releases.
|
|
|
|
[Incompat 20020512] Postfix queue files contain records that are
|
|
incompatible with "postqueue -r" on all Postfix versions prior to
|
|
1.1 and release candidates. This happens whenever the sender
|
|
specifies MIME body type information via the SMTP `MAIL FROM'
|
|
command, via the `sendmail -B' command line option, or via the
|
|
Content-Transfer-Encoding: message header.
|
|
|
|
[Incompat 20020512] Postfix queue files may contain records that
|
|
are incompatible with "postqueue -r" on previous 1.1 Postfix versions
|
|
and release candidates. This happens whenever the sender specifies
|
|
the MIME body type only via the Content-Transfer-Encoding: message
|
|
header, and not via `MAIL FROM' or `sendmail -B'.
|
|
|
|
Features that are going away
|
|
============================
|
|
|
|
[Obsolete 20021209] Sendmail-style virtual domains are no longer
|
|
documented. This part of Postfix was too confusing.
|
|
|
|
[Obsolete 20021209] The "reject_maps_rbl" restriction is going
|
|
away. The SMTP server now logs a warning and suggests using the
|
|
more flexible "reject_rbl_client" feature instead.
|
|
|
|
[Obsolete 20021209] The "check_relay_domains" restriction is going
|
|
away. The SMTP server logs a warning and suggests using the more
|
|
robust "reject_unauth_destination" instead. This means that Postfix
|
|
by default no longer grants relay permissions on the basis of the
|
|
client hostname, and that relay clients must be authorized via
|
|
other means such as permit_mynetworks.
|
|
|
|
[Obsolete 20020917] In regexp lookup tables, the form /pattern1/!/pattern2/
|
|
is going away. Use the cleaner and more flexible "if !/pattern2/..endif"
|
|
form. The old form still exists but is no longer documented, and
|
|
causes a warning (suggesting to use the new format) to be logged.
|
|
For details, see "man regexp_table".
|
|
|
|
[Obsolete 20020819] The qmgr_site_hog_factor feature is gone (this
|
|
would defer mail delivery for sites that occupy too much space in
|
|
the active queue, and be a real performance drain due to excessive
|
|
disk I/O). The new qmgr_clog_warn_time feature (see below) provides
|
|
more useful suggestions for dealing with Postfix congestion.
|
|
|
|
[Obsolete 20020819] The "permit_naked_ip_address" restriction on
|
|
HELO command syntax is unsafe when used with most smtpd_XXX_restrictions
|
|
and will go away. Postfix logs a warning, suggesting to use
|
|
"permit_mynetworks" instead.
|
|
|
|
MIME support
|
|
============
|
|
|
|
[Feature 20020527] Postfix now has real MIME support. This improves
|
|
content filtering efficiency and accuracy, and improves inter-operability
|
|
with mail systems that cannot receive 8-bit mail. See conf/sample-mime.cf
|
|
for details.
|
|
|
|
[Feature 20020527] Postfix header_checks now properly recognize
|
|
MIME headers in attachments. This is much more efficient than
|
|
previous versions that recognized MIME headers via body_checks.
|
|
MIME headers are now processed one multi-line header at a time,
|
|
instead of one body line at a time. To get the old behavior,
|
|
specify "disable_mime_input_processing = yes". More details in
|
|
conf/sample-filter.cf.
|
|
|
|
[Feature 20020527] Postfix now has three classes of header patterns:
|
|
header_checks (for primary message headers except MIME headers),
|
|
mime_header_checks (for MIME headers), and nested_header_checks
|
|
(for headers of attached email messages except MIME headers). By
|
|
default, all headers are matched with header_checks.
|
|
|
|
[Feature 20020527] The Postfix SMTP client will now convert 8BITMIME
|
|
mail to 7BIT when delivering to an SMTP server that does not announce
|
|
8BITMIME support. To disable, specify "disable_mime_output_conversion
|
|
= yes". However, this conversion is required by RFC standards.
|
|
|
|
[Feature 20020528] Postfix can enforce specific aspects of the MIME
|
|
standards while receiving mail.
|
|
|
|
* Specify "strict_7bit_headers = yes" to disallow 8-bit characters
|
|
in message headers. These are always illegal.
|
|
|
|
* Specify "strict_8bitmime_body = yes" to block mail with 8-bit
|
|
content that is not properly labeled as 8-bit MIME. This blocks
|
|
mail from poorly written mail software, including (bounces from
|
|
qmail, bounces from Postfix before snapshot 20020514, and Majordomo
|
|
approval requests) that contain valid 8BITMIME mail.
|
|
|
|
* Specify "strict_8bitmime = yes" to turn on both strict_7bit_headers
|
|
and strict_8bitmime_body.
|
|
|
|
* Specify "strict_mime_encoding_domain = yes" to block mail from
|
|
poorly written mail software. More details in conf/sample-mime.cf.
|
|
|
|
[Incompat 20020527] Postfix now rejects mail if the MIME multipart
|
|
structure is nested more than mime_nesting_limit levels (default:
|
|
100) when MIME input processing is enabled while receiving mail, or
|
|
when Postfix is performing 8BITMIME to 7BIT conversion while
|
|
delivering mail.
|
|
|
|
[Incompat 20020527] Postfix now recognizes "name :" as a valid
|
|
message header, but normalizes it to "name:" for consistency
|
|
(actually, there is so much code in Postfix that would break with
|
|
"name :" that there is little choice, except to not recognize "name
|
|
:" headers).
|
|
|
|
[Incompat 20020512] Postfix queue files contain records that are
|
|
incompatible with "postqueue -r" on all Postfix versions prior to
|
|
1.1 and release candidates. This happens whenever the sender
|
|
specifies MIME body type information via the SMTP `MAIL FROM'
|
|
command, via the `sendmail -B' command line option, or via the
|
|
Content-Transfer-Encoding: message header.
|
|
|
|
[Incompat 20020512] Postfix queue files may contain records that
|
|
are incompatible with "postqueue -r" on previous 1.1 Postfix versions
|
|
and release candidates. This happens whenever the sender specifies
|
|
the MIME body type only via the Content-Transfer-Encoding: message
|
|
header, and not via `MAIL FROM' or `sendmail -B'.
|
|
|
|
[Feature 20020512] The Postfix SMTP and LMTP clients now properly
|
|
pass on the MIME body type information (7BIT or 8BITMIME), provided
|
|
that the sender properly specifies MIME body type information via
|
|
the SMTP MAIL FROM command, via the sendmail -B command line option,
|
|
or via MIME message headers. This includes mail that is returned
|
|
as undeliverable.
|
|
|
|
Improved performance
|
|
====================
|
|
|
|
[Incompat 20021209] The default queue directory hash_queue_depth
|
|
setting is reduced to 1 level of subdirectories per Postfix queue.
|
|
This improves "mailq" performance on most systems, but can result
|
|
in poorer worst-case performance on systems with lots of mail in
|
|
the queue.
|
|
|
|
[Incompat 20021209] The Postfix SMTP client no longer expands CNAMEs
|
|
in MAIL FROM or RCPT TO addresses (as permitted by RFC 2821). This
|
|
eliminates one DNS lookup per sender and recipient, and can make
|
|
a dramatic difference when sending mailing list mail via a relayhost.
|
|
|
|
[Incompat 20021209] The Postfix installation procedure no longer
|
|
sets the "chattr +S" bit on Linux queue directories. Wietse has
|
|
gotten too annoyed with naive reviewers who complain about performance
|
|
without having a clue of what they are comparing.
|
|
|
|
[Feature 20021209] On mail gateway systems, separation of inbound
|
|
mail relay traffic from outbound traffic. This eliminates a problem
|
|
where inbound mail deliveries could become resource starved in the
|
|
presence of a high volume of outbound mail.
|
|
|
|
[Feature 20021013] The body_checks_size_limit parameter limits the
|
|
amount of text per message body segment (or attachment, if you
|
|
prefer to use that term) that is subjected to body_checks inspection.
|
|
The default limit is 50 kbytes. This speeds up the processing of
|
|
mail with large attachments.
|
|
|
|
[Feature 20020917] Speedups of regexp table lookups by optimizing
|
|
for the $number substitutions that are actually present in the
|
|
right-hand side. Based on a suggestion by Liviu Daia.
|
|
|
|
[Feature 20020917] Speedups of regexp and pcre tables, using
|
|
IF..ENDIF support. Based on an idea by Bert Driehuis. To protect
|
|
a block of patterns, use:
|
|
|
|
if /pattern1/
|
|
/pattern2/ result2
|
|
/pattern3/ result3
|
|
endif
|
|
|
|
IF..ENDIF can nest. Don't specify blanks at the beginning of lines
|
|
inside IF..ENDIF, because lines beginning with whitespace are
|
|
appended to the previous line. More details about the syntax are
|
|
given in the pcre_table(5) and regexp_table(5) manual pages.
|
|
|
|
[Feature 20020717] The default timeout for establishing an SMTP
|
|
connection has been reduced to 30 seconds, because many system
|
|
TCP/IP stacks have an atrociously large default timeout value.
|
|
|
|
[Feature 20020505] Finer control over Berkeley DB memory usage,
|
|
The parameter "berkeley_db_create_buffer_size" (default: 16 MBytes)
|
|
specifies the buffer size for the postmap and postalias commands.
|
|
The parameter "berkeley_db_read_buffer_size" (default: 128 kBytes)
|
|
specifies the buffer size for all other applications. Specify
|
|
"berkeley_db_read_buffer_size = 1048576" to get the old read buffer
|
|
size. Contributed by Victor Duchovni. For more information, see
|
|
the last paragraphs of the DB_README file.
|
|
|
|
[Incompat 20021211] The default process limit is doubled from 50
|
|
to 100. The default limits on the number of active queue files or
|
|
recipients are doubled from 10000 to 20000. The default concurrency
|
|
for parallel delivery to the same destination is doubled from 10
|
|
to 20.
|
|
|
|
Improved compatibility
|
|
======================
|
|
|
|
[Feature 20020527] The Postfix SMTP client will now convert 8BITMIME
|
|
mail to 7BIT when delivering to an SMTP server that does not announce
|
|
8BITMIME support. To disable, specify "disable_mime_output_conversion
|
|
= yes". However, this conversion is required by RFC standards.
|
|
|
|
[Feature 20020512] The Postfix SMTP and LMTP clients now properly
|
|
pass on the MIME body type information (7BIT or 8BITMIME), provided
|
|
that the sender properly specifies MIME body type information via
|
|
the SMTP MAIL FROM command, via the sendmail -B command line option,
|
|
or via MIME message headers. This includes mail that is returned
|
|
as undeliverable.
|
|
|
|
[Incompat 20020326] The Postfix SMTP client now breaks message
|
|
header or body lines that are longer than $smtp_line_length_limit
|
|
characters (default: 990). Earlier Postfix versions broke lines
|
|
at $line_length_limit characters (default: 2048). Postfix versions
|
|
before 20010611 did not break long lines at all. Reportedly, some
|
|
mail servers refuse to receive mail with lines that exceed the 1000
|
|
character limit that is specified by the SMTP standard.
|
|
|
|
[Incompat 20020326] The Postfix SMTP client now breaks long message
|
|
header or body lines by inserting <CR> <LF> <SPACE>. Earlier
|
|
Postfix versions broke long lines by inserting <CR> <LF> only. This
|
|
broke MIME encapsulation, causing MIME attachments to "disappear"
|
|
with Postfix versions after 20010611.
|
|
|
|
[Incompat 20020326] Postfix now discards text when a logical message
|
|
header exceeds $header_size_limit characters (default: 102400).
|
|
Earlier Postfix versions would place excess text, and all following
|
|
text, in the message body. The same thing was done when a physical
|
|
header line exceeded $line_length_limit characters (default: 2048).
|
|
Both behaviors broke MIME encapsulation, causing MIME attachments
|
|
to "disappear" with all previous Postfix versions.
|
|
|
|
[Incompat 20021015] The Postfix LMTP client no longer lowercases email
|
|
addresses in MAIL FROM and RCPT TO commands.
|
|
|
|
[Incompat 20021013] The default Linux kernel lock style for mailbox
|
|
delivery is changed from flock() to fcntl(). This has no impact if
|
|
your system uses procmail for local delivery, if you use maildir-style
|
|
mailboxes, or when mailbox access software locks mailboxes with
|
|
username.lock files (which is usually the case with non-maildir
|
|
mailboxes).
|
|
|
|
Address classes
|
|
===============
|
|
|
|
[Feature 20021209] This release introduces the concept of address
|
|
domain classes, each having its own default mail delivery transport:
|
|
|
|
Destination matches Default transport Default name
|
|
==============================================================
|
|
$mydestination or
|
|
$inet_interfaces $local_transport local
|
|
$virtual_alias_domains (not applicable) (not applicable)
|
|
$virtual_mailbox_domains $virtual_transport virtual
|
|
$relay_domains $relay_transport relay
|
|
other $default_transport smtp
|
|
|
|
The benefits of these changes are:
|
|
|
|
- You no longer need to specify all the virtual(8) domains in the
|
|
Postfix transport map. The virtual(8) delivery agent has
|
|
become a first-class citizen just like local(8) or smtp(8).
|
|
|
|
- On mail gateway systems, separation of inbound mail relay traffic
|
|
from outbound traffic. This eliminates a problem where inbound
|
|
mail deliveries could become resource starved in the presence of
|
|
a high volume of outbound mail.
|
|
|
|
- The SMTP server rejects unknown recipients in a more consistent
|
|
manner than was possible with previous Postfix versions.
|
|
|
|
See the ADDRESS_CLASS_README file for a description of address
|
|
classes, their benefits, and their incompatibilities.
|
|
|
|
New relay transport in master.cf
|
|
================================
|
|
|
|
[Incompat 20021209] Postfix no longer defaults to the "smtp"
|
|
transport for all non-local destinations. In particular, Postfix
|
|
now uses the "relay" mail delivery transport for delivery to domains
|
|
matching $relay_domains. This may affect your defer_transports
|
|
settings.
|
|
|
|
On mail gateway systems, this allows us to separate inbound mail
|
|
relay traffic from outbound traffic, and thereby eliminate a problem
|
|
where inbound mail deliveries could become resource starved in the
|
|
presence of a high volume of outbound mail.
|
|
|
|
[Incompat 20021209] This release adds a new "relay" service to the
|
|
Postfix master.cf file. This is a clone of the "smtp" service. If
|
|
your Postfix is unable to connect to the "relay" service then you
|
|
have not properly followed the installation procedure.
|
|
|
|
Revision of RBL blacklisting code
|
|
=================================
|
|
|
|
[Feature 20020923] Complete rewrite of the RBL blacklisting code.
|
|
The names of RBL restrictions are now based on a suggestion that
|
|
was made by Liviu Daia in October 2001. See conf/sample-smtpd.cf
|
|
or html/uce.html for details.
|
|
|
|
[Feature 20020923] "reject_rbl_client rbl.domain.tld" for client
|
|
IP address blacklisting. Based on code by LaMont Jones. The old
|
|
"reject_maps_rbl" is now implemented as a wrapper around the
|
|
reject_rbl_client code, and logs a warning that "reject_maps_rbl"
|
|
is going away. To upgrade, specify "reject_rbl_client domainname"
|
|
once for each domain name that is listed in maps_rbl_domains.
|
|
|
|
[Feature 20020923] "reject_rhsbl_sender rbl.domain.tld" for sender
|
|
domain blacklisting. Also: reject_rhsbl_client and reject_rhsbl_recipient
|
|
for client and recipient domain blacklisting.
|
|
|
|
[Feature 20020923] "rbl_reply_maps" configuration parameter for
|
|
lookup tables with template responses per RBL server. Based on code
|
|
by LaMont Jones. If no reply template is found the default template
|
|
is used as specified with the default_rbl_reply configuration
|
|
parameter. The template responses support $name expansion of
|
|
client, helo, sender, recipient and RBL related attributes.
|
|
|
|
[Incompat 20020923] The default RBL "reject" server reply now
|
|
includes an indication of *what* is being rejected: Client host,
|
|
Helo command, Sender address, or Recipient address. This also
|
|
changes the logfile format.
|
|
|
|
[Feature 20020923] "smtpd_expansion_filter" configuration parameter
|
|
to control what characters are allowed in the expansion of template
|
|
RBL reply $name macros. Characters outside the allowed set are
|
|
replaced by "_".
|
|
|
|
More sophisticated handling of UCE-related DNS lookup errors
|
|
============================================================
|
|
|
|
[Feature 20020906] More sophisticated handling of UCE-related DNS
|
|
lookup errors. These cause Postfix to not give up so easily, so
|
|
that some deliveries will not have to be deferred after all.
|
|
|
|
[Feature 20020906] The SMTP server sets a defer_if_permit flag when
|
|
an UCE reject restriction fails due to a temporary (DNS) problem,
|
|
to prevent unwanted mail from slipping through. The defer_if_permit
|
|
flag is tested at the end of the ETRN and recipient restrictions.
|
|
|
|
[Feature 20020906] A similar flag, defer_if_reject, is maintained
|
|
to prevent mail from being rejected because a whitelist operation
|
|
(such as permit_mx_backup) fails due to a temporary (DNS) problem.
|
|
|
|
[Feature 20020906] The permit_mx_backup restriction is made more
|
|
strict. With older versions, some DNS failures would cause mail to
|
|
be accepted anyway, and some DNS failures would cause mail to be
|
|
rejected by later restrictions in the same restriction list. The
|
|
improved version will defer delivery when Postfix could make the
|
|
wrong decision.
|
|
|
|
- After DNS lookup failure, permit_mx_backup will now accept the
|
|
request if a subsequent restriction would cause the request to be
|
|
accepted anyway, and will defer the request if a subsequent
|
|
restriction would cause the request to be rejected.
|
|
|
|
- After DNS lookup failure, reject_unknown_hostname (the hostname
|
|
given in HELO/EHLO commands) reject_unknown_sender_domain and
|
|
reject_unknown_recipient_domain will now reject the request if a
|
|
subsequent restriction would cause the request to be rejected
|
|
anyway, and will defer the request if a subsequent restriction
|
|
would cause the request to be accepted.
|
|
|
|
[Feature 20020906] Specify "smtpd_data_restrictions =
|
|
reject_unauth_pipelining" to block mail from SMTP clients that send
|
|
message content before Postfix has replied to the SMTP DATA command.
|
|
|
|
Other UCE related changes
|
|
=========================
|
|
|
|
[Feature 20020717] The SMTP server reject_unknown_{sender,recipient}_domain
|
|
etc. restrictions now also attempt to look up AAAA (IPV6 address)
|
|
records.
|
|
|
|
[Incompat 20020513] In order to allow user@domain@domain addresses
|
|
from untrusted systems, specify "allow_untrusted_routing = yes" in
|
|
main.cf. This opens opportunities for mail relay attacks when
|
|
Postfix provides backup MX service for Sendmail systems.
|
|
|
|
[Incompat 20020514] For safety reasons, the permit_mx_backup
|
|
restriction no longer accepts mail for user@domain@domain. To
|
|
recover the old behavior, specify "allow_untrusted_routing = yes"
|
|
and live with the risk of becoming a relay victim.
|
|
|
|
[Incompat 20020509] The Postfix SMTP server no longer honors OK
|
|
access rules for user@domain@postfix-style.virtual.domain, to close
|
|
a relaying loophole with postfix-style virtual domains that have
|
|
@domain.name catch-all patterns.
|
|
|
|
[Incompat 20020201] In Postfix SMTPD access tables, Postfix now
|
|
uses <> as the default lookup key for the null address, in order
|
|
to work around bugs in some Berkeley DB implementations. This
|
|
behavior is controlled with the smtpd_null_access_lookup_key
|
|
configuration parameter.
|
|
|
|
Changes in transport table lookups
|
|
==================================
|
|
|
|
[Feature 20020610] user@domain address lookups in the transport
|
|
map. This feature also understands address extensions. Transport
|
|
maps still support lookup keys in the form of domain names, but
|
|
only with non-regexp tables. Specify mailer-daemon@my.host.name
|
|
in order to match the null address. More in the transport(5) manual
|
|
page.
|
|
|
|
[Feature 20020505] Friendlier behavior of Postfix transport tables.
|
|
There is a new "*" wildcard pattern that always matches. The
|
|
meaning of null delivery transport AND nexhop information field
|
|
has changed to "do not modify": use the information that would be
|
|
used if the transport table did not exist. This change makes it
|
|
easier to route intranet mail (everything under my.domain) directly:
|
|
you no longer need to specify explicit "local" transport table
|
|
entries for every domain name that resolves to the local machine.
|
|
For more information, including examples, see the updated transport(5)
|
|
manual page.
|
|
|
|
[Incompat 20020610] Regexp/PCRE-based transport maps now see the
|
|
entire recipient address instead of only the destination domain
|
|
name.
|
|
|
|
[Incompat 20020505, 20021215] The meaning of null delivery transport
|
|
and nexhop fields has changed incompatibly.
|
|
|
|
- A null delivery transport AND nexthop information field means
|
|
"do not modify": use the delivery transport or nexthop information
|
|
that would be used if no transport table did not exist.
|
|
|
|
- The delivery transport is not changed with a null delivery
|
|
transport field and non-null nexthop field.
|
|
|
|
- The nexthop is reset to the recipient domain with a non-null
|
|
transport field and a null nexthop information field.
|
|
|
|
Address manipulation changes
|
|
============================
|
|
|
|
[Incompat 20020717] Postfix no longer strips multiple '.' characters
|
|
from the end of an email address or domain name. Only one '.' is
|
|
tolerated.
|
|
|
|
[Feature 20020717] The masquerade_domains feature now supports
|
|
exceptions. Prepend a ! character to a domain name in order to
|
|
not strip its subdomain structure. More information in
|
|
conf/sample-rewrite.cf.
|
|
|
|
[Feature 20020717] The Postfix virtual delivery agent supports
|
|
catch-all entries (@domain.tld) in lookup tables. These match users
|
|
that do not have a specific user@domain.tld entry. The virtual
|
|
delivery agent now ignores address extensions (user+foo@domain.tld)
|
|
when searching its lookup tables, but displays the extensions in
|
|
Delivered-To: message headers.
|
|
|
|
[Feature 20020610] user@domain address lookups in the transport
|
|
map. This feature also understands address extensions. Transport
|
|
maps still support lookup keys in the form of domain names, but
|
|
only with non-regexp tables. Specify mailer-daemon@my.host.name
|
|
in order to match the null address. More in the transport(5) manual
|
|
page.
|
|
|
|
[Incompat 20020610] Regexp/PCRE-based transport maps now see the
|
|
entire recipient address instead of only the destination domain
|
|
name.
|
|
|
|
[Incompat 20020513] In order to allow user@domain@domain addresses
|
|
from untrusted systems, specify "allow_untrusted_routing = yes" in
|
|
main.cf. This opens opportunities for mail relay attacks when
|
|
Postfix provides backup MX service for Sendmail systems.
|
|
|
|
[Incompat 20020509] The Postfix SMTP server no longer honors OK
|
|
access rules for user@domain@postfix-style.virtual.domain, to close
|
|
a relaying loophole with postfix-style virtual domains that have
|
|
@domain.name catch-all patterns.
|
|
|
|
[Incompat 20020509] The appearance of user@domain1@domain2 addresses
|
|
has changed. In mail headers, such addresses are now properly
|
|
quoted as "user@domain1"@domain2. As a side effect, this quoted
|
|
form is now also expected on the left-hand side of virtual and
|
|
canonical lookup tables, but only by some of the Postfix components.
|
|
For now, it is better not to use user@domain1@domain2 address forms
|
|
on the left-hand side of lookup tables.
|
|
|
|
Regular expression and PCRE related changes
|
|
===========================================
|
|
|
|
[Feature 20021209] Regular expression maps are now allowed with
|
|
local delivery agent alias tables and with all virtual delivery
|
|
agent lookup tables. However, regular expression substitution of
|
|
$1 etc. is still forbidden for security reasons.
|
|
|
|
[Obsolete 20020917] In regexp lookup tables, the form /pattern1/!/pattern2/
|
|
is going away. Use the cleaner and more flexible "if !/pattern2/..endif"
|
|
form. The old form still exists but is no longer documented, and
|
|
causes a warning (suggesting to use the new format) to be logged.
|
|
|
|
[Incompat 20020610] Regexp/PCRE-based transport maps now see the
|
|
entire recipient address instead of only the destination domain
|
|
name.
|
|
|
|
[Incompat 20020528] With PCRE pattern matching, the `.' metacharacter
|
|
now matches all characters including newline characters. This makes
|
|
PCRE pattern matching more convenient to use with multi-line message
|
|
headers, and also makes PCRE more compatible with regexp pattern
|
|
matching. The pcre_table(5) manual page has been greatly revised.
|
|
|
|
New mail "HOLD" action and "hold" queue
|
|
=======================================
|
|
|
|
[Feature 20020819] New "hold" queue for mail that should not be
|
|
delivered. "postsuper -h" puts mail on hold, and "postsuper -H"
|
|
releases mail, moving mail that was "on hold" to the deferred queue.
|
|
|
|
[Feature 20020821] HOLD and DISCARD actions in SMTPD access tables.
|
|
As with the header/body version of the same, these actions apply
|
|
to all recipients of the same queue file.
|
|
|
|
[Feature 20020819] New header/body HOLD action that causes mail to
|
|
be placed on the "hold" queue. Presently, all you can do with mail
|
|
"on hold" is to examine it with postcat, to take it "off hold" with
|
|
"postsuper -H", or to destroy it with "postsuper -d". See
|
|
conf/sample-filter.cf.
|
|
|
|
[Incompat 20020819] In mailq output, the queue ID is followed by
|
|
the ! character when the message is in the "hold" queue (see below).
|
|
This may break programs that process mailq output.
|
|
|
|
Content filtering
|
|
=================
|
|
|
|
[Feature 20020823] Selective content filtering. In in SMTPD access
|
|
tables, specify "FILTER transport:nexthop" for mail that needs
|
|
filtering. More info about content filtering is in the Postfix
|
|
FILTER_README file. This feature overrides the main.cf content_filter
|
|
setting. Presently, this applies to all the recipients of a queue
|
|
file.
|
|
|
|
[Feature 20020527] Selective content filtering. In header/body_check
|
|
patterns, specify "FILTER transport:nexthop" for mail that needs
|
|
filtering. This requires different cleanup servers before and after
|
|
the filter, with header/body checks turned off in the second cleanup
|
|
server. More info about content filtering is in the Postfix
|
|
FILTER_README file. This feature overrides the main.cf content_filter
|
|
setting. Presently, this applies to all the recipients of a queue
|
|
file.
|
|
|
|
[Feature 20020527] Postfix now has real MIME support. This improves
|
|
content filtering efficiency and accuracy, and improves inter-operability
|
|
with mail systems that cannot receive 8-bit mail. See conf/sample-mime.cf
|
|
for details.
|
|
|
|
[Feature 20020527] Postfix header_checks now properly recognize
|
|
MIME headers in attachments. This is much more efficient than
|
|
previous versions that recognized MIME headers via body_checks.
|
|
MIME headers are now processed one multi-line header at a time,
|
|
instead of one body line at a time. To get the old behavior,
|
|
specify "disable_mime_input_processing = yes". More details in
|
|
conf/sample-filter.cf.
|
|
|
|
[Feature 20020527] Postfix now has three classes of header patterns:
|
|
header_checks (for primary message headers except MIME headers),
|
|
mime_header_checks (for MIME headers), and nested_header_checks
|
|
(for headers of attached email messages except MIME headers). By
|
|
default, all headers are matched with header_checks.
|
|
|
|
[Feature 20021013] The body_checks_size_limit parameter limits the
|
|
amount of text per message body segment (or attachment, if you
|
|
prefer to use that term) that is subjected to body_checks inspection.
|
|
The default limit is 50 kbytes. This speeds up the processing of
|
|
mail with large attachments.
|
|
|
|
[Feature 20020917] Speedups of regexp table lookups by optimizing
|
|
for the $number substitutions that are actually present in the
|
|
right-hand side. Based on a suggestion by Liviu Daia.
|
|
|
|
[Feature 20020917] Speedups of regexp and pcre tables, using
|
|
IF..ENDIF support. Based on an idea by Bert Driehuis. To protect
|
|
a block of patterns, use:
|
|
|
|
if /pattern1/
|
|
/pattern2/ result2
|
|
/pattern3/ result3
|
|
endif
|
|
|
|
IF..ENDIF can nest. Don't specify blanks at the beginning of lines
|
|
inside IF..ENDIF, because lines beginning with whitespace are
|
|
appended to the previous line. More details about the syntax are
|
|
given in the pcre_table(5) and regexp_table(5) manual pages.
|
|
|
|
Postmap/postalias/newaliases changes
|
|
====================================
|
|
|
|
[Incompat 20020505] The postalias command now copies the source
|
|
file read permissions to the result file when creating a table for
|
|
the first time. Until now, the result file was created with default
|
|
read permissions. This change makes postalias more similar to
|
|
postmap.
|
|
|
|
[Incompat 20020505] The postalias and postmap commands now drop
|
|
super-user privileges when processing a non-root source file. The
|
|
file is now processed as the source file owner, and the owner must
|
|
therefore have permission to update the result file. Specify the
|
|
"-o" flag to get the old behavior (process non-root files with root
|
|
privileges).
|
|
|
|
[Incompat 20020122] When the postmap command creates a non-existent
|
|
result file, the new file inherits the group/other read permissions
|
|
of the source file.
|
|
|
|
Assorted changes
|
|
================
|
|
|
|
[Feature 20021028] The local(8) and virtual(8) delivery agents now record
|
|
the original recipient address in the X-Original-To: message header.
|
|
This header can also be emitted by the pipe(8) delivery agent.
|
|
|
|
[Incompat 20021028] With "domain in one mailbox", one message with
|
|
multiple recipients is no longer delivered only once. It is now
|
|
delivered as one copy for each original recipient, with the original
|
|
recipient address listed in the X-Original-To: message header.
|
|
|
|
[Feature 20021024] New proxy_interfaces parameter, for sites behind a
|
|
network address translation gateway or other type of proxy. You
|
|
should specify all the proxy network addresses here, to avoid avoid
|
|
mail delivery loops.
|
|
|
|
[Feature 20021013] Updated MacOS X support by Gerben Wierda. See
|
|
the auxiliary/MacOSX directory.
|
|
|
|
[Incompat 20021013] Subtle change in ${name?result} macro expansions:
|
|
the expansion no longer happens when $name is an empty string. This
|
|
probably makes more sense than the old behavior.
|
|
|
|
[Incompat 20020917] The relayhost setting now behaves as documented,
|
|
i.e. you can no longer specify multiple destinations.
|
|
|
|
[Incompatibility 20021219] The use of the XVERP extension in the
|
|
SMTP MAIL FROM command is now restricted to SMTP clients that match
|
|
the hostnames, domains or networks listed with the authorized_verp_clients
|
|
parameter (default: $mynetworks).
|
|
|
|
[Feature 20020819] When the Postfix local delivery agent detects
|
|
a mail delivery loop (usually the result of mis-configured mail
|
|
pickup software), the undeliverable mail is now sent to the mailing
|
|
list owner instead of the envelope sender address (usually the
|
|
original poster who has no guilt, and who cannot fix the problem).
|
|
|
|
[Warning 20020819] The Postfix queue manager now warns when mail
|
|
for some destination is piling up in the active queue, and suggests
|
|
a variety of remedies to speed up delivery (increase per-destination
|
|
concurrency limit, increase active queue size, use a separate
|
|
delivery transport, increase per-transport process limit). The
|
|
qmgr_clog_warn_time parameter controls the time between warnings.
|
|
To disable these warnings, specify "qmgr_clog_warn_time = 0".
|
|
|
|
[Warning 20020717] The Postfix SMTP client now logs a warning when
|
|
the same domain is listed in main.cf:mydestination as well as a
|
|
Postfix-style virtual map. Such a mis-configuration may cause mail
|
|
for users to be rejected with "user unknown".
|
|
|
|
[Feature 20020331] A new smtp_helo_name parameter that specifies
|
|
the hostname to be used in HELO or EHLO commands; this can be more
|
|
convenient than changing the myhostname parameter setting.
|
|
|
|
[Feature 20020331] Choice between multiple instances of internal
|
|
services: bounce, cleanup, defer, error, flush, pickup, queue,
|
|
rewrite, showq. This allows you to use different cleanup server
|
|
settings for different SMTP server instances. For example, specify
|
|
in the master.cf file:
|
|
|
|
localhost:10025 ... smtpd -o cleanup_service_name=cleanup2 ...
|
|
cleanup2 ... cleanup -o header_checks= body_checks= ...
|
|
|
|
Logfile format changes
|
|
======================
|
|
|
|
[Incompat 20021209] The Postfix SMTP client no longer expands CNAMEs
|
|
in MAIL FROM addresses (as permitted by RFC 2821) before logging
|
|
the recipient address.
|
|
|
|
[Incompat 20021028] The Postfix SMTP server UCE reject etc. logging
|
|
now includes the queue ID, the mail protocol (SMTP or ESMTP), and
|
|
the hostname that was received with the HELO or EHLO command, if
|
|
available.
|
|
|
|
[Incompat 20021028] The Postfix header/body_checks logging now
|
|
includes the mail protocol (SMTP, ESMTP, QMQP) and the hostname
|
|
that was received with the SMTP HELO or EHLO command, if available.
|
|
|
|
[Incompat 20021028] The Postfix status=sent/bounced/deferred logging
|
|
now shows the original recipient address (as received before any
|
|
address rewriting or aliasing). The original recipient address is
|
|
logged only when it differs from the final recipient address.
|
|
|
|
[Incompat 20020923] The default RBL "reject" server reply now
|
|
includes an indication of *what* is being rejected: Client host,
|
|
Helo command, Sender address, or Recipient address. This also
|
|
changes the logfile format.
|
|
|
|
LDAP related changes
|
|
====================
|
|
|
|
[Incompat 20020819] LDAP API version 1 is no longer supported. The
|
|
memory allocation and deallocation strategy has changed too much
|
|
to maintain both version 1 and 2 at the same time.
|
|
|
|
[Feature 20020513] Updated LDAP client module with better handling
|
|
of dead LDAP servers, and with configurable filtering of query
|
|
results.
|
|
|
|
SASL related changes
|
|
====================
|
|
|
|
[Incompat 20020819] The smtpd_sasl_local_domain setting now defaults
|
|
to the null string, rather than $myhostname. This seems to work
|
|
better with Cyrus SASL version 2. This change may cause incompatibility
|
|
with the saslpasswd2 command.
|
|
|
|
[Feature 20020331] Support for the Cyrus SASL version 2 library,
|
|
contributed by Jason Hoos. This adds some new functionality that
|
|
was not available in Cyrus SASL version 1, and provides bit-rot
|
|
insurance for the time when Cyrus SASL version 1 eventually stops
|
|
working.
|
|
|
|
Berkeley DB related changes
|
|
===========================
|
|
|
|
[Feature 20020505] Finer control over Berkeley DB memory usage,
|
|
The parameter "berkeley_db_create_buffer_size" (default: 16 MBytes)
|
|
specifies the buffer size for the postmap and postalias commands.
|
|
The parameter "berkeley_db_read_buffer_size" (default: 256 kBytes)
|
|
specifies the buffer size for all other applications. Specify
|
|
"berkeley_db_read_buffer_size = 1048576" to get the old read buffer
|
|
size. For more information, see the last paragraphs of the DB_README
|
|
file.
|
|
|
|
[Incompat 20020201] In Postfix SMTPD access tables, Postfix now
|
|
uses <> as the default lookup key for the null address, in order
|
|
to work around bugs in some Berkeley DB implementations. This
|
|
behavior is controlled with the smtpd_null_access_lookup_key
|
|
configuration parameter.
|
|
|
|
[Incompat 20020201] Postfix now detects if the run-time Berkeley
|
|
DB library routines do not match the major version number of the
|
|
compile-time include file that was used for compiling Postfix. The
|
|
software issues a warning and aborts in case of a discrepancy. If
|
|
it didn't, the software was certain to crash with a segmentation
|
|
violation.
|
|
|
|
Assorted workarounds
|
|
====================
|
|
|
|
[Incompat 20020201] On SCO 3.2 UNIX, the input rate flow control
|
|
is now turned off by default, because of limitations in the SCO
|
|
UNIX kernel.
|