d7d544aee7
check following for list of changes: ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-1.1.11.RELEASE_NOTES
1171 lines
53 KiB
Plaintext
1171 lines
53 KiB
Plaintext
In the text below, incompatible changes are labeled with the Postfix
|
|
snapshot that introduced the change. If you upgrade from a later
|
|
Postfix version, then you do not have to worry about that particular
|
|
incompatibility.
|
|
|
|
Official Postfix releases are called a.b.c where a=major release
|
|
number, b=minor release number, c=patchlevel. Snapshot releases
|
|
are now called a.b.c-yyyymmdd where yyyymmdd is the release date
|
|
(yyyy=year, mm=month, dd=day). The mail_release_date configuration
|
|
parameter contains the release date (both for official release and
|
|
snapshot release). Patches change the patchlevel and the release
|
|
date. Snapshots change only the release date, unless they include
|
|
the same bugfix as a patch release.
|
|
|
|
Incompatible changes with Postfix version 1.1.10 (released 20020514)
|
|
====================================================================
|
|
|
|
For safety reasons, the permit_mx_backup restriction no longer
|
|
accepts mail for user@domain@domain. To recover the old behavior,
|
|
specify "resolve_dequoted_address = no" which opens up a completely
|
|
different can of worms as described a few paragraphs down in this
|
|
document.
|
|
|
|
Incompatible changes with Postfix version 1.1.9 (released 20020513)
|
|
===================================================================
|
|
|
|
The Postfix SMTP server by default no longer accepts mail for
|
|
user@domain@postfix-style.virtual.domain, to close a relaying
|
|
loophole with postfix-style virtual domains that have @domain.name
|
|
catch-all patterns.
|
|
|
|
To allow such addresses, specify "resolve_dequoted_address = no"
|
|
in main.cf (quote the address localpart as per RFC 822, and don't
|
|
look for @ or % or ! characters inside the address localpart).
|
|
However, this opens opportunities for obscure mail relay attacks
|
|
when Postfix provides backup MX service for Sendmail systems.
|
|
|
|
The appearance of user@domain1@domain2 addresses has changed. In
|
|
mail headers, such addresses are now properly quoted as
|
|
"user@domain1"@domain2. As a side effect, this quoted form is now
|
|
also expected on the left-hand side of virtual and canonical lookup
|
|
tables, but only by some of the Postfix components. For now, it
|
|
is better not to use user@domain1@domain2 address forms on the
|
|
left-hand side of lookup tables.
|
|
|
|
Incompatible changes with Postfix version 1.1.6 (released 20020326)
|
|
===================================================================
|
|
|
|
The Postfix SMTP client now breaks message header or body lines
|
|
that are longer than $smtp_line_length_limit characters (default:
|
|
990). Earlier Postfix versions broke lines at $line_length_limit
|
|
characters (default: 2048). Postfix versions before 20010611 did
|
|
not break long lines at all. Reportedly, some mail servers refuse
|
|
to receive mail with lines that exceed the 1000 character limit
|
|
that is specified by the SMTP standard.
|
|
|
|
The Postfix SMTP client now breaks long message header or body
|
|
lines by inserting <CR> <LF> <SPACE>. Earlier Postfix versions
|
|
broke long lines by inserting <CR> <LF> only. This broke MIME
|
|
encapsulation, causing MIME attachments to "disappear" with Postfix
|
|
versions after 20010611.
|
|
|
|
Postfix now discards text when a logical message header exceeds
|
|
$header_size_limit characters (default: 102400). Earlier Postfix
|
|
versions would place excess text, and all following text, in the
|
|
message body. The same thing was done when a physical header line
|
|
exceeded $line_length_limit characters (default: 2048). Both
|
|
behaviors broke MIME encapsulation, causing MIME attachments to
|
|
"disappear" with all previous Postfix versions.
|
|
|
|
Incompatible changes with Postfix version 1.1.3 (released 20020201)
|
|
===================================================================
|
|
|
|
In Postfix SMTPD access tables, Postfix now uses <> as the default
|
|
lookup key for the null address, in order to work around bugs in
|
|
some Berkeley DB implementations. This behavior is controlled with
|
|
the smtpd_null_access_lookup_key configuration parameter.
|
|
|
|
On SCO 3.2 UNIX, the input rate flow control is now turned off by
|
|
default, because of limitations in the SCO UNIX kernel.
|
|
|
|
Incompatible changes with Postfix version 1.1.2 (released 20020125)
|
|
===================================================================
|
|
|
|
Postfix now detects if the run-time Berkeley DB library routines
|
|
do not match the major version number of the compile-time include
|
|
file that was used for compiling Postfix. The software issues a
|
|
warning and aborts in case of a discrepancy. If it didn't, the
|
|
software was certain to crash with a segmentation violation.
|
|
|
|
Incompatible changes with Postfix version 1.1.1 (released 20020122)
|
|
===================================================================
|
|
|
|
When the postmap command creates a non-existent result file, the
|
|
new file inherits the group/other read permissions of the source
|
|
file.
|
|
|
|
Incompatible changes with Postfix version 1.1.0 (released 20020117)
|
|
===================================================================
|
|
|
|
Changes are listed in order of decreasing importance, not release
|
|
date.
|
|
|
|
[snapshot-20010709] This release introduces a new queue file record
|
|
type that is used only for messages that actually use VERP (variable
|
|
envelope return path) support. With this sole exception, the queue
|
|
file format is entirely backwards compatible with the previous
|
|
official Postfix release (20010228, a.k.a. Postfix 1.0.0).
|
|
|
|
[snapshot-20020106] This release modifies the existing master.cf
|
|
file. The local pickup service is now unprivileged, and the cleanup
|
|
and flush service are now "public". Should you have to back out to
|
|
a previous release, then you must 1) edit the master.cf file, make
|
|
the pickup service "privileged", and make the cleanup and flush
|
|
services "private"; 2) "chmod 755 /var/spool/postfix/public". To
|
|
revert to a world-writable mail submission directory, "chmod 1733
|
|
/var/spool/postfix/maildrop".
|
|
|
|
[snapshot-20020106, snapshot-20010808, snapshot-20011103,
|
|
snapshot-20011121] You must stop and restart Postfix because of
|
|
incompatible changes in the local Postfix security model and in
|
|
the Postfix internal protocols. Old and new components will not
|
|
work together.
|
|
|
|
[snapshot-20020106] Simpler local Postfix security model.
|
|
|
|
- No world-writable maildrop directory. Postfix now always uses
|
|
the set-gid postdrop command for local mail submissions. The
|
|
local mail pickup daemon is now an unprivileged process.
|
|
|
|
- No world-accessible pickup and queue manager server FIFOs.
|
|
|
|
- New set-gid postqueue command for the queue list/flush operations
|
|
that used to implemented by the Postfix sendmail command.
|
|
|
|
[snapshot-20020106..15] Simpler Postfix installation and upgrading.
|
|
|
|
- All installation settings are now kept in the main.cf file, and
|
|
better default settings are now generated for system dependent
|
|
pathnames such as sendmail_path etc. The install.cf file is no
|
|
longer used, except when upgrading from an older Postfix version.
|
|
|
|
- Non-default installation parameter settings can (but do not have
|
|
to) be specified on the "make install" or "make upgrade" command
|
|
line as name=value arguments.
|
|
|
|
- New postfix-files database (in /etc/postfix) with (pathname,
|
|
owner, permission) information about all Postfix-related files.
|
|
|
|
- New postfix-install script replaces the awkward INSTALL.sh script.
|
|
This is driven by the postfix-files database. It has better
|
|
support for building packages for distribution to other systems.
|
|
See PACKAGE_README for details.
|
|
|
|
- New post-install script (in /etc/postfix) for post-installation
|
|
maintenance of directory/file permissions and ownership (this is
|
|
used by "postfix check"). Example:
|
|
|
|
# postfix stop
|
|
# post-install set-permissions mail_owner=username setgid_group=groupname
|
|
# postfix start
|
|
|
|
[snapshot-20020106] Postfix will not run if it detects that the
|
|
postfix user or group ID are shared with other accounts on the
|
|
system. The checks aren't exhaustive (that would be too resource
|
|
consuming) but should be sufficient to encourage packagers and
|
|
developers to do the right thing. To fix the problem, use the above
|
|
post-install command, after you have created the appropriate new
|
|
mail_owner or setgid_group user or group IDs.
|
|
|
|
[snapshot-20020106] If you run multiple Postfix instances on the
|
|
same machine you now have to specify their configuration directories
|
|
in the default main.cf file as "alternate_config_directories =
|
|
/dir1 /dir2 ...". Otherwise, some Postfix commands will no longer
|
|
work: the set-group ID postdrop command for mail submission and
|
|
the set-group ID postqueue command for queue listing/flushing.
|
|
|
|
[snapshot-20010808] The default setting for the maps_rbl_domains
|
|
parameter is now "empty", because mail-abuse.org has become a
|
|
subscription-based service. The names of the RBL parameters haven't
|
|
changed.
|
|
|
|
[snapshot-20020106] Postfix SMTP access maps will no longer return
|
|
OK for non-local multi-domain recipient mail addresses (user@dom1@dom2,
|
|
user%dom1@dom2, etcetera); the lookup now returns DUNNO (undetermined).
|
|
Non-local multi-domain recipient addresses were already prohibited
|
|
from matching the permit_mx_backup and the relay_domains-based
|
|
restrictions.
|
|
|
|
[snapshot-20011210] Stricter checking of Postfix chroot configurations.
|
|
The Postfix startup procedure now warns if "system" directories
|
|
(etc, bin, lib, usr) under the Postfix top-level queue directory
|
|
are not owned by the super-user (usually the result of well-intended,
|
|
but misguided, applications of "chown -R postfix /var/spool/postfix).
|
|
|
|
[snapshot-20011008] The Postfix SMTP server now rejects requests
|
|
with a generic "try again later" status (451 Server configuration
|
|
error) when it detects an error in smtp_{client, helo, sender,
|
|
recipient, etrn}_restrictions settings. More details about the
|
|
problem are logged to the syslogd; sending such information to
|
|
random clients would be inappropriate.
|
|
|
|
[snapshot-20011008] Postfix no longer flushes the entire mail queue
|
|
after receiving an ETRN request for a random domain name. Requests
|
|
for domains that do not match $fast_flush_domains are now rejected
|
|
instead.
|
|
|
|
[snapshot-20011226] Postfix configuration file comments no longer
|
|
continue on the next line when that next line starts with whitespace.
|
|
This change avoids surprises, but it may cause unexpected behavior
|
|
with existing, improperly formatted, configuration files. Caveat
|
|
user. Comment lines are allowed to begin with whitespace. Multi-line
|
|
input is no longer terminated by a comment line, by an all whitespace
|
|
line, or by an empty line.
|
|
|
|
[snapshot-20010714] Postfix delivery agents now refuse to create
|
|
a missing maildir or mail spool subdirectory when its parent
|
|
directory is world writable. This is necessary to prevent security
|
|
problems with maildirs or with hashed mailboxes under a world
|
|
writable mail spool directory.
|
|
|
|
[snapshot-20010525] As per RFC 2821, the Postfix SMTP client now
|
|
always sends EHLO at the beginning of an SMTP session. Specify
|
|
"smtp_always_send_ehlo = no" for the old behavior, which is to send
|
|
EHLO only when the server greeting banner contains the word ESMTP.
|
|
|
|
[snapshot-20010525] As per RFC 2821, an EHLO command in the middle
|
|
of an SMTP session resets the Postfix SMTP server state just like
|
|
RSET. This behavior cannot be disabled.
|
|
|
|
[snapshot-20010709] The SMTP client now by default breaks lines >
|
|
2048 characters, to avoid mail delivery problems with fragile SMTP
|
|
server software. To get the old behavior back, specify "smtp_break_lines
|
|
= no" in the Postfix main.cf file.
|
|
|
|
[snapshot-20010709] With recipient_delimiter=+ (or any character
|
|
other than -) Postfix will now recognize address extensions even
|
|
with owner-foo+extension addresses. This change was necessary to
|
|
make VERP useful for mailing list bounce processing.
|
|
|
|
[snapshot-20010610] The Postfix pipe delivery agent no longer
|
|
automatically case-folds the expansion of $user, $extension or
|
|
$mailbox command-line macros. Specify the 'u' flag to get the old
|
|
behavior.
|
|
|
|
[snapshot-20011210] The Postfix sendmail command no longer exits
|
|
with status 1 when mail submission fails, but instead returns a
|
|
sendmail-compatible status code as defined in /usr/include/sysexits.h.
|
|
|
|
Major changes with Postfix version 1.1.0 (Released 20020117)
|
|
============================================================
|
|
|
|
Changes are listed in order of decreasing importance, not release
|
|
date.
|
|
|
|
The nqmgr queue manager is now bundled with Postfix. It implements
|
|
a smarter scheduling strategy that allows ordinary mail to slip
|
|
past mailing list mail, resulting in better response. This queue
|
|
manager is expected to become the default queue manager shortly.
|
|
|
|
[snapshot-20010709, snapshot-20010808] VERP (variable envelope
|
|
return path) support. This is enabled by default, including in
|
|
the SMTP server. See the VERP_README file for instructions. Specify
|
|
"disable_verp_bounces = yes" to have Postfix send one RFC-standard,
|
|
non-VERP, bounce report for multi-recipient mail, even when VERP
|
|
style delivery was requested. This reduces the explosive behavior
|
|
of bounces when sending mail to a list.
|
|
|
|
[snapshot-20010709] QMQP server support, so that Postfix can be
|
|
used as a backend mailer for the ezmlm-idx mailing list manager.
|
|
You still need qmail to drive ezmlm and to process mailing list
|
|
bounces. The QMQP service is disabled by default. To enable, follow
|
|
the instructions in the QMQP_README file.
|
|
|
|
[snapshot-20010709] You can now reject unknown virtual(8) recipients
|
|
at the SMTP port by specifying a "domain.name whatever" entry in
|
|
the tables specified with virtual_mailbox_maps, similar to Postfix
|
|
virtual(5) domains. [virtual(8) is the Postfix virtual delivery
|
|
agent, virtual(5) is the Postfix virtual map. The two implement
|
|
virtual domains in a very different manner.]
|
|
|
|
[snapshot-20011121] Configurable host/domain name wildcard matching
|
|
behavior: choice between "pattern `domain.name' matches string
|
|
`host.domain.name'" (this is to be deprecated in the future) and
|
|
"pattern `.domain.name' matches string `host.domain.name'" (this
|
|
is to be preferred in the future). The configuration parameter
|
|
"parent_domain_matches_subdomains" specifies which Postfix features
|
|
use the behavior that will become deprecated.
|
|
|
|
[snapshot-20010808] Variable coupling between message receiving
|
|
rates and message delivery rates. When the message receiving rate
|
|
exceeds the message delivery rate, an SMTP server will pause for
|
|
$in_flow_delay seconds before accepting a message. This delay
|
|
gives Postfix a chance catch up and access the disk, while still
|
|
allowing new mail to arrive. This feature currently has effect
|
|
only when mail arrives via a small number of SMTP clients.
|
|
|
|
[snapshot-20010610, snapshot-20011121, snapshot-20011210] Workarounds
|
|
for a bug in old versions of the CISCO PIX firewall software that
|
|
caused mail to be resent repeatedly. The workaround has no effect
|
|
for other mail deliveries. The workaround is turned off when mail
|
|
is queued for less than $smtp_pix_workaround_threshold_time seconds
|
|
(default: 500 seconds) so that the workaround is normally enabled
|
|
only for deferred mail. The delay before sending .<CR><LF> is now
|
|
controlled by the $smtp_pix_workaround_delay_time setting (default:
|
|
10 seconds).
|
|
|
|
[snapshot-20011226] Postfix will now do null address lookups in
|
|
SMTPD access maps. If your access maps cannot store or look up
|
|
null string key values, specify "smtpd_null_access_lookup_key =
|
|
<>" and the null sender address will be looked up as <> instead.
|
|
|
|
[snapshot-20011210] More usable virtual delivery agent, thanks to
|
|
a new "static" map type by Jeff Miller that always returns its map
|
|
name as the lookup result. This eliminates the need for per-recipient
|
|
user ID and group ID tables. See the VIRTUAL_README file for more
|
|
details.
|
|
|
|
[snapshot-20011125] Anti-sender spoofing. New main.cf parameter
|
|
smtpd_sender_login_maps that specifies the (SASL) login name that
|
|
owns a MAIL FROM sender address. Specify a regexp table in order
|
|
to require a simple one-to-one mapping. New SMTPD restriction
|
|
reject_sender_login_mismatch that refuses a MAIL FROM address when
|
|
$smtpd_sender_login_maps specifies an owner but the client is not
|
|
(SASL) logged in as the MAIL FROM address owner, or when a client
|
|
is (SASL) logged in but does not own the address according to
|
|
$smtpd_sender_login_maps.
|
|
|
|
[snapshot-20011121] The mailbox_command_maps parameter allows you
|
|
to configure the external delivery command per user (local delivery
|
|
agent only). This feature has precedence over the mailbox_command
|
|
and home_mailbox settings.
|
|
|
|
[snapshot-20011121] New "warn_if_reject" smtpd UCE restriction that
|
|
only warns if the restriction that follows would reject mail. Look
|
|
for file records that contain the string "reject_warning".
|
|
|
|
[snapshot-20011127] New header/body_check result "WARN" to make
|
|
Postfix log a warning about a header/body line without rejecting
|
|
the content.
|
|
|
|
[snapshot-20011103] In header/body_check files, REJECT can now be
|
|
followed by text that is sent to the originator. That feature was
|
|
stuck waiting for years, pending the internal protocol revision.
|
|
|
|
[snapshot-20011008] The permit_mx_backup feature allows you to
|
|
specify network address blocks via the permit_mx_backup_networks
|
|
parameter. This requires that the primary MX hosts for the given
|
|
destination match the specified network blocks. When no value is
|
|
given for permit_mx_backup_networks, Postfix will accept mail
|
|
whenever the local MTA is listed in the DNS as an MX relay host
|
|
for a destination, even when you never gave permission to do so.
|
|
|
|
[snapshot-20010709] Specify "mail_spool_directory = /var/mail/"
|
|
(note the trailing "/" character) to enable maildir format for
|
|
/var/mail/username.
|
|
|
|
[snapshot-20010808] Finer control over address masquerading. The
|
|
masquerade_classes parameter now controls header and envelope sender
|
|
and recipient addresses. With earlier Postfix versions, address
|
|
masquerading rewrote all addresses except for the envelope recipient.
|
|
|
|
[snapshot-20010610] The pipe mail delivery agent now supports proper
|
|
quoting of white space and other special characters in the expansions
|
|
of the $sender and $recipient command-line macros. This was necessary
|
|
for correct operation of the "simple" content filter, and is also
|
|
recommended for delivery via UUCP or BSMTP.
|
|
|
|
[snapshot-20010610] The pipe mail delivery agent now supports case
|
|
folding the localpart and/or domain part of expansions of the
|
|
$nexthop, $recipient, $user, $extension or $mailbox command-line
|
|
macros. This is recommended for mail delivery via UUCP. Bug: $nexthop
|
|
is always case folded because of problems in the queue manager
|
|
code.
|
|
|
|
[snapshot-20010525] This release contains many little revisions of
|
|
little details in the light of the new RFC 2821 and RFC 2822
|
|
standards. Changes that may affect interoperability are listed
|
|
above under "incompatible changes". Other little details are
|
|
discussed in comments in the source code.
|
|
|
|
[snapshot-20010502] The Postfix SMTP client now by default randomly
|
|
shuffles destination IP addresses of equal preference (whether
|
|
obtained via MX lookup or otherwise). Reportedly, this is needed
|
|
for sites that use Bernstein's dnscache program. Specify
|
|
"smtp_randomize_addresses = no" to disable this behavior. Based on
|
|
shuffling code by Aleph1.
|
|
|
|
[snapshot-20011127] New parameter smtpd_noop_commands to specify
|
|
a list of commands that the Postfix SMTP server treats as NOOP
|
|
commands (no syntax check, no state change). This is a workaround
|
|
for misbehaving clients that send unsupported commands such as
|
|
ONEX.
|
|
|
|
[snapshot-20010502] "postmap -q -" and "postmap -d -" read key
|
|
values from standard input, which makes it easier to drive them
|
|
from another program. The same feature was added to the postalias
|
|
command.
|
|
|
|
[snapshot-20010502] The postsuper command now has a command-line
|
|
option to delete queue files. In principle this command can be
|
|
used while Postfix is running, but there is a possibility of deleting
|
|
the wrong queue file when Postfix deletes a queue file and reuses
|
|
the queue ID for a new message. In that case, postsuper will delete
|
|
the new message.
|
|
|
|
[snapshot-20010525] The postsuper queue maintenance tool now renames
|
|
files whose name (queue ID) does not match the message file inode
|
|
number. This is necessary after a Postfix mail queue is restored
|
|
from another machine or from backups. The feature is selected with
|
|
the -s option, which is the default, and runs whenever Postfix is
|
|
started.
|
|
|
|
[snapshot-20010525] The postsuper queue maintenance tool has a new
|
|
-r (requeue) option for subjecting some or all queue files to
|
|
another iteration of address rewriting. This is useful after the
|
|
virtual or canonical maps have changed.
|
|
|
|
[snapshot-20010525] The postsuper queue maintenance tool was extended
|
|
with options to read queue IDs from standard input. This makes the
|
|
tool easier to drive from scripts.
|
|
|
|
[snapshot-20010329] Better support for running multiple Postfix
|
|
instances on one machine. Each instance can be recognized by its
|
|
logging (defaults: "syslog_name = postfix", "syslog_facility =
|
|
mail").
|
|
|
|
Major incompatible changes with release-20010228 Patch 01 (a.k.a. Postfix 1.0.1)
|
|
================================================================================
|
|
|
|
This release changes the names of the "fast ETRN" logfiles with
|
|
delayed mail per destination. These files are maintained by the
|
|
Postfix "fast flush" daemon. The old scheme failed with addresses
|
|
of the form user@[ip.address] and user@a.domain.name. In order to
|
|
populate the new "fast ETRN" logfiles, execute the command "sendmail
|
|
-q". The old "fast ETRN" logfiles go away by themselves (default:
|
|
after 7 days).
|
|
|
|
Major incompatible changes with release-20010228 (a.k.a. Postfix 1.0.0)
|
|
=======================================================================
|
|
|
|
[snapshot-20010225] POSTFIX NO LONGER RELAYS MAIL FOR CLIENTS IN
|
|
THE ENTIRE CLASS A/B/C NETWORK. To get the old behavior, specify
|
|
"mynetworks_style = class" in the main.cf file. The default
|
|
(mynetworks_style = subnet) is to relay for clients in the local
|
|
IP subnet. See conf/main.cf.
|
|
|
|
[snapshot-20001005, snapshot-20010225] You must execute "postfix
|
|
stop" before installing this release. Some recommended parameter
|
|
settings have changed, and a new entry must be added to the master.cf
|
|
file before you can start Postfix again.
|
|
|
|
1 - The recommended Postfix configuration no longer uses flat
|
|
directories for the "incoming" "active", "bounce", and "defer"
|
|
queue directories. The "flush" directory for the new "flush"
|
|
service directory should not be flat either.
|
|
|
|
Upon start-up, Postfix checks if the hash_queue_names configuration
|
|
parameter is properly set up, and will add any queue directory
|
|
names that are missing.
|
|
|
|
2 - In order to improve performance of one-to-one mail deliveries
|
|
the queue manager will now look at up to 10000 queue files
|
|
(was: 1000). The default qmgr_message_active_limit setting
|
|
was changed accordingly.
|
|
|
|
If you have a non-default qmgr_message_active_limit in main.cf,
|
|
you may want adjust it.
|
|
|
|
3 - The new "flush" service needs to be configured in master.cf.
|
|
|
|
Upon start-up, Postfix checks if the new "flush" service is
|
|
configured in the master.cf file, and will add an entry if it
|
|
is missing.
|
|
|
|
Should you wish to back out to a previous Postfix release there is
|
|
no need to undo the above queue configuration changes.
|
|
|
|
[snapshot-20000921] The protocol between queue manager and delivery
|
|
agents has changed. This means that you cannot mix the Postfix
|
|
queue manager or delivery agents with those of Postfix versions
|
|
prior to 20000921. This change does not affect Postfix queue file
|
|
formats.
|
|
|
|
[snapshot-20000529] This release introduces an incompatible queue
|
|
file format change ONLY when content filtering is enabled (see text
|
|
in FILTER_README). Old Postfix queue files will work fine, but
|
|
queue files with the new content filtering info will not work with
|
|
Postfix versions before 20000529. Postfix logs a warning and moves
|
|
incompatible queue files to the "corrupt" mail queue subdirectory.
|
|
|
|
Minor incompatible changes with release-20010228
|
|
================================================
|
|
|
|
[snapshot-20010225] The incoming and deferred queue directories
|
|
are now hashed by default. This improves the performance considerably
|
|
under heavy load, at the cost of a small but noticeable slowdown
|
|
when one runs "mailq" on an unloaded system.
|
|
|
|
[snapshot-20010222] Postfix no longer automatically delivers
|
|
recipients one at a time when their domain is listed in $mydestination.
|
|
This change solves delivery performance problems with delivery via
|
|
LMTP, with virus scanning, and with firewall relays that forward
|
|
all mail for $mydestination to an inside host.
|
|
|
|
The "one recipient at a time" delivery behavior is now controlled
|
|
by the per-transport recipient limit (xxx_destination_recipient_limit,
|
|
where xxx is the name of the delivery mechanism). This parameter
|
|
controls the number of recipients that can be sent in one delivery
|
|
(surprise).
|
|
|
|
The setting of the per-transport recipient limit also controls the
|
|
meaning of the per-transport destination concurrency limit (named
|
|
xxx_destination_concurrency_limit, where xxx is again the name of
|
|
the delivery mechanism):
|
|
|
|
1) When the per-transport recipient limit is 1 (i.e., send one
|
|
recipient per delivery), the per-transport destination concurrency
|
|
limit controls the number of simultaneous deliveries to the
|
|
same recipient. This is the default behavior for delivery via
|
|
the Postfix local delivery agent.
|
|
|
|
2) When the per-transport recipient limit is > 1 (i.e., send
|
|
multiple recipients per delivery), the per-transport destination
|
|
concurrency limit controls the number of simultaneous deliveries
|
|
to the same domain. This is the default behavior for all other
|
|
Postfix delivery agents.
|
|
|
|
[snapshot-20010128] The Postfix local delivery agent now enforces
|
|
mailbox file size limits (default: mailbox_size_limit = 51200000).
|
|
This limit affects all file write access by the local delivery
|
|
agent or by a process run by the local delivery agent. The purpose
|
|
of this parameter is to act as a safety for run-away software. It
|
|
cannot be a substitute for a file quota management system. Specify
|
|
a limit of 0 to disable.
|
|
|
|
[snapshot-20010128] REJECT in header/body_checks is now flagged as
|
|
policy violation rather than bounce, for consistency in postmaster
|
|
notifications.
|
|
|
|
[snapshot-20010128] The default RBL (real-time blackhole lists)
|
|
domain examples have been changed from *.vix.com to *.mail-abuse.org.
|
|
|
|
[snapshot-20001210] Several interfaces of libutil and libglobal
|
|
routines have changed. This may break third-party code written
|
|
for Postfix. In particular, the safe_open() routine has changed,
|
|
the way the preferred locking method is specified in the sys_defs.h
|
|
file, as well as all routines that perform file locking. When
|
|
compiling third-party code written for Postfix, the incompatibilities
|
|
will be detected by the compiler provided that #include file
|
|
dependencies are properly maintained.
|
|
|
|
[snapshot-20001210] When delivering to /file/name (as directed in
|
|
an alias or .forward file), the local delivery agent now logs a
|
|
warning when it is unable to create a /file/name.lock file. Mail
|
|
is still delivered as before.
|
|
|
|
[snapshot-20001210] The "sun_mailtool_compatibility" feature is
|
|
going away (a compatibility mode that turns off kernel locks on
|
|
mailbox files). It still works, but a warning is logged. Instead
|
|
of using "sun_mailtool_compatibility", specify the mailbox locking
|
|
strategy as "mailbox_delivery_lock = dotlock".
|
|
|
|
[snapshot-20001210] The Postfix SMTP client now skips SMTP server
|
|
replies that do not start with "CODE SPACE" or with "CODE HYPHEN"
|
|
and flags them as protocol errors. Older Postfix SMTP clients
|
|
silently treated "CODE TEXT" as "CODE SPACE TEXT", i.e. as a valid
|
|
SMTP reply.
|
|
|
|
[snapshot-20001121] On RedHat Linux 7.0, you must install the
|
|
db3-devel RPM before you can compile the Postfix source code.
|
|
|
|
[snapshot-20000924] The postmaster address in the "sorry" text at
|
|
the top of bounced mail is now just postmaster, not postmaster@machine.
|
|
The idea is to refer users to their own postmaster.
|
|
|
|
[snapshot-20000921] The notation of [host:port] in transport tables
|
|
etc. is going away but it is still supported. The preferred form
|
|
is now [host]:port. This change is necessary to support IPV6
|
|
address forms which use ":" as part of a numeric IP address. In a
|
|
future release, Postfix will log a warning when it encounters the
|
|
[host:port] form.
|
|
|
|
[snapshot-20000921] In mail headers, Errors-To:, Reply-To: and
|
|
Return-Receipt: addresses are now rewritten as a sender address
|
|
(was: recipient).
|
|
|
|
[snapshot-20000921] Postfix no longer inserts Sender: message
|
|
headers.
|
|
|
|
[snapshot-20000921] The queue manager now logs the original number
|
|
of recipients when opening a queue file (example: from=<>, size=3502,
|
|
nrcpt=1).
|
|
|
|
[snapshot-20000921] The local delivery agent no longer appends a
|
|
blank line to mail that is delivered to external command.
|
|
|
|
[snapshot-20000921] The pipe delivery agent no longer appends a
|
|
blank line when the F flag is specified (in the master.cf file).
|
|
Specify the B flag if you need that blank line.
|
|
|
|
[snapshot-20000507] As required by RFC 822, Postfix now inserts a
|
|
generic destination message header when no destination header is
|
|
present. The text is specified via the undisclosed_recipients_header
|
|
configuration parameter (default: "To: undisclosed-recipients:;").
|
|
|
|
[snapshot-20000507] The Postfix sendmail command treats a line with
|
|
only `.' as the end of input, for the sake of sendmail compatibility.
|
|
To disable this feature, specify the sendmail-compatible `-i' or
|
|
`-oi' flags on the sendmail command line.
|
|
|
|
[snapshot-20000507] For the sake of Sendmail compatibility, the
|
|
Postfix SMTP client skips over SMTP servers that greet with a 4XX
|
|
or 5XX reply code, treating them as unreachable servers. To obtain
|
|
prior behavior (4XX=retry, 5XX=bounce), specify "smtp_skip_4xx_greeting
|
|
= no" and "smtp_skip_5xx_greeting = no".
|
|
|
|
Major changes with release-20010228
|
|
===================================
|
|
|
|
Postfix produces DSN formatted bounced/delayed mail notifications.
|
|
The human-readable text still exists, so that users will not have
|
|
to be unnecessarily confused by all the ugliness of RFC 1894. Full
|
|
DSN support will be later.
|
|
|
|
This release introduces full content filtering through an external
|
|
process. This involves an incompatible change in queue file format.
|
|
Mail is delivered to content filtering software via an existing
|
|
mail delivery agent, and is re-injected into Postfix via an existing
|
|
mail submission agent. See examples in the FILTER_README file.
|
|
Depending on how the filter is implemented, you can expect to lose
|
|
a factor of 2 to 4 in delivery performance of SMTP transit mail,
|
|
more if the content filtering software needs lots of CPU or memory.
|
|
|
|
Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick
|
|
and dirty emergency content filter that looks at non-header lines
|
|
one line at a time (including MIME headers inside the message body).
|
|
Details in conf/sample-filter.cf.
|
|
|
|
The header_checks and body_checks features can be used to strip
|
|
out unwanted data. Specify IGNORE on the right-hand side and the
|
|
data will disappear from the mail.
|
|
|
|
Support for SASL (RFC 2554) authentication in the SMTP server and
|
|
in the SMTP and LMTP clients. See the SASL_README file for more
|
|
details. This file still needs better examples.
|
|
|
|
Postfix now ships with an LMTP delivery agent that can deliver over
|
|
local/remote TCP sockets and over local UNIX-domain sockets. The
|
|
LMTP_README file gives example, but still needs to be revised.
|
|
|
|
Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination
|
|
logfiles with information about what mail is queued for selected
|
|
destinations. See the file ETRN_README for details.
|
|
|
|
The mailbox locking style is now fully configurable at runtime.
|
|
The new configuration parameter is called "mailbox_delivery_lock".
|
|
Depending on the operating system type, mailboxes can be locked
|
|
with one or more of "flock", "fcntl" or "dotlock". The command
|
|
"postconf -l" shows the available locking styles. The default
|
|
mailbox locking style is system dependent. This change affects
|
|
all mailbox and all "/file/name" deliveries by the Postfix local
|
|
delivery agent.
|
|
|
|
Minor changes with release-20010228
|
|
===================================
|
|
|
|
You can now specify multiple SMTP destinations in the relayhost
|
|
and fallback_relay configuration parameters. The destinations are
|
|
tried in the specified order. Specify host or host:port (perform
|
|
MX record lookups), [host] or [host]:port (no MX record lookups),
|
|
[address] or [address]:port (numerical IP address).
|
|
|
|
The "mailbox_transport" and "fallback_transport" parameters now
|
|
understand the form "transport:nexthop", with suitable defaults
|
|
when either transport or nexthop are omitted, just like in the
|
|
Postfix transport map. This allows you to specify for example,
|
|
"mailbox_transport = lmtp:unix:/file/name".
|
|
|
|
The local_transport and default_transport configuration parameters
|
|
can now be specified in transport:destination notation, just like
|
|
the mailbox_transport and fallback_transport parameters. The
|
|
:destination part is optional. However, these parameters take only
|
|
one destination, unlike relayhost and fallback-relay which take
|
|
any number of destinations.
|
|
|
|
More general virtual domain support. Postfix now supports both
|
|
Sendmail-style virtual domains and Postfix-style virtual domains.
|
|
Details and examples are given in the revised virtual manual page.
|
|
|
|
- With Sendmail-style virtual domains, local users/aliases/mailing
|
|
lists are visible as localname@virtual.domain. This is convenient
|
|
if you want to host mailing lists under virtual domains.
|
|
|
|
- With Postfix-style virtual domains, local users/aliases/mailing
|
|
lists are not visible as localname@virtual.domain. Each virtual
|
|
domain has its own separate name space.
|
|
|
|
More general "soft bounce" feature. Specify "soft_bounce = yes"
|
|
in main.cf to prevent the SMTP server from bouncing mail while you
|
|
are testing configurations. Until this release the SMTP server was
|
|
not aware of soft bounces.
|
|
|
|
Workarounds for non-standard RFC 2554 (AUTH command) implementations.
|
|
Specify "broken_sasl_auth_clients = yes" to enable SMTP server
|
|
support for old Microsoft client applications. The Postfix SMTP
|
|
client supports non-standard RFC 2554 servers by default.
|
|
|
|
All time-related configuration parameters now accept a one-letter
|
|
suffix to indicate the time unit (s: second, m: minute, h: hour,
|
|
d: day, w: week). The exceptions are the LDAP and MYSQL modules
|
|
which are maintained separately.
|
|
|
|
New "import_environment" and "export_environment" configuration
|
|
parameters provide explicit control over what environment variables
|
|
Postfix will import, and what environment variables Postfix will
|
|
pass on to a non-Postfix process.
|
|
|
|
In order to improve performance of one-to-one deliveries, Postfix
|
|
by default now looks at up to 10000 messages at a time (was: 1000).
|
|
|
|
Specify "syslog_facility = log_local1" etc. to separate the logging
|
|
from multiple Postfix instances. However, a non-default logging
|
|
facility takes effect only after process initialization. Errors
|
|
during command-line parsing are still logged with the default syslog
|
|
facility, as are errors while processing the main.cf file.
|
|
|
|
Postfix now strips out Content-Length: headers in incoming mail to
|
|
avoid confusion in mail user agents.
|
|
|
|
Specify "require_home_directory = yes" to prevent mail from being
|
|
delivered to a user whose home directory is not mounted. This
|
|
feature is implemented by the Postfix local delivery agent.
|
|
|
|
The pipe mailer has a size limit (size=nnn) command-line argument.
|
|
|
|
The pipe delivery agent has a configurable end-of-line attribute.
|
|
Specify "pipe ... eol=\r\n" for delivery mechanisms that require
|
|
CRLF record delimiters. The eol attribute understands the following
|
|
C-style escape sequences: \a \b \f \n \r \t \v \nnn \\.
|
|
|
|
In master.cf you can selectively override main.cf configuration
|
|
parameters, for example: "smtpd -o myhostname=foo.com".
|
|
|
|
In main.cf, specify "smtp_bind_address=x.x.x.x" to bind SMTP
|
|
connections to a specific local interface. Or override the default
|
|
setting in master.cf with "smtp -o smtp_bind_address=x.x.x.x".
|
|
For now, you must specify a numeric IP address.
|
|
|
|
Questionable feature: with "smtp_always_send_ehlo = yes", the SMTP
|
|
client sends EHLO regardless of the content of the SMTP server's
|
|
greeting.
|
|
|
|
Specify "-d key" to postalias or postmap in order to remove one
|
|
key. This still needs to be generalized to multi-key removal (e.g.,
|
|
read keys from stdin).
|
|
|
|
Comments in Postfix configuration files no longer contain troff
|
|
formatting codes. The text is now generated from prototype files
|
|
in a new "proto" subdirectory.
|
|
|
|
Major changes with postfix-19991231:
|
|
====================================
|
|
|
|
- It is now much more difficult to configure Postfix as an open
|
|
relay. The SMTP server requires that "smtpd_recipient_restrictions"
|
|
contains at least one restriction that by default refuses mail (as
|
|
is the default). There were too many accidents with changes to
|
|
the UCE restrictions.
|
|
|
|
- The relay_domains parameter no longer needs to contain $virtual_maps.
|
|
|
|
- Overhauled FAQ (html/faq.html) with many more examples.
|
|
|
|
- Updated UCE documentation (html/uce.html) with more examples.
|
|
More UCE configuration examples in sample configuration files.
|
|
|
|
- Several little improvements to the installation procedure:
|
|
relative symlinks, configurable directory for scratch files so the
|
|
installation can be done without write access to the build tree.
|
|
|
|
- Updated LDAP client code (John Hensley).
|
|
|
|
- Updated mysql client code (Scott Cotton).
|
|
|
|
- The SMTP server now rejects mail for unknown users in virtual
|
|
domains that are defined by Postfix virtual maps.
|
|
|
|
- The SMTP server can reject mail for unknown local users. Specify
|
|
"local_recipient_maps = $alias_maps, unix:passwd.byname" if your
|
|
local mail is delivered by a UNIX-style local delivery agent. See
|
|
example in conf/main.cf.
|
|
|
|
- Use "disable_vrfy_command = yes" to disable the SMTP VRFY command.
|
|
This prevents some forms of address harvesting.
|
|
|
|
- The sendmail "-f" option now understands <user> and even understands
|
|
forms with RFC 822-style comments.
|
|
|
|
- New "qmgr_fudge_factor" parameter allows you to balance mailing
|
|
list performance against response time for one-to-one mail. The
|
|
fudge factor controls what percentage of delivery resources Postfix
|
|
will devote to one message. With 100%, delivery of one message
|
|
does not begin before delivery of the previous message is completed.
|
|
This is good for list performance, bad for one-to-one mail. With
|
|
10%, response time for one-to-one mail improves much, but list
|
|
performance suffers: in the worst case, people near the start of a
|
|
mailing list get a burst of postings today, while people near the
|
|
end of the list get that same burst of postings a whole day later.
|
|
|
|
- It is now relatively safe to configure 550 status codes for the
|
|
main.cf unknown_address_reject_code or unknown_client_reject_code
|
|
parameters. The SMTP server now always sends a 450 (try again)
|
|
reply code when an UCE restriction fails due to a soft DNS error,
|
|
regardless of what main.cf specifies.
|
|
|
|
- The RBL checks now show the content of TXT records (Simon J Mudd).
|
|
|
|
- The Postfix SMTP server now understands a wider range of illegal
|
|
address forms in MAIL FROM and RCPT TO commands. In order to disable
|
|
illegal forms, specify "strict_rfc821_envelopes = yes". This also
|
|
disables support for MAIL FROM and RCPT TO addresses without <>.
|
|
|
|
- Per-client/helo/sender/recipient UCE restrictions (fully-recursive
|
|
UCE restriction parser). See the RESTRICTION_CLASS file for details.
|
|
|
|
- Use "postmap -q key" or "postalias -q key" for testing Postfix
|
|
lookup tables or alias files.
|
|
|
|
- Use "postconf -e name=value..." to edit the main.cf file. This
|
|
is easier and safer than editing the main.cf file by hand. The
|
|
edits are done on a temporary copy that is renamed into place.
|
|
|
|
- Use "postconf -m" to display all supported lookup table types
|
|
(Scott Cotton).
|
|
|
|
- New "permit_auth_destination" UCE restriction for finer-grained
|
|
access control (Jesper Skriver).
|
|
|
|
Incompatible changes with postfix-19990906
|
|
==========================================
|
|
|
|
- On systems that use user.lock files to protect system mailboxes
|
|
against simultaneous updates, Postfix now uses /file/name.lock
|
|
files while delivering to files specified in aliases/forward/include
|
|
files. This is a no-op when the recipient lacks directory write
|
|
permission.
|
|
|
|
- The LDAP client code no longer looks up a name containing "*"
|
|
because it could be abused. See the LDAP_README file for how to
|
|
restore previous behavior.
|
|
|
|
- The Postfix to PCRE interface now expects PCRE version 2.08.
|
|
Postfix is no longer compatible with PCRE versions prior to 2.06.
|
|
|
|
Major changes with postfix-19990906
|
|
===================================
|
|
|
|
Several bugfixes, none related to security. See the HISTORY file
|
|
for a complete list of changes.
|
|
|
|
- Postfix is now distributed under IBM Public License Version 1.0
|
|
which does not carry the controversial termination clause. The new
|
|
license does have a requirement that contributors make source code
|
|
available.
|
|
|
|
- INSTALL.sh install/upgrade procedure that replaces existing
|
|
programs and shell scripts instead of overwriting them, and that
|
|
leaves existing queue files and configuration files alone.
|
|
|
|
- The ugly Delivered-To: header can now be turned off selectively.
|
|
The default setting is: "prepend_delivered_header = command, file,
|
|
forward". Turning off the Delivered-To: header when forwarding
|
|
mail is not recommended.
|
|
|
|
- mysql client support by Scott Cotton and Joshua Marcus, Internet
|
|
Consultants Group, Inc. See the file MYSQL_README for instructions.
|
|
|
|
- reject_unauth_destination SMTP recipient restriction that rejects
|
|
destinations not in $relay_domains. Unlike the check_relay_domains
|
|
restriction, reject_unauth_destination ignores the client hostname.
|
|
By Lamont Jones of Hewlett-Packard.
|
|
|
|
- reject_unauth_pipelining SMTP *anything* restriction to stop mail
|
|
from spammers that improperly use SMTP command pipelining to speed
|
|
up their deliveries.
|
|
|
|
- Postfix "sendmail" now issues a warning and drops privileges if
|
|
installed set-uid root.
|
|
|
|
- No more duplicate delivery when "postfix reload" is immediately
|
|
followed by "sendmail -q".
|
|
|
|
- No more "invalid argument" errors when a Postfix daemon opens a
|
|
DB/DBM file while some other process is changing the file.
|
|
|
|
- Portability to the Mac OS X Server, Reliant Unix, AIX 3.2.5 and
|
|
Ultrix 4.3.
|
|
|
|
Incompatible changes with postfix-19990601:
|
|
===========================================
|
|
|
|
- The SMTP server now delays all UCE restrictions until the RCPT
|
|
TO, VRFY or ETRN command. This makes the restrictions more useful,
|
|
because many SMTP clients do not expect negative responses earlier
|
|
in the protocol. In order to restore the old behavior, specify
|
|
"smtpd_delay_reject = no" in /etc/postfix/main.cf.
|
|
|
|
- The Postfix local delivery agent no longer automatically propagates
|
|
address extensions to aliases/include/forward addresses. Specify
|
|
"propagate_unmatched_extensions = canonical, virtual, alias, forward,
|
|
include" to restore the old behavior.
|
|
|
|
- The Postfix local delivery agent no longer does $name expansion
|
|
on words found in the mailbox_command configuration parameter. This
|
|
makes it easier to specify shell syntax. See conf/main.cf.
|
|
|
|
- The luser_relay syntax has changed. You can specify one address;
|
|
it is subjected to $user, etc. expansions. See conf/main.cf.
|
|
|
|
- File system reorganization: daemon executables are now in the
|
|
libexec subdirectory, command executables in the bin subdirectory.
|
|
The INSTALL instructions now recommend installing daemons and
|
|
commands into separate directories.
|
|
|
|
Major changes with postfix-19990601:
|
|
=====================================
|
|
|
|
- New USER, EXTENSION, LOCAL, DOMAIN and RECIPIENT environment
|
|
variables for delivery to command (including mailbox_command) by
|
|
the local delivery agent. As you might expect, the information is
|
|
censored. The list of acceptable characters is specified with the
|
|
command_expansion_filter configuration parameter. Unacceptable
|
|
characters are replaced by underscores. See html/local.8.html.
|
|
|
|
- Specify "forward_path = /var/forward/$user" to avoid looking up
|
|
.forward files in user home directories. The default value is
|
|
$home/.forward$recipient_delimiter$extension, $home/.forward.
|
|
Initial code by Philip A. Prindeville, Mirapoint, Inc., USA.
|
|
|
|
- Conditional $name expansion in forward_path and luser_relay.
|
|
Available names are: $user (bare user name) $shell (user login
|
|
shell), $home (user home directory), $local (everything to the left
|
|
of @), $extension (optional address extension), $domain (everything
|
|
to the right of @), $recipient (the complete address) and
|
|
$recipient_delimiter. A simple $name expands as usual. ${name?value}
|
|
expands to value when $name is defined. ${name:value} expands to
|
|
value when $name is not defined. With ${name?value} and ${name:value},
|
|
the value is subject to another iteration of $name expansion.
|
|
|
|
- POSIX regular expression support, enabled by default on 4.4BSD,
|
|
LINUX, HP-UX, and Solaris 2.5 and later. See conf/sample-regexp.cf.
|
|
Initial code by Lamont Jones, Hewlett-Packard, borrowing heavily
|
|
from the PCRE implementation by Andrew McNamara, connect.com.au
|
|
Pty. Ltd., Australia.
|
|
|
|
- Regular expression checks for message headers. This requires
|
|
support for POSIX or for PCRE regular expressions. Specify
|
|
"header_checks = regexp:/file/name" or "header_checks = pcre:/file/name",
|
|
and specify "/^header-name: badstuff/ REJECT" in the pattern file
|
|
(patterns are case-insensitive by default). Code by Lamont Jones,
|
|
Hewlett-Packard. It is to be expected that full content filtering
|
|
will be delegated to an external command.
|
|
|
|
- Regular expression support for all lookup tables, including access
|
|
control (full mail addresses only), address rewriting (canonical/virtual,
|
|
full mail addresses only) and transport tables (full domain names
|
|
only). However, regular expressions are not allowed for aliases,
|
|
because that would open up security exposures.
|
|
|
|
- Automatic detection of changes to DB or DBM lookup tables. This
|
|
eliminates the need to run "postfix reload" after each change to
|
|
the SMTP access table, or to the canonical, virtual, transport or
|
|
aliases tables.
|
|
|
|
- New error mailer. Specify ".domain.name error:domain is undeliverable"
|
|
in the transport table to bounce mail for entire domains.
|
|
|
|
- No more Postfix lockups on Solaris (knock on wood). The code no
|
|
longer uses Solaris UNIX-domain sockets, because they are still
|
|
broken, even with Solaris 7.
|
|
|
|
- Workaround for the Solaris mailtool, which keeps an exclusive
|
|
kernel lock on the mailbox while its window is not iconified (specify
|
|
"sun_mailtool_compatibility = yes" in main.cf).
|
|
|
|
- Questionable workaround for Solaris, which reportedly loses
|
|
long-lived exclusive locks that are held by the master daemon.
|
|
|
|
- New reject_unknown_{sender,recipient}_domain restrictions for
|
|
sender and recipient mail addresses that distinguish between soft
|
|
errors (always 450) and hard errors (unknown_address_reject_code,
|
|
default 450).
|
|
|
|
- MIME-encapsulated bounce messages, making it easier to recover
|
|
bounced mail. Initial implementation by Philip A. Prindeville,
|
|
Mirapoint, Inc., USA. Support for RFC 1892 (multipart/report) and
|
|
RFC 1894 (DSN) will have to wait until Postfix internals have been
|
|
revised to support RFC 1893.
|
|
|
|
- Separately configurable "postmaster" addresses for single bounces
|
|
(bounce_notice_recipient), double bounces (2bounce_notice_recipient),
|
|
delayed mail (delay_notice_recipient), and for mailer error reports
|
|
(error_notice_recipient). See conf/main.cf.
|
|
|
|
- Questionable feature: specify "best_mx_transport = local" if
|
|
this machine is the best MX host for domains not in mydestinations.
|
|
|
|
Incompatible changes with postfix-19990317:
|
|
===========================================
|
|
|
|
- You MUST install the new version of /etc/postfix/postfix-script.
|
|
|
|
- The pipe mailer "flags" syntax has changed. You now explicitly
|
|
MUST specify the R flag in order to generate a Return-Path: message
|
|
header (as needed by, for example, cyrus).
|
|
|
|
Major changes with postfix-19990317:
|
|
====================================
|
|
|
|
A detailed record of changes is given in the HISTORY file.
|
|
|
|
- Less postmaster mail. Undeliverable bounce messages (double
|
|
bounces) are now discarded. Specify "notify_classes = 2bounce..."
|
|
to get copies of double bounces. Specify "notify_classes = bounce..."
|
|
to get copies of normal and double bounces.
|
|
|
|
- Improved LDAP client code by John Hensley of Merit Network, USA.
|
|
See LDAP_README for details.
|
|
|
|
- Perl-compatible regular expression support for lookup maps by
|
|
Andrew McNamara, connect.com.au Pty. Ltd., Australia.. Example:
|
|
"check_recipient_access pcre:/etc/postfix/sample-pcre.cf". Regular
|
|
expressions provide a powerful tool not only for SMTP access control
|
|
but also for address rewriting. See PCRE_README for details.
|
|
|
|
- Automatic notification of delayed mail (disabled by default).
|
|
With "delay_warning_time = 4", Postfix informs senders when mail
|
|
has not been delivered after 4 hours. Initial version of the code
|
|
by Daniel Eisenbud, University of California at Berkeley. In order
|
|
to get postmaster copies of such warnings, specify "notify_classes
|
|
= delay...".
|
|
|
|
- More configurable local delivery: "mail_spool_directory" to
|
|
specify the UNIX mail spool directory; "mailbox_transport" to
|
|
delegate all mailbox delivery to, for example, cyrus, and
|
|
"fallback_transport" to delegate delivery of only non-UNIX users.
|
|
And all this without losing local aliases and local .forward
|
|
processing. See config/main.cf and config/master.cf.
|
|
|
|
- Several changes to improve Postfix behavior under worst-case
|
|
conditions (frequent Postfix restarts/reloads combined with lots
|
|
if inbound mail, intermittent connectivity problems, SMTP servers
|
|
that become comatose after receiving QUIT).
|
|
|
|
- More NFS-friendly mailbox delivery. The local delivery agent
|
|
now avoids using root privileges where possible.
|
|
|
|
- For sites that do not receive mail at all, mydestination can now
|
|
be an empty string. Be sure to set up a transport table entry to
|
|
prevent mail from looping.
|
|
|
|
- New "postsuper" utility to clean up stale files from Postfix
|
|
queues.
|
|
|
|
- Workaround for BSD select() collisions that cause performance
|
|
problems on large BSD systems.
|
|
|
|
- Several questionable but useful features to capture mail:
|
|
"always_bcc = address" to capture a copy of every message that
|
|
enters the system, and "luser_relay = address" to capture mail for
|
|
unknown recipients (does not work when mailbox_transport or
|
|
fallback_transport are being used).
|
|
|
|
- Junk mail controls: new reject_non_fqdn_{hostname,sender,recipient}
|
|
restrictions to reject non-FQDN arguments in HELO, MAIL FROM and
|
|
RCPT TO commands, and stricter checking of numeric HELO arguments.
|
|
|
|
- "fallback_relay" feature for sites that use DNS but that can't
|
|
talk to the entire world. The fall-back relay gets the mail when
|
|
a destination is not found in the DNS or when the destination is
|
|
found but not reachable.
|
|
|
|
- Several questionable controls that can help to keep mail going:
|
|
specify "smtp_skip_4xx_greeting = yes" to skip SMTP servers that
|
|
greet with 4XX, "ignore_mx_lookup_error = yes" to look up an A
|
|
record when a DNS server does not respond to an MX query.
|
|
|
|
Incompatible changes with postfix-beta-19990122-pl01:
|
|
=====================================================
|
|
|
|
None.
|
|
|
|
Major changes with postfix-beta-19990122-pl01:
|
|
==============================================
|
|
|
|
- Restrict who may use ETRN and what domains may be specified.
|
|
Example: "smtpd_etrn_restrictions = permit_mynetworks, reject".
|
|
|
|
- BIFF notifications. For compatibility reasons this feature is
|
|
on by default. Specify "biff = no" in main.cf if your machine has
|
|
lots of shell users.
|
|
|
|
- With "soft_bounce = yes", defer delivery instead of bouncing
|
|
mail. This is a safety net for configuration errors with delivery
|
|
agents. It has no effect on errors in virtual maps, canonical maps,
|
|
or in junk mail restrictions.
|
|
|
|
- Specify "owner_request_special = no" to turn off special treatment
|
|
of owner-foo and foo-request addresses.
|
|
|
|
Incompatible changes with postfix-beta-19990122:
|
|
================================================
|
|
|
|
- The syntax of the transport table has changed. An entry like:
|
|
|
|
customer.org smtp:[gateway.customer.org]
|
|
|
|
no longer forwards mail for anything.customer.org. For that you
|
|
need to specify:
|
|
|
|
customer.org smtp:[gateway.customer.org]
|
|
.customer.org smtp:[gateway.customer.org]
|
|
|
|
This change makes transport tables more compatible with
|
|
sendmail mailer tables.
|
|
|
|
- The format of syslog records has changed. A client is now always
|
|
logged as hostname[address]; the pickup daemon logs queue file uid
|
|
and sender address.
|
|
|
|
Major changes with postfix-beta-19990122:
|
|
=========================================
|
|
|
|
- Junk mail restrictions can now be postponed to the RCPT TO command.
|
|
Specify: "smtpd_recipient_restrictions = reject_maps_rbl...".
|
|
|
|
- More flexible interface for delivery to e.g., cyrus IMAP without
|
|
need for PERL scripts to munge recipient addresses. In addition to
|
|
$sender, $nexthop and $recipient, the pipe mailer now also supports
|
|
$user, $extension and $mailbox.
|
|
|
|
- New mail now has precedence over deferred mail, plus some other
|
|
tweaks to make bulk mail go faster. But it ain't no cure for massive
|
|
network outages.
|
|
|
|
- Watchdog timer for systems that cause the Postfix queue manager
|
|
to lock up, so it recovers without human intervention.
|
|
|
|
- Delivery to qmail-style maildir files, which is good for NFS
|
|
environments. Specify "home_mailbox = Maildir/", or specify
|
|
/file/name/ in aliases or in .forward files. The trailing / is
|
|
required to turn on maildir delivery.
|
|
|
|
- Incremental updates of aliases and maps. Specify "postmap -i
|
|
mapname" and it will read new entries from stdin.
|
|
|
|
- Newaliases will now update more than one alias database.
|
|
Specify the names with the main.cf "alias_database" parameter.
|
|
|
|
- Address masquerading exceptions to prevent users from being
|
|
masqueraded. Specify "masquerade_exceptions = root".
|
|
|
|
- A pipelined SMTP client. Deliveries to Postfix, qmail, LSOFT,
|
|
zmailer, and exim (once it's fixed) speed up by some 30% for short
|
|
messages with one recipient, with more for multi-recipient mails.
|
|
|
|
- Hook for local delivery to "|command" via the smrsh restricted
|
|
shell, to restrict what commands may be used in .forward etc. files.
|
|
Specify "local_command_shell = /some/where/smrsh -c".
|