head 1.47; access; symbols pkgsrc-2023Q4:1.46.0.2 pkgsrc-2023Q4-base:1.46 pkgsrc-2023Q3:1.45.0.2 pkgsrc-2023Q3-base:1.45 pkgsrc-2023Q2:1.44.0.2 pkgsrc-2023Q2-base:1.44 pkgsrc-2023Q1:1.43.0.2 pkgsrc-2023Q1-base:1.43 pkgsrc-2022Q4:1.42.0.2 pkgsrc-2022Q4-base:1.42 pkgsrc-2022Q3:1.41.0.2 pkgsrc-2022Q3-base:1.41 pkgsrc-2022Q2:1.40.0.4 pkgsrc-2022Q2-base:1.40 pkgsrc-2022Q1:1.40.0.2 pkgsrc-2022Q1-base:1.40 pkgsrc-2021Q4:1.39.0.2 pkgsrc-2021Q4-base:1.39 pkgsrc-2021Q3:1.37.0.2 pkgsrc-2021Q3-base:1.37 pkgsrc-2021Q2:1.36.0.2 pkgsrc-2021Q2-base:1.36 pkgsrc-2021Q1:1.32.0.2 pkgsrc-2021Q1-base:1.32 pkgsrc-2020Q4:1.31.0.2 pkgsrc-2020Q4-base:1.31 pkgsrc-2020Q3:1.30.0.2 pkgsrc-2020Q3-base:1.30 pkgsrc-2020Q2:1.27.0.2 pkgsrc-2020Q2-base:1.27 pkgsrc-2020Q1:1.24.0.2 pkgsrc-2020Q1-base:1.24 pkgsrc-2019Q4:1.22.0.4 pkgsrc-2019Q4-base:1.22 pkgsrc-2019Q3:1.20.0.2 pkgsrc-2019Q3-base:1.20 pkgsrc-2019Q2:1.18.0.2 pkgsrc-2019Q2-base:1.18 pkgsrc-2019Q1:1.17.0.4 pkgsrc-2019Q1-base:1.17 pkgsrc-2018Q4:1.17.0.2 pkgsrc-2018Q4-base:1.17 pkgsrc-2018Q3:1.16.0.4 pkgsrc-2018Q3-base:1.16 pkgsrc-2018Q2:1.16.0.2 pkgsrc-2018Q2-base:1.16 pkgsrc-2018Q1:1.15.0.2 pkgsrc-2018Q1-base:1.15 pkgsrc-2017Q4:1.13.0.2 pkgsrc-2017Q4-base:1.13 pkgsrc-2017Q3:1.11.0.6 pkgsrc-2017Q3-base:1.11 pkgsrc-2017Q2:1.11.0.2 pkgsrc-2017Q2-base:1.11 pkgsrc-2017Q1:1.8.0.2 pkgsrc-2017Q1-base:1.8 pkgsrc-2016Q4:1.6.0.2 pkgsrc-2016Q4-base:1.6 pkgsrc-2016Q3:1.3.0.2 pkgsrc-2016Q3-base:1.3 pkgsrc-2016Q2:1.2.0.2 pkgsrc-2016Q2-base:1.2 pkgsrc-2016Q1:1.1.0.6 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.4 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.2 pkgsrc-2015Q3-base:1.1; locks; strict; comment @# @; 1.47 date 2024.02.28.15.16.19; author taca; state Exp; branches; next 1.46; commitid Ia6DdtVj42DIed0F; 1.46 date 2023.12.22.17.29.17; author wiz; state Exp; branches; next 1.45; commitid 6b3zS8Qu49zQ9uRE; 1.45 date 2023.07.15.14.56.26; author otis; state Exp; branches; next 1.44; commitid HP8bs5XYxn64sUwE; 1.44 date 2023.05.08.04.30.44; author triaxx; state Exp; branches; next 1.43; commitid e43e0ykjJP8db7oE; 1.43 date 2023.01.28.09.28.30; author taca; state Exp; branches; next 1.42; commitid ePAeTvwSLpsD2ibE; 1.42 date 2022.10.15.20.34.57; author triaxx; state Exp; branches; next 1.41; commitid n8iuVFFe36Z06RXD; 1.41 date 2022.07.21.15.08.39; author taca; state Exp; branches; next 1.40; commitid 0wOD8w4PHTPW3MMD; 1.40 date 2022.01.26.17.41.31; author triaxx; state Exp; branches; next 1.39; commitid JnEe6xM8tN3kyaqD; 1.39 date 2021.12.18.10.50.33; author adam; state Exp; branches; next 1.38; commitid oyCGo6rFt8QVx7lD; 1.38 date 2021.11.08.13.58.09; author taca; state Exp; branches; next 1.37; commitid RxWrnCYmaR4YRZfD; 1.37 date 2021.07.26.15.38.10; author taca; state Exp; branches; next 1.36; commitid OooYW6l5xpssNv2D; 1.36 date 2021.06.14.14.29.47; author taca; state Exp; branches; next 1.35; commitid omlceturEC2ML6XC; 1.35 date 2021.06.02.15.29.56; author taca; state Exp; branches; next 1.34; commitid 0haljfqoMb4kuzVC; 1.34 date 2021.05.02.12.11.51; author wiz; state Exp; branches; next 1.33; commitid BfJCJknAgYoaozRC; 1.33 date 2021.04.26.15.26.08; author triaxx; state Exp; branches; next 1.32; commitid N8ETPsMTb0HvEOQC; 1.32 date 2021.01.21.16.37.59; author triaxx; state Exp; branches; next 1.31; commitid GvDcRSWTSBeN5CEC; 1.31 date 2020.11.22.11.14.44; author adam; state Exp; branches; next 1.30; commitid iwkslwo20HxafSwC; 1.30 date 2020.08.31.13.07.46; author otis; state Exp; branches; next 1.29; commitid 6CEJdb9k22cVwdmC; 1.29 date 2020.08.27.13.57.14; author triaxx; state Exp; branches; next 1.28; commitid F41zg76MmC9AWHlC; 1.28 date 2020.06.30.15.00.45; author taca; state Exp; branches; next 1.27; commitid bhmM77MRcbYQ9geC; 1.27 date 2020.06.15.15.43.32; author taca; state Exp; branches; next 1.26; commitid rpfpcOXJZ4KdSkcC; 1.26 date 2020.05.18.14.21.53; author triaxx; state Exp; branches; next 1.25; commitid JcEVM9LQZUQdjJ8C; 1.25 date 2020.04.26.09.33.25; author taca; state Exp; branches; next 1.24; commitid 54tum7ED52S4rS5C; 1.24 date 2020.02.11.20.40.27; author triaxx; state Exp; branches; next 1.23; commitid 8M5SWbQzqtdvxiWB; 1.23 date 2020.01.28.08.16.51; author triaxx; state Exp; branches; next 1.22; commitid D4eQM5ljLcPIRqUB; 1.22 date 2019.12.09.08.45.14; author triaxx; state Exp; branches; next 1.21; commitid sv1kkFTAOkTUC0OB; 1.21 date 2019.11.02.16.25.26; author rillig; state Exp; branches; next 1.20; commitid 07isqwBcIbu6niJB; 1.20 date 2019.09.23.20.00.07; author triaxx; state Exp; branches; next 1.19; commitid nCsifpFfM5euOaEB; 1.19 date 2019.07.17.13.33.00; author triaxx; state Exp; branches; next 1.18; commitid czyC6gbhCz8mTovB; 1.18 date 2019.04.30.03.41.51; author taca; state Exp; branches; next 1.17; commitid sIzeaQDnjptS7klB; 1.17 date 2018.12.15.16.35.23; author taca; state Exp; branches; next 1.16; commitid W7q0aH5lULyeMU3B; 1.16 date 2018.05.21.14.49.47; author taca; state Exp; branches; next 1.15; commitid nAxAs9rxFrMySaDA; 1.15 date 2018.03.21.15.28.45; author taca; state Exp; branches; next 1.14; commitid w5Mv8kl66Nfn3lvA; 1.14 date 2018.02.25.12.27.49; author taca; state Exp; branches; next 1.13; commitid KzlivSZuONbaPesA; 1.13 date 2017.12.09.02.34.48; author taca; state Exp; branches; next 1.12; commitid iIBem96vnyXh3aiA; 1.12 date 2017.10.13.17.13.19; author taca; state Exp; branches; next 1.11; commitid MqpQawESCc82KUaA; 1.11 date 2017.06.19.06.54.15; author wiz; state Exp; branches; next 1.10; commitid ma6GtzpP3geb3XVz; 1.10 date 2017.06.17.08.02.22; author taca; state Exp; branches; next 1.9; commitid 75zlMyFED5nnuHVz; 1.9 date 2017.04.24.20.11.40; author fhajny; state Exp; branches; next 1.8; commitid UMhV42viWhP3gPOz; 1.8 date 2017.03.04.06.26.24; author taca; state Exp; branches; next 1.7; commitid cT67nCTy11sKkcIz; 1.7 date 2017.01.21.23.49.02; author rillig; state Exp; branches; next 1.6; commitid QgHg8cTuP5r3sTCz; 1.6 date 2016.10.31.04.19.07; author maya; state Exp; branches; next 1.5; commitid bID4kvOA99n0Cfsz; 1.5 date 2016.10.28.16.10.51; author jperkin; state Exp; branches; next 1.4; commitid G6HDuV42VN7LDVrz; 1.4 date 2016.10.09.12.28.19; author taca; state Exp; branches; next 1.3; commitid 3g8UqOmlqROL1tpz; 1.3 date 2016.09.18.17.10.28; author taca; state Exp; branches; next 1.2; commitid BEk4oXUsnpjtgNmz; 1.2 date 2016.04.10.16.39.28; author joerg; state Exp; branches; next 1.1; commitid 4zcHxHDqKoJLg62z; 1.1 date 2015.09.07.09.47.01; author fhajny; state Exp; branches; next ; commitid 42C2mmB9De5xViAy; desc @@ 1.47 log @mail/postfix: upadte to 3.8.5 3.8.5 (2024-01-22) Security: this release improves support to defend against an email spoofing attack (SMTP smuggling) on recipients at a Postfix server. For background, see https://www.postfix.org/smtp-smuggling.html. The improvements provide better logging, and better compatibility with existing SMTP clients (less need to allowlist clients). Sites concerned about SMTP smuggling attacks should enable this feature on Internet-facing Postfix servers. For compatibility with non-standard clients, Postfix by default excludes clients in mynetworks from this countermeasure. The recommended settings are: # Require the standard End-of-DATA sequence .. # Otherwise, allow bare and process it as if the client sent # . # # This maintains compatibility with many legitimate SMTP client # applications that send a mix of standard and non-standard line # endings, but will fail to receive email from client implementations # that do not terminate DATA content with the standard End-of-DATA # sequence .. # # Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions. # The example below allowlists SMTP clients in trusted networks. # smtpd_forbid_bare_newline = normalize smtpd_forbid_bare_newline_exclusions = $mynetworks Notes: * The default setting is "smtpd_forbid_bare_newline = no" in Postfix releases < 3.9, for compatibility reasons. This means that Postfix is by default vulnerable to SMTP smuggling. * The new setting "smtpd_forbid_bare_newline = normalize" is the default for Postfix releases 3.9 and later. * The old setting "smtpd_forbid_bare_newline = yes" is now an alias for "smtpd_forbid_bare_newline = normalize". * The new setting "smtpd_forbid_bare_newline = reject" will refuse commands or message content with a bare newline. For details see the RELEASE_NOTES or the postconf(5) documentation. @ text @# $NetBSD: Makefile.common,v 1.46 2023/12/22 17:29:17 wiz Exp $ # used by mail/postfix/Makefile # used by mail/postfix/Makefile.module DISTNAME= postfix-3.8.5 CATEGORIES= mail MASTER_SITES= ftp://ftp.porcupine.org/mirrors/postfix-release/official/ MAINTAINER= pkgsrc-users@@NetBSD.org HOMEPAGE= http://www.postfix.org/ # The postfix license has only very minor diffs from cpl-1.0. LICENSE= cpl-1.0 #LICENSE= postfix-license DISTINFO_FILE= ${PKGDIR}/../../mail/postfix/distinfo PATCHDIR= ${PKGDIR}/../../mail/postfix/patches CHECK_HEADERS_SKIP+= src/global/mail_params.h .include "../../mk/bsd.prefs.mk" POSTFIX_USER?= postfix POSTFIX_GROUP?= postfix MAILDROP_GROUP?= maildrop # POSTFIX_QUEUE_DIR is the default queue directory for Postfix. This is # merely a default, and may be changed by setting "queue_directory" in # ${PKG_SYSCONFDIR}/main.cf. # POSTFIX_DATA_DIR?= ${VARBASE}/db/postfix POSTFIX_QUEUE_DIR?= ${VARBASE}/spool/postfix POSTFIX_QUEUE_SUBDIR= active bounce corrupt defer deferred flush hold \ incoming maildrop pid private public saved trace BUILD_DEFS+= VARBASE POSTFIX_DATA_DIR POSTFIX_QUEUE_DIR # CCARGS is a list of options to pass to the preprocessor/compiler. # AUXLIBS is a list of options to pass to the linker. CCARGS= #defined AUXLIBS= ${LDFLAGS} # Enable Dovecot SASL CCARGS+= -DUSE_SASL_AUTH # Enable Berkeley DB map type. BDB_LIBS is defined in mk/bdb.buildlink3.mk. CCARGS+= -DHAS_DB AUXLIBS+= ${BDB_LIBS} # Disable modules by default .for module in cdb ldap lmdb mysql pcre pgsql sqlite CCARGS+= -DNO_${module:tu} .endfor # Set some default paths to override ${WRKSRC}/src/global/mail_params.h. CCARGS+= -DDEF_COMMAND_DIR=\"${PREFIX}/sbin\" CCARGS+= -DDEF_CONFIG_DIR=\"${PKG_SYSCONFDIR}\" CCARGS+= -DDEF_DAEMON_DIR=\"${LIBEXECDIR}\" CCARGS+= -DDEF_DATA_DIR=\"${POSTFIX_DATA_DIR}\" CCARGS+= -DDEF_MAILQ_PATH=\"${PREFIX}/bin/mailq\" CCARGS+= -DDEF_MANPAGE_DIR=\"${PREFIX}/${PKGMANDIR}\" CCARGS+= -DDEF_META_DIR=\"${PREFIX}/${METADIR}\" CCARGS+= -DDEF_NEWALIAS_PATH=\"${PREFIX}/bin/newaliases\" CCARGS+= -DDEF_QUEUE_DIR=\"${POSTFIX_QUEUE_DIR}\" CCARGS+= -DDEF_README_DIR=\"${DOCDIR}\" CCARGS+= -DDEF_SAMPLE_DIR=\"${EXAMPLEDIR}\" CCARGS+= -DDEF_SENDMAIL_PATH=\"${PREFIX}/sbin/sendmail\" CCARGS+= -DDEF_SHLIB_DIR=\"${PREFIX}/${SHLIBDIR}\" # Override those same default paths in the installed example main.cf. SUBST_CLASSES+= postfix SUBST_STAGE.postfix= post-configure SUBST_FILES.postfix= conf/main.cf src/global/mail_params.h SUBST_SED.postfix= \ -e 's|^\(data_directory\) =.*|\1 = ${POSTFIX_DATA_DIR}|' SUBST_SED.postfix+= \ -e 's|^\(queue_directory\) =.*|\1 = ${POSTFIX_QUEUE_DIR}|' SUBST_SED.postfix+= \ -e 's|^\(command_directory\) =.*|\1 = ${PREFIX}/sbin|' SUBST_SED.postfix+= \ -e 's|^\(daemon_directory\) =.*|\1 = ${LIBEXECDIR}|' SUBST_SED.postfix+= \ -e 's|^\(meta_directory\) =.*|\1 = ${PREFIX}/${METADIR}|' SUBST_SED.postfix+= \ -e 's|^\(shlib_directory\) =.*|\1 = ${PREFIX}/${SHLIBDIR}|' SUBST_SED.postfix+= \ -e 's|^\(sendmail_path\) =.*|\1 = ${PREFIX}/sbin/sendmail|' SUBST_SED.postfix+= \ -e 's|^\(newaliases_path\) =.*|\1 = ${PREFIX}/bin/newaliases|' SUBST_SED.postfix+= \ -e 's|^\(mailq_path\) =.*|\1 = ${PREFIX}/bin/mailq|' SUBST_SED.postfix+= \ -e 's|^\(mail_owner\) =.*|\1 = ${POSTFIX_USER}|' SUBST_SED.postfix+= \ -e 's|^\(setgid_group\) =.*|\1 = ${MAILDROP_GROUP}|' SUBST_SED.postfix+= \ -e 's|^\(manpage_directory\) =.*|\1 = ${PREFIX}/${PKGMANDIR}|' SUBST_SED.postfix+= \ -e 's|^\(sample_directory\) =.*|\1 = ${EXAMPLEDIR}|' SUBST_SED.postfix+= \ -e 's|^\(readme_directory\) =.*|\1 = ${DOCDIR}|' SUBST_SED.postfix+= \ -e '/^\#define DEF_MAIL_OWNER[ ]/s,postfix,${POSTFIX_USER},g' SUBST_SED.postfix+= \ -e '/^\#define DEF_SGID_GROUP[ ]/s,postdrop,${MAILDROP_GROUP},g' PKG_SYSCONFSUBDIR= postfix LIBEXECDIR= ${PREFIX}/libexec/postfix DOCDIR= ${PREFIX}/share/doc/postfix EXAMPLEDIR= ${PREFIX}/share/examples/postfix # Not prefixed so that we can use where relative path needed # METADIR set for postfix-2.6.x compatibility METADIR= libexec/postfix SHLIBDIR= lib/postfix BUILD_TARGET= # empty MAKE_ENV+= CC=${CC:Q} OPT=${CFLAGS:Q} MAKE_ENV+= AUXLIBS=${AUXLIBS:Q} CCARGS=${CCARGS:Q} MAKE_ENV+= DEBUG= # empty .if ${OPSYS} == "SunOS" && !exists(/usr/include/rpcsvc/nis_cache.h) CCARGS+= -DNO_NISPLUS .endif CFLAGS.SunOS+= -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 LDFLAGS.Darwin+= -headerpad_max_install_names DESTDIR_INSTALLOPTIONS= -package install_root="${DESTDIR}" do-configure: cd ${WRKSRC} && \ env ${MAKE_ENV} ${MAKE} -f Makefile.init makefiles \ 'CCARGS=${CCARGS}' 'AUXLIBS=${AUXLIBS}' \ shared=yes dynamicmaps=yes .include "../../mk/bdb.buildlink3.mk" @ 1.46 log @postfix*: update to 3.8.4 20230815 Bugfix (bug introduced: 20140218): when opportunistic TLS fails during or after the handshake, don't require that a probe message spent a minimum time-in-queue before falling back to plaintext. Problem reported by Serg. File: smtp/smtp.h. 20230819 Bugfix (defect introduced: 19980207): the valid_hostname() check in the Postfix DNS client library was blocking unusual but legitimate wildcard names (*.name) in some DNS lookup results and lookup requests. Examples: name class/type value *.one.example IN CNAME *.other.example *.other.example IN A 10.0.0.1 *.other.example IN TLSA ..certificate info... Such syntax is blesed in RFC 1034 section 4.3.3. This problem was reported first in the context of TLSA record lookups. Files: util/valid_hostname.[hc], dns/dns_lookup.c. 20230929 Bugfix (defect introduced Postfix 2.5, 20080104): the Postfix SMTP server was waiting for a client command instead of replying immediately, after a client certificate verification error in TLS wrappermode. Reported by Andreas Kinzler. File: smtpd/smtpd.c. 20231006 Usability: the Postfix SMTP server now attempts to log the SASL username after authentication failure. In Postfix logging, this appends ", sasl_username=xxx" after the reason for SASL authentication failure. The logging replaces an unavailable reason with "(reason unavailable)", and replaces an unavailable sasl_username with "(unavailable)". Based on code by Jozsef Kadlecsik. Files: xsasl/xsasl_server.c, xsasl/xsasl_cyrus_server.c, smtpd/smtpd_sasl_glue.c. 20231026 Bugfix (defect introduced: Postfix 2.11): in forward_path, the expression ${recipient_delimiter} would expand to an empty string when a recipient address had no recipient delimiter. Fixed by restoring Postfix 2.10 behavior to use a configured recipient delimiter value. Reported by Tod A. Sandman. Files: proto/postconf.proto, local/local_expand.c. 20231221 Security: with "smtpd_forbid_bare_newline = yes" (default "no" for Postfix < 3.9), reply with "Error: bare received" and disconnect when an SMTP client sends a line ending in , violating the RFC 5321 requirement that lines must end in . This prevents SMTP smuggling attacks that target a recipient at a Postfix server. For backwards compatibility, local clients are excluded by default with "smtpd_forbid_bare_newline_exclusions = $mynetworks". Files: mantools/postlink, proto/postconf.proto, global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h, smtpd/smtpd.c. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.45 2023/07/15 14:56:26 otis Exp $ d5 1 a5 1 DISTNAME= postfix-3.8.4 @ 1.45 log @postfix: Update to 3.8.1 Major changes with Postfix 3.8.1 ================================ - Security: the Postfix SMTP server optionally disconnects remote SMTP clients that violate RFC 2920 (or 5321) command pipelining constraints. The server replies with "554 5.5.0 Error: SMTP protocol synchronization" and logs the unexpected remote SMTP client input. Specify "smtpd_forbid_unauth_pipelining = yes" to enable. This feature is enabled by default in Postfix 3.9 and later. - Workaround to limit collateral damage from OS distributions that crank up security to 11, increasing the number of plaintext email deliveries. This introduces basic OpenSSL configuration file support, with two new parameters "tls_config_file" and "tls_config_name". Details are in the postconf(5) manpage under "tls_config_file" and "tls_config_name". Full release notes: http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.8.1.RELEASE_NOTES @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.44 2023/05/08 04:30:44 triaxx Exp $ d5 1 a5 1 DISTNAME= postfix-3.8.1 @ 1.44 log @postfix: Update to 3.8.0 upstream changes: ----------------- Postfix 3.7.8 o Support to look up DNS SRV records in the Postfix SMTP/LMTP client, Based on code by Tomas Korbar (Red Hat). For example, with "use_srv_lookup = submission" and "relayhost = example.com:submission", the Postfix SMTP client will look up DNS SRV records for _submission._tcp.example.com, and will relay email through the hosts and ports that are specified with those records. o TLS obsolescence: Postfix now treats the "export" and "low" cipher grade settings as "medium". The "export" and "low" grades are no longer supported in OpenSSL 1.1.1, the minimum version required in Postfix 3.6.0 and later. Also, Postfix default settings now exclude deprecated or unused ciphers (SEED, IDEA, 3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms (DH, ECDH), and public key algorithm (DSS). o Attack resistance: the Postfix SMTP server can now aggregate smtpd_client_*_rate and smtpd_client_*_count statistics by network block instead of by IP address, to raise the bar against a memory exhaustion attack in the anvil(8) server; Postfix TLS support unconditionally disables TLS renegotiation in the middle of an SMTP connection, to avoid a CPU exhaustion attack. o The PostgreSQL client encoding is now configurable with the "encoding" Postfix configuration file attribute. The default is "UTF8". Previously the encoding was hard-coded as "LATIN1", which is not useful in the context of SMTP. o The postconf command now warns for #comment in or after a Postfix parameter value. Postfix programs do not support #comment after other text, and treat that as input. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.43 2023/01/28 09:28:30 taca Exp $ d5 1 a5 1 DISTNAME= postfix-3.8.0 @ 1.43 log @mail/postfix: update to 3.7.4 Postfix 3.7.4 (2023-01-22) * Workaround: with OpenSSL 3 and later always turn on SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed opportunities for TLS session reuse. This is safe because the SMTP protocol implements application-level framing, and is therefore not affected by TLS truncation attacks. Fix by Viktor Dukhovni. * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound handles for digest implementations. In sufficiently hostile configurations, Postfix could mistakenly believe that a digest algorithm is available, and fail when it is not. A similar workaround may be needed for EVP_get_cipherbyname(). Fix by Viktor Dukhovni. * Bugfix (bug introduced in Postfix 2.11): the checkok() macro in tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate the argument only if there was no prior error. Found during code review. * Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation violation when postscreen_dnsbl_threshold < 1. It should reject such input with a fatal error instead. Discovered by Benny Pedersen. * Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions. Viktor Dukhovni. * Portability: Linux 6 support. * Added missing documentation that cidr:, pcre: and regexp: tables support inline specification only in Postfix 3.7 and later. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.42 2022/10/15 20:34:57 triaxx Exp $ d5 1 a5 1 DISTNAME= postfix-3.7.4 @ 1.42 log @postfix: Update to 3.7.3 upstream changes: Postfix 3.7.3 o This fixes a bug where some messages were not delivered after "warning: Unexpected record type 'X'. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.41 2022/07/21 15:08:39 taca Exp $ d5 1 a5 1 DISTNAME= postfix-3.7.3 @ 1.41 log @mail/postfix: update to 3.7.2 3.7.0 (2022-02-07) * Support to inline the content of small cidr:, pcre:, and regexp: tables in Postfix parameter values. An example is the new smtpd_forbidden_commands default value, "CONNECT GET POST regexp:{{/^[^A-Z]/ Thrash}}", to quickly drop connections from clients that send garbage. * To make the maillog_file feature more useful, including stdout logging from a container, the postlog(1) command is now set-gid postdrop, so that unprivileged programs can use it to write logging through the postlogd(8) daemon. This required hardening the postlog(1) command against privilege escalation attacks. * Support for library APIs: OpenSSL 3.0.0, PCRE2, Berkeley DB 18. * Postfix programs now randomize the initial state of in-memory hash tables, to defend against hash collision attacks involving a large number of attacker-chosen lookup keys. Presently, the only known opportunity for such attacks involves remote SMTP client IPv6 addresses in the anvil(8) service, and requires making hundreds of short-lived connections per second while cycling through thousands of different client IP addresses. * Updated defense against remote clients or servers that 'trickle' SMTP or LMTP traffic. This replaces the old per-record deadlines with per-request deadlines and minimum data rates. * Many typofixes by raf and Wietse. 3.7.1 (2022-04-18) * (problem introduced: Postfix 2.7) The milter_header_checks maps are now opened before the cleanup(8) server enters the chroot jail. Problem reported by Jesper Dybdal. * In an internal client module, "host or service not found" was a fatal error, causing the milter_default_action setting to be ignored. It is now a non-fatal error, just like a failure to connect. Problem reported by Christian Degenkolb. * The proxy_read_maps default value was missing up to 27 parameter names. The corresponding lookup tables were not automatically authorized for use with the proxymap(8) service. The parameter names were ending in _checks, _reply_footer, _reply_filter, _command_filter, and _delivery_status_filter. * (problem introduced: Postfix 3.0) With dynamic map loading enabled, an attempt to create a map with "postmap regexp:path" would result in a bogus error message "Is the postfix-regexp package installed?" instead of "unsupported map type for this operation". This happened with all non-dynamic map types (static, cidr, etc.) that have no 'bulk create' support. Problem reported by Greg Klanderman. * In PCRE_README, "pcre2 --libs" should be "pcre2 --libs8". Problem reported by Carlos Velasco. * Documented in the postlogd(8) daemon manpage that the Postfix >= 3.7 postlog(1) command can run with setgid permissions. 3.7.2 (2022-04-28) This reverts an overly complex change in the postscreen SMTP engine (made during Postfix 3.7 development), and replaces it with much simpler code. The bad change was crashing postscreen on some systems after receiving malformed input (for example, a TLS "hello" message). @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.40 2022/01/26 17:41:31 triaxx Exp $ d5 1 a5 1 DISTNAME= postfix-3.7.2 @ 1.40 log @postfix: Update to 3.6.4 upstream changes: ----------------- Fixed in Postfix 3.6.4, 3.5.14, 3.4.24, 3.3.21: o Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient entries in postconf output. This was caused by an incomplete fix to send SMTP session transcripts to $bounce_notice_recipient. Reported by Vincent Lefevre. o Bug introduced in Postfix 3.0: the proxymap daemon did not automatically authorize proxied maps inside pipemap (example: pipemap:{proxy:maptype:mapname, ...}) or inside unionmap. Problem reported by Mirko Vogt. o Bug introduced in Postfix 2.5: off-by-one error while writing a string terminator. This code passed all memory corruption tests, presumably because it wrote over an alignment padding byte, or over an adjacent character byte that was never read. Reported by Robert Siemer. Fixed in Postfix 3.6.4, 3.5.14, 3.4.24: o The proxymap daemon did not automatically authorize map features added after Postfix 3.3, caused by missing *_maps parameter names in the proxy_read_maps default value. Found during code maintenance. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.39 2021/12/18 10:50:33 adam Exp $ d5 1 a5 1 DISTNAME= postfix-3.6.4 @ 1.39 log @postfix: add -headerpad_max_install_names for Darwin builds @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.38 2021/11/08 13:58:09 taca Exp $ d5 1 a5 1 DISTNAME= postfix-3.6.3 @ 1.38 log @mail/postfix: update to 3.6.3 Quote from release announce: Fixed in Postfix 3.6.3, 3.5.13, 3.4.23, 3.3.20: * (problem introduced in Postfix 2.4, released in 2007): queue file corruption after a Milter (for example, MIMEDefang) made a request to replace the message body with a copy of that message body plus additional text (for example, a SpamAssassin report). The most likely impacts were a) the queue manager reporting a fatal error resulting in email delivery delays, or b) the queue manager reporting the corruption and moving the message to the corrupt queue for damaged messages. However, a determined adversary could craft an email message that would trigger the bug, and insert into its queue file a content filter destination or a redirect email address. Postfix would then deliver the message headers there, in most cases without delivering the message body. With enough experimentation, an attacker could make Postfix deliver both the message headers and body. Some details of a successful attack depend on the Milter implementation, and on the Postfix and Milter configuration details; these can be determined remotely through experimentation. Failed experiments may be detected when the queue manager terminates with a fatal error, or when the queue manager moves damaged files to the "corrupt" queue as evidence. Technical details: when Postfix executes a "replace body" Milter request it will reuse queue file storage that was used by the existing email message body. If the new body is larger, Postfix will append body content to the end of the queue file. The corruption happened when a Milter (for example, MIMEDefang) made a request to replace the body of a message with a new body that contained a copy of the original body plus some new text, and the original body contained a line longer than $line_length_limit bytes (for example, an image encoded in base64 without hard or soft line breaks). In queue files, Postfix stores a long text line as multiple records with up to $line_length_limit bytes each. Unfortunately, Postfix's "replace body" support did not account for the additional queue file space needed to store the second etc. record headers. And thus, the last record(s) of a long text line could overwrite one or more queue file records immediately after the space that was previously occupied by the original message body. Problem report by Benoit Panizzon. * (problem introduced in Postfix 2.10, released in 2012): The postconf "-x" option could produce incorrect output, because multiple functions were implicitly sharing a buffer for intermediate results. Problem report by raf, root cause analysis by Viktor Dukhovni. * (problem introduced in Postfix 2.11, released in 2013): The check_ccert_access feature worked as expected, but produced a spurious warning when Postfix was built without SASL support. Fix by Brad Barden. * Fix for a compiler warning due to a missing 'const' qualifier when compiling Postfix with OpenSSL 3. Depending on compiler settings this could cause the build to fail. Fixed in Postfix 3.6: * The known_tcp_ports settings had no effect. It also wasn't fully implemented. Problem report by Peter. * Fix for missing space between a hostname and warning text. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.37 2021/07/26 15:38:10 taca Exp $ d124 1 @ 1.37 log @mail/postfix: update to 3.6.2 * pkgsrc change: Add supportfor blocklistd(3) (and blacklistd(3)). * From release annuonce: Fixed in Postfix 3.6.2, 3.5.12, 3.4.22, 3.3.19: * In Postfix 3.6, fixed a false "Result too large" (ERANGE) fatal error in the compatibility_level parser, because there was no 'errno = 0' statement before an strtol() call. In Postfix 3.3-3.5, fixed two older latent bugs of this kind (introduced in 1999 and in Postfix 2.11). Problem reported by David Bohman. * (problem introduced in Postfix 3.3) "Null pointer read" error in the cleanup daemon when "header_from_format = standard" (the default as of Postfix 3.3), and email was submitted with /usr/sbin/sendmail without From: header, and an all-space full name was specified in 1) the password file, 2) with "sendmail -F", or 3) with the NAME environment variable. Found by Renaud Metrich. * (problem introduced in Postfix 2.4) False "too many reverse jump" warnings in the showq daemon, because loop detection code was comparing memory addresses instead of queue file names. Reported by Mehmet Avcioglu. * (problem introduced in 1999) The Postfix SMTP server was sending all session transcripts to the error_notice_recipient (default: postmaster), instead of sending transcripts of bounced mail to the bounce_notice_recipient (default: postmaster). Reported by Hans van Zijst. Fixed in Postfix 3.6.2, 3.5.12, 3.4.22: * The texthash: map implementation broke tls_server_sni_maps, because it did not support multi-file inputs. Reported by Christopher Gurnee, who also found an instance of the missing code in the "postmap -F" source code. File: util/dict_thash.c. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.36 2021/06/14 14:29:47 taca Exp $ d5 1 a5 1 DISTNAME= postfix-3.6.2 @ 1.36 log @mail/postfix: update to 3.6.1 3.6.1 (2021-06-14) Fixed in Postfix 3.6.1, 3.5.11, 3.4.21, 3.3.18: * Bugfix (introduced: Postfix 2.11): the command "postmap lmdb:/file/name" (create LMDB database from textfile) handled duplicate input keys ungracefully, discarding entries stored up to and including the duplicate key, and causing a double free() call with lmdb versions 0.9.17 and later. Reported by Adi Prasaja; double free() root cause analysis by Howard Chu. Fixed in Postfix 3.6.1, 3.5.11, 3.4.21: * Typo (introduced: Postfix 3.4): silent_discard should be silent-discard in BDAT_README. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.35 2021/06/02 15:29:56 taca Exp $ d5 1 a5 1 DISTNAME= postfix-3.6.1 @ 1.35 log @mail/postfix: update to 3.6.0 Postfix stable release 3.6.0 is available. This ends the support for legacy release Postfix 3.2. The main changes are below. See the RELEASE_NOTES file for further details. Incompatible changes: * This release requires "postfix stop" before updating, or before backing out to an earlier release, because some internal protocols have changed. Otherwise, long-running daemons (pickup, qmgr, verify, tlsproxy, postscreen) may fail to communicate with the rest of Postfix, causing mail delivery delays until Postfix is restarted. * Respectful logging. Postfix version 3.6 deprecates terminology that implies white is better than black. Instead, Postfix prefers 'allowlist', 'denylist', and variations on those words. This change affects Postfix documentation, and postscreen parameters and logging. To keep the old postscreen logging set "respectful_logging = no" in main.cf before setting "compatibility_level = 3.6". In any case, the old postscreen parameter names will keep working as before. Other changes: * The minimum supported OpenSSL version is 1.1.1, which will reach the end of life by 2023-09-11. Postfix 3.6 is expected to reach the end of support in 2025. Until then, Postfix will be updated as needed for compatibility with OpenSSL. The default fingerprint digest has changed from md5 to sha256 (Postfix 3.6 with compatibility_level >= 3.6). With a lower compatibility_level setting, Postfix defaults to using md5, and logs a warning when a Postfix configuration specifies no explicit digest type. The export-grade Diffie-Hellman key exchange is no longer supported, and the tlsproxy_tls_dh512_param_file parameter is ignored, * Better error messages when someone configures an incorrect program in master.cf. To recognize such mistakes, every Postfix internal service, including the postdrop command, announces the name of its protocol before doing any other I/O, and every Postfix client program, including the Postfix sendmail command, will verify that the protocol name matches what it expects. * Fine-grained control over the envelope sender address for submission with the Postfix sendmail (or postdrop) commands. Example: /etc/postfix/main.cf: # Allow root and postfix full control, anyone else can only # send mail as themselves. Use "uid:" followed by the numerical # UID when the UID has no entry in the UNIX password file. local_login_sender_maps = inline:{ { root = *}, { postfix = * } }, pcre:/etc/postfix/login_senders /etc/postfix/login_senders: # Allow both the bare username and the user@@domain forms. /(.+)/ $1 $1@@example.com * Threaded bounces. This allows mail readers to present a non-delivery, delayed delivery, or successful delivery notification in the same email thread as the original message. Unfortunately, this also makes it easy for users to mistakenly delete the whole email thread (all related messages), instead of deleting only the delivery status notification. To enable, specify "enable_threaded_bounces = yes". * Postfix by default no longer uses the services(5) database to look up the TCP ports for SMTP and LMTP services. Instead, this information is configured with the new known_tcp_ports configuration parameter (default: lmtp=24, smtp=25, smtps=submissions=465, submission=587). When a service is not specified in known_tcp_ports, Postfix will still query the services(5) database. * Starting with Postfix version 3.6, the compatibility level is "3.6". In future Postfix releases, the compatibility level will be the Postfix version that introduced the last incompatible change. The level is formatted as 'major.minor.patch', where 'patch' is usually omitted and defaults to zero. Earlier compatibility levels are 0, 1 and 2. This also introduces main.cf and master.cf support for the <=level, < level, and other operators to compare compatibility levels. With the standard <=, <, etc. operators, compatibility level 3.10 would be less than 3.9, which is undesirable. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.34 2021/05/02 12:11:51 wiz Exp $ d5 1 a5 1 DISTNAME= postfix-3.6.0 @ 1.34 log @postfix: remove non-existent download site @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.33 2021/04/26 15:26:08 triaxx Exp $ d5 1 a5 1 DISTNAME= postfix-3.5.10 @ 1.33 log @postfix: Update to 3.5.10 upstream changes: ----------------- Fixed in 3.5.10: o Missing null pointer checks (introduced in Postfix 3.4) after an internal I/O error during the smtp(8) to tlsproxy(8) handshake. Found by Coverity, reported by Jaroslav Skarvada. Based on a fix by Viktor Dukhovni. o Null pointer bug (introduced in Postfix 3.0) and memory leak (introduced in Postfix 3.4) after an inline: table syntax error in main.cf or master.cf. Found by Coverity, reported by Jaroslav Skarvada. Based on a fix by Viktor Dukhovni. o Incomplete null pointer check (introduced: Postfix 2.10) after truncated HaProxy version 1 handshake message. Found by Coverity, reported by Jaroslav Skarvada. Fix by Viktor Dukhovni. o Missing null pointer check (introduced: Postfix alpha) after null argv[0] value. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.32 2021/01/21 16:37:59 triaxx Exp $ a7 1 MASTER_SITES+= http://mirrors.isc.org/pub/postfix/official/ @ 1.32 log @postfix: Update to 3.5.9 upstream changes: ----------------- This update improves the reporting of DNSSEC problems that may affect DANE security. DNSSEC support may unavailable because of local configuration, libc incompatibility, or other infrastructure issues. This was backported from Postfix 3.6. Background: DNSSEC validation is needed for Postfix DANE support; this ensures that Postfix receives TLSA records with secure TLS server certificate info. When DNSSEC validation is unavailable, mail deliveries using opportunistic DANE (security level 'dane') will not be protected by server certificate info in TLSA records, and mail deliveries using mandatory DANE (security level 'dane-only') will not be made at all. This update introduces the following behavior: when a process requests DNSSEC support (typically, for Postfix DANE support), the process may now do a runtime test to determine if DNSSEC validation is available. The new dnssec_probe parameter specifies a DNS query type (default: "ns") and DNS query name (default: ".") that Postfix may use to determine whether DNSSEC validation is available. Specify an empty value to disable this feature. When dnssec_probe is enabled, a Postfix process will send a DNSSEC probe after 1) the process made a DNS query that requested DNSSEC validation, 2) the process did not receive a DNSSEC validated response to this query or to an earlier query, and 3) the process did not already send a DNSSEC probe. When the DNSSEC probe has no response, or when the response is not DNSSEC validated, Postfix logs a warning that DNSSEC validation may be unavailable. Examples: warning: DNSSEC validation may be unavailable warning: reason: dnssec_probe 'ns:.' received a response that is not DNSSEC validated warning: reason: dnssec_probe 'ns:.' received no response: Server failure With this update, the Postfix build system will no longer automatically disable DNSSEC support when it determines that Postfix will use libc-musl. This removes the earlier libc-musl workaround introduced with Postfix 3.2.15, 3.3.10, 3.4.12, and 3.5.2. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.31 2020/11/22 11:14:44 adam Exp $ d5 1 a5 1 DISTNAME= postfix-3.5.9 @ 1.31 log @postfix: updated to 3.5.8 Fixed in Postfix version 3.5.8: [Postfix 3.5 and later] The Postfix SMTP client inserted into message headers with lines longer than $line_length_limit (default: 2048), causing all subsequent header content to become message body content. Reported by Andreas Weigel. Fixed in Postfix versions 3.5.8, 3.4.18, 3.3.15, 3.2.20: [Postfix 2.8 and later] The postscreen daemon did not save a copy of the postscreen_dnsbl_reply_map lookup result. This has no effect when the recommended texthash: lookup table is used, but it could result in stale data with other lookup tables. [Postfix 2.3 and later] After deleting a recipient with a Milter, the Postfix recipient duplicate filter was not updated; the filter suppressed requests to add the recipient back. Reported by Mehmet Avcioglu. [Postfix 2.3 and later] Memory leak: the static: maps did not free their casefolding buffer. [Postfix 2.2 and later] With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a TLS handshake, after processing an XCLIENT command. Reported by Aki Tuomi. [Postfix 2.0 and later] The smtp_sasl_mechanism_filter implementation ignored table lookup errors, treating them as 'not found'. [Postfix alpha and later] The code that looks for Delivered-To: headers ignored headers longer than $line_length_limit (default: 2048). @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.30 2020/08/31 13:07:46 otis Exp $ d5 1 a5 1 DISTNAME= postfix-3.5.8 @ 1.30 log @mail/postfix: Update to 3.5.7 Changelog: With "smtp_tls_connection_reuse = yes", tlsproxy(8) was using the wrong global TLS context for connections that use DANE trust anchors or that use non-DANE trust anchors. This resulted in a global certificate verify function pointer race, between TLS handshakes that use trust achors and concurrent TLS handshakes that use PKI. No memory was corrupted in the course of all this. Reference: http://www.postfix.org/announcements/postfix-3.5.7.html @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.29 2020/08/27 13:57:14 triaxx Exp $ d5 1 a5 1 DISTNAME= postfix-3.5.7 @ 1.29 log @postfix: Update to 3.5.6 upstream changes: ----------------- Fixed in Postfix versions 3.5.6, 3.4.16, 3.3.14, 3.2.19: * One fix for memory leaks in the Postfix TLS library was back-ported to the wrong place, resulting in undefined program behavior. Fixed in Postfix versions 3.5.6, 3.4.16: * The workaround for allowed TLS protocol versions did not explictly override the system-wide OpenSSL configuration, for sessions where the remote SMTP client sends SNI. It's better to be safe than sorry. Fixed in Postfix versions 3.5.5, 3.4.15, 3.3.13, 3.2.18: * Workaround for unexpected TLS interoperability problems when Postfix runs on OS distributions with system-wide OpenSSL configurations. * Memory leaks in the Postfix TLS library, the largest one involving multiple kBytes per peer certificate. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.28 2020/06/30 15:00:45 taca Exp $ d5 1 a5 1 DISTNAME= postfix-3.5.6 @ 1.28 log @mail/postfix: update to 3.5.4 Update postfix to 3.5.4. Fixed in Postfix 3.5.4, 3.4.14: * The connection_reuse attribute in smtp_tls_policy_maps always resulted in an "invalid attribute name" error. Fix by Thorsten Habich. * SMTP over TLS connection reuse always failed for Postfix SMTP client configurations that specify explicit trust anchors (remote SMTP server certificates or public keys). Reported by Thorsten Habich. Fixed in Postfix versions 3.5.4, 3.4.14, 3.3.12, 3.2.17: * The Postfix SMTP client's DANE implementation would always send an SNI option with the name in a destination's MX record, even if the MX record pointed to a CNAME record. MX records that point to CNAME records are not conformant with RFC5321, and so are rare. Based on the DANE survey of ~2 million hosts it was found that with the corrected SMTP client behavior, sending SNI with the CNAME-expanded name, the SMTP server would not send a different certificate. This fix should therefore be safe. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.27 2020/06/15 15:43:32 taca Exp $ d5 1 a5 1 DISTNAME= postfix-3.5.4 @ 1.27 log @mail/postfix: update to 3.5.3 Update postfix and related pacakges to 3.5.3. Quote freom release announce. Postfix 3.5.3, 3.4.13: * TLS handshake failure in the Postfix SMTP server during SNI processing, after the server-side TLS engine sent a TLSv1.3 HelloRetryRequest (HRR) to a remote SMTP client. Reported by J??n M??t??, fixed by Viktor Dukhovni. Postfix versions 3.5.3, 3.4.13, 3.3.11, 3.2.16: * The command "postfix tls deploy-server-cert" did not handle a missing optional argument. This bug was introduced in Postfix 3.1. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.26 2020/05/18 14:21:53 triaxx Exp $ d5 1 a5 1 DISTNAME= postfix-3.5.3 @ 1.26 log @postfix: update to 3.5.2 upstream changes: ----------------- Postfix versions 3.5.2, 3.4.12, 3.2.10, 3.2.15: * A TLS error for a database client caused a false 'lost connection' error for an SMTP over TLS session in the same Postfix process. Reported by Alexander Vasarab, diagnosed by Viktor Dukhovni. This bug was introduced with Postfix 2.2. * The same bug existed in the tlsproxy(8) daemon, where a TLS error for one TLS session could cause a false 'lost connection' error for a concurrent TLS session in the same process. This bug was introduced with Postfix 2.8. * The Postfix build now disables DANE support on Linux systems with libc-musl, because libc-musl provides no indication whether DNS responses are authentic. This broke DANE support without a clear explanation. * Due to implementation changes in the ICU library, some Postfix daemons reported file access errrors (U_FILE_ACCESS_ERROR) after chroot(). This was fixed by initializing the ICU library before making the chroot() call. * Minor code changes to silence a compiler that special-cases string literals. Postfix 3.5.2, 3.4.12: * Segfault in the tlsproxy(8) client role when the server role was disabled. This typically happened on systems that do not receive mail, after configuring connection reuse for outbound SMTP over TLS. * The date portion of the maillog_file_rotate_suffix default value used the minute (%M) instead of the month (%m). Reported by Larry Stone. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.25 2020/04/26 09:33:25 taca Exp $ d5 1 a5 1 DISTNAME= postfix-3.5.2 @ 1.25 log @mail/postfix: update to 3.5.1 Update postfix to 3.5.1. 3.5.0 (2020-03-16) Postfix stable release 3.5.0 is available. Support has ended for legacy release Postfix 3.1. The main changes are below. See the RELEASE_NOTES file for further details. * Support for the haproxy v2 protocol. The Postfix implementation supports TCP over IPv4 and IPv6, as well as non-proxied connections; the latter are typically used for heartbeat tests. * Support to force-expire email messages. This introduces new postsuper(1) command-line options to request expiration, and additional information in mailq(1) or postqueue(1) output. * The Postfix SMTP and LMTP client support a list of nexthop destinations separated by comma or whitespace. These destinations will be tried in the specified order. Examples: /etc/postfix/main.cf: relayhost = foo.example, bar.example default_transport = smtp:foo.example, bar.example Incompatible changes: * Logging: Postfix daemon processes now log the from= and to= addresses in external (quoted) form in non-debug logging (info, warning, etc.). This means that when an address localpart contains spaces or other special characters, the localpart will be quoted, for example: from=<"name with spaces"@@example.com> Specify "info_log_address_format = internal" for backwards compatibility. * Postfix now normalizes IP addresses received with XCLIENT, XFORWARD, or with the HaProxy protocol, for consistency with direct connections to Postfix. This may change the appearance of logging, and the way that check_client_access will match subnets of an IPv6 address. 3.5.1 (2020-04-20) Postfix versions 3.5.1, 3.4.11, 3.3.9, 3.2.14: * Bitrot workaround for broken builds after an incompatible change in GCC 10. * Bitrot workaround for broken DANE/DNSSEC support after an incompatible change in GLIBC 2.31. This change avoids the need for new options in /etc/resolv.conf. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.24 2020/02/11 20:40:27 triaxx Exp $ d5 1 a5 1 DISTNAME= postfix-3.5.1 @ 1.24 log @postfix: update to 3.4.9 upstream changes: ----------------- Fixed in all supported stable releases: Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were broken while adding support for negative DNS response caching in postscreen. Postfix was inadvertently changed to call res_query() instead of res_search(). Reported by Jaroslav Skarvada. Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro overrides from a Milter application. Postfix now evaluates the Milter macros for an SMTP CONNECT event after the Postfix-to-Milter connection is negotiated. Problem reported by David Bürgin. Bug (introduced: Postfix 3.0): sanitize (remote) server responses before storing them in the verify database, to avoid Postfix warnings about malformed UTF8. Found during code maintenance. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.23 2020/01/28 08:16:51 triaxx Exp $ d5 1 a5 1 DISTNAME= postfix-3.4.9 @ 1.23 log @mail/postfix: fix insufficient permissions for var/spool/postfix/... pkgsrc changes: --------------- * Remove the subdirectories of var/spool/postfix to avoid insufficient permissions when upgrading (Thanks Matthias!). @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.22 2019/12/09 08:45:14 triaxx Exp $ d5 1 a5 1 DISTNAME= postfix-3.4.8 @ 1.22 log @postfix: update to 3.4.8 upstream changes: ----------------- Fix for an Exim interoperability problem when postscreen after-220 checks are enabled. Bug introduced in Postfix 3.4: the code that detected "PIPELINING after BDAT" looked at the wrong variable. The warning now says "BDAT without valid RCPT", and the error is no longer treated as a command PIPELINING error, thus allowing mail to be delivered. Meanwhile, Exim has been fixed to stop sending BDAT commands when postscreen rejects all RCPT commands. Usability bug, introduced in Postfix 3.4: the parser for key/certificate chain files rejected inputs that contain an EC PARAMETERS object. While this is technically correct (the documentation says what types are allowed) this is surprising behavior because the legacy cert/key parameters will accept such inputs. For now, the parser skips object types that it does not know about for usability, and logs a warning because ignoring inputs is not kosher. Bug introduced in Postfix 2.8: don't gratuitously enable all after-220 tests when only one such test is enabled. This made selective tests impossible with 'good' clients. This will be fixed in older Postfix versions at some later time. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.21 2019/11/02 16:25:26 rillig Exp $ d33 2 @ 1.21 log @mail: align variable assignments pkglint -Wall -F --only aligned -r No manual corrections. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.20 2019/09/23 20:00:07 triaxx Exp $ d5 1 a5 1 DISTNAME= postfix-3.4.7 @ 1.20 log @postfix: Update to 3.4.7 upstream changes: ----------------- * Robustness: the tlsproxy(8) daemon could go into a loop, logging a flood of error messages. Problem reported by Andreas Schulze after enabling SMTP/TLS connection reuse. * Workaround: OpenSSL changed an SSL_Shutdown() non-error result value into an error result value, causing logfile noise. * Configuration: the new 'TLS fast shutdown' parameter name was implemented incorrectly. The documentation said "tls_fast_shutdown_enable", but the code said "tls_fast_shutdown". This was fixed by changing the code, because no-one is expected to override the default. * Performance: workaround for poor TCP loopback performance on LINUX, where getsockopt(..., TCP_MAXSEG, ...) reports a bogus TCP maximal segment size that is 1/2 to 1/3 of the real MSS. To avoid client-side Nagle delays or server-side delayed ACKs caused by multiple smaller-than-MSS writes, Postfix chooses a VSTREAM buffer size that is a small multiple of the reported bogus MSS. This workaround increases the multiplier from 2x to 4x. * Robustness: the Postfix Dovecot client could segfault (null pointer read) or cause an SMTP server assertion to fail when talking to a fake Dovecot server. The Postfix Dovecot client now logs a proper error instead. Problem reported by Tim Düsterhus. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.19 2019/07/17 13:33:00 triaxx Exp $ d124 1 a124 1 DESTDIR_INSTALLOPTIONS=-package install_root="${DESTDIR}" @ 1.19 log @postfix: update to 3.4.6 pkgsrc changes: --------------- * change COMMENT to make pkglint happy (inspired by http://www.postfix.org/) * update PLIST using make print-PLIST (missing @@pkgdir) upstream changes: ----------------- 20181125 Cleanup: dict_file_to_xxx() takes a list of file names separated by CHARS_COMMA_SP. Shoe-horned into the existing API, make it nicer when there is time. File: util/dict_file.c. 20181127 Cleanup: encapsulated clumsy 'read into VSTRING' code with easier-to-use vstream_fread_buf() and vstream_fread_app() primitives. Files: global/memcache_proto.c, global/record.c, global/smtp_stream.c, global/smtp_stream.h, global/uxtext.c, global/xtext.c, milter/milter8.c, util/dict_file.c, util/hex_quote.c, util/netstring.c, util/vstream.c, util/vstream.h. Verified with "make tests". Cleanup: simplified the smtp_fread() API (introduced for BDAT support), and changed the name to smtp_fread_buf(). Files: global/smtp_stream.c, smtpd/smtpd.c. Verified with ~megabyte BDAT commands. Cleanup: simplified a tlsproxy-internal API. File: tlsproxy/tlsproxy.c. 20181128 Initial support for key/certificate chain files that will replace the proliferation of separate parameters for RSA/DSA/ECC/etc. key and certificate files. Viktor Dukhovni. 20181201 Cleanup: replaced the remaining unsafe VSTRING_AT_OFFSET() calls with safe vstring_set_payload_size() calls, in code that directly writes into VSTRING. Files: tls/tls_session.c, tlsmgr/tlsmgr.c, util/casefold.c, util/vstring.c, util/vstring.h, xsasl/xsasl_cyrus_client.c. Cleanup: postscreen_command_time_limit did not need to be a 'raw' parameter. This makes "postconf -x" behavior more consistent. Files: global/mail_params.h, postscreen/postscreen.c. Documentation: added text that the following parameter values are not subject to Postfix parameter $name expansion: default_rbl_reply, command_execution_directory, luser_relay, smtpd_reject_footer. These have their own documented $name substitution mechanism. File: proto/postconf.proto. 20181202 Bugfix: posttls-finger reported an error for UNIX-domain connections, even if they did not fail. Found by Coverity. File: posttls-finger/posttls-finger.c. 20181208 Documentation: add even more redundancy to the rate-delay description. File: proto/postconf.proto. 20181210 Cleanup: code deduplication. File: util/dict_file.c. 20181226 Cleanup: code deduplication and better encapsulation with PSC_DEL_CLIENT_STATE() and PSC_DEL_SERVER_STATE() macros. Files: postscreen/postscreen.h, postscreen/postscreen_state.c. Documentation: POSTSCREEN_README did not describe the postscreen_post_queue_limit, and attributed the wrong reject message to the postscreen_pre_queue_limit. Problem reported by Michael Orlitzky. File: proto/POSTSCREEN_README.html. (20181226-nonprod) Compatibility: removed support for OpenSSL 1.0.1 (not supported since December 31, 2016) and earlier releases. This eliminated a large number of #ifdefs with bitrot workarounds. Viktor Dukhovni. Files: global/mail_params.h, posttls-finger/posttls-finger.c, tls/tls.h, tls/tls_certkey.c, tls/tls_client.c, tls/tls_dane.c, tls/tls_dh.c, tls/tls_misc.c, tls/tls_proxy_client_scan.c, tls/tls_rsa.c, tls/tls_server.c, tls/tls_session.c. (20181226-nonprod) Use the OpenSSL 1.0.2 and later API for setting ECDHE curves. Viktor Dukhovni. Files: tls/tls.h, tls/tls_client.c, tls/tls_dh.c. (20181226-nonprod) Documentation update for TLS support. Viktor Dukhovni. Files: mantools/postlink, proto/TLS_README.html, proto/postconf.proto, src/sendmail/sendmail.c, src/smtpd/smtpd.c. 20181229 Explicit maps_file_find() and dict_file_lookup() methods that decode base64 content. Decoding content is not built into the dict->lookup() method, because that would complicate the implementation of map nesting (inline, thash), map composition (pipemap, unionmap), and map proxying. For consistency, decoding base64 file content is also not built into the maps_find() method. Files: util/dict.h. util/dict_file.c, global/maps.[hc], postmap/postmap.c. 20190106 Documentation: documented the SRC_RHS_IS_FILE flag in dict_open.c, and updated the -F description in the postmap manpage. Files: util/dict_open.c, postmap/postmap.c. (20190106-nonprod) Feature: support for files that combine multiple (key, certificate, trust chain) instances in one file, to avoid separate files for RSA, DSA, Elliptic Curve, and so on. Viktor Dukhovni. Files: .indent.pro, global/mail_params.h, posttls-finger/posttls-finger.c, smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp_params.c, smtp/smtp_proto.c, smtpd/smtpd.c, tls/tls.h, tls/tls_certkey.c, tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c, tls/tls_proxy_server_print.c, tls/tls_proxy_server_scan.c, tls/tls_server.c, tlsproxy/tlsproxy.c. (20190106-nonprod) Create a second, no-key no-cert, SSL_CTX for use with SNI. Viktor Dukhovni. Files: src/tls/tls.h, src/tls/tls_client.c, src/tls/tls_misc.c, src/tls/tls_server.c. (20190106-nonprod) Server-side SNI support. Viktor Dukhovni. Files: src/global/mail_params.h, src/smtp/smtp.c, src/smtpd/smtpd.c, src/tls/tls.h, src/tls/tls_certkey.c, src/tls/tls_misc.c, src/tlsproxy/tlsproxy.c, (20190106-nonprod) Configurable client-side SNI signal. Viktor Dukhovni. Files: global/mail_params.h, posttls-finger/posttls-finger.c, smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp.h, smtp/smtp_params.c, smtp/smtp_proto.c, smtp/smtp_tls_policy.c, tls/tls.h, tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c. 20190121 Logging: support for internal logging file, without using syslog (it uses the new postlogd daemon instead). This solves a usability problem for MacOS, may help getting around systemd, and solves 99% of the problem for logging to stdout in a container (hopefully we have 100% soon). Enable by setting, for example, "maillog_file = /var/log/postfix.log"). This works fine for daemons, and with some limitations for non-daemon programs. See RELEASE_NOTES for more details. Files: conf/master.cf, conf/post-install, conf/postfix-files, conf/postfix-script, mantools/postlink, proto/master, proto/postconf.proto, global/mail_params.c, global/mail_params.h, global/mail_proto.h, global/maillog_client.c, global/maillog_client.h, master/dgram_server.c, master/event_server.c, master/mail_server.h, master/master.c, master/master.h, master/master_ent.c, master/master_listen.c, master/master_proto.h, master/master_wakeup.c, master/multi_server.c, master/single_server.c, master/trigger_server.c, postalias/postalias.c, postconf/postconf_master.c, postdrop/postdrop.c, postfix/postfix.c, postkick/postkick.c, postlog/postlog.c, postlogd/postlogd.c, postmap/postmap.c, postmulti/postmulti.c, postqueue/postqueue.c, postsuper/postsuper.c, sendmail/sendmail.c, util/connect.h, util/listen.h, util/logwriter.c, util/logwriter.h, util/msg_logger.c, util/msg_logger.h, util/msg_output.c, util/msg_output.h, util/unix_dgram_connect.c, util/unix_dgram_listen.c. Cleanup: cert/key/chain loading, plus unit tests to exercise non-error and error cases. Viktor Dukhovni. Files: tls/*.pem, tls*.pem.ref, tls/tls_certkey.c. 20190126 Safety: Postfix programs will log to either syslog or postlog but not both; and postlogd forwards postlog logging to syslog, when a configuration change removes the maillog_file pathname, but some programs still use the old configuration. Files: util/msg_syslog.[hc], util/msg_logger.c, global/maillog_client.c, postlogd/postlogd.c, Bugfix (introduced: Postfix 20110109, Postfix 2.10): watchdog pipe file descriptor leak. This pipe provides one source of liveness, data from this pipe is discarded, and therefore this does not enable privilege escalation or DOS. File: util/watchdog.c. Feature: stdout logging support; requires "postfix start-fg" and "maillog_file = /dev/stdout". Files: master/master.c, conf/postfix-script. 20190127 Safety: when maillog_file is specified, 'postfix check' now requires that the postlog service is enabled in master.cf. Otherwise 'postfix start' etc. will log a fatal error. File: conf/postfix-script. Documentation: added policy_context example. File: proto/SMTPD_POLICY_README.html. 20190128 Testing: run libtls tests under Valgrind. File tls/Makefile.in. 20190129 Safety: require that $maillog_file matches one of the pathname prefixes specified in $maillog_file_prefixes. The maillog file is created by root, and the prefixes limit the damage from a single configuration error. Files: global/mail_params.[hc], global/maillog_client.c. 20191201 Feature: "postfix logrotate" command with configurable compression program and datestamp filename suffix. File: conf/postfix-script. 20190202 Cleanup: log a warning when the client sends a malformed SNI; log an info message when the client sends a valid SNI that does not match the SNI lookup tables; update the FORWARD_SECRECY_README logging examples. Viktor Dukhovni. Files: proto/FORWARD_SECRECY_README.html, tls/tls.h, tls/tls_client.c, tls/tls_misc.c. 20190208 Debugging: the master(8) daemon now logs a warning if a master.cf entry is defined multiple times. File: src/master/master_conf.c. 20190209 Debugging: tlsproxy(8) now logs more details about unexpected configuration differences between the Postfix SMTP client and the tlsproxy(8) daemon. 20190210 Documentation: Postfix 3.4.0 RELEASE NOTES. Documentation: added BDAT_README. Documentation: global TLS settings. Files: mantools/postlink, smtp/smtp.c, tlsproxy/tlsproxy.c. 20190211 Cleanup: removed obsolete parameters: tls_dane_digest_agility, tls_dane_trust_anchor_digest_enable; removed openssl_path parameter from configuration difference checks in tlsproxy. Files: global/mail_params.h, tls/tls_misc.c, tls/tls_proxy_client_misc.c, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c, tls/tls_proxy.h. 20190212 Cleanup: missing #ifdef USE_TLS. Files: smtp/smtp_session.c, posttls-finger/posttls-finger.c. 20190217 Cleanup: when the master daemon runs with PID=1 (init mode), reap orhpan processes from non-Postfix code running in the same container, instead of terminating with a panic. File: master/master_spawn.c. 20190218 Bugfix: tlsproxy did not enable DANE-style PKI because libtls seems to have to accreted multiple init functions instead of reusing the tls_client_init() and tls_client_start() API. And some functions that do initialization don't even have init in their name! Problem report by Andreas Schulze. Viktor Dukhovni. Files: tls/tls_misc.c, tlsproxy/tlsproxy.c. Workaround: Postfix libtls makes DANE-specific changes to the shared SSL_CTX. To avoid false sharing, tlsproxy needs to label the SSL_CTX cache with DANE bits until we can remove the code that modifies SSL_CTX. File: tlsproxy/tlsproxy.c. Cleanup: Postfix libtls changed the shared SSL_CTX to override ciphers. instead of changing the SSL handle. To avoid false sharing in tlsproxy, the changes are now made to the SSL handle. Viktor Dukhovni. Files: tls/tls.h, tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c. 20190219 Bugfix: in the Postfix SMTP client, TLS wrappermode was not tested in tlsproxy mode. It needed some setup for buffering and timeouts. Problem report by Andreas Schulze. File: smtp/smtp_proto.c. 20190304 Bugfix: a reversed test broke TLS configurations that specify the same filename for a private key and certificate. Reported by Mike Kazantsev. Fix by Viktor Dukhovni. Wietse fixed the test. Files: tls/tls_certkey.c, tls/Makefile.in. 20190310 Bitrot: LINUX5s support, after some sanity checks with a rawhide prerelease version. Files: makedefs, util/sys_defs.h. Bugfix (introduced: 20181226): broken DANE trust anchor file support, caused by left-over debris from the 20181226 TLS library overhaul. By intrigeri. File: tls/tls_dane.c. Bugfix (introduced: Postfix-1.0.1): null pointer read, while logging a warning after a corrupted bounce log file. File: global/bounce_log.c. Bugfix (introduced: Postfix-2.9.0): null pointer read, while logging a warning after a postscreen_command_filter read error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c 20190312 Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce has been producing false rejects starting with the Postfix 2.2 smtpd_end_of_data_restrictons, and for the same reasons, does the same with the Postfix 3.4 BDAT command. The latter was reported by Andreas Schulze. File: smtpd/smtpd_check.c. 20190319 With message_size_limit=0 (which is NOT DOCUMENTED), BDAT chunks were always rejected as too large. File: smtpd/smtpd.c 20190328 Bugfix (introduced: Postfix 3.0): LMTP connections over UNIX-domain sockets were cached but not reused, due to a cache lookup key mismatch. Therefore, idle cached connections could exhaust LMTP server resources, resulting in two-second pauses between email deliveries. This problem was investigated by Juliana Rodrigueiro. File: smtp/smtp_connect.c. 20190331 Documentation: tlsext_padding is not a tls_ssl_options feature. File: proto/postconf.proto. 20190401 Portability: added "#undef sun" to util/unix_dgram_connect.c. 20190403 Bugfix (introduced: Postfix 2.3): a censoring filter broke multiline Milter responses for header/body events. Problem report by Andreas Thienemann. Files: util/printable.c, util/stringops.h, smtpd/smtpd.c Bugfix (introduced: Postfix 3.3): "smtp_mx_address_limit = 0" no longer meant 'unlimited'. Problem report by Luc Pardon. File: smtp/smtp_addr.c. 20190615 Documentation: updated the BUGS section in the smtp(8) manpage about TLS connection reuse. File: smtp/smtp.c. Workaround for implementations that hang Postfix while shutting down a TLS session, until Postfix times out. With "tls_fast_shutdown_enable = yes" (the default), Postfix no longer waits for the TLS peer to respond to a TLS 'close' request. This is recommended with TLSv1.0 and later. Files: global/mail_params.h, tls/tls_session.c, and documentation. 20190621 Bugfix (introduced: Postfix 3.0): the code to reset Postfix SMTP server command counts was not called after a HaProxy handshake failure, causing stale numbers to be reported. The command counts are now reset in the function that reports the counts. File: smtpd/smtpd.c. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.18 2019/04/30 03:41:51 taca Exp $ d5 1 a5 1 DISTNAME= postfix-3.4.6 @ 1.18 log @mail/postfix: update to 3.3.3 This announcement concerns fixes for problems that were introduced with Postfix 3.0 and later. This is the final update for Postfix 3.0. Fixed in Postfix 3.3 and later: * When the master daemon runs with PID=1 (init mode), it will now reap child processes from non-Postfix code running in the same container, instead of terminating with a panic. Reported by Tamas Gerczei. Fixed in Postfix 3.0 and later: * With smtputf8_enable=yes, table lookups could casefold the search string when searching a lookup table that does not use fixed-string keys (regexp, pcre, tcp, etc.). * With the posttls-finger test program, connections to unix-domain servers always resulted in "Failed to establish session" even after a connection was established. Reported by Jaroslav Skarva. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.17 2018/12/15 16:35:23 taca Exp $ d5 1 a5 1 DISTNAME= postfix-3.3.3 @ 1.17 log @mail/postfix: update to 3.3.2 Changes for all supported stable releases: * Support for OpenSSL 1.1.1, and support for TLSv1.3-specific features. - Updated Postfix TLS documentation examples for TLSv1.3. See FORWARD_SECRECY_README. - New TLSv1.3-specific attributes in Postfix logging and in Postfix "Received:" message headers: key exchange, server signature, client signature. - New option to selectively disable TLSv1.3 in *_tls_protocols settings. - New server-side support to avoid issuing multiple session tickets. - New support to allow OpenSSL >= 1.1.0 run-time micro version bumps without logging Postfix warnings about library version mismatches. Fixed in all stable releases: * Bugfix: smtpd_discard_ehlo_keywords could not disable "SMTPUTF8", because some lookup table was using "EHLO_MASK_SMTPUTF8" instead. * Bugfix: minor memory leak in DANE support when minting issuer certs. This affects a tiny minority of use cases. Fixed in Postfix 3.3.2: * Bugfix: the Postfix build did not abort if the m4 command was not installed, resulting in a broken postconf command. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.16 2018/05/21 14:49:47 taca Exp $ d5 1 a5 1 DISTNAME= postfix-3.3.2 @ 1.16 log @mail/postfix: update to 3.3.1 [An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.3.1.html] Fixed in Postfix 3.3: * Postfix did not support running as a PID=1 process, which complicated Postfix deployment in containers. The "postfix start-fg" command will now run the Postfix master daemon as a PID=1 process if possible. Thanks for inputs from Andreas Schulze, Eray Aslan, and Viktor Dukhovni. * Segfault in the postconf(1) command after it could not open a Postfix database configuration file due to a file permission error (dereferencing a null pointer). Reported by Andreas Hasenack, fixed by Viktor Dukhovni. Fixed in Postfix 3.3, 3.2, 3.1, 3.0: * The luser_relay feature became a black hole, when the luser_relay parameter was set to a non-existent local address (i.e. mail disappeared silently). Reported by J?rgen Thomsen. * Missing error propagation in the tlsproxy(8) daemon could result in a segfault after TLS handshake error (dereferencing a 0xffff...ffff pointer). This daemon handles the TLS protocol when a non-whitelisted client sends a STARTTLS command to postscreen(8). @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.15 2018/03/21 15:28:45 taca Exp $ d5 1 a5 1 DISTNAME= postfix-3.3.1 @ 1.15 log @mail/postfix: update to 3.3.0 Postfix stable release 3.3.0 is available. This release ends support for legacy release Postfix 2.11. The main changes are: * Dual license: in addition to the historical IBM Public License 1.0, Postfix is now also distributed with the more recent Eclipse Public License 2.0. Recipients can choose to take the software under the license of their choice. Those who are more comfortable with the IPL can continue with that license. * The postconf command now warns about unknown parameter names in a Postfix database configuration file. As with other unknown parameter names, these warnings can help to find typos early. * Container support: Postfix 3.3 will run in the foreground with "postfix start-fg". This requires that Postfix multi-instance support is disabled (the default). To collect Postfix syslog information on the container's host, mount the host's /dev/log socket into the container, for example with "docker run -v /dev/log:/dev/log ...other options...", and specify a distinct Postfix syslog_name setting in the container (for example with "postconf syslog_name=the-name-here"). * Milter support: applications can now send RET and ENVID parameters in SMFIR_CHGFROM (change envelope sender) requests. * Postfix-generated From: headers with 'full name' information are now formatted as "From: name
" by default. Specify "header_from_format = obsolete" to get the earlier form "From: address (name)". * Interoperability: when Postfix IPv6 and IPv4 support are both enabled, the Postfix SMTP client will now relax MX preferences and attempt to schedule similar numbers of IPv4 and IPv6 addresses. This works around mail delivery problems when a destination announces lots of primary MX addresses on IPv6, but is reachable only over IPv4 (or vice versa). The new behavior is controlled with the smtp_balance_mx_inet_protocols parameter. * Compatibility safety net: with compatibility_level < 1, the Postfix SMTP server now warns for mail that would be blocked by the Postfix 2.10 smtpd_relay_restrictions feature, without blocking that mail. There still is a steady trickle of sites that upgrade from an earlier Postfix version. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.14 2018/02/25 12:27:49 taca Exp $ d5 1 a5 1 DISTNAME= postfix-3.3.0 @ 1.14 log @mail/postfix: update to 3.2.5 Update mail/postfix to 3.2.5. [An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.2.4.html] This announcement concerns fixes for problems that were introduced with Postfix 3.0 and later. Older supported releases are unaffected. Fixed in Postfix 3.1 and later: * DANE interoperability. Postfix builds with OpenSSL 1.0.0 or 1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS records associated with an intermediate CA certificate. Problem report and initial fix by Erwan Legrand. Fixed in Postfix 3.0 and later: * Missing dynamicmaps support in the Postfix sendmail command. This broke authorized_submit_users settings that use a dynamically-loaded map type. Problem reported by Ulrich Zehl. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.13 2017/12/09 02:34:48 taca Exp $ d5 1 a5 1 DISTNAME= postfix-3.2.5 @ 1.13 log @mail/postfix: Update to 3.2.4 [An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.2.4.html] This announcement concerns fixes for problems that were introduced with Postfix 3.0 and later. Older supported releases are unaffected. Fixed in Postfix 3.1 and later: * DANE interoperability. Postfix builds with OpenSSL 1.0.0 or 1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS records associated with an intermediate CA certificate. Problem report and initial fix by Erwan Legrand. Fixed in Postfix 3.0 and later: * Missing dynamicmaps support in the Postfix sendmail command. This broke authorized_submit_users settings that use a dynamically-loaded map type. Problem reported by Ulrich Zehl. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.12 2017/10/13 17:13:19 taca Exp $ d5 1 a5 1 DISTNAME= postfix-3.2.4 @ 1.12 log @pkgsrc/mail: Update to 3.2.3 [An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.2.3.html] This announcement concerns fixes for problems that were introduced with Postfix 3.2. Older releases are unaffected. Fixed in Postfix 3.2 and later: * Extension propagation was broken with "recipient_delimiter = .". This change reverts a change that was trying to be too clever. * The postqueue command would abort with a panic message after it experienced an output write error while listing the mail queue. This change restores a write error check that was lost with the Postfix 3.2 rewrite of the vbuf_print formatter. * Restored sanity checks for dynamically-specified width and precision in format strings (%*, %.*, and %*.*). These checks were lost with the Postfix 3.2 rewrite of the vbuf_print formatter. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.11 2017/06/19 06:54:15 wiz Exp $ d5 1 a5 1 DISTNAME= postfix-3.2.3 @ 1.11 log @Remove two non-working mirror sites. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.10 2017/06/17 08:02:22 taca Exp $ d5 1 a5 1 DISTNAME= postfix-3.2.2 @ 1.10 log @Update postfix to 3.2.2. pkgsrc change: Add support for NetBSD 8. This announcement (June 13, 2017) includes changes that were released with an earlier update (June 10, 2017). The announcement was postponed to avoid confusion due to repeated notification. Fixed in all supported releases: * Security: Berkeley DB versions 2 and later try to read settings from a file DB_CONFIG in the current directory. This undocumented feature may introduce undisclosed vulnerabilities resulting in privilege escalation with Postfix set-gid programs (postdrop, postqueue) before they chdir to the Postfix queue directory, and with the postmap and postalias commands depending on whether the user's current directory is writable by other users. This fix does not change Postfix behavior for Berkeley DB versions < 3, but it does reduce postmap and postalias 'create' performance with Berkeley DB versions 3.0 .. 4.6. Fixed in Postfix 3.2 and later: * The SMTP server receive_override_options were not restored at the end of an SMTP session, after the options were modified by an smtpd_milter_maps setting of "DISABLE". Milter support remained disabled for the life time of the smtpd process. * After the Postfix 3.2 address/domain table lookup overhaul, the check_sender_access and check_recipient_access features ignored a non-default parent_domain_matches_subdomains setting. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.9 2017/04/24 20:11:40 fhajny Exp $ a7 1 MASTER_SITES+= http://postfix.it-austria.net/releases/official/ a8 1 MASTER_SITES+= http://mirror.postfix.jp/postfix-release/official/ @ 1.9 log @Update mail/postfix to 3.2.0. - Elliptic curve negotiation with OpenSSL >= 1.0.2. This changes the default smtpd_tls_eecdh_grade setting to "auto", and introduces a new parameter tls_eecdh_auto_curves with the names of curves that may be negotiated. - Stored-procedure support for MySQL databases. - Cidr: table support for if/endif and negation (by prepending ! to a pattern), just like regexp: and pcre: tables. See the cidr_table(5) manpage for details. - The postmap command and the inline: and texthash: maps now support spaces in left-hand field of lookup table source text. Use double quotes (") around a left-hand field that contains spaces, and use backslash (\) to protect quotes in a left-hand field. - Support for per-client Milter configuration (smtpd_milter_maps) that overrides the main.cf smtpd_milters setting, and that has the same syntax. A lookup result of "DISABLE" turns off Milter support for that client. - The local SMTP server IP address and port are available in the policy delegation protocol (attribute names: server_address, server_port), in the Milter protocol (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol (attribute names: DESTADDR, DESTPORT). - For safety reasons, the Postfix sendmail -C option must specify an authorized directory: the default configuration directory, a directory that is listed in the default main.cf file with alternate_config_directories or multi_instance_directories, otherwise the command must be invoked with root privileges. This mitigates a recurring "jail break" problem with the PHP mail() function. - "PASS" and "STRIP" actions in header/body_checks. "STRIP" is similar to "IGNORE" but also logs the action, and "PASS" disables header, body, and Milter inspection for the remainder of the message content. - The collate.pl script by Viktor Dukhovni for grouping Postfix logfile records into "sessions" based on queue ID and process ID information, in the auxiliary/collate directory of the Postfix source tree. Disabled or removed behavior: - SMTPUTF8 support: Postfix 3.2 disables the 'transitional' compatibility between the IDNA2003 and IDNA2008 standards for internationalized domain names (domain names beyond the limits of US-ASCII). This makes Postfix behavior consistent with contemporary web browsers. - Postfix 3.2 removes tentative features that were implemented before the DANE spec was finalized: support for certificate usage PKIX-EE(1), the ability to disable digest agility, and the ability to disable support for "TLSA 2 [01] [12]" records that specify the digest of a trust anchor. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.8 2017/03/04 06:26:24 taca Exp $ d5 1 a5 1 DISTNAME= postfix-3.2.0 @ 1.8 log @Update postfix to 3.1.4. Postfix stable release 3.1.4 is available, as well as legacy releases 3.0.8 and 2.11.9. There will be no further updates for Postfix 2.10. Fixed with Postfix 3.1.4, 3.0.8, and 2.11.9: * The postscreen daemon did not merge the client test status information for concurrent sessions from the same IP address. Thus, after one session recorded its successful tests in the postscreen cache, a concurrent session from that same IP address that passed fewer tests could later "wipe out" some of that progress in the postscreen cache. The fix has proven itself for five months in the development release, and should be safe to use in the stable releases. * The Postfix SMTP server falsely rejected a sender address when validating a sender address with "smtpd_reject_unlisted_recipient = yes" or with "reject_unlisted_sender". Cause: the address validation code did not query sender_canonical_maps. * The virtual delivery agent did not detect failure to skip to the end of a mailbox file, so that mail would be delivered to the beginning of the file. This could happen when a mailbox file was already larger than the virtual mailbox size limit. * The postsuper command logged an incorrect rename operation count after creating a missing directory. Fixed with Postfix 3.1.4 and 3.0.8: * The Postfix SMTP server falsely rejected mail when a sender-dependent "error" transport was configured. Cause: the SMTP server address validation code was not updated when the sender_dependent_default_transport_maps feature was introduced. The fix has proven itself for six months in the development release, and should be safe to use in the stable releases. Unfortunately, Postfix 2.11 is too different to benefit from the same fix. * The Postfix SMTP server falsely rejected an SMTPUTF8 sender address, when "smtpd_delay_reject = no". Fixed with Postfix 3.1.4: * The "postfix tls deploy-server-cert" command used the wrong certificate and key file. This was caused by a cut-and-paste error in the postfix-tls-script file. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.7 2017/01/21 23:49:02 rillig Exp $ d5 1 a5 1 DISTNAME= postfix-3.1.4 @ 1.7 log @Fixed PKGREVISION to be only defined directly in the package Makefile. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.6 2016/10/31 04:19:07 maya Exp $ d5 1 a5 1 DISTNAME= postfix-3.1.3 @ 1.6 log @postfix: use pkgconfig instead of icu-config to find icu cflags and ldflags. should help PR pkg/51354: mail/postfix eai option does not work because of test in makedef. bump PKGREVISION @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.5 2016/10/28 16:10:51 jperkin Exp $ a5 1 PKGREVISION= 1 @ 1.5 log @Make the postfix user/group names variables. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.4 2016/10/09 12:28:19 taca Exp $ d6 1 @ 1.4 log @Update postfix to 3.1.3. Fixed with Postfix 3.1.3 and 3.0.7: * The Postfix SMTP server did not reset a previous session's failed/total command counts before rejecting a client that exceeds request or concurrency rates. This resulted in incorrect failed/total command counts being logged at the end of the rejected session. * The unionmap multi-table interface did not propagate table lookup errors, resulting in false "user unknown" responses. * The documentation was updated with a workaround for false "not found" errors with MySQL map queries that contain UTF8-encoded text. The workaround is to specify "option_group = client" in Postfix MySQL configuration files. This will be the default setting with Postfix 3.2 and later. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.3 2016/09/18 17:10:28 taca Exp $ d25 4 d91 3 a93 1 -e 's|^\(setgid_group\) =.*|\1 = maildrop|' d101 3 a103 1 -e '/^\#define DEF_SGID_GROUP[ ]/s,postdrop,maildrop,g' @ 1.3 log @Update postfix to 3.1.2. 3.1.0 The main changes in no particular order are: * "postfix tls" command to simplify setup of opportunistic TLS, and to simplify SMTP server key/certificate management. * Positive and negative DNS reply TTL support in postscreen(8). * SASL AUTH rate limit in the Postfix SMTP server. * A safety limit on the number of address verify requests. * JSON-format Postfix queue listing. * Destination-independent delivery rate delay For details, see the RELEASE_NOTES file. 3.1.1 Fixed in all supported releases: * The Milter "replace sender" (SMFIR_CHGFROM) request lost an address that was added with sender_bcc_maps, resulting in a "rcpt count mismatch" warning. Reported by Joerg Backschues. This defect was introduced with Postfix 2.6. * The "bad filetype" example in the header_checks(5) manpage falsely rejected Content- headers with ``name="example"; x-apple-part-url="example.com"''. Reported by Cedric Knight. This defect was introduced with Postfix 2.6. 3.1.2 Fixed with Postfix 3.1.2: * Changes to make Postfix build with OpenSSL 1.1.0. Fixed with Postfix 3.1.2 and 3.0.6: * The makedefs script ignored readme_directory=pathname overrides. Fix by Todd C. Olson. * The tls_session_ticket_cipher documentation says that the default cipher for TLS session tickets is aes-256-cbc, but the implemented default was aes-128-cbc. Note that TLS session ticket keys are rotated after 1/2 hour, to limit the impact of attacks on session ticket keys. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.2 2016/04/10 16:39:28 joerg Exp $ d5 1 a5 1 DISTNAME= postfix-3.1.2 @ 1.2 log @Adjust checks for _USE_DESTDIR != no or incorrect references to USE_DESTDIR. @ text @d1 1 a1 1 # $NetBSD: Makefile.common,v 1.1 2015/09/07 09:47:01 fhajny Exp $ d5 1 a5 1 DISTNAME= postfix-3.0.2 @ 1.1 log @Update mail/postfix to 3.0.2. Database and regexp map functionality is now split into separate packages: - postfix-cdb - postfix-ldap - postfix-lmdb - postfix-mysql - postfix-pcre - postfix-pgsql - postfix-sqlite Upstream changelog follows. Postfix 3.0.2 ------------- No delta against 2.11.6. Postfix 3.0.1 ------------- - Build error when compiling the Postfix SMTP server with SASL support but no TLS support. - The DNS "resource record to text" converter, used for xxx_dns_reply_filter pattern matching, appended a '.' to TXT record resource values. - The postscreen(8) manpage specified an incorrect Postfix version number for the postscreen_dnsbl_timeout parameter. - The postfix-install script expanded macros in parameter values when trying to detect parameter overrides, causing unnecessary main.cf updates during "postfix start" etc. - Some low-level cleanup of UTF-8 string handling with no visible change in behavior (besides better performance). Postfix 3.0.0 ------------- - SMTPUTF8 support for internationalized domain names and address localparts as defined in RFC 6530 and related documents. - Support for Postfix dynamically-linked libraries and database plugins. - An OPT-IN safety net for the selective adoption of new Postfix default settings. If you do nothing, the old Postfix default settings *should* remain in effect (complain to your downstream maintainer if that is not the case). - Support for operations on multiple lookup tables. The pipemap:{map1,map2...} database type implements a pipeline of lookup tables where the result from one lookup table becomes a query for the next table; the unionmap:{map1,map2,...} database type sends the @ text @d1 1 a1 1 # $NetBSD$ a117 1 .if !empty(USE_DESTDIR:M[Yy][Ee][Ss]) a118 1 .endif @