1_0_1-20010329 20010301 1_0_1-20010329 1_0_1-20010329 Feature: configurable name in syslog output (default: 1_0_1-20010329 "syslog_name = postfix") so that different Postfix instances 1_0_1-20010329 can be recognized by their logging. File: global/mail_task.c. 1_0_1-20010329 1_0_1-20010329 20010313 1_0_1-20010329 1_0_1-20010329 Workaround for logic mismatch in nqmgr that was exposed 1_0_1-20010329 with the introduction of the asynchronous bounce client. 1_0_1-20010329 Patrik Rak. 1_0_1-20010329 1_0_1-20010329 20010313 1_0_1-20010329 1_0_1-20010329 Bugfix: the RFC 822 untokenizer quoted newlines inside 1_0_1-20010329 comments. File: global/tok822_parse.c. 1_0_1-20010329 1_0_1-20010329 20010316 1_0_1-20010329 1_0_1-20010329 Cleanup: removed an extraneous warning when a queue file 1_0_1-20010329 write error happened. 1_0_1-20010329 1_0_1-20010329 20010321 1_0_1-20010329 1_0_1-20010329 Workaround: LMTP connection caching never worked for 1_0_1-20010329 destinations starting with unix: or inet:. File: 1_0_1-20010329 lmtp/lmtp_connect.c. 1_0_1-20010329 1_0_1-20010329 20010322 1_0_1-20010329 1_0_1-20010329 Portability: Solaris <2.6 does not have srandom() and 1_0_1-20010329 random() in libc. File: util/rand_sleep.c. It does not have 1_0_1-20010329 to be cryptographically strong. 1_0_1-20010329 1_0_1-20010329 Bugfix: the fast ETRN flush server could not handle [ipaddr] 1_0_1-20010329 or domain names with one-character hostname part. This 1_0_1-20010329 fix changes the destination to logfile name mapping, so 1_0_1-20010329 that you need to populate the new files with "sendmail -q". 1_0_1-20010329 The old files go away automatically. File: flush/flush.c. 1_0_1-20010329 1_0_1-20010329 20010327 1_0_1-20010329 1_0_1-20010329 Speed up mailq (sendmail -bp) display by flushing output 1_0_1-20010329 after each file. File: showq/showq.c. 1_0_1-20010329 1_0_1-20010329 Portability: missing string.h includes, %p wants (void *), 1_0_1-20010329 Lamont Jones, HP. 1_0_1-20010329 1_0_1-20010329 20010328 1_0_1-20010329 1_0_1-20010329 Bugfix: swapped logic caused cleanup to stall when the 1_0_1-20010329 queue file size exceeded the file size limit by less than 1_0_1-20010329 one the VSTREAM buffer size, so that the "file too big" 1_0_1-20010329 was detected after flushing the last queue file record. 1_0_1-20010329 File: cleanup/cleanup.c. 1_0_1-20010329 1_0_1-20010329 20010329 1_0_1-20010329 1_0_1-20010329 Portability: workaround for missing prototype problem in 1_0_1-20010329 dict_ldap.c. This module should move to the global directory, 1_0_1-20010329 because it depends on Postfix main.cf parameter information. 1_0_1-20010329 1_0_1-20010329 Workaround: after sending a trigger message over a socket, 1_0_1-20010329 do not immediately close the client side, but close it from 1_0_1-20010329 a background thread that waits until the server closes the 1_0_1-20010329 socket first. This avoids trouble with socket implementations 1_0_1-20010329 that destroy a socket when the client closes a socket 1_0_1-20010329 before the server has received the client's data. Files: 1_0_1-20010329 util/{inet,unix,stream}_trigger.c, util/events.c, 1_0_1-20010329 master/master_trigger.c, postkick/postkick.c. 1_0_2-20010502 1_0_2-20010502 20010403 1_0_2-20010502 1_0_2-20010502 Workaround: the mysql library can return null pointers 1_0_2-20010502 rather than zero-length strings. File: util/dict_mysql.c. 1_0_2-20010502 1_0_2-20010502 20010404 1_0_2-20010502 1_0_2-20010502 Ergonomics: log additional information about the reason 1_0_2-20010502 why "mail for XXX loops back to myself" when the local 1_0_2-20010502 machine is the best MX host. File: smtp/smtp_addr.c. 1_0_2-20010502 1_0_2-20010502 20010406 1_0_2-20010502 1_0_2-20010502 Changed some noisy LDAP client warnings into optional 1_0_2-20010502 logging. LaMont Jones, util/dict_ldap.c. 1_0_2-20010502 1_0_2-20010502 20010411 1_0_2-20010502 1_0_2-20010502 Bugfix: the SMTP server now replies with 550 instead of 1_0_2-20010502 503 when it receives the DATA command without having received 1_0_2-20010502 a valid recipient address. This is needed for the Sendmail 1_0_2-20010502 client-side pipelining implementation. Problem reported by 1_0_2-20010502 Lutz Jaenicke. File: smtpd/smtpd.c. 1_0_2-20010502 1_0_2-20010502 Cleanup: shut up if chattr fails on Reiserfs and other file 1_0_2-20010502 systems that do not support the respective attributes. 1_0_2-20010502 Files: conf/postfix-script-{no,}sgid. 1_0_2-20010502 1_0_2-20010502 20010413 1_0_2-20010502 1_0_2-20010502 Ergonomics: Postfix applications now warn when a DB or DBM 1_0_2-20010502 file is out of date, and recommend to rebuild the table. 1_0_2-20010502 Files: util/dict_db.c, util/dict_dbm.c. 1_0_2-20010502 1_0_2-20010502 20010414 1_0_2-20010502 1_0_2-20010502 Feature: specify a key of "-" to the postmap or postalias 1_0_2-20010502 -q or -d option, and the keys will be read from standard 1_0_2-20010502 input, one key per line. Files: postmap/postmap.c, 1_0_2-20010502 postalias/postalias.c. 1_0_2-20010502 1_0_2-20010502 Bugfix: with a non-default inet_interfaces setting, the 1_0_2-20010502 master ignored host information in master.cf host:port 1_0_2-20010502 settings. Fix by Jun-ichiro itojun Hagino @ iijlab.net. 1_0_2-20010502 Files: master/master.h, master/master_ent.c. 1_0_2-20010502 1_0_2-20010502 20010426 1_0_2-20010502 1_0_2-20010502 Bugfix: the SMTP server did not parse invalid MAIL FROM or 1_0_2-20010502 RCPT TO addresses such as > the 1_0_2-20010502 way it was supposed to do. I thought this was taken care 1_0_2-20010502 of years ago. File: smtpd/smtpd.c. 1_0_2-20010502 1_0_2-20010502 20010427 1_0_2-20010502 1_0_2-20010502 Bugfix: smtpd would reject mail instead of replying with 1_0_2-20010502 a 4xx temporary error code when, for example, an LDAP or 1_0_2-20010502 mysql server was unavailable. Remotely based on a fix by 1_0_2-20010502 Robert Kiessling @ de.easynet.net. File: smtpd/smtpd_check.c. 1_0_2-20010502 1_0_2-20010502 20010429 1_0_2-20010502 1_0_2-20010502 Feature: the Postfix SMTP client now by default randomly 1_0_2-20010502 shuffles destination IP addresses of equal preference. 1_0_2-20010502 Specify "smtp_randomize_addresses = no" to disable. 1_0_2-20010502 Shuffling code by Elias Levy @ SecurityFocus.com Files: 1_0_2-20010502 dns/dns_rr.c, smtp/smtp_addr.c. 1_0_2-20010502 1_0_2-20010502 20010501 1_0_2-20010502 1_0_2-20010502 Bugfix: The SMTP server's 550 in reply to DATA should be 1_0_2-20010502 a 554 response. And it wasn't Sendmail. Claus Assman. 1_0_2-20010502 1_0_2-20010502 Bugfix: the INSTALL.sh test for non-interactive upgrade 1_0_2-20010502 broke rooted installations that specify settings via the 1_0_2-20010502 environment. Simon Mudd. 1_0_2-20010502 1_0_2-20010502 Bugfix: mailq output is now really flushed one message at 1_0_2-20010502 a time. File: sendmail/sendmail.c. 1_0_2-20010502 1_0_2-20010502 Feature: "postsuper -d queueID" deletes one message queue 1_0_2-20010502 file; "postsuper -d -" reads zero or more queue IDs from 1_0_2-20010502 standard input, and deletes one instance of each file. 1_0_2-20010502 File: postsuper/postsuper.c. 1_0_2-20010502 1_0_2-20010502 Code cleanup: in order to make postsuper -d safe with a 1_0_2-20010502 running Postfix mail system, some routines had to be made 1_0_2-20010502 tolerant for sudden queue file disappearances. Files: 1_0_2-20010502 global/deliver_request.c, *qmgr/qmgr_move.c. 1_0_2-20010502 1_0_2-20010502 Code cleanup: in order to make postsuper -d more usable, 1_0_2-20010502 the showq command was extended to safely list the possibly 1_0_2-20010502 world-writable maildrop directory. File: showq/showq.c. 1_0_3-20010525 1_0_3-20010525 20010504 1_0_3-20010525 1_0_3-20010525 Feature: postsuper -d will also delete defer and bounce 1_0_3-20010525 logfiles when the named queue file is found. 1_0_3-20010525 1_0_3-20010525 20010505 1_0_3-20010525 1_0_3-20010525 RFC 2821 feature: an SMTP server must reset all buffers 1_0_3-20010525 upon receipt of EHLO. File: smtpd/smtpd_check.c. 1_0_3-20010525 1_0_3-20010525 RFC 2821 feature: an SMTP server must accept a recipient 1_0_3-20010525 address of "postmaster" without domain name. File: 1_0_3-20010525 smtpd/smtpd_check.c. 1_0_3-20010525 1_0_3-20010525 RFC 2821 recommendation: reply with 503 to commands sent 1_0_3-20010525 after 554 greeting. File: smtpd/smtpd.c. 1_0_3-20010525 1_0_3-20010525 RFC 2821 recommendation: if VRFY is enabled, list it in 1_0_3-20010525 the EHLO response. File: smtpd/smtpd.c. 1_0_3-20010525 1_0_3-20010525 RFC 2821 recommendation: SMTP clients should use EHLO. 1_0_3-20010525 The default setting of smtp_always_send_ehlo has changed 1_0_3-20010525 from 0 (send EHLO if server greets with ESMTP) to 1 (always 1_0_3-20010525 send EHLO). In all cases, Postfix falls back to HELO if 1_0_3-20010525 the server does not support EHLO. File: smtp/smtp_proto.c. 1_0_3-20010525 1_0_3-20010525 20010507 1_0_3-20010525 1_0_3-20010525 Bugfix: with soft_bounce=yes, the SMTP server would log 1_0_3-20010525 5xx replies even though it would send 4xx replies to the 1_0_3-20010525 client (Phil Howard, ipal.net). File: smtpd/smtpd_check.c. 1_0_3-20010525 1_0_3-20010525 20010515 1_0_3-20010525 1_0_3-20010525 Compatibility: Microsoft sends "AUTH=MBS_BASIC LOGIN". 1_0_3-20010525 Updated the parsing code in smtp/smtp_proto.c. Problem 1_0_3-20010525 reported by Ralf Tessmann, Godot GmbH. 1_0_3-20010525 1_0_3-20010525 20010520 1_0_3-20010525 1_0_3-20010525 Standard: deleted the non-standard "via" portion from 1_0_3-20010525 Received: headers generated by Postfix bounce or other 1_0_3-20010525 notification processes. File: global/post_mail.c. 1_0_3-20010525 1_0_3-20010525 Robustness: eliminated stack-based recursion from the RFC 1_0_3-20010525 822 address parser. File: global/tok822_parse.c. 1_0_3-20010525 1_0_3-20010525 Standard: annotated the source code with comments based on 1_0_3-20010525 RFC 2821 and 2822. Not all the RFC changes make sense. 1_0_3-20010525 1_0_3-20010525 RFC 2821 recommendation: treat a RCPT 552 reply as if the 1_0_3-20010525 server sent 452. Files: smtp/smtp_proto.c, lmtp/lmtp_proto.c. 1_0_3-20010525 1_0_3-20010525 Cleanup: moved ownership of the debug_peer parameters from 1_0_3-20010525 the applications to the library, so that a Postfix shared 1_0_3-20010525 library does not suffer from undefined references. Files: 1_0_3-20010525 smtp/smtp.c, lmtp/lmtp.c, smtpd/smtpd.c, global/mail_params.c. 1_0_3-20010525 LaMont Jones, for Debian. 1_0_3-20010525 1_0_3-20010525 20010522 1_0_3-20010525 1_0_3-20010525 Feature: "postsuper -r queueID" re-queues a message, and 1_0_3-20010525 "postsuper -r ALL" re-queues all mail. The message is moved 1_0_3-20010525 to the maildrop queue so that the pickup daemon will copy 1_0_3-20010525 it to a new queue file, and so that address rewriting will 1_0_3-20010525 be done again. This is useful after changes of address 1_0_3-20010525 rewriting or virtual mappings. 1_0_3-20010525 1_0_3-20010525 Feature: "postsuper -d ALL [queue-name]" deletes a bunch 1_0_3-20010525 of mail. 1_0_3-20010525 1_0_3-20010525 20010523 1_0_3-20010525 1_0_3-20010525 Feature: "postsuper -s" (which is done by default) renames 1_0_3-20010525 queue files whose name (queue ID) does not match the message 1_0_3-20010525 file inode number. 1_0_3-20010525 1_0_3-20010525 Bugfix: memory leak in the LDAP client module. Alain 1_0_3-20010525 Thivillon, France Teaser - Groupe Firstream. 1_0_3-20010525 1_0_3-20010525 20010525 1_0_3-20010525 1_0_3-20010525 Portability: gcc 2.6.3 does not have __attribute__ (Clive 1_0_3-20010525 Jones, dgw.co.uk). File: util/sys_defs.h. 1_0_3-20010525 1_0_3-20010525 Bugfix: the SMTP and LMTP clients claimed that a queue file 1_0_3-20010525 needed to be delivered again (even when all recipients were 1_0_3-20010525 erased from the queue file) when no QUIT or RSET reply was 1_0_3-20010525 received (by default, this does not happen with SMTP mail 1_0_3-20010525 because the SMTP client does not wait for QUIT replies and 1_0_3-20010525 does not send RSET to deliver mail). As a result of the 1_0_3-20010525 same bug the LMTP client followed a dangling pointer when 1_0_3-20010525 sending QUIT after process idle timeout while the LMTP 1_0_3-20010525 server had disconnected. Files: smtp/smtp_proto.c, 1_0_3-20010525 lmtp/lmtp_proto.c. 1_0_3-20010610 1_0_3-20010610 20010526 1_0_3-20010610 1_0_3-20010610 newaliases no longer complains when an empty list is 1_0_3-20010610 specified with the alias_database configuration parameter. 1_0_3-20010610 File: sendmail/sendmail.c. 1_0_3-20010610 1_0_3-20010610 20010529 1_0_3-20010610 1_0_3-20010610 Workaround: old PIX firewall code messes up when the final 1_0_3-20010610 "." at the end of DATA spans a packet boundary. 1_0_3-20010610 When Postfix detects PIX SMTP fixup mode, Postfix flushes 1_0_3-20010610 the output buffers before sending the final ".". 1_0_3-20010610 File: smtp/smtp_proto.c. 1_0_3-20010610 1_0_3-20010610 20010530 1_0_3-20010610 1_0_3-20010610 Portability: updated code for Mac OS X, accounting for the 1_0_3-20010610 post-Beta changes. Code by Joe Block, UCF School of 1_0_3-20010610 Optics/CREOL. 1_0_3-20010610 1_0_3-20010610 20010601 1_0_3-20010610 1_0_3-20010610 Safety: postdrop turns off interrupts when cleaning up 1_0_3-20010610 after interrupt. The additional safety does not hurt anyone. 1_0_3-20010610 File: src/postdrop/postdrop.c. 1_0_3-20010610 1_0_3-20010610 20010607 1_0_3-20010610 1_0_3-20010610 Safety: dropped the RFC 2821 compliant code that treats 1_0_3-20010610 552 RCPT TO replies as 452. It created more problems than 1_0_3-20010610 it solved. Files: smtp/smtp_proto.c, lmtp/lmtp_proto.c. 1_0_3-20010610 1_0_3-20010610 Logging: the SMTP server now logs a warning if RBL lookups 1_0_3-20010610 have problems other than "not found". file: smtpd/smtpd_check.c. 1_0_3-20010610 1_0_3-20010610 20010610 1_0_3-20010610 1_0_3-20010610 Feature: address quoting and case folding flags for the 1_0_3-20010610 pipe(8) mailer. 1_0_3-20010709 1_0_3-20010709 20010611 1_0_3-20010709 1_0_3-20010709 Workaround: some MTAs fall on their face when they receive 1_0_3-20010709 unexpectedly long lines. From now on, Postfix defaults to 1_0_3-20010709 breaking long lines at 2048 (like Sendmail so it has got to 1_0_3-20010709 be right). To get the old, content preserving, behavior 1_0_3-20010709 specify "smtp_truncate_lines = no". File: smtp/smtp_proto.c. 1_0_3-20010709 1_0_3-20010709 20010614 1_0_3-20010709 1_0_3-20010709 Bugfix: did not really undo 2821 552->452 mapping. 1_0_3-20010709 1_0_3-20010709 20010628 1_0_3-20010709 1_0_3-20010709 Bugfix: postfix-script used a hard-coded maildrop group 1_0_3-20010709 owner instead of using the install-time specified name 1_0_3-20010709 stored in /etc/postfix/install.cf. Problem reported by 1_0_3-20010709 David Terrell @ meat.net. 1_0_3-20010709 1_0_3-20010709 20010701 1_0_3-20010709 1_0_3-20010709 Feature: mail_spool_directory ending in / causes maildir 1_0_3-20010709 style delivery. 1_0_3-20010709 1_0_3-20010709 Bugfix: the FreeBSD kernel parameters kern.ipc.nmbclusters 1_0_3-20010709 and kern.ipc.maxsockets cannot be set with sysctl commands. 1_0_3-20010709 File: html/faq.html. Len Conrad @ Go2France.com. 1_0_3-20010709 1_0_3-20010709 Cleanup: the virtual delivery agent was poorly integrated 1_0_3-20010709 so that the SMTP server and queue manager did not reject 1_0_3-20010709 mail for unknown users. Files: smtpd/smtpd_check.c. 1_0_3-20010709 1_0_3-20010709 20010705 1_0_3-20010709 1_0_3-20010709 Feature: QMQP server, compatible with qmail and the ezmlm 1_0_3-20010709 list manager. Files: util/netstring.[hc], qmqpd/qmqpd*.c. 1_0_3-20010709 1_0_3-20010709 20010706 1_0_3-20010709 1_0_3-20010709 Feature: QMQP stress test message generator program. Files: 1_0_3-20010709 smtpstone/qmqp-source.c, smtpstone/qmqp-sink.c. 1_0_3-20010709 1_0_3-20010709 20010708 1_0_3-20010709 1_0_3-20010709 Bugfix: with disable_dns=yes, the SMTP client treated all 1_0_3-20010709 host lookup errors as permanent. File: smtp/smtp_addr.c. 1_0_3-20010709 1_0_3-20010709 20010709 1_0_3-20010709 1_0_3-20010709 Feature: VERP support, based on a patch by Peng Yong, and 1_0_3-20010709 with the missing parts filled in so that the Postfix bounce 1_0_3-20010709 daemon can send one VERP bounce per undeliverable recipient. 1_0_3-20010709 Files: , sendmail/sendmail.c, smtpd/smtpd.c, qmgr/qmgr_deliver.c, 1_0_3-20010709 bounce/bounce_notify_verp.c, qmqpd/qmqpd.c, plus a couple 1_0_3-20010709 support routines in the global library. 1_0_3-20010709 1_0_3-20010709 Cleanup: with recipient_delimiter=+ (or any character other 1_0_3-20010709 than -) Postfix will now recognize address extensions even 1_0_3-20010709 with owner-foo+extension addresses. This is necessary to 1_0_3-20010709 make VERP work for mailing lists. 1_0_3-20010714 1_0_3-20010714 20010710 1_0_3-20010714 1_0_3-20010714 Bugfix: potential memory leak in the queue managers with 1_0_3-20010714 the new VERP delimiter record. Fix by Patrik Rak. 1_0_3-20010714 1_0_3-20010714 20010711 1_0_3-20010714 1_0_3-20010714 Cleanup: you can now specify the VERP delimiter characters 1_0_3-20010714 on the sendmail(1) command line, but they are still optional. 1_0_3-20010714 1_0_3-20010714 Safety: with maildir style delivery and with hashed mailboxes 1_0_3-20010714 the system mail spool directory must not be world writable. 1_0_3-20010714 1_0_3-20010714 20010713 1_0_3-20010714 1_0_3-20010714 Safety: the verp_delimiter_filter parameter (default: -=+) 1_0_3-20010714 limits what characters Postfix accepts as VERP delimiter 1_0_3-20010714 characters. 1_0_3-20010714 1_0_3-20010714 20010714 1_0_3-20010714 1_0_3-20010714 Logging: the queue manager now logs a "status=expired" 1_0_3-20010714 record when it returns a message that is too old. Files: 1_0_3-20010714 *qmgr/qmgr_active.c. 1_0_4-20010808 1_0_4-20010808 20010719 1_0_4-20010808 1_0_4-20010808 Feature: stiffer coupling between mail receiving rates and 1_0_4-20010808 mail delivery rates, using a trivial token-based scheme, 1_0_4-20010808 implemented by reading and writing an in-memory pipe. The 1_0_4-20010808 queue manager produces one token when it retrieves mail 1_0_4-20010808 from the incoming queue. The cleanup daemon consumes one 1_0_4-20010808 token when it adds mail to the incoming queue. If no token 1_0_4-20010808 is available the cleanup server pauses for $in_flow_delay 1_0_4-20010808 seconds and proceeds anyway. The delay allows mail sending 1_0_4-20010808 process to catch up and access the disk while not blocking 1_0_4-20010808 inbound mail. Valid delays are 0..10 seconds. 1_0_4-20010808 1_0_4-20010808 20010727 1_0_4-20010808 1_0_4-20010808 Bugfix: updated LDAP client module from LaMont Jones, HP. 1_0_4-20010808 This also introduces new LDAP query filter patterns: %u 1_0_4-20010808 (address localpart) and %d (domain part). Files: 1_0_4-20010808 conf/sample-ldap.cf, util/dict_ldap.c. 1_0_4-20010808 1_0_4-20010808 20010729 1_0_4-20010808 1_0_4-20010808 Bugfix: recursive smtpd_whatever_restrictions clobbered 1_0_4-20010808 intermediate results when switching between sender and 1_0_4-20010808 recipient address restrictions. Problem found by Victor 1_0_4-20010808 Duchovni, morganstanley.com. In order to fix, introduced 1_0_4-20010808 address resolver result caching, which should also help to 1_0_4-20010808 speed up sender/recipient address restriction processing. 1_0_4-20010808 1_0_4-20010808 Bugfix: the not yet announced DUNNO access table lookup 1_0_4-20010808 result did not prevent lookups with substrings of the same 1_0_4-20010808 lookup key. Found by Victor Duchovni, morganstanley.com. 1_0_4-20010808 1_0_4-20010808 20010730 1_0_4-20010808 1_0_4-20010808 Robustness: trim trailing whitespace from regexp and pcre 1_0_4-20010808 right-hand sides, for consistency with DB/DBM tables. 1_0_4-20010808 Files: util/dict_pcre.c, util/dict_regexp.c. 1_0_4-20010808 1_0_4-20010808 20010731 1_0_4-20010808 1_0_4-20010808 Robustness: eliminate duplicate IP addresses after expansion 1_0_4-20010808 of hostnames in $inet_interfaces, so that Postfix does not 1_0_4-20010808 suddenly refuse to start up after someone changes the DNS. 1_0_4-20010808 Files: util/inet_addr_list.c global/own_inet_addr.c. 1_0_4-20010808 1_0_4-20010808 Feature: specify "disable_verp_bounces = yes" to have 1_0_4-20010808 Postfix send one RFC-standard, non-VERP, bounce report for 1_0_4-20010808 multi-recipient mail, even when VERP style delivery was 1_0_4-20010808 requested. 1_0_4-20010808 1_0_4-20010808 20010801 1_0_4-20010808 1_0_4-20010808 Bugfix: postconf was using unexpanded values internally 1_0_4-20010808 for myhostname, inet_interfaces, and mynetworks_style. 1_0_4-20010808 This broke the "postconf -d" mynetworks computation. File: 1_0_4-20010808 postconf/postconf.c. 1_0_4-20010808 1_0_4-20010808 20010803 1_0_4-20010808 1_0_4-20010808 Feature: masquerade_classes parameter for fine control of 1_0_4-20010808 address masquerading. The default setting is backwards 1_0_4-20010808 compatible: envelope_sender header_sender header_recipient. 1_0_4-20010808 Files: cleanup/whatever.c. 1_0_5-20011008 1_0_5-20011008 20010822 1_0_5-20011008 1_0_5-20011008 Code cleanup: the bounce daemon complained about data that 1_0_5-20011008 it was not going to send back anyway. Fix: stop reading 1_0_5-20011008 the original message when the bounce message reaches the 1_0_5-20011008 bounce message size limit. File: bounce/bounce_notify_util.c. 1_0_5-20011008 1_0_5-20011008 20010826 1_0_5-20011008 1_0_5-20011008 Logging: postsuper now logs the queue ID when it requeues 1_0_5-20011008 a message, or when it deletes a message from the mail queue. 1_0_5-20011008 File: postsuper/postsuper.c. 1_0_5-20011008 1_0_5-20011008 20010830 1_0_5-20011008 1_0_5-20011008 Safety: the SMTP server now sends a 4xx (try again later) 1_0_5-20011008 response when an UCE restriction is misconfigured, instead 1_0_5-20011008 of ignoring the bad restriction and possibly accepting mail 1_0_5-20011008 that it should not accept. File: smtpd/smtpd_check.c. 1_0_5-20011008 1_0_5-20011008 20010907 1_0_5-20011008 1_0_5-20011008 Workaround: the Postfix qmqp-source program produced mail 1_0_5-20011008 not ending in newline. qmail-qmqpd accepts such mail, but 1_0_5-20011008 qmail-remote is unable to deliver it. Matthias Andree, 1_0_5-20011008 uni-dortmund.de. File: smtpstone/qmqp-source.c. 1_0_5-20011008 1_0_5-20011008 20010910 1_0_5-20011008 1_0_5-20011008 Bugfix: the smtp-sink stress test program broke when RCPT 1_0_5-20011008 TO commands crossed network packet boundaries. Problem 1_0_5-20011008 reported by Matthias Andree, uni-dortmund.de. File: 1_0_5-20011008 smtpstone/smtp-sink.c. 1_0_5-20011008 1_0_5-20011008 20010917 1_0_5-20011008 1_0_5-20011008 Code cleanup: permit_mx_backup implements the old behavior 1_0_5-20011008 (accept mail if the local MTA is MX relay), and allows an 1_0_5-20011008 additional restriction via the permit_mx_backup_networks 1_0_5-20011008 parameter (accept mail only if the primary MX hosts match 1_0_5-20011008 the specified list of network blocks). This second restriction 1_0_5-20011008 is now entirely optional, for backwards compatibility. 1_0_5-20011008 1_0_5-20011008 Bugfix: an address extension could be appended multiple 1_0_5-20011008 times to the result of a canonical or virtual map lookup. 1_0_5-20011008 File: global/mail_addr_map.c. Fix by Victor Duchovni, 1_0_5-20011008 Morgan Stanley. 1_0_5-20011008 1_0_5-20011008 Bugfix: split_addr() would split an address even when there 1_0_5-20011008 was no data before the recipient delimiter. In combination 1_0_5-20011008 with the above bug, this could cause an address to grow 1_0_5-20011008 exponentially in size. Problem reported by Victor Duchovni, 1_0_5-20011008 Morgan Stanley. File: global/split_addr.c. 1_0_5-20011008 1_0_5-20011008 20010918 1_0_5-20011008 1_0_5-20011008 Bugfix: the mail_addr_map() fix was almost but not quite 1_0_5-20011008 right. It took two clever people and several iterations of 1_0_5-20011008 email to really fix the mail_addr_map() problem. Thanks 1_0_5-20011008 to Victor Duchovni and Liviu Daia. 1_0_5-20011008 1_0_5-20011008 20011006 1_0_5-20011008 1_0_5-20011008 Cleanup: Postfix no longer flushes the whole deferred queue 1_0_5-20011008 after an ETRN request for a random domain name (i.e. a 1_0_5-20011008 domain name not matched by $fast_flush_domains); the SMTP 1_0_5-20011008 server instead replies with "459 service unavailable". 1_0_5-20011008 Files: smtpd/smtpd.c, global/flush_clnt.c, flush/flush.c. 1_0_5-20011008 1_0_5-20011008 20011008 1_0_5-20011008 1_0_5-20011008 Bugfix: there was a minute memory leak when an smtpd access 1_0_6-20011104 restriction was misconfigured. File: smtpd/smtpd_check.c. 1_0_6-20011104 1_0_6-20011104 20011010 1_0_6-20011104 1_0_6-20011104 Code cleanup: Postfix daemons now print the name of the 1_0_6-20011104 UNIX-domain socket (instead of "unknown stream") in case 1_0_6-20011104 of a malformed client request. Files: master/*server.c. 1_0_6-20011104 1_0_6-20011104 20011010-14 1_0_6-20011104 1_0_6-20011104 Code cleanup: replaced the ugly mail_print() and mail-scan() 1_0_6-20011104 protocols by (name,value) attribute lists. This gives better 1_0_6-20011104 error detection when we make changes to internal protocols, 1_0_6-20011104 and allows new attributes to be introduced without breaking 1_0_6-20011104 everything immediately. Files: util/attr_print.c util/attr_scan.c 1_0_6-20011104 global/mail_command_server.c global/mail_command_client.c 1_0_6-20011104 as wel as most Postfix applications and daemons. 1_0_6-20011104 1_0_6-20011104 20011015 1_0_6-20011104 1_0_6-20011104 Put base 64 encoding into place on the replaced internal 1_0_6-20011104 protocols. Files: util/base64_code.[hc]. 1_0_6-20011104 1_0_6-20011104 Feature: header/body REJECT rules can now provide text that 1_0_6-20011104 is sent to the originator. Files: cleanup/cleanup.c, 1_0_6-20011104 cleanup/cleanup_message.c, conf/sample-filter.cf. 1_0_6-20011104 1_0_6-20011104 20011016 1_0_6-20011104 1_0_6-20011104 Bugfix: As of 20000625, Errors-To: was broken, because the 1_0_6-20011104 code to extract the address was not moved from recipient 1_0_6-20011104 address rewriting to sender address rewriting. Problem 1_0_6-20011104 reported by Roelof Osinga @ nisser.com. File: 1_0_6-20011104 cleanup/cleanup_message.c. 1_0_6-20011104 1_0_6-20011104 20011029 1_0_6-20011104 1_0_6-20011104 Bugfix: virtual map expansion terminated early because the 1_0_6-20011104 detection of self-referential entries was flawed. File: 1_0_6-20011104 cleanup/cleanup_map1n.c. 1_0_6-20011104 1_0_6-20011104 20011031 1_0_6-20011104 1_0_6-20011104 Bugfix: mail_date() mis-formatted negative time zone offsets 1_0_6-20011104 with fractional hours (-03-30 instead of -0330). Fix by 1_0_6-20011104 Chad House, greyfirst.ca. File: global/mail_date.c. 1_0_6-20011104 1_0_6-20011104 20011102 1_0_6-20011104 1_0_6-20011104 Feature: new -f option to postmap and postalias (do not 1_0_6-20011104 lowercase the lookup key while creating a table). Files: 1_0_6-20011104 util/dict.h postmap/postmap.c postalias/postalias.c. 1_0_6-20011104 1_0_6-20011104 Code cleanup: simplified the attribute print/scan routines, 1_0_6-20011104 and removed the never-used support for sending and receiving 1_0_6-20011104 integer arrays and string arrays. Files: util/attr_print.c, 1_0_6-20011104 util/attr_scan.c. 1_0_6-20011104 1_0_6-20011104 Bugfix: qmqpd could read past the end of a string while 1_0_6-20011104 looking for qmail's VERP magic token in the envelope sender 1_0_6-20011104 address. File: qmqpd/qmqpd.c. 1_0_6-20011104 1_0_6-20011104 Code cleanup: finished testing the new internal protocols. 1_0_6-20011104 The only bug was with the flush server, which still needs 1_0_6-20011104 to support the old (string + null byte) protocol for triggers 1_0_6-20011104 from the Postfix master daemon. 1_0_6-20011104 1_0_6-20011104 20011103 1_0_6-20011104 1_0_6-20011104 Bugfix: Postfix would log the wrong error text when locally 1_0_6-20011104 submitted mail was deferred due to "soft_bounce = yes". 1_0_6-20011104 1_0_6-20011104 Bugfix: The LDAP client dropped any entries that don't have 1_0_6-20011104 the result_attribute, but errored out when a DN didn't 1_0_6-20011104 exist. The behavior is now consistent: treat non-existant 1_0_6-20011104 DN's in a special result attribute expansion the same as 1_0_6-20011104 DN's with no attribute. LaMont Jones, HP. 1_0_6-20011104 1_0_6-20011104 20011104 1_0_6-20011104 1_0_6-20011104 Bugfix: the new smtp-sink -n option (terminate after the 1_0_6-20011104 specified number of deliveries) wasn't optional. 1_0_6-20011104 1_0_6-20011104 Portability: updated Mac OS X documentation and install 1_0_6-20011104 scripts by Gerben Wierda. 1_0_6-20011105 1_0_6-20011105 20011105 1_0_6-20011105 1_0_6-20011105 Bugfix: missing terminator in new attribute-based function 1_0_6-20011105 call caused signal 11. File: src/cleanup/cleanup.c. 1_0_6-20011105 1_0_8-20011121 Lame workaround for ESTALE errors with mail delivery over 1_0_8-20011121 NFS. Additional bandages were added to the local delivery 1_0_8-20011121 agent. However, Wietse maintains that Postfix offers no 1_0_8-20011121 guarantee for reliable delivery over NFS. 1_0_8-20011121 1_0_8-20011121 Feature: put "warn_if_reject" before an smtpd restriction, 1_0_8-20011121 and that restriction logs warnings without rejecting mail. 1_0_8-20011121 This makes it easier to test configurations "live" without 1_0_8-20011121 having to lose mail. File: smtpd/smtpd_check.c. 1_0_8-20011121 1_0_8-20011121 20011107 1_0_8-20011121 1_0_8-20011121 Workaround: in order to get mail past PIX firewall bugs, 1_0_8-20011121 the Postfix SMTP client now blocks until the socket send 1_0_8-20011121 buffer is empty before sending the final ".". Files: 1_0_8-20011121 util/sock_empty_wait.c, smtp/smtp_proto.c. Changed into 1_0_8-20011121 sleep(10) on 20011119. Sleep suggested by Hobbit. 1_0_8-20011121 1_0_8-20011121 20011108 1_0_8-20011121 1_0_8-20011121 Feature: added string-null encoding for internal protocols. 1_0_8-20011121 Files: util/attr_print0.c, util/attr_scan0.c. 1_0_8-20011121 1_0_8-20011121 Feature: configurable parent domain matching for domain 1_0_8-20011121 and hostname/address match lists: either .domain or the 1_0_8-20011121 domain name itself. Files: util/match_ops.c util/match_list.c 1_0_8-20011121 1_0_8-20011121 Feature: added pretend-to-be-behind-PIX mode to the smtp-sink 1_0_8-20011121 test program, in order to stress test some PIX bug workaround 1_0_8-20011121 code. 1_0_8-20011121 1_0_8-20011121 20011109 1_0_8-20011121 1_0_8-20011121 Workaround: Linux and Solaris systems have no reasonable 1_0_8-20011121 way to block until a socket drains. On these systems Postfix 1_0_8-20011121 simply waits for 10 seconds, in order to work around PIX 1_0_8-20011121 "." bugs. File: util/sock_empty_wait.c. 1_0_8-20011121 1_0_7-20011114 20011114 1_0_7-20011114 1_0_7-20011114 Bugfix: reset the smtpd command transaction log between 1_0_7-20011114 deliveries. File: smtpd/smtpd.c. 1_0_7-20011114 1_0_8-20011121 20011115 1_0_8-20011121 1_0_8-20011121 Feature: mailbox_command_maps no longer requires that every 1_0_8-20011121 user has an entry. If the user does not have a command 1_0_8-20011121 entry, the local delivery agent tries the other delivery 1_0_8-20011121 methods (mailbox_command, home_mailbox). File: local/mailbox.c. 1_0_8-20011121 1_0_8-20011115 Bugfix: reset the smtpd command transaction log between 1_0_8-20011115 non-deliveries. File: smtpd/smtpd.c. 1_0_8-20011115 1_0_8-20011116 20011116 1_0_8-20011116 1_0_8-20011116 Bugfix: consolidated all the command transaction log resets 1_0_8-20011116 and eliminated one missing reset (Victor Duchovni, Morgan 1_0_8-20011116 Stanley). File: smtpd/smtpd.c. 1_0_8-20011121 1_0_8-20011121 20011118 1_0_8-20011121 1_0_8-20011121 Cleanup: replaced unnecessary match_list wrapper code by 1_0_8-20011121 macros. Files: global/{string,domain,namadr}_list.[hc]. 1_0_8-20011121 1_0_8-20011121 20011119 1_0_8-20011121 1_0_8-20011121 Feature: configurable parent domain matching strategy for 1_0_8-20011121 transport map lookups. File: trivial-rewrite/transport.c. 1_0_8-20011121 1_0_8-20011121 New parent_domain_matches_subdomains parameter. This lists 1_0_8-20011121 all the Postfix features where a domain name matches itself 1_0_8-20011121 and all its subdomains (instead of requiring ".domain.name" 1_0_8-20011121 for subdomain matches). Planning for future backwards 1_0_8-20011121 compatibility :-) File: global/match_parent_style.c. 1_0_8-20011121 1_0_8-20011121 Workaround: simplified the PIX "." bug to always 1_0_8-20011121 sleep for 10 seconds. File: smtp/smtp_proto.c. 1_0_8-20011120 1_0_8-20011120 20011120 1_0_8-20011120 1_0_8-20011120 Workaround: disable attribute string length restriction so 1_0_8-20011120 that trivial-rewrite does not refuse to rewrite broken mail 1_0_8-20011121 headers. Files: util/attr_scan*.c. 1_0_8-20011121 1_0_8-20011121 20011121 1_0_8-20011121 1_0_8-20011121 Bugfix: missing long integer support in the new IPC protocols. 1_0_8-20011121 Files: util/attr_scan*.c, util/attr_print*.c. 1_0_8-20011125 1_0_8-20011125 Portability: AIX5 (Adrian P. van Bloois), MAC OS X 10.1.1 1_0_8-20011125 (Gerben Wierda). 1_0_8-20011125 1_0_8-20011125 20011125 1_0_8-20011125 1_0_8-20011125 Bugfix: spurious postmaster notifications because some flag 1_0_8-20011125 was not reset. 1_0_8-20011125 1_0_8-20011125 Feature: new parameter smtpd_sender_login_maps that specifies 1_0_8-20011125 the (SASL) login name that owns a MAIL FROM address. 1_0_8-20011125 Specify a regexp table in order to require a simple one-to-one 1_0_8-20011125 mapping. This is used in the reject_sender_login_mismatch 1_0_8-20011125 sender anti-spoofing feature. 1_0_8-20011125 1_0_8-20011125 Feature: restriction reject_sender_login_mismatch refuses 1_0_8-20011125 a MAIL FROM address when $smtpd_sender_login_maps specifies 1_0_8-20011125 an owner but the client is not (SASL) logged in as the MAIL 1_0_8-20011125 FROM address owner, or when a client is (SASL) logged in 1_0_8-20011125 but the client login name does not own the MAIL FROM address 1_0_8-20011125 according to $smtpd_sender_login_maps. File: smtpd/smpd_check.c. 1_0_8-20011125 1_0_8-20011125 Documentation: added some redundancy to the LMTP_README 1_0_8-20011125 file so people can keep track of the difference between 1_0_8-20011125 the Postfix LMTP client and the non-Postfix LMTP server. 1_0_8-20011125 1_0_8-20011127 20011126 1_0_8-20011127 1_0_8-20011127 Feature: smtpd_noop_commands specifies a list of commands 1_0_8-20011127 that are treated as NOOP (no operation) commands, without 1_0_8-20011127 syntax check or state change. File: smtpd/smtpd.c. 1_0_8-20011127 1_0_8-20011127 Bugfix: the "mark queue file as corrupt" code did not work 1_0_8-20011127 because it was never used. Files: global/mark_corrupt.c, 1_0_8-20011127 global/mail_copy.c, global/pipe_command.c, *qmgr/qmgr_active.c, 1_0_8-20011127 local/maildir.c, local/mailbox.c, local/command.c, pipe/pipe.c, 1_0_8-20011127 virtual/mailbox.c, virtual/maildir.c. 1_0_8-20011127 1_0_8-20011127 Bugfix: the bounce daemon broke in the unlikely case of a 1_0_8-20011127 non-existing queue file. File: bounce/bounce_notify_util.c. 1_0_8-20011127 1_0_8-20011127 20011127 1_0_8-20011127 1_0_8-20011127 Feature: added WARN command to header/body_checks files as 1_0_8-20011127 proposed by Michael Tokarev. File: cleanup/cleanup_message.c. 1_0_8-20011127 1_0_8-20011127 Bugfix: the postdrop program was broken after the change 1_0_8-20011127 of Postfix internal protocols. This broke "sendmail -bs" 1_0_8-20011127 mail submissions with "secure" maildrop directory. Reported 1_0_8-20011127 by Craig Loomis, apo.nmsu.edu. File: postdrop/postdrop.c. 1_0_8-20011127 1_0_8-20011127 Feature: a first start at fault injection for testing 1_0_8-20011127 unlikely error scenarios (such as corrupt queue files). 1_0_8-20011127 Parameter: fault_injection_code, must be left at zero for 1_0_8-20011127 production use. 1_0_8-20011127 1_0_8-20011210 20011128 1_0_8-20011210 1_0_8-20011210 Robustness: add a file size limit to the sendmail and 1_0_8-20011210 postdrop submission programs to stop run-away process 1_0_8-20011210 accidents. This is not a defense against DOS attack. 1_0_8-20011210 Files: sendmail/sendmail.c, postdrop/postdrop.c. 1_0_8-20011210 1_0_8-20011210 That resulted in a considerable amount of work to properly 1_0_8-20011210 propagate "file too large" conditions back to the sendmail 1_0_8-20011210 mail posting user interface. Took the opportunity to express 1_0_8-20011210 other mail submission fatal exits with the 1_0_8-20011210 exit status codes. Files: sendmail/sendmail.c, 1_0_8-20011210 postdrop/postdrop.c. 1_0_8-20011210 1_0_8-20011210 20011129 1_0_8-20011210 1_0_8-20011210 Maintenance: dict_ldap.c wasn't updated after the revision 1_0_8-20011210 of the string matching routines. File: util/dict_ldap.c. 1_0_8-20011210 1_0_8-20011210 20011208 1_0_8-20011210 1_0_8-20011210 Maintenance: LDAP module and documentation from LaMont 1_0_8-20011210 Jones. This version adds verbose logging for LDAP library 1_0_8-20011210 routines. Files: src/util/dict_ldap.[hc], LDAP_README, 1_0_8-20011210 conf/sample-ldap.cf 1_0_8-20011210 1_0_8-20011210 Portability: made memory alignment restrictions configurable. 1_0_8-20011210 File: util/mymalloc.c. 1_0_8-20011210 1_0_8-20011210 Bugfix? Avoid surprises with source routed destinations 1_0_8-20011210 and OK entries in SMTPD access maps. File: smtpd/smtpd_access.c. 1_0_8-20011210 1_0_8-20011210 Security: "postfix check" looks for damage by well-intended 1_0_8-20011210 but misguided use of "chown -R postfix /var/spool/postfix". 1_0_8-20011210 That would make chrooted Postfix less secure than non-chrooted 1_0_8-20011210 Postfix. These extra tests may cause complaints with 1_0_8-20011210 third-party patches such as TLS that introduce their own 1_0_8-20011210 files into the jail. 1_0_8-20011210 1_0_8-20011210 Feature: static map type that always returns the map name 1_0_8-20011210 as lookup value, regardless of lookup key value. Contributed 1_0_8-20011210 Jeff Miller (jeffm at ghostgun.com) 1_0_8-20011210 1_0_8-20011210 Feature: turn off the PIX . workaround for 1_0_8-20011210 the first mail delivery attempt, i.e. when mail is queued 1_0_8-20011210 for less than $smtp_pix_workaround_threshold_time (default: 1_0_8-20011210 500) seconds. New parameter $smtp_pix_workaround_delay_time 1_0_8-20011210 to control the delay before sending . (default: 10 1_0_8-20011210 seconds) when doing the PIX . workaround. 1_0_8-20011210 1_0_8-20011217 20011210 1_0_8-20011217 1_0_8-20011217 Bugfix: the 20011128 change in sendmail and postdrop did 1_0_8-20011217 not handle the case of message_size_limit=0. Fix by Will 1_0_8-20011217 Day, Georgia Tech. 1_0_8-20011217 1_0_8-20011217 20011212 1_0_8-20011217 1_0_8-20011217 Compatibility: The SMTP server now accepts as 1_0_8-20011217 if the client sent . Reportedly, some badly written 1_0_8-20011217 windows software produces such garbage, and some badly 1_0_8-20011217 written windows anti-VIRUS software cannot handle such 1_0_8-20011217 garbage. File: global/smtp_stream.c. 1_0_8-20011217 1_0_8-20011217 20011214 1_0_8-20011217 1_0_8-20011217 Bugfix: postmap/postalias queries ignored the -f flag. 1_0_8-20011217 Reported by Hamish Marson. 1_0_8-20011217 1_0_8-20011217 20011217 1_0_8-20011217 1_0_8-20011217 Compatibility: Sendmail now has a -L option to set the 1_0_8-20011217 syslogging label. Postfix sendmail uses syslog_name instead, 1_0_8-20011217 and ignores the -L option. 1_0_8-20011217 1_0_8-20011217 Security: subtle hardening of the Postfix chroot jail, 1_0_8-20011217 Postfix queue file permissions and access methods, in case 1_0_8-20011226 someone compromises the postfix account. Michael Tokarev, 1_0_8-20011226 who received the insights from Solar Designer, who tested 1_0_8-20011226 Postfix with a kernel module that is paranoid about open() 1_0_8-20011226 calls. Files: master/master_wakeup.c, util/fifo_trigger.c, 1_0_8-20011226 postfix-script. 1_0_8-20011226 1_0_8-20011226 Convenience: issue a warning instead of aborting when the 1_0_8-20011226 local machine name is not in fully-qualified domain form. 1_0_8-20011226 This would otherwise break initial postfix installation 1_0_8-20011226 which needs the postconf command. File: global/mail_params.c. 1_0_8-20011226 1_0_8-20011226 20011220 1_0_8-20011226 1_0_8-20011226 Added more garbage detection to postconf -e input processing. 1_0_8-20011226 1_0_8-20011226 20011221 1_0_8-20011226 1_0_8-20011226 Feature: SMTPD access map lookups of null sender addresses. 1_0_8-20011226 If your access maps cannot store or look up null string 1_0_8-20011226 key values, specify "smtpd_null_access_lookup_key = <>" 1_0_8-20011226 and the null sender address will be looked up as <> instead. 1_0_8-20011226 File: src/smtpd_access.c. 1_0_8-20011226 1_0_8-20011226 20011223 1_0_8-20011226 1_0_8-20011226 Safety: configuration file comments no longer span multiple 1_0_8-20011226 lines when the next line begins with whitespace; multi-line 1_0_8-20011226 input is no longer terminated by a comment line, by an all 1_0_8-20011226 white space line, or by an empty line. Michael Tokarev made 1_0_8-20011226 the crucial suggestion to simplify the readline routine. 1_0_8-20011226 Files: util/readlline.c, postconf/postconf.c. 1_0_8-20011226 1_0_8-20011226 Cleanup: proper detection of big number overflow in EHLO 1_0_8-20011226 and MAIL FROM size announcements, with input from Victor 1_0_8-20011226 Duchovni, Morgan Stanley. Files: global/off_cvt.c, 1_0_8-20011226 smtpd/smtpd.c, smtp/smtp_proto.c, util/alldig.c. 1_0_8-20011226 1_0_8-20011226 Forward compatibility: added queue file record types for 1_0_8-20011226 original recipient and for generic named attributes. 1_0_8-20011226 1_0_8-20011226 Cleanup: safe_open() now returns sensible errno values so 1_0_8-20011226 that the fifo_trigger() external interface is restored. 1_0_8-20011226 1_0_8-20011226 20011225 1_0_8-20011226 1_0_8-20011226 Upgrade: PCRE_README now describes PCRE version 3.x. 1_0_8-20011226 1_0_8-20011226 Cleanup: flush SMTPD command history upon receipt of EHLO, 1_0_8-20011226 RSET, and upon DATA completion, only if it exceeds 1_0_8-20011226 $smtpd_history_flush_threshold lines (default: 100). 1_0_8-20011226 Distant derivative of code by Michael Tokarev. File: 1_0_8-20011226 smtpd/smtpd.c. 1_0_8-20020106 1_0_8-20020106 20011228 1_0_8-20020106 1_0_8-20020106 Bugfix: a readlline() error message showed less text than 1_0_8-20020106 intended. Christian von Roques. 1_0_8-20020106 1_0_8-20020106 Cleanup: postfix now installs with group-writable maildrop 1_0_8-20020106 directory and with a set-gid postdrop mail submission 1_0_8-20020106 command. The pickup service is now unprivileged. The 1_0_8-20020106 world-writable maildrop directory no longer exists. 1_0_8-20020106 1_0_8-20020106 The cleanup service is now public, in preparation for local 1_0_8-20020106 sendmail/postdrop mail submission that avoids the maildrop 1_0_8-20020106 queue directory while Postfix is up. 1_0_8-20020106 1_0_8-20020106 Cleanup: moved the main.cf/master.cf file editing from the 1_0_8-20020106 postfix-script file to the INSTALL.sh file. 1_0_8-20020106 1_0_8-20020106 Cleanup: INSTALL.sh no longer accepts "no" as the destination 1_0_8-20020106 of Postfix manual pages. 1_0_8-20020106 1_0_8-20020106 20011230 1_0_8-20020106 1_0_8-20020106 Cleanup: the code for "mailq", "sendmail -q", and for 1_0_8-20020106 "sendmail -qRsite" was moved from the sendmail command to 1_0_8-20020106 a new set-gid postqueue command. The pickup and qmgr FIFOs 1_0_8-20020106 are no longer world writable. Files: sendmail/sendmail.c, 1_0_8-20020106 postqueue/postqueue.c. 1_0_8-20020106 1_0_8-20020106 20020101 1_0_8-20020106 1_0_8-20020106 Security: new alternate_config_directories parameter that 1_0_8-20020106 specifies what directories a set-gid command will accept 1_0_8-20020106 as its configuration directory. The list must be specified 1_0_8-20020106 in the default main.cf file. File: global/mail_conf.c. 1_0_8-20020106 1_0_8-20020106 Cleanup: "sendmail -qRsite" is no longer implemented by 1_0_8-20020106 connecting to the SMTP port. It is now implemented by 1_0_8-20020106 talking to the fast flush service. File: postqueue/postqueue.c. 1_0_8-20020106 1_0_8-20020106 20020203 1_0_8-20020106 1_0_8-20020106 Cleanup: INSTALL.sh now records all installation information 1_0_8-20020106 in the main.cf file. The now obsolete install.cf file is 1_0_8-20020106 used only when upgrading from an older Postfix release. 1_0_8-20020106 1_0_8-20020106 Cleanup: INSTALL.sh now takes name=value settings on the 1_0_8-20020106 command line, and has a new "-upgrade" command line option 1_0_8-20020106 to turn on non-interactive installation. 1_0_8-20020106 1_0_8-20020106 Security: additional run-time checks to discourage sharing 1_0_8-20020106 of Postfix user/group ID values with other accounts. 1_0_8-20020106 1_0_8-20020106 20020105 1_0_8-20020106 1_0_8-20020106 Cleanup: SMTPD access maps now return DUNNO (undetermined) 1_0_8-20020106 instead of OK when a recipient address contains multiple 1_0_8-20020106 domains (user@dom1@dom2, etcetera). Victor Duchovni, Morgan 1_0_8-20020106 Stanley. File: smtpd/smtpd_check.c. 1_0_8-20020106 1_0_8-20020106 20020106 1_0_8-20020106 1_0_8-20020106 Bugfix: SMTPD access maps did not handle address extensions. 1_0_8-20020106 File: smtpd/smtpd_check.c. 1_0_8-20020107 1_0_8-20020107 20020107 1_0_8-20020107 1_0_8-20020107 Bugfix: postfix-script, when creating a missing maildrop 1_0_8-20020107 queue directory, still referenced install.cf when setting 1_0_8-20020107 maildrop directory group ownership; and the postfix command 1_0_8-20020107 did not export the setgid_group parameter to the postfix-script 1_0_8-20020107 shell script. Victor Duchovni. 1_0_8-20020107 1_0_8-20020107 Bugfix: postfix-script, when creating a missing public 1_0_8-20020107 queue directory, did not set group ownership of the public 1_0_8-20020107 directory. 1_0_8-20020110 1_0_8-20020110 20020109 1_0_8-20020110 1_0_8-20020110 Cleanup: rewrote the Postfix installation procedure again. 1_0_8-20020110 It is now separated into 1) a primary installation script 1_0_8-20020110 (postfix-install) that installs files locally or that builds 1_0_8-20020110 a package for distribution and that stores file owner and 1_0_8-20020110 permission information in /etc/postfix/post-files, and 2) 1_0_8-20020110 a post-installation script (/etc/postfix/post-install) that 1_0_8-20020110 creates missing directories, that sets file/directory 1_0_8-20020110 ownership and permissions, and that upgrades existing 1_0_8-20020110 configuration files if necessary. 1_0_8-20020110 1_0_8-20020110 20020110 1_0_8-20020110 1_0_8-20020110 Workaround: AIX null read() return on an empty but open 1_0_8-20020110 non-blocking pipe. File: master/master_flow.c. Report: 1_0_8-20020110 Hamish Marson. 1_0_8-20020110 1_0_8-20020112 20020111 1_0_8-20020112 1_0_8-20020112 Feedback: feedback, bugfixes, and brain-dead shell workarounds 1_0_8-20020112 for the install scripts by Victor Duchovni and Simon Mudd. 1_0_8-20020112 1_0_8-20020113 20020113 1_0_8-20020113 1_0_8-20020113 Rewrote postfix-install. The postfix-files file now controls 1_0_8-20020113 what is installed. Refined the semantics of many post-install 1_0_8-20020115 operations. post-install now auto-saves settings that 1_0_8-20020115 override main.cf. 1_0_8-20020115 1_0_8-20020115 20020114 1_0_8-20020115 1_0_8-20020115 Bugfix: alternate_config_directories did not take comma 1_0_8-20020115 or whitespace as separators. File: global/mail_conf.c. 1_0_8-20020115 Victor Duchovni, Morgan Stanley. 1_0_8-20020115 1_0_8-20020115 Bugfix: the rewritten postfix-install script did not chattr 1_0_8-20020115 +S the Postfix queue. 1_0_8-20020115 1_0_8-20020115 20020115 1_0_8-20020115 1_0_8-20020115 Cleanup: added sample_directory and readme_directory 1_0_8-20020115 installation parameters for sample configuration files and 1_0_8-20020115 for README files. Files: postconf.c, postfix-install, 1_0_8-20020115 conf/postfix-files, conf/post-install. 1_0_8-20020115 1_0_8-20020115 Robustness: the postfix command now exports all installation 1_0_8-20020115 parameter settings, and input filters the environment, so 1_0_8-20020115 that the startup shell scripts produce a consistent result. 1_0_8-20020115 Files: postconf.c. 1_1_0 1_1_0 20020117 1_1_0 1_1_0 Portability: patch from LaMont Jones for compiling dict_ldap.c 1_1_0 with the Netscape SDK. 1_1_1 1_1_1 Feature: added "r" (recursive chown/chgrp) flag to the 1_1_1 postfix-files database, for more convenient change of 1_1_1 Postfix queue ownership. Files: conf/postfix-files, 1_1_1 conf/post-install. 1_1_1 1_1_1 20020122 1_1_1 1_1_1 Documentation: lots of little fixes. 1_1_1 1_1_1 Documentation: updates for the VIRTUAL_README file by Victor 1_1_1 Duchovni, Morgan Stanley. 1_1_1 1_1_1 Bugfix: postqueue -s dereferenced a null pointer when given 1_1_1 a numerical domain argument. LaMont Jones, HP. 1_1_1 1_1_1 Cleanup: smtpd now logs a warning when permit_sasl_authenticated 1_1_1 is used while SASL authentication is disabled, instead of 1_1_1 simply ignoring the restriction. LaMont Jones, HP. File: 1_1_1 smtpd/smtpd.c. 1_1_1 1_1_1 Safety: when postmap creates a non-existent file, the new 1_1_1 file inherits group/other read permissions from the source 1_1_2 file. Based on code by LaMont Jones, HP. File: 1_1_2 postmap/postmap.c. 1_1_2 1_1_2 20020123 1_1_2 1_1_2 Portability: some Linux systems install libnsl.so without 1_1_2 libnsl.a file, causing an yp_match undefined reference 1_1_2 problem. File: makedefs. 1_1_2 1_1_2 20020124 1_1_2 1_1_2 Portability: post-install now requests that command_directory 1_1_2 is given on the command line when the postconf command is 1_1_2 in an unusual place. 1_1_2 1_1_2 Safety: extra code to detect and report Berkeley DB version 1_1_2 mismatches between compile time and run time. This test 1_1_2 is limited to mismatches in the major version number only. 1_1_2 File: util/dict_db.c. Based on code by Lawrence Greenfield, 1_1_2 Carnegie-Mellon university. 1_1_2 1_1_2 Safety: the postfix command and the master daemon abort if 1_1_2 they are running set-uid. 1_1_2 1_1_2 Documentation: the postmap manual page described an out of 1_1_2 date input file format. 1_1_3 1_1_3 20020129 1_1_3 1_1_3 Workaround: SCO version 3.2 can't ioctl(FIONREAD) a pipe. 1_1_3 Therefore, input mail flow control is disabled by default. 1_1_3 Files: makedefs, global/mail_params.h, conf/main.cf. 1_1_3 Problem reported by Kurt Andersen, Agilent. 1_1_3 1_1_3 20020201 1_1_3 1_1_3 Workaround: changed the default smtpd_null_access_lookup_key 1_1_3 setting to <>, because some Bezerkeloid DB implementations 1_1_3 can't handle null-length lookup keys. File: global/mail_params.h. 1_1_3 1_1_3 Bugfix: backed out a null-length address panic call by 1_1_3 ignoring the problem, like Postfix did in the past. File: 1_1_3 global/resolve_local.c. 1_1_3 1_1_3 Safety: "postfix check" will now warn if /usr/lib/sendmail 1_1_3 and /usr/sbin/sendmail differ, and will propose to replace 1_1_3 one by a symlink to the other. File: conf/postfix-script. 1_1_4 1_1_4 20020204 1_1_4 1_1_4 Sanity: additional permission checks for "postfix check" 1_1_4 that warn for setgid_group group ownership mismatches. by 1_1_4 Matthias Andree, uni-dortmund.de. File: conf/postfix-script. 1_1_4 1_1_4 Bugfix: "postfix check" used a too simplistic way to 1_1_4 recognize file ownership (grepping ls output). It now uses 1_1_4 the recently discovered "find -prune". Peter Bieringer, 1_1_4 Matthias Andree. File: conf/postfix-script. 1_1_4 1_1_4 20020218 1_1_4 1_1_4 Workaround: log a warning and disconnect when an SMTP client 1_1_4 ignores our negative replies and starts sending message 1_1_4 content without permission. File: smtpd/smtpd.c. 1_1_4 1_1_4 20020220 1_1_4 1_1_4 Bugfix: mismatch in the file being locked by dict_dbm and 1_1_4 the file being locked by postmap, so that locks did not 1_1_4 work correctly. Victor Duchovni, Morgan Stanley. 1_1_4 1_1_4 20020222 1_1_4 1_1_4 Workaround: Solaris bug 4380626: strcasecmp() and strncasecmp() 1_1_4 produce incorrect results with 8-bit characters. For example, 1_1_4 non-ASCII characters could compare equal to ASCII characters, 1_1_4 and that could result in any number of security problems. 1_1_4 Files: util/strcasecmp.c, COPYRIGHT (the BSD license). 1_1_4 1_1_4 Bugfix: off-by-one error, causing a null byte to be written 1_1_4 outside dynamically allocated memory in the queue manager 1_1_4 with addresses of exactly 100 bytes long, resulting in 1_1_4 SIGSEGV on systems with an "exact fit" malloc routine. 1_1_4 Experienced by Ralf Hildebrandt; diagnosed by Victor 1_1_4 Duchovny. Files: *qmgr/qmgr_message.c. This is not a 1_1_4 security problem. 1_1_4 1_1_4 Bugfix: make all recipient comparisons transitive, because 1_1_4 Solaris qsort() causes SIGSEGV errors otherwise. Victor 1_1_4 Duchovny, Morgan Stanley. File: *qmgr/qmgr_message.c. 1_1_4 1_1_5 20020302 1_1_5 1_1_5 Bugfix: don't strip source route (@domain...:) when the 1_1_5 result would be an empty address. This avoids problems when 1_1_5 append_at_myorigin is set to "no" (which is not supported). 1_1_5 Problem reported by Charles McColgan, Big Fish Communications. 1_1_5 File: trivial-rewrite/rewrite.c. 1_1_5 1_1_5 20020304 1_1_5 1_1_5 Cleanup: postqueue should not not complain when output 1_1_5 fails with "broken pipe". 1_1_5 1_1_5 20020308 1_1_5 1_1_5 Bugfix? reply with 550 not 552 when content is rejected. 1_1_5 552 is reserved for "too much mail". 1_1_5 1_1_5 Documentation: add note to sendmail manual page that running 1_1_5 "sendmail -bs" as $mail_owner enables SMTP server UCE and 1_1_5 access control checks. This is meant for use from inetd etc. 1_1_5 Matthias Andree. 1_1_5 1_1_5 20020311 1_1_5 1_1_5 Bugfix: DBM maps should use different files for locking 1_1_5 and for change detection. Problem reported by Victor 1_1_5 Duchovny, Morgan Stanley. Files: util/dict.h util/dict.c 1_1_5 util/dict_db.c util/dict_dbm.c global/mkmap.c local/alias.c. 1_1_5 1_1_6 20020313 1_1_6 1_1_6 Bugfix: mailq could show addresses with unusual characters 1_1_6 twice. Problem reported by Victor Duchovny, Morgan Stanley. 1_1_6 File: showq/showq.c. 1_1_6 1_1_6 Bugfix: null recipients weren't properly recorded in 1_1_6 bounce/defer logfiles. Such recipient addresses are not 1_1_6 accepted in SMTP mail, but they could appear within locally 1_1_6 submitted mail. File: bounce/bounce_append_service.c. 1_1_6 1_1_6 20020318 1_1_6 1_1_6 Workaround: Berkeley DB can't handle null key lookups, 1_1_6 which happen with HELO names ending in ".". Victor Duchovni, 1_1_6 Morgan Stanley. File: smtpd/smtpd_check.c. 1_1_6 1_1_6 Logging: log a hint when mail is deferred because the 1_1_6 soft_bounce parameter is set. People sometimes forget to 1_1_6 turn it off. File: global/bounce.c. 1_1_6 1_1_6 20020319 1_1_6 1_1_6 Cleanup: add a msg_warn() call when fork() fails in 1_1_6 pipe_command(), to make problems easier to investigate. 1_1_6 Chris Wedgwood. File: global/pipe_command.c. 1_1_6 1_1_6 20020324 1_1_6 1_1_6 Cleanup: more graceful handling of long physical message 1_1_6 header lines upon input. Physical header lines can now 1_1_6 extend up to $header_size_limit characters. When a logical 1_1_6 message header is too long, the excess text is discarded 1_1_6 and Postfix no longer switches to body mode, to avoid 1_1_6 breaking MIME encapsulation. Based on code by Victor 1_1_6 Duchovni, Morgan Stanley. Files: cleanup/cleanup_out.c, 1_1_6 cleanup/cleanup_message.c. 1_1_6 1_1_6 Cleanup: more graceful handling of long physical message 1_1_6 header or body lines upon output by the SMTP client. The 1_1_6 SMTP client output line length is controlled by a new 1_1_6 parameter smtp_line_length_limit (default: 990; specify 0 1_1_6 to disable the limit). Long lines are folded by inserting 1_1_6 , to avoid breaking MIME encapsulation. 1_1_6 Based on code by Victor Duchovni, Morgan Stanley. File: 1_1_6 smtp/smtp_proto.c. 1_1_6 1_1_6 20020325 1_1_6 1_1_6 Cleanup: allow additional text after a WARN command in a 1_1_6 header/body_checks pattern file, so that one can change 1_1_6 REJECT+text into WARN+text and vice versa. Based on code 1_1_6 by Fredrik Thulin, Stockholm University. 1_1_6 1_1_6 Cleanup: log a warning when an unknown command is found in 1_1_6 a header/body_checks pattern file, or when additional text 1_1_6 is found after a command that does not expect additional 1_1_6 text. Based on code by Fredrik Thulin, Stockholm University. 1_1_6 1_1_6 Bugfix: sendmail should not recognize "." as the end of 1_1_6 input when the current read operation started in the middle 1_1_6 of a line. Victor Duchovni, Morgan Stanley. File: 1_1_6 sendmail/sendmail.c. 1_1_6 1_1_7 20020328 1_1_7 1_1_7 Portability fix for OPENSTEP and NEXTSTEP by Gerben Wierda. 1_1_7 File: util/sys_defs.h. 1_1_7 1_1_7 20020329 1_1_7 1_1_7 Bugfix: defer_transports broke because the flush server 1_1_7 triggered mail delivery (as if ETRN was sent) while doing 1_1_7 some internal housekeeping of per-destination logfiles. 1_1_7 Problem experienced by LaMont Jones, HP. File: flush/flush.c. 1_1_7 1_1_7 Bugfix: virtual mapping broke for addresses with embedded 1_1_7 whitespace. Fix by Victor Duchovni, Morgan Stanley. File: 1_1_7 cleanup/cleanup_map1n.c. 1_1_7 1_1_7 20020330 1_1_7 1_1_7 Bugfix: postqueue did not pass on non-default configuration 1_1_7 directory settings when running showq while the mail system 1_1_7 is down. The super-user is now exempted from environment 1_1_7 stripping in postqueue/postqueue.c. Problem reported by 1_1_7 Victor Duchovni, Morgan Stanley. 1_1_7 1_1_8 20020414 1_1_8 1_1_8 Portability: Postfix will no longer attempt to build with 1_1_8 gdbm support, because gdbm is broken. File: makedefs. 1_1_8 1_1_8 20020417 1_1_8 1_1_8 Bugfix: the post-install script failed to upgrade master.cf 1_1_8 settings from private to public if the service was explicitly 1_1_8 configured as private. 1_1_8 1_1_8 20020426 1_1_8 1_1_8 Bugfix: the SMTP client forgot to quote whitespace etc. 1_1_8 in a sender/recipient address when DNS lookup was turned 1_1_8 off (disable_dns_lookups = yes). Problem experienced by 1_1_8 Chip Paswater. Files: smtp/smtp_proto.c. 1_1_8 1_1_8 20020503 1_1_8 1_1_8 Cleanup: postqueue silently ignored command-line arguments 1_1_8 following -p or -f options, instead of complaining; postqueue 1_1_8 produced an incorrect error message (mail system down) when 1_1_8 the command was installed with incorrect privileges. File: 1_1_8 postqueue/postqueue.c. 1_1_8 1_1_8 Bugfix: while reporting a domain name or IP address syntax 1_1_8 error, postqueue could dereference a dangling pointer with 1_1_8 some getopt() implementations. LaMont Jones, HP. File: 1_1_8 postqueue/postqueue.c. 1_1_8 1_1_8 20020504 1_1_8 1_1_8 Portability: run-time test to avoid GDBM trouble. File: 1_1_8 util/dict_dbm.c. 1_1_8 1_1_9 20020508 1_1_9 1_1_9 Bugfix: close user@domain@postfix-style.virtual.domain 1_1_9 source routing relaying loophole involving postfix-style 1_1_9 virtual domains with @virtual.domain catch-all patterns. 1_1_9 Problem reported by Victor Duchovny. File: smtpd/smtpd_check.c. 1_1_9 1_1_9 Bugfix: mail_addr_map() used the "wrong" @ character in 1_1_9 addresses with multiple @. Victor Duchovny. File: 1_1_9 global/mail_addr_map.c. 1_1_9 1_1_9 Bugfix: for address localpart quoting, now quote @ as a 1_1_9 special character everywhere, except when resolving addresses. 1_1_9 Previously, the @ was nowhere quoted as a special character, 1_1_9 not even in SMTP commands. Files: global/quote_82[12]_local.c 1_1_9 and some clients. 1_1_9 1_1_9 20020509 1_1_9 1_1_9 Safety: don't allow an OK access rule lookup result for 1_1_9 user@domain@postfix-style.virtual.domain. Suggested by 1_1_9 Victor Duchovny, Morgan Stanley. File: smtpd/smtpd_check.c. 1_1_9 1_1_9 Bugfix: quote unquoted address localparts that need quoting. 1_1_9 Files: global/tok822_parse.c, global/quote_82[12]_local.c. 1_1_9 1_1_9 20020512 1_1_9 1_1_9 Cleanup: the SMTP client logged and bounced the CNAME 1_1_9 expanded recipient address, and thereby complicated trouble 1_1_9 shooting. File: src/smtp_proto.c. 1_1_9 1_1_9 Bugfix: the SMTP and LMTP clients bounced the quoted 1_1_9 recipient address, resulting in too much quoting in bounce 1_1_9 reports. Files: src/smtp_proto.c, lmtp/lmtp_proto.c. 1_1_9 1_1_9 20020513 1_1_9 1_1_9 Bugfix: the LDAP client used the "wrong" @ character in 1_1_9 addresses with multiple @. LaMont Jones, HP. File: 1_1_9 util/dict_ldap.c. 1_1_9 1_1_9 Compatibility: forwards "postqueue -r" compatibility with 1_1_9 the additional queue file records that are stored by snapshot 1_1_9 20050512. 1_1_9 1_1_9 Cleanup: specify "resolve_dequoted_address = no" to prevent 1_1_9 Postfix from looking inside quotes for extra @ etc. characters 1_1_9 when resolving an address. This behavior is technically 1_1_9 more correct, but it opens a mail relay loophole with "user 1_1_9 @domain"@domain when relaying mail to a Sendmail system. 1_1_9 1_1_10 20020514 1_1_10 1_1_10 Bugfix: the new code for header address quoting sometimes 1_1_10 did not null terminate strings so that arbitrary garbage 1_1_10 could appear at the end of message headers. Reported by 1_1_10 Ralf Hildebrandt. File: global/tok822_parse.c. 1_1_10 1_1_10 Safety: user@domain@domain is no longer accepted by the 1_1_10 permit_mx_backup uce restriction (unless Postfix is configured 1_1_10 with "resolve_dequoted_address = no"). Victor Duchovny, 1_1_10 Morgan Stanley. File: smtpd/smtpd_check.c. 1_1_10 1_1_11 20020517 1_1_11 1_1_11 Cleanup: Mailbox-Line: message header labels should be 1_1_11 X-Mailbox-Line: labels. Files: smtpd/smtpd.c, qmqpd/qmqpd.c. 1_1_11 1_1_11 20020526 1_1_11 1_1_11 Bugfix: the SMTP server now disallows RCPT TO:<"">, just 1_1_11 like it disallows RCPT TO:<>. File: smtpd/smtpd.c. 1_1_11 1_1_11 Documentation: replace domain.name by domain.tld in the 1_1_11 example config files. The domain exists. They were getting 1_1_11 mail from poorly configured Postfix boxes. 1_1_11 1_1_11 Bugfix: The Postfix sendmail command did not export the 1_1_11 MAIL_CONFIG environment setting to the postdrop command. 1_1_11 File: global/mail_config.h. 1_1_11 1_1_12 20021121 1_1_12 1_1_12 Bugfix: garbage in "user@garbage"@domain address forms may 1_1_12 cause the SMTP or LMTP client to terminate with a fatal 1_1_12 error exit because garbage/tcp is not an existing service. 1_1_12 This cannot be abused to cause the SMTP or LMTP client to 1_1_12 send data into unauthorized ports. Files: *qmgr/qmgr_message.c, 1_1_12 trivial-rewrite/resolve.c. 1_1_12 1_1_13 20030728 1_1_13 1_1_13 Bugfix: an invalid address resolved to an invalid result, 1_1_13 and caused the address resolver client to keep trying 1_1_13 forever, resulting in a local or remote DOS condition of 1_1_13 smtpd, qmgr, and other programs. Reported by Michal 1_1_13 Zalewski. File: trivial-rewrite/resolve.c. 1_1_13