From b5896ba9f6047e7031e2bdee0622d543e11a6734 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 6 May 2024 03:46:30 +0200 Subject: Adding upstream version 3.4.23. Signed-off-by: Daniel Baumann --- RELEASE_NOTES-2.0 | 853 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 853 insertions(+) create mode 100644 RELEASE_NOTES-2.0 (limited to 'RELEASE_NOTES-2.0') diff --git a/RELEASE_NOTES-2.0 b/RELEASE_NOTES-2.0 new file mode 100644 index 0000000..586f2d7 --- /dev/null +++ b/RELEASE_NOTES-2.0 @@ -0,0 +1,853 @@ +============================================================== +NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE +============================================================== +Before upgrading from Postfix 1.1 you must stop Postfix ("postfix +stop"). Some internal protocols have changed. No mail will be +lost if you fail to stop and restart Postfix, but Postfix won't be +able to receive any new mail, either. +============================================================== +NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE +============================================================== + +In the text below, changes are labeled with the Postfix snapshot +that introduced the change, and whether the change introduced a +feature, an incompatibility, or whether the feature is obsolete. +If you upgrade from a later Postfix version, then you do not have +to worry about incompatibilities introduced in earlier versions. + +Official Postfix releases are called a.b.c where a=major release +number, b=minor release number, c=patchlevel. Snapshot releases +are now called a.b.c-yyyymmdd where yyyymmdd is the release date +(yyyy=year, mm=month, dd=day). The mail_release_date configuration +parameter contains the release date (both for official release and +snapshot release). Patches change the patchlevel and the release +date. Snapshots change only the release date, unless they include +the same bugfixes as a patch release. + +Major changes with Postfix version 2.0.0 (released 20021222, 20021223) +====================================================================== + +First comes the bad news - things that may break when you upgrade +from Postfix 1.1. Then comes the good news - things that evolved +in snapshots over the past year. + +For the release notes of Postfix 1.1 and earlier, see the +RELEASE_NOTES-1.1 file. + +Unknown Recipients are now rejected by default +============================================== + +[Incompatibility 20021209] The Postfix SMTP server now rejects mail +for $mydestination domain recipients that it does not know about. +This keeps undeliverable mail out of your queue. + +[Incompatibility 20021209] To avoid losing mail when upgrading from +Postfix 1.1, you need to review the LOCAL_RECIPIENT_README file if +one of the following is true: + +- You define $mydestination domain recipients in files other than + /etc/passwd or /etc/aliases. For example, you define $mydestination + domain recipients in the $virtual_mailbox_maps files. +- You run the Postfix SMTP server chrooted (see master.cf). +- You redefined the local delivery agent in master.cf. +- You redefined the "local_transport" setting in main.cf. +- You use the mailbox_transport feature of the Postfix local delivery agent. +- You use the fallback_transport feature of the Postfix local delivery agent. +- You use the luser_relay feature of the Postfix local delivery agent. + +Name change of virtual domain tables +==================================== + +This release introduces separation of lookup tables for addresses +and for domain names of virtual domains. + +[Incompat 20021209] the virtual_maps parameter is replaced by +virtual_alias_maps (for address lookups) and virtual_alias_domains +(for the names of what were formerly called "Postfix-style virtual +domains"). + + For backwards compatibility with Postfix version 1.1, the new + virtual_alias_maps parameter defaults to $virtual_maps, and the + new virtual_alias_domains parameter defaults to $virtual_alias_maps. + This means that you can still keep all information about a domain + in one file, just like before. + +For details, see the virtual(5) and sample-virtual.cf files. + +[Incompat 20021209] the virtual_mailbox_maps parameter now has a +companion parameter called virtual_mailbox_domains (for the names +of domains served by the virtual delivery agent). virtual_mailbox_maps +is now used for address lookups only. + + For backwards compatibility with Postfix version 1.1,, the new + virtual_mailbox_domains parameter defaults to $virtual_mailbox_maps. + This means that you can still keep all information about a domain + in one file, just like before. + +For details, see the VIRTUAL_README file. + +[Incompat 20021209] If you use the "advanced content filter" +technique, you MUST NOT override the virtual aliases and virtual +mailbox settings in the SMTP server that receives mail from the +content filter, or else mail for virtual recipients will be rejected +with "User unknown". + +For details, see the FILTER_README file. + +Incompatible queue file format changes +====================================== + +[Incompat 20020527] Queue files created with the header/body_checks +"FILTER" feature are not compatible with "postqueue -r" (move queue +files back to the maildrop directory) of previous Postfix releases. + +[Incompat 20020512] Postfix queue files contain records that are +incompatible with "postqueue -r" on all Postfix versions prior to +1.1 and release candidates. This happens whenever the sender +specifies MIME body type information via the SMTP `MAIL FROM' +command, via the `sendmail -B' command line option, or via the +Content-Transfer-Encoding: message header. + +[Incompat 20020512] Postfix queue files may contain records that +are incompatible with "postqueue -r" on previous 1.1 Postfix versions +and release candidates. This happens whenever the sender specifies +the MIME body type only via the Content-Transfer-Encoding: message +header, and not via `MAIL FROM' or `sendmail -B'. + +Features that are going away +============================ + +[Obsolete 20021209] Sendmail-style virtual domains are no longer +documented. This part of Postfix was too confusing. + +[Obsolete 20021209] The "reject_maps_rbl" restriction is going +away. The SMTP server now logs a warning and suggests using the +more flexible "reject_rbl_client" feature instead. + +[Obsolete 20021209] The "check_relay_domains" restriction is going +away. The SMTP server logs a warning and suggests using the more +robust "reject_unauth_destination" instead. This means that Postfix +by default no longer grants relay permissions on the basis of the +client hostname, and that relay clients must be authorized via +other means such as permit_mynetworks. + +[Obsolete 20020917] In regexp lookup tables, the form /pattern1/!/pattern2/ +is going away. Use the cleaner and more flexible "if !/pattern2/..endif" +form. The old form still exists but is no longer documented, and +causes a warning (suggesting to use the new format) to be logged. +For details, see "man regexp_table". + +[Obsolete 20020819] The qmgr_site_hog_factor feature is gone (this +would defer mail delivery for sites that occupy too much space in +the active queue, and be a real performance drain due to excessive +disk I/O). The new qmgr_clog_warn_time feature (see below) provides +more useful suggestions for dealing with Postfix congestion. + +[Obsolete 20020819] The "permit_naked_ip_address" restriction on +HELO command syntax is unsafe when used with most smtpd_XXX_restrictions +and will go away. Postfix logs a warning, suggesting to use +"permit_mynetworks" instead. + +MIME support +============ + +[Feature 20020527] Postfix now has real MIME support. This improves +content filtering efficiency and accuracy, and improves inter-operability +with mail systems that cannot receive 8-bit mail. See conf/sample-mime.cf +for details. + +[Feature 20020527] Postfix header_checks now properly recognize +MIME headers in attachments. This is much more efficient than +previous versions that recognized MIME headers via body_checks. +MIME headers are now processed one multi-line header at a time, +instead of one body line at a time. To get the old behavior, +specify "disable_mime_input_processing = yes". More details in +conf/sample-filter.cf. + +[Feature 20020527] Postfix now has three classes of header patterns: +header_checks (for primary message headers except MIME headers), +mime_header_checks (for MIME headers), and nested_header_checks +(for headers of attached email messages except MIME headers). By +default, all headers are matched with header_checks. + +[Feature 20020527] The Postfix SMTP client will now convert 8BITMIME +mail to 7BIT when delivering to an SMTP server that does not announce +8BITMIME support. To disable, specify "disable_mime_output_conversion += yes". However, this conversion is required by RFC standards. + +[Feature 20020528] Postfix can enforce specific aspects of the MIME +standards while receiving mail. + +* Specify "strict_7bit_headers = yes" to disallow 8-bit characters + in message headers. These are always illegal. + +* Specify "strict_8bitmime_body = yes" to block mail with 8-bit + content that is not properly labeled as 8-bit MIME. This blocks + mail from poorly written mail software, including (bounces from + qmail, bounces from Postfix before snapshot 20020514, and Majordomo + approval requests) that contain valid 8BITMIME mail. + +* Specify "strict_8bitmime = yes" to turn on both strict_7bit_headers + and strict_8bitmime_body. + +* Specify "strict_mime_encoding_domain = yes" to block mail from + poorly written mail software. More details in conf/sample-mime.cf. + +[Incompat 20020527] Postfix now rejects mail if the MIME multipart +structure is nested more than mime_nesting_limit levels (default: +100) when MIME input processing is enabled while receiving mail, or +when Postfix is performing 8BITMIME to 7BIT conversion while +delivering mail. + +[Incompat 20020527] Postfix now recognizes "name :" as a valid +message header, but normalizes it to "name:" for consistency +(actually, there is so much code in Postfix that would break with +"name :" that there is little choice, except to not recognize "name +:" headers). + +[Incompat 20020512] Postfix queue files contain records that are +incompatible with "postqueue -r" on all Postfix versions prior to +1.1 and release candidates. This happens whenever the sender +specifies MIME body type information via the SMTP `MAIL FROM' +command, via the `sendmail -B' command line option, or via the +Content-Transfer-Encoding: message header. + +[Incompat 20020512] Postfix queue files may contain records that +are incompatible with "postqueue -r" on previous 1.1 Postfix versions +and release candidates. This happens whenever the sender specifies +the MIME body type only via the Content-Transfer-Encoding: message +header, and not via `MAIL FROM' or `sendmail -B'. + +[Feature 20020512] The Postfix SMTP and LMTP clients now properly +pass on the MIME body type information (7BIT or 8BITMIME), provided +that the sender properly specifies MIME body type information via +the SMTP MAIL FROM command, via the sendmail -B command line option, +or via MIME message headers. This includes mail that is returned +as undeliverable. + +Improved performance +==================== + +[Incompat 20021209] The default queue directory hash_queue_depth +setting is reduced to 1 level of subdirectories per Postfix queue. +This improves "mailq" performance on most systems, but can result +in poorer worst-case performance on systems with lots of mail in +the queue. + +[Incompat 20021209] The Postfix SMTP client no longer expands CNAMEs +in MAIL FROM or RCPT TO addresses (as permitted by RFC 2821). This +eliminates one DNS lookup per sender and recipient, and can make +a dramatic difference when sending mailing list mail via a relayhost. + +[Incompat 20021209] The Postfix installation procedure no longer +sets the "chattr +S" bit on Linux queue directories. Wietse has +gotten too annoyed with naive reviewers who complain about performance +without having a clue of what they are comparing. + +[Feature 20021209] On mail gateway systems, separation of inbound +mail relay traffic from outbound traffic. This eliminates a problem +where inbound mail deliveries could become resource starved in the +presence of a high volume of outbound mail. + +[Feature 20021013] The body_checks_size_limit parameter limits the +amount of text per message body segment (or attachment, if you +prefer to use that term) that is subjected to body_checks inspection. +The default limit is 50 kbytes. This speeds up the processing of +mail with large attachments. + +[Feature 20020917] Speedups of regexp table lookups by optimizing +for the $number substitutions that are actually present in the +right-hand side. Based on a suggestion by Liviu Daia. + +[Feature 20020917] Speedups of regexp and pcre tables, using +IF..ENDIF support. Based on an idea by Bert Driehuis. To protect +a block of patterns, use: + + if /pattern1/ + /pattern2/ result2 + /pattern3/ result3 + endif + +IF..ENDIF can nest. Don't specify blanks at the beginning of lines +inside IF..ENDIF, because lines beginning with whitespace are +appended to the previous line. More details about the syntax are +given in the pcre_table(5) and regexp_table(5) manual pages. + +[Feature 20020717] The default timeout for establishing an SMTP +connection has been reduced to 30 seconds, because many system +TCP/IP stacks have an atrociously large default timeout value. + +[Feature 20020505] Finer control over Berkeley DB memory usage, +The parameter "berkeley_db_create_buffer_size" (default: 16 MBytes) +specifies the buffer size for the postmap and postalias commands. +The parameter "berkeley_db_read_buffer_size" (default: 128 kBytes) +specifies the buffer size for all other applications. Specify +"berkeley_db_read_buffer_size = 1048576" to get the old read buffer +size. Contributed by Victor Duchovni. For more information, see +the last paragraphs of the DB_README file. + +[Incompat 20021211] The default process limit is doubled from 50 +to 100. The default limits on the number of active queue files or +recipients are doubled from 10000 to 20000. The default concurrency +for parallel delivery to the same destination is doubled from 10 +to 20. + +Improved compatibility +====================== + +[Feature 20020527] The Postfix SMTP client will now convert 8BITMIME +mail to 7BIT when delivering to an SMTP server that does not announce +8BITMIME support. To disable, specify "disable_mime_output_conversion += yes". However, this conversion is required by RFC standards. + +[Feature 20020512] The Postfix SMTP and LMTP clients now properly +pass on the MIME body type information (7BIT or 8BITMIME), provided +that the sender properly specifies MIME body type information via +the SMTP MAIL FROM command, via the sendmail -B command line option, +or via MIME message headers. This includes mail that is returned +as undeliverable. + +[Incompat 20020326] The Postfix SMTP client now breaks message +header or body lines that are longer than $smtp_line_length_limit +characters (default: 990). Earlier Postfix versions broke lines +at $line_length_limit characters (default: 2048). Postfix versions +before 20010611 did not break long lines at all. Reportedly, some +mail servers refuse to receive mail with lines that exceed the 1000 +character limit that is specified by the SMTP standard. + +[Incompat 20020326] The Postfix SMTP client now breaks long message +header or body lines by inserting . Earlier +Postfix versions broke long lines by inserting only. This +broke MIME encapsulation, causing MIME attachments to "disappear" +with Postfix versions after 20010611. + +[Incompat 20020326] Postfix now discards text when a logical message +header exceeds $header_size_limit characters (default: 102400). +Earlier Postfix versions would place excess text, and all following +text, in the message body. The same thing was done when a physical +header line exceeded $line_length_limit characters (default: 2048). +Both behaviors broke MIME encapsulation, causing MIME attachments +to "disappear" with all previous Postfix versions. + +[Incompat 20021015] The Postfix LMTP client no longer lowercases email +addresses in MAIL FROM and RCPT TO commands. + +[Incompat 20021013] The default Linux kernel lock style for mailbox +delivery is changed from flock() to fcntl(). This has no impact if +your system uses procmail for local delivery, if you use maildir-style +mailboxes, or when mailbox access software locks mailboxes with +username.lock files (which is usually the case with non-maildir +mailboxes). + +Address classes +=============== + +[Feature 20021209] This release introduces the concept of address +domain classes, each having its own default mail delivery transport: + + Destination matches Default transport Default name + ============================================================== + $mydestination or + $inet_interfaces $local_transport local + $virtual_alias_domains (not applicable) (not applicable) + $virtual_mailbox_domains $virtual_transport virtual + $relay_domains $relay_transport relay + other $default_transport smtp + +The benefits of these changes are: + +- You no longer need to specify all the virtual(8) domains in the + Postfix transport map. The virtual(8) delivery agent has + become a first-class citizen just like local(8) or smtp(8). + +- On mail gateway systems, separation of inbound mail relay traffic + from outbound traffic. This eliminates a problem where inbound + mail deliveries could become resource starved in the presence of + a high volume of outbound mail. + +- The SMTP server rejects unknown recipients in a more consistent + manner than was possible with previous Postfix versions. + +See the ADDRESS_CLASS_README file for a description of address +classes, their benefits, and their incompatibilities. + +New relay transport in master.cf +================================ + +[Incompat 20021209] Postfix no longer defaults to the "smtp" +transport for all non-local destinations. In particular, Postfix +now uses the "relay" mail delivery transport for delivery to domains +matching $relay_domains. This may affect your defer_transports +settings. + +On mail gateway systems, this allows us to separate inbound mail +relay traffic from outbound traffic, and thereby eliminate a problem +where inbound mail deliveries could become resource starved in the +presence of a high volume of outbound mail. + +[Incompat 20021209] This release adds a new "relay" service to the +Postfix master.cf file. This is a clone of the "smtp" service. If +your Postfix is unable to connect to the "relay" service then you +have not properly followed the installation procedure. + +Revision of RBL blacklisting code +================================= + +[Feature 20020923] Complete rewrite of the RBL blacklisting code. +The names of RBL restrictions are now based on a suggestion that +was made by Liviu Daia in October 2001. See conf/sample-smtpd.cf +or html/uce.html for details. + +[Feature 20020923] "reject_rbl_client rbl.domain.tld" for client +IP address blacklisting. Based on code by LaMont Jones. The old +"reject_maps_rbl" is now implemented as a wrapper around the +reject_rbl_client code, and logs a warning that "reject_maps_rbl" +is going away. To upgrade, specify "reject_rbl_client domainname" +once for each domain name that is listed in maps_rbl_domains. + +[Feature 20020923] "reject_rhsbl_sender rbl.domain.tld" for sender +domain blacklisting. Also: reject_rhsbl_client and reject_rhsbl_recipient +for client and recipient domain blacklisting. + +[Feature 20020923] "rbl_reply_maps" configuration parameter for +lookup tables with template responses per RBL server. Based on code +by LaMont Jones. If no reply template is found the default template +is used as specified with the default_rbl_reply configuration +parameter. The template responses support $name expansion of +client, helo, sender, recipient and RBL related attributes. + +[Incompat 20020923] The default RBL "reject" server reply now +includes an indication of *what* is being rejected: Client host, +Helo command, Sender address, or Recipient address. This also +changes the logfile format. + +[Feature 20020923] "smtpd_expansion_filter" configuration parameter +to control what characters are allowed in the expansion of template +RBL reply $name macros. Characters outside the allowed set are +replaced by "_". + +More sophisticated handling of UCE-related DNS lookup errors +============================================================ + +[Feature 20020906] More sophisticated handling of UCE-related DNS +lookup errors. These cause Postfix to not give up so easily, so +that some deliveries will not have to be deferred after all. + +[Feature 20020906] The SMTP server sets a defer_if_permit flag when +an UCE reject restriction fails due to a temporary (DNS) problem, +to prevent unwanted mail from slipping through. The defer_if_permit +flag is tested at the end of the ETRN and recipient restrictions. + +[Feature 20020906] A similar flag, defer_if_reject, is maintained +to prevent mail from being rejected because a whitelist operation +(such as permit_mx_backup) fails due to a temporary (DNS) problem. + +[Feature 20020906] The permit_mx_backup restriction is made more +strict. With older versions, some DNS failures would cause mail to +be accepted anyway, and some DNS failures would cause mail to be +rejected by later restrictions in the same restriction list. The +improved version will defer delivery when Postfix could make the +wrong decision. + +- After DNS lookup failure, permit_mx_backup will now accept the +request if a subsequent restriction would cause the request to be +accepted anyway, and will defer the request if a subsequent +restriction would cause the request to be rejected. + +- After DNS lookup failure, reject_unknown_hostname (the hostname +given in HELO/EHLO commands) reject_unknown_sender_domain and +reject_unknown_recipient_domain will now reject the request if a +subsequent restriction would cause the request to be rejected +anyway, and will defer the request if a subsequent restriction +would cause the request to be accepted. + +[Feature 20020906] Specify "smtpd_data_restrictions = +reject_unauth_pipelining" to block mail from SMTP clients that send +message content before Postfix has replied to the SMTP DATA command. + +Other UCE related changes +========================= + +[Feature 20020717] The SMTP server reject_unknown_{sender,recipient}_domain +etc. restrictions now also attempt to look up AAAA (IPV6 address) +records. + +[Incompat 20020513] In order to allow user@domain@domain addresses +from untrusted systems, specify "allow_untrusted_routing = yes" in +main.cf. This opens opportunities for mail relay attacks when +Postfix provides backup MX service for Sendmail systems. + +[Incompat 20020514] For safety reasons, the permit_mx_backup +restriction no longer accepts mail for user@domain@domain. To +recover the old behavior, specify "allow_untrusted_routing = yes" +and live with the risk of becoming a relay victim. + +[Incompat 20020509] The Postfix SMTP server no longer honors OK +access rules for user@domain@postfix-style.virtual.domain, to close +a relaying loophole with postfix-style virtual domains that have +@domain.name catch-all patterns. + +[Incompat 20020201] In Postfix SMTPD access tables, Postfix now +uses <> as the default lookup key for the null address, in order +to work around bugs in some Berkeley DB implementations. This +behavior is controlled with the smtpd_null_access_lookup_key +configuration parameter. + +Changes in transport table lookups +================================== + +[Feature 20020610] user@domain address lookups in the transport +map. This feature also understands address extensions. Transport +maps still support lookup keys in the form of domain names, but +only with non-regexp tables. Specify mailer-daemon@my.host.name +in order to match the null address. More in the transport(5) manual +page. + +[Feature 20020505] Friendlier behavior of Postfix transport tables. +There is a new "*" wildcard pattern that always matches. The +meaning of null delivery transport AND nexhop information field +has changed to "do not modify": use the information that would be +used if the transport table did not exist. This change makes it +easier to route intranet mail (everything under my.domain) directly: +you no longer need to specify explicit "local" transport table +entries for every domain name that resolves to the local machine. +For more information, including examples, see the updated transport(5) +manual page. + +[Incompat 20020610] Regexp/PCRE-based transport maps now see the +entire recipient address instead of only the destination domain +name. + +[Incompat 20020505, 20021215] The meaning of null delivery transport +and nexhop fields has changed incompatibly. + +- A null delivery transport AND nexthop information field means +"do not modify": use the delivery transport or nexthop information +that would be used if no transport table did not exist. + +- The delivery transport is not changed with a null delivery +transport field and non-null nexthop field. + +- The nexthop is reset to the recipient domain with a non-null +transport field and a null nexthop information field. + +Address manipulation changes +============================ + +[Incompat 20020717] Postfix no longer strips multiple '.' characters +from the end of an email address or domain name. Only one '.' is +tolerated. + +[Feature 20020717] The masquerade_domains feature now supports +exceptions. Prepend a ! character to a domain name in order to +not strip its subdomain structure. More information in +conf/sample-rewrite.cf. + +[Feature 20020717] The Postfix virtual delivery agent supports +catch-all entries (@domain.tld) in lookup tables. These match users +that do not have a specific user@domain.tld entry. The virtual +delivery agent now ignores address extensions (user+foo@domain.tld) +when searching its lookup tables, but displays the extensions in +Delivered-To: message headers. + +[Feature 20020610] user@domain address lookups in the transport +map. This feature also understands address extensions. Transport +maps still support lookup keys in the form of domain names, but +only with non-regexp tables. Specify mailer-daemon@my.host.name +in order to match the null address. More in the transport(5) manual +page. + +[Incompat 20020610] Regexp/PCRE-based transport maps now see the +entire recipient address instead of only the destination domain +name. + +[Incompat 20020513] In order to allow user@domain@domain addresses +from untrusted systems, specify "allow_untrusted_routing = yes" in +main.cf. This opens opportunities for mail relay attacks when +Postfix provides backup MX service for Sendmail systems. + +[Incompat 20020509] The Postfix SMTP server no longer honors OK +access rules for user@domain@postfix-style.virtual.domain, to close +a relaying loophole with postfix-style virtual domains that have +@domain.name catch-all patterns. + +[Incompat 20020509] The appearance of user@domain1@domain2 addresses +has changed. In mail headers, such addresses are now properly +quoted as "user@domain1"@domain2. As a side effect, this quoted +form is now also expected on the left-hand side of virtual and +canonical lookup tables, but only by some of the Postfix components. +For now, it is better not to use user@domain1@domain2 address forms +on the left-hand side of lookup tables. + +Regular expression and PCRE related changes +=========================================== + +[Feature 20021209] Regular expression maps are now allowed with +local delivery agent alias tables and with all virtual delivery +agent lookup tables. However, regular expression substitution of +$1 etc. is still forbidden for security reasons. + +[Obsolete 20020917] In regexp lookup tables, the form /pattern1/!/pattern2/ +is going away. Use the cleaner and more flexible "if !/pattern2/..endif" +form. The old form still exists but is no longer documented, and +causes a warning (suggesting to use the new format) to be logged. + +[Incompat 20020610] Regexp/PCRE-based transport maps now see the +entire recipient address instead of only the destination domain +name. + +[Incompat 20020528] With PCRE pattern matching, the `.' metacharacter +now matches all characters including newline characters. This makes +PCRE pattern matching more convenient to use with multi-line message +headers, and also makes PCRE more compatible with regexp pattern +matching. The pcre_table(5) manual page has been greatly revised. + +New mail "HOLD" action and "hold" queue +======================================= + +[Feature 20020819] New "hold" queue for mail that should not be +delivered. "postsuper -h" puts mail on hold, and "postsuper -H" +releases mail, moving mail that was "on hold" to the deferred queue. + +[Feature 20020821] HOLD and DISCARD actions in SMTPD access tables. +As with the header/body version of the same, these actions apply +to all recipients of the same queue file. + +[Feature 20020819] New header/body HOLD action that causes mail to +be placed on the "hold" queue. Presently, all you can do with mail +"on hold" is to examine it with postcat, to take it "off hold" with +"postsuper -H", or to destroy it with "postsuper -d". See +conf/sample-filter.cf. + +[Incompat 20020819] In mailq output, the queue ID is followed by +the ! character when the message is in the "hold" queue (see below). +This may break programs that process mailq output. + +Content filtering +================= + +[Feature 20020823] Selective content filtering. In in SMTPD access +tables, specify "FILTER transport:nexthop" for mail that needs +filtering. More info about content filtering is in the Postfix +FILTER_README file. This feature overrides the main.cf content_filter +setting. Presently, this applies to all the recipients of a queue +file. + +[Feature 20020527] Selective content filtering. In header/body_check +patterns, specify "FILTER transport:nexthop" for mail that needs +filtering. This requires different cleanup servers before and after +the filter, with header/body checks turned off in the second cleanup +server. More info about content filtering is in the Postfix +FILTER_README file. This feature overrides the main.cf content_filter +setting. Presently, this applies to all the recipients of a queue +file. + +[Feature 20020527] Postfix now has real MIME support. This improves +content filtering efficiency and accuracy, and improves inter-operability +with mail systems that cannot receive 8-bit mail. See conf/sample-mime.cf +for details. + +[Feature 20020527] Postfix header_checks now properly recognize +MIME headers in attachments. This is much more efficient than +previous versions that recognized MIME headers via body_checks. +MIME headers are now processed one multi-line header at a time, +instead of one body line at a time. To get the old behavior, +specify "disable_mime_input_processing = yes". More details in +conf/sample-filter.cf. + +[Feature 20020527] Postfix now has three classes of header patterns: +header_checks (for primary message headers except MIME headers), +mime_header_checks (for MIME headers), and nested_header_checks +(for headers of attached email messages except MIME headers). By +default, all headers are matched with header_checks. + +[Feature 20021013] The body_checks_size_limit parameter limits the +amount of text per message body segment (or attachment, if you +prefer to use that term) that is subjected to body_checks inspection. +The default limit is 50 kbytes. This speeds up the processing of +mail with large attachments. + +[Feature 20020917] Speedups of regexp table lookups by optimizing +for the $number substitutions that are actually present in the +right-hand side. Based on a suggestion by Liviu Daia. + +[Feature 20020917] Speedups of regexp and pcre tables, using +IF..ENDIF support. Based on an idea by Bert Driehuis. To protect +a block of patterns, use: + + if /pattern1/ + /pattern2/ result2 + /pattern3/ result3 + endif + +IF..ENDIF can nest. Don't specify blanks at the beginning of lines +inside IF..ENDIF, because lines beginning with whitespace are +appended to the previous line. More details about the syntax are +given in the pcre_table(5) and regexp_table(5) manual pages. + +Postmap/postalias/newaliases changes +==================================== + +[Incompat 20020505] The postalias command now copies the source +file read permissions to the result file when creating a table for +the first time. Until now, the result file was created with default +read permissions. This change makes postalias more similar to +postmap. + +[Incompat 20020505] The postalias and postmap commands now drop +super-user privileges when processing a non-root source file. The +file is now processed as the source file owner, and the owner must +therefore have permission to update the result file. Specify the +"-o" flag to get the old behavior (process non-root files with root +privileges). + +[Incompat 20020122] When the postmap command creates a non-existent +result file, the new file inherits the group/other read permissions +of the source file. + +Assorted changes +================ + +[Feature 20021028] The local(8) and virtual(8) delivery agents now record +the original recipient address in the X-Original-To: message header. +This header can also be emitted by the pipe(8) delivery agent. + +[Incompat 20021028] With "domain in one mailbox", one message with +multiple recipients is no longer delivered only once. It is now +delivered as one copy for each original recipient, with the original +recipient address listed in the X-Original-To: message header. + +[Feature 20021024] New proxy_interfaces parameter, for sites behind a +network address translation gateway or other type of proxy. You +should specify all the proxy network addresses here, to avoid avoid +mail delivery loops. + +[Feature 20021013] Updated MacOS X support by Gerben Wierda. See +the auxiliary/MacOSX directory. + +[Incompat 20021013] Subtle change in ${name?result} macro expansions: +the expansion no longer happens when $name is an empty string. This +probably makes more sense than the old behavior. + +[Incompat 20020917] The relayhost setting now behaves as documented, +i.e. you can no longer specify multiple destinations. + +[Incompatibility 20021219] The use of the XVERP extension in the +SMTP MAIL FROM command is now restricted to SMTP clients that match +the hostnames, domains or networks listed with the authorized_verp_clients +parameter (default: $mynetworks). + +[Feature 20020819] When the Postfix local delivery agent detects +a mail delivery loop (usually the result of mis-configured mail +pickup software), the undeliverable mail is now sent to the mailing +list owner instead of the envelope sender address (usually the +original poster who has no guilt, and who cannot fix the problem). + +[Warning 20020819] The Postfix queue manager now warns when mail +for some destination is piling up in the active queue, and suggests +a variety of remedies to speed up delivery (increase per-destination +concurrency limit, increase active queue size, use a separate +delivery transport, increase per-transport process limit). The +qmgr_clog_warn_time parameter controls the time between warnings. +To disable these warnings, specify "qmgr_clog_warn_time = 0". + +[Warning 20020717] The Postfix SMTP client now logs a warning when +the same domain is listed in main.cf:mydestination as well as a +Postfix-style virtual map. Such a mis-configuration may cause mail +for users to be rejected with "user unknown". + +[Feature 20020331] A new smtp_helo_name parameter that specifies +the hostname to be used in HELO or EHLO commands; this can be more +convenient than changing the myhostname parameter setting. + +[Feature 20020331] Choice between multiple instances of internal +services: bounce, cleanup, defer, error, flush, pickup, queue, +rewrite, showq. This allows you to use different cleanup server +settings for different SMTP server instances. For example, specify +in the master.cf file: + + localhost:10025 ... smtpd -o cleanup_service_name=cleanup2 ... + cleanup2 ... cleanup -o header_checks= body_checks= ... + +Logfile format changes +====================== + +[Incompat 20021209] The Postfix SMTP client no longer expands CNAMEs +in MAIL FROM addresses (as permitted by RFC 2821) before logging +the recipient address. + +[Incompat 20021028] The Postfix SMTP server UCE reject etc. logging +now includes the queue ID, the mail protocol (SMTP or ESMTP), and +the hostname that was received with the HELO or EHLO command, if +available. + +[Incompat 20021028] The Postfix header/body_checks logging now +includes the mail protocol (SMTP, ESMTP, QMQP) and the hostname +that was received with the SMTP HELO or EHLO command, if available. + +[Incompat 20021028] The Postfix status=sent/bounced/deferred logging +now shows the original recipient address (as received before any +address rewriting or aliasing). The original recipient address is +logged only when it differs from the final recipient address. + +[Incompat 20020923] The default RBL "reject" server reply now +includes an indication of *what* is being rejected: Client host, +Helo command, Sender address, or Recipient address. This also +changes the logfile format. + +LDAP related changes +==================== + +[Incompat 20020819] LDAP API version 1 is no longer supported. The +memory allocation and deallocation strategy has changed too much +to maintain both version 1 and 2 at the same time. + +[Feature 20020513] Updated LDAP client module with better handling +of dead LDAP servers, and with configurable filtering of query +results. + +SASL related changes +==================== + +[Incompat 20020819] The smtpd_sasl_local_domain setting now defaults +to the null string, rather than $myhostname. This seems to work +better with Cyrus SASL version 2. This change may cause incompatibility +with the saslpasswd2 command. + +[Feature 20020331] Support for the Cyrus SASL version 2 library, +contributed by Jason Hoos. This adds some new functionality that +was not available in Cyrus SASL version 1, and provides bit-rot +insurance for the time when Cyrus SASL version 1 eventually stops +working. + +Berkeley DB related changes +=========================== + +[Feature 20020505] Finer control over Berkeley DB memory usage, +The parameter "berkeley_db_create_buffer_size" (default: 16 MBytes) +specifies the buffer size for the postmap and postalias commands. +The parameter "berkeley_db_read_buffer_size" (default: 256 kBytes) +specifies the buffer size for all other applications. Specify +"berkeley_db_read_buffer_size = 1048576" to get the old read buffer +size. For more information, see the last paragraphs of the DB_README +file. + +[Incompat 20020201] In Postfix SMTPD access tables, Postfix now +uses <> as the default lookup key for the null address, in order +to work around bugs in some Berkeley DB implementations. This +behavior is controlled with the smtpd_null_access_lookup_key +configuration parameter. + +[Incompat 20020201] Postfix now detects if the run-time Berkeley +DB library routines do not match the major version number of the +compile-time include file that was used for compiling Postfix. The +software issues a warning and aborts in case of a discrepancy. If +it didn't, the software was certain to crash with a segmentation +violation. + +Assorted workarounds +==================== + +[Incompat 20020201] On SCO 3.2 UNIX, the input rate flow control +is now turned off by default, because of limitations in the SCO +UNIX kernel. -- cgit v1.2.3