diff options
Diffstat (limited to 'RELEASE_NOTES-2.1')
| -rw-r--r-- | RELEASE_NOTES-2.1 | 581 |
1 files changed, 581 insertions, 0 deletions
diff --git a/RELEASE_NOTES-2.1 b/RELEASE_NOTES-2.1 new file mode 100644 index 0000000..c25b28b --- /dev/null +++ b/RELEASE_NOTES-2.1 @@ -0,0 +1,581 @@ +In the text below, incompatible changes are labeled with the Postfix +snapshot that introduced the change. If you upgrade from a later +Postfix version, then you do not have to worry about that particular +incompatibility. + +The official Postfix release is called 2.1.x where 2=major release +number, 1=minor release number, x=patchlevel. Snapshot releases +are called 2.2-yyyymmdd where yyyymmdd is the release date (yyyy=year, +mm=month, dd=day). The mail_release_date configuration parameter +contains the release date (both for official release and snapshot +release). Patches are issued for the official release and change +the patchlevel and the release date. Patches are never issued for +snapshot releases. + +Major changes - critical +------------------------ + +If you run Postfix 2.0 or earlier then you must stop Postfix before +upgrading. The master-child protocols have changed between Postfix +1.1 and 2.0, and version 2.1 sometimes writes queue files that the +2.0 and earlier queue managers complain about. If this happens move +the files from the corrupt directory to the maildrop directory and +give them another chance. + +[Incompat 20021119] The Postfix upgrade procedure will add two new +services to your master.cf file: "trace" and "verify". These servers +can run inside a chroot jail, have no interaction with users, and +don't talk to the network. If Postfix complains that "trace" and +"verify" are not found, you made the error of copying your old +Postfix configuration files over the new ones. Execute "postfix +upgrade-configuration" to repair the Postfix configuration files. + +[Incompat 20040331] Support for the non-standard Errors-To: message +header is removed. This also helps to stop potential attacks that +rely on bouncing mail to a destination that is not directly reachable +by the attacker. Specify "enable_errors_to = yes" to get the old +behavior. + +Queue files written by Postfix 2.1 may contain information that +is incompatible with older Postfix versions: + +[Incompat 20040120] Queue files creates with "sendmail -v" are no +longer compatible with Postfix versions 2.0 and earlier. A new +record type, "killed", was introduced in order to avoid repeated +mail delivery reports from mail that could not be delivered due to +a temporary error condition. + +[Incompat 20030125] This release adds a new queue file record type +for the address specified in "REDIRECT user@domain" actions in +access maps or header/body_checks. Queue files with these records +will be rejected by older Postfix versions. + +[Feature 20040120] The new queue manager nqmgr has become the +default qmgr queue manager. For a limited time the old queue manager +remains available under the name oqmgr. The name nqmgr still works +but will cause a warning to be logged. + +[Incompat 20040413] The Postfix SMTP server no longer accepts mail +from or to an address ending in "@", including address forms that +rewrite into an address that ends in "@"). Specify "resolve_null_domain += yes" to get the old behavior. + +[Incompat 20031226] Postfix no longer allows mail addresses with +bare numeric IP addresses (user@1.2.3.4). This is not configurable. +The form user@[ipaddress] is still allowed. + +[Incompat 20031226] Bounce messages now have a separate queue life +time. This is controlled by the bounce_queue_lifetime parameter. + +[Incompat 20031019] The authorized_verp_clients parameter was +renamed to smtpd_authorized_verp_clients, and the default value +was changed to disable this feature. You now have to turn it on +explicitly. + +Major changes - build environment +--------------------------------- + +[Incompat 20030112] The Postfix build procedure now uses the +pcre-config utility (part of PCRE version 3) to find out the +pathnames of the PCRE include file and object library, instead of +probing /usr/include and/or /usr/lib. To build with PCRE version +2 support you will have to specify pathnames as described in +PCRE_README. To build without PCRE support, specify: make Makefiles +CCARGS="-DNO_PRCE". + +Major changes - documentation +----------------------------- + +[Feature 20040331] Complete documentation rewrite. All parameters +are now described in postconf(5), and all commands and daemons are +shown in their proper context in the OVERVIEW document. +- All documents come as HTML and ASCII text. +- All HTML documents have hyperlinks for every parameter name, + for every Postfix manual page, and for every README file. +- All documents specify what feature is available in what release. +- The sample-*.cf configuration files no longer exist. The information + is now available in HTML documents, README files and UNIX man pages). +- The mumble_table example configuration files no longer exist. + +[Incompat 20040413] The LMTP, Cyrus and Qmail related README files will +not be included in the Postfix version 2.1 distribution. They will +be made available via http://www.postfix.org/, and in Postfix 2.2 +snapshots. + +[Feature 20040413] You can install documentation in HTML format +besides the README files. Installation of README files is now +optional. + +Major changes - access control +------------------------------ + +[Feature 20031215] Easier debugging of SMTPD access restrictions. +The SMTP command "xclient name=xxx addr=yyy" changes Postfix's idea +of the remote client name and address, so that you can pretend to +connect from anywhere on the Internet. Use of this command is +restricted to clients that match the list of names or addresses +specified with the smtpd_authorized_xclient_hosts parameter. By +default, XCLIENT is not accepted from anywhere. More details are +in the XCLIENT_README file. + +[Feature 20030715] Support for multi-valued RBL lookup results. +For example, specify "reject_rbl_client foo.bar.tld=127.0.0.3" to +reject clients that are listed with a "127.0.0.3" address record. +More information is in the postconf(5) manual page. + +[Feature 20030917] New "check_{helo,sender,recipient}_{ns,mx}_access +type:table" restrictions that apply the specified access table to +the NS or MX hosts of the host/domain given in HELO, EHLO, MAIL +FROM or RCPT TO commands. More information is in the postconf(5) +manual page. + +This can be used to block mail from so-called spammer havens (all +domains that are served by the same DNS server, all domains that +resolve to the same MX host), from sender addresses that resolve +to Verisign's wild-card mail responder, or from domains that claim +to have mail servers in reserved networks such as 127.0.0.1. + +Note: OK actions are not allowed for security reasons. Instead of +OK, use DUNNO in order to exclude specific hosts from blacklists. +If an OK result is found for an NS or MX host, Postfix rejects the +SMTP command with "451 Server configuration error". + +[Feature 20040413] Support for a "WARN text..." feature in SMTPD +access tables, just like the WARN feature in header/body_checks. + +[Feature 20040122] New "PREPEND headername: headervalue" action in +Postfix access maps. Primarily intended for tagging mail by for +example, an external SMTPD policy server. See access(5). + +[Feature 20040124] New "PREPEND text" action in Postfix header/body_checks +maps. This action prepends a header or body line immediately before +the line that triggers the action. See header_checks(5) for details. + +[Feature 20030125] New "REDIRECT user@domain" action for access +maps and header/body_checks that overrides all the originally +specified recipients of a message. Wietse would never recommend +that people use this to redirect (bounced) SPAM to the beneficiaries +of an advertisement campaign. See access(5) and header_checks(5). + +[Feature 20031215] The reject_sender_login_mismatch feature (used +with SASL authenticated logins) is now implemented in terms of more +basic restrictions: reject_unauth_sender_login_mismatch (reject +mail when $sender_login_maps lists an owner for the sender address +but the SMTP client is not SASL authenticated) and +reject_auth_sender_login_mismatch (reject mail when the sender +address is not owned by the SASL authenticated user). The +sender_login_maps now support multiple owners per sender address. +See postconf(5) for details. + +Major changes - address verification +------------------------------------ + +[Feature 20021119] Address verification blocks mail from or to +addresses that are not deliverable. This is turned on with the +reject_unverified_sender UCE restriction. Addresses are verified +by probing, that is, by sending mail that is not actually delivered +(SMTP interruptus). Detailed information is in the +ADDRESS_VERIFICATION_README file. + +Address verification can follow a different route than ordinary +mail, typically to avoid sending probes to a relay host. To make +this possible, the address resolver supports multiple personalities. +For more detail see the ADDRESS_VERIFICATION_README file. + +New "sendmail -bv" option. Postfix probes the specified recipient +addresses without actually delivering mail, and sends back an email +delivery report. This is useful for testing address rewriting and +address routing, and shows the final envelope and header addresses. +This feature currently does not access or update the sender address +verification database. + +Major changes - content inspection +---------------------------------- + +[Feature 20030704] The Postfix SMTP server can be configured to +send all mail into a real-time content filter that inspects mail +BEFORE it is queued. See the SMTPD_PROXY_README file for details. + +[Feature 20031022] Improved logging by Postfix daemons behind an +SMTP-based proxy filter. The logging now shows the remote client +name and address, instead of localhost[127.0.0.1]. This uses the +new SMTP command "XFORWARD addr=client-address name=client-hostname", +which specifies remote client information for logging purposes. +This command is restricted to clients that match the list of names +or addresses specified with the smtpd_authorized_xforward_hosts +parameter. By default, XFORWARD is not accepted from anywhere. +For an example, see the SMTPD_PROXY_README file. + +[Feature 20030706] New receive_override_options parameter that +eliminates the need for different cleanup service instances before +and after an external content filter. One parameter controls what +happens before or after the content filter: rejecting unknown +recipients, canonical mapping, virtual alias expansion, masquerading, +automatic BCC recipients and header/body checks. See postconf(5) +for the fine details. + +[Feature 20040124] New "PREPEND text" action in Postfix header/body_checks +maps. This action prepends a header or body line immediately before +the line that triggers the action. See header_checks(5) for details. + +[Feature 20030125] New "REDIRECT user@domain" action for access maps +and header/body_checks that overrides all the originally specified +recipients of a message. Wietse would never recommend that people +use this to redirect (bounced) SPAM to the beneficiaries of an +advertisement campaign. See header_checks(5) and access(5). + +[Incompat 20030915] In header/body_checks actions, the OK action +is being phased out, and the DUNNO action is being phased in. Both +actions still work and do the same thing, but hopefully DUNNO causes +less confusion. See header_checks(5) for details. + +Major changes - policy delegation +--------------------------------- + +[Feature 20030715] Support for SMTP access policy delegation to an +external server. Greylisting and SPF are provided as examples. +See the SMTPD_POLICY_README file for further information. + +Major changes - client rate limiting +------------------------------------ + +Note: this feature is not included with Postfix 2.1, but it is +documented here so that the information will not be lost. + +[Feature 20031111] Preliminary defense against SMTP clients that +hammer an SMTP server with too many connections. By default, the +number of simultaneous connections per client is limited to half +the default process limit, and no limit is imposed on the number +of successive connections per time unit that a client is allowed +to make. + +The new anvil server maintains the connection statistics, and logs +the maximum connection count and connection rate per client every +anvil_status_update_time seconds (10 minutes), or when it terminates +(when there is no work to be done, or when "postfix reload" was +issued). Once you have an idea what the numbers look like, you can +clamp down the limits for your system. + +The relevant main.cf configuration parameters are: smtpd_client- +connection_count_limit for the number of simultaneous connections +per client, and smtpd_client_connection_rate_limit for the number +of successive connections per unit time and client. The time unit +is specified with the anvil_rate_time_unit parameter, and is one +minute by default. + +When Postfix rejects a client, it sends a 450 status code and +disconnects, and logs a warning with the client name/address and +the service name from master.cf. You can, for example, capture this +information with a logfile watching program that updates a firewall +rule (such a watcher program is not included with Postfix). + +To avoid rejecting authorized hosts, the smtpd_client_connection- +limit_exceptions parameter takes a list of network/netmask expressions, +hostnames or .domain names that are excluded from these restrictions. +By default, all clients in $mynetworks are excluded; you will +probably want to use a more restrictive setting. + +For further information, see: smtpd(8) and anvil(8). + +Major changes - configuration management +---------------------------------------- + +[Feature 20040413] New postfix(1) command features: + +- "postfix set-permissions" corrects Postfix file and directory + permissions and allows you to change mail_owner or setgid_group + settings after Postfix is installed. + +- "postfix upgrade-configuration" fixes Postfix systems after people + copy over their old configuration files after installing a new + Postfix system. + +See postfix(1) for details. + +[Incompat 20040120] The format of the postfix-files file has changed. +There is a new type for hard links. With hard or symbolic link +entries, the first field is now the destination pathname and the +"owner" field is now the origin pathname, while "group" and +"permissions" are ignored. + +Major changes - core functionality +---------------------------------- + +[Feature 20030704] New enable_original_recipient parameter (default: +yes) to control whether Postfix keeps track of original recipient +address information. If this is turned off Postfix produces no +X-Original-To: headers and ignores the original recipient when +eliminating duplicates after virtual alias expansion. Code by Victor +Duchovni. + +[Feature 20030417] Automatic BCC recipients depending on sender or +recipient address. The configuration parameters in question are +"sender_bcc_maps" and "recipient_bcc_maps". See postconf(5). + +[Incompat 20030415] Too many people mess up their net/mask patterns, +causing open mail relay problems. Postfix processes now abort when +given a net/mask pattern with a non-zero host portion (for example, +168.100.189.2/28), and suggest to specify the proper net/mask +pattern instead (for example, 168.100.189.0/28). + +[Feature 20030415] Workaround for file system clock drift that +caused Postfix to ignore new mail (this could happen with file +systems mounted from a server). Postfix now logs a warning and +proceeds with only slightly reduced performance, instead of ignoring +new mail. + +Major changes - database support +-------------------------------- + +Liviu Daia took the lead in a revision of the LDAP, MySQL and +PostgreSQL clients. Credits also go to Victor Duchovni and to +Lamont Jones. + +[Feature 20030915] LDAP parameters can now be defined in external +files. Specify the LDAP maps in main.cf as + ldap:/path/to/ldap.cf +and write the LDAP parameters in /path/to/ldap.cf, without the +"ldapsource_" prefix. This makes it possible to securely store +bind passwords for plain auth outside of main.cf (which must be +world readable). The old syntax still works, for backwards +compatibility. + +[Feature 20030915] Support for LDAP URLs in the LDAP parameter +"server_host", if Postfix is linked against OpenLDAP. LDAP hosts, +ports, and connection protocols to be used as LDAP sources can be +specified as a blank-separated list of LDAP URLs in "server_host". +As with OpenLDAP, specifying a port in a LDAP URL overrides +"server_port". Examples: + server_host = ldap://ldap.itd.umich.edu + server_host = ldaps://ldap.itd.umich.edu:636 + server_host = ldapi://%2Fsome%2Fpath + +[Feature 20030915] The LDAP SSL scheme ldaps:// is available if +OpenLDAP was compiled with SSL support. New parameters "tls_ca_cert_dir", +"tls_ca_cert_file", "tls_cert", "tls_key", "tls_require_cert", +"tls_random_file", "tls_cipher_suite" control the certificates, +source of random numbers, and cipher suites used for SSL connections. +See LDAP_README for further information. + +[Feature 20030915] Support for STARTTLS command in LDAP, if Postfix +is linked against OpenLDAP and OpenLDAP was compiled with SSL +support. STARTTLS is controlled by the "start_tls" parameter. +The above parameters for certificates, source of random numbers, +and cipher suites also apply. See LDAP_README for further information. + +[Incompat 20030704] Support for client side LDAP caching is gone. +OpenLDAP 2.1.13 and later no longer support it, and the feature +never worked well. Postfix now ignores cache controlling parameters +in an LDAP configuration file and logs a warning. + +[Feature 20030415] PostgreSQL table lookups. Specify "pgsql:/file/name" +where "/file/name" defines the database. See "man pgsql_table" for +examples, and the PGSQL_README file for general information. + +Major changes - internals +------------------------- + +[Incompat 20040120] The format of the postfix-files file has changed. +There is a new type for hard links. With hard or symbolic link +entries, the first field is now the destination pathname and the +"owner" field is now the origin pathname, while "group" and +"permissions" are ignored. + +[Incompat 20040120] The LDAP and SQL client source code is moved +to the global directory in order to eliminate reversed dependencies. + +[Feature 20030606] Complete rewrite of the queue file record reading +loops in the pickup, cleanup and in the queue manager daemons. This +code had deteriorated over time. The new code eliminates an old +problem where the queue manager had to read most queue file records +twice in the case of an alias/include file expansion with more than +qmgr_message_recipient_limit recipients. + +[Feature 20030125] Code cleanup up of queue manager internals. +Queue names are no longer mixed up with the next-hop destination, +and the address resolver loop is now easier to understand. + +[Feature 20030104] Multi-server daemons (servers that accept +simultaneous connections from multiple clients) will now stop +accepting new connections after serving $max_use clients. This +allows multi-server daemons to automatically restart even on busy +mail systems. + +[Feature 20030104] Clients of multi-server daemons such as +trivial-rewrite and the new proxymap service now automatically +disconnect after $ipc_ttl seconds of activity (default: 1000s). +This allows multi-server daemons to automatically restart even on +busy mail systems. + +[Incompat 20021119] The file format of bounce/defer logfiles has +changed from the old one-line ad-hoc format to a more structured +multi-line format. For backwards compatibility, Postfix now creates +bounce/defer logfile entries that contain both the old and the new +format, so that you can go back to an older Postfix release without +losing information. Old Postfix versions will warn about malformed +logfile entries, but should work properly. To disable backwards +compatibility specify "backwards_bounce_logfile_compatibility = +no" in main.cf. + +[Feature 20021119] Both "sendmail -bv" and "sendmail -v" use the +new "trace" daemon that is automatically added to master.cf when +you upgrade. + +Major changes - logging +----------------------- + +[Incompat 20040413] The postmap and postalias commands now report +errors to syslogd in addition to reporting them to the standard +error output. This makes logfile analysis easier. + +[Incompat 20031203] Many SMTPD "reject" logfile entries now show +NOQUEUE instead of a queue ID. This is because Postfix no longer +creates a queue file before the SMTP server has received a valid +recipient. + +Major changes - lookup table support +------------------------------------ + +[Feature 20030704] New CIDR-based lookup table, remotely based on +code by Jozsef Kadlecsik. For details and examples, see "man +cidr_table". + +[Feature 20030704] The TCP-based table lookup protocol is finished. +For details and examples, see "man tcp_table". This will allow you +to implement your own greylisting, or to do your own open proxy +tests before accepting mail. This table will not be included with +Postfix 2.1 because the protocol is obsoleted by the policy delegation +(see elsewhere in this document) which does a much better job. + +[Feature 20030704] Support for !/pattern/ (negative matches) in +PCRE lookup tables by Victor Duchovni. See "man pcre_table" and +"man regexp_table" for more. + +Major changes - resource control +-------------------------------- + +[Incompat 20031022] The Postfix SMTP server no longer accepts mail +when the amount of free queue space is less than 1.5 times the +message_size_limit value. + +Major changes - security +------------------------ + +[Incompat 20040413] The Postfix SMTP server no longer accepts mail +from or to an address ending in "@", including address forms that +rewrite into an address that ends in "@"). Specify "resolve_null_domain += yes" to get the old behavior. + +[Incompat 20040331] Support for the non-standard Errors-To: message +header is removed. This also helps to stop potential attacks that +rely on bouncing mail to a destination that is not directly reachable +by the attacker. Specify ""enable_errors_to = yes" to get the old +behavior. + +[Incompat 20040331] Tarpit delays are reduced. The Postfix SMTP +server no longer delays responses until the client has made +$smtpd_soft_error_limit errors, and the delay is fixed at +$smtpd_error_sleep_time seconds. Postfix still disconnects after +$smtpd_hard_error_limit errors. + +[Incompat 20040120] The SMTP server can reject non-existent sender +addresses in a local, virtual or relay domain; specify +"reject_unlisted_sender=yes" in order to require that a sender +address passes the same "user unknown" test as a recipient would +have to pass. This is optional in Postfix 2.1, likely to be turned +on by default in Postfix 2.2. + +[Incompat 20031226] Postfix no longer allows mail addresses with +bare numeric IP addresses (user@1.2.3.4). This is not configurable. +The form user@[ipaddress] is still allowed. + +[Incompat 20030305] Postfix truncates non-address information in message +address headers (comments, etc.) to 250 characters per address, in +order to protect vulnerable Sendmail systems against exploitation +of a remote buffer overflow problem (CERT advisory CA-2003-07). + +[Incompat 20030227] The smtpd_hard_error_limit and smtpd_soft_error_limit +values now behave as documented, that is, smtpd_hard_error_limit=1 +causes Postfix to disconnect upon the first client error. Previously, +there was an off-by-one error causing Postfix to change behavior +after smtpd_hard/soft_error_limit+1 errors. + +Major changes - smtp client +--------------------------- + +[Incompat 20031223] The SMTP client now tries to connect to an +alternate MX address when a delivery attempt fails **after the +initial SMTP handshake**. This includes both broken connections +and 4XX SMTP replies. To get the old behavior, specify +"smtp_mx_session_limit = 1" in main.cf. + +[Feature 20031223] The SMTP client now tries to connect to an +alternate MX address when a delivery attempt fails after the +initial SMTP handshake. This includes both broken connections +and 4XX SMTP replies. + +As a benefit, fallback_relay now works as promised, not just for +sessions that fail during the initial handshake. + +The new SMTP client connection management is controlled by two new +configuration parameters: + +- smtp_mx_address_limit (default unlimited): the number of MX (mail + exchanger) IP addresses that can result from mail exchanger + lookups. + +- smtp_mx_session_limit (default 2): the number of SMTP sessions + per delivery request before giving up or delivering to a fall-back + relay, ignoring IP addresses that fail to complete the SMTP + initial handshake. + +[Incompat 20031022] Postfix no longer retries delivery when no MX +host has a valid A record, for compatibility with many other MTAs. +This change is made in anticipation of a possible Verisign "wild-card +MX record without A record" for unregistered domains. To get the +old behavior, specify "smtp_defer_if_no_mx_address_found = yes". + +[Incompat 20031022] The Postfix SMTP client no longer looks in +/etc/hosts by default. To get the old behavior, specify +"smtp_host_lookup = dns, native". + +[Feature 20030417] Support for sending mail to hosts not in the +DNS, without having to turn off DNS lookups. The "smtp_host_lookup" +parameter controls how the Postfix SMTP client looks up hosts. In +order to use /etc/hosts besides DNS, specify "smtp_host_lookup = +dns, native". The default is to use DNS only. + +Major changes - user interface +------------------------------ + +[Incompat 20040418] The non-delivery report format has changed. +The "sorry" message and the DSN formatted report now include the +original recipient address, when that address is different from +the final recipient address. This makes it easier to diagnose some +mail delivery problems that happen after mail forwarding. + +[Incompat 20031223] In mailq (queue listing) output, there no longer +is space between a short queue ID and the "*" (delivery in progress) +or ! (mail on hold) status indicator. This makes the output easier +to parse. + +[Incompat 20030417] "sendmail -t" no longer complains when recipients +are given on the command line. Instead, it now adds recipients from +headers to the recipients from the command-line. + +[Incompat 20030126] The maildir file naming algorithm has changed +according to an updated version of http://cr.yp.to/proto/maildir.html. +The name is now TIME.VdevIinum.HOST + +[Incompat 20021119] The behavior of "sendmail -v" has changed. One +-v option now produces one email report with the status of each +recipient. Multiple -v options behave as before: turn on verbose +logging in the sendmail and postdrop commands. + +[Feature 20021119] New "sendmail -bv" option. Postfix probes the +specified recipient addresses without actually delivering mail, +and sends back an email delivery report. This is useful for testing +address rewriting and address routing of both envelope and header +addresses. This feature currently does not access or update the +sender address verification database. + |