diff options
Diffstat (limited to 'HISTORY')
| -rw-r--r-- | HISTORY | 777 |
1 files changed, 712 insertions, 65 deletions
@@ -27056,14 +27056,28 @@ Apologies for any names omitted. sometimes incomplete) lookup table configuration info with a reference to the corresponding *_table(5) manpage. +20230417 + + Cleanup: in the MySQL client configuration file, the default + characterset is now configurable with the "charset" attribute. + Previously, the default was determined by the MySQL + implementation (utf8mb4 as of MySQL 8.0, latin1 with older + versions). This setting implicitly controls the collation + order. Files: proto/mysql_table, global/dict_mysql.c. + 20230418 - Bugfix defect (introduced: Postfix 3.2): the MySQL client - could return "not found" instead of "error" (for example, - resulting in a 5XX SMTP status instead of 4XX) during the - time that all MySQL server connections were turned down - after error. Found during code maintenance. File: - global/dict_mysql.c. + Bugfix (introduced: Postfix 3.2): the MySQL client could + return "not found" instead of "error" (for example, resulting + in a 5XX SMTP status instead of 4XX) during the time that + all MySQL server connections were turned down after error. + Found during code maintenance. File: global/dict_mysql.c. + +20230419 + + Cleanup: in the PostgreSQL client, cosmetic changes to make + the code easier to maintain (in preparation for adding new + functionality). File: global/dict_pgsql.c. 20230428 @@ -27091,6 +27105,74 @@ Apologies for any names omitted. ...' with a single service definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu. File: postconf/postconf_edit.c. +20230503 + + Documentation: clarified the relationship between + smtp_bind*address, inet_interfaces, and system-chosen source + IP addresses for outbound SMTP/LMTP connections. File: + proto/postconf.proto. + +20230504 + + Documentation: clarified the relationships between + local_transport, virtual_mailbox_transport, relay_transport, + default_transport, relay_host, sender_dependent_relayhost_maps, + sender_dependent_default_transport_maps, and their precedences + when determining a delivery transport or next-hop destination, + in ADDRESS_REWRITING_README and in the text that defines + individual configuration features. Files: proto/postconf.proto, + proto/ADDRESS_REWRITING_README.html. + +20230505 + + Documentation: clarified the differences between virtual + and local aliasing, in four places. Files: mantools/postlink, + proto/postconf.proto, proto/ADDRESS_REWRITING_README.html. + cleanup/cleanup.c, local/local.c, smtpd/smtpd.c. + + Usability: improved error message when master.cf specifies + a wild-card network listener (like "smtp inet ... smtpd") + while inet_interfaces is empty. File: master/master_ent.c. + + More documentation updates for local aliasing versus virtual + aliasing. Files: proto/aliases, proto/virtual, postfix/postfix.c. + +20230506 + + Cleanup: simplified the master code to handle an empty + inet_interfaces setting. it is now closer to the original + code. Also documented that wildcard_inet_addr_list() will + not return an empty list. Files: master/master_ent.c, + global/own_inet_addr_list.c. + +20230507 + + Documentation: fine tuning of text about local aliasing + versus virtual aliasing. Files: proto/postconf.proto, + proto/aliases, proto/virtual, proto/ADDRESS_REWRITING_README.html. + +20230508 + + Documentation: more fine tuning of text about local aliasing + versus virtual aliasing, and inet_interfaces. Files: + proto/postconf.proto, proto/aliases, proto/virtual, + proto/ADDRESS_REWRITING_README.html. + +20230516 + + Bugfix (defect introduced: Postfix 3.4): the postlog(1) + command created a logfile with permissions 0644, but the + postlogd(8) daemon created it with permissions 0600, for + example after "postfix logrotate". The discrepancy is now + eliminated, and the permissions when creating a file are + now configurable with the "maillog_file_permissions" + parameter, default 0600 for backwards compatibility. Files: + mantools/postlink, proto/MAILLOG_README.html, proto/postconf.proto, + global/mail_params.c, global/mail_params.h, global/Makefile.in, + master/master.c, postlog/postlog.c, postlogd/postlogd.c, + util/logwriter.c, util/logwriter.h, util/Makefile.in, + util/vstream.c. + 20230517 Bugfix (defect introduced: Postfix 3.8) the posttls-finger @@ -27101,6 +27183,17 @@ Apologies for any names omitted. 20230519 + Cleanup: fixed postconf tests for dynamically-linked builds. + File: postconf/Makefile.in. + +20230521 + + Bitrot: library error messages in SMTP server tests. File: + smtpd/Makefile.in. + + Cleanup: removed some "the the" instances. Files: + proto/MILTER_README.html proto/stop.double-proto-html. + Bitrot: preliminary support for OpenSSL configuration files, primarily OpenSSL 1.1.1b and later. This introduces new parameters "tls_config_file" and "tls_config_name", which @@ -27117,13 +27210,13 @@ Apologies for any names omitted. 20230523 - Cleanup: use TLS_CLIENT_PARAMS to pass the OpensSSL 'init' - configurations. This information is independent from the - client or server TLS context, and therefore does not belong - in tls_*_init() or tls_*_start() calls. The tlsproxy(8) - server uses TLS_CLIENT_PARAMS to report differences between - its own global TLS settings, and those from its clients. - Files: posttls-finger/posttls-finger.c, smtp/smtp.c, + Cleanup: use TLS_CLIENT_PARAMS to pass the OpenSSL 'init' + configuration settings. These are global, i.e. apply to all + client TLS contexts, and they do not belong in tls_client_init() + or tls_client_start() calls. The tlsproxy(8) server uses + TLS_CLIENT_PARAMS information to warn about differences + between its own global TLS settings, and those from its + clients. Files: posttls-finger/posttls-finger.c, smtp/smtp.c, smtp/smtp_proto.c, tls/tls.h, tls/tls_proxy_client_misc.c, tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c, tls/tls_proxy.h, tlsproxy/tlsproxy.c. @@ -27131,15 +27224,27 @@ Apologies for any names omitted. 20230524 Cleanup: reverted cosmetic-only changes to minimize the - patch footprint for OpenSSL INI file support; updated daemon - manpages with the new tls_config_file and tls_config_name - configuration parameters. Files: smtp/smtp.c, smtpd/smtpd.c, - tls/tls_client.c, tls/tls.h, tls/tls_server.c, tlsproxy/tlsproxy.c, + patch footprint for OpenSSL INI file support for stable + releases; updated daemon manpages with the new tls_config_file + and tls_config_name configuration parameters. Files: + smtp/smtp.c, smtpd/smtpd.c, tls/tls_client.c, tls/tls.h, + tls/tls_server.c, tlsproxy/tlsproxy.c, + +20230526 + + Documentation: clarified address class descriptions; added + the availability of back-ported OpenSSL INI file support + in stable releases. Files: proto/ADDRESS_CLASS_README.html, + proto/postconf.proto smtp/smtp.c, smtpd/smtpd.c, + tlsproxy/tlsproxy.c. + + Security: in the Postfix SMTP daemon, improved pipelining + detection and reporting; added code to detect illegal command + pipelining before the server greeting. File: smtpd/smtpd.c. 20230529 - Cleanup: made OpenSSL 'default' INI file support error - handling consistent with OpenSSL default behavior. Viktor + Cleanup: error handling for OpenSSL INI file support. Viktor Dukhovni. Files: proto/postconf.proto, tls/tls_misc.c. 20230602 @@ -27150,22 +27255,64 @@ Apologies for any names omitted. non-default tls_config_xxx settings. File: tls/tls_misc.c. Cleanup: added a multiple initialization guard in the - tls_library_init() function, and made an initialization - error sticky. File: tls/tls_misc.c. + tls_library_init() function, and made an initialization error + sticky. File: tls/tls_misc.c. -20230605 +20230603 Security: new parameter smtpd_forbid_unauth_pipelining - (default: no) to disconnect remote SMTP clients that violate + (default: yes) to disconnect remote SMTP clients that violate RFC 2920 (or 5321) command pipelining constraints. Files: global/mail_params.h, smtpd/smtpd.c, proto/postconf.proto. +20230610 + + Trouble shooting: when the postfix UID or postdrop GID is + also used by a non-Postfix account, log the UID or GID. + File: global/mail_params.c. + +20240703 + + Typo fix by Trent W. Buck. Files: proto/postconf.proto, proto/stop. + +20230807 + + Feature: optional support to request a raw public key instead + of a public-key certificate when a) the Postfix SMTP server + requests TLS authentication from a remote SMTP client, or + b) when the Postfix SMTP client initiates a TLS handshake + with a remote SMTP server. See RELEASE_NOTES for details. + Viktor Dukhovni. Files: mantools/postlink, proto/TLS_README.html, + proto/postconf.proto, RELEASE_NOTES, global/mail_params.h, + posttls-finger/posttls-finger.c, smtp/lmtp_params.c, + smtp/smtp.c, smtp/smtp.h, smtp/smtp_params.c, smtp/smtp_proto.c, + smtp/smtp_tls_policy.c, smtpd/smtpd.c, smtpd/smtpd_check.c, + tls/tls.h, tls/tls_client.c, tls/tls_dane.c, tls/tls_fprint.c, + tls/tls_misc.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c, + tls/tls_proxy_client_scan.c, tls/tls_proxy_context_print.c, + tls/tls_proxy_context_scan.c, tls/tls_server.c, tls/tls_verify.c, + tlsproxy/tlsproxy.c. + +20230808 + + Documentation loose ends. Files: proto/postconf.proto, + RELEASE_NOTES. + 20230815 - Bugfix (bug introduced: 20140218): when opportunistic TLS fails - during or after the handshake, don't require that a probe - message spent a minimum time-in-queue before falling back to - plaintext. Problem reported by Serg. File: smtp/smtp.h. + Bugfix (defect introduced: 20140218): when an address + verification probe fails during or after an opportunistic + TLS handshake, immediately fall back to plaintext, without + enforcing a minimum time-in-queue. Problem reported by Serg. + File: smtp/smtp.h. + +20230820 + + Feature: smtp_sasl_password_result_delimiter, for the rare + case that the ":" character needs to be part of the username. + mantools/postlink, proto/postconf.proto, global/mail_params.h, + smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp_params.c, + smtp/smtp_sasl_glue.c. 20230819 @@ -27179,12 +27326,81 @@ Apologies for any names omitted. *.other.example IN A 10.0.0.1 *.other.example IN TLSA ..certificate info... - Such syntax is blesed in RFC 1034 section 4.3.3. + Such syntax is blessed in RFC 1034 section 4.3.3. This problem was reported first in the context of TLSA record lookups. Files: util/valid_hostname.[hc], dns/dns_lookup.c. +20230831 + + Documentation: clarify the scope of local_recipient_maps. + Files: proto/LOCAL_RECIPIENT_README.html, proto/postconf.proto. + + Documentation loose ends. Files: HISTORY, dns/dns_lookup.c. + +20230901 + + Feature: force_mime_input_conversion (default: no) to + convert content that claims to be 8-bit into quoted-printable, + before header_checks, body_checks, Milters, and before + after-queue content filters. The typical use case is an MTA + that applies this conversion before signing outbound messages, + so that the signatures will remain valid when a message is + later delivered to an MTA that does not announce 8BITMIME + support, or when a message line exceeds the SMTP length + limit. Files: global/mail_params.c, cleanup/cleanup_message.c, + cleanup/cleanup.c, cleanup/cleanup_init.c, proto/postconf.proto, + mantools/postlink. + +20230902 + + Cleanup: renamed enforce_mime_input_conversion to + force_mime_input_conversion. + +20230903 + + Cleanup: removed support for MySQL < 4.0 (released 2003), + removed the deprecated mysql_escape_string() call, added + the preferred mysql_real_escape_string_quote() call, and + added error handling for the unlikely case that the legacy + mysql_real_escape_string() returns an error. File: + global/dict_mysql.c. + +20230906 + + Documentation: the postconf(5) manpage did not document + that the force_mime_input_conversion feature was introduced + in Postfix 3.9. Viktor Dukhovni. File: proto/postconf.proto. + +20230912 + + Cleanup: record the use of a raw public key in Received: + headers, when the Postfix SMTP server or the remote SMTP + client presents a raw public key. Viktor Dukhovni. File: + smtpd/smtpd.c. + +20230923 + + Documentation: updated descriptions of the postscreen_*_ttl + and postscreen_dnsbl_allowlist_threshold parameters. Files: + proto/postconf.proto, postscreen/postscreen.c. + +20230916 + + Documentation: fixed missing and misplaced quotes in "see + 'postconf -d' output". Reported by наб. Files: Makefile.in, + mantools/check-see-postconf-d-output, proto/postconf.proto, + global/maillog_client.c, master/master.c, smtp/smtp.c, + smtpd/smtpd.c. + +20230917 + + Documentation: added a note to smtp_tls_security_level and + smtp_tls_policy_maps, that the level "MAY" will fall back + to plaintext after TLS failure, when a message has spent + minimal_backoff_time in the mail queue. File: proto/postconf.proto. + 20230929 Bugfix (defect introduced Postfix 2.5, 20080104): the Postfix @@ -27193,6 +27409,35 @@ Apologies for any names omitted. error in TLS wrappermode. Reported by Andreas Kinzler. File: smtpd/smtpd.c. +20230923 + + This changes the smtp-source test program, to avoid the + need to configure a large number of "valid" recipient + addresses in Postfix, by using a recipient address extension + in the form of a sequence number. The change is to append + the optional recipient address sequence number to the + recipient address localpart, instead of prepending it. To + use that sequence number as a recipient address extension, + specify an explicit address delimiter in the address + localpart, as in "-t localpart+@domain" or "-t localpart+" + where "+" is the Postfix recipient address delimiter. File: + smtpstone/smtp-source.c. + +20230924 + + Cleanup: simplified the smtp-source numbered recipient + implementation and documentation. File: smtpstone/smtp-source.c. + + Documentation: added smtp_balance_inet_protocols to the + text with smtp_address_preference caveats. File: + proto/postconf.proto. + +20230926 + + Documentation: added a section to smtp_balance_inet_protocols + to address the problem that servers may flag mail received + over IPv6 as more spammy. File: proto/postconf.proto. + 20231006 Usability: the Postfix SMTP server now attempts to log the @@ -27204,6 +27449,62 @@ Apologies for any names omitted. on code by Jozsef Kadlecsik. Files: xsasl/xsasl_server.c, xsasl/xsasl_cyrus_server.c, smtpd/smtpd_sasl_glue.c. +20231008 + + Cleanup: enforce stricter UTF8 checks in printable(). Factor + out the UTF8 parser, so that it can be shared between + valid_utf8_string() and printable(). Wietse Venema, with + tests by Viktor Dukhovni. Files: util/valid_utf8_string.c, + util/printable.c, util/parse_utf8_char.h, util/printable.in, + util/printable.ref. + +20231010 + + Cleanup: printable() uses once again a single-pass algorithm. + Converted printable() test files to built-in test cases with + proper logging, and removed the printable() test files and + git metadata. Added similar tests for the valid_utf8_string() + function. Files: util/valid_utf8_string.c, util/printable.c, + util/parse_utf8_char.h, util/Makefile.in. + +20231011 + + Documentation: fixed some instances of "." instead of ",". + Files: proto/POSTSCREEN_README.html, proto/socketmap_table. + + Cleanup: finer-grained unit tests for valid_utf8_string(). + File: util/valid_utf8_string.c. + + Style: converted failed test reports to "got before want" + order, and converted tests to "fail before pass" order. + Files: util/valid_utf8_string.c, util/printable.c. + + Cleanup: added a valid_utf8_stringz() function to simplify + most calls to validate null-terminated strings, eliminating + the runtime cost and code maintenance cost of 17 strlen() + calls. Files: src/bounce/bounce_notify_util.c, + src/cleanup/cleanup_addr.c, src/global/dict_ldap.c, + src/global/dict_mysql.c, src/global/dict_pgsql.c, + src/global/dict_sqlite.c, src/oqmgr/qmgr_deliver.c, + src/postalias/postalias.c, src/postmap/postmap.c, + src/postscreen/postscreen_smtpd.c, src/qmgr/qmgr_deliver.c, + src/smtpd/smtpd.c, src/smtpd/smtpd_check.c, + src/trivial-rewrite/resolve.c, src/util/casefold.c, + src/util/dict_inline.c, src/util/dict_thash.c, + src/util/dict_utf8.c, src/util/midna_domain.c, + src/util/printable.c, src/util/stringops.h, + src/util/valid_utf8_string.c. + + Cleanup: added unit tests to the readlline module, with + multiline input that contains embedded comments, input that + contains a null byte, text not ending in newline. File: + readlline.c. + +20231024 + + Cleanup: emit place holder text when no SASL authentication + failure reason is available. File: smtpd/smtpd_sasl_glue.c. + 20231026 Bugfix (defect introduced: Postfix 2.11): in forward_path, @@ -27213,39 +27514,15 @@ Apologies for any names omitted. a configured recipient delimiter value. Reported by Tod A. Sandman. Files: proto/postconf.proto, local/local_expand.c. -20240109 - - Security (outbound SMTP smuggling): with the default setting - "cleanup_replace_stray_cr_lf = yes" Postfix will replace - stray <CR> or <LF> characters in message content with a - space character. This prevents Postfix from enabling - outbound (remote) SMTP smuggling, and it also makes evaluation - of Postfix-added DKIM etc. signatures independent from how - a remote mail server handles stray <CR> or <LF> characters. - Files: global/mail_params.h, cleanup/cleanup.c, - cleanup/cleanup_message.c, mantools/postlink, proto/postconf.proto. +20231027 -20240112 + Cleanup: missing 'smtpd_tls_enable_rpk' parameter definition + in test driver. File: smtpd/smtpd_check.c. - Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline - = normalize" (default "no" for Postfix < 3.9), the Postfix - SMTP server requires the standard End-of-DATA sequence - <CR><LF>.<CR><LF>, and otherwise allows command or message - content lines ending in the non-standard <LF>, processing - them as if the client sent the standard <CR><LF>. +20231030 - The alternative setting, "smtpd_forbid_bare_newline = reject" - will reject any command or message that contains a bare - <LF>, and is more likely to cause problems with legitimate - clients. - - For backwards compatibility, local clients are excluded by - default with "smtpd_forbid_bare_newline_exclusions = - $mynetworks". - - Files: mantools/postlink, proto/postconf.proto, - global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h, - smtpd/smtpd.c, smtpd/smtpd_check.[hc]. + Cleanup: explicit %.100s limits for client-controlled strings + in SASL error logging. File: smtpd/smtpd_sasl_glue.c. 20231102 @@ -27260,6 +27537,55 @@ Apologies for any names omitted. Cleanup: Postfix SMTP server response with an empty authentication failure reason. File: smtpd/smtpd_sasl_glue.c. + Cleanup: proxymap error message when the service name is + not "proxymap" or "proxywrite". File: proxymap/proxymap.c. + +20231109 + + Portability: MariaDB emulates MySQL >= 5.7.6, but does not + implement mysql_real_escape_string_quote(). Fix by Levente + Birta. File: global/dict_mysql.c. + + Portability: more precise MYSQL_VERSION_ID check. File: + global/dict_mysql.c. + +20231112 + + Robustness: don't loop on an 'unfinished' queue file that + still has its all-zero SIZE record. File: postcat/postcat.c. + +20231126 + + Cleanup: implementation and documentation for the selection + of SMTP versus LMTP client protocol and parameters, based + on process name. Files: smtp/smtp.c, global/mail_proto.h, + proto/postconf.proto. + + Cleanup: documented (in proxymap source code) the complexities + of determining the optimal proxywrite service process limit, + and make the 'invalid' proxymap service name error message + more similar to the error message for an invalid SMTP/LMTP + client process name. File: proxymap/proxymap.c. + +20231127 + + Documentation: in the stock main.cf file, mailbox_command + uses $default_privs, not $default_user. Vijay Sarvepalli, + Cert/CC. File: conf/main.cf. + +20231202 + + Bugfix: posttls-finger certificate match expectations for + opportunistic DANE incorrectly defaulted to ("nexthop", + "hostname") instead of ("nexthop", "dot-nexthop"), when no + TLSA records were found. Viktor Dukhovni. File: posttls-finger.c. + +20231204 + + Documentation: updated comments on address validation in + smtpd_check.c, making them consistent with the implementation. + File: smtpd/smtpd_check.c. + 20231208 Bugfix (defect introduced: Postfix 3.1, date: 20151128): @@ -27267,6 +27593,17 @@ Apologies for any names omitted. character as \uXXXX. Found during code maintenance. File: postqueue/showq_json.c. +20231209 + + Feature: the local(8) delivery agent exports an ENVID + environment variable with the RFC 3461 envelope ID if + available. Files: local/command.c, local/local.c, + proto/postconf.proto. + + Feature: the pipe(8) delivery agent supports an ${envid} + command-line attribute that expands to the RFC 3461 envelope + ID if available. File: pipe/pipe.c. + 20231211 Cleanup: posttls-finger certificate match expectations for @@ -27289,31 +27626,296 @@ Apologies for any names omitted. Received: header) when handling requests from a Milter to delete or update an existing header. Problem report by Carlos Velasco. This change was verified to have no effect - on requests from a Milter to add or insert a header. File: - cleanup/cleanup_milter.c. + on requests from a Milter to add or insert a header. Files: + cleanup/cleanup_milter.c, cleanup/Makefile.in, + cleanup/test-queue-file18, cleanup/cleanup_milter.in18[a-d], + cleanup/cleanup_milter.ref18[a-d][12]. + +20231221 + + Security: with "smtpd_forbid_bare_newline = yes" (the default + for Postfix 3.9), reply with "Error: bare <LF> received" + and disconnect when an SMTP client sends a line ending in + <LF>, violating the RFC 5321 requirement that lines must + end in <CR><LF>. This prevents SMTP smuggling attacks that + target a recipient at a Postfix server. For backwards + compatibility, local clients are excluded by default with + "smtpd_forbid_bare_newline_exclusions = $mynetworks". Files: + mantools/postlink, proto/postconf.proto, global/mail_params.h, + global/smtp_stream.c, global/smtp_stream.h, smtpd/smtpd.c. + +20240104 + + Cleanup: when the Postfix SMTP server rejects bare <LF>, + log the helo, mail and rcpt information if available. Files: + smtpd/smtpd.c, smtpd/smtpd_check.c. + + Cleanup: when the Postfix SMTP server rejects bare <LF>, + keep reading message content after an unexpected <LF>.<LF> + or <LF>.<CR><LF>, before responding. This increases the + likelihood that the client will actually see the Postfix + response and remove the attack from their mail queue. Files: + smtpd/smtpd.c, global/smtp_stream.[hc], global/cleanup_user.h. + + Cleanup: added smtpd_forbid_bare_newline settings "reject" + and "normalize". The default setting "normalize" (and "yes") + will accept bare newlines from local or remote SMTP clients, + but if any DATA content line ends in <CR><LF>, require the + standard End-of-DATA form <CR><LF>.<CR><LF> and skip + non-standard End-of-DATA forms. This may fail to receive + email from legitimate clients that send a mix of lines + ending in <LF> and <CR><LF>. If such clients exist, they + need to be excluded with smtpd_forbid_bare_newline_exclusions. + Files: proto/postconf.proto, global/mail_params.h, + smtpd/smtpd.c. + + Tooling: mantools/dehtml was breaking words in code examples, + causing false spellchecker errors. File: mantools/dehtml, + proto/stop.double-proto-html. + +20240105 + + Cleanup: don't spam the log with unexpected End-of-DATA + forms. Files: proto/postconf.proto, smtpd/smtpd.c, + RELEASE_NOTES. + +20240106 + + Inbound smuggling: with smtpd_forbid_bare_newline enabled, + do not "strip" extra <CR> characters before <LF>. This avoids + ambiguity when a client sends extra <CR> characters as in + <CR><LF>.<CR><CR><LF>. There is no smuggling vulnerability + because there is no mail system will send the above + sequence (mail systems send <CR><LF>..<CR><CR><LF> instead). + But this change will silence some testing tools. More at + https://www.postfix.org/false-smuggling-claims.html. File: + global/smtp_stream.c. + +20240109 + + Outbound smuggling: with "cleanup_replace_stray_cr_lf = + yes" (the default) Postfix will replace stray <CR> or <LF> + characters in message content with a space character. This + prevents Postfix from enabling outbound (remote) SMTP + smuggling, and it also makes evaluation of Postfix-added + DKIM etc. signatures independent from how a remote mail + server handles stray <CR> or <LF> characters. Files: + global/mail_params.h, cleanup/cleanup.c, cleanup/cleanup_message.c, + mantools/postlink, proto/postconf.proto. + +20240110 + + Cleanup: the smtpd_forbid_bare_newline settings "normalize" + and "reject" are now more similar. Both now unconditionally + require the standard End-of-DATA sequence <CR><LF>.<CR><LF>. + Files: smtpd/smtpd.c, proto/postconf.proto, RELEASE_NOTES. + +20240112 + + Cleanup: updated comments and identifiers because the bare + newline handling has evolved. Files: global/smtp_stream.[hc], + Files: global/smtp_stream.[hc], smtpd/smtpd.c. + +20240116 + + Reverted some changes after postfix-3.9-20240112, and updated + documentation. + +20240121 + + Documentation: "smtpd_forbid_bare_newline = reject" will + reject email from services that use BDAT to send MIME text + containing a bare newline (RFC 3030 Section 3 requires + canonical MIME format for text message types, defined in + RFC 2045 Sections 2.7 and 2.8) Files: proto/postconf.proto, + RELEASE_NOTES. + + Baseline for back porting the SMTP smuggling fixes to Postfix + 3.8.5, 3.7.10, 3.6.14, and 3.5.24. 20240124 + Feature: with "smtpd_forbid_bare_newline = note", the Postfix + SMTP server notes in the log if it received any lines with + bare LF. Otherwise, "note" is like "normalize". The + information is formatted as "disconnect from name[address] + ... notes=bare_lf". The new value is expected to become + a list of comma-separated names. Files: smtpd/smtpd.[hc]. + + Cleanup: require that a stable release disables SNAPSHOT + and NONPROD features. File: mantools/check-snapshot-nonprod. + + Bugfix (defect introduced: Postfix 3.4): the SMTP server's + BDAT command handler could be tricked to read $message_size_limit + bytes into memory. Found during code maintenance. File: + smtpd/smtpd.c. + + Feature: never too late, an SMTP server HELP command that + lists the implemented commands. Some commands may be + implemented but not available due to smtpd_discard_ehlo_keywords + or access control limitations. Files: smtpd/smtpd.[hc], + util/argv.[hc]. + Workaround: tlsmgr logfile spam. Some OS lies under load: it says that a socket is readable, then it says that the socket has unread data, and then it says that read returns EOF, causing Postfix to spam the log with a warning message. File: tlsmgr/tlsmgr.c. - Bugfix (defect introduced: Postfix 3.4): the SMTP server's - BDAT command handler could be tricked to read $message_size_limit - bytes into memory. Found during code maintenance. File: - smtpd/smtpd.c. +20240125 + + Cleanup: tlsmgr.c fix 20240124. File: tlsmgr/tlsmgr.c. + + Documentation: updated obsolete "CONFIGURATION PARAMETERS" + summaries in Postfix manpages, with current text from the + postconf(5) manpage. Files: proto/generic, proto/header_checks, + proto/aliases, proto/canonical, proto/relocated, + postdrop/postdrop.c, postsuper/postsuper.c, sendmail/sendmail.c, + dnsblog/dnsblog.c, postkick/postkick.c, postlock/postlock.c, + qmgr/qmgr.c, qmqpd/qmqpd.c, trivial-rewrite/trivial-rewrite.c. + +20240129 + + Documentation: be more precise about server lookups with + MX or SRV records. File: smtp/smtp.c. + + Documentation: postlogd is not a short-running process. It + wil keep running until it reaches the max_idle limit. File: + postlogd/postlogd.c. + + Cleanup (no semantic change): in the mysql: and pgsql: + clients, made the hard-coded idle and retry timer settings + configurable, and updated the mysql_table(5) and pgsql_table(5) + manpages. Files: global/dict_mysql.c, global/dict_pgsql.c, + proto/mysql_table, proto/pgsql_table. + +20230130 + + Reproducible build: added LC_ALL=C to the top of the makedefs + script. + +20240206 + + Documentation: in COMPATIBILITY_README, the descriptions + of smtpd_relay_restrictions and smtputf8_enable were grouped + under the wrong compatibility level value. Reported by Rune + Philosof. File: proto/COMPATIBILITY_README.html. + + Compatibility: the RFC 5322 date and time specification + recommends (i.e. should) that a single space be used in + each place that FWS appears. To avoid a breaking change, + Postfix now formats numerical days as two-digit days, i.e. + days 1-9 have a leading zero instead of a leading space. + Files: util/sys_defs.h global/mail_date.c. + + Documentation: the post-install(1) manpage now lists + $config_directory/makedefs.out as one of the installed + files. File: postfix-install. + +20240208 + + Refactored the JSON string quoting function, so that it can + be shared between the postqueue command and the MongoDB + client implementation. Files: util.quote_for_json.c, + util/stringops.h, postqueue/showq_json.c. + + MongoDB client support, contributed by Hamid Maadani, based + on earlier code by Stephan Ferraro. Files: conf/dynamicmaps.cf, + conf/postfix-files, makedefs, mantools/postlink, + proto/DATABASE_README.html, proto/Makefile.in, + proto/MONGODB_README.html, proto/mongodb_table, + global/dict_mongodb.c, global/dict_mongodb.h, global/mail_dict.c, + global/Makefile.in, postconf/Makefile.in, proto/INSTALL.html, + postfix/postfix.c. 20240209 Performance: eliminate worst-case behavior where the queue - manager defers delivery to all destinations over a specific + manager deferred delivery to all destinations over a specific delivery transport, after only a single delivery agent failure. The scheduler now throttles one destination, and allows deliveries to other destinations to keep making progress. Files: *qmgr/qmgr_deliver.c. +20240210 + + Documentation: introductory text for SMTP and LMTP lookup + strategies. File: smtp/smtp.c. + +20240211 + + Documentation: updated the text for the new "notes=" attribute + in SMTP server "disconnect" logging. File: proto/postconf.proto. + +20240212 + + Documentation: emphasize that email address patterns and + host name/address patterns for indexed etc. files are really + for indexed etc. files. File: proto/access. + + Documentation: mail_date(3) manpage. File: global/mail_date.c. + +20240213 + + Tests: updated tests that had suffered from bit rot. Files: + bounce/with-msgid-with-filter-no-thread.ref, + bounce/with-msgid-with-filter-with-thread.ref, + src/dns/mxonly_test.ref, dns/no-mx.ref. + + Logging: indicate which (usually, substring) lookups are + skipped. File: global/maps.c. + +20240215 + + Portability: Clang versions that predate support for the + C23 standard do not allow a declaration immediately after + a (switch) label. The workaround is to add a null statement + between label and declaration. File: global/dict_mongodb.c. + + Documentation: minor edits. Files: proto/mongodb_README.html, + proto/mongodb_table.html. + +20240216 + + Documentation: dropped text about partial matches from the + check_{client,helo,sender,recipient,etrn}_access summaries, + deferring to the access(5) manpage for details, for consistency + with the check_xx_yy_access features. File: proto/postconf.proto. + + Cleanup: missing mongodb checks in the postconf command, + missing mongodb under "postconf -m" manpage entry. Files: + postconf/postconf.c, postconf/postconf_dbms.c. + +20240218 + + Deprecation: the Postfix SMTP server logs a warning when + "permit_mx_backup" is used (support for restriction + "permit_mx_backup" will be removed from Postfix; instead, + use "relay_domains"). File: smtpd/smtpd_check.c. + + Deprecation: the postconf command logs a warning when the + following parameters are specified in main.cf or master.cf: + xxx_use_tls, xxx_enforce_tls (use the corresponding + xxx_security_level setting instead); xxx_per_site (use the + corresponding xxx_policy_maps setting instead); disable_dns_lookups + (use smtp_dns_support_level instead); smtpd_tls_dh1024_param_file, + smtpd_tls_eecdh_grade (do not specify, leave at default). + Files: postconf/postconf.c, postconf/postconf_unused.c. + proto/postconf.proto. + + Cleanup: add "postconf -q" option to avoid redundant warnings + about unused or deprecated parameter settings when upgrading + or installing Postfix. Such warnings are still logged with + the commands postfix start, start-fg, check, reload, or + status. Files: postconf/postconf.c, postconf/postconf_dbms.c, + postconf/postconf.h, conf/postfix-script, conf/post-install, + postfix-install. + +20240221 + + Documentation: the text for TLS loglevel 2 was incomplete. + File: proto/postconf.proto. + 20240226 Safety: drop and log over-size DNS responses resulting in @@ -27326,3 +27928,48 @@ Apologies for any names omitted. restrictions. Files: dns/dns.h, dns/dns_lookup.c, dns/dns_rr.c, dns/test_dns_lookup.c, posttls-finger/posttls-finger.c, smtp/smtp_addr.c, smtpd/smtpd_check.c. + +20240227 + + Documentation: document the need to disable regular expression + special characters when using $name inside an inlined + pattern. Files: proto/pcre_table, proto/regexp_table. + +20240228 + + Cleanups. Fixed some dns_rr_create() calls in test code, + and reverted a workaround in the DNS record formatter; + files: dns/dns_rr_test.c, dns/dns_strrecord.c. Code formatting; + file: global/mail_addr_find.c. Added missing test reference; + file: postconf/test76.ref. + +20240229 + + Compatibility: moved the new DNS_RR.flags structure member + to the location of a "padding" hole (two bytes for ILP32 + systems, 6 bytes for LP64). File: dns/dns.h. + + Deprecation: removed permit_naked_ip_address, reject_maps_rbl, + and check_relay_domains. These have been logging deprecation + warnings since 2005 or earlier, and were removed from Postfix + documentation in 2004 (but who reads logs and documentation?). + Files: smtpd/smtpd_check.c, smtpd/smtpd_check_backup.ref, + smtpd/smtpd_exp.ref, smtpd/smtpd_deprecated.in, + smtpd/smtpd_deprecated.ref. + +20240302 + + Cleanup: fixed inconsistent formatting of deprecation warning + messages. Files: postconf/postconf_unused.c, postconf/test76.ref, + smtpd/smtpd_check. + + Documentation: DEPRECATION_README suggests replacements for + features that will be removed or than have been removed. + Files: proto/DEPRECATION_README.html, conf/postfix-files, + html/index.html, proto/Makefile.in. + +20240305 + + Documentation: in the master.cf documentation, added text + for "quoting" a command-line argument that starts with "{". + File: proto/master. |