diff options
Diffstat (limited to 'RELEASE_NOTES-2.9')
-rw-r--r-- | RELEASE_NOTES-2.9 | 352 |
1 files changed, 352 insertions, 0 deletions
diff --git a/RELEASE_NOTES-2.9 b/RELEASE_NOTES-2.9 new file mode 100644 index 0000000..e30a34d --- /dev/null +++ b/RELEASE_NOTES-2.9 @@ -0,0 +1,352 @@ +The stable Postfix release is called postfix-2.9.x where 2=major +release number, 9=minor release number, x=patchlevel. The stable +release never changes except for patches that address bugs or +emergencies. Patches change the patchlevel and the release date. + +New features are developed in snapshot releases. These are called +postfix-2.10-yyyymmdd where yyyymmdd is the release date (yyyy=year, +mm=month, dd=day). Patches are never issued for snapshot releases; +instead, a new snapshot is released. + +The mail_release_date configuration parameter (format: yyyymmdd) +specifies the release date of a stable release or snapshot release. + +If you upgrade from Postfix 2.7 or earlier, read RELEASE_NOTES-2.8 +before proceeding. + +Major changes - critical +------------------------ + +[Incompat 20110321] You need to "postfix reload" after upgrade from +snapshot 20110320 or earlier. The hash_queue_names algorithm was +changed to provide better performance with long queue IDs. + +[Incompat 20110313] Use "postfix reload" after "make upgrade" on a +running Postfix system. This is needed because the protocol between +postscreen(8) and dnsblog(8) has changed. + +Major changes - library API +--------------------------- + +[Incompat 20110130] The VSTREAM error flags are now split into +separate read and write error flags. As a result of this change, +all programs that use Postfix VSTREAMs MUST be recompiled. + +Major changes - compatibility +----------------------------- + +[Incompat 20111012] For consistency with the SMTP standard, the +(client-side) smtp_line_length_limit default value was increased +from 990 characters to 999 (i.e. 1000 characters including <CR><LF>). +Specify "smtp_line_length_limit = 990" to restore historical Postfix +behavior. + +[Incompat 20111012] To simplify integration with third-party +applications, the Postfix sendmail command now always transforms +all input lines ending in <CR><LF> into UNIX format (lines ending +in <LF>). Specify "sendmail_fix_line_endings = strict" to restore +historical Postfix behavior (i.e. convert all input lines ending +in <CR><LF> only if the first line ends in <CR><LF>). + +[Incompat 20111106] To work around broken remote SMTP servers, the +Postfix SMTP client by default no longer appends the "AUTH=<>" +option to the MAIL FROM command. Specify "smtp_send_dummy_mail_auth += yes" to restore the old behavior. + +Major changes - gradual degradation +----------------------------------- + +[Incompat 20120114] Logfile-based alerting systems may need to be +updated to look for "error" messages in addition to "fatal" messages. +Specify "daemon_table_open_error_is_fatal = yes" to get the historical +behavior (immediate termination with "fatal" message). + +[Feature 20120114] Instead of terminating immediately with a "fatal" +message when a database file can't be opened, a Postfix daemon +program now logs an "error" message, and continues execution with +reduced functionality. For the sake of sanity, the number of +"errors" over the life of a process is limited to 13. + +Features that don't depend on the unavailable table will continue +to work; attempts to use features that depend on the table will +fail, and will be logged with a "warning" message. + +[Feature 20120108] Instead of terminating with a fatal error, the +LDAP, *SQL and memcache clients now handle table lookup errors in +the "domain" feature, instead of terminating with a fatal error. + +[Feature 20120102] Degrade gradually when some or all network +protocols specified with inet_protocols are unavailable, instead +of terminating with a fatal error. This eliminates build errors on +non-standard systems where opening an IPv4 socket results in an +error, and on non-standard systems where opening an IPv6 socket +results in an error. In the worst case, the master daemon will log +a message that it disables all type "inet" services. This will still +allow local submission and local delivery. + +[Feature 20111222] Instead of terminating with a fatal error, the +Postfix SMTP server now handles errors with database lookups in +mynetworks, TLS client certificate tables, debug_peer_list, +smtpd_client_event_limit_exceptions, permit_mx_backup_networks and +local_header_rewrite_clients, and reports "server local data error" +or "temporary lookup error". + +[Feature 20111229] Instead of terminating with a fatal error, the +trivial-rewrite server now handles errors with database lookups in +virtual_alias_domains, relay_domains, virtual_mailbox_domains. This +means fewer occasions where trivial-rewrite clients (such as the +SMTP server) will appear to hang. + +Major changes - long queue IDs +------------------------------ + +Postfix 2.9 introduces support for non-repeating queue IDs (also +used as queue file names). These names are encoded in a mix of upper +case, lower case and decimal digit characters. Long queue IDs are +disabled by default to avoid breaking tools that parse logfiles and +that expect queue IDs with the smaller [A-F0-9] character set. + +[Incompat 20110320] If you enable support for long queue file names, +you need to be aware that these file names are not compatible with +Postfix <= 2.8. If you must migrate back to Postfix <= 2.8, you +must first convert all long queue file names into short names, +otherwise the old Postfix version will complain. + +The conversion procedure before migration to Postfix <= 2.8 is: + + # postfix stop + # postconf enable_long_queue_ids=no + # postsuper + +Run the postsuper command repeatedly until it no longer reports +queue file name changes. + +[Feature 20110320] Support for long, non-repeating, queue IDs (queue +file names). The benefit of non-repeating names is simpler logfile +analysis, and easier queue migration (if you don't merge different +queues, there is no need to run "postsuper" to change queue file +names that don't match their message file inode number). + +Specify "enable_long_queue_ids = yes" to enable the feature. This +does not change the names of existing queue files. See postconf(5) +or postconf.5.html#enable_long_queue_ids for a detailed description +of the differences with the old short queue IDs. + +This changes new Postfix queue IDs from the short form 0FCEE9247A9 +into the longer form 3Ps0FS1Zhtz1PFjb, and changes new Message-ID +header values from YYMMDDHHMMSS.queueid@myhostname into the shorter +form queueid@myhostname. + +Major changes - memcache +------------------------ + +[Feature 20111209] memcache lookup and update support. This provides +a way to share postscreen(8) or verify(8) caches between Postfix +instances. See MEMCACHE_README and memcache_table(5) for details +and limitations. + +[Feature 20111213] Support for a persistent backup database in the +memcache client. The memcache client updates the memcache whenever +it looks up or modifies information in the persistent database. + +Major changes - postconf +------------------------ + +The postconf command was restructured - it now warns about unused +parameter name=value settings in main.cf or master.cf (likely to +be mistakes), it now understands "dynamic" parameter names such as +parameters whose name depends on the name of a master.cf entry, and +it can display main.cf and master.cf in a more user-friendly format. + +[Feature 20120117] support for legacy database parameter names +(main.cf parameter names that are generated by prepending a suffix +to the database name). + +[Feature 20111118] The "postconf -M" (display master.cf) command +now supports filtering. For example, specify "postconf -M inet" +to display only services that listen on the network. + +[Feature 20111113] postconf support to warn about unused "name=value" +entries in main.cf, and about unused "-o name=value" entries in +master.cf. This should help to eliminate common errors with mis-typed +names. + +[Feature 20111108] postconf support for parameter names that are +generated automatically from master.cf entries (delivery agents, +spawn services), and for parameter names that are defined with +main.cf smtpd_restriction_classes. + +[Feature 20111106] "postconf -M" support to print master.cf entries, +and "postconf -f" support to fold long main.cf or master.cf lines +for human readability. + +Major changes - trickle defense +------------------------------- + +[Feature 20110212] Support for per-record deadlines. These change +the behavior of Postfix timeout parameters, from a time limit per +read or write system call, to a time limit to send or receive a +complete record (an SMTP command line, SMTP response line, SMTP +message content line, or TLS protocol message). This limits the +impact from hostile peers that trickle data one byte at a time. + +The new configuration parameters and their default settings are: +smtpd_per_record_deadline (normal: no, overload: yes), +smtp_per_record_deadline (no), and lmtp_per_record_deadline (no). + +Note: when per-record deadlines are enabled, a short time limit may +cause problems with TLS over very slow network connections. The +reason is that a TLS protocol message can be up to 16 kbytes long +(with TLSv1), and that an entire TLS protocol message must be sent +or received within the per-record deadline. + +Per-record deadlines were introduced with postscreen(8) in Postfix +2.8. This program does not receive mail, and therefore it has no +problems with TLS over slow connections. + +Major changes - postscreen +-------------------------- + +[Feature 20111211] The proxymap(8) server can now be used to share +postscreen(8) or verify(8) caches between Postfix instances. Support +for proxymap-over-TCP, to share a Postfix database between hosts, +is expected to be completed in the Postfix 2.10 development cycle. + +[Feature 20111209] memcache lookup and update support. This provides +a way to share postscreen(8) or verify(8) caches between Postfix +instances. + +[Feature 20110228] postscreen(8) support to force remote SMTP clients +to implement proper MX lookup policy. By listening on both primary +and backup MX addresses, postscreen(8) can deny the temporary +whitelist status to clients that connect only to backup MX hosts, +and prevent them from talking to a Postfix SMTP server process. + +Example: when 1.2.3.4 is a local backup IP address, specify +"postscreen_whitelist_interfaces = !1.2.3.4 static:all". + +Major changes - tls +------------------- + +[Incompat 20111205] Postfix now logs the result of successful TLS +negotiation with TLS logging levels of 0. See the smtp_tls_loglevel +and smtpd_tls_loglevel descriptions in the postconf(5) manpage for +other minor differences. + +[Feature 20111205] Support for TLS public key fingerprint matching +in the Postfix SMTP client (in smtp_tls_policy_maps) and server (in +check_ccert access maps). Public key fingerprints are inherently +more specific than fingerprints over the entire certificate. + +[Feature 20111205] Revision of Postfix TLS logging. The main +difference is that Postfix now logs the result of successful TLS +negotiation with TLS logging levels of 0. See the smtp_tls_loglevel +and smtpd_tls_loglevel descriptions in the postconf(5) manpage for +other minor differences. + +Major changes - sasl authentication +----------------------------------- + +[Incompat 20111218] To support external SASL authentication, e.g., +in an NGINX proxy daemon, the Postfix SMTP server now always checks +the smtpd_sender_login_maps table, even without having +"smtpd_sasl_auth_enable = yes" in main.cf. + +[Feature 20111218] Support for external SASL authentication via the +XCLIENT command. This is used to accept SASL authentication from +an SMTP proxy such as NGINX. This support works even without having +to specify "smtpd_sasl_auth_enable = yes" in main.cf. + +[Incompat 20111106] To work around broken remote SMTP servers, the +Postfix SMTP client by default no longer appends the "AUTH=<>" +option to the MAIL FROM command. Specify "smtp_send_dummy_mail_auth += yes" to restore the old behavior. + +Major changes - large file support +---------------------------------- + +[Feature 20110219] Postfix now uses long integers for message_size_limit, +mailbox_size_limit and virtual_mailbox_limit. On LP64 systems (64-bit +long and pointer, but 32-bit integer), these limits can now exceed +2GB. + +Major changes - ipv6 +-------------------- + +[Incompat 20110918] The following changes were made in default +settings, in preparation for general availability of IPv6: + +- The default inet_protocols value is now "all" instead of "ipv4", + meaning use both IPv4 and IPv6. + + To avoid an unexpected loss of performance for sites without + global IPv6 connectivity, the commands "make upgrade" and "postfix + upgrade-configuration" now append "inet_protocols = ipv4" to + main.cf when no explicit inet_protocols setting is already present. + This workaround will be removed in a future release. + +- The default smtp_address_preference value is now "any" instead + of "ipv6", meaning choose randomly between IPv6 and IPv4. With + this the Postfix SMTP client will have more success delivering + mail to sites that have problematic IPv6 configurations. + +Major changes - address verification +------------------------------------ + +[Feature 20111211] The proxymap(8) server can now be used to share +postscreen(8) or verify(8) caches between Postfix instances. Support +for proxymap-over-TCP, to share a Postfix database between hosts, +is expected to be completed in the Postfix 2.10 development cycle. + +[Feature 20111209] memcache lookup and update support. This provides +a way to share postscreen(8) or verify(8) caches between Postfix +instances. + +[Feature 20111203] Support for time-dependent sender addresses +of address verification probes. The default address, double-bounce, +may end up on spammer blacklists. Although Postfix discards mail +for this address, such mail still uses up network bandwidth and +server resources. Specify an address_verify_sender_ttl value of +several hours or more to frustrate address harvesting. + +Major changes - session transcript notification +----------------------------------------------- + +[Incompat 20120114] By default the Postfix SMTP server no longer +reports transcripts of sessions where a client command is rejected +because a lookup table is unavailable. Postfix now implements gradual +degradation, for example, the SMTP server keeps running instead of +terminating with a fatal error. This change in error handling would +result in a very large number of "transcript of session" email +notifications when an LDAP or *SQL server goes down). + +To receive such reports, add the new "data" class to the notify_classes +parameter value. The reports will be sent to the error_notice_recipient +address as before. This class is also used by the Postfix SMTP +client to report about sessions that fail because a table is +unavailable. + +Major changes - logging +---------------------------------------- + +[Incompat 20120114] Logfile-based alerting systems may need to be +updated to look for "error" messages in addition to "fatal" messages. +Specify "daemon_table_open_error_is_fatal = yes" to get the historical +behavior (immediate termination with "fatal" message). + +[Incompat 20111214] Logfile-based analysis tools may need to be +updated. The submission and smtps examples in the sample master.cf +file were updated to make their logging easier to distinguish. + +See the source file pflogsumm_quickfix.txt for a "quick fix". + +[Incompat 20111205] Postfix now logs the result of successful TLS +negotiation with TLS logging levels of 0. See the smtp_tls_loglevel +and smtpd_tls_loglevel descriptions in the postconf(5) manpage for +other minor differences. + +[Incompat 20110219] The Postfix SMTP and QMQP servers now log +"hostname X does not resolve to address Y", when a "reverse hostname" +lookup result does not resolve to the client IP address. Until now +these servers logged "Y: hostname X verification failed" or "Y: +address not listed for hostname X" which people found confusing. |