2009年8月28日

[installer 2046] postfix-2.3.18, 2.4.12, 2.5.8, 2.6.4

postfix-2.3.18, 2.4.12, 2.5.8, 2.6.4 出ています。

☆ postfix-2.3.18
http://www.postfix.org/
ftp://postfix.get7.biz/postfix/official/postfix-2.3.18.tar.gz
ftp://ramix.jp/mirrors/postfix-release/official/postfix-2.3.18.tar.gz
ftp://ring.aist.go.jp/pub/net/mail/postfix/official/postfix-2.3.18.tar.gz
ftp://ftp.ixp.jp/postfix/official/postfix-2.3.18.tar.gz


20090710

Bugfix (introduced Postfix 2.3): Postfix got out of sync
with a Milter application after the application sent a
"quarantine" request at end-of-message time. The milter
application would still be in the end-of-message state,
while Postfix would already be working on the next SMTP
event (typically, QUIT or MAIL FROM). Problem diagnosed
with help from Alban Deniz. File: milter/milter8.c.

20090805

Bugfix: don't panic when an unexpected smtpd access map is
specified. File: smtpd/smtpd_check.c.

20090807

Workaround: NS record lookups for certain domains always
fail, while other queries for those domains always succeed
(and even return replies with NS records as additional
information).

This inconsistency in DNS lookup results would allow spammers
to circumvent the Postfix check_{client,helo,sender,etc}_ns_access
restrictions, because those restrictions have effect only
for NS records that can be looked up in the DNS.

To address this inconsistency, check_{client,etc}_ns_access
now require that a known-in-DNS domain name (or parent
thereof) always resolves to at least one name server IP
address.

For consistency, check_{client,etc}_mx_access now require
that a known-in-DNS domain name always resolves to at least
one mail server IP address.

These measures merely raise the difficulty level for spammers.
The IP address information thus obtained is not necessarily
"correct". There is little to stop an uncooperative DNS
server from lying, especially when the owner of the domain
has no desire to receive email. File: smtpd/smtpd_check.c.

Problem reported by MXTools.com.


☆ postfix-2.4.12
http://www.postfix.org/
ftp://postfix.get7.biz/postfix/official/postfix-2.4.12.tar.gz
ftp://ramix.jp/mirrors/postfix-release/official/postfix-2.4.12.tar.gz
ftp://ring.aist.go.jp/pub/net/mail/postfix/official/postfix-2.4.12.tar.gz
ftp://ftp.ixp.jp/postfix/official/postfix-2.4.12.tar.gz

20090710

Bugfix (introduced Postfix 2.3): Postfix got out of sync
with a Milter application after the application sent a
"quarantine" request at end-of-message time. The milter
application would still be in the end-of-message state,
while Postfix would already be working on the next SMTP
event (typically, QUIT or MAIL FROM). Problem diagnosed
with help from Alban Deniz. File: milter/milter8.c.

20090805

Bugfix: don't panic when an unexpected smtpd access map is
specified. File: smtpd/smtpd_check.c.

20090807

Workaround: NS record lookups for certain domains always
fail, while other queries for those domains always succeed
(and even return replies with NS records as additional
information).

This inconsistency in DNS lookup results would allow spammers
to circumvent the Postfix check_{client,helo,sender,etc}_ns_access
restrictions, because those restrictions have effect only
for NS records that can be looked up in the DNS.

To address this inconsistency, check_{client,etc}_ns_access
now require that a known-in-DNS domain name (or parent
thereof) always resolves to at least one name server IP
address.

For consistency, check_{client,etc}_mx_access now require
that a known-in-DNS domain name always resolves to at least
one mail server IP address.

These measures merely raise the difficulty level for spammers.
The IP address information thus obtained is not necessarily
"correct". There is little to stop an uncooperative DNS
server from lying, especially when the owner of the domain
has no desire to receive email. File: smtpd/smtpd_check.c.

Problem reported by MXTools.com.


☆ postfix-2.5.8
http://www.postfix.org/
ftp://postfix.get7.biz/postfix/official/postfix-2.5.8.tar.gz
ftp://ramix.jp/mirrors/postfix-release/official/postfix-2.5.8.tar.gz
ftp://ring.aist.go.jp/pub/net/mail/postfix/official/postfix-2.5.8.tar.gz
ftp://ftp.ixp.jp/postfix/official/postfix-2.5.8.tar.gz

20090710

Bugfix (introduced Postfix 2.3): Postfix got out of sync
with a Milter application after the application sent a
"quarantine" request at end-of-message time. The milter
application would still be in the end-of-message state,
while Postfix would already be working on the next SMTP
event (typically, QUIT or MAIL FROM). Problem diagnosed
with help from Alban Deniz. File: milter/milter8.c.

20090805

Bugfix: don't panic when an unexpected smtpd access map is
specified. File: smtpd/smtpd_check.c.

20090807

Workaround: NS record lookups for certain domains always
fail, while other queries for those domains always succeed
(and even return replies with NS records as additional
information).

This inconsistency in DNS lookup results would allow spammers
to circumvent the Postfix check_{client,helo,sender,etc}_ns_access
restrictions, because those restrictions have effect only
for NS records that can be looked up in the DNS.

To address this inconsistency, check_{client,etc}_ns_access
now require that a known-in-DNS domain name (or parent
thereof) always resolves to at least one name server IP
address.

For consistency, check_{client,etc}_mx_access now require
that a known-in-DNS domain name always resolves to at least
one mail server IP address.

These measures merely raise the difficulty level for spammers.
The IP address information thus obtained is not necessarily
"correct". There is little to stop an uncooperative DNS
server from lying, especially when the owner of the domain
has no desire to receive email. File: smtpd/smtpd_check.c.

Problem reported by MXTools.com.


☆ postfix-2.6.4
http://www.postfix.org/
ftp://postfix.get7.biz/postfix/official/postfix-2.6.4.tar.gz
ftp://ramix.jp/mirrors/postfix-release/official/postfix-2.6.4.tar.gz
ftp://ring.aist.go.jp/pub/net/mail/postfix/official/postfix-2.6.4.tar.gz
ftp://ftp.ixp.jp/postfix/official/postfix-2.6.4.tar.gz

20090805

Bugfix: don't panic when an unexpected smtpd access map is
specified. File: smtpd/smtpd_check.c.

20090807

Workaround: NS record lookups for certain domains always
fail, while other queries for those domains always succeed
(and even return replies with NS records as additional
information).

This inconsistency in DNS lookup results would allow spammers
to circumvent the Postfix check_{client,helo,sender,etc}_ns_access
restrictions, because those restrictions have effect only
for NS records that can be looked up in the DNS.

To address this inconsistency, check_{client,etc}_ns_access
now require that a known-in-DNS domain name (or parent
thereof) always resolves to at least one name server IP
address.

For consistency, check_{client,etc}_mx_access now require
that a known-in-DNS domain name always resolves to at least
one mail server IP address.

These measures merely raise the difficulty level for spammers.
The IP address information thus obtained is not necessarily
"correct". There is little to stop an uncooperative DNS
server from lying, especially when the owner of the domain
has no desire to receive email. File: smtpd/smtpd_check.c.

Problem reported by MXTools.com.

----
こがよういちろう


投稿者 xml-rpc : 2009年8月28日 15:44
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/88020
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。