2011年1月24日

[installer 2654] postfix-2.8.0

postfix-2.8.0 出ています。

☆ postfix-2.8.0
http://www.postfix.org/
ftp://ring.aist.go.jp/pub/net/mail/postfix/official/postfix-2.8.0.tar.gz
http://mirror.postfix.jp/postfix-release/official/postfix-2.8.0.tar.gz
http://mirror.ramix.jp/postfix-release/official/postfix-2.8.0.tar.gz
ftp://ftp.ixp.jp/postfix/official/postfix-2.8.0.tar.gz


20101124-6

Feature: pattern matching for DNSWL/DNSBL responses. For
example, with "reject_rbl_client example.com=d.d.d.d", each
"d" can now be a pattern inside "[]" that contains one or
more comma-separated decimal numbers or number..number
ranges. Files: smtpd/smtpd_check.c, postscreen/postscreen_dnsbl.c,
util/ip_match.c, util/ip_match.h.

20101126

Cleanup: don't log "blocked using example.com=127.0.0.1",
just log the domain name. File: smtpd/smtpd_check.c.

20101129

Cleanup: postscreen_client_connection_count_limit (default:
$smtpd_client_connection_count_limit) to limit the number
of connections from the same IP address to the postscreen(8)
daemon. Files: postscreen/postscreen.c, postscreen/postscreen.h,
postscreen/postscreen_state.c.

20101130

Cleanup: all postscreen(8) logging now reports the client
as [address]:port. This requires an update of tools that
process postscreen logging. Files: postscreen/*.c,
proto/POSTSCREEN_README.html.

Cleanup: polishing recent documentation and code. Files:
postscreen/postscreen_dnsbl.c, util/ip_match.c.

20101201

Bugfix (introduced 20101129): broken default value for
postscreen_client_connection_count_limit if the
smtpd_client_connection_count_limit parameter was left at
its default. File: postscreen/postscreen.c.

Workaround: BSD-ish mkdir() ignores the effective GID
and copies group ownership from the parent directory.
File: util/make_dirs.c.

20101202

Feature: the LDAP client can now authenticate to LDAP servers
via SASL. This is tested with SASL GSSAPI and Kerberos 5.
Original code by Quanah Gibson-Mount adapted by Victor
Duchovni. Files: global/dict_ldap.c, proto/LDAP_README.html,
proto/ldap_table.

Cleanup: the cleanup server now reports a temporary delivery
error when it reaches the virtual_alias_expansion_limit or
virtual_alias_recursion_limit. Previously, it would silently
ignore the excess recipients and deliver the message. File:
cleanup/cleanup_map1n.c.

20101205

Cleanup: sache_clnt_create() had an unnecessary data
dependency on the non-library var_scache_service variable,
causing problems with shared library builds. Instead, it
should use its service argument (which has the same value).
File: global/scache.c.

Cleanup: pipe_command.c had an unnecessary data dependency
on the non-library var_command_maxtime variable, causing
problems with shared library builds. The dependency was not
necessary because the callers already specify an explicit
time limit. File: global/pipe_command.c.

20101206

Bugfix (introduced 20101205): postscreen hung up due to
incorrect output error test. File: postscreen/postscreen_send.c.

20101207

Cleanup: the undisclosed_recipients_header default value
is now the empty string. The Internet mail RFCs have supported
messages without recipient header for almost 10 years now.
File: global/mail_params.h.

Cleanup: use strtol() instead of sscanf() for consistent
handling of out-of-range numbers. Files: global/cfg_parser.c,
global/conv_time.c, global/mail_conf_int.c,
global/mail_conf_long.c, global/mail_conf_nint.c.

20101217

Cleanup: eliminated the code that copied TLS protocol
messages between the OpenSSL TLS engine and the network.
This change hopefully simplifies the TLS library enough
that it can be used in an event-driven TLS proxy in front
of postscreen. Files: tls/tls_bio.c, tls/tls_server.c,
tls/tls_client.c.

This change eliminates an obscure bug where the SMTP server
would wait for another $smtpd_timeout seconds after sending
the "421 Error: timeout exceeded" message to the client.

20101221

Cleanup: simplified the VSTREAM "large buffer" support by
dropping the Postfix 2.4 "binary compatibility" requirement.
Files: util/vstream.c, util/vstream.h.

20101222

Cleanup: the SMTP client PIPELINING code did not account
for TLS protocol overhead. This could (only in theory)
result in deadlock when the remote SMTP server announces a
very small receive window after the client and server have
synchronized their SMTP state. Victor Duchovni. File:
smtp/smtp_proto.c.

20101223

Feature: with "tls_preempt_cipherlist = yes" the Postfix
SMTP server will preempt the remote SMTP client's cipher
preference order. This requires OpenSSL 0.9.7 and later.
Victor Duchovni. Files: src/smtpd/smtpd.c, src/tls/tls_server.c,
proto/TLS_README.html, proto/postconf.proto.

Future proofing: specify "tls_disable_workarounds = a list
or bit-mask of OpenSSL bug work-arounds to disable". This
may become necessary when a bug workaround is found to cause
problems (security or interoperability). Victor Duchovni.
Files: tls/tls_misc.c, proto/TLS_README.html, proto/postconf.proto.

Infrastructure: extended name_mask module feature set with
extensive documentation and 32-bit regression tests. Victor
and Wietse. File: util/name_mask.[hc].

20101224

Cleanup: sanitized the name_mask API so that errors will be
ignored only upon explicit request. Files: util/name_mask.[hc],
src/global/ehlo_mask.c, src/smtp/smtp_proto.c,
src/util/name_mask.c, src/xsasl/xsasl_dovecot_server.c.

Cleanup: more TLS overhead horrors for the SMTP client's
PIPELINING engine. Wietse and Victor. File: smtp/smtp_proto.c.

20101226

Cleanup: the SMTP client logic for pipelining the "." and
"QUIT" commands was bogus - the pipelining engine could not
know how much unacknowledged data is pending in the local
TCP stack. We now ignore the buffer check for sending
"QUIT" after ".". Wietse and Victor. File: smtp/smtp_proto.c.

20110101

Cleanup: the Postfix SMTP server now always refreshes the
SASL authentication mechanism list after STARTTLS. Some
Dovecot versions may change their responses when they know
that the SMTP connection is encrypted. File: smtpd/smtpd.c.

Cleanup: the smtpd_starttls_timeout default value is now
stress-dependent. Files: global/mail_params.h,
proto/postconf.proto.

Compatibility: postscreen_discard_ehlo_keyword(s|maps)
support for compatibility with smtpd_discard_ehlo_keyword(s|maps).
Files: postscreen/postscreen_smtpd.c.

20110102

Feature: STARTTLS support for the postscreen(8) daemon.
With early testing feedback from Victor Duchovni and Ralf
Hildebrandt. Files: postscreen/postscreen_smtpd,
postscreen/postscreen_starttls.c.

Feature: event-driven tlsproxy(8) daemon that translates
TLS <=> plaintext for postscreen(8). One tlsproxy(8) process
can translate traffic for multiple remote SMTP clients.
With early testing feedback from Victor Duchovni and Christian
Roessner. Files: util/nbbio.[hc], tlsproxy/*.[hc],
postscreen/postscreen_starttlsd.c, postscreen/postscreen_smtpd.c.

20110103

Cleanup: missing tls_level support in tlsproxy (it has no
way to send plaintext, but perhaps an informative error
message is in order anyway). File: tlsproxy/tlsproxy.c.

Cleanup: simplified the handling of throttled output (i.e.
output that can't be sent because the receiver tries to be
nasty). File: postscreen/postscreen_send.c.

20110104

Feature: add contact information to each SMTP server reject
message. For example, "smtpd_reject_footer = call 800-555-0101
for assistance", with macro expansion and with multi-line
support. Files: global/mail_params.h, mantools/postlink,
proto/postconf.proto, smtpd/smtpd.c, smtpd/smtpd_chat.c,
smtpd/smtpd_expand.[hc], util/mac_expand.[hc].

20110105

Cleanup: the forest of TLS-related booleans was shrunk.
Victor Duchovni. Files: smtpd/smtpd.c, postscreen/postscreen.c,
postscreen/postscreen_smtpd.c, tlsproxy/tlsproxy.c.

Non-production: tlsproxy support in the Postfix SMTP server
for stress testing of the tlsproxy daemon (#ifdef TLSPROXY).
Seen from outside, Postfix works just as if it has TLS
support built into in smtpd(8). Files: smtpd/smtpd.c,
tls/tls_proxy*.[hc], tlsproxy/tlsproxy.c, util/vstream.[hc].

Bugfix (introduced with the Postfix TLS patch): discard
plaintext following the STARTTLS command or response. This
matters only for the minority of SMTP clients that actually
verify server certificates. Files: smtpd/smtpd.c,
smtp/smtp_proto.c.

20110106

Non-production: cleaned up the tlsproxy support in the
Postfix SMTP server for stress testing of the tlsproxy
daemon (still #ifdef TLSPROXY). File: smtpd/smtpd.c.

20110107

Cleanup: smtpd_reject_contact_information is renamed to
smtpd_reject_footer, because it can be used for non-contact
information.

Compatibility: postscreen_reject_footer support for
compatibility with smtpd_reject_footer. Files:
global/smtp_reply_footer.[hc], global/mail_conf.[hc],
postscreen/postscreen_expand.c, postscreen/postscreen_send.c,
postscreen/postscreen.c, smtpd/smtpd_chat.c.

Compatibility: postscreen_command_filter support for
compatibility with smtpd_command_filter. Files:
postscreen/postscreen_dict.c, postscreen/postscreen_smtpd.c

20110108

Cleanup: postscreen(8) now displays control characters in
PREGREET responses as C-style \letter escapes, instead of
"?". File: postscreen/postscreen_early.c.

20110109

Cleanup: Solaris support for "pass" (file descriptor passing
based) services in master.cf. This was needed by postscreen(8).
Also, renamed upass_xxx.c to unix_pass_xxx.c. One-character
prefixes are too short. Removed upass_connect.c because it
was useless code. Files: util/stream_pass_connect.c,
util/unix_pass_listen.c, util/unix_pass_trigger.c.

Bugfix (introduced Postfix 2.4): on Solaris the Postfix
event engine was deaf for SIGHUP and SIGALRM signals after
the switch to /dev/poll. Symptoms were delayed "postfix
reload" response, and killed processes when the watchdog
timeout was less than max_idle. The fix is to set up SIGHUP
and SIGALRM handlers that write to a pipe, and to monitor
that pipe for read events via the Postfix event engine.
Files: master/master_sig.c, util/watchdog.c, util/sys_defs.h.

20110111

Cleanup: replaced the postscreen(8) separate blacklist and
whitelist lookup tables by one postscreen_access_list table.
See postconf(5) and POSTSCREEN_README for examples. Files:
postscreen/postscreen_access.c, postscreen/postscreen.c,
proto/postconf.proto, proto/POSTSCREEN_README.html.

20110112

Cleanup: suspend/resume logic for postscreen(8) SMTP sessions
that temporarily switch control to an external program such
as tlsproxy, or perhaps a future policy plugin. Files:
postscreen/postscreen_smtpd, postscreen/postscreen_starttls.c.

20110113

Cleanup: ps_cache and psc_cache are now postscreen_cache.
There is no need for obscure name abbrevations. File:
src/global/mail_params.h.

20110115

Workaround: malloc fuzz (safety margin for malloc requests).
Files: util/sys_defs.h, util/mymalloc.c.

Cleanup: dnsblog_service_name and tlsproxy_service_name are
now configurable, in case someone needs this. Files:
global/mail_params.h, postscreen/postscreen.c, mantools/postlink,
proto/postconf.proto.

20110116

Cleanup: soft_bounce support for postscreen(8). Files:
postscreen/postscreen_smtpd.c, postscreen/postscreen_send.c.

Cleanup: for smtpd(8) compatibility, postscreen(8) now
strips deprecated route address prefixes from email addresses
(@here,@there:user@xxxxx becomes user@xxxxx). This is
primarily to make postscreen(8) logging more similar to
that of smtpd(8). File: postscreen/postscreen_smtpd.c.

Cleanup: documentation, in preparation for the Postfix 2.8
stable release.

20110117

Bugfix (introduced Postfix alpha, or thereabouts): on HP-UX
the Postfix event engine was deaf for SIGALRM signals.
Symptoms were killed processes when the watchdog timeout
was less than max_idle. The fix is the same as Solaris fix
20110109. Since we can't know what other systems need this,
the workaround is enabled by default. Files: util/sys_defs.h.

Cleanup: "smtpd_tls_eecdh_grade = strong" by default, instead
of snapshot-only. File: global/mail_params.h, proto/postconf.proto.

Cleanup: missing "#include <errno.h>" in util/watchdog.c.

Bugfix: when compiled without -DUSE_TLS, tlsproxy used the
wrong server skeleton (multi_server instead of event_server).
File: tlsproxy/tlsproxy.c.

Workaround: added a panic check for code that is mis-compiled
by the HP-UX compiler. File: postscreen/postscreen.c,
postscreen/postscreen.h, postscreen/postscreen_state.c.

20110118

Bugfix: the tls_disable_workarounds word list only included
workarounds in SSL_OP_ALL. Problem report by Steve Jenkins,
problem fix by Victor Duchovni. File: tls/tls_misc.c.

Last-minute incompatible syntax change: Postfix now uses
";" instead of "," to separate DNSBL/DNSWL address filter
fields inside "[]". The compatibility break is not an issue,
because the syntax never worked in main.cf. Problem reported
by Mark Martinec. Files: util/ip_match.c, util/ip_match.in,
util/ip_match.ref, proto/postconf.proto.

Cleanup: postscreen now monitors the AVERAGE latency of
table access, and complains at most once per minute. File:
postscreen/postscreen_dict.c.

Bugfix: support for the "dunno" command somehow disappeared
from the postscreen_access_list implementation. File:
postscreen/postscreen_access.c.

----
こがよういちろう


投稿者 xml-rpc : 2011年1月24日 11:39
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/101544
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。