![[BACK]](/icons/back.gif){kind=icon}
Up to [NetBSD + pkgsrc-wip] / pkgsrc / mail / postfix
Request diff between arbitrary revisions - Display revisions graphically
Keyword substitution: kv
Default branch: MAIN
Update postfix pacakge to 2.8.7.
Postfix stable release 2.8.7 is available. This contains a workaround
for a problem that is fixed in Postfix 2.9.
* The postscreen daemon, which is not enabled by default, sent
non-compliant SMTP responses (220- followed by 421) when it
could not give a connection to a real smtpd process. These
responses caused some remote SMTP clients to return mail as
undeliverable.
The workaround is to hang up after sending 220- without sending
the 421 "sorry" reply; this is harmless.
The complete fix involves too much change for a stable release:
send the 220 greeting, wait for the EHLO command, then send
the 421 "sorry" reply and hang up.
Update postfix to 2.8.6. From release announce:
Postfix stable release 2.8.6, 2.7.7, 2.6.13 and 2.5.16 are available.
These contain fixes that are also included with the Postfix 2.9
experimental release.
* The Postfix SMTP daemon sent "bare" newline characters instead
of <CR><LF> when a header_checks REJECT pattern matched
multi-line header. This bug was introduced with Postfix 1.1.
* The Postfix SMTP daemon sent "bare" newline characters instead
of <CR><LF> when an smtpd_proxy_filter returned a multi-line
response. This bug was introduced with Postfix 2.1.
* For compatibility with future EAI (email address
internationalization) implementations, the Postfix MIME
processor no longer enforces the strict_mime_encoding_domain
check on unknown message subtypes such as message/global*.
This check is disabled by default.
* The Postfix master daemon could report a panic error
("master_spawn: at process limit") after the process limit
for some service was reduced with "postfix reload". This bug
existed in all Postfix versions.
You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.
Update postfix pacakge to 2.8.5.
[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-2.8.5.html]
Postfix stable release 2.8.5, 2.7.6, 2.6.12, and 2.5.15 are available.
These contain fixes and workarounds for the Postfix Milter client
that were already included with the Postfix 2.9 experimental release.
* The Postfix Milter client logged a "milter miltername: malformed
reply" error when a Milter sent an SMTP response without
enhanced status code (i.e. "XXX Text" instead of "XXX X.X.X
Text").
* The Postfix Milter client sent a random {client_connections}
macro value when the remote SMTP client was not subject to
any smtpd_client_* limit. As a workaround, it now sends a
zero value instead.
Update postfix package to 2.8.4.
Postfix stable release 2.8.4 is available. This contains fixes and
workarounds that were already included with the Postfix 2.9
experimental release. Where applicable these fixes will also be
made available for the legacy releases Postfix 2.5..2.7.
* Performance: a high load of DSN success notification requests
could slow down the queue manager. Solution: make the trace
client asynchronous, just like the bounce and defer clients.
* The local(8) delivery agent ignored table lookup errors in
mailbox_command_maps, mailbox_transport_maps, fallback_transport_maps
and (while bouncing mail to alias) alias owner lookup.
* Workaround: dbl.spamhaus.org rejects lookups with "No IP
queries" even if the name has an alphanumerical prefix. We
play safe, and skip both RHSBL and RHSWL queries for names
ending in a numerical suffix.
* The "sendmail -t" command reported "protocol error" instead
of "file too large", "no space left on device" etc.
* The Postfix Milter client reported a temporary error instead
of "file too large" in three cases.
* Linux kernel version 3 support. Linus Torvalds has reset the
counters for reasons not related to changes in code.
You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.
recursive bump from icu shlib major bump.
Pullup ticket #3426 - requested by taca mail/postfix security update Revisions pulled up: - mail/postfix/Makefile 1.239 - mail/postfix/distinfo 1.135 - mail/postfix/options.mk 1.36 --- Module Name: pkgsrc Committed By: taca Date: Tue May 10 13:38:24 UTC 2011 Modified Files: pkgsrc/mail/postfix: Makefile distinfo options.mk Log Message: Update postfix package to 2.8.3. * pkgsrc change: remoe mysql4 from PKG_OPTIONS. Securiy release for Memory corruption in Postfix SMTP server Cyrus SASL support: http://www.postfix.org/CVE-2011-1720.html 20110411 Cleanup: postscreen(8) and verify(8) daemons now lock their respective cache file exclusively upon open, to avoid massive cache corruption by unsupported sharing. Files: util/dict.h, util/dict_open.c, verify/verify.c, postscreen/postscreen.c. 20110414 Bugfix (introduced with Postfix SASL patch 20000314): don't reuse a server SASL handle after authentication failure. Problem reported by Thomas Jarosch of Intra2net AG. File: smtpd/smtpd_proto.c.
Update postfix package to 2.8.3. * pkgsrc change: remoe mysql4 from PKG_OPTIONS. Securiy release for Memory corruption in Postfix SMTP server Cyrus SASL support: http://www.postfix.org/CVE-2011-1720.html 20110411 Cleanup: postscreen(8) and verify(8) daemons now lock their respective cache file exclusively upon open, to avoid massive cache corruption by unsupported sharing. Files: util/dict.h, util/dict_open.c, verify/verify.c, postscreen/postscreen.c. 20110414 Bugfix (introduced with Postfix SASL patch 20000314): don't reuse a server SASL handle after authentication failure. Problem reported by Thomas Jarosch of Intra2net AG. File: smtpd/smtpd_proto.c.
Update mail/postfix pacakge to 2.8.2.
Postfix stable release 2.8.2 is available. This release has minor
fixes that are already in the experimental (2.9) release.
- Bugfix: postscreen DNSBL scoring error. When a client disconnected
and then reconnected before all DNSBL results for the earlier
session arrived, DNSBL results for the earlier session would be
added to the score for the later session. This is very unlikely
to have affected any legitimate mail.
- Workaround: the SMTP client did not support mail to [ipv6:ipv6addr].
- Portability: FreeBSD closefrom() was back-ported to FreeBSD 7,
breaking FreeBSD 7.x support retroactively.
- Portability: the SUN compiler had trouble with a pointer expression
of the form ``("text1" "text2") + constant'' so we don't try to
be so clever.
Pullup ticket #3384 - requested by taca
mail/postfix: security update
Revisions pulled up:
- mail/postfix/Makefile patch
- mail/postfix/distinfo patch
- mail/postfix/patches/patch-ag patch
---
Postfix legacy releases 2.7.3, 2.6.9, 2.5.12 and 2.4.16 are available.
These releases contain a fix for CVE-2011-0411 which allows plaintext
command injection with SMTP sessions over TLS. This defect was
introduced with Postfix version 2.2. The same flaw exists in other
implementations of the STARTTLS command.
Note: CVE-2011-0411 is an issue only for the minority of SMTP
clients that actually verify server certificates. Without server
certificate verification, clients are always vulnerable to
man-in-the-middle attacks that allow attackers to inject
plaintext commands or responses into SMTP sessions, and more.
Postfix 2.8 and 2.9 are not affected.
The following problems were fixed with the Postfix legacy releases:
* Fix for CVE-2011-0411: discard buffered plaintext input,
after reading the SMTP "STARTTLS" command or response.
* Fix to the local delivery agent: look up the "unextended"
address in the local aliases database, when that address has
a malformed address extension.
* Fix to virtual alias expansion: report a tempfail error,
instead of silently ignoring recipients that exceed the
virtual_alias_expansion_limit or the virtual_alias_recursion_limit.
* Fix for Solaris: the Postfix event engine was deaf for SIGHUP
and SIGALRM signals after the switch from select() to /dev/poll.
Symptoms were delayed "postfix reload" response, and killed
processes with watchdog timeout values under 100 seconds.
* Fix for HP-UX: the Postfix event engine was deaf for SIGALRM
signals. Symptoms were killed processes with watchdog timeout
values under 100 seconds.
* Fix for BSD-ish mkdir() to prevent maildir directories from
inheriting their group ownership from the parent directory.
* Fix to the SMTP client: missing support for mail to
[ipv6:ipv6addr] address literal destinations.
* FreeBSD back-ported closefrom() from FreeBSD 8x to 7x, breaking
Postfix builds retroactively.
Historical note:
Wietse Venema discovered the problem two weeks before the
Postfix 2.8 release, and silently fixed it pending further
investigation. While investigating the problem's scope and
impact, Victor Duchovni found that many other TLS applications
were also affected. At that point, CERT/CC was asked to coordinate
with the problem's resolution.
You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.
Update "postfix" package to version 2.8.1. Changes since version 2.7.2: Postfix stable release 2.8.0 is available. This release continues the move towards improving code and documentation, and making the system better prepared for changes in the threat environment. The postscreen daemon (a zombie blocker in front of Postfix) is now included with the stable release. postscreen now supports TLS and can log the rejected sender, recipient and helo information. See the POSTSCREEN_README file for recommended usage scenarios. Support for DNS whitelisting (permit_rhswl_client), and for pattern matching to filter the responses from DNS white/blacklist servers (e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]). Improved message tracking across SMTP-based content filters; the after-filter SMTP server can log the before-filter queue ID (the XCLIENT protocol was extended). Read-only support for sqlite databases. See sqlite_table(5) and SQLITE_README. Support for 'footers' that are appended to SMTP server "reject" responses. See "smtpd_reject_footer" in the postconf(5) manpage. This update was tested by Takahiro Kambe.
Update "postfix" package to version 2.7.2. Changes since version 2.7.1:
- Postfix no longer automatically appends the system default CA
(certificate authority) certificates, when it reads the CA
certificates specified with {smtp, lmtp, smtpd}_tls_CAfile or
with {smtp, lmtp, smtpd}_tls_CApath. This prevents third-party
certificates from getting mail relay permission with the
permit_tls_all_clientcerts feature. Unfortunately, this change
may cause compatibility problems with configurations that rely
on certificate verification for other purposes. To get the old
behavior, specify "tls_append_default_CA = yes".
- A prior fix for compatibility with Postfix < 2.3 was incomplete.
When pipe-to-command delivery fails with a signal, mail is now
correctly deferred, instead of being returned to sender.
- Poor smtpd_proxy_filter TCP performance over loopback (127.0.0.1)
connections was fixed by adapting the output buffer size to the MTU.
- The SMTP server no longer applies the reject_rhsbl_helo feature
to non-domain forms such as network addresses. This would cause
false positives with dbl.spamhaus.org.
- The Postfix SMTP server failed to deliver a "421" response and
hang up the connection after Milter error. Instead, the server
delivered a "503 Access denied" response and left the connection
open, due to some Postfix 1.1 workaround for RFC 2821.
- The milter_header_checks parser failed to enable any of the actions
that have no effect on message delivery (warn, replace, prepend,
ignore, dunno, and ok).
Reset maintainer.
Change LICENSE to cpl-1.0. This has only minor wording differences from postfix-license, of the same level of importance as changing the name of the copyright holder, rather than in the nature of the terms. Everyone believes that postfix is Open Source, and this causes postfix to fall under DEFAULT_ACCEPTABLE_LICENSES. ok martti@
Postfix stable release 2.7.1 fixes one defect in the XFORWARD
implementation (for SMTP-based content filters), improves robustness,
and has updates for changes in system or library interfaces.
* Bugfix (introduced Postfix 2.6) in the XFORWARD implementation,
which sends remote SMTP client attributes through SMTP-based
content filters. The Postfix SMTP client did not skip "unknown"
SMTP client attributes, causing a syntax error when sending
an "unknown" client PORT attribute.
* Robustness: skip LDAP queries with non-ASCII search strings,
instead of failing with a database lookup error.
* Safety: Postfix processes now log a warning when a matchlist
has a #comment at the end of a line (for example mynetworks
or relay_domains).
* Portability: OpenSSL 1.0.0 changes the priority of anonymous
cyphers.
* Portability: Mac OS 10.6.3 requires <arpa/nameser_compat.h>
instead of <nameser8_compat.h>.
* Portability: Berkeley DB 5.x is now supported.
marked as CONFLICTS with esmtp>=1.2 (bin/mailq and/or bin/newaliases)
Updated mail/postfix to 2.7.0 Postfix stable release 2.7.0 is available. For the past several releases, the focus has moved towards improving the code and documentation, and updating the system for changing environments. - Improved before-queue content filter performance. With "smtpd_proxy_options = speed_adjust", the Postfix SMTP server receives the entire message before it connects to a before-queue content filter. Typically, this allows Postfix to handle the same mail load with fewer content filter processes. - Improved address verification performance. The verify database is now persistent by default, and it is automatically cleaned periodically, Under overload conditions, the Postfix SMTP server no longer waits up to 6 seconds for an address probe to complete. - Support for reputation management based on the local SMTP client IP address. This is typically implemented with "FILTER transportname:" actions in access maps or header/body checks, and mail delivery transports in master.cf with unique smtp_bind_address values. - The postscreen daemon (a zombie-blocker in front of Postfix) is still too rough for a stable release, and will be made "mature" in the Postfix 2.8 development cycle (however you can use Postfix 2.7 with the Postfix 2.8 postscreen and dnsblog executables and master.cf configuration; this code has already proven itself). No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations. You can find Postfix version 2.7.0 at the mirrors listed at http://www.postfix.org/ The same code is also available as Postfix snapshot 2.8-20100213. Updated versions of Postfix version 2.6, 2.5 and perhaps earlier will be released with the same fixes that were already included with Postfix versions 2.7 and 2.8.
Pullup ticket #2879 - requested by martti
postfix: bug fix update
Revisions pulled up:
- mail/postfix/Makefile 1.229-1.230
- mail/postfix/distinfo 1.128
---
Module Name: pkgsrc
Committed By: heinz
Date: Sun Aug 9 21:15:31 UTC 2009
Modified Files:
pkgsrc/mail/postfix: Makefile
Log Message:
Enabled installation to DESTDIR. (OK by martti@).
---
Module Name: pkgsrc
Committed By: martti
Date: Mon Aug 31 09:37:35 UTC 2009
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.6.5
The stable release Postfix 2.6.5 addresses the defects described
below (some already addressed with the not-announced Postfix 2.6.3
release). These defects are also addressed in the legacy releases
that are still maintained: Postfix 2.5.9, 2.4.13 and 2.3.19.
Do not use Postfix 2.6.4, 2.5.8, 2.4.12, 2.3.18, 2.7-20090807, and
2.7-20090807-nonprod. These contain a DNS workaround that causes
more trouble than it prevents. It is removed until further notice.
Defects fixed with Postfix 2.6.3, 2.5.9, 2.4.13 and 2.3.19:
- The Postfix Milter client got out of step with a Milter application
after the application sent a "quarantine" request at end-of-message
time. The Milter application would still be in the end-of-message
state, while Postfix would already be working on the next SMTP
event, typically, QUIT or MAIL FROM. In the latter case, Milter
responses for the previously-received email message would be
applied towards the next MAIL FROM transaction. This problem was
diagnosed with help from Alban Deniz.
Defects fixed with Postfix 2.6.5, 2.5.9, 2.4.13 and 2.3.19:
- The Postfix SMTP server would abort with an "unexpected lookup
table" error when an SMTPD policy server was mis-configured in a
particular way.
Updated mail/postfix to 2.6.5 The stable release Postfix 2.6.5 addresses the defects described below (some already addressed with the not-announced Postfix 2.6.3 release). These defects are also addressed in the legacy releases that are still maintained: Postfix 2.5.9, 2.4.13 and 2.3.19. Do not use Postfix 2.6.4, 2.5.8, 2.4.12, 2.3.18, 2.7-20090807, and 2.7-20090807-nonprod. These contain a DNS workaround that causes more trouble than it prevents. It is removed until further notice. Defects fixed with Postfix 2.6.3, 2.5.9, 2.4.13 and 2.3.19: - The Postfix Milter client got out of step with a Milter application after the application sent a "quarantine" request at end-of-message time. The Milter application would still be in the end-of-message state, while Postfix would already be working on the next SMTP event, typically, QUIT or MAIL FROM. In the latter case, Milter responses for the previously-received email message would be applied towards the next MAIL FROM transaction. This problem was diagnosed with help from Alban Deniz. Defects fixed with Postfix 2.6.5, 2.5.9, 2.4.13 and 2.3.19: - The Postfix SMTP server would abort with an "unexpected lookup table" error when an SMTPD policy server was mis-configured in a particular way.
Enabled installation to DESTDIR. (OK by martti@).
Updated mail/postfix to 2.6.2 Postfix stable release 2.6.2 fixes one defect in SASL support. This does not affect Postfix versions 2.5 and earlier. With plaintext SMTP sessions AND smtpd_tls_auth_only=yes AND smtp_sasl_auth_enable=yes, the SMTP server logged warnings for reject_*_sender_login_mismatch, instead of enforcing them. You can find Postfix version 2.6.2 at the mirrors listed at http://www.postfix.org/ The same fix is also available in Postfix snapshot 2.7-20090528. Postfix versions 2.5 and earlier are not affected.
Updated mail/postfix to 2.6.1 Postfix stable release 2.6.1 fixes one defect in Milter support. This does not affect Postfix versions 2.5 and earlier. - Queue file corruption under very specific conditions: (smtpd_milters or non_smtpd_milters) enabled, AND delay_warning_time enabled, AND mail delivery delays, AND short envelope sender addresses (e.g., sendmail command-line submissions with bare usernames as the sender, but not bounce messages). The queue file would be corrupted when the delay_warning_time record was marked as "done" after sending the "your mail is delayed" notice. The defect was introduced with Postfix 2.3, but it could not cause corruption before the change dated 20090427.
Use standard location for LICENSE line (in MAINTAINER/HOMEPAGE/COMMENT block). Uncomment some commented out LICENSE lines while here.
Added sbin/postmulti to PLIST. PKGREVISION++
Pullup ticket #2764 - requested by martti postfix: bug fix update Revisions pulled up: - mail/postfix/Makefile 1.223 - mail/postfix/distinfo 1.124 --- Module Name: pkgsrc Committed By: martti Date: Wed May 13 10:32:23 UTC 2009 Modified Files: pkgsrc/mail/postfix: Makefile distinfo Log Message: Updated mail/postfix to 2.5.7 - (low) The installation/upgrade procedure did not automatically create the data_directory. - (medium) In the "new queue manager", the _destination_rate_delay code needed to postpone the job scheduler updates after delivery completion, otherwise the scheduler could loop on blocked jobs. - (low) The queue manager used <transport>_concurrency_failed_cohort_limit instead of <transport>_destination_concurrency_failed_cohort_limit as documented. - (low) The SMTP client disabled MIME parsing despite non-empty settings for smtp_header_checks, smtp_mime_header_checks, smtp_nested_header_checks, or smtp_body_checks. - (medium) The postsuper command re-enabled the SIGHUP signal when it was set to "ignore". This could result in random "Postfix integrity check failed" errors at boot time (POSIX SIGHUP death), causing Postfix not to start automatically.
Updated mail/postfix to 2.6.0 - Multi-instance support introduces a new postmulti(1) command to create/add/remove/etc. additional Postfix instances. The familiar "postfix start" etc. commands now automatically start multiple Postfix instances. The good news: nothing changes when you use only one Postfix instance. See MULTI_INSTANCE_README for details. - Multi-instance support required that some files be moved from the non-shared $config_directory to the shared $daemon_directory. The affected files are postfix-script, postfix-files and post-install. - TLS (SSL) support was updated for elliptic curve encryption. This requires OpenSSL version 0.9.9 or later. The SMTP client no longer uses the SSLv2 protocol by default. See TLS_README for details. - The Milter client now supports all Sendmail 8.14 Milter requests, including requests for rejected recipient addresses, and requests to replace the envelope sender address. See MILTER_README for details. - Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To: headers to email messages with "remote" origins (these are origins that don't match $local_header_rewrite_clients). Adding such headers breaks DKIM signatures that explicitly cover non-present headers. For compatibility with existing logfile processing software, Postfix will log ``message-id=<>'' for email messages that have no Message-Id header. - Stress-adaptive behavior is now enabled by default. This allows the Postfix SMTP server to temporarily reduce time limits and error-count limits under conditions of overload, such as a malware attack or backscatter flood. See STRESS_README for details. No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations.
Updated mail/postfix to 2.5.7 - (low) The installation/upgrade procedure did not automatically create the data_directory. - (medium) In the "new queue manager", the _destination_rate_delay code needed to postpone the job scheduler updates after delivery completion, otherwise the scheduler could loop on blocked jobs. - (low) The queue manager used <transport>_concurrency_failed_cohort_limit instead of <transport>_destination_concurrency_failed_cohort_limit as documented. - (low) The SMTP client disabled MIME parsing despite non-empty settings for smtp_header_checks, smtp_mime_header_checks, smtp_nested_header_checks, or smtp_body_checks. - (medium) The postsuper command re-enabled the SIGHUP signal when it was set to "ignore". This could result in random "Postfix integrity check failed" errors at boot time (POSIX SIGHUP death), causing Postfix not to start automatically.
Activated LICENSE=...
Pullup ticket #2621 - requested by martti postfix: security update Revisions pulled up: - mail/postfix/Makefile 1.221 - mail/postfix/distinfo 1.123 --- Module Name: pkgsrc Committed By: martti Date: Mon Jan 5 10:25:34 UTC 2009 Modified Files: pkgsrc/mail/postfix: Makefile distinfo Log Message: Updated mail/postfix to 2.5.6 - Postfix 2.5: the SMTP server did not ask for a client certificate with "smtpd_tls_req_ccert = yes". Reported by Rob Foehl. - Postfix 2.5, 2.4 and 2.3: avoid reduced TCP performance when reusing an SMTP connection with a larger than 4096-byte TCP MSS value. In practice, this could happen only with loopback (localhost) connections.
Updated mail/postfix to 2.5.6 - Postfix 2.5: the SMTP server did not ask for a client certificate with "smtpd_tls_req_ccert = yes". Reported by Rob Foehl. - Postfix 2.5, 2.4 and 2.3: avoid reduced TCP performance when reusing an SMTP connection with a larger than 4096-byte TCP MSS value. In practice, this could happen only with loopback (localhost) connections.
Pullup ticket 2518 - requested by martti
security update for postfix
- pkgsrc/mail/postfix/Makefile 1.219, 1.220
- pkgsrc/mail/postfix/distinfo 1.119
- pkgsrc/mail/postfix/patches/patch-aa 1.21
- pkgsrc/mail/postfix/patches/patch-ag 1.25
- pkgsrc/mail/postfix/patches/patch-ai 1.22
- pkgsrc/mail/postfix-current/Makefile 1.100, 1.101
- pkgsrc/mail/postfix-current/distinfo 1.46
- pkgsrc/mail/postfix-current/patches/patch-aa 1.19
- pkgsrc/mail/postfix-current/patches/patch-ag 1.17
- pkgsrc/mail/postfix-current/patches/patch-ai 1.20
Module Name: pkgsrc
Committed By: ghen
Date: Fri Aug 22 20:29:55 UTC 2008
Modified Files:
pkgsrc/mail/postfix: Makefile
pkgsrc/mail/postfix-current: Makefile
Log Message:
Add some (http) mirrors.
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Sep 4 08:25:20 UTC 2008
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
pkgsrc/mail/postfix/patches: patch-aa patch-ag patch-ai
Log Message:
Updated mail/postfix to 2.5.5
Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a
denial of service attack by a local user. There is no breach of
data confidentiality or data integrity. This problem was found by
the Postfix author during routine source code maintenance.
An on-line version of this announcement is available at
http://www.postfix.org/announcements/20080902.html
---
Module Name: pkgsrc
Committed By: martti
Date: Thu Sep 4 08:25:31 UTC 2008
Modified Files:
pkgsrc/mail/postfix-current: Makefile distinfo
pkgsrc/mail/postfix-current/patches: patch-aa patch-ag patch-ai
Log Message:
Updated mail/postfix-current to 2.6.20080903
Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a
denial of service attack by a local user. There is no breach of
data confidentiality or data integrity. This problem was found by
the Postfix author during routine source code maintenance.
An on-line version of this announcement is available at
http://www.postfix.org/announcements/20080902.html
Updated mail/postfix to 2.5.5 Postfix 2.4 and later, on Linux kernel 2.6, is vulnerable to a denial of service attack by a local user. There is no breach of data confidentiality or data integrity. This problem was found by the Postfix author during routine source code maintenance. An on-line version of this announcement is available at http://www.postfix.org/announcements/20080902.html
Add some (http) mirrors.
pullup ticket #2495 - requested by martti
postfix: update package for security fixes
revisions pulled up:
pkgsrc/mail/postfix/Makefile 1.218
pkgsrc/mail/postfix/distinfo 1.118
Module Name: pkgsrc
Committed By: martti
Date: Mon Aug 18 07:13:41 UTC 2008
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.5.4
20080804
Bugfix: dangling pointer in vstring_sprintf_prepend().
File: util/vstring.c.
20080814
Security: some systems have changed their link() semantics,
and will hardlink a symlink, contrary to POSIX and XPG4.
Sebastian Krahmer, SuSE. File: util/safe_open.c.
The solution introduces the following incompatible change:
when the target of mail delivery is a symlink, the parent
directory of that symlink must now be writable by root only
(in addition to the already existing requirement that the
symlink itself is owned by root). This change will break
legitimate configurations that deliver mail to a symbolic
link in a directory with less restrictive permissions.
Updated mail/postfix to 2.5.4 20080804 Bugfix: dangling pointer in vstring_sprintf_prepend(). File: util/vstring.c. 20080814 Security: some systems have changed their link() semantics, and will hardlink a symlink, contrary to POSIX and XPG4. Sebastian Krahmer, SuSE. File: util/safe_open.c. The solution introduces the following incompatible change: when the target of mail delivery is a symlink, the parent directory of that symlink must now be writable by root only (in addition to the already existing requirement that the symlink itself is owned by root). This change will break legitimate configurations that deliver mail to a symbolic link in a directory with less restrictive permissions.
Updated mail/postfix to 2.5.3 When a mailbox file is not owned by its recipient, the local and virtual delivery agents now log a warning and defer delivery. Specify "strict_mailbox_ownership = no" to ignore such ownership discrepancies. [HISTORY] 20080509 Bugfix: null-terminate CN comment string after sanitization. File: smtpd/smtpd.c. 20080603 Workaround: avoid "bad address pattern" errors with non-address patterns in namadr_list_match() calls. File: util/match_ops.c. 20080620 Bugfix (introduced 20080207): "cleanup -v" panic because the new "SMTP reply" request flag did not have a printable name. File: global/cleanup_strflags.c. Cleanup: using "Before-queue content filter", RFC3848 information was not added to the headers. Carlos Velasco. File smtpd/smtpd.c. 20080717 Cleanup: a poorly-implemented integer overflow check for TCP MSS calculation had the unexpected effect that people broke Postfix on LP64 systems while attempting to silence a compiler warning. File: util/vstream_tweak.c. 20080725 Paranoia: defer delivery when a mailbox file is not owned by the recipient. Requested by Sebastian Krahmer, SuSE. Specify "strict_mailbox_ownership=no" to ignore ownership discrepancies. Files: local/mailbox.c, virtual/mailbox.c.
Set data_directory's default to "/var/db/postfix" and create it properly install stage. It should be fix some problem; running tls and find command's error on start. Bump PKGREVISION.
Update Postfix to version 2.5.1 (ok martti). Major changes over 2.4.x are: - TLS (SSL) support was streamlined further, and provides a new security level based on certificate fingerprints instead of CA signatures. See TLS_README for details. - Milter support was updated from the Sendmail 8.13 feature set and now includes most of the features that were introduced with Sendmail 8.14. See MILTER_README for details. - Stress-adaptive configuration was introduced. This allows the Postfix SMTP server to temporarily adjust its rules under conditions of overload, such as a malware attack or backscatter flood. See STRESS_README for details. [pkgsrc: this obsoletes the "postfix-stress" option which provided the same functionality via a distribution patch] - The queue manager scheduler was refined. It now provides per-transport scheduling controls and allows for adjustment of the sensitivity to mail delivery (non-)errors. See SCHEDULER_README. - Security was improved by introducing a Postfix-owned data_directory for storage of randomness, caches and other non-queue data. This change avoids future security loopholes due to untrusted data sitting in root-owned files or in root-owned directories. Writes to legacy files in root-owned directories are automatically redirected to files in the new data_directory. No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations.
Move SASL conditionals to options.mk.
Per the process outlined in revbump(1), perform a recursive revbump on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@
Drop the "dovecot-sasl" option and instead enable dovecot SASL support by default (this doesn't actually depend on Dovecot for building, the code is shipped with Postfix). Set the default value for smtpd_sasl_type to "dovecot" unless cyrus SASL is enabled, too. This ensures backwards compatibility for most cases. Ok with martti, joerg.
Don't add smtpd.conf as a conf file in the dovecot-sasl case, because it doesn't exist unless sasl is defined, causing building with options dovecot-sasl and not sasl to fail.
Based on some feedback, comment out the newly added LICENSE=xxx for now. I'll re-activate this later when the global license stuff is activated.
Added LICENSE=postfix-license
Pullup ticket 2210 - requested by marrti
bugfix update for postfix
- pkgsrc/mail/postfix/Makefile 1.208
- pkgsrc/mail/postfix/distinfo 1.114
Module Name: pkgsrc
Committed By: martti
Date: Mon Oct 22 06:15:20 UTC 2007
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.4.6
- A remote SMTP client TLS certificate with an unparsable canonical
name triggered a panic error in the Postfix SMTP server (attempt
to allocate zero-length memory) while sending a request to an
SMTPD policy server.
- On backup MX servers where the queue file system is mounted with
"atime" (file read/execute access time) updates disabled, the
flush daemon would trigger mail delivery attempts once every 1000
seconds, thus rendering the maximal_backoff_time setting useless
for backup MX service.
Updated mail/postfix to 2.4.6 - A remote SMTP client TLS certificate with an unparsable canonical name triggered a panic error in the Postfix SMTP server (attempt to allocate zero-length memory) while sending a request to an SMTPD policy server. - On backup MX servers where the queue file system is mounted with "atime" (file read/execute access time) updates disabled, the flush daemon would trigger mail delivery attempts once every 1000 seconds, thus rendering the maximal_backoff_time setting useless for backup MX service.
Honor PKGMANDIR.
Updated mail/postfix to 2.4.5
MILTER bugfix:
When a milter replied with ACCEPT at or before the first RCPT
command, the cleanup server would apply the non_smtpd_milters
setting as if the message was a local submission. Problem
reported by Jukka Salmi.
MILTER bugfix:
Problem with header updates after body updates. Reported by
Jose-Marcio Martins da Cruz.
MILTER robustness:
Assorted cleanups to harden error handling in the Postfix Milter
client.
SASL workaround for Postfix SMTP client:
Some non-Cyrus SASL SMTP servers require SASL login without
authzid (authoriZation ID), i.e. the client must send only the
authcid (authentiCation ID) + the authcid's password. This is
now the default Postfix SMTP client behavior.
Loopback TCP performance workaround:
Some systems exhibited poor SMTP and Milter performance with
loopback (127.0.0.1) connections. Problem reported by Mark
Martinec.
MILTER bugfix:
When a milter replied with ACCEPT at or before the first RCPT
command, the cleanup server would apply the non_smtpd_milters
setting as if the message was a local submission. Problem
reported by Jukka Salmi.
MILTER bugfix:
Problem with header updates after body updates. Reported by
Jose-Marcio Martins da Cruz.
MILTER robustness:
Assorted cleanups to harden error handling in the Postfix Milter
client.
SASL workaround for Postfix SMTP client:
Some non-Cyrus SASL SMTP servers require SASL login without
authzid (authoriZation ID), i.e. the client must send only the
Updated mail/postfix to 2.4.3 20070425 Bugfix: don't falsely report "lost connection from localhost[127.0.0.1]" when Postfix is being portscanned. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c. 20070430 Robustness: recommend a "0" process limit for policy servers to avoid "connection refused" problems when the smtpd process limit exceeds the default process limit. File: proto/SMTPD_POLICY_README.html. 20070501 Safety: when IPv6 (or IPv4) is turned off, don't treat an IPv6 (or IPv4) connection from e.g. inetd as if it comes from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c. 20070508 Bugfix: Content-Transfer-Encoding: attribute values are case insensitive. File: src/cleanup/cleanup_message.c. 20070514 Bugfix: mailbox_transport(_maps) and fallback_transport(_maps) were broken when used with the error(8) or discard(8) transports. Cause: insufficient documentation. Files: error/error.c, discard/discard.c. 20070520 Bugfix (problem introduced Postfix 2.3): when DSN support was introduced it broke "agressive" recipient duplicate elimination with "enable_original_recipient = no". File: cleanup/cleanup_out_recipient.c. 20070529 Bugfix (introduced Postfix 2.3): the sendmail/postdrop commands would hang when trying to submit a message larger than the per-message size limit. File: postdrop/postdrop.c. 20070530 Sabotage the saboteur who insists on breaking Postfix by adding gethostbyname() calls that cause maildir delivery to fail when the machine name is not found in /etc/hosts, or that cause Postfix processes to hang when the network is down. 20070531 Portability: Victor helpfully pointed out that change 20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.
Use INSTALL_MAN instead of INSTALL_SCRIPT to install qshape.1
Updated mail/postfix to 2.4.1 20070331 Bugfix (introduced Postfix 2.3): segfault with HOLD action in access/header_checks/body_checks on 64-bit platforms. File: cleanup/cleanup_api.c. 20070402 Portability (introduced 20070325): the fix for hardlinks and symlinks in postfix-install forgot to work around shells where "IFS=/ command" makes the IFS setting permanent. This is allowed by some broken standard, and affects Solaris. File: postfix-install. Portability (introduced 20070212): the workaround for non-existent library bugs with descriptors >= FD_SETSIZE broke with "fcntl F_DUPFD: Invalid argument" on 64-bit Solaris. Files: master/multi_server.c, *qmgr/qmgr_transport.c. 20070421 Cleanup: on (Linux) platforms that cripple signal handlers with deadlock, "postfix stop" now forcefully stops all the processes in the master's process group, not just the master process alone. File: conf/postfix-script.
Install qshape(1) manpage. Bump PKGREVISION.
Updated mail/postfix to 2.4.0 The footprint of new features with Postfix 2.4.0 is significantly smaller than with earlier releases. And that is the whole point of approaching completeness: fewer visible changes. Below is a brief summary of what has changed. See the RELEASE_NOTES file for more, including compatibility issues that may affect your site. The HISTORY file gives a blow-by-blow account of what happened over the past year. Wietse - Postfix can now manage thousands of connections without needing special main.cf, master.cf, or compile-time tweaks, on systems with BSD kqueue, Solaris /dev/poll, or Linux epoll support. - Milter support for message body replacement. The resulting queue files are backwards compatible with Postfix 2.3. The existing Milter support for message header manipulations was revised and is now implemented by much simpler code. - Minor improvements in TLS session cache management and in the implementation of certificate fingerprint based authentication. A more extensive revision of TLS internals will appear first in Postfix 2.5 snapshots. - Improvements in queue manager performance when deferring large amounts of mail, or when delivering mail with lots of recipients. - Workarounds for SMTP servers that reply and hang up prematurely, for file system clocks that are out of sync, and for broken kernel lock management in POP servers.
Some pkglint fixes.
Add an option to use dovecot for SASL.
Updated mail/postfix to 2.3.7 - postmap support for NIS maps was broken with Postfix 2.3. - Workaround to avoid breaking digital signatures for malformed MIME attachments. - Incorrect handling of ![address] forms in match lists. such as mynetworks, inet_interfaces etc.
Updated mail/postfix to 2.3.5 - On Redhat Linux, a Postfix daemon could lock up while logging a warning from a signal handler before exiting. This is remedied by a low-cost re-entrancy guard for signal handlers that never return. - Message headers longer than 65535 broke the Milter protocol. To make matters worse the cleanup server could then dereference a null pointer. When Milter support is enabled, the length of each message header is now limited to 60000. - Several fixes to improve worst-case behavior of the (new) queue manager with multi-recipient mail. The queue manager now reads new recipients earlier from the queue file, instead of becoming starved while waiting for the slowest in-memory recipients to complete; and it now reads recipients in smaller chunks to avoid spending too much time not talking to delivery agents. - With remote SMTP server tarpit delays larger than the Postfix SMTP client's smtp_rset_timeout (default: 20s), the client would get out of sync with the server while reusing a connection. The symptoms were "recipient rejected .. in reply to DATA". - On FreeBSD 6.2, some Postfix daemon processes would complain once with "Error 0" after "postfix reload" and then recover. This warning is now logged only when the problem persists.
Added CHECK_HEADERS_SKIP to make the package pass the test. The postfix configuration variables look exactly like the ones produced by the configure scripts. Added POSTFIX_QUEUE_DIR to BUILD_DEFS to make it visible why VARBASE can be configured.
Updated mail/postfix to 2.3.4
Postfix 2.3 Patch 04 fixes minor problems as detailed in the change
history below. The patch as well as complete source code tarballs
were uploaded last week to the mirrors listed at http://www.postfix.org/
20060831
Bugfix (introduced with initial implementation): missing
"dict_errno = 0" caused mis-leading error messages after
non-error lookup failure. Victor Duchovni. File:
util/dict_cidr.c.
Robustness: the default TLS cipher lists were changed from
!foo:ALL into ALL:!foo. Victor Duchovni. Files:
global/mail_params.h and documentation.
20060902
Bugfix (introduced Postfix 2.3): the LMTP client stripped
"inet": from the next-hop destination, but still used the
complete next-hop from the delivery request. File:
smtp/smtp_connect.c.
20060903
Cleanup: record loop detection. File: global/record.c.
20060929
Workaround: AIX 5.[1-3] getaddrinfo() creates socket address
structures with a non-zero port value. This breaks the
smtp_bind_address etc. features, and breaks inet_interfaces
settings with only one IP address. Problem reported by
Hamish Marson. Files: util/sock_addr.[hc], util/myaddrinfo.c.
Bugfix (introduced with the Postfix TLS patch): memory leak
in verify_extract_peer(). The OpenSSL documentation provides
no information on how subjectAltNames are managed. Sam
Rushing, ironport. File: tls/tls_client.c.
Bugfix (introduced with Postfix 2.2): smtp_generic_maps
turned on MIME conversion. File: smtp/smtp_proto.c.
Workaround: don't send SIZE information in the MAIL FROM
command when message content will be subject to 8bit ->
quoted-printable conversion. File: smtp/smtp_proto.c.
20061002
Compatibility: Sendmail now invokes the Milter connect
action with the verified hostname instead of the name
obtained with PTR lookup. File: smtpd/smtpd.c.
20061004
Cleanup: force space between mailq queueid+status and file
size items. File: showq/showq.c.
20061015
Cleanup: convert the Milter {mail_addr} and {rcpt_addr}
macro values to external form. File: smtpd/smtpd_milter.c.
Cleanup: the Milter {mail_addr} and {rcpt_addr} macros are
now available with non-SMTP mail. File: cleanup/cleanup_milter.c.
Cleanup: convert addresses in Milter recipient add/delete
requests to internal form. File: cleanup/cleanup_milter.c.
Cleanup: with non-SMTP mail, convert addresses in simulated
MAIL FROM and RCPT TO events to external form. File:
cleanup/cleanup_milter.c.
20061017
Cleanup: removed spurious warning when the cleanup server
attempts to bounce mail with soft_bounce=yes. Problem
reported by Ralf Hildebrandt. File: cleanup/cleanup_bounce.c.
Bugfix: null pointer bug when receiving a non-protocol
response on a cached SMTP/LMTP connection. Report by Brian
Kantor. Fix by Victor Duchovni. File: smtp/smtp_reuse.c.
More pkglint -Wall fixes.
Remove patch-ab and "rm -f auxiliary/MacOSX/Postfix.StartupItem/Postfix" in post-extract. I exchanges few mails with Wietse and he refused to fix the "==" lines and instructed me to simply remove the offending file. Instead of having a patch for a file which is not used by pkgsrc I think it makes sense to remove it.
Substitute _file_ with i to make pkglint happy.
Split SUBST_SED.postfix
Fixed few pkglint warnings.
Fixed few pkglint warnings.
Fixed few pkglint warnings.
Updated mail/postfix-2.3.3 - File corruption while executing a Milter "header insert" action with headers-only mail (found with dk-filter). Delivery agents would go into an infinite loop because some queue file update had been done in the wrong order. As a precaution, delivery agents now detect such loops, and the queue manager now saves such mail to the "corrupt" directory. - Segmentation fault in the SMTP client while saving a cached connection with unsent data. Postfix indexed some table with -1, because some I/O cleanup had been done in the wrong order. The same problem should exist in Postfix 2.2. - Postfix no longer announces its name in delivery status notifications. All other details of the default bounce text remain unchanged. The reason for this change is that too many people believe that Wietse provides a free helpdesk service that solves all their email problems.
Accept NetBSD 4.* as NETBSD4 to compile on NetBSD current. Bump PKGREVISION.
Pullup ticket 1767 - requested by ghen
bugfix update for postfix
Patch provided by the submitter.
This patch is a back-port of fixes from Postfix 2.3. The main
changes are:
- The PostgreSQL client was updated after major database API changes
in response to PostgreSQL security issues. This breaks support for
PGSQL versions prior to 8.1.4, 8.0.8, 7.4.13, and 7.3.15. Support
for these older releases requires major code changes that will have
to wait until Postfix 2.4.
- The Postfix SMTP client enforced Mandatory TLS only when talking
to an ESMTP server; enforcement did not happen if Postfix could
somehow be forced to send HELO instead of EHLO. This is minor
compared to the DNS spoofing issues that were fixed with Postfix
2.2.10.
Updated mail/postfix to 2.3.2 - Corrupted queue file after a request to modify a short message header, when that header was the last one in the message. - Panic after spurious Milter request when a client was rejected with "smtpd_delay_reject = no". - The Milter client is now more tolerant for redundant "data cleanup" requests. This avoids panic() calls for harmless conditions.
Updated mail/postfix to 2.3.1 Main changes in TLS support: - The Postfix SMTP client enforced mandatory TLS only when talking to an ESMTP server; enforcement did not happen if Postfix could somehow be forced to send HELO instead of EHLO. This problem also exists in Postfix 2.2, where it is is fixed with Postfix 2.2 patch 11. This is minor compared to the DNS spoofing issues that were fixed with Postfix 2.2.10. - Workaround for an interoperability problem introduced with Postfix 2.3. Some buggy TLS client implementations were unable to deliver mail because the Postfix SMTP server didn't send a TLS session ID. To disable the workaround specify "smtpd_tls_always_issue_session_ids = no"; this allows non-buggy TLS clients to save some space. Main changes in Milter support: - Safety measure. After "postsuper -r", mail is no longer inspected by the Milters specified with the non_smtpd_milters parameter. This measure prevents a bad interaction with external content filters: Milters would receive incorrect SMTP client information, and could be tricked into signing or allowing untrusted messages. This change does not affect Milter applications that run behind an after-queue content filter. The behavior is detailed in the postsuper(1) manual page.
Updated mail/postfix to 2.3.0 This is the first version in the 2.3.x series, please see the release notes for full list of changes since 2.2.x before upgrading your current installation.
Fix default value of smtp_sasl_tls_security_options to use $smtp_sasl_security_options (as documented in postconf(5)) instead of $var_smtp_sasl_opts, which is never defined. This is a bug that exists in the Postfix-2.2.x series but has been fixed in the (current) Postfix-2.3.x series. This fixes PR pkg/29631 by Christoph Badura. Bump the PKGREVISION to 1.
Conflict with courier-mta.
Modify packages that set PKG_USERS and PKG_GROUPS to follow the new syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.
Pullup ticket 1340 - requested by martti
postfix update
Revisions pulled up:
- pkgsrc/mail/postfix/Makefile 1.179
- pkgsrc/mail/postfix/distinfo 1.97
Module Name: pkgsrc
Committed By: martti
Date: Fri Apr 7 09:08:30 UTC 2006
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
Log Message:
Updated mail/postfix to 2.2.10
- "sendmail -t" did not remove the CR from lines ending in CRLF.
- Workaround for fatal errors in PCRE maps when an expression in
() matches empty text (the PCRE library returns an inappropriate
error code).
- Fixes for non-security bugs that Coverity found in code that
handles impossible error conditions.
Updated mail/postfix to 2.2.10 - "sendmail -t" did not remove the CR from lines ending in CRLF. - Workaround for fatal errors in PCRE maps when an expression in () matches empty text (the PCRE library returns an inappropriate error code). - Fixes for non-security bugs that Coverity found in code that handles impossible error conditions.
Added USE_TOOLS+=perl
Fix pkg/32498 - install PREFIX/sbin/qshape Updated postfix to 2.2.9 Most of this patch hardens the TLS implementation against DNS-based attacks, and eliminates some anomalies from the TLS per-site policy engine. See the TLS_README document for tips on how to avoid DNS-based attacks that can change the server hostname that Postfix uses for logging, for TLS per-site policies, and for server certificate verification. The patch also adds a workaround that prevents Postfix from repeatedly trying to deliver mail to domains with a malformed MX record (for example, with a null MX hostname). Postfix 2.2.9 bounces such mail immediately.
Use SUBST framework for mailer.conf as well.
Pullup ticket 1012 - requested by Martti Kuparinen
postfix packages bugfix update
Revisions pulled up:
- pkgsrc/mail/postfix/Makefile 1.175
- pkgsrc/mail/postfix/distinfo 1.95
- pkgsrc/mail/postfix/patches/patch-ai 1.15
- pkgsrc/mail/postfix-current/Makefile 1.55
- pkgsrc/mail/postfix-current/distinfo 1.20
- pkgsrc/mail/postfix-current/options.mk 1.12
Module Name: pkgsrc
Committed By: martti
Date: Tue Jan 10 06:38:15 UTC 2006
Modified Files:
pkgsrc/mail/postfix: Makefile distinfo
pkgsrc/mail/postfix/patches: patch-ai
Log Message:
Updated postfix to 2.2.8
Postfix 2.2.8 backs out a workaround for broken servers/firewalls
that created more problems than it solved.
- The Postfix 2.2.6 paranoia about malformed remote server replies
caused "multiple delivery" problems or "no delivery" problems with
broken servers/firewalls. Postfix still logs a warning but no longer
defers delivery.
---
Module Name: pkgsrc
Committed By: martti
Date: Tue Jan 10 06:39:00 UTC 2006
Modified Files:
pkgsrc/mail/postfix-current: Makefile distinfo options.mk
Log Message:
Updated postfix-current to 2.3-20060103
Updated postfix to 2.2.8 Postfix 2.2.8 backs out a workaround for broken servers/firewalls that created more problems than it solved. - The Postfix 2.2.6 paranoia about malformed remote server replies caused "multiple delivery" problems or "no delivery" problems with broken servers/firewalls. Postfix still logs a warning but no longer defers delivery.
Bump PKGREVISION due to mysql.buildlink3.mk changes (default mysql pkg has been changed to 5.x). Reminded by wiz... thanks.
Pullup ticket 992 - requested by Martti Kuparinen
run-time directory handling fix for mail/{postfix,postfix-current}
Revisions pulled up:
- pkgsrc/mail/postfix/Makefile 1.173
- pkgsrc/mail/postfix-current/Makefile 1.53
Module Name: pkgsrc
Committed By: martti
Date: Sat Dec 31 15:16:18 UTC 2005
Modified Files:
pkgsrc/mail/postfix: Makefile
pkgsrc/mail/postfix-current: Makefile
Log Message:
Add ${POSTFIX_QUEUE_DIR}/etc to OWN_DIRS. Suggested by Jeremy C. Reed.
Add ${POSTFIX_QUEUE_DIR}/etc to OWN_DIRS. Suggested by Jeremy C. Reed.
Pullup ticket 982 - requested by Martti Kuparinen
improve rc script usability of mail/postfix and mail/postfix-current
Revisions pulled up:
- pkgsrc/mail/postfix/Makefile 1.172
- pkgsrc/mail/postfix-current/Makefile 1.52
- pkgsrc/mail/postfix-current/files/postfix.sh 1.4
- pkgsrc/mail/postfix/files/postfix.sh 1.5
Module Name: pkgsrc
Committed By: martti
Date: Fri Dec 30 06:29:41 UTC 2005
Modified Files:
pkgsrc/mail/postfix: Makefile
pkgsrc/mail/postfix-current: Makefile
pkgsrc/mail/postfix-current/files: postfix.sh
pkgsrc/mail/postfix/files: postfix.sh
Log Message:
Make sure ${spooletcdir} exists. Bump PKGREVISION as this affects
the binary package.
Make sure ${spooletcdir} exists. Bump PKGREVISION as this affects
the binary package.
Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk automatically detects whether we want the pkginstall machinery to be used by the package Makefile.
Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
Updated mail/postfix to 2.2.6 Postfix 2.2 patch 06 catches up with minor fixes that were fielded earlier in the experimental Postfix 2.3 snapshots.
Pullup ticket 911 - requested by Martti Kuparinen postfix bugfix Revisions pulled up: - pkgsrc/mail/postfix/Makefile 1.168 - pkgsrc/mail/postfix/distinfo 1.93 - pkgsrc/mail/postfix/patches/patch-ac removed - pkgsrc/mail/postfix-current/Makefile 1.46 - pkgsrc/mail/postfix-current/distinfo 1.18 - pkgsrc/mail/postfix-current/patches/patch-ac removed Module Name: pkgsrc Committed By: martti Date: Wed Nov 16 06:53:14 UTC 2005 Modified Files: pkgsrc/mail/postfix: Makefile distinfo pkgsrc/mail/postfix-current: Makefile distinfo Removed Files: pkgsrc/mail/postfix-current/patches: patch-ac pkgsrc/mail/postfix/patches: patch-ac Log Message: Removed patch-ac as it was no longer needed (and in fact should not be used) according to Wietse Venema. PKGREVISION++
Removed patch-ac as it was no longer needed (and in fact should not be used) according to Wietse Venema. PKGREVISION++
The real user name in PKG_USERS does not need to be escaped with double backslashes anymore. A single backslash is enough. Changed the definition in all affected packages. For those that are not caught, an additional check is placed into bsd.pkginstall.mk.
Pullup ticket 637 - requested by Grant Beattie
portability fix for postfix
Revisions pulled up:
- pkgsrc/mail/postfix/Makefile 1.166
- pkgsrc/mail/postfix/options.mk 1.20
Module Name: pkgsrc
Committed By: grant
Date: Sun Jul 31 03:46:05 UTC 2005
Modified Files:
pkgsrc/mail/postfix: Makefile options.mk
Log Message:
use ${LDFLAGS} in AUXLIBS so the chosen libdb can be found at runtime.
fixes build on Solaris.
use ${LDFLAGS} in AUXLIBS so the chosen libdb can be found at runtime.
fixes build on Solaris.
Updated postfix to 2.2.5 Postfix 2.2.5 addresses some portability problems with LP64 platforms that broke SMTP connection caching, and makes SMTP connection caching more failure tolerant. These fixes are back-ported from the experimental (2.3) release series. The connection caching protocol has changed, so you will need to "postfix reload" after upgrading.
Updated postfix to 2.2.4
20050517
Bugfix: in a DSN report, the original recipient should not
be xtext encoded. File: bounce/bounce_notify_util.c.
20050523
Bugfix: mymalloc() panic with mistyped server host list.
File: global/dict_pgsql.c.
20040530
Bugfix: TLS MUST_NOPEERMATCH didn't work (inherited from
TLS patch), and a dangling pointer in the corresponding
error handling. File: smtp/smtp_proto.c.
20050615
Cleanup: the SMTP client now sends QUIT when the initial
HELO handshake fails. it still doesn't send QUIT when the
server greets with a [45]XX code, as that is handled in the
connection management code before a session context exists.
File: smtp/smtp_connect.c.
20050616
Bugfix: missing or mis-placed va_end() macros, found in
Postfix 2.3 code review. Files: util/netstring.c,
util/myaddrinfo.c, util/attr_clnt.c, util/vstream.c.
20050621
Portability: file descriptor passing is available for Tru64
UNIX, but AIX4 and IRIX6 will have to do without. This means
no SMTP connection caching for those platforms. Albert
Chin. File: util/sys_defs.h.
Removed POSTFIX_EXAMPLE_FILES loop as it's no longer used. Noted by Yannick Gravel in a private mail.
Updated postfix to 2.2.3 - SASL inter-operability problem causing Sendmail servers to hang up on Postfix. - Panic when a fall-back relay could not be used for a variety of reasons.
Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.
Updated postfix to 2.2.2 - A more usable REPLACE action in header/body_checks. The old version produced unexpected results. - Portability to HP-UX. - Two harmless defects in the SMTP and LMTP clients that go back to before the first Postfix release, and that were found while doing code maintenance on the experimental release.
Fix up PLISTs and remove unused files left over from the incomplete package update in the previous commit.
Postfix 2.2.1 import. New features since 2.1.x: - built-in IPv6 and TLS (we no longer use patches--beware config changes!) - more sophisticated LDAP/MySQL/PostgreSQL support, with freeform queries - SMTP client-side connection reuse - by default, no longer rewrite message headers in mail from remote clients - can use your ISP account name for mail destined outside your machine - can selectively turn off ESMTP features in client or server - remote SMTP client resource control (the anvil server) - support for CDB, SDBM and NIS+ databases is now built into Postfix - new SMTP access control features - and more Caution: - You MUST stop 2.1.x and earlier versions before upgrading. - Use the postfix upgrade program to upgrade your main.cf/master.cf.
Updated postfix to 2.1.5nb5 * New IPv6 patch
The default location of the pkgsrc-installed rc.d scripts is now under share/examples/rc.d. The variable name already was named RCD_SCRIPTS_EXAMPLEDIR. This is from ideas from Greg Woods and others. Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism (as requested by wiz).
Fix "postfix/smtp killed by signal 11" problem.
Rename ALL_TARGET to BUILD_TARGET for consistency with other *_TARGETs. Suggested by Roland Illig, ok'd by various.
Fix thinko with previous commit -- the builtin db1 is okay to use. Bump the PKGREVISION to note the change in the default.
Use bdb.buildlink3.mk to get the DB library to use for the "hash" map type. All platforms now support the "hash" map type as a result. Remove the explicit dependencies on db4 and db2 on non-Linux and Linux, respectively. Bump the PKGREVISION.
Remove -g from compilation flags.
Updated postfix to 2.1.5 - The code to eliminate the local MTA from an MX address list did not handle the case that the local MTA could appear with different MX preferences in both inet_interfaces and proxy_interfaces. - The SMTP server's kiss-of-death message "421 Timeout exceeded" wasn't guarded by setjmp(). - The SMTP server didn't update the per-session error counter when a client was denied access with smtpd_delay_reject=no. - The Postfix sendmail command leaked file descriptors when it was unable to execute the postdrop mail submission command. - The bounce daemon sent the wrong type of bounce message when a - Plus some portability, safety and documentation fixes.
Support building STARTTLS support into Postfix without IPv6.
Reduce the number of patches needed by Postfix by using the subst framework and also by explicitly specifying more default values for Postfix parameters. Also pass -I/usr/pkg/include/sasl to the compiler when building using Cyrus SASLv2, which allows me to remove the patches that added an unnecessary USE_SASL2_AUTH check.
Rename Makefile.options to options.mk in the packages that I maintain. This follows the example of the mail/dovecot package, as suggested by <schmonz>.
Replace a few instances of ${PKGBASE} with "postfix". This has no effect
in this package, but simplifies maintaining the postfix-current package by
minimizing diffs between the two.
Convert to use bsd.options.mk. The relevant options variable to set for each package can be determined by invoking: make show-var VARNAME=PKG_OPTIONS_VAR The old options are still supported unless the variable named in PKG_OPTIONS_VAR is set within make(1) (usually via /etc/mk.conf).
Updated postfix to 2.1.4 * Bug fixes
Add CONFLICTS with the upcoming mail/fastforward update.
Teach the MESSAGE files about DOCDIR.
Install more of the example configuration files into installed examples directory. Back out modification to postfix-install that was ignoring our setting for config_directory.
Stop the proliferation of <PKG>_USE_<FOO> yes/no variables in the mail/postfix package -- create a new option "POSTFIX_OPTIONS" that is a list of optional add-ons that will be built into Postfix. Currently, it accepts any of "inet6 ldap mysql mysql4 prce sasl tls". Move the existing POSTFIX_USE_* variables into bsd.pkg.obsolete.mk. Also split out the optional add-ons into a separate Makefile.options so that the main Makefile workflow is a bit easier to understand. Lastly, collapse the pre-install target into the do-install target we run custom code for the whole install process anyway. Approved by martti.
The sample-*.cf files aren't installed, so refer the user to the SASL_README file for more info.
Rename POSTFIX_SPOOL to POSTFIX_QUEUE_DIR to more closely match the Postfix terminology.
Don't blindly run the post-install script; instead, tell the user to do so in the MESSAGE file. This makes upgrading existing Postfix installations less annoying.
Rename SHAREDIR to EXAMPLEDIR to more accurately reflect the contents and location of that directory.
/var/spool/postfix is stored in the Makefile variable POSTFIX_SPOOL. Be pedantic and substitute for it so that if we ever have a way to change it, postfix.sh will still be correct.
Use FILES_SUBST_SED instead of local make targets to do the same thing. FILES_SUBST_SED substitutes for @FOO@, so use that format for things to be replaced.
Pullup ticket 47 to the pkgsrc-2004Q2 branch, requested by Martti Kuparinen. Update postfix to 2.1.3. Module Name: pkgsrc Committed By: martti Date: Mon Jun 21 16:13:24 UTC 2004 Modified Files: pkgsrc/mail/postfix: Makefile PLIST PLIST.tls distinfo pkgsrc/mail/postfix/patches: patch-aa patch-ae patch-af patch-ag patch-ai Removed Files: pkgsrc/mail/postfix/patches: patch-ad patch-ba patch-bb patch-bc patch-bd Log Message: Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
New IPv6 patch * Bugfix: Misplaced myfree() caused a small memory leak. * Removed the colon (:) from the characters XFORWARD replaces by a question mark (IPv6 addresses looked like 2001?610?1108?5010?1 in logging).
Updated postfix to 2.1.3 This is the new 2.1.x series, please see www.postfix.org for complete list of changes since 2.0.20.
Use the latest IPv6 patch
Updated postfix to 2.0.20 - The postdrop mail submission command could die with SIGHUP and abort mail submission. This was observed with mail from cron jobs. - The MySQL client aborted with complaints about multiple attempts to register the same lookup table. This was observed in the proxymap daemon. - As a workaround for agressive SMTP command pipelining clients, the Postfix SMTP server now allows SMTP clients to overshoot the SMTP server recipient limit without triggering the server hard error limit, as long as the number of excess recipients stays within a hard-coded overshoot limit of 1000. If you have such clients then you also need to specify "smtpd_error_sleep_time = 0" or else performance will be poor. - The LMTP client attempted to reuse a connection after timeout, causing protocol synchronization errors. - The trivial-rewrite server could core dump after temporary table lookup failure. This was not observed in Postfix 2.0.
Drop localized *_USE_LDAP definitions and consistently use USE_OPENLDAP instead. As announced on tech-pkg. Most notably affected are Postfix, sendmail, Samba and cyrus-saslauthd. Be sure to update your mk.conf accordingly.
indent a couple of blocks, minor whitespace tweak
Correct variable names for BUILDLINK_PREFIX.db*; BUILDLINK_PREFIX.db is only valid with buildlink2, but not with buildlink3. This fixes PR pkg/25175.
db4 is needed in Linux when POSTFIX_USE_LDAP=YES (pkg/25120 by Jukka Salmi)
New IPv6 patch
New IPv6 patch.
Updated postfix to 2.0.19 - When mail is submitted at a high rate with the Postfix sendmail command, the pickup daemon is keps busy long enough that it it terminated by the watchdog timer (a feature that prevents Postfix from locking up permanently). - Malformed addresses in SMTP commands could result in table looks with zero-length search strings, causing trouble with NIS lookups.
add CONFLICT on sendmail, which also installs bin/mailq and bin/newaliases.
install rc.subr-style script on all platforms but NetBSD-1.5 and above (which already has a suitable /etc/rc.d/postfix).
move BUILD_DEFS outside of their respective conditionals, so the not defined/value output is shown at the start of the build.
move NetBSD specific MESSAGE to its own file.
run postfix's post-install with "command_directory=prefix/sbin" argument so it can find postconf. bump PKGREVISION.
Added optional postgresql support
New IPv6 patch
Make this work on Linux.
Updated postfix to 2.0.18
- A change in the line reading routines caused unexpected results
with lines ending in EOF. This change is undone.
- A portability problem with the test command ("test -e" is not
supported on older systems, while "test -f" does the job).
Updated postfix to 2.0.17 - Portability to MacOSX: Bind8 compatibility, core dumps in mailq and postdrop, and changes in netinfo support. - Elimination of some DNS lookup problems in third-party library routines (typically resulting in localhost not being found). - More agressive delivery to sites that defer a lot of mail. - Correction of a few obscure error messages. - Several small documentation fixes. - Minor fixes for robustness problems that no-one has experienced.
bl3ify
no need for PLIST_SUBST+=PKG_SYSCONFDIR
Pullup an installation fix from Johnny Lam to the pkgsrc-2003Q4 branch, requested by Jeremy Reed. revision 1.110 date: 2003/11/26 06:03:41; author: jlam; state: Exp; lines: +2 -2 Only install smtpd.conf if we're using SASL. Fixes bulk build breakage from Al's 20031124 results.
Only install smtpd.conf if we're using SASL. Fixes bulk build breakage from Al's 20031124 results.
A few more whitespace nits.
Whitespace fixes and rearrange a few lines to group related stuff together.
* With SASL2, the correct pwcheck_method to use the /etc/sasldb2 is "auxprop". * Modify the package so that the smtpd.conf file is initially stored with the other example files and copied over to its true location via CONF_FILES. This allows modifying the postfix installation to use some other SASL authenticaion method, e.g. PLAIN with saslauthd through TLS. * Only allow using one SASL library or the other, and prefer SASL2 to SASL1.
Sync with cyrus-sasl2's buildlink2.mk reality.
Be the MAINTAINER for this package.
enable use of sasl2
Updated postfix to 2.0.16 * bug fixes * new IPv6 patch
Updated postfix to 2.0.14 * Produce a warning when host:port specifies a badly formatted numerical port. * New IPv6 patch.
s/netbsd.org/NetBSD.org/
Updated postfix to 2.0.13 - After "postfix reload", the master daemon now warns when the inet_interfaces parameter setting has changed, and ignores the change, instead of passing incorrect information to the smtp server. - After the postdrop command change with Postfix 2.0.11, the postcat command no longer recognized "maildrop" queue files as valid. - Mail could bounce when two messages were delivered simultaneously to a non-existent mailbox file. The safe_open() code that prevents race condition exploits will now try a little harder when it actually encounters a race condition. - Updated the IPv6 patch.
Updated postfix to 2.0.12 - Stricter smtpd input checks rejected invalid addresses starting with @. - Stricter postdrop input checks broke "sendmail -bs". - New "postcat -q" (search the queue for the named file) support from snapshot release because I can no longer see people suffer. - Allow <@site,@site:address> route addresses in SMTP commands. This address form was deprecated years ago. - "sendmail -q<time>" without -bd option now exits immediately, instead of waiting for input and screwing up system boot sequences. - The Postfix LMTP client used the wrong service name, causing trouble with SASL 2.1.13. - Turned off non-blocking write to pipe because too many systems gave an unexpected write() result, causing partial delivery of messages to commands like procmail.
Use tech-pkg@ in favor of packages@ as MAINTAINER for orphaned packages. Should anybody feel like they could be the maintainer for any of thewe packages, please adjust.
Remove commented out PKGREVISION line.
Update postfix to 2.0.10. - Ugly but harmless warnings from nqmgr after "postsuper -r" to requeue files that already had some recipients delivered. - The proxy_read_maps parameter did not recognize "," as separator. - The local delibery agent now defers delivery after .forward etc. file read error. - The message_size_limit was applied when running "newaliases", so that the result alias database could be truncated on systems with very small message size limits. The official release changes for bugfixes and portability issues only.
Updated the IPv6 patch. IPv6 support is activated by setting POSTFIX_USE_INET6=YES in /etc/mk.conf before building this package.
Dependency bumps, needed because of devel/pth's major bump, and related dependency bumps.
- Move all "share" files to share/examples/postfix; all of them are used as samples, either by the user or by bsd.pkg.install.mk. - Correctly handle configuration files, that is, avoid touching the conf directory directly. - Use OWN_DIRS to handle the spool directory. - Run post-install through an INSTALL script. - Sort PLIST after all these changes. - Bump PKGREVISION to 1.
Updated postfix to 2.0.9 - The SMTP client did not deliver a partial last line when someone submitted 8BITMIME mail not ending in newline via /usr/sbin/sendmail while MIME input processing was turned off, and MIME 8bit->7bit conversion was requested upon delivery.
Updated postfix to 2.0.8 - Postfix processes now abort when given a net/mask pattern with a non-zero host portion (for example, 168.100.189.2/28), instead of risking to become an open mail relay. - Workaround for file system clock drift that caused Postfix to ignore new mail (this could happen with queue file systems mounted from a server).
Update ipv6+tls patch in comment (and distinfo).
Undo PKGREVISION bump (not necessary since the whole package was updated to 2.0.7).
Add PKGREVISION=1 [wiz told me so]
- upgrade to 2.0.7 - add kim's recipient canonicalization patch. NOTE: TLS was disabled and is still disabled in this version.
(1) Publicly export the value of _OPSYS_RPATH_NAME as RPATH_FLAG;
Makefiles simply need to use this value often, for better or for
worse.
(2) Create a new variable FIX_RPATH that lists variables that should
be cleansed of -R or -rpath values if ${_USE_RPATH} is "no". By
default, FIX_RPATH contains LIBS, X11_LDFLAGS, and LDFLAGS, and
additional variables may be appended from package Makefiles.
Update tls+ipv6 patch in comment. Is it still need commented out? (Though I can't test completely either...)
Updated postfix to 2.0.6 Postfix 2.0 patchlevel 6 intends to protect vulnerable Sendmail systems against exploitation of a remote buffer overflow problem that is described in CERT advisory CA-2003-07. - Postfix now truncates non-address information in message address headers (comments, etc.) to 250 characters per address. This should rarely present a problem. Reportedly, junk mail from poorly written software can trigger the protection, but that is no great loss. - Some little fixes to documentation.
Updated postfix to 2.0.5 - The SMTP server's hard and soft error limits were off by one. With "smtpd_hard_error_limit = 1", Postfix will now disconnect after the first error, instead of the second one. - The proxymap server could deadlock when the mydestination parameter setting included a proxymapped lookup table. - Some little fixes to documentation.
Use correct tls+ipv6 patch (still in comment). Previous was for different postfix snapshot.
Make tls+ipv6 patch up to date. NOT tested at all and still commented out.
Updated postfix to 2.0.4 - The format of maildir filenames is synchronized with the present version of the maildir definition document. This format was already adopted by the 20030126 snapshot release. - The time limit on delivery to external commands was not enforced. This was broken probably some time before the first public Postfix release. - Duplicate elimination after virtual alias expansion works again. This was broken with the introduction of the original recipient attribute. - The local pickup daemon dropped incomplete records from local submissions. This was broken somewhere in the middle of 2002.
+ Use PKG_SYSCONFDIR (/usr/pkg/etc/postfix) instead of /etc/postfix for
configuration.
+ Document how to use /etc/rc.conf.d/postfix on NetBSD 1.5 and newer
to start /usr/pkg/sbin/postfix instead of /usr/sbin/postfix
+ Ensure that the postfix user and the postfix & maildrop groups exist.
Adds Darwin support, and prevents a working NetBSD postfix setup from being
broken on a "make install" of this package because the package used to
change /etc/postfix/{post-install,postfix-files,postfix-script}.
These changes are mostly from Amitai Schlair <schmonz@netbsd.org>,
with some tweaks by me. (Thanks Amitai!)
Instead of including bsd.pkg.install.mk directly in a package Makefile, have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set to "YES". This enforces the requirement that bsd.pkg.install.mk be included at the end of a package Makefile. Idea suggested by Julio M. Merino Vidal <jmmv at menta.net>.
- Use the latest IPv6+TLS patch (tls+ipv6-1.12-pf-2.0.3), and include it in distinfo. (still commented out.) - Comment out POSTFIX_USE_TLS part in Makefile since the patch is out of date now.
Updated postfix to 2.0.3 - Postfix 2.0 broke relocated table lookup results with mail not rejected at the SMTP port, causing "User has moved to" text to be deleted. - A widely used maildir filename generating algorithm was broken. This affects all Postfix versions with maildir support. Instead of TIME.PID_COUNT.HOST Postfix now uses TIME.DEVICE_INODE.HOST. - Postfix 2.0 gave incorrect FILTER_README instructions for sites that wish to disable virtual alias mapping before the content filter.
Use the latest IPv6+TLS patch (it's still commented-out).
Updated postfix to 2.0.2 - Added MAILER-DAEMON to the list of always recognized local addresses, since it is generated by Postfix bounces. - Bugfix: transport_errno was not reset upon successful transport map wildcard lookup after an earlier failure. - Cleanup: unnecessary warnings from the proxymap client after proxymap server disconnect. - Cleanup: Patrik Rak found a few more chattr invocations that were missed 20021209. Files: postfix-install, conf/post-install. - Cleanup: the pcre-config command can produce null outputs. - Bugfix: the virtual(8) Makefile included $(AUXLIBS) in the dependencies. - Bugfix: fixed in the snapshots 20030105 but missed in the stable release. "sendmail -bs" tried to access the proxymap service. It should not try to open any user/domain/uce related tables at all.
Re-organized the IPv6 patch stuff. The IPv6 support is still commented-out even though it seems to work now. Why commented-out? This patch also includes a TLS patch and I don't know if it's better/more stable/whatever compared to the existing TLS patch. What I'd like to have is a separate patch for IPv6 and TLS. According to the author this is available in the near future.
Updated postfix to 2.0.0.2 IMPORTANT: read the documents in /usr/pkg/share/doc/postfix/ before upgrading from Postfix 1.1. Hightlights: - MIME support (including 8bit->7bit conversion and more accurate matching of MIME headers in message bodies) - completely rewritten RBL client code - smarter handling of DNS lookup errors in UCE restrictions - virtual delivery agent without transport map for every domain - a long list of other things that are meant to improve performance or functionality without compromising what already existed.
- Added support for LDAP (provided by Ron Roskens in PR#19173, minor path fixes by me) - Sorted POSTFIX_USE_xxx options
Updated postfix to 1.1.12 - The garbage in "user@garbage"@domain address forms may cause the SMTP or LMTP client to terminate with a fatal error exit because garbage/tcp is not an existing service. This cannot be abused to cause the SMTP or LMTP client to send data into unauthorized ports.
Convert to buildlink2.
Depends on cyrus-sasl with its version. (Postfix's document claims it works with cyrus-sasl 1.5.5 at least.)
Added support for TLS. To use this, set POSTFIX_USE_TLS=YES in /etc/mk.conf. To verify the TLS support, type # /usr/pkg/sbin/postconf | grep tls Submitted by Dawid Szymanski in pkg/17570.
Make fils recognize compile options (POSTFIX_USE_MYSQL, ...) Fixes PR 17465 by Dawid Szymanski <dawszy@tgr.lubin.edu.pl>
Merge from pkgsrc-current to buildlink2 branch.
Honor "${CC}" and "${CFLAGS}" during build. This fixes PR pkg/17052
by Mipam.
Updated postfix to 1.1.11 * Cleanup: Mailbox-Line: message header labels should be X-Mailbox-Line: labels * The SMTP server now disallows RCPT TO:<"">, just like it disallows RCPT TO:<> * Replace domain.name by domain.tld in the example config files * The Postfix sendmail command did not export the MAIL_CONFIG environment setting to the postdrop command
Updated postfix to 1.1.10 (released 2002-05-14) - Bugfix: the new code for header address quoting sometimes did not null terminate strings so that arbitrary garbage could appear at the end of message headers. - Safety: user@domain@domain is no longer accepted by the permit_mx_backup UCE restriction (unless Postfix is configured with "resolve_dequoted_address = no").
Updated postfix to 1.1.9 * add a MESSAGE file to describe how to activate postfix (pkg/13335) Changes: * Close user@domain@postfix-style.virtual.domain source routing relaying loophole involving postfix-style virtual domains with @virtual.domain catch-all patterns * mail_addr_map() used the "wrong" @ character in addresses with multiple @. * For address localpart quoting, now quote @ as a special character everywhere, except when resolving addresses. Previously, the @ was nowhere quoted as a special character, not even in SMTP commands. * Don't allow an OK access rule lookup result for user@domain@postfix-style.virtual.domain. * Quote unquoted address localparts that need quoting. * The SMTP client logged and bounced the CNAME expanded recipient address, and thereby complicated trouble shooting. * The SMTP and LMTP clients bounced the quoted recipient address, resulting in too much quoting in bounce reports. * The LDAP client used the "wrong" @ character in addresses with multiple @. * Forwards "postqueue -r" compatibility with the additional queue file records that are stored by snapshot 20050512. * Specify "resolve_dequoted_address = no" to prevent Postfix from looking inside quotes for extra @ etc. characters when resolving an address. This behavior is technically more correct, but it opens a mail relay loophole with "user @domain"@domain when relaying mail to a Sendmail system.
Updated postfix to 1.1.8 - Postfix no longer attempts to build with GDBM support - The Postfix SMTP client forgot to quote whitespace etc. in a sender or recipient address when DNS lookup was turned off - Better error reporting in the postqueue command
Updated postfix to 1.1.7 - Violation of the defer_transports setting: the flush server could trigger mail delivery (as if ETRN was sent) while doing some internal housekeeping of per-destination logfiles. - Virtual mapping was broken for addresses with embedded whitespace in the recipient local part. - When the super-user runs "mailq" or "postqueue -p" (list mail queue) while the mail system is down, the postqueue command runs the showq command directly. However, postqueue did not pass on non-default configuration directory settings to the showq command, so that showq would report the default mail queue instead.
Updated postfix to 1.1.6 - The new code avoids problems with SMTP servers that will not receive mail with lines longer than the 1000 characters that are allowed by the SMTP standard. - The new code is more graceful in the handling of abnormally long message headers. It will no longer switch from "message header" to "message body" mode in the middle of an abnormally long message header line.
solaris install can only create one directory at a time
Added optional support for MySQL. To use this, set POSTFIX_USE_MYSQL=YES in /etc/mk.conf. To verify the MySQL support, type # /usr/pkg/sbin/postconf -m mysql Submitted by Dawid Szymañski in a private mail.
* Install main.cf and master.cf to /etc/postfix if they don't exist * Fixed some hardcoded paths (should fix pkg/13987)
Updated postfix to 1.1.5 - With patch 04, automatic change detection of DBM files was slightly broken (incremental updates would no longer be detected). The fix is to use separate file handles for locking and for change detection. - The trivial-rewrite server could dereference a dangling pointer after stripping a source route (@domain,domain:) from an address while append_at_myorigin=no. Although this setting is unsupported, Postfix should not SIGSEGV anyway. - The SMTP server replied with 552 (too much mail) when rejecting mail content. The SMTP standard defines no reply code for this situation, but one could argue that 550 is more appropriate. And so it shall be.
Updated postfix to 1.1.4 Major changes with release-20010228 =================================== Postfix produces DSN formatted bounced/delayed mail notifications. The human-readable text still exists, so that users will not have to be unnecessarily confused by all the ugliness of RFC 1894. Full DSN support will be later. This release introduces full content filtering through an external process. This involves an incompatible change in queue file format. Mail is delivered to content filtering software via an existing mail delivery agent, and is re-injected into Postfix via an existing mail submission agent. See examples in the FILTER_README file. Depending on how the filter is implemented, you can expect to lose a factor of 2 to 4 in delivery performance of SMTP transit mail, more if the content filtering software needs lots of CPU or memory. Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. The header_checks and body_checks features can be used to strip out unwanted data. Specify IGNORE on the right-hand side and the data will disappear from the mail. Support for SASL (RFC 2554) authentication in the SMTP server and in the SMTP and LMTP clients. See the SASL_README file for more details. This file still needs better examples. Postfix now ships with an LMTP delivery agent that can deliver over local/remote TCP sockets and over local UNIX-domain sockets. The LMTP_README file gives example, but still needs to be revised. Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination logfiles with information about what mail is queued for selected destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". Depending on the operating system type, mailboxes can be locked with one or more of "flock", "fcntl" or "dotlock". The command "postconf -l" shows the available locking styles. The default mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent.
Deprecate POSTFIX_USE_SASL_AUTH in favor of more generic USE_SASL.
s/root/${ROOT_USER}/g, now that the definition appears in the
defs.${OPSYS}.mk files.
Remove definitions of POSTFIX_USE_PCRE and POSTFIX_USE_SASL_AUTH, which I forgot to remove them before the previous committing ;-)
Add optional SMTP authentication support with cyrus-sasl. It is enabled by POSTFIX_USE_SASL_AUTH.
Enable IPv6 support again, this time as an optional feature. Set POSTFIX_USE_INET6=YES in /etc/mk.conf to activate the IPv6 support. Please note that this IPv6 patch is NOT fully tested and has some known security issues!
* Use ${MAKE_ENV} in do-configure. Without this small fix I wasn't able to
use PCRE with postfix.
* Move BUILD_DEFS+=POSTFIX_USE_PCRE inside ".if defined(POSTFIX_USE_PCRE)"
Changed POSTFIX_PCRE to POSTFIX_USE_PCRE
Correct configuration for pcre.
Updated to 20010228pl8. Changes since 20010228pl4nb1:
20010917
Bugfix: an address extension could be appended multiple
times to the result of a canonical or virtual map lookup.
File: global/mail_addr_map.c. Fix by Victor Duchovni,
Morgan Stanley.
Bugfix: because split_addr() would split an address even
when there was no data before the recipient delimiter, the
above bug could cause an address to grow exponentially in
size. Problem reported by Victor Duchovni, Morgan Stanley.
File: global/split_addr.c.
20010918
Bugfix: the mail_addr_map() fix was almost but not quite
right. It took two clever people and several iterations of
email to really fix the mail_addr_map() problem. Thanks
to Victor Duchovni and Liviu Daia.
20011016
Bugfix: As of 20000625, Errors-To: was broken, because the
code to extract the address was not moved from recipient
address rewriting to sender address rewriting. Problem
reported by Roelof Osinga @ nisser.com. File:
cleanup/cleanup_message.c.
20011023
Bugfix: the FILTER_README content filtering example had
not been updated to include the sendmail "-i" command line
option.
20011029
Bugfix: virtual map expansion terminated early because the
detection of self-referential entries was flawed. File:
cleanup/cleanup_map1n.c.
20011031
Bugfix: mail_date() mis-formatted negative time zone offsets
with fractional hours (-03-30 instead of -0330). Fix by
Chad House, greyfirst.ca. File: global/mail_date.c.
20011103
Bugfix: Postfix would log the wrong error text when locally
submitted mail was deferred due to "soft_bounce = yes".
Bugfix: The LDAP client dropped any entries that don't have
the result_attribute, but errored out when a DN didn't
exist. The behavior is now consistent: treat non-existant
DN's in a special result attribute expansion the same as
DN's with no attribute. LaMont Jones, HP.
20011114
Bugfix: reset the smtpd command transaction log between
deliveries. File: smtpd/smtpd.c.
20011115
Bugfix: reset the smtpd command transaction log between
non-deliveries. File: smtpd/smtpd.c.
remove IPv6 patch for safety. it seems that IPv6 patch has bad sideeffect on relaying determination.
Wildcard dependency on pcre. Addresses pkg/13754.
upgrade to 20010228-pl04. changes can be found below: ftp://ftp.yoyo.org/pub/mirrors/postfix/official/postfix-20010228-pl04.RELEASE_NOTES
upgrade to postfix-20010228-pl03. changes since pl02: 20010501 Bugfix: The SMTP server's 550 in reply to DATA should be a 554 response. And it wasn't Sendmail. Claus Assman. Bugfix: the INSTALL.sh test for non-interactive upgrade broke rooted installations that specify settings via the environment. Simon Mudd. Bugfix: mailq output is now really flushed one message at a time. File: sendmail/sendmail.c. 20010507 Bugfix: with soft_bounce=yes, the SMTP server would log 5xx replies even though it would send 4xx replies to the client (Phil Howard, ipal.net). File: smtpd/smtpd_check.c. 20010523 Bugfix: postsuper's temporary file detection logic needed fixing. Bugfix: memory leak in the LDAP client module. Alain Thivillon, France Teaser - Groupe Firstream. 20010525 Bugfix: the SMTP and LMTP clients claimed that a queue file needed to be delivered again (even when all recipients were erased from the queue file) when no QUIT or RSET reply was received (by default, this does not happen with SMTP mail because the SMTP client does not wait for QUIT replies and does not send RSET to deliver mail). As a result of the same bug the LMTP client followed a dangling pointer when sending QUIT after process idle timeout while the LMTP server had disconnected. Files: smtp/smtp_proto.c, lmtp/lmtp_proto.c.
upgrade ipv6 patch. more fix for reverse lookup (!INET6 case)
use latest IPv6 patch. corrects !INET6 behavior (NetBSD PR 12876).
use postfix 20010228-pl02 from wietse.
20010403
Workaround: the mysql library can return null pointers
rather than zero-length strings.
20010404
Ergonomics: log additional information about the reason
why "mail for XXX loops back to myself", when the local
machine is the best MX host. File: smtp/smtp_addr.c.
20010406
Changed some noisy LDAP client warnings into optional
logging. LaMont Jones, util/dict_ldap.c.
20010411
Bugfix: the SMTP server now replies with 550 instead of
503 when it receives the DATA command without having received
a valid recipient address. This is needed for the Sendmail
client-side pipelining implementation. Problem reported by
Lutz Jaenicke. File: smtpd/smtpd.c.
Cleanup: shut up if chattr fails on Reiserfs and other file
systems that do not support the respective attributes.
Files: conf/postfix-script-{no,}sgid.
20010413
Ergonomics: Postfix applications now warn when a DB or DBM
file is out of date, and recommend to rebuild the table.
Files: util/dict_db.c, util/dict_dbm.c.
20010414
Bugfix: with a non-default inet_interfaces setting, the
master ignored host information in master.cf host:port
settings. Fix by Jun-ichiro itojun Hagino @ iijlab.net.
Files: master/master.h, master/master_ent.c.
20010426
Bugfix: the SMTP server did not parse invalid MAIL FROM or
RCPT TO addresses such as <first last <user@domain>> the
way it was supposed to do. I thought this was taken care
of years ago. File: smtpd/smtpd.c.
20010427
Bugfix: smtpd would reject mail instead of replying with
a 4xx temporary error code when, for example, an LDAP or
mysql server was unavailable. Remotely based on a fix by
Robert Kiessling @ de.easynet.net. File: smtpd/smtpd_check.c.
upgrade IPv6 patch (not really IPv6 problem, but a problem in patch to fix bug in original that is tickled by IPv6). avoid SEGV on reload.
upgrade IPv6 patch. correct kame stack determination. from hubert
fix pkgname to be legal - postfix-20010228-pl1 is *not* Remember: NO '-' IN PKG VERSION!
Remove unneeded '-' before ${MKDIR} or ${INSTALL_DATA_DIR}
use latest IPv6 patch. (1) issue with host:port syntax in master.cf (original bug, tickled by IPv6 support) (2) use RBL check only for IPv4 addrs
upgrade to 20010228-pl01. 20010313 Bugfix: the RFC 822 untokenizer quoted newlines inside comments. File: global/tok822_parse.c. 20010316 Cleanup: removed an extraneous warning when a queue file write error happened. 20010321 Workaround: LMTP connection caching never worked for destinations starting with unix: or inet:. File: lmtp/lmtp_connect.c. 20010322 Portability: Solaris <2.6 does not have srandom() and random() in libc. File: util/rand_sleep.c. It does not have to be cryptographically strong. Bugfix: the fast ETRN flush server could not handle [ipaddr] or domain names with one-character hostname part. This fix changes the destination to logfile name mapping, so that you need to populate the new files with "sendmail -q". The old files go away automatically. File: flush/flush.c. 20010327 Speed up mailq (sendmail -bp) display by flushing output after each file. File: showq/showq.c. Portability: missing string.h includes, %p wants (void *), Lamont Jones, HP. 20010328 Bugfix: swapped logic caused cleanup to stall when the queue file size exceeded the file size limit by less than one the VSTREAM buffer size, so that the "file too big" was detected after flushing the last queue file record. File: cleanup/cleanup.c. 20010329 Portability: workaround for missing prototype problem in dict_ldap.c. This module should move to the global directory, because it depends on Postfix main.cf parameter information.
pull latest IPv6 patch. corrects source address selection on outgoing, if config has "inet_interfaces=127.0.0.1". reported by thorpej.
resurrect, after nuking the right files in the wrong dir.
replaced by postfix pkg
Move files from postfix-current to postfix, as that's actually the latest release (it's also in the base src). Adresses PR 12426 by Martti Kuparinen <martti.kuparinen@iki.fi>
Cleanup MKDIR usage => INSTALL_*_DIR XXX need to teach pkglint to be more picky about this
Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.
Update to postfix-19991231pl13, since the pl12 distfile isn't available any more. Fixes pkg/11725 by Damon Brodie.
upgrade to patchlevel 12. patchlevel 11 -> 12 While processing massive amounts of one-recipient mail, the Postfix queue manager could deadlock for 10 seconds while sending a bounce message. In order to remedy this, all queue manager bounce send requests are now executed asynchronously. This problem was reported by El Bunzo (webpower.nl) and by Tiger Technologies (tigertech.com).
Update to postfix-19991231-pl11. Update provided by Mipam in private mail. Remove bogus MANCOMPRESSED_IF_MANZ.
$() -> ${}
Replace MIRROR_DISTFILES and NO_CDROM with the more descriptive and
more fine-grained NO_{BIN,SRC}_ON_{FTP,CDROM} definitions.
MIRROR_DISTFILES and NO_CDROM are now dead.
Update to postfix-19991231-pl08 Major changes with postfix-19991231-pl08: ========================================= Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick and dirty emergency content filter that looks at non-header lines one line at a time (including MIME headers inside the message body). Details in conf/sample-filter.cf. Incompatible changes with postfix-19991231-pl07: ================================================ As required by RFC 822, Postfix now inserts a generic destination message header when no destination header is present. The text is specified via the undisclosed_recipients_header configuration parameter (default: "To: undisclosed-recipients:;").
Add optional support for Perl Compatible Regular Expressions (POSTFIX_PCRE)
and Variable Envelope Return Paths (POSTFIX_VERP). Handle MANINSTALL using
separate PLIST.{catinstall,maninstall} files. Record the setting of all 3.
Some more changes besides the update to which Simon beat me: Create the /var/spool/postfix on install so that "postfix check" can create the directories below it. Create /etc/postfix/postfix-scrip on "make install". Make the library Makefiles DTRT on systems that don't understand MKXXX=no. Remover owner write permission from "maildrop" binary. Adjust offsets in a couple of patches.
Update Postfix to 19991231-pl06. Addresses PR pkg/9844 from Oleg Polyanski.
replaced some commands by their ${COMMAND} counterparts
Eek, where did the "PKGNAME= mhonarc-2.2.0" come from in the previous commit??
Remove "-" from package version - noted by Hubert Feyrer.
Update to postfix 19990906-pl02. From the release notes: Incompatible changes with postfix-19990906 ========================================== - On systems that use user.lock files to protect system mailboxes against simultaneous updates, Postfix now uses /file/name.lock files while delivering to files specified in aliases/forward/include files. This is a no-op when the recipient lacks directory write permission. - The LDAP client code no longer looks up a name containing "*" because it could be abused. See the LDAP_README file for how to restore previous behavior. - The Postfix to PCRE interface now expects PCRE version 2.08. Postfix is no longer compatible with PCRE versions prior to 2.06. Major changes with postfix-19990906 =================================== Several bugfixes, none related to security. See the HISTORY file for a complete list of changes. - Postfix is now distributed under IBM Public License Version 1.0 which does not carry the controversial termination clause. The new license does have a requirement that contributors make source code available. - INSTALL.sh install/upgrade procedure that replaces existing programs and shell scripts instead of overwriting them, and that leaves existing queue files and configuration files alone. - The ugly Delivered-To: header can now be turned off selectively. The default setting is: "prepend_delivered_header = command, file, forward". Turning off the Delivered-To: header when forwarding mail is not recommended. - mysql client support by Scott Cotton and Joshua Marcus, Internet Consultants Group, Inc. See the file MYSQL_README for instructions. - reject_unauth_destination SMTP recipient restriction that rejects destinations not in $relay_domains. Unlike the check_relay_domains restriction, reject_unauth_destination ignores the client hostname. By Lamont Jones of Hewlett-Packard. - reject_unauth_pipelining SMTP *anything* restriction to stop mail from spammers that improperly use SMTP command pipelining to speed up their deliveries. - Postfix "sendmail" now issues a warning and drops privileges if installed set-uid root. - No more duplicate delivery when "postfix reload" is immediately followed by "sendmail -q". - No more "invalid argument" errors when a Postfix daemon opens a DB/DBM file while some other process is changing the file. - Portability to the Mac OS X Server, Reliant Unix, AIX 3.2.5 and Ultrix 4.3.
CAPITAL_OPSYS and OS_MAJOR_VERSION are used in one package Makefile, but calculated every time bsd.prefs.mk is read. Correct the situation, and only calculate these when they are needed. Also save a few more cycles by hardcoding the LOWER_OPSYS values for known operating systems, rather than using expensive shell echo and tr commands every time bsd.prefs.mk is read.
Some packages use bsd-style .mk files when building, and so any manual pages that are installed will be gzip-compressed, if MANZ is set, or not if MANZ is not set. If the package uses bsd-style .mk files, the variable MANCOMPRESSED_IF_MANZ should be set to a value of "yes" in the package Makefile. This replaces the previous method of specific inclusion of bsd.prefs.mk, followed by a check for MANZ and conditional assignment of MANCOMPRESSED. Add appropriate documentation, and change all necessary ocurrences in package Makefiles.
argh, package was renamed. compensate
Update to 19990601
Make this work on linux (and possibly solaris) and fix a few hardcoded path bugs: - pass OPSYS to Makefile.inc, don't hardcode NETBSD1 - command_directory, daemon_directory, share_directory, man_directory were hard-coded to /usr/pkg, bleh! - and so was the ROOT_PATH.
Repeat after me: use of the period character as the chown(8) owner/group separator is obsolete.
Fix package list handling.
Add trailing "/" to home page URL to avoid redirect on access.
pkglint: - Rename package from "postfix-19990317pl05" to "postfix-19990317p05". - Remove unnecessary and wrong usage of "DISTFILES".
Make installation work with "MANZ=1".
remove the dash from the package name
postfix-19990317-pl0 package... Based on the version perry imported.