Path to this page:
Subject: CVS commit: pkgsrc/mail/postfix
From: Takahiro Kambe
Date: 2013-09-30 17:21:15
Message id: 20130930152115.7A41D9B@cvs.netbsd.org
Log Message:
Update postfix package to 2.10.2. Here is brief changes.
2.10.2
* TLS Interoperability workaround: turn on SHA-2 digests by force. This
improves interoperability with clients and servers that deploy SHA-2 digests
without the required support for TLSv1.2-style digest negotiation.
* TLS Performance workaround: the Postfix SMTP server TLS session cache had
become ineffective because recent OpenSSL versions enable session tickets by
default, resulting in a different ticket encryption key for each smtpd(8)
process. The workaround turns off session tickets. Postfix 2.11 will enable
session tickets properly.
* TLS Interoperability workaround: Debian Exim versions before 4.80-3 may fail
to communicate with Postfix and possibly other MTAs, with the following Exim
SMTP client error message:
TLS error on connection to server-name [server-address]
(gnutls_handshake): The Diffie-Hellman prime sent by the server is not
acceptable (not long enough)
See the RELEASE_NOTES file for a Postfix SMTP server configuration
workaround.
* Bugfix (defect introduced: 1997): memory leak while forwarding mail with the
local(8) delivery agent, in code that handles a cleanup(8) server error.
2.10.1
* Workaround: down-stream maintainers fail to install the new
smtpd_relay_restrictions safety net, causing breakage that could have been
avoided. We now hard-code the safety net instead.
2.10.0
* Separation of relay policy (with smtpd_relay_restrictions) from spam policy
(with smtpd_{client, helo, sender, recipient}_restrictions), which makes
accidental open relay configuration less likely. The default is backwards
compatible.
* HAproxy load-balancer support for postscreen(8) and smtpd(8). The nginx
proxy was already supported by Postfix 2.9 smtpd(8), using XCLIENT commands.
* Support for the TLSv1 and TLSv2 protocols, as well as support to turn them
off if needed for inter-operability.
* Laptop-friendly configuration. By default, Postfix now uses UNIX-domain
sockets instead of FIFOs, and thus avoids MTIME file system updates on an
idle mail system.
* Revised postconf(1) command. The "-x" option expands $name in a parameter
value (both main.cf and master.cf); the "-o name=value" option \
overrides a
main.cf parameter setting; and postconf(1) now warns about a $name that has
no name=value setting.
* Sendmail-style "socketmap" lookup tables.
Files: