Log message:
mail: Remove SHA1 hashes for distfiles

Log message:
mail/postfix: add blocklist PKG_OPTIONS and fix build problem

* Add blocklist PKG_OPTIONS.
* Fix build problem on no blocklist/blacklist supported system.
  (Reported by Matthias Ferdinand on pkgsrc-users@.)

Bump PKGREVISION.

Log message:
mail/postfix: update to 3.6.2

* pkgsrc change: Add supportfor blocklistd(3) (and blacklistd(3)).

* From release annuonce:

Fixed in Postfix 3.6.2, 3.5.12, 3.4.22, 3.3.19:

  * In Postfix 3.6, fixed a false "Result too large" (ERANGE) fatal
    error in the compatibility_level parser, because there was no
    'errno = 0' statement before an strtol() call. In Postfix
    3.3-3.5, fixed two older latent bugs of this kind (introduced
    in 1999 and in Postfix 2.11). Problem reported by David Bohman.

  * (problem introduced in Postfix 3.3) "Null pointer read" error
    in the cleanup daemon when "header_from_format = standard" (the
    default as of Postfix 3.3), and email was submitted with
    /usr/sbin/sendmail without From: header, and an all-space full
    name was specified in 1) the password file, 2) with "sendmail
    -F", or 3) with the NAME environment variable. Found by Renaud
    Metrich.

  * (problem introduced in Postfix 2.4) False "too many reverse
    jump" warnings in the showq daemon, because loop detection code
    was comparing memory addresses instead of queue file names.
    Reported by Mehmet Avcioglu.

  * (problem introduced in 1999) The Postfix SMTP server was sending
    all session transcripts to the error_notice_recipient (default:
    postmaster), instead of sending transcripts of bounced mail to
    the bounce_notice_recipient (default: postmaster). Reported by
    Hans van Zijst.

Fixed in Postfix 3.6.2, 3.5.12, 3.4.22:

  * The texthash: map implementation broke tls_server_sni_maps,
    because it did not support multi-file inputs. Reported by
    Christopher Gurnee, who also found an instance of the missing
    code in the "postmap -F" source code. File: util/dict_thash.c.

Log message:
mail/postfix: update to 3.6.1

3.6.1 (2021-06-14)

Fixed in Postfix 3.6.1, 3.5.11, 3.4.21, 3.3.18:

  * Bugfix (introduced: Postfix 2.11): the command "postmap
    lmdb:/file/name" (create LMDB database from textfile) handled
    duplicate input keys ungracefully, discarding entries stored
    up to and including the duplicate key, and causing a double
    free() call with lmdb versions 0.9.17 and later. Reported by
    Adi Prasaja; double free() root cause analysis by Howard Chu.

Fixed in Postfix 3.6.1, 3.5.11, 3.4.21:

  * Typo (introduced: Postfix 3.4): silent_discard should be
    silent-discard in BDAT_README.

Log message:
mail/postfix: update to 3.6.0

Postfix stable release 3.6.0 is available. This ends the support
for legacy release Postfix 3.2.

The main changes are below. See the RELEASE_NOTES file for further
details.

Incompatible changes:

  * This release requires "postfix stop" before updating, or before
    backing out to an earlier release, because some internal protocols
    have changed. Otherwise, long-running daemons (pickup, qmgr,
    verify, tlsproxy, postscreen) may fail to communicate with the
    rest of Postfix, causing mail delivery delays until Postfix is
    restarted.

  * Respectful logging. Postfix version 3.6 deprecates terminology
    that implies white is better than black. Instead, Postfix prefers
    'allowlist', 'denylist', and variations on those words. This
    change affects Postfix documentation, and postscreen parameters
    and logging.

    To keep the old postscreen logging set "respectful_logging =
    no" in main.cf before setting "compatibility_level = 3.6".  In
    any case, the old postscreen parameter names will keep working
    as before.

Other changes:

  * The minimum supported OpenSSL version is 1.1.1, which will reach
    the end of life by 2023-09-11. Postfix 3.6 is expected to reach
    the end of support in 2025. Until then, Postfix will be updated
    as needed for compatibility with OpenSSL.

    The default fingerprint digest has changed from md5 to sha256
    (Postfix 3.6 with compatibility_level >= 3.6). With a lower
    compatibility_level setting, Postfix defaults to using md5, and
    logs a warning when a Postfix configuration specifies no explicit
    digest type.

    The export-grade Diffie-Hellman key exchange is no longer
    supported, and the tlsproxy_tls_dh512_param_file parameter is
    ignored,

  * Better error messages when someone configures an incorrect
    program in master.cf. To recognize such mistakes, every Postfix
    internal service, including the postdrop command, announces the
    name of its protocol before doing any other I/O, and every
    Postfix client program, including the Postfix sendmail command,
    will verify that the protocol name matches what it expects.

  * Fine-grained control over the envelope sender address for
    submission with the Postfix sendmail (or postdrop) commands.

    Example:

    /etc/postfix/main.cf:
        # Allow root and postfix full control, anyone else can only
        # send mail as themselves. Use "uid:" followed by the numerical
        # UID when the UID has no entry in the UNIX password file.
        local_login_sender_maps =
            inline:{ { root = *}, { postfix = * } },
            pcre:/etc/postfix/login_senders

    /etc/postfix/login_senders:
       # Allow both the bare username and the user@domain forms.
        /(.+)/ $1 $1@example.com

  * Threaded bounces. This allows mail readers to present a
    non-delivery, delayed delivery, or successful delivery notification
    in the same email thread as the original message.

    Unfortunately, this also makes it easy for users to mistakenly
    delete the whole email thread (all related messages), instead
    of deleting only the delivery status notification.

    To enable, specify "enable_threaded_bounces = yes".

  * Postfix by default no longer uses the services(5) database to
    look up the TCP ports for SMTP and LMTP services. Instead, this
    information is configured with the new known_tcp_ports configuration
    parameter (default: lmtp=24, smtp=25, smtps=submissions=465,
    submission=587). When a service is not specified in known_tcp_ports,
    Postfix will still query the services(5) database.

  * Starting with Postfix version 3.6, the compatibility level is
    "3.6". In future Postfix releases, the compatibility level will
    be the Postfix version that introduced the last incompatible
    change. The level is formatted as 'major.minor.patch', where
    'patch' is usually omitted and defaults to zero. Earlier
    compatibility levels are 0, 1 and 2.

    This also introduces main.cf and master.cf support for the
    <=level, < level, and other operators to compare compatibility
    levels. With the standard <=, <, etc. operators, compatibility
    level 3.10 would be less than 3.9, which is undesirable.

Log message:
*: recursive bump for perl 5.34

Log message:
postfix: remove non-existent download site

Log message:
postfix: Update to 3.5.10

upstream changes:
-----------------
Fixed in 3.5.10:
  o Missing null pointer checks (introduced in Postfix 3.4) after an internal \ 
I/O error during the smtp(8) to tlsproxy(8) handshake. Found by Coverity, \ 
reported by Jaroslav Skarvada. Based on a fix by Viktor Dukhovni.
  o Null pointer bug (introduced in Postfix 3.0) and memory leak (introduced in \ 
Postfix 3.4) after an inline: table syntax error in main.cf or master.cf. Found \ 
by Coverity, reported by Jaroslav Skarvada. Based on a fix by Viktor Dukhovni.
  o Incomplete null pointer check (introduced: Postfix 2.10) after truncated \ 
HaProxy version 1 handshake message. Found by Coverity, reported by Jaroslav \ 
Skarvada. Fix by Viktor Dukhovni.
  o Missing null pointer check (introduced: Postfix alpha) after null argv[0] value.

Log message:
revbump for textproc/icu

Log message:
postfix: Update to 3.5.9

upstream changes:
-----------------
This update improves the reporting of DNSSEC problems that may affect DANE
security. DNSSEC support may unavailable because of local configuration, libc
incompatibility, or other infrastructure issues. This was backported from
Postfix 3.6.

Background: DNSSEC validation is needed for Postfix DANE support; this ensures
that Postfix receives TLSA records with secure TLS server certificate info.
When DNSSEC validation is unavailable, mail deliveries using opportunistic DANE
(security level 'dane') will not be protected by server certificate info in
TLSA records, and mail deliveries using mandatory DANE (security level
'dane-only') will not be made at all.

This update introduces the following behavior: when a process requests DNSSEC
support (typically, for Postfix DANE support), the process may now do a runtime
test to determine if DNSSEC validation is available.

The new dnssec_probe parameter specifies a DNS query type (default: \ 
"ns") and
DNS query name (default: ".") that Postfix may use to determine \ 
whether DNSSEC
validation is available. Specify an empty value to disable this feature.

When dnssec_probe is enabled, a Postfix process will send a DNSSEC probe after
1) the process made a DNS query that requested DNSSEC validation, 2) the
process did not receive a DNSSEC validated response to this query or to an
earlier query, and 3) the process did not already send a DNSSEC probe.

When the DNSSEC probe has no response, or when the response is not DNSSEC
validated, Postfix logs a warning that DNSSEC validation may be unavailable.
Examples:

warning: DNSSEC validation may be unavailable
warning: reason: dnssec_probe 'ns:.' received a response that is not DNSSEC validated
warning: reason: dnssec_probe 'ns:.' received no response: Server failure

With this update, the Postfix build system will no longer automatically disable
DNSSEC support when it determines that Postfix will use libc-musl. This removes
the earlier libc-musl workaround introduced with Postfix 3.2.15, 3.3.10,
3.4.12, and 3.5.2.