Navigation:
Browse pkgsrc
(this page)
mail postfix
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ]| 2025-03-11 19:11:58 by Nia Alarie | Files touched by this commit (2) |
Log message: postfix: Build fixes for OpenBSD and Linux Found by drecklypkg ci. |
| 2025-03-11 17:49:20 by Nia Alarie | Files touched by this commit (1) |
Log message: postfix: Prefer HTTPS for MASTER_SITES |
2025-02-27 16:42:54 by Takahiro Kambe | Files touched by this commit (2) |  |
Log message:
mail/postfix: update to 3.10.1
3.10.1 (2025-02-24)
Fix for Postfix 3.10, 3.9, 3.8, 3.7, 3.6:
* Bugfix (defect introduced: 20250210): a recent 'fix' for the
default smtp_tls_dane_insecure_mx_policy setting resulted in
unnecessary 'dnssec_probe' warnings, on systems that disable
DNSSEC lookups (which is the default).
|
| 2025-02-22 17:00:18 by Takahiro Kambe | Files touched by this commit (4) | |
Log message:
mail/postfix: update to 3.10.0
Postfix 3.10.0 (2025/02/17)
Postfix stable release 3.10.0 is available. Postfix 3.6 - 3.9 were updated
earlier this week; after that, Postfix 3.6 will no longer be updated.
The main changes are below. See the RELEASE_NOTES file for further
details.
Changes that need restart:
* Internal protocol change: Postfix needs "postfix reload" (or \
"postfix
stop" and "postfix start") after upgrade, because of a change \
in the
delivery agent protocol. If this step is skipped, Postfix delivery
agents will log a warning:
unexpected attribute smtputf8 from xxx socket (expecting: sendopts)
where xxx is the delivery agent service name.
Changes in TLS support:
* Forward compatibility: Support for OpenSSL 3.5 post-quantum
cryptography. To manage algorithm selection, OpenSSL introduces new
TLS group syntax that Postfix will not attempt to imitate. Instead,
Postfix now allows the tls_eecdh_auto_curves and tls_ffdhe_auto_groups
parameter values to have an empty value. When both are set empty, the
algorithm selection can be managed through OpenSSL configuration. For
more, look for "Post-quantum" in the postconf(5) manpage.
* Support for the RFC 8689 "TLS-Required: no" message header to request
delivery of messages (such as TLSRPT summaries) even if the preferred
TLS security policy cannot be enforced. This limits the Postfix SMTP
client to "smtp_tls_security_level = may" which does not authenticate
server certificates and which allows falling back to plaintext.
* Support for the REQUIRETLS SMTP service extension will evolve in
Postfix 3.11.
* Support for the TLSRPT protocol (defined in RFC 8460). With this,
a domain can publish a policy in DNS that requests daily summary
reports for successful and failed SMTP-over-TLS connections to that
domain's MX hosts. This supports both DANE (built-in) and MTA-STS
(via an smtp_tls_policy_maps plugin). The implementation uses a
TLSRPT library and reporting infrastructure that are maintained by
sys4. For details, see TLSRPT_README.
Miscellaneous changes:
* Privacy: With "smtpd_hide_client_session = yes", the Postfix
SMTP server generates a Received: header without client session
info. This setting may be used with the MUA submission services
(port 465 and 587).
* Support for RFC 2047 encoding of non-ASCII "full name" information
in Postfix-generated From: message headers. Encoding non-ASCII full
names can avoid the need to use SMTPUTF8, and therefore can avoid
incompatibility with sites that do not support SMTPUTF8. See the
full_name_encoding_charset parameter description for details.
* Database performance: When mysql: or pgsql: configuration specifies
a single host, assume that it is a load balancer and reconnect
immediately after a single failure, instead of failing all requests
for 60s.
Changes in logging:
* The Postfix Milter implementation now logs the reason for a
'quarantine' action, instead of "milter triggers HOLD action".
* The SMTP server now logs the queue ID (or "NOQUEUE") when a connection
ends abnormally (timeout, lost connection, or too many errors),
and the cleanup server now logs "queueid: canceled" when a message
transaction is started but not completed. These changes simplify
logfile analysis.
* Dovecot SASL client logging for "Invalid authentication mechanism"
now includes the name of that mechanism.
* Postfix SMTP server 'reject' logging now shows the sasl_method,
sasl_username, and sasl_sender if available.
|
| 2025-02-17 16:31:51 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
mail/postfix: update to 3.9.2
Postfix 3.9.2 (2025-02-17)
* Forward compatibility: Support for OpenSSL 3.5 post-quantum
cryptography. To manage algorithm selection, OpenSSL introduces new
TLS group syntax that Postfix will not attempt to imitate. Instead,
Postfix now allows the tls_eecdh_auto_curves and tls_ffdhe_auto_groups
parameter values to have an empty value. When both are set
empty, the algorithm selection can be managed through OpenSSL
configuration. Viktor Dukhovni.
* Forward compatibility: ignore new queue file flag bits that may be
used with Postfix 3.10 and later. This is a safety in case a Postfix
3.10 upgrade needs to be rolled back, after the new TLS-Required
feature has been used.
* Performance: when a mysql: or pgsql: configuration specifies a single
host, assume that it is a load balancer and reconnect immediately
after a single failure, instead of failing all requests for 60s.
* Bugfix (defect introduced: Postfix 3.4, date 20181113): a server with
multiple TLS certificates could report, for a resumed TLS session,
the wrong server-signature and server-digest names in logging and
Received: message headers. Viktor Dukhovni.
* Bugfix (defect introduced: Postfix 3.3, date 20180107) small memory
leak in the cleanup daemon when generating a "From: full-name "
message header. The impact is limited because the number of requests
is bounded by the "max_use" configuration parameter. Found during
code maintenance.
* Bugfix (defect introduced: Postfix 3.0): the bounce daemon mangled
a non-ASCII address localpart in the "X-Postfix-Sender:" field of
a delivery status notification. It backslash-escaped each byte in a
multi-byte character. This behavior was implemented in Postfix 2.1
(no support for UTF8 local-parts), but it became incorrect after
SMTPUTF8 support was implemented in Postfix 3.0.
* Bugfix (defect introduced: Postfix 3.6): Reverted the default
smtp_tls_dane_insecure_mx_policy setting to "dane" as of Postfix
3.6.17, 3.7.13, 3.8.8, 3.9.2, and 3.10.0. By mistake the default was
dependent on the smtp_tls_security_level setting. Problem reported
by ?mer G?ven.
* Portability: added "include <sys_socket.h>" for a SUNOS5
workaround. Gary R. Schmidt.
|
| 2024-12-07 07:08:57 by Takahiro Kambe | Files touched by this commit (3) | |
Log message:
mail/postfix: update to 3.9.1
Postfix 3.9.1 (2024-12-04)
Postfix stable release 3.9.1, and legacy releases 3.8.7, 3.7.12,
3.6.16 [An on-line version of this announcement will be available
at https://www.postfix.org/announcements/postfix-3.9.1.html]
Fixed with Postfix 3.9.1:
* The mail_version configuration parameter did not have a
three-number value (3.9 instead of 3.9.0 (it still had the
two-number version from the development releases postfix-3.9-yyyymmdd).
This broke pathnames derived from the mail_version value, such
as shlib_directory. Problem reported by Michael Orlitzky.
Fixed with Postfix 3.9.1, 3.8.7, 3.7.12, 3.6.16:
* Bugfix (defect introduced: Postfix 2.9, date 20111218): with
"smtpd_sasl_auth_enable = no", the permit_sasl_authenticated
feature ignored information that was received with the XCLIENT
LOGIN command, so that the client was treated as unauthenticated.
This was fixed by removing an unnecessary test. Problem reported
by Antonin Verrier.
* Bugfix (defect introduced: postfix 3.0): the default master.cf
multi-instance information, which complicated logfile analysis.
Found during a support discussion.
* Bugfix (defect introduced: Postfix 2.3, date 20051222): file
descriptor leak after failure to connect to a Dovecot auth
server. The impact is limited because Dovecot auth failures are
rare, there are limits on the number of retries (one), on the
number of errors per SMTP session (smtpd_hard_error_limit), on
the number of sessions per SMTP server process (max_use), and
on the number of file handles per process (managed with sysctl).
Found during code maintenance.
* Bugfix (defect introduced: Postfix 3.4, date 20190121): the
postsuper command failed with "open logfile '/path/to/file':
Permission denied" when the maillog_file parameter specified a
filename and Postfix was not running. This was fixed by opening
the maillog_file before dropping root privileges. Found during
code maintenance.
* Bugfix (defect introduced Postfix 3.0). No autodetection of
UTF8 text when missing message headers were automatically
added by Postfix (for example, a From: header with UTF8 full
name information from the password file). This caused Postfix
to send UTF8 in message headers without using the SMTPUTF8
protocol. Problem reported by Michael Tokarev.
|
| 2024-11-14 23:22:33 by Thomas Klausner | Files touched by this commit (2429) |
Log message: *: recursive bump for icu 76 shlib major version bump |
| 2024-11-01 13:55:19 by Thomas Klausner | Files touched by this commit (2426) |
Log message: *: revbump for icu downgrade |
New packages: