pkgsrc/mail/postfix/Makefile, branch pkgsrc_2012Q2

Update postfix to 2.8.11.

2012-05-21T14:38:33Z

Changes from release announce: * OpenSSL related (all supported Postfix versions). o Some people have reported program crashes when the OpenSSL library was updated while Postfix was accessing the Postfix TLS session cache. To avoid this, the Postfix TLS session cache ID now includes the OpenSSL library version number. This cache ID is not shared via the network. o The OpenSSL workaround introduced with the previous stable and legacy releases did not compile with older gcc compilers. These compilers can't handle #ifdef inside a macro invocation (NOT: definition). * postscreen(8) related (Postfix 2.9, Postfix 2.8). o To avoid repeated warnings from postscreen(8) with "connect to private/dnsblog service: Connection refused" on FreeBSD, the dnsblog(8) daemon now uses the single_server program driver instead of the multi_server driver. This one-line code change has no performance impact for other systems, and eliminates a high-frequency accept() race on a shared socket that appears to cause trouble on FreeBSD. The same single_server program driver has proven itself for many years in smtpd(8). Problem reported by Sahil Tandon. * Laptop-friendly support (all supported Postfix versions). A little-known secret is that Postfix has always had support to avoid unnecessary disk spin-up for MTIME updates, by doing s/fifo/unix/ in master.cf (this is currently not supported on Solaris systems). However, two minor fixes are needed to make this bullet-proof. o In laptop-friendly mode, the "postqueue -f" and "sendmail -q" commands did not wait until their requests had reached the pickup and qmgr servers before closing their UNIX-domain request sockets. o In laptop-friendly mode, the unused postkick command waited for more than a minute because the event_drain() function was comparing bitmasks incorrectly on systems with kqueue(2), epoll(2) or /dev/poll support.

Update postfix package to 2.8.10.

2012-04-28T13:58:47Z

Major changes with Postfix 2.8.10 --------------------------------- This release adds support to turn off the TLSv1.1 and TLSv1.2 protocols. Introduced with OpenSSL version 1.0.1, these are known to cause inter-operability problems with for example hotmail. The radical workaround is to temporarily turn off problematic protocols globally: /etc/postfix/main.cf: smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 smtpd_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 smtpd_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 However, it may be better to temporarily turn off problematic protocols for broken sites only: /etc/postfix/main.cf: smtp_tls_policy_maps = hash:/etc/postfix/tls_policy /etc/postfix/tls_policy: example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2 Important: - Note the use of ":" instead of comma or space. Also, note that there is NO space around the "=" in "protocols=". - The smtp_tls_policy_maps lookup key must match the "next-hop" destination that is given to the Postfix SMTP client. If you override the next-hop destination with transport_maps, relayhost, sender_dependent_relayhost_maps, or otherwise, you need to specify the same destination for the smtp_tls_policy_maps lookup key.

Recursive bump from icu shlib major bumped to 49.

2012-04-27T12:31:32Z

Fix for recent SunOS platforms where support for NIS+ was dropped.

2012-03-09T14:58:41Z

Update postfix to 2.8.9.

2012-03-06T11:10:22Z

Postfix stable release 2.8.9 is available. This contains fixes that are already part of Postfix 2.9 and 2.10. * The "change header" milter request could replace the wrong header. A long header name could match a shorter one, because a length check was done on the wrong string. Reported by Vladimir Vassiliev. * Core dump when postlog emitted the "usage" message, caused by an extraneous null assignment. Reported by Kant (fnord.hammer). You can find the updated Postfix source code at the mirrors listed at http://www.postfix.org/.

More pcre PKGREVISION bumps.

2012-03-03T12:54:15Z

Update "postfix" package to version 2.8.8. Changes since version 2.8.7:

2012-02-19T18:19:23Z

- The Postfix sqlite client, introduced with Postfix 2.8, had an embarassing bug in its quoting routine. As the result of a last-minute code cleanup before release, this routine returned the unquoted text instead of the quoted text. The opportunities for mis-use are limited: Postfix sqlite database files are usually owned by root, and Postfix daemons usually run with non-root privileges so they can't corrupt the database. This problem was reported by Rob McGee (rob0). - The Postfix 2.8.4 fix for local delivery agent database lookup errors was incomplete. The fix correctly added new code to detect database lookup errors with mailbox_transport_maps, mailbox_command_maps or fallback_transport_maps, but it failed to log the problem, and to produce a defer logfile record which is needed for "delayed mail" and "mail too old" delivery status notifications. - The trace(8) service, used for DSN SUCCESS notifications, did not distinguish between notifications for a non-bounce or a bounce message, causing it to "reply" to mail with the null sender address. Problem reported by Sabahattin Gucukoglu. - Support for Dovecot auth over TCP sockets, using code that already existed for testing purposes. Patrick Koetter kindly provided an update for the SASL_README file. - Workaround in the LDAP client for changes in the under-documented OpenLDAP API, by Victor Duchovni.

Update postfix pacakge to 2.8.7.

2011-11-07T15:36:07Z

Postfix stable release 2.8.7 is available. This contains a workaround for a problem that is fixed in Postfix 2.9. * The postscreen daemon, which is not enabled by default, sent non-compliant SMTP responses (220- followed by 421) when it could not give a connection to a real smtpd process. These responses caused some remote SMTP clients to return mail as undeliverable. The workaround is to hang up after sending 220- without sending the 421 "sorry" reply; this is harmless. The complete fix involves too much change for a stable release: send the 220 greeting, wait for the EHLO command, then send the 421 "sorry" reply and hang up.

Update postfix to 2.8.6. From release announce:

2011-10-25T14:31:10Z

Postfix stable release 2.8.6, 2.7.7, 2.6.13 and 2.5.16 are available. These contain fixes that are also included with the Postfix 2.9 experimental release. * The Postfix SMTP daemon sent "bare" newline characters instead of when a header_checks REJECT pattern matched multi-line header. This bug was introduced with Postfix 1.1. * The Postfix SMTP daemon sent "bare" newline characters instead of when an smtpd_proxy_filter returned a multi-line response. This bug was introduced with Postfix 2.1. * For compatibility with future EAI (email address internationalization) implementations, the Postfix MIME processor no longer enforces the strict_mime_encoding_domain check on unknown message subtypes such as message/global*. This check is disabled by default. * The Postfix master daemon could report a panic error ("master_spawn: at process limit") after the process limit for some service was reduced with "postfix reload". This bug existed in all Postfix versions. You can find the updated Postfix source code at the mirrors listed at http://www.postfix.org/.

Update postfix pacakge to 2.8.5.

2011-09-03T15:18:20Z

[An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-2.8.5.html] Postfix stable release 2.8.5, 2.7.6, 2.6.12, and 2.5.15 are available. These contain fixes and workarounds for the Postfix Milter client that were already included with the Postfix 2.9 experimental release. * The Postfix Milter client logged a "milter miltername: malformed reply" error when a Milter sent an SMTP response without enhanced status code (i.e. "XXX Text" instead of "XXX X.X.X Text"). * The Postfix Milter client sent a random {client_connections} macro value when the remote SMTP client was not subject to any smtpd_client_* limit. As a workaround, it now sends a zero value instead.