Update postfix package to 2.8.10.

Major changes with Postfix 2.8.10
---------------------------------

This release adds support to turn off the TLSv1.1 and TLSv1.2
protocols.  Introduced with OpenSSL version 1.0.1, these are known
to cause inter-operability problems with for example hotmail.

The radical workaround is to temporarily turn off problematic
protocols globally:

/etc/postfix/main.cf:
    smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
    smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2

    smtpd_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
    smtpd_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2

However, it may be better to temporarily turn off problematic
protocols for broken sites only:

/etc/postfix/main.cf:
    smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

/etc/postfix/tls_policy:
    example.com         may protocols=!SSLv2:!TLSv1.1:!TLSv1.2

Important:

- Note the use of ":" instead of comma or space. Also, note that
  there is NO space around the "=" in "protocols=".

- The smtp_tls_policy_maps lookup key must match the "next-hop"
  destination that is given to the Postfix SMTP client. If you
  override the next-hop destination with transport_maps, relayhost,
  sender_dependent_relayhost_maps, or otherwise, you need to specify
  the same destination for the smtp_tls_policy_maps lookup key.

1 files changed, 2 insertions, 3 deletions

diff --git a/mail/postfix/Makefile b/mail/postfix/Makefile
index 8937ca7d6df..dc14369d7d2 100644
--- a/mail/postfix/Makefile
+++ b/mail/postfix/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.249 2012/04/27 12:31:53 obache Exp $
+# $NetBSD: Makefile,v 1.250 2012/04/28 13:58:47 taca Exp $
 
-DISTNAME=	postfix-2.8.9
-PKGREVISION=	1
+DISTNAME=	postfix-2.8.10
 CATEGORIES=	mail
 MASTER_SITES=	ftp://ftp.porcupine.org/mirrors/postfix-release/official/
 MASTER_SITES+=	http://postfix.it-austria.net/releases/official/