postfix-3.4-20180217

postfix/HISTORY

@@ -23324,3 +23324,9 @@ Apologies for any names omitted.
 	to take the software under the license of their choice.
 	Those who are more comfortable with the IPL can continue
 	with that license. File: LICENSE.
+
+20180217
+
+	Cleanup: added missing *_maps parameters to the default
+	proxy_read_maps setting. Files: global/mail_params.h,
+	mantools/missing-proxy-read-maps.

postfix/README_FILES/FORWARD_SECRECY_README

@@ -195,8 +195,8 @@ Linux). If the remote SMTP server supports cipher suites with forward secrecy
 between the server and client will resist decryption even if the server's long-
 term authentication keys are later compromised.
 
-Postfix >= 3.2 supports the curve negotitation API of OpenSSL >= 1.0.2. The
-list of candidate curves can be changed via the "tls_eecdh_auto_curves"
+Postfix >= 3.2 supports the curve negotiation API of OpenSSL >= 1.0.2. The list
+of candidate curves can be changed via the "tls_eecdh_auto_curves"
 configuration parameter, which can be used to select a prioritized list of
 supported curves (most preferred first) on both the Postfix SMTP server and
 SMTP client. The default list is suitable for most users.

postfix/RELEASE_NOTES-3.3

@@ -1,13 +1,13 @@
 This is the Postfix 3.3 (stable) release.
 
 The stable Postfix release is called postfix-3.3.x where 3=major
-release number, 3=minor release number, x=patchlevel.  The stable
+release number, 3=minor release number, x=patchlevel. The stable
 release never changes except for patches that address bugs or
 emergencies. Patches change the patchlevel and the release date.
 
 New features are developed in snapshot releases. These are called
 postfix-3.4-yyyymmdd where yyyymmdd is the release date (yyyy=year,
-mm=month, dd=day).  Patches are never issued for snapshot releases;
+mm=month, dd=day). Patches are never issued for snapshot releases;
 instead, a new snapshot is released.
 
 The mail_release_date configuration parameter (format: yyyymmdd)
@@ -30,30 +30,37 @@ Major changes - compatibility safety net
 
 [20180106] With compatibility_level < 1, the Postfix SMTP server
 now warns for mail that would be blocked by the Postfix 2.10
-smtpd_relay_restrictions feature. This extends the safety net for
-sites that upgrade from earlier Postfix versions (questions on the
-postfix-users list show a steady trickle). See COMPATIBILITY_README
-for details.
+smtpd_relay_restrictions feature, without blocking that mail. This
+extends the compatibility safety net for sites that upgrade from
+earlier Postfix versions (questions on the postfix-users list show
+there is a steady trickle). See COMPATIBILITY_README for details.
 
 Major changes - configuration
 -----------------------------
 
-[20170617] The postconf command warns about unknown parameter names
-in a Postfix database configuration file, specified as an absolute
-pathname.
+[20170617] The postconf command now warns about unknown parameter
+names in a Postfix database configuration file. As with other unknown
+parameter names, these warnings can help to find typos early.
 
 [20180113] New read-only service_name parameter that contains the
-master.cf service name. This parameter is set only in daemon
-processes. This allows, for example, setting the syslog_name in
-master.cf with "-o syslog_name=postfix/$service_name" for the
-"submission", "smtps", and "relay" services.
+master.cf service name of a Postfix daemon process (it that is empty
+in a non-daemon process). This can make Postfix SMTP server logging
+logging distinct by setting the syslog_name in master.cf with "-o
+syslog_name=postfix/$service_name" for the "submission" and "smtps"
+services, and can make Postfix SMTP client distinct by setting "-o
+syslog_name=postfix/$service_name" for the "relay" service.
 
 Major changes - container support
 ---------------------------------
 
 [20171218] Preliminary support to run Postfix in the foreground,
-with "postfix start-fg". This requires that multi-instance support
-is disabled.
+with "postfix start-fg". This requires that Postfix multi-instance
+support is disabled. To receive Postfix syslog information on the
+container's host, mount the host's /dev/log socket inside the
+container (example: "docker run -v /dev/log:/dev/log ..."), and
+specify a distinct Postfix "syslog_name" prefix that identifies the
+logging from the Postfix instance. Postfix does not log systemd
+events.
 
 Major changes - database support
 ---------------------------------
@@ -80,32 +87,32 @@ Major changes - invisible changes
 ---------------------------------
 
 [20170617] Additional paranoia in the VSTRING implementation: a
-null byte after the end of vstring buffers so that C-style string
-operations won't scribble past the end; earlier detection of bad
-length and precision format string specifiers (this just improves
-error handling, as format strings cannot be specified externally).
+null byte after the end of vstring buffers (this is a safety net
+so that C-style string operations won't scribble past the end);
+earlier detection of bad length and precision format string specifiers
+(these are the result of programming error, as Postfix format strings
+cannot be specified externally).
 
 Major changes - milter support
 ------------------------------
 
-[20170221] The Postfix Milter client no longer encloses single-letter
-macro names inside {}, even though this form is supported since
-Sendmail version 8.7.
-
 [20171223] Milter applications can now send RET and ENVID parameters
 in SMFIR_CHGFROM (change envelope sender) requests.
 
 Major changes - mixed IPv6/IPv4 support
 ---------------------------------------
 
-[20170505] Workaround for mail delivery problems with destinations
-that announce primarily IPv6 MX addresses but that are unreachable
-over IPv6, when the smtp_address_limit eliminates most or all IPv4
-addresses. This includes the case that Postfix IPv6 support is
-turned on, but the local machine has no IPv6 connectivity.
+[20170505] Workaround for mail delivery problems when 1) both Postfix
+IPv6 and IPv4 support are enabled, 2) some destination announces
+more primary IPv6 MX addresses than primary IPv4 MX addresses, 3)
+the destination is unreachable over IPv6, and 4) Postfix runs into
+the smtp_mx_address_limit before it can try to deliver over IPv4.
 
-The Postfix SMTP client will now attempt to schedule similar numbers
-of IPv4 and IPv6 addresses. Specify "smtp_balance_mx_inet_protocols
+When both Postfix IPv6 and IPv4 support are enabled, the Postfix
+SMTP client will now relax MX preferences so that it can schedule
+similar numbers of IPv4 and IPv6 destination addresses. This ensures
+that an IPv6 connectivity problem will not prevent mail from being
+delivered over IPv4 (and vice versa). Specify "smtp_balance_inet_protocols
 = no" to disable this workaround.
 
 Major changes - xclient

postfix/WISHLIST

@@ -2,12 +2,11 @@ Wish list:
 
 	Things to do before the stable release:
 
-	Spell-check, double-word check, and HTML validator check.
+	Spell-check, double-word check, HTML validator check,
+	mantools/missing-proxy-read-maps check.
 
 	Disable -DSNAPSHOT and -DNONPROD in makedefs.
 
-	Add $smtpd_sender_login_maps to proxy_read_maps.
-
 	After I/O error, store errno in VSTREAM object before errno
 	may be overwritten.
 

postfix/html/FORWARD_SECRECY_README.html

@@ -270,7 +270,7 @@ traffic between the server and client will resist decryption even
 if the server's long-term authentication keys are <i>later</i>
 compromised.  </p>
 
-<p> Postfix &ge; 3.2 supports the curve negotitation API of OpenSSL
+<p> Postfix &ge; 3.2 supports the curve negotiation API of OpenSSL
 &ge; 1.0.2.  The list of candidate curves can be changed via the
 "<a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a>" configuration parameter, which can be used
 to select a prioritized list of supported curves (most preferred

postfix/html/postconf.5.html

@@ -3228,12 +3228,10 @@ address.  </dd>
 <p> Note: with Postfix &le; 3.2 the "setting <a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a>
 = <b>no</b>" breaks address verification for addresses that are
 aliased or otherwise rewritten (Postfix is unable to store the
-addres verification result under the original probe destination
+address verification result under the original probe destination
 address; instead, it can store the result only under the rewritten
 address).  </p>
 
-</ul>
-
 <p> This feature is available in Postfix 2.1 and later. Postfix
 version 2.0 behaves as if this parameter is always set to <b>yes</b>.
 Postfix versions before 2.0 have no support for the original recipient
@@ -16102,7 +16100,7 @@ code when an address probe failed due to a temporary problem
 specifies the action after address probe failure due to a temporary
 problem (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>).  <br> This feature breaks for
 aliased addresses with "<a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> = no" (Postfix
-&le; 3.2).  <br> This feature is avaiable in Postfix 2.1 and later.
+&le; 3.2).  <br> This feature is available in Postfix 2.1 and later.
 </dd>
 
 </dl>

postfix/man/man5/postconf.5

@@ -2031,10 +2031,9 @@ address.
 Note: with Postfix <= 3.2 the "setting enable_original_recipient
 = \fBno\fR" breaks address verification for addresses that are
 aliased or otherwise rewritten (Postfix is unable to store the
-addres verification result under the original probe destination
+address verification result under the original probe destination
 address; instead, it can store the result only under the rewritten
 address).
-.br
 .PP
 This feature is available in Postfix 2.1 and later. Postfix
 version 2.0 behaves as if this parameter is always set to \fByes\fR.
@@ -10927,7 +10926,7 @@ This feature breaks for
 aliased addresses with "enable_original_recipient = no" (Postfix
 <= 3.2).
 .br
-This feature is avaiable in Postfix 2.1 and later.
+This feature is available in Postfix 2.1 and later.
 .br
 .br
 .PP

postfix/mantools/missing-proxy-read-maps

@@ -0,0 +1,41 @@
+#!/usr/bin/perl
+
+# Compares the list of parameter names that end in _maps in
+# proxy_read_maps, against the list of all parameter names that end
+# in _maps, and outputs the missing mail_params.h lines.
+
+$command = "bin/postconf -dh proxy_read_maps | tr ' ' '\12'";
+open(PROXY_READ_MAPS, "$command|")
+	|| die "can't execute $command: !$\n";
+while (<PROXY_READ_MAPS>) {
+    chomp;
+    next unless /\$(.+_maps)$/;
+    $proxy_read_maps{$1} = 1;
+}
+close(PROXY_READ_MAPS) || die "close $command: $!\n";
+
+$mail_params_h = "src/global/mail_params.h";
+open(MAIL_PARAMS, "<$mail_params_h")
+    || die "Open $mail_params_h";
+while ($line = <MAIL_PARAMS>) {
+    chomp;
+    if ($line =~ /^#define\s+(\S+)\s+"(\S+)"/) {
+	$mail_params{$2} = $1;
+    } elsif ($line =~/^#define\s+(\S+)\s+"address_verify_" VAR_SND_DEF_XPORT_MAPS/) {
+	$mail_params{"address_verify_sender_dependent_default_transport_maps"} = $1;
+    }
+}
+close(MAIL_PARAMS) || die "close $mail_params_h: !$\n";
+
+$command = "bin/postconf -H";
+open(ALL_PARAM_NAMES, "$command|")
+         || die "can't execute $command: !$\n";  
+while ($param_name = <ALL_PARAM_NAMES>) { 
+    chomp($param_name);
+    next unless ($param_name =~ /_maps$/);
+    next if ($param_name =~ /^(proxy_read|proxy_write)_maps$/);
+    next if defined($proxy_read_maps{$param_name});
+    die "unknown parameter: $param_name\n"
+	unless defined($mail_params{$param_name});
+    print "\t\t\t\t\" \$\" $mail_params{$param_name} \\\n";
+}

postfix/proto/FORWARD_SECRECY_README.html

@@ -270,7 +270,7 @@ traffic between the server and client will resist decryption even
 if the server's long-term authentication keys are <i>later</i>
 compromised.  </p>
 
-<p> Postfix &ge; 3.2 supports the curve negotitation API of OpenSSL
+<p> Postfix &ge; 3.2 supports the curve negotiation API of OpenSSL
 &ge; 1.0.2.  The list of candidate curves can be changed via the
 "tls_eecdh_auto_curves" configuration parameter, which can be used
 to select a prioritized list of supported curves (most preferred

postfix/proto/postconf.proto

@@ -1427,12 +1427,10 @@ address.  </dd>
 <p> Note: with Postfix &le; 3.2 the "setting enable_original_recipient
 = <b>no</b>" breaks address verification for addresses that are
 aliased or otherwise rewritten (Postfix is unable to store the
-addres verification result under the original probe destination
+address verification result under the original probe destination
 address; instead, it can store the result only under the rewritten
 address).  </p>
 
-</ul>
-
 <p> This feature is available in Postfix 2.1 and later. Postfix
 version 2.0 behaves as if this parameter is always set to <b>yes</b>.
 Postfix versions before 2.0 have no support for the original recipient
@@ -6612,7 +6610,7 @@ code when an address probe failed due to a temporary problem
 specifies the action after address probe failure due to a temporary
 problem (default: defer_if_permit).  <br> This feature breaks for
 aliased addresses with "enable_original_recipient = no" (Postfix
-&le; 3.2).  <br> This feature is avaiable in Postfix 2.1 and later.
+&le; 3.2).  <br> This feature is available in Postfix 2.1 and later.
 </dd>
 
 </dl>

postfix/src/global/mail_params.h

@@ -489,11 +489,11 @@ extern char *var_transport_maps;
 #define DEF_DEF_TRANSPORT	MAIL_SERVICE_SMTP
 extern char *var_def_transport;
 
-#define VAR_SND_DEF_XPORT_MAPS	"sender_dependent_" VAR_DEF_TRANSPORT "_maps"
+#define VAR_SND_DEF_XPORT_MAPS	"sender_dependent_default_transport_maps"
 #define DEF_SND_DEF_XPORT_MAPS	""
 extern char *var_snd_def_xport_maps;
 
-#define VAR_NULL_DEF_XPORT_MAPS_KEY	"empty_address_" VAR_DEF_TRANSPORT "_maps_lookup_key"
+#define VAR_NULL_DEF_XPORT_MAPS_KEY	"empty_address_default_transport_maps_lookup_key"
 #define DEF_NULL_DEF_XPORT_MAPS_KEY	"<>"
 extern char *var_null_def_xport_maps_key;
 
@@ -2389,7 +2389,29 @@ extern int var_local_rcpt_code;
 				" $" VAR_HELO_CHECKS \
 				" $" VAR_MAIL_CHECKS \
 				" $" VAR_RELAY_CHECKS \
-				" $" VAR_RCPT_CHECKS
+				" $" VAR_RCPT_CHECKS \
+				" $" VAR_VRFY_SND_DEF_XPORT_MAPS \
+				" $" VAR_VRFY_RELAY_MAPS \
+				" $" VAR_VRFY_XPORT_MAPS \
+				" $" VAR_FBCK_TRANSP_MAPS \
+				" $" VAR_LMTP_EHLO_DIS_MAPS \
+				" $" VAR_LMTP_PIX_BUG_MAPS \
+				" $" VAR_LMTP_SASL_PASSWD \
+				" $" VAR_LMTP_TLS_POLICY \
+				" $" VAR_MAILBOX_CMD_MAPS \
+				" $" VAR_MBOX_TRANSP_MAPS \
+				" $" VAR_PSC_EHLO_DIS_MAPS \
+				" $" VAR_RBL_REPLY_MAPS \
+				" $" VAR_SND_RELAY_MAPS \
+				" $" VAR_SMTP_EHLO_DIS_MAPS \
+				" $" VAR_SMTP_PIX_BUG_MAPS \
+				" $" VAR_SMTP_SASL_PASSWD \
+				" $" VAR_SMTP_TLS_POLICY \
+				" $" VAR_SMTPD_EHLO_DIS_MAPS \
+				" $" VAR_SMTPD_MILTER_MAPS \
+				" $" VAR_VIRT_GID_MAPS \
+				" $" VAR_VIRT_UID_MAPS \
+				" $" VAR_SND_DEF_XPORT_MAPS
 extern char *var_proxy_read_maps;
 
 #define VAR_PROXY_WRITE_MAPS	"proxy_write_maps"

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20180203"
+#define MAIL_RELEASE_DATE	"20180217"
 #define MAIL_VERSION_NUMBER	"3.4"
 
 #ifdef SNAPSHOT