2
0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 13:48:06 +00:00

postfix-3.5-20190301

This commit is contained in:
Wietse Venema
2019-03-01 00:00:00 -05:00
committed by Viktor Dukhovni
parent 2399e9e179
commit 586534ca88
12 changed files with 73 additions and 25 deletions

View File

@@ -24162,3 +24162,13 @@ Apologies for any names omitted.
tested in tlsproxy mode. It needed some setup for buffering
and timeouts. Problem report by Andreas Schulze. File:
smtp/smtp_proto.c.
20190226
Documentation: postconf(1) and DATABASE_README were out of
sync. Added a note that this should be deduplicated. File:
proto/DATABASE_README.html.
20190227
Documentation: strict_smtputf8 in SMTPUTF8_README.

View File

@@ -269,7 +269,8 @@ To find out what database types your Postfix system supports, use the "ppooss
{result1. ..., resultn}". Each table query returns a random choice from
the specified results. The first and last characters of the "randmap:
" table name must be "{" and "}". Within these, individual maps are
separated with comma or whitespace.
separated with comma or whitespace. To give a specific result more
weight, specify it multiple times.
rreeggeexxpp (read-only)
A lookup table based on regular expressions. The file format is
described in regexp_table(5). The lookup table name as used in "regexp:

View File

@@ -219,8 +219,8 @@ EEEECCDDHH CClliieenntt ssuuppppoorrtt ((PPoossttffiix
This works "out of the box" with no need for additional configuration.
Postfix >= 3.2 supports the curve negotitation API of OpenSSL >= 1.0.2. The
list of candidate curves can be changed via the "tls_eecdh_auto_curves"
Postfix >= 3.2 supports the curve negotiation API of OpenSSL >= 1.0.2. The list
of candidate curves can be changed via the "tls_eecdh_auto_curves"
configuration parameter, which can be used to select a prioritized list of
supported curves (most preferred first) on both the Postfix SMTP server and
SMTP client. The default list is suitable for most users.
@@ -426,7 +426,7 @@ multiple lines for readability):
In the above connections, the "key-exchange" value records the "Diffie-Hellman"
algorithm used for key agreement. The "server-signature" value records the
public key algoritm used by the server to sign the key exchange. The "server-
public key algorithm used by the server to sign the key exchange. The "server-
digest" value records any hash algorithm used to prepare the data for signing.
With "ED25519" and "ED448", no separate hash algorithm is used.

View File

@@ -253,12 +253,21 @@ localparts (and in headers) as before. The vast majority of email software is
perfectly capable of handling such email, even if pre-SMTPUTF8 standards do not
support such practice.
However, when you specify "smtputf8_enable = yes", Postfix requires that non-
ASCII address information is encoded in UTF-8 and will reject other encodings
such as ISO-8859. It is not practical for Postfix to support multiple encodings
at the same time. There is no problem with RFC 2047 encodings such as "=?ISO-
8859-1?Q?text?=", because those use only characters from the ASCII
characterset.
RReejjeeccttiinngg nnoonn--UUTTFF88 aaddddrreesssseess
With "smtputf8_enable = yes", Postfix requires that non-ASCII address
information is encoded in UTF-8 and will reject other encodings such as ISO-
8859. It is not practical for Postfix to support multiple encodings at the same
time. There is no problem with RFC 2047 encodings such as "=?ISO-8859-
1?Q?text?=", because those use only characters from the ASCII characterset.
RReejjeeccttiinngg nnoonn--AASSCCIIII aaddddrreesssseess iinn nnoonn--SSMMTTPPUUTTFF88 ttrraannssaaccttiioonnss
Setting "strict_smtputf8 = yes" in addition to "smtputf8_enable = yes" will
enable stricter enforcement of the SMTPUTF8 protocol. Specifically, the Postfix
SMTP server will not only reject non-UTF8 sender or recipient addresses, it
will in addition accept UTF-8 sender or recipient addresses only when the
client requests an SMTPUTF8 mail transaction.
CCoommppaattiibbiilliittyy wwiitthh IIDDNNAA22000033

View File

@@ -7,6 +7,10 @@ Wish list:
Disable -DSNAPSHOT and -DNONPROD in makedefs.
Move map descriptions from postconf(1) to DATABASE_README
and point there. The text in DATABASE_README is less complete
than that in postconf(1).
make tls_pre_jail_init() safe by design for use in programs
that implement both clients and servers.

View File

@@ -403,7 +403,8 @@ databases. The lookup table name syntax is "<a href="proxymap.8.html">proxy</a>:
Each table query returns a random choice from the specified results.
The first and last characters of the "<a href="DATABASE_README.html#types">randmap</a>:" table name must be
"{" and "}". Within these, individual maps are separated with comma
or whitespace. </dd>
or whitespace. To give a specific result more weight, specify it
multiple times. </dd>
<dt> <b>regexp</b> (read-only) </dt>

View File

@@ -298,7 +298,7 @@ table. </p>
<p> This works "out of the box" with no need for additional
configuration. </p>
<p> Postfix &ge; 3.2 supports the curve negotitation API of OpenSSL
<p> Postfix &ge; 3.2 supports the curve negotiation API of OpenSSL
&ge; 1.0.2. The list of candidate curves can be changed via the
"<a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a>" configuration parameter, which can be used
to select a prioritized list of supported curves (most preferred
@@ -549,7 +549,7 @@ postfix/smtp[<i>process-id</i>]:
<p> In the above connections, the "key-exchange" value records the
"Diffie-Hellman" algorithm used for key agreement. The "server-signature" value
records the public key algoritm used by the server to sign the key exchange.
records the public key algorithm used by the server to sign the key exchange.
The "server-digest" value records any hash algorithm used to prepare the data
for signing. With "ED25519" and "ED448", no separate hash algorithm is used.
</p>

View File

@@ -346,12 +346,23 @@ in address localparts (and in headers) as before. The vast majority
of email software is perfectly capable of handling such email, even
if pre-SMTPUTF8 standards do not support such practice. </p>
<p> However, when you specify "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = yes", Postfix
<h3> Rejecting non-UTF8 addresses </h3>
<p> With "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = yes", Postfix
requires that non-ASCII address information is encoded in UTF-8 and
will reject other encodings such as ISO-8859. It is not practical
for Postfix to support multiple encodings at the same time. There
is no problem with <a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a> encodings such as "=?ISO-8859-1?Q?text?=",
because those use only characters from the ASCII characterset. </p>
because those use only characters from the ASCII characterset. </p>
<h3> Rejecting non-ASCII addresses in non-SMTPUTF8 transactions </h3>
<p> Setting "<a href="postconf.5.html#strict_smtputf8">strict_smtputf8</a> = yes" in addition to "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>
= yes" will enable stricter enforcement of the SMTPUTF8 protocol.
Specifically, the Postfix SMTP server will not only reject non-UTF8
sender or recipient addresses, it will in addition accept UTF-8
sender or recipient addresses only when the client requests an
SMTPUTF8 mail transaction. </p>
<h2> <a name="idna2003">Compatibility with IDNA2003</a> </h2>
@@ -362,8 +373,8 @@ This makes Postfix behavior consistent with current versions of the
Firefox and Chrome web browsers. Specify "<a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a>
= yes" to get the historical behavior. </p>
This affects the conversion of domain names that contain for example
the German sz (ß) and the Greek zeta (ς). See
<p> This affects the conversion of domain names that contain for
example the German sz (ß) and the Greek zeta (ς). See
<a href="http://unicode.org/cldr/utility/idna.jsp">http://unicode.org/cldr/utility/idna.jsp</a> for more examples. </p>
<h2> <a name="credits">Credits</a> </h2>

View File

@@ -403,7 +403,8 @@ databases. The lookup table name syntax is "proxy:type:table".
Each table query returns a random choice from the specified results.
The first and last characters of the "randmap:" table name must be
"{" and "}". Within these, individual maps are separated with comma
or whitespace. </dd>
or whitespace. To give a specific result more weight, specify it
multiple times. </dd>
<dt> <b>regexp</b> (read-only) </dt>

View File

@@ -298,7 +298,7 @@ table. </p>
<p> This works "out of the box" with no need for additional
configuration. </p>
<p> Postfix &ge; 3.2 supports the curve negotitation API of OpenSSL
<p> Postfix &ge; 3.2 supports the curve negotiation API of OpenSSL
&ge; 1.0.2. The list of candidate curves can be changed via the
"tls_eecdh_auto_curves" configuration parameter, which can be used
to select a prioritized list of supported curves (most preferred
@@ -549,7 +549,7 @@ postfix/smtp[<i>process-id</i>]:
<p> In the above connections, the "key-exchange" value records the
"Diffie-Hellman" algorithm used for key agreement. The "server-signature" value
records the public key algoritm used by the server to sign the key exchange.
records the public key algorithm used by the server to sign the key exchange.
The "server-digest" value records any hash algorithm used to prepare the data
for signing. With "ED25519" and "ED448", no separate hash algorithm is used.
</p>

View File

@@ -346,12 +346,23 @@ in address localparts (and in headers) as before. The vast majority
of email software is perfectly capable of handling such email, even
if pre-SMTPUTF8 standards do not support such practice. </p>
<p> However, when you specify "smtputf8_enable = yes", Postfix
<h3> Rejecting non-UTF8 addresses </h3>
<p> With "smtputf8_enable = yes", Postfix
requires that non-ASCII address information is encoded in UTF-8 and
will reject other encodings such as ISO-8859. It is not practical
for Postfix to support multiple encodings at the same time. There
is no problem with RFC 2047 encodings such as "=?ISO-8859-1?Q?text?=",
because those use only characters from the ASCII characterset. </p>
because those use only characters from the ASCII characterset. </p>
<h3> Rejecting non-ASCII addresses in non-SMTPUTF8 transactions </h3>
<p> Setting "strict_smtputf8 = yes" in addition to "smtputf8_enable
= yes" will enable stricter enforcement of the SMTPUTF8 protocol.
Specifically, the Postfix SMTP server will not only reject non-UTF8
sender or recipient addresses, it will in addition accept UTF-8
sender or recipient addresses only when the client requests an
SMTPUTF8 mail transaction. </p>
<h2> <a name="idna2003">Compatibility with IDNA2003</a> </h2>
@@ -362,8 +373,8 @@ This makes Postfix behavior consistent with current versions of the
Firefox and Chrome web browsers. Specify "enable_idna2003_compatibility
= yes" to get the historical behavior. </p>
This affects the conversion of domain names that contain for example
the German sz (ß) and the Greek zeta (ς). See
<p> This affects the conversion of domain names that contain for
example the German sz (ß) and the Greek zeta (ς). See
http://unicode.org/cldr/utility/idna.jsp for more examples. </p>
<h2> <a name="credits">Credits</a> </h2>

View File

@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20190221"
#define MAIL_RELEASE_DATE "20190301"
#define MAIL_VERSION_NUMBER "3.5"
#ifdef SNAPSHOT