From 586534ca8818535b0f286b7369f5d0347f59a25d Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Fri, 1 Mar 2019 00:00:00 -0500 Subject: [PATCH] postfix-3.5-20190301 --- postfix/HISTORY | 10 ++++++++++ postfix/README_FILES/DATABASE_README | 3 ++- postfix/README_FILES/FORWARD_SECRECY_README | 6 +++--- postfix/README_FILES/SMTPUTF8_README | 21 +++++++++++++++------ postfix/WISHLIST | 4 ++++ postfix/html/DATABASE_README.html | 3 ++- postfix/html/FORWARD_SECRECY_README.html | 4 ++-- postfix/html/SMTPUTF8_README.html | 19 +++++++++++++++---- postfix/proto/DATABASE_README.html | 3 ++- postfix/proto/FORWARD_SECRECY_README.html | 4 ++-- postfix/proto/SMTPUTF8_README.html | 19 +++++++++++++++---- postfix/src/global/mail_version.h | 2 +- 12 files changed, 73 insertions(+), 25 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 4540a81da..52751c546 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -24162,3 +24162,13 @@ Apologies for any names omitted. tested in tlsproxy mode. It needed some setup for buffering and timeouts. Problem report by Andreas Schulze. File: smtp/smtp_proto.c. + +20190226 + + Documentation: postconf(1) and DATABASE_README were out of + sync. Added a note that this should be deduplicated. File: + proto/DATABASE_README.html. + +20190227 + + Documentation: strict_smtputf8 in SMTPUTF8_README. diff --git a/postfix/README_FILES/DATABASE_README b/postfix/README_FILES/DATABASE_README index 97287f32a..99e10a755 100644 --- a/postfix/README_FILES/DATABASE_README +++ b/postfix/README_FILES/DATABASE_README @@ -269,7 +269,8 @@ To find out what database types your Postfix system supports, use the "ppooss {result1. ..., resultn}". Each table query returns a random choice from the specified results. The first and last characters of the "randmap: " table name must be "{" and "}". Within these, individual maps are - separated with comma or whitespace. + separated with comma or whitespace. To give a specific result more + weight, specify it multiple times. rreeggeexxpp (read-only) A lookup table based on regular expressions. The file format is described in regexp_table(5). The lookup table name as used in "regexp: diff --git a/postfix/README_FILES/FORWARD_SECRECY_README b/postfix/README_FILES/FORWARD_SECRECY_README index cf1bf1398..0d3fb12c7 100644 --- a/postfix/README_FILES/FORWARD_SECRECY_README +++ b/postfix/README_FILES/FORWARD_SECRECY_README @@ -219,8 +219,8 @@ EEEECCDDHH CClliieenntt ssuuppppoorrtt ((PPoossttffiix This works "out of the box" with no need for additional configuration. -Postfix >= 3.2 supports the curve negotitation API of OpenSSL >= 1.0.2. The -list of candidate curves can be changed via the "tls_eecdh_auto_curves" +Postfix >= 3.2 supports the curve negotiation API of OpenSSL >= 1.0.2. The list +of candidate curves can be changed via the "tls_eecdh_auto_curves" configuration parameter, which can be used to select a prioritized list of supported curves (most preferred first) on both the Postfix SMTP server and SMTP client. The default list is suitable for most users. @@ -426,7 +426,7 @@ multiple lines for readability): In the above connections, the "key-exchange" value records the "Diffie-Hellman" algorithm used for key agreement. The "server-signature" value records the -public key algoritm used by the server to sign the key exchange. The "server- +public key algorithm used by the server to sign the key exchange. The "server- digest" value records any hash algorithm used to prepare the data for signing. With "ED25519" and "ED448", no separate hash algorithm is used. diff --git a/postfix/README_FILES/SMTPUTF8_README b/postfix/README_FILES/SMTPUTF8_README index c2aa7ca36..5496a3b0d 100644 --- a/postfix/README_FILES/SMTPUTF8_README +++ b/postfix/README_FILES/SMTPUTF8_README @@ -253,12 +253,21 @@ localparts (and in headers) as before. The vast majority of email software is perfectly capable of handling such email, even if pre-SMTPUTF8 standards do not support such practice. -However, when you specify "smtputf8_enable = yes", Postfix requires that non- -ASCII address information is encoded in UTF-8 and will reject other encodings -such as ISO-8859. It is not practical for Postfix to support multiple encodings -at the same time. There is no problem with RFC 2047 encodings such as "=?ISO- -8859-1?Q?text?=", because those use only characters from the ASCII -characterset. +RReejjeeccttiinngg nnoonn--UUTTFF88 aaddddrreesssseess + +With "smtputf8_enable = yes", Postfix requires that non-ASCII address +information is encoded in UTF-8 and will reject other encodings such as ISO- +8859. It is not practical for Postfix to support multiple encodings at the same +time. There is no problem with RFC 2047 encodings such as "=?ISO-8859- +1?Q?text?=", because those use only characters from the ASCII characterset. + +RReejjeeccttiinngg nnoonn--AASSCCIIII aaddddrreesssseess iinn nnoonn--SSMMTTPPUUTTFF88 ttrraannssaaccttiioonnss + +Setting "strict_smtputf8 = yes" in addition to "smtputf8_enable = yes" will +enable stricter enforcement of the SMTPUTF8 protocol. Specifically, the Postfix +SMTP server will not only reject non-UTF8 sender or recipient addresses, it +will in addition accept UTF-8 sender or recipient addresses only when the +client requests an SMTPUTF8 mail transaction. CCoommppaattiibbiilliittyy wwiitthh IIDDNNAA22000033 diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 23f7e4e0f..35ab5c714 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -7,6 +7,10 @@ Wish list: Disable -DSNAPSHOT and -DNONPROD in makedefs. + Move map descriptions from postconf(1) to DATABASE_README + and point there. The text in DATABASE_README is less complete + than that in postconf(1). + make tls_pre_jail_init() safe by design for use in programs that implement both clients and servers. diff --git a/postfix/html/DATABASE_README.html b/postfix/html/DATABASE_README.html index dc10dd50e..fedb86230 100644 --- a/postfix/html/DATABASE_README.html +++ b/postfix/html/DATABASE_README.html @@ -403,7 +403,8 @@ databases. The lookup table name syntax is "proxy: Each table query returns a random choice from the specified results. The first and last characters of the "randmap:" table name must be "{" and "}". Within these, individual maps are separated with comma -or whitespace. +or whitespace. To give a specific result more weight, specify it +multiple times.
regexp (read-only)
diff --git a/postfix/html/FORWARD_SECRECY_README.html b/postfix/html/FORWARD_SECRECY_README.html index fe619c8a4..3bdb047f3 100644 --- a/postfix/html/FORWARD_SECRECY_README.html +++ b/postfix/html/FORWARD_SECRECY_README.html @@ -298,7 +298,7 @@ table.

This works "out of the box" with no need for additional configuration.

-

Postfix ≥ 3.2 supports the curve negotitation API of OpenSSL +

Postfix ≥ 3.2 supports the curve negotiation API of OpenSSL ≥ 1.0.2. The list of candidate curves can be changed via the "tls_eecdh_auto_curves" configuration parameter, which can be used to select a prioritized list of supported curves (most preferred @@ -549,7 +549,7 @@ postfix/smtp[process-id]:

In the above connections, the "key-exchange" value records the "Diffie-Hellman" algorithm used for key agreement. The "server-signature" value -records the public key algoritm used by the server to sign the key exchange. +records the public key algorithm used by the server to sign the key exchange. The "server-digest" value records any hash algorithm used to prepare the data for signing. With "ED25519" and "ED448", no separate hash algorithm is used.

diff --git a/postfix/html/SMTPUTF8_README.html b/postfix/html/SMTPUTF8_README.html index 3a90f31cb..1a3c8d5f1 100644 --- a/postfix/html/SMTPUTF8_README.html +++ b/postfix/html/SMTPUTF8_README.html @@ -346,12 +346,23 @@ in address localparts (and in headers) as before. The vast majority of email software is perfectly capable of handling such email, even if pre-SMTPUTF8 standards do not support such practice.

-

However, when you specify "smtputf8_enable = yes", Postfix +

Rejecting non-UTF8 addresses

+ +

With "smtputf8_enable = yes", Postfix requires that non-ASCII address information is encoded in UTF-8 and will reject other encodings such as ISO-8859. It is not practical for Postfix to support multiple encodings at the same time. There is no problem with RFC 2047 encodings such as "=?ISO-8859-1?Q?text?=", -because those use only characters from the ASCII characterset.

+because those use only characters from the ASCII characterset.

+ +

Rejecting non-ASCII addresses in non-SMTPUTF8 transactions

+ +

Setting "strict_smtputf8 = yes" in addition to "smtputf8_enable += yes" will enable stricter enforcement of the SMTPUTF8 protocol. +Specifically, the Postfix SMTP server will not only reject non-UTF8 +sender or recipient addresses, it will in addition accept UTF-8 +sender or recipient addresses only when the client requests an +SMTPUTF8 mail transaction.

Compatibility with IDNA2003

@@ -362,8 +373,8 @@ This makes Postfix behavior consistent with current versions of the Firefox and Chrome web browsers. Specify "enable_idna2003_compatibility = yes" to get the historical behavior.

-This affects the conversion of domain names that contain for example -the German sz (ß) and the Greek zeta (ς). See +

This affects the conversion of domain names that contain for +example the German sz (ß) and the Greek zeta (ς). See http://unicode.org/cldr/utility/idna.jsp for more examples.

Credits

diff --git a/postfix/proto/DATABASE_README.html b/postfix/proto/DATABASE_README.html index 828772e78..19bb9ae32 100644 --- a/postfix/proto/DATABASE_README.html +++ b/postfix/proto/DATABASE_README.html @@ -403,7 +403,8 @@ databases. The lookup table name syntax is "proxy:type:table". Each table query returns a random choice from the specified results. The first and last characters of the "randmap:" table name must be "{" and "}". Within these, individual maps are separated with comma -or whitespace. +or whitespace. To give a specific result more weight, specify it +multiple times.
regexp (read-only)
diff --git a/postfix/proto/FORWARD_SECRECY_README.html b/postfix/proto/FORWARD_SECRECY_README.html index 30fb5329d..eee8b0961 100644 --- a/postfix/proto/FORWARD_SECRECY_README.html +++ b/postfix/proto/FORWARD_SECRECY_README.html @@ -298,7 +298,7 @@ table.

This works "out of the box" with no need for additional configuration.

-

Postfix ≥ 3.2 supports the curve negotitation API of OpenSSL +

Postfix ≥ 3.2 supports the curve negotiation API of OpenSSL ≥ 1.0.2. The list of candidate curves can be changed via the "tls_eecdh_auto_curves" configuration parameter, which can be used to select a prioritized list of supported curves (most preferred @@ -549,7 +549,7 @@ postfix/smtp[process-id]:

In the above connections, the "key-exchange" value records the "Diffie-Hellman" algorithm used for key agreement. The "server-signature" value -records the public key algoritm used by the server to sign the key exchange. +records the public key algorithm used by the server to sign the key exchange. The "server-digest" value records any hash algorithm used to prepare the data for signing. With "ED25519" and "ED448", no separate hash algorithm is used.

diff --git a/postfix/proto/SMTPUTF8_README.html b/postfix/proto/SMTPUTF8_README.html index 381b3e074..9389297ad 100644 --- a/postfix/proto/SMTPUTF8_README.html +++ b/postfix/proto/SMTPUTF8_README.html @@ -346,12 +346,23 @@ in address localparts (and in headers) as before. The vast majority of email software is perfectly capable of handling such email, even if pre-SMTPUTF8 standards do not support such practice.

-

However, when you specify "smtputf8_enable = yes", Postfix +

Rejecting non-UTF8 addresses

+ +

With "smtputf8_enable = yes", Postfix requires that non-ASCII address information is encoded in UTF-8 and will reject other encodings such as ISO-8859. It is not practical for Postfix to support multiple encodings at the same time. There is no problem with RFC 2047 encodings such as "=?ISO-8859-1?Q?text?=", -because those use only characters from the ASCII characterset.

+because those use only characters from the ASCII characterset.

+ +

Rejecting non-ASCII addresses in non-SMTPUTF8 transactions

+ +

Setting "strict_smtputf8 = yes" in addition to "smtputf8_enable += yes" will enable stricter enforcement of the SMTPUTF8 protocol. +Specifically, the Postfix SMTP server will not only reject non-UTF8 +sender or recipient addresses, it will in addition accept UTF-8 +sender or recipient addresses only when the client requests an +SMTPUTF8 mail transaction.

Compatibility with IDNA2003

@@ -362,8 +373,8 @@ This makes Postfix behavior consistent with current versions of the Firefox and Chrome web browsers. Specify "enable_idna2003_compatibility = yes" to get the historical behavior.

-This affects the conversion of domain names that contain for example -the German sz (ß) and the Greek zeta (ς). See +

This affects the conversion of domain names that contain for +example the German sz (ß) and the Greek zeta (ς). See http://unicode.org/cldr/utility/idna.jsp for more examples.

Credits

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 654ea75f8..aa04858af 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20190221" +#define MAIL_RELEASE_DATE "20190301" #define MAIL_VERSION_NUMBER "3.5" #ifdef SNAPSHOT