2
0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-31 06:05:37 +00:00

postfix-3.5-20190301

This commit is contained in:
Wietse Venema
2019-03-01 00:00:00 -05:00
committed by Viktor Dukhovni
parent 2399e9e179
commit 586534ca88
12 changed files with 73 additions and 25 deletions

View File

@@ -24162,3 +24162,13 @@ Apologies for any names omitted.
tested in tlsproxy mode. It needed some setup for buffering tested in tlsproxy mode. It needed some setup for buffering
and timeouts. Problem report by Andreas Schulze. File: and timeouts. Problem report by Andreas Schulze. File:
smtp/smtp_proto.c. smtp/smtp_proto.c.
20190226
Documentation: postconf(1) and DATABASE_README were out of
sync. Added a note that this should be deduplicated. File:
proto/DATABASE_README.html.
20190227
Documentation: strict_smtputf8 in SMTPUTF8_README.

View File

@@ -269,7 +269,8 @@ To find out what database types your Postfix system supports, use the "ppooss
{result1. ..., resultn}". Each table query returns a random choice from {result1. ..., resultn}". Each table query returns a random choice from
the specified results. The first and last characters of the "randmap: the specified results. The first and last characters of the "randmap:
" table name must be "{" and "}". Within these, individual maps are " table name must be "{" and "}". Within these, individual maps are
separated with comma or whitespace. separated with comma or whitespace. To give a specific result more
weight, specify it multiple times.
rreeggeexxpp (read-only) rreeggeexxpp (read-only)
A lookup table based on regular expressions. The file format is A lookup table based on regular expressions. The file format is
described in regexp_table(5). The lookup table name as used in "regexp: described in regexp_table(5). The lookup table name as used in "regexp:

View File

@@ -219,8 +219,8 @@ EEEECCDDHH CClliieenntt ssuuppppoorrtt ((PPoossttffiix
This works "out of the box" with no need for additional configuration. This works "out of the box" with no need for additional configuration.
Postfix >= 3.2 supports the curve negotitation API of OpenSSL >= 1.0.2. The Postfix >= 3.2 supports the curve negotiation API of OpenSSL >= 1.0.2. The list
list of candidate curves can be changed via the "tls_eecdh_auto_curves" of candidate curves can be changed via the "tls_eecdh_auto_curves"
configuration parameter, which can be used to select a prioritized list of configuration parameter, which can be used to select a prioritized list of
supported curves (most preferred first) on both the Postfix SMTP server and supported curves (most preferred first) on both the Postfix SMTP server and
SMTP client. The default list is suitable for most users. SMTP client. The default list is suitable for most users.
@@ -426,7 +426,7 @@ multiple lines for readability):
In the above connections, the "key-exchange" value records the "Diffie-Hellman" In the above connections, the "key-exchange" value records the "Diffie-Hellman"
algorithm used for key agreement. The "server-signature" value records the algorithm used for key agreement. The "server-signature" value records the
public key algoritm used by the server to sign the key exchange. The "server- public key algorithm used by the server to sign the key exchange. The "server-
digest" value records any hash algorithm used to prepare the data for signing. digest" value records any hash algorithm used to prepare the data for signing.
With "ED25519" and "ED448", no separate hash algorithm is used. With "ED25519" and "ED448", no separate hash algorithm is used.

View File

@@ -253,12 +253,21 @@ localparts (and in headers) as before. The vast majority of email software is
perfectly capable of handling such email, even if pre-SMTPUTF8 standards do not perfectly capable of handling such email, even if pre-SMTPUTF8 standards do not
support such practice. support such practice.
However, when you specify "smtputf8_enable = yes", Postfix requires that non- RReejjeeccttiinngg nnoonn--UUTTFF88 aaddddrreesssseess
ASCII address information is encoded in UTF-8 and will reject other encodings
such as ISO-8859. It is not practical for Postfix to support multiple encodings With "smtputf8_enable = yes", Postfix requires that non-ASCII address
at the same time. There is no problem with RFC 2047 encodings such as "=?ISO- information is encoded in UTF-8 and will reject other encodings such as ISO-
8859-1?Q?text?=", because those use only characters from the ASCII 8859. It is not practical for Postfix to support multiple encodings at the same
characterset. time. There is no problem with RFC 2047 encodings such as "=?ISO-8859-
1?Q?text?=", because those use only characters from the ASCII characterset.
RReejjeeccttiinngg nnoonn--AASSCCIIII aaddddrreesssseess iinn nnoonn--SSMMTTPPUUTTFF88 ttrraannssaaccttiioonnss
Setting "strict_smtputf8 = yes" in addition to "smtputf8_enable = yes" will
enable stricter enforcement of the SMTPUTF8 protocol. Specifically, the Postfix
SMTP server will not only reject non-UTF8 sender or recipient addresses, it
will in addition accept UTF-8 sender or recipient addresses only when the
client requests an SMTPUTF8 mail transaction.
CCoommppaattiibbiilliittyy wwiitthh IIDDNNAA22000033 CCoommppaattiibbiilliittyy wwiitthh IIDDNNAA22000033

View File

@@ -7,6 +7,10 @@ Wish list:
Disable -DSNAPSHOT and -DNONPROD in makedefs. Disable -DSNAPSHOT and -DNONPROD in makedefs.
Move map descriptions from postconf(1) to DATABASE_README
and point there. The text in DATABASE_README is less complete
than that in postconf(1).
make tls_pre_jail_init() safe by design for use in programs make tls_pre_jail_init() safe by design for use in programs
that implement both clients and servers. that implement both clients and servers.

View File

@@ -403,7 +403,8 @@ databases. The lookup table name syntax is "<a href="proxymap.8.html">proxy</a>:
Each table query returns a random choice from the specified results. Each table query returns a random choice from the specified results.
The first and last characters of the "<a href="DATABASE_README.html#types">randmap</a>:" table name must be The first and last characters of the "<a href="DATABASE_README.html#types">randmap</a>:" table name must be
"{" and "}". Within these, individual maps are separated with comma "{" and "}". Within these, individual maps are separated with comma
or whitespace. </dd> or whitespace. To give a specific result more weight, specify it
multiple times. </dd>
<dt> <b>regexp</b> (read-only) </dt> <dt> <b>regexp</b> (read-only) </dt>

View File

@@ -298,7 +298,7 @@ table. </p>
<p> This works "out of the box" with no need for additional <p> This works "out of the box" with no need for additional
configuration. </p> configuration. </p>
<p> Postfix &ge; 3.2 supports the curve negotitation API of OpenSSL <p> Postfix &ge; 3.2 supports the curve negotiation API of OpenSSL
&ge; 1.0.2. The list of candidate curves can be changed via the &ge; 1.0.2. The list of candidate curves can be changed via the
"<a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a>" configuration parameter, which can be used "<a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a>" configuration parameter, which can be used
to select a prioritized list of supported curves (most preferred to select a prioritized list of supported curves (most preferred
@@ -549,7 +549,7 @@ postfix/smtp[<i>process-id</i>]:
<p> In the above connections, the "key-exchange" value records the <p> In the above connections, the "key-exchange" value records the
"Diffie-Hellman" algorithm used for key agreement. The "server-signature" value "Diffie-Hellman" algorithm used for key agreement. The "server-signature" value
records the public key algoritm used by the server to sign the key exchange. records the public key algorithm used by the server to sign the key exchange.
The "server-digest" value records any hash algorithm used to prepare the data The "server-digest" value records any hash algorithm used to prepare the data
for signing. With "ED25519" and "ED448", no separate hash algorithm is used. for signing. With "ED25519" and "ED448", no separate hash algorithm is used.
</p> </p>

View File

@@ -346,12 +346,23 @@ in address localparts (and in headers) as before. The vast majority
of email software is perfectly capable of handling such email, even of email software is perfectly capable of handling such email, even
if pre-SMTPUTF8 standards do not support such practice. </p> if pre-SMTPUTF8 standards do not support such practice. </p>
<p> However, when you specify "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = yes", Postfix <h3> Rejecting non-UTF8 addresses </h3>
<p> With "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = yes", Postfix
requires that non-ASCII address information is encoded in UTF-8 and requires that non-ASCII address information is encoded in UTF-8 and
will reject other encodings such as ISO-8859. It is not practical will reject other encodings such as ISO-8859. It is not practical
for Postfix to support multiple encodings at the same time. There for Postfix to support multiple encodings at the same time. There
is no problem with <a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a> encodings such as "=?ISO-8859-1?Q?text?=", is no problem with <a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a> encodings such as "=?ISO-8859-1?Q?text?=",
because those use only characters from the ASCII characterset. </p> because those use only characters from the ASCII characterset. </p>
<h3> Rejecting non-ASCII addresses in non-SMTPUTF8 transactions </h3>
<p> Setting "<a href="postconf.5.html#strict_smtputf8">strict_smtputf8</a> = yes" in addition to "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>
= yes" will enable stricter enforcement of the SMTPUTF8 protocol.
Specifically, the Postfix SMTP server will not only reject non-UTF8
sender or recipient addresses, it will in addition accept UTF-8
sender or recipient addresses only when the client requests an
SMTPUTF8 mail transaction. </p>
<h2> <a name="idna2003">Compatibility with IDNA2003</a> </h2> <h2> <a name="idna2003">Compatibility with IDNA2003</a> </h2>
@@ -362,8 +373,8 @@ This makes Postfix behavior consistent with current versions of the
Firefox and Chrome web browsers. Specify "<a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> Firefox and Chrome web browsers. Specify "<a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a>
= yes" to get the historical behavior. </p> = yes" to get the historical behavior. </p>
This affects the conversion of domain names that contain for example <p> This affects the conversion of domain names that contain for
the German sz (ß) and the Greek zeta (ς). See example the German sz (ß) and the Greek zeta (ς). See
<a href="http://unicode.org/cldr/utility/idna.jsp">http://unicode.org/cldr/utility/idna.jsp</a> for more examples. </p> <a href="http://unicode.org/cldr/utility/idna.jsp">http://unicode.org/cldr/utility/idna.jsp</a> for more examples. </p>
<h2> <a name="credits">Credits</a> </h2> <h2> <a name="credits">Credits</a> </h2>

View File

@@ -403,7 +403,8 @@ databases. The lookup table name syntax is "proxy:type:table".
Each table query returns a random choice from the specified results. Each table query returns a random choice from the specified results.
The first and last characters of the "randmap:" table name must be The first and last characters of the "randmap:" table name must be
"{" and "}". Within these, individual maps are separated with comma "{" and "}". Within these, individual maps are separated with comma
or whitespace. </dd> or whitespace. To give a specific result more weight, specify it
multiple times. </dd>
<dt> <b>regexp</b> (read-only) </dt> <dt> <b>regexp</b> (read-only) </dt>

View File

@@ -298,7 +298,7 @@ table. </p>
<p> This works "out of the box" with no need for additional <p> This works "out of the box" with no need for additional
configuration. </p> configuration. </p>
<p> Postfix &ge; 3.2 supports the curve negotitation API of OpenSSL <p> Postfix &ge; 3.2 supports the curve negotiation API of OpenSSL
&ge; 1.0.2. The list of candidate curves can be changed via the &ge; 1.0.2. The list of candidate curves can be changed via the
"tls_eecdh_auto_curves" configuration parameter, which can be used "tls_eecdh_auto_curves" configuration parameter, which can be used
to select a prioritized list of supported curves (most preferred to select a prioritized list of supported curves (most preferred
@@ -549,7 +549,7 @@ postfix/smtp[<i>process-id</i>]:
<p> In the above connections, the "key-exchange" value records the <p> In the above connections, the "key-exchange" value records the
"Diffie-Hellman" algorithm used for key agreement. The "server-signature" value "Diffie-Hellman" algorithm used for key agreement. The "server-signature" value
records the public key algoritm used by the server to sign the key exchange. records the public key algorithm used by the server to sign the key exchange.
The "server-digest" value records any hash algorithm used to prepare the data The "server-digest" value records any hash algorithm used to prepare the data
for signing. With "ED25519" and "ED448", no separate hash algorithm is used. for signing. With "ED25519" and "ED448", no separate hash algorithm is used.
</p> </p>

View File

@@ -346,12 +346,23 @@ in address localparts (and in headers) as before. The vast majority
of email software is perfectly capable of handling such email, even of email software is perfectly capable of handling such email, even
if pre-SMTPUTF8 standards do not support such practice. </p> if pre-SMTPUTF8 standards do not support such practice. </p>
<p> However, when you specify "smtputf8_enable = yes", Postfix <h3> Rejecting non-UTF8 addresses </h3>
<p> With "smtputf8_enable = yes", Postfix
requires that non-ASCII address information is encoded in UTF-8 and requires that non-ASCII address information is encoded in UTF-8 and
will reject other encodings such as ISO-8859. It is not practical will reject other encodings such as ISO-8859. It is not practical
for Postfix to support multiple encodings at the same time. There for Postfix to support multiple encodings at the same time. There
is no problem with RFC 2047 encodings such as "=?ISO-8859-1?Q?text?=", is no problem with RFC 2047 encodings such as "=?ISO-8859-1?Q?text?=",
because those use only characters from the ASCII characterset. </p> because those use only characters from the ASCII characterset. </p>
<h3> Rejecting non-ASCII addresses in non-SMTPUTF8 transactions </h3>
<p> Setting "strict_smtputf8 = yes" in addition to "smtputf8_enable
= yes" will enable stricter enforcement of the SMTPUTF8 protocol.
Specifically, the Postfix SMTP server will not only reject non-UTF8
sender or recipient addresses, it will in addition accept UTF-8
sender or recipient addresses only when the client requests an
SMTPUTF8 mail transaction. </p>
<h2> <a name="idna2003">Compatibility with IDNA2003</a> </h2> <h2> <a name="idna2003">Compatibility with IDNA2003</a> </h2>
@@ -362,8 +373,8 @@ This makes Postfix behavior consistent with current versions of the
Firefox and Chrome web browsers. Specify "enable_idna2003_compatibility Firefox and Chrome web browsers. Specify "enable_idna2003_compatibility
= yes" to get the historical behavior. </p> = yes" to get the historical behavior. </p>
This affects the conversion of domain names that contain for example <p> This affects the conversion of domain names that contain for
the German sz (ß) and the Greek zeta (ς). See example the German sz (ß) and the Greek zeta (ς). See
http://unicode.org/cldr/utility/idna.jsp for more examples. </p> http://unicode.org/cldr/utility/idna.jsp for more examples. </p>
<h2> <a name="credits">Credits</a> </h2> <h2> <a name="credits">Credits</a> </h2>

View File

@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20190221" #define MAIL_RELEASE_DATE "20190301"
#define MAIL_VERSION_NUMBER "3.5" #define MAIL_VERSION_NUMBER "3.5"
#ifdef SNAPSHOT #ifdef SNAPSHOT