DevHeads.net

Postings by Wietse Venema

Postfix stable release 3.4.7 and legacy releases 3.3.6, 3.2.11, and 3.1.14

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.4.7.html]

Fixed in Postfix 3.4:

* Robustness: the tlsproxy(8) daemon could go into a loop, logging
a flood of error messages. Problem reported by Andreas Schulze
after enabling SMTP/TLS connection reuse.

Fixed in all supported stable releases:

* Workaround: OpenSSL changed an SSL_Shutdown() non-error result
value into an error result value, causing logfile noise.

* Configuration: the new 'TLS fast shutdown' parameter name was
implemented incorrectly.

Postfix stable release 3.4.6 and legacy releases 3.3.5, 3.2.10, 3.1.13

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.4.6.html]

Fixed for all supported stable releases:

* Workaround for implementations that hang Postfix while shutting
down a TLS session, until Postfix times out. With
"tls_fast_shutdown_enable = yes" (the default), Postfix no
longer waits for the TLS peer to respond to a TLS 'close'
request. This is recommended with TLSv1.0 and later.

* Fixed a too-strict censoring filter that broke multiline Milter
responses for header/body events.

Postfix stable release 3.4.5 and legacy releases 3.3.4, 3.2.9, 3.1.12

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.4.5.html]

This update fixes 5+ year old bugs, and provides a Postfix 3.4 fix
for sites that depend on undocumented behavior.

Changes for all supported stable releases:

* Starting with Postfix 3.0, LMTP connections over UNIX-domain
sockets were cached but not reused. Therefore, idle cached
connections could exhaust LMTP server resources, resulting in
two-second pauses between email deliveries.

Postfix stable release 3.4.4

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.4.4.html]

Postfix stable release 3.4.4 is available.

* Andreas Schulze discovered that reject_multi_recipient_bounce
was producing false rejects with BDAT commands. This problem
already existed with Postfix 2.2 smtpd_end_of_data_restrictons.
Postfix 3.4.4 fixes both.

You can find the updated Postfix source code at the mirrors listed
at <a href="http://www.postfix.org/" title="http://www.postfix.org/">http://www.postfix.org/</a>.

Wietse

Postfix stable release 3.4.3

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.4.3.html]

Postfix stable release 3.4.3 is available.

One of the Postfix 3.4.2 changes (LINUX5) was missing. For your
convenience, the remainder of this text repeats the content of the
Postfix 3.4.2 announcement.

* DANE trust anchor file support was broken after the Postfix 3.4
TLS library overhaul.

Postfix stable release 3.4.2

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.4.2.html]

Postfix stable release 3.4.2 is available.

* DANE trust anchor file support was broken after the Postfix 3.4
TLS library overhaul.

Postfix stable release 3.4.1

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.4.1.html]

Postfix stable release 3.4.1 is available.

* A reversed test broke TLS configurations that specify the same
filename for a private key and certificate. Reported by Mike
Kazantsev.

You can find the updated Postfix source code at the mirrors listed
at <a href="http://www.postfix.org/" title="http://www.postfix.org/">http://www.postfix.org/</a> (allowing for mirror replication delays).

Wietse

Re: stress tested postfix

De Petter Mattheas:
Let's say that you need to use a proper SMTP benchmark tool, instead
of a home-grown script that loses email before it reaches Postfix.

Wietse

Re: stress tested postfix

De Petter Mattheas:
Because Postfix does not lose email under load.

Wietse

Postfix stable release 3.4.0

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.4.0.html]

Postfix stable release 3.4.0 is available. This release ends support
for legacy release Postfix 3.0.

The main changes are below. See the RELEASE_NOTES file for further
details.

* Support for logging to file or stdout, instead of using syslog.
Logging to file solves a usability problem for MacOS users, and
eliminates multiple problems with systemd.

Postfix legacy releases 3.3.3, 3.2.8, 3.1.11, 3.0.15

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.3.3.html]

This announcement concerns fixes for problems that were introduced
with Postfix 3.0 and later. This is the final update for Postfix
3.0.

Fixed in Postfix 3.3 and later:

* When the master daemon runs with PID=1 (init mode), it will now
reap child processes from non-Postfix code running in the same
container, instead of terminating with a panic.

Rethinking the Postfix release schedule

I'm reconsidering the once-per-year schedule for stable releases.
Basically, a Postfix stable release freezes development at a point
in time, forever. Primarily, this is good for stability.

* In this day and age it seems archaic to have to wait for up to a
year before useful code can be deployed in a stable release.

* The once-per-year schedule makes development a race to get things
into the upcoming release, so that it does not have to wait for
another year.

There is a downside to less than a year between stable releases:
the support time window will become less than four years.

Postfix logging without syslogd

postfix-3.4-20190121-nonprod-logger has lightly-tested code for
logging to file without using syslogd.

logfile support for MacOS

I'm implementing logfile support for Postfix on MacOS, because not
providing results in a bad experience.

This is a retrofit workaround, therefore it will have limitations
that do not exist with the default syslog-based implementation.

- The logfile pathname is configured in main.cf, and therefore the
logfile cannot contain information from programs that fail before
they finish processing main.cf and command-line options.

- The logfile is written by a new postlogd daemon.

Who can test Postfix BURL support?

I'm looking for someone who can test Postfix BURL support.

(With BURL a client can ask the SMTP server to include a message
that sits on an IMAP server; for example, to send a saved draft
message, or to forward an existing message, without having to
download it first and then upload it).

I looked over the RFCs and over the code that Apple donated in 2011,
where they tried to minimize changes to the SMTP protocol handler.
The code was not incorrect, just a little awkward, and it was a
limited implementation that supported only one chunk.

Adding BURL support should be much easier because it c

Postfix 3.3.2, 3.2.7, 3.1.10, 3.0.14

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.3.2.html]

Changes for all supported stable releases:

* Support for OpenSSL 1.1.1, and support for TLSv1.3-specific
features.

- Updated Postfix TLS documentation examples for TLSv1.3.

New SMTP server protocol support: CHUNKING

Postfix snapshot 20180826 introduces server support for RFC 3030
CHUNKING (the BDAT command) without BINARYMIME, in both smtpd(8)
and postscreen(8).

Impact on existing configurations:
- There are no changes for smtpd_mumble_restrictions, smtpd_proxy_filter,
smtpd_milters, or for postscreen settings, except for the additional
option to suppress the SMTP server's CHUNKING service announcement,
for example, with:

/etc/postfix/main.cf:
smtpd_discard_ehlo_keywords = chunking

- There are no changes in the Postfix queue file content, no changes
f

postfix-3.4-20180619 updated connection reuse

postfix-3.4-20180619 fixes today's segfault in the connection reuse
logic. I have been unable to reproduce the problem on my own systems
so I'll depend on other people for confirmation.

Wietse

available: multiple deliveries per TLS-encrypted connection

Postfix snapshot 20180617, released a few minutes ago, introduces
Postfix SMTP client support for multiple deliveries per TLS-encrypted
connection. This is not to be confused with closing a connection
and reusing some TLS state in a new connection.

Below is a fragment from the RELEASE_NOTES file.

Wietse

Major changes with snapshot 20180617
====================================

Preliminary Postfix SMTP client support for multiple deliveries per
TLS-encrypted connection.

progress with TLS connection reuse

Postfix TLS connection reuse will improve delivery performance,
especially for sites that punish clients that send one message per
connection. This feature is evolving in a 'non-production' Postfix
release, currently postfix-3.4-20180603-nonprod.

Instead of changing how Postfix schedules deliveries, this builds
on the Postfix connection caching infrastructure that already exists
for plaintext connections.

Postfix stable release 3.3.1, and legacy releases 3.2.6, 3.1.9, 3.0.13

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.3.1.html]

Fixed in Postfix 3.3:

* Postfix did not support running as a PID=1 process, which
complicated Postfix deployment in containers. The "postfix
start-fg" command will now run the Postfix master daemon as a
PID=1 process if possible.

ping, please ignore

End-to-end verification. My last post was not distributed to the list.

Postfix 3.3.0 stable release

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.3.0.html]

Postfix stable release 3.3.0 is available. This release ends support
for legacy release Postfix 2.11.

The main changes are:

* Dual license: in addition to the historical IBM Public License
1.0, Postfix is now also distributed with the more recent Eclipse
Public License 2.0. Recipients can choose to take the software
under the license of their choice.

Postfix stable release 3.2.5, and legacy releases 3.1.8, 3.0.12, 2.11.11

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.2.5.html]

This announcement concerns fixes for problems that were introduced
with Postfix 2.1 and later, and updates the Postfix 3.2 license.

License update: starting with Postfix 3.2.5, Postfix 3.2 is distributed
with a dual license: in addition to the historical IBM Public License
1.0, it is now also distributed with the more recent Eclipse Public
License 2.0. Recipients can choose to take the software under the
license of their choice.

Including the service name in logging

This weekend I added a service_name feature that is documented
as follows:

[begin quote]
service_name (read-only)

The master.cf service name of a Postfix daemon process.

Proposed Postfix license change from IPL 1.0 to EPL 2.0

If you are vendor who distributes Postfix, please pass this email to
your legal counsel and let me know OFF LIST if the proposed licence
change would be a problem. License details are at the end of this message.

As of 1999, Postfix is distributed under the IBM public license (IPL)
version 1.0.

Postfix stable release 3.2.4, and legacy releases 3.1.7 and 3.0.11

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.2.4.html]

This announcement concerns fixes for problems that were introduced
with Postfix 3.0 and later. Older supported releases are unaffected.

Fixed in Postfix 3.1 and later:

* DANE interoperability. Postfix builds with OpenSSL 1.0.0 or
1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS
records associated with an intermediate CA certificate.

Postfix 3.2.3 stable release available

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.2.3.html]

This announcement concerns fixes for problems that were introduced
with Postfix 3.2.