Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

HEADS UP: Postfix 2.7.2 imported


I've imported Postfix 2.7.2 into NetBSD-current today. It builds and works
fine under NetBSD/i386. Please submit a bug report if you find any problems.

Here is a list of the major changes since version 2.7.1:

- Postfix no longer automatically appends the system default CA
  (certificate authority) certificates, when it reads the CA
  certificates specified with {smtp, lmtp, smtpd}_tls_CAfile or
  with {smtp, lmtp, smtpd}_tls_CApath.  This prevents third-party
  certificates from getting mail relay permission with the
  permit_tls_all_clientcerts feature.  Unfortunately, this change
  may cause compatibility problems with configurations that rely
  on certificate verification for other purposes.  To get the old
  behavior, specify "tls_append_default_CA = yes".
- A prior fix for compatibility with Postfix < 2.3 was incomplete.
  When pipe-to-command delivery fails with a signal, mail is now
  correctly deferred, instead of being returned to sender.
- Poor smtpd_proxy_filter TCP performance over loopback (
  connections was fixed by adapting the output buffer size to the
- The SMTP server no longer applies the reject_rhsbl_helo feature
  to non-domain forms such as network addresses.  This would cause
  false positives with
- The Postfix SMTP server failed to deliver a "421" response and
  hang up the connection after Milter error.  Instead, the server
  delivered a "503 Access denied" response and left the connection
  open, due to some Postfix 1.1 workaround for RFC 2821.
- The milter_header_checks parser failed to enable any of the actions
  that have no effect on message delivery (warn, replace, prepend,
  ignore, dunno, and ok).

        Kind regards

Matthias Scheler                        

Attachment: pgp0sZWfFScbP.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index