CVS commit: pkgsrc/mail/postfix

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/mail/postfix
From: "Takahiro Kambe" <taca%netbsd.org@localhost>
Date: Sat, 22 Feb 2025 16:00:18 +0000

Module Name:    pkgsrc
Committed By:   taca
Date:           Sat Feb 22 16:00:18 UTC 2025

Modified Files:
        pkgsrc/mail/postfix: Makefile.common PLIST distinfo
        pkgsrc/mail/postfix/patches: patch-src_smtpd_smtpd.c

Log Message:
mail/postfix: update to 3.10.0

Postfix 3.10.0 (2025/02/17)

Postfix stable release 3.10.0 is available. Postfix 3.6 - 3.9 were updated
earlier this week; after that, Postfix 3.6 will no longer be updated.

The main changes are below. See the RELEASE_NOTES file for further
details.

Changes that need restart:

  * Internal protocol change: Postfix needs "postfix reload" (or "postfix
    stop" and "postfix start") after upgrade, because of a change in the
    delivery agent protocol. If this step is skipped, Postfix delivery
    agents will log a warning:

        unexpected attribute smtputf8 from xxx socket (expecting: sendopts)

    where xxx is the delivery agent service name.

Changes in TLS support:

  * Forward compatibility: Support for OpenSSL 3.5 post-quantum
    cryptography. To manage algorithm selection, OpenSSL introduces new
    TLS group syntax that Postfix will not attempt to imitate. Instead,
    Postfix now allows the tls_eecdh_auto_curves and tls_ffdhe_auto_groups
    parameter values to have an empty value. When both are set empty, the
    algorithm selection can be managed through OpenSSL configuration. For
    more, look for "Post-quantum" in the postconf(5) manpage.

  * Support for the RFC 8689 "TLS-Required: no" message header to request
    delivery of messages (such as TLSRPT summaries) even if the preferred
    TLS security policy cannot be enforced. This limits the Postfix SMTP
    client to "smtp_tls_security_level = may" which does not authenticate
    server certificates and which allows falling back to plaintext.

  * Support for the REQUIRETLS SMTP service extension will evolve in
    Postfix 3.11.

  * Support for the TLSRPT protocol (defined in RFC 8460). With this,
    a domain can publish a policy in DNS that requests daily summary
    reports for successful and failed SMTP-over-TLS connections to that
    domain's MX hosts. This supports both DANE (built-in) and MTA-STS
    (via an smtp_tls_policy_maps plugin). The implementation uses a
    TLSRPT library and reporting infrastructure that are maintained by
    sys4. For details, see TLSRPT_README.

Miscellaneous changes:

  * Privacy: With "smtpd_hide_client_session = yes", the Postfix
    SMTP server generates a Received: header without client session
    info. This setting may be used with the MUA submission services
    (port 465 and 587).

  * Support for RFC 2047 encoding of non-ASCII "full name" information
    in Postfix-generated From: message headers. Encoding non-ASCII full
    names can avoid the need to use SMTPUTF8, and therefore can avoid
    incompatibility with sites that do not support SMTPUTF8. See the
    full_name_encoding_charset parameter description for details.

  * Database performance: When mysql: or pgsql: configuration specifies
    a single host, assume that it is a load balancer and reconnect
    immediately after a single failure, instead of failing all requests
    for 60s.

Changes in logging:

  * The Postfix Milter implementation now logs the reason for a
    'quarantine' action, instead of "milter triggers HOLD action".

  * The SMTP server now logs the queue ID (or "NOQUEUE") when a connection
    ends abnormally (timeout, lost connection, or too many errors),
    and the cleanup server now logs "queueid: canceled" when a message
    transaction is started but not completed. These changes simplify
    logfile analysis.

  * Dovecot SASL client logging for "Invalid authentication mechanism"
    now includes the name of that mechanism.

  * Postfix SMTP server 'reject' logging now shows the sasl_method,
    sasl_username, and sasl_sender if available.


To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 pkgsrc/mail/postfix/Makefile.common
cvs rdiff -u -r1.34 -r1.35 pkgsrc/mail/postfix/PLIST
cvs rdiff -u -r1.211 -r1.212 pkgsrc/mail/postfix/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/mail/postfix/patches/patch-src_smtpd_smtpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/mail/postfix/Makefile.common
diff -u pkgsrc/mail/postfix/Makefile.common:1.50 pkgsrc/mail/postfix/Makefile.common:1.51
--- pkgsrc/mail/postfix/Makefile.common:1.50    Mon Feb 17 15:31:51 2025
+++ pkgsrc/mail/postfix/Makefile.common Sat Feb 22 16:00:18 2025
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile.common,v 1.50 2025/02/17 15:31:51 taca Exp $
+# $NetBSD: Makefile.common,v 1.51 2025/02/22 16:00:18 taca Exp $
 # used by mail/postfix/Makefile
 # used by mail/postfix/Makefile.module
 
-DISTNAME=      postfix-3.9.2
+DISTNAME=      postfix-3.10.0
 CATEGORIES=    mail
 MASTER_SITES=  ftp://ftp.porcupine.org/mirrors/postfix-release/official/
 

Index: pkgsrc/mail/postfix/PLIST
diff -u pkgsrc/mail/postfix/PLIST:1.34 pkgsrc/mail/postfix/PLIST:1.35
--- pkgsrc/mail/postfix/PLIST:1.34      Sun Jun  2 15:43:31 2024
+++ pkgsrc/mail/postfix/PLIST   Sat Feb 22 16:00:18 2025
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.34 2024/06/02 15:43:31 taca Exp $
+@comment $NetBSD: PLIST,v 1.35 2025/02/22 16:00:18 taca Exp $
 bin/mailq
 bin/newaliases
 lib/postfix/libpostfix-dns.so
@@ -185,6 +185,7 @@ share/doc/postfix/SOHO_README
 share/doc/postfix/SQLITE_README
 share/doc/postfix/STANDARD_CONFIGURATION_README
 share/doc/postfix/STRESS_README
+share/doc/postfix/TLSRPT_README
 share/doc/postfix/TLS_LEGACY_README
 share/doc/postfix/TLS_README
 share/doc/postfix/TUNING_README

Index: pkgsrc/mail/postfix/distinfo
diff -u pkgsrc/mail/postfix/distinfo:1.211 pkgsrc/mail/postfix/distinfo:1.212
--- pkgsrc/mail/postfix/distinfo:1.211  Mon Feb 17 15:31:51 2025
+++ pkgsrc/mail/postfix/distinfo        Sat Feb 22 16:00:18 2025
@@ -1,12 +1,12 @@
-$NetBSD: distinfo,v 1.211 2025/02/17 15:31:51 taca Exp $
+$NetBSD: distinfo,v 1.212 2025/02/22 16:00:18 taca Exp $
 
-BLAKE2s (postfix-3.9.2.tar.gz) = e588e2a98a98198633649a4f1d198a31a954203f47f0ebe8a7886dcb4ab00780
-SHA512 (postfix-3.9.2.tar.gz) = 14154077bd474283e522c427d9e45b3599be0c748c0bd2131309fcc506162e8522669a230c1a35bb467a5216d7e99c3d9685fc8f581232cd12e9337ea48d1981
-Size (postfix-3.9.2.tar.gz) = 4956185 bytes
+BLAKE2s (postfix-3.10.0.tar.gz) = 3ae8b18804c049aa524b3a86b93d979ff1230b7b3d05ea7c230e58cd345771df
+SHA512 (postfix-3.10.0.tar.gz) = dbb492ce7747c196ca99a345bcafe7f0d905f80e38ecf680ab8976d3391a1eb1c80e4b0fec487947ed793a3163e39a9fcd34dc6f172dee7cac4c11a1ef76275e
+Size (postfix-3.10.0.tar.gz) = 5047589 bytes
 SHA1 (patch-aa) = c8216f133e202a7bb37682b0dbc1448f021e7c1c
 SHA1 (patch-ag) = 8ab3cfafa63056f9a7f096da7e55bcccab965180
 SHA1 (patch-ai) = 3d143532e1e9a149c6c06e2efadcd34f6f72e82d
 SHA1 (patch-src_smtpd_Makefile.in) = 8133f9cceb0c1c0250d6543cb060c66288571722
 SHA1 (patch-src_smtpd_pfilter.c) = c747d2f3584f694eb7b73b19118b4d8b450cfe7f
 SHA1 (patch-src_smtpd_pfilter.h) = 153b516da89d709d293c6086c2f126791bd945d6
-SHA1 (patch-src_smtpd_smtpd.c) = 03c768fc007156412d11cba6e4d450f73b775d5f
+SHA1 (patch-src_smtpd_smtpd.c) = 594211aa17979daa4ca7123fabe5df06250f5093

Index: pkgsrc/mail/postfix/patches/patch-src_smtpd_smtpd.c
diff -u pkgsrc/mail/postfix/patches/patch-src_smtpd_smtpd.c:1.3 pkgsrc/mail/postfix/patches/patch-src_smtpd_smtpd.c:1.4
--- pkgsrc/mail/postfix/patches/patch-src_smtpd_smtpd.c:1.3     Sat Oct 15 20:34:57 2022
+++ pkgsrc/mail/postfix/patches/patch-src_smtpd_smtpd.c Sat Feb 22 16:00:18 2025
@@ -1,10 +1,10 @@
-$NetBSD: patch-src_smtpd_smtpd.c,v 1.3 2022/10/15 20:34:57 triaxx Exp $
+$NetBSD: patch-src_smtpd_smtpd.c,v 1.4 2025/02/22 16:00:18 taca Exp $
 
 Add blocklist(3) support.
 
---- src/smtpd/smtpd.c.orig     2021-07-24 21:43:57.000000000 +0000
+--- src/smtpd/smtpd.c.orig     2025-02-05 22:04:14.000000000 +0000
 +++ src/smtpd/smtpd.c
-@@ -1292,6 +1292,8 @@
+@@ -1349,6 +1349,8 @@
  #include <smtpd_milter.h>
  #include <smtpd_expand.h>
  
@@ -13,13 +13,13 @@ Add blocklist(3) support.
   /*
    * Tunable parameters. Make sure that there is some bound on the length of
    * an SMTP command, so that the mail system stays in control even when a
-@@ -5865,6 +5867,10 @@ static void smtpd_proto(SMTPD_STATE *sta
-                  || strcmp(state->reason, REASON_LOST_CONNECTION)) {
-           msg_info("%s after %s from %s",
+@@ -6154,6 +6156,10 @@ static void smtpd_proto(SMTPD_STATE *sta
+           msg_info("%s: %s after %s from %s",
+                    queue_id_or_noqueue,
                     state->reason, state->where, state->namaddr);
 +#if defined(HAVE_BLOCKLIST) || defined(HAVE_BLACKLIST)
 +          if (strcmp(state->where, SMTPD_CMD_AUTH) == 0)
-+              pfilter_notify(1, vstream_fileno(state->client));
++                  pfilter_notify(1, vstream_fileno(state->client));
 +#endif
        }
      }

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index