CVS commit: pkgsrc/mail/postfix

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/mail/postfix
From: "Takahiro Kambe" <taca%netbsd.org@localhost>
Date: Mon, 30 Sep 2013 15:21:15 +0000

Module Name:    pkgsrc
Committed By:   taca
Date:           Mon Sep 30 15:21:15 UTC 2013

Modified Files:
        pkgsrc/mail/postfix: Makefile distinfo
        pkgsrc/mail/postfix/patches: patch-ai

Log Message:
Update postfix package to 2.10.2.  Here is brief changes.

2.10.2

* TLS Interoperability workaround: turn on SHA-2 digests by force. This
  improves interoperability with clients and servers that deploy SHA-2 digests
  without the required support for TLSv1.2-style digest negotiation.

* TLS Performance workaround: the Postfix SMTP server TLS session cache had
  become ineffective because recent OpenSSL versions enable session tickets by
  default, resulting in a different ticket encryption key for each smtpd(8)
  process. The workaround turns off session tickets. Postfix 2.11 will enable
  session tickets properly.

* TLS Interoperability workaround: Debian Exim versions before 4.80-3 may fail
  to communicate with Postfix and possibly other MTAs, with the following Exim
  SMTP client error message:

        TLS error on connection to server-name [server-address]
        (gnutls_handshake): The Diffie-Hellman prime sent by the server is not
        acceptable (not long enough)

  See the RELEASE_NOTES file for a Postfix SMTP server configuration
  workaround.

* Bugfix (defect introduced: 1997): memory leak while forwarding mail with the
  local(8) delivery agent, in code that handles a cleanup(8) server error.

2.10.1

* Workaround: down-stream maintainers fail to install the new
  smtpd_relay_restrictions safety net, causing breakage that could have been
  avoided. We now hard-code the safety net instead.

2.10.0

* Separation of relay policy (with smtpd_relay_restrictions) from spam policy
  (with smtpd_{client, helo, sender, recipient}_restrictions), which makes
  accidental open relay configuration less likely. The default is backwards
  compatible.

* HAproxy load-balancer support for postscreen(8) and smtpd(8). The nginx
  proxy was already supported by Postfix 2.9 smtpd(8), using XCLIENT commands.

* Support for the TLSv1 and TLSv2 protocols, as well as support to turn them
  off if needed for inter-operability.

* Laptop-friendly configuration. By default, Postfix now uses UNIX-domain
  sockets instead of FIFOs, and thus avoids MTIME file system updates on an
  idle mail system.

* Revised postconf(1) command. The "-x" option expands $name in a parameter
  value (both main.cf and master.cf); the "-o name=value" option overrides a
  main.cf parameter setting; and postconf(1) now warns about a $name that has
  no name=value setting.

* Sendmail-style "socketmap" lookup tables.


To generate a diff of this commit:
cvs rdiff -u -r1.266 -r1.267 pkgsrc/mail/postfix/Makefile
cvs rdiff -u -r1.150 -r1.151 pkgsrc/mail/postfix/distinfo
cvs rdiff -u -r1.29 -r1.30 pkgsrc/mail/postfix/patches/patch-ai

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index