head 1.1;
branch 1.1.1;
access;
symbols
netbsd-11-0-RC4:1.1.1.7
PFIX-3-11-2:1.1.1.7
netbsd-11-0-RC3:1.1.1.7
netbsd-11-0-RC2:1.1.1.7
netbsd-11-0-RC1:1.1.1.7
perseant-exfatfs-base-20250801:1.1.1.7
netbsd-11:1.1.1.7.0.2
netbsd-11-base:1.1.1.7
PFIX-3-10-1:1.1.1.7
netbsd-10-1-RELEASE:1.1.1.5.2.1
perseant-exfatfs-base-20240630:1.1.1.6
perseant-exfatfs:1.1.1.6.0.2
perseant-exfatfs-base:1.1.1.6
netbsd-8-3-RELEASE:1.1.1.3
netbsd-9-4-RELEASE:1.1.1.3.14.1
netbsd-10-0-RELEASE:1.1.1.5.2.1
netbsd-10-0-RC6:1.1.1.5.2.1
netbsd-10-0-RC5:1.1.1.5.2.1
netbsd-10-0-RC4:1.1.1.5.2.1
netbsd-10-0-RC3:1.1.1.5.2.1
netbsd-10-0-RC2:1.1.1.5.2.1
PFIX-3-8-4:1.1.1.6
netbsd-10-0-RC1:1.1.1.5
netbsd-10:1.1.1.5.0.2
netbsd-10-base:1.1.1.5
PFIX-3-7-3:1.1.1.5
netbsd-9-3-RELEASE:1.1.1.3
cjep_sun2x-base1:1.1.1.4
cjep_sun2x:1.1.1.4.0.4
cjep_sun2x-base:1.1.1.4
cjep_staticlib_x-base1:1.1.1.4
netbsd-9-2-RELEASE:1.1.1.3
cjep_staticlib_x:1.1.1.4.0.2
cjep_staticlib_x-base:1.1.1.4
netbsd-9-1-RELEASE:1.1.1.3
PFIX-3-5-2:1.1.1.4
phil-wifi-20200421:1.1.1.4
phil-wifi-20200411:1.1.1.4
is-mlppp:1.1.1.3.0.16
is-mlppp-base:1.1.1.3
phil-wifi-20200406:1.1.1.4
netbsd-8-2-RELEASE:1.1.1.3
PFIX-3-5-0:1.1.1.4
netbsd-9-0-RELEASE:1.1.1.3
netbsd-9-0-RC2:1.1.1.3
netbsd-9-0-RC1:1.1.1.3
phil-wifi-20191119:1.1.1.3
netbsd-9:1.1.1.3.0.14
netbsd-9-base:1.1.1.3
phil-wifi-20190609:1.1.1.3
netbsd-8-1-RELEASE:1.1.1.3
netbsd-8-1-RC1:1.1.1.3
pgoyette-compat-merge-20190127:1.1.1.3
pgoyette-compat-20190127:1.1.1.3
pgoyette-compat-20190118:1.1.1.3
pgoyette-compat-1226:1.1.1.3
pgoyette-compat-1126:1.1.1.3
pgoyette-compat-1020:1.1.1.3
pgoyette-compat-0930:1.1.1.3
pgoyette-compat-0906:1.1.1.3
netbsd-7-2-RELEASE:1.1.1.2
pgoyette-compat-0728:1.1.1.3
netbsd-8-0-RELEASE:1.1.1.3
phil-wifi:1.1.1.3.0.12
phil-wifi-base:1.1.1.3
pgoyette-compat-0625:1.1.1.3
netbsd-8-0-RC2:1.1.1.3
pgoyette-compat-0521:1.1.1.3
pgoyette-compat-0502:1.1.1.3
pgoyette-compat-0422:1.1.1.3
netbsd-8-0-RC1:1.1.1.3
pgoyette-compat-0415:1.1.1.3
pgoyette-compat-0407:1.1.1.3
pgoyette-compat-0330:1.1.1.3
pgoyette-compat-0322:1.1.1.3
pgoyette-compat-0315:1.1.1.3
netbsd-7-1-2-RELEASE:1.1.1.2
pgoyette-compat:1.1.1.3.0.10
pgoyette-compat-base:1.1.1.3
netbsd-7-1-1-RELEASE:1.1.1.2
matt-nb8-mediatek:1.1.1.3.0.8
matt-nb8-mediatek-base:1.1.1.3
perseant-stdc-iso10646:1.1.1.3.0.6
perseant-stdc-iso10646-base:1.1.1.3
netbsd-8:1.1.1.3.0.4
netbsd-8-base:1.1.1.3
prg-localcount2-base3:1.1.1.3
prg-localcount2-base2:1.1.1.3
prg-localcount2-base1:1.1.1.3
prg-localcount2:1.1.1.3.0.2
prg-localcount2-base:1.1.1.3
pgoyette-localcount-20170426:1.1.1.3
bouyer-socketcan-base1:1.1.1.3
pgoyette-localcount-20170320:1.1.1.3
netbsd-7-1:1.1.1.2.0.14
netbsd-7-1-RELEASE:1.1.1.2
netbsd-7-1-RC2:1.1.1.2
PFIX-3-1-4:1.1.1.3
netbsd-7-nhusb-base-20170116:1.1.1.2
bouyer-socketcan:1.1.1.2.0.12
bouyer-socketcan-base:1.1.1.2
pgoyette-localcount-20170107:1.1.1.2
netbsd-7-1-RC1:1.1.1.2
pgoyette-localcount-20161104:1.1.1.2
netbsd-7-0-2-RELEASE:1.1.1.2
localcount-20160914:1.1.1.2
netbsd-7-nhusb:1.1.1.2.0.10
netbsd-7-nhusb-base:1.1.1.2
pgoyette-localcount-20160806:1.1.1.2
pgoyette-localcount-20160726:1.1.1.2
pgoyette-localcount:1.1.1.2.0.8
pgoyette-localcount-base:1.1.1.2
netbsd-7-0-1-RELEASE:1.1.1.2
netbsd-7-0:1.1.1.2.0.6
netbsd-7-0-RELEASE:1.1.1.2
PFIX-2-11-6:1.1.1.2
netbsd-7-0-RC3:1.1.1.2
netbsd-7-0-RC2:1.1.1.2
netbsd-7-0-RC1:1.1.1.2
PFIX-2-11-4:1.1.1.2
PFIX-2-11-3:1.1.1.2
netbsd-5-2-3-RELEASE:1.1.1.1.2.2
netbsd-5-1-5-RELEASE:1.1.1.1.2.2
netbsd-6-0-6-RELEASE:1.1.1.1
netbsd-6-1-5-RELEASE:1.1.1.1
netbsd-7:1.1.1.2.0.4
netbsd-7-base:1.1.1.2
PFIX-2-11-1:1.1.1.2
yamt-pagecache-base9:1.1.1.2
yamt-pagecache-tag8:1.1.1.1
netbsd-6-1-4-RELEASE:1.1.1.1
netbsd-6-0-5-RELEASE:1.1.1.1
tls-earlyentropy:1.1.1.2.0.2
tls-earlyentropy-base:1.1.1.2
riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.1.1.2
riastradh-drm2-base3:1.1.1.2
PFIX-2-10-3:1.1.1.2
netbsd-6-1-3-RELEASE:1.1.1.1
netbsd-6-0-4-RELEASE:1.1.1.1
netbsd-5-2-2-RELEASE:1.1.1.1.2.2
netbsd-5-1-4-RELEASE:1.1.1.1.2.2
netbsd-6-1-2-RELEASE:1.1.1.1
netbsd-6-0-3-RELEASE:1.1.1.1
PFIX-2-10-2:1.1.1.2
netbsd-5-2-1-RELEASE:1.1.1.1.2.2
netbsd-5-1-3-RELEASE:1.1.1.1.2.2
PFIX-2-9-7:1.1.1.1
netbsd-6-1-1-RELEASE:1.1.1.1
riastradh-drm2-base2:1.1.1.1
riastradh-drm2-base1:1.1.1.1
riastradh-drm2:1.1.1.1.0.20
riastradh-drm2-base:1.1.1.1
netbsd-6-1:1.1.1.1.0.24
netbsd-6-0-2-RELEASE:1.1.1.1
netbsd-6-1-RELEASE:1.1.1.1
netbsd-6-1-RC4:1.1.1.1
netbsd-6-1-RC3:1.1.1.1
agc-symver:1.1.1.1.0.22
agc-symver-base:1.1.1.1
netbsd-6-1-RC2:1.1.1.1
netbsd-6-1-RC1:1.1.1.1
yamt-pagecache-base8:1.1.1.1
PFIX-2-9-5:1.1.1.1
netbsd-5-2:1.1.1.1.2.2.0.6
PFIX-2-8-13:1.1.1.1
netbsd-6-0-1-RELEASE:1.1.1.1
yamt-pagecache-base7:1.1.1.1
netbsd-5-2-RELEASE:1.1.1.1.2.2
netbsd-5-2-RC1:1.1.1.1.2.2
matt-nb6-plus-nbase:1.1.1.1
yamt-pagecache-base6:1.1.1.1
netbsd-6-0:1.1.1.1.0.18
netbsd-6-0-RELEASE:1.1.1.1
netbsd-6-0-RC2:1.1.1.1
tls-maxphys:1.1.1.1.0.16
tls-maxphys-base:1.1.1.2
matt-nb6-plus:1.1.1.1.0.14
matt-nb6-plus-base:1.1.1.1
netbsd-6-0-RC1:1.1.1.1
PFIX-2-8-12:1.1.1.1
PFIX-2-8-11:1.1.1.1
yamt-pagecache-base5:1.1.1.1
yamt-pagecache-base4:1.1.1.1
PFIX-2-8-8:1.1.1.1
netbsd-6:1.1.1.1.0.12
netbsd-6-base:1.1.1.1
netbsd-5-1-2-RELEASE:1.1.1.1.2.2
netbsd-5-1-1-RELEASE:1.1.1.1.2.2
yamt-pagecache-base3:1.1.1.1
PFIX-2-8-7:1.1.1.1
yamt-pagecache-base2:1.1.1.1
yamt-pagecache:1.1.1.1.0.10
yamt-pagecache-base:1.1.1.1
PFIX-2-8-6:1.1.1.1
PFIX-2-8-5:1.1.1.1
PFIX-2-8-4:1.1.1.1
cherry-xenmp:1.1.1.1.0.8
cherry-xenmp-base:1.1.1.1
PFIX-2-8-3:1.1.1.1
PFIX-2-8-2:1.1.1.1
PFIX-2-8-1:1.1.1.1
bouyer-quota2-nbase:1.1.1.1
bouyer-quota2:1.1.1.1.0.6
bouyer-quota2-base:1.1.1.1
matt-mips64-premerge-20101231:1.1.1.1
matt-nb5-mips64-premerge-20101231:1.1.1.1.4.2
matt-nb5-pq3:1.1.1.1.2.2.0.4
matt-nb5-pq3-base:1.1.1.1.2.2
PFIX-2-7-2:1.1.1.1
netbsd-5-1:1.1.1.1.2.2.0.2
netbsd-5-1-RELEASE:1.1.1.1.2.2
netbsd-5-1-RC4:1.1.1.1.2.2
matt-nb5-mips64-k15:1.1.1.1.4.2
PFIX-2-7-1:1.1.1.1
netbsd-5-1-RC3:1.1.1.1.2.2
netbsd-5-1-RC2:1.1.1.1.2.2
netbsd-5-1-RC1:1.1.1.1.2.2
matt-nb5-mips64:1.1.1.1.0.4
PFIX-2-6-6:1.1.1.1
matt-premerge-20091211:1.1.1.1
netbsd-5:1.1.1.1.0.2
PFIX-2-6-5:1.1.1.1
PFIX-2-6-2:1.1.1.1
VENEMA:1.1.1;
locks; strict;
comment @# @;
1.1
date 2009.06.23.10.08.39; author tron; state Exp;
branches
1.1.1.1;
next ;
1.1.1.1
date 2009.06.23.10.08.39; author tron; state Exp;
branches
1.1.1.1.2.1
1.1.1.1.4.1
1.1.1.1.10.1
1.1.1.1.16.1;
next 1.1.1.2;
1.1.1.2
date 2013.09.25.19.06.27; author tron; state Exp;
branches
1.1.1.2.8.1
1.1.1.2.12.1;
next 1.1.1.3;
commitid WQnWePIKINywUQ6x;
1.1.1.3
date 2017.02.14.01.13.38; author christos; state Exp;
branches
1.1.1.3.12.1
1.1.1.3.14.1;
next 1.1.1.4;
commitid 3GKuOxtmc3XhbRFz;
1.1.1.4
date 2020.03.18.18.59.31; author christos; state Exp;
branches;
next 1.1.1.5;
commitid hRc0KjfEXOv3PU0C;
1.1.1.5
date 2022.10.08.16.09.05; author christos; state Exp;
branches
1.1.1.5.2.1;
next 1.1.1.6;
commitid kRUbAM0nqDWDQVWD;
1.1.1.6
date 2023.12.23.20.24.52; author christos; state Exp;
branches
1.1.1.6.2.1;
next 1.1.1.7;
commitid b1hV92WYdEWo2DRE;
1.1.1.7
date 2025.02.25.19.11.40; author christos; state Exp;
branches;
next ;
commitid cLFKwpXD6DqXOSKF;
1.1.1.1.2.1
date 2009.06.23.10.08.39; author snj; state dead;
branches;
next 1.1.1.1.2.2;
1.1.1.1.2.2
date 2009.09.15.06.02.23; author snj; state Exp;
branches;
next ;
1.1.1.1.4.1
date 2009.06.23.10.08.39; author matt; state dead;
branches;
next 1.1.1.1.4.2;
1.1.1.1.4.2
date 2010.04.21.05.23.39; author matt; state Exp;
branches;
next ;
1.1.1.1.10.1
date 2014.05.22.14.08.01; author yamt; state Exp;
branches;
next ;
commitid cuVqdlp1QcvUzxBx;
1.1.1.1.16.1
date 2014.08.19.23.59.42; author tls; state Exp;
branches;
next ;
commitid jTnpym9Qu0o4R1Nx;
1.1.1.2.8.1
date 2017.03.20.06.56.35; author pgoyette; state Exp;
branches;
next ;
commitid jjw7cAwgyKq7RfKz;
1.1.1.2.12.1
date 2017.04.21.16.52.46; author bouyer; state Exp;
branches;
next ;
commitid dUG7nkTKALCadqOz;
1.1.1.3.12.1
date 2020.04.08.14.06.51; author martin; state Exp;
branches;
next ;
commitid Qli2aW9E74UFuA3C;
1.1.1.3.14.1
date 2023.12.25.12.54.46; author martin; state Exp;
branches;
next ;
commitid yzNdlh5ioUjfxQRE;
1.1.1.5.2.1
date 2023.12.25.12.43.29; author martin; state Exp;
branches;
next ;
commitid UCTK9IHygwOntQRE;
1.1.1.6.2.1
date 2025.08.02.05.49.59; author perseant; state Exp;
branches;
next ;
commitid 23j6GFaDws3O875G;
desc
@@
1.1
log
@Initial revision
@
text
@
Postfix SMTP relay and access control
Postfix
SMTP relay and access control
Introduction
The Postfix SMTP server receives mail from the network and is
exposed to the big bad world of junk email and viruses. This document
introduces the built-in and external methods that control what SMTP
mail Postfix will accept, what mistakes to avoid, and how to test
your configuration.
In a distant past, the Internet was a friendly environment.
Mail servers happily forwarded mail on behalf of anyone towards
any destination. On today's Internet, spammers abuse servers that
forward mail from arbitrary systems, and abused systems end up on
anti-spammer blacklists. See, for example, the information on
http://www.mail-abuse.org/ and other websites.
By default, Postfix has a moderately restrictive approach to
mail relaying. Postfix forwards mail only from clients in trusted
networks, or to domains that are configured as authorized relay
destinations. For a description of the default policy, see the
smtpd_recipient_restrictions parameter in the postconf(5) manual
page, and the information that is referenced from there.
Most of the Postfix SMTP server access controls are targeted
at stopping junk email.
Protocol oriented: some SMTP server access controls block
mail by being very strict with respect to the SMTP protocol; these
catch poorly implemented and/or poorly configured junk email
software, as well as email worms that come with their own non-standard
SMTP client implementations. Protocol-oriented access controls
become less useful over time as spammers and worm writers learn to
read RFC documents.
Blacklist oriented: some SMTP server access controls
query blacklists with known to be bad sites such as open mail
relays, open web proxies, and home computers that have been
compromised and that are under remote control by criminals. The
effectiveness of these blacklists depends on how complete and how
up to date they are.
Threshold oriented: some SMTP server access controls attempt
to raise the bar by either making the client do more work (greylisting)
or by asking for a second opinion (SPF and sender/recipient address
verification). The greylisting and SPF policies are implemented
externally, and are the subject of the SMTPD_POLICY_README document.
Sender/recipient address verification is the subject of the
ADDRESS_VERIFICATION_README document.
Unfortunately, all junk mail controls have the possibility of
falsely rejecting legitimate mail. This can be a problem for sites
with many different types of users. For some users it is unacceptable
when any junk email slips through, while for other users the world
comes to an end when a single legitimate email message is blocked.
Because there is no single policy that is "right" for all users,
Postfix supports different SMTP access restrictions for different
users. This is described in the RESTRICTION_CLASS_README document.
Besides the restrictions that can be made configurable per
client or per user as described in the next section, Postfix
implements a few restrictions that apply to all SMTP mail.
The built-in header_checks and body_checks content
restrictions, as described in the BUILTIN_FILTER_README document.
This happens while Postfix receives mail, before it is stored in
the incoming queue.
The external before-queue content restrictions, as described
in the SMTPD_PROXY_README document. This happens while Postfix
receives mail, before it is stored in the incoming queue.
Requiring that the client sends the HELO or EHLO command
before sending the MAIL FROM or ETRN command. This may cause problems
with home-grown applications that send mail. For this reason, the
requirement is disabled by default ("smtpd_helo_required = no").
Disallowing illegal syntax in MAIL FROM or RCPT TO commands.
This may cause problems with home-grown applications that send
mail, and with ancient PC mail clients. For this reason, the
requirement is disabled by default ("strict_rfc821_envelopes =
no").
Disallowing addresses that are not enclosed with <>
(example: "MAIL FROM: dude@@example.com").
Rejecting mail from a non-existent sender address. This form
of egress filtering helps to slow down worms and other malware, but
may cause problems with home-grown software that sends out mail
software with an unreplyable address. For this reason the requirement
is disabled by default ("smtpd_reject_unlisted_sender = no").
Rejecting mail for a non-existent recipient address. This
form of ingress filtering helps to keep the mail queue free of
undeliverable MAILER-DAEMON messages. This requirement is enabled
by default ("smtpd_reject_unlisted_recipient = yes").
Postfix allows you to specify lists of access restrictions for
each stage of the SMTP conversation. Individual restrictions are
described in the postconf(5) manual page.
Examples of simple restriction lists are:
/etc/postfix/main.cf:
# Allow connections from trusted networks only.
smtpd_client_restrictions = permit_mynetworks, reject
# Don't talk to mail systems that don't know their own hostname.
# With Postfix < 2.3, specify reject_unknown_hostname.
smtpd_helo_restrictions = reject_unknown_helo_hostname
# Don't accept mail from domains that don't exist.
smtpd_sender_restrictions = reject_unknown_sender_domain
# Whitelisting: local clients may specify any destination domain.
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
# Block clients that speak too early.
smtpd_data_restrictions = reject_unauth_pipelining
# Enforce mail volume quota via policy service callouts.
smtpd_end_of_data_restrictions = check_policy_service unix:private/policy
Each restriction list is evaluated from left to right until
some restriction produces a result of PERMIT, REJECT or DEFER (try
again later). The end of the list is equivalent to a PERMIT result.
By placing a PERMIT restriction before a REJECT restriction you
can make exceptions for specific clients or users. This is called
whitelisting; the fourth example above allows mail from local
networks but otherwise rejects mail to arbitrary destinations.
The table below summarizes the purpose of each SMTP access
restriction list. All lists use the exact same syntax; they differ
only in the time of evaluation and in the effect of a REJECT or
DEFER result.
Early Postfix versions evaluated SMTP access restrictions lists
as early as possible. The client restriction list was evaluated
before Postfix sent the "220 $myhostname..." greeting banner to
the SMTP client, the helo restriction list was evaluated before
Postfix replied to the HELO (EHLO) command, the sender restriction
list was evaluated before Postfix replied to the MAIL FROM command,
and so on. This approach turned out to be difficult to use.
Current Postfix versions postpone the evaluation of client,
helo and sender restriction lists until the RCPT TO or ETRN command.
This behavior is controlled by the smtpd_delay_reject parameter.
Restriction lists are still evaluated in the proper order of (client,
helo, etrn) or (client, helo, sender, recipient, data, or end-of-data)
restrictions.
When a restriction list (example: client) evaluates to REJECT or
DEFER the other restriction lists (example: helo, sender, etc.)
are skipped.
Around the time that smtpd_delay_reject was introduced, Postfix
was also changed to support mixed restriction lists that combine
information about the client, helo, sender and recipient or etrn
command.
Benefits of delayed restriction evaluation, and of restriction
mixing:
Some SMTP clients do not expect a negative reply early in
the SMTP session. When the bad news is postponed until the RCPT TO
reply, the client goes away as it is supposed to, instead of hanging
around until a timeout happens, or worse, going into an endless
connect-reject-connect loop.
Postfix can log more useful information. For example, when
Postfix rejects a client name or address and delays the action
until the RCPT TO command, it can log the sender and the recipient
address. This is more useful than logging only the client hostname
and IP address and not knowing whose mail was being blocked.
Mixing is needed for complex whitelisting policies. For
example, in order to reject local sender addresses in mail from
non-local clients, you need to be able to mix restrictions on client
information with restrictions on sender information in the same
restriction list. Without this ability, many per-user access
restrictions would be impossible to express.
By now the reader may wonder why we need smtpd client, helo
or sender restrictions, when their evaluation is postponed until
the RCPT TO or ETRN command. Some people recommend placing ALL the
access restrictions in the smtpd_recipient_restrictions list.
Unfortunately, this can result in too permissive access. How is
this possible?
The purpose of the smtpd_recipient_restrictions feature is to
control how Postfix replies to the RCPT TO command. If the restriction
list evaluates to REJECT or DEFER, the recipient address is rejected;
no surprises here. If the result is PERMIT, then the recipient
address is accepted. And this is where surprises can happen.
Here is an example that shows when a PERMIT result can result
in too much access permission:
Line 5 rejects mail from hosts that don't specify a proper
hostname in the HELO command (with Postfix < 2.3, specify
reject_unknown_hostname). Lines 4 and 9 make an exception to
allow mail from some machine that announces itself with "HELO
localhost.localdomain".
The problem with this configuration is that
smtpd_recipient_restrictions evaluates to PERMIT for EVERY host
that announces itself as "localhost.localdomain", making Postfix
an open relay for all such hosts.
In order to avoid surprises like these with
smtpd_recipient_restrictions, you should place non-recipient
restrictions AFTER the reject_unauth_destination restriction, not
before. In the above example, the HELO based restrictions should
be placed AFTER reject_unauth_destination, or better, the HELO
based restrictions should be placed under smtpd_helo_restrictions
where they can do no harm.
Postfix has several features that aid in SMTP access rule
testing:
soft_bounce
This is a safety net that changes
SMTP server REJECT actions into DEFER (try again later) actions.
This keeps mail queued that would otherwise be returned to the
sender. Specify "soft_bounce = yes" in the main.cf file to prevent
the Postfix SMTP server from rejecting mail permanently, by changing
all 5xx SMTP reply codes into 4xx.
warn_if_reject
This is a different safety net
that changes SMTP server REJECT actions into warnings. Instead of
rejecting a command, Postfix logs what it would reject. Specify
"warn_if_reject" in an SMTP access restriction list, before the
restriction that you want to test without actually rejecting mail.
XCLIENT
With this Postfix 2.1 feature, authorized
SMTP clients can impersonate other systems, so that you can do
realistic SMTP access rule tests. Examples of how to impersonate
other systems for access rule testing are given at the end of the
XCLIENT_README document.
@
1.1.1.1
log
@Import Postfix 2.6.2.
@
text
@@
1.1.1.1.16.1
log
@Rebase to HEAD as of a few days ago.
@
text
@d63 4
a66 13
networks, from clients that have authenticated with SASL, or to
domains that are configured as authorized relay
destinations. For a description of the default mail relay policy,
see the smtpd_relay_restrictions parameter in the postconf(5) manual
page, and the information that is referenced from there.
NOTE: Postfix versions before 2.10 did not have
smtpd_relay_restrictions. They combined the mail relay and spam
blocking policies, under smtpd_recipient_restrictions. This could
lead to unexpected results. For example, a permissive spam blocking
policy could unexpectedly result in a permissive mail relay policy.
An example of this is documented under "Dangerous
use of smtpd_recipient_restrictions".
d181 2
a182 17
# Relay control (Postfix 2.10 and later): local clients and
# authenticated clients may specify any destination domain.
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
# Spam control: exclude local clients and authenticated clients
# from DNSBL lookups.
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
# reject_unauth_destination is not needed here if the mail
# relay policy is specified under smtpd_relay_restrictions
# (available with Postfix 2.10 and later).
reject_unauth_destination
reject_rbl_client zen.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org
d208 1
a208 2
Restriction list name
Version
Status
Effect
d211 1
a211 2
smtpd_client_restrictions
All
Optional
d214 1
a214 2
smtpd_helo_restrictions
All
Optional
d217 1
a217 2
smtpd_sender_restrictions
All
Optional
d220 2
a221 12
smtpd_relay_restrictions
≥ 2.10
Required if smtpd_recipient_restrictions does not enforce
relay policy
Reject RCPT TO information
< 2.10
Not available
smtpd_recipient_restrictions
≥
2.10
Required if smtpd_relay_restrictions does not enforce
relay policy
Reject RCPT TO information
d223 1
a223 4
< 2.10
Required
smtpd_data_restrictions
≥ 2.0
Optional
d226 1
a226 2
smtpd_end_of_data_restrictions
≥ 2.2
Optional
d229 1
a229 2
smtpd_etrn_restrictions
All
Optional
d251 2
a252 2
helo, etrn) or (client, helo, sender, relay, recipient, data, or
end-of-data) restrictions.
d254 1
a254 1
DEFER the restriction lists that follow (example: helo, sender, etc.)
a302 6
The problem is that Postfix versions before 2.10 did not have
smtpd_relay_restrictions. They combined the mail relay and spam
blocking policies, under smtpd_recipient_restrictions. The result
is that a permissive spam blocking policy could unexpectedly result
in a permissive mail relay policy.
The above mistake will not happen with Postfix 2.10 and later,
when the relay policy is specified under smtpd_relay_restrictions,
and the spam blocking policy under smtpd_recipient_restrictions.
Then, a permissive spam blocking policy will not result in a
permissive mail relay policy.
d351 12
a362 15
warn_if_reject
When placed before a reject-type
restriction, access table query, or check_policy_service query,
this logs a "reject_warning" message instead of rejecting a request
(when a reject-type restriction fails due to a temporary error,
this logs a "reject_warning" message for any implicit "defer_if_permit"
actions that would normally prevent mail from being accepted by
some later access restriction). This feature has no effect on
defer_if_reject restrictions.
XCLIENT
With this feature, an authorized SMTP
client can impersonate other systems and perform realistic SMTP
access rule tests. Examples of how to impersonate other systems
for access rule testing are given at the end of the XCLIENT_README
document. This feature is available in Postfix 2.1.
@
1.1.1.1.10.1
log
@sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
@
text
@d63 4
a66 13
networks, from clients that have authenticated with SASL, or to
domains that are configured as authorized relay
destinations. For a description of the default mail relay policy,
see the smtpd_relay_restrictions parameter in the postconf(5) manual
page, and the information that is referenced from there.
NOTE: Postfix versions before 2.10 did not have
smtpd_relay_restrictions. They combined the mail relay and spam
blocking policies, under smtpd_recipient_restrictions. This could
lead to unexpected results. For example, a permissive spam blocking
policy could unexpectedly result in a permissive mail relay policy.
An example of this is documented under "Dangerous
use of smtpd_recipient_restrictions".
d181 2
a182 17
# Relay control (Postfix 2.10 and later): local clients and
# authenticated clients may specify any destination domain.
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
# Spam control: exclude local clients and authenticated clients
# from DNSBL lookups.
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
# reject_unauth_destination is not needed here if the mail
# relay policy is specified under smtpd_relay_restrictions
# (available with Postfix 2.10 and later).
reject_unauth_destination
reject_rbl_client zen.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org
d208 1
a208 2
Restriction list name
Version
Status
Effect
d211 1
a211 2
smtpd_client_restrictions
All
Optional
d214 1
a214 2
smtpd_helo_restrictions
All
Optional
d217 1
a217 2
smtpd_sender_restrictions
All
Optional
d220 2
a221 12
smtpd_relay_restrictions
≥ 2.10
Required if smtpd_recipient_restrictions does not enforce
relay policy
Reject RCPT TO information
< 2.10
Not available
smtpd_recipient_restrictions
≥
2.10
Required if smtpd_relay_restrictions does not enforce
relay policy
Reject RCPT TO information
d223 1
a223 4
< 2.10
Required
smtpd_data_restrictions
≥ 2.0
Optional
d226 1
a226 2
smtpd_end_of_data_restrictions
≥ 2.2
Optional
d229 1
a229 2
smtpd_etrn_restrictions
All
Optional
d251 2
a252 2
helo, etrn) or (client, helo, sender, relay, recipient, data, or
end-of-data) restrictions.
d254 1
a254 1
DEFER the restriction lists that follow (example: helo, sender, etc.)
a302 6
The problem is that Postfix versions before 2.10 did not have
smtpd_relay_restrictions. They combined the mail relay and spam
blocking policies, under smtpd_recipient_restrictions. The result
is that a permissive spam blocking policy could unexpectedly result
in a permissive mail relay policy.
The above mistake will not happen with Postfix 2.10 and later,
when the relay policy is specified under smtpd_relay_restrictions,
and the spam blocking policy under smtpd_recipient_restrictions.
Then, a permissive spam blocking policy will not result in a
permissive mail relay policy.
d351 12
a362 15
warn_if_reject
When placed before a reject-type
restriction, access table query, or check_policy_service query,
this logs a "reject_warning" message instead of rejecting a request
(when a reject-type restriction fails due to a temporary error,
this logs a "reject_warning" message for any implicit "defer_if_permit"
actions that would normally prevent mail from being accepted by
some later access restriction). This feature has no effect on
defer_if_reject restrictions.
XCLIENT
With this feature, an authorized SMTP
client can impersonate other systems and perform realistic SMTP
access rule tests. Examples of how to impersonate other systems
for access rule testing are given at the end of the XCLIENT_README
document. This feature is available in Postfix 2.1.
@
1.1.1.2
log
@Import Postfix 2.10.2. Major changes since version 2.9.* are:
- Separation of relay policy (with smtpd_relay_restrictions) from spam policy
(with smtpd_{client, helo, sender, recipient}_restrictions), which makes
accidental open relay configuration less likely. The default is backwards
compatible.
- HAproxy load-balancer support for postscreen(8) and smtpd(8). The nginx
proxy was already supported by Postfix 2.9 smtpd(8), using XCLIENT commands.
- Support for the TLSv1 and TLSv2 protocols, as well as support to turn them
off if needed for inter-operability.
- Laptop-friendly configuration. By default, Postfix now uses UNIX-domain
sockets instead of FIFOs, and thus avoids MTIME file system updates on an
idle mail system.
- Revised postconf(1) command. The "-x" option expands $name in a parameter
value (both main.cf and master.cf); the "-o name=value" option overrides
a main.cf parameter setting; and postconf(1) now warns about a $name that
has no name=value setting.
- Sendmail-style "socketmap" lookup tables.
@
text
@d63 4
a66 13
networks, from clients that have authenticated with SASL, or to
domains that are configured as authorized relay
destinations. For a description of the default mail relay policy,
see the smtpd_relay_restrictions parameter in the postconf(5) manual
page, and the information that is referenced from there.
NOTE: Postfix versions before 2.10 did not have
smtpd_relay_restrictions. They combined the mail relay and spam
blocking policies, under smtpd_recipient_restrictions. This could
lead to unexpected results. For example, a permissive spam blocking
policy could unexpectedly result in a permissive mail relay policy.
An example of this is documented under "Dangerous
use of smtpd_recipient_restrictions".
d181 2
a182 17
# Relay control (Postfix 2.10 and later): local clients and
# authenticated clients may specify any destination domain.
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
# Spam control: exclude local clients and authenticated clients
# from DNSBL lookups.
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
# reject_unauth_destination is not needed here if the mail
# relay policy is specified under smtpd_relay_restrictions
# (available with Postfix 2.10 and later).
reject_unauth_destination
reject_rbl_client zen.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org
d208 1
a208 2
Restriction list name
Version
Status
Effect
d211 1
a211 2
smtpd_client_restrictions
All
Optional
d214 1
a214 2
smtpd_helo_restrictions
All
Optional
d217 1
a217 2
smtpd_sender_restrictions
All
Optional
d220 2
a221 12
smtpd_relay_restrictions
≥ 2.10
Required if smtpd_recipient_restrictions does not enforce
relay policy
Reject RCPT TO information
< 2.10
Not available
smtpd_recipient_restrictions
≥
2.10
Required if smtpd_relay_restrictions does not enforce
relay policy
Reject RCPT TO information
d223 1
a223 4
< 2.10
Required
smtpd_data_restrictions
≥ 2.0
Optional
d226 1
a226 2
smtpd_end_of_data_restrictions
≥ 2.2
Optional
d229 1
a229 2
smtpd_etrn_restrictions
All
Optional
d251 2
a252 2
helo, etrn) or (client, helo, sender, relay, recipient, data, or
end-of-data) restrictions.
d254 1
a254 1
DEFER the restriction lists that follow (example: helo, sender, etc.)
a302 6
The problem is that Postfix versions before 2.10 did not have
smtpd_relay_restrictions. They combined the mail relay and spam
blocking policies, under smtpd_recipient_restrictions. The result
is that a permissive spam blocking policy could unexpectedly result
in a permissive mail relay policy.
The above mistake will not happen with Postfix 2.10 and later,
when the relay policy is specified under smtpd_relay_restrictions,
and the spam blocking policy under smtpd_recipient_restrictions.
Then, a permissive spam blocking policy will not result in a
permissive mail relay policy.
d351 12
a362 15
warn_if_reject
When placed before a reject-type
restriction, access table query, or check_policy_service query,
this logs a "reject_warning" message instead of rejecting a request
(when a reject-type restriction fails due to a temporary error,
this logs a "reject_warning" message for any implicit "defer_if_permit"
actions that would normally prevent mail from being accepted by
some later access restriction). This feature has no effect on
defer_if_reject restrictions.
XCLIENT
With this feature, an authorized SMTP
client can impersonate other systems and perform realistic SMTP
access rule tests. Examples of how to impersonate other systems
for access rule testing are given at the end of the XCLIENT_README
document. This feature is available in Postfix 2.1.
@
1.1.1.2.12.1
log
@Sync with HEAD
@
text
@a204 1
reject_rhsbl_reverse_client dbl.spamhaus.org,
d217 1
a217 1
again later). The end of each list is equivalent to a PERMIT result.
@
1.1.1.2.8.1
log
@Sync with HEAD
@
text
@a204 1
reject_rhsbl_reverse_client dbl.spamhaus.org,
d217 1
a217 1
again later). The end of each list is equivalent to a PERMIT result.
@
1.1.1.3
log
@The stable Postfix release is called postfix-3.0.x where 3=major
release number, 0=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-3.1-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 2.10 or earlier, read RELEASE_NOTES-2.11
before proceeding.
Notes for distribution maintainers
----------------------------------
* New backwards-compatibility safety net.
With NEW Postfix installs, you MUST install a main.cf file with
the setting "compatibility_level = 2". See conf/main.cf for an
example.
With UPGRADES of existing Postfix systems, you MUST NOT change the
main.cf compatibility_level setting, nor add this setting if it
does not exist.
Several Postfix default settings have changed with Postfix 3.0. To
avoid massive frustration with existing Postfix installations,
Postfix 3.0 comes with a safety net that forces Postfix to keep
running with backwards-compatible main.cf and master.cf default
settings. This safety net depends on the main.cf compatibility_level
setting (default: 0). Details are in COMPATIBILITY_README.
* New Postfix build system.
The Postfix build/install procedure has changed to support Postfix
dynamically-linked libraries and database plugins. These must not
be "shared" with non-Postfix programs, and therefore must not be
installed in a public directory.
To avoid massive frustration due to broken patches, PLEASE BUILD
POSTFIX FIRST WITHOUT APPLYING ANY PATCHES. Follow the INSTALL
instructions (see "Building with Postfix dynamically-linked libraries
and database plugins"), and see how things work and what the
dynamically-linked libraries, database plugin, and configuration
files look like. Then, go ahead and perform your platform-specific
customizations. The INSTALL section "Tips for distribution maintainers"
has further suggestions.
Major changes - critical
------------------------
[Incompat 20140714] After upgrading Postfix, "postfix reload" (or
start/stop) is required. Several Postfix-internal protocols have
been extended to support SMTPUTF8. Failure to reload or restart
will result in mail staying queued, while Postfix daemons log
warning messages about unexpected attributes.
Major changes - default settings
--------------------------------
[Incompat 20141009] The default settings have changed for relay_domains
(new: empty, old: $mydestination) and mynetworks_style (new: host,
old: subnet). However the backwards-compatibility safety net will
prevent these changes from taking effect, giving the system
administrator the option to make an old default setting permanent
in main.cf or to adopt the new default setting, before turning off
backwards compatibility. See COMPATIBILITY_README for details.
[Incompat 20141001] A new backwards-compatibility safety net forces
Postfix to run with backwards-compatible main.cf and master.cf
default settings after an upgrade to a newer but incompatible Postfix
version. See COMPATIBILITY_README for details.
While the backwards-compatible default settings are in effect,
Postfix logs what services or what email would be affected by the
incompatible change. Based on this the administrator can make some
backwards-compatibility settings permanent in main.cf or master.cf,
before turning off backwards compatibility.
See postconf.5.html#compatibility_level for details.
[Incompat 20141001] The default settings
have changed for append_dot_mydomain (new: no. old: yes), master.cf
chroot (new: n, old: y), and smtputf8 (new: yes, old: no).
Major changes - access control
------------------------------
[Feature 20141119] Support for BCC actions in header/body_checks
and milter_header_checks. There is no limit on the number of BCC
actions that may be specified, other than the implicit limit due
to finite storage. BCC support will not be implemented in Postfix
delivery agent header/body_checks.
It works in the same way as always_bcc and sender/recipient_bcc_maps:
there can be only one address per action, recipients are added with
the NOTIFY=NONE delivery status notification option, and duplicate
recipients are ignored (with the same delivery status notification
options).
[Incompat 20141009] The default settings have changed for relay_domains
(new: empty, old: $mydestination) and mynetworks_style (new: host,
old: subnet). However the backwards-compatibility safety net will
prevent these changes from taking effect, giving the system
administrator the option to make an old default setting permanent
in main.cf or to adopt the new default setting, before turning off
backwards compatibility. See COMPATIBILITY_README for details.
[Feature 20140618] New INFO action in access(5) tables, for consistency
with header/body_checks.
[Feature 20140620] New check_xxx_a_access (for xxx in client,
reverse_client, helo, sender, recipient) implements access control
on all A and AAAA IP addresses for respectively the client hostname,
helo parameter, sender domain or recipient domain. This complements
the existing check_xxx_mx_access and check_xxx_ns_access features.
Major changes - address rewriting
---------------------------------
[Incompat 20141001] The default settings have changed for
append_dot_mydomain (new: no. old: yes), master.cf chroot (new:
n, old: y), and smtputf8 (new: yes, old: no).
Major changes - address verification
------------------------------------
[Feature 20141227] The new smtp_address_verify_target parameter
(default: rcpt) specifies what protocol stage decides if a recipient
is valid. Specify "data" for servers that reject invalid recipients
in response to the DATA command.
Major changes - database support
--------------------------------
[Feature 20140512] Support for Berkeley DB version 6.
[Feature 20140618] The "randmap" lookup table performs random
selection. This may be used to implement load balancing, for example:
/etc/postfix/transport:
# Deliver my own domain as usual.
example.com :
.example.com :
/etc/postfix/main.cf:
transport_maps =
# Deliver my own domain as usual.
hash:/etc/postfix/transport
# Deliver other domains via randomly-selected relayhosts
randmap:{smtp:smtp0.example.com, smtp:smtp1.example.com}
A variant of this can randomly select SMTP clients with different
smtp_bind_address settings.
To implement different weights, specify lookup results multiple
times. For example, to choose smtp:smtp1.example.com twice as often
as smtp:smtp0.example.com, specify smtp:smtp1.example.com twice.
A future version may support randmap:/path/to/file to load a list
of results from file.
[Feature 20140618] As the name suggests, the "pipemap" table
implements a pipeline of lookup tables. The name of the table
specifies the pipeline as a sequence of tables. For example, the
following prevents SMTP mail to system accounts that have "nologin"
as their login shell:
/etc/postfix/main.cf:
local_recipient_maps =
pipemap:{unix:passwd.byname, pcre:/etc/postfix/no-nologin.pcre}
alias_maps
/etc/postfix/no-nologin.pcre:
!/nologin/ whatever
Each "pipemap:" query is given to the first table. Each table
lookup result becomes the query for the next table in the pipeline,
and the last table produces the final result. When any table lookup
produces no result, the entire pipeline produces no result.
A future version may support pipemap:/path/to/file to load a list
of lookup tables from file.
[Feature 20140924] Support for unionmap, with the same syntax as
pipemap. This sends a query to all tables, and concatenates non-empty
results, separated by comma.
[Feature 20131121] The "static" lookup table now supports whitespace
when invoked as "static:{ text with whitespace }", so that it can
be used, for example, at the end of smtpd_mumble_restrictions as
"check_mumble_access static:{reject text...}".
[Feature 20141126] "inline:{key=value, { key = text with comma/space}}"
avoids the need to create a database for just a few entries.
Major changes - delivery status notifications
---------------------------------------------
[Feature 20140321] Delivery status filter support, to replace the
delivery status codes and explanatory text of successful or
unsuccessful deliveries by Postfix mail delivery agents.
This was originally implemented for sites that want to turn certain
soft delivery errors into hard delivery errors, but it can also be
used to censor out information from delivery confirmation reports.
This feature is implemented as a filter that replaces the three-number
enhanced status code and descriptive text in Postfix delivery agent
success, bounce, or defer messages. Note: this will not override
"soft_bounce=yes", and this will not change a successful delivery
status into an unsuccessful status or vice versa.
The first example turns specific soft TLS errors into hard
errors, by overriding the first number in the enhanced status code.
/etc/postfix/main.cf:
smtp_delivery_status_filter = pcre:/etc/postfix/smtp_dsn_filter
/etc/postfix/smtp_dsn_filter:
/^4(\.\d+\.\d+ TLS is required, but host \S+ refused to start TLS: .+)/ 5$1
/^4(\.\d+\.\d+ TLS is required, but was not offered by host .+)/ 5$1
The second example removes the destination command name and file
name from local(8) successful delivery reports, so that they will
not be reported when a sender requests confirmation of delivery.
/etc/postfix/main.cf:
local_delivery_status_filter = pcre:/etc/postfix/local_dsn_filter
/etc/postfix/local_dsn_filter:
/^(2\S+ delivered to file).+/ $1
/^(2\S+ delivered to command).+/ $1
This feature is supported in the lmtp(8), local(8), pipe(8), smtp(8)
and virtual(8) delivery agents. That is, all delivery agents that
actually deliver mail. It will not be implemented in the error and
retry pseudo-delivery agents.
The new main.cf parameters and default values are:
default_delivery_status_filter =
lmtp_delivery_status_filter = $default_delivery_status_filter
local_delivery_status_filter = $default_delivery_status_filter
pipe_delivery_status_filter = $default_delivery_status_filter
smtp_delivery_status_filter = $default_delivery_status_filter
virtual_delivery_status_filter = $default_delivery_status_filter
See the postconf(5) manpage for more details.
[Incompat 20140618] The pipe(8) delivery agent will now log a limited
amount of command output upon successful delivery, and will report
that output in "SUCCESS" delivery status reports. This is another
good reason to disable inbound DSN requests at the Internet perimeter.
[Feature 20140907] With "confirm_delay_cleared = yes", Postfix
informs the sender when delayed mail leaves the queue (this is in
addition to the delay_warning_time feature that warns when mail is
still queued). This feature is disabled by default, because it can
result in a sudden burst of notifications when the queue drains at
the end of a prolonged network outage.
Major changes - dns
-------------------
[Feature 20141128] Support for DNS server reply filters in the
Postfix SMTP/LMTP client and SMTP server. This helps to work around
mail delivery problems with sites that have incorrect DNS information.
Note: this has no effect on the implicit DNS lookups that are made
by nsswitch.conf or equivalent mechanisms.
This feature renders each lookup result as one line of text in
standard zone-file format as shown below. The class field is always
"IN", the preference field exists only for MX records, the names
of hosts, domains, etc. end in ".", and those names are in ASCII
form (xn--mumble form for internationalized domain names).
name ttl class type preference value
---------------------------------------------------------
postfix.org. 86400 IN MX 10 mail.cloud9.net.
Typically, one would match this text with a regexp: or pcre: table.
When a match is found, the table lookup result specifies an action.
By default, the table query and the action name are case-insensitive.
Currently, only the IGNORE action is implemented.
For safety reasons, Postfix logs a warning or defers mail delivery
when a DNS reply filter removes all lookup results from a successful
query.
The Postfix SMTP/LMTP client uses the smtp_dns_reply_filter and
lmtp_dns_reply_filter features only for Postfix SMTP client lookups
of MX, A, and AAAAA records to locate a remote SMTP or LMTP server,
including lookups that implement the features reject_unverified_sender
and reject_unverified_recipient. The filters are not used for lookups
made through nsswitch.conf and similar mechanisms.
The Postfix SMTP server uses the smtpd_dns_reply_filter feature
only for Postfix SMTP server lookups of MX, A, AAAAA, and TXT records
to implement the features reject_unknown_helo_hostname,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
reject_rbl_*, and reject_rhsbl_*. The filter is not used for lookups
made through nsswitch.conf and similar mechanisms, such as lookups
of the remote SMTP client name.
[Feature 20141126] Nullmx support (MX records with a null hostname).
This change affects error messages only. The Postfix SMTP client
already bounced mail for such domains, and the Postfix SMTP server
already rejected such domains with reject_unknown_sender/recipient_domain.
This feature introduces a new SMTP server configuration parameter
nullmx_reject_code (default: 556).
Major changes - dynamic linking
-------------------------------
[Feature 20140530] Support to build Postfix with Postfix
dynamically-linked libraries, and with dynamically-loadable database
clients. These MUST NOT be used by non-Postfix programs. Postfix
dynamically-linked libraries introduce minor runtime overhead and
result in smaller Postfix executable files. Dynamically-loadable
database clients are useful when you distribute or install pre-compiled
packages. Postfix 3.0 supports dynamic loading for CDB, LDAP, LMDB,
MYSQL, PCRE, PGSQL, SDBM, and SQLITE database clients.
This implementation is based on Debian code by LaMont Jones, initially
ported by Viktor Dukhovni. Currently, support exists for recent
versions of Linux, FreeBSD, MacOS X, and for the ancient Solaris 9.
To support Postfix dynamically-linked libraries and dynamically-loadable
database clients, the Postfix build procedure had to be changed
(specifically, the files makedefs and Makefile.in, and the files
postfix-install and post-install that install or update Postfix).
[Incompat 20140530] The Postfix 3.0 build procedure expects that
you specify database library dependencies with variables named
AUXLIBS_CDB, AUXLIBS_LDAP, etc. With Postfix 3.0 and later, the
old AUXLIBS variable still supports building a statically-loaded
CDB etc. database client, but only the new AUXLIBS_CDB etc. variables
support building a dynamically-loaded or statically-loaded CDB etc.
database client. See CDB_README, LDAP_README, etc. for details.
Failure to follow this advice will defeat the purpose of dynamic
database client loading. Every Postfix executable file will have
database library dependencies. And that was exactly what dynamic
database client loading was meant to avoid.
Major changes - future proofing
-------------------------------
[Cleanup 20141224] The changes described here have no visible effect
on Postfix behavior, but they make Postfix code easier to maintain,
and therefore make new functionality easier to add.
* Compile-time argument typechecks of non-printf/scanf-like variadic
function argument lists.
* Deprecating the use of "char *" for non-text purposes such as
memory allocation and pointers to application context for call-back
functions. This dates from long-past days before void * became
universally available.
* Replace integer types for counters and sizes with size_t or ssize_t
equivalents. This eliminates some wasteful 64<->32bit conversions
on 64-bit systems.
Major changes - installation pathnames
--------------------------------------
[Incompat 20140625] For compliance with file system policies, some
non-executable files have been moved from $daemon_directory to the
directory specified with the new meta_directory configuration
parameter which has the same default value as the config_directory
parameter. This change affects non-executable files that are shared
between multiple Postfix instances such as postfix-files, dynamicmaps.cf,
and multi-instance template files.
For backwards compatibility with Postfix 2.6 .. 2.11, specify
"meta_directory = $daemon_directory" in main.cf before installing
or upgrading Postfix, or specify "meta_directory = /path/name" on
the "make makefiles", "make install" or "make upgrade" command line.
Major changes - milter
----------------------
[Feature 20140928] Support for per-Milter settings that override
main.cf parameters. For details see the section "Advanced policy
client configuration" in the SMTPD_POLICY_README document.
Here is an example that uses both old and new syntax:
smtpd_milters = { inet:127.0.0.1:port1, default_action=accept, ... },
inet:127.0.0.1:port2, ...
The supported attribute names are: command_timeout, connect_timeout,
content_timeout, default_action, and protocol. These have the same
names as the corresponding main.cf parameters, without the "milter_"
prefix.
The per-milter settings are specified as attribute=value pairs
separated by comma or space; specify { name = value } to allow
spaces around the "=" or within an attribute value.
[Feature 20141018] DMARC compatibility: when a Milter inserts a
header ABOVE Postfix's own Received: header, Postfix no longer
exposes its own Received: header to Milters (violating protocol)
and Postfix no longer hides the Milter-inserted header from Milters
(wtf).
Major changes - parameter syntax
--------------------------------
[Feature 20140921] In preparation for configurable mail headers and
logging, new main.cf support for if-then-else expressions:
${name?{text1}:{text2}}
and for logical expressions:
${{text1}=={text2}?{text3}:{text4}}
${{text1}!={text2}?{text3}:{text4}}
Whitespace before and after {text} is ignored. This can help to
make complex expressions more readable. See the postconf(5) manpage
for further details.
[Feature 20140928] Support for whitespace in daemon command-line
arguments. For details, see the "Command name + arguments" section
in the master(5) manpage. Example:
smtpd -o { parameter = value containing whitespace } ...
The { ... } form is also available for non-option command-line
arguments in master.cf, for example:
pipe ... argv=command { argument containing whitespace } ...
In both cases, whitespace immediately after "{" and before "}"
is ignored.
[Feature 20141005] Postfix import_environment and export_environment
now allow "{ name=value }" to protect whitespace in attribute values.
[Feature 20141006] The new message_drop_header parameter replaces
a hard-coded table that specifies what message headers the cleanup
daemon will remove. The list of supported header names covers RFC
5321, 5322, MIME RFCs, and some historical names.
Major changes - pipe daemon
---------------------------
[Incompat 20140618] The pipe(8) delivery agent will now log a limited
amount of command output upon successful delivery, and will report
that output in "SUCCESS" delivery status reports. This is another
good reason to disable inbound DSN requests at the Internet perimeter.
Major changes - policy client
-----------------------------
[Feature 20140703] This release introduces three new configuration
parameters that control error recovery for failed SMTPD policy
requests.
* smtpd_policy_service_default_action (default: 451 4.3.5 Server
configuration problem): The default action when an SMTPD policy
service request fails.
* smtpd_policy_service_try_limit (default: 2): The maximal number
of attempts to send an SMTPD policy service request before
giving up. This must be a number greater than zero.
* smtpd_policy_service_retry_delay (default: 1s): The delay between
attempts to resend a failed SMTPD policy service request. This
must be a number greater than zero.
See postconf(5) for details and limitations.
[Feature 20140928] Support for per-policy service settings that
override main.cf parameters. For details see the section "Different
settings for different Milter applications" in the MILTER_README
document.
Here is an example that uses both old and new syntax:
smtpd_recipient_restrictions = ...
check_policy_service { inet:127.0.0.1:port3, default_action=DUNNO }
check_policy_service inet:127.0.0.1:port4
...
The per-policy service settings are specified as attribute=value pairs
separated by comma or space; specify { name = value } to allow
spaces around the "=" or within an attribute value.
The supported attribute names are: default_action, max_idle, max_ttl,
request_limit, retry_delay, timeout, try_limit. These have the same
names as the corresponding main.cf parameters, without the
"smtpd_policy_service_" prefix.
[Feature 20140505] A client port attribute was added to the policy
delegation protocol.
[Feature 20140630] New smtpd_policy_service_request_limit feature to
limit the number of requests per Postfix SMTP server policy connection.
This is a workaround to avoid error-recovery delays with policy
servers that cannot maintain a persistent connection.
Major changes - position-independent executables
------------------------------------------------
[Feature 20150205] Preliminary support for building position-independent
executables (PIE), tested on Fedora Core 20, Ubuntu 14.04, FreeBSD
9 and 10, and NetBSD 6. Specify:
$ make makefiles pie=yes ...other arguments...
On some systems, PIE is used by the ASLR exploit mitigation technique
(ASLR = Address-Space Layout Randomization). Whether specifying
"pie=yes" has any effect at all depends on the compiler. Reportedly,
some compilers always produce PIE executables.
Major changes - postscreen
--------------------------
[Feature 20140501] Configurable time limit (postscreen_dnsbl_timeout)
for DNSBL or DNSWL lookups. This is separate from the timeouts in
the dnsblog(8) daemon which are controlled by system resolver(3)
routines.
Major changes - session fingerprint
-----------------------------------
[Feature 20140801] The Postfix SMTP server now logs at the end of
a session how many times an SMTP command was successfully invoked,
followed by the total number of invocations if some invocations
were unsuccessful.
This logging will enough to diagnose many problems without using
verbose logging or network sniffer.
Normal session, no TLS:
disconnect from name[addr] ehlo=1 mail=1 rcpt=1 data=1 quit=1
Normal session. with TLS:
disconnect from name[addr] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1
All recipients rejected, no ESMTP command pipelining:
disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 quit=1
All recipients rejected, with ESMTP command pipelining:
disconnect from name[addr] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1
Password guessing bot, hangs up without QUIT:
disconnect from name[addr] ehlo=1 auth=0/1
Mis-configured client trying to use TLS wrappermode on port 587:
disconnect from name[addr] unknown=0/1
Logfile analyzers can trigger on the presence of "/". It indicates
that Postfix rejected at least one command.
[Feature 20150118] As a late addition, the SMTP server now also
logs the total number of commands (as "commands=x/y") even when the
client did not send any commands. This helps logfile analyzers to
recognize sessions without commands.
Major changes - smtp client
---------------------------
[Feature 20141227] The new smtp_address_verify_target parameter
(default: rcpt) determines what protocol stage decides if a recipient
is valid. Specify "data" for servers that reject recipients after
the DATA command.
Major changes - smtputf8
------------------------
[Incompat 20141001] The default settings have changed for
append_dot_mydomain (new: no, old: yes), master.cf chroot (new:
n, old: y), and smtputf8 (new: yes, old: no).
[Incompat 20140714] After upgrading Postfix, "postfix reload" (or
start/stop) is required. Several Postfix-internal protocols have
been extended to support SMTPUTF8. Failure to reload or restart
will result in mail staying queued, while Postfix daemons log
warning messages about unexpected attributes.
[Feature 20140715] Support for Email Address Internationalization
(EAI) as defined in RFC 6531..6533. This supports UTF-8 in SMTP/LMTP
sender addresses, recipient addresses, and message header values.
The implementation is based on initial work by Arnt Gulbrandsen
that was funded by CNNIC.
See SMTPUTF8_README for a description of Postfix SMTPUTF8 support.
[Feature 20150112] UTF-8 Casefolding support for Postfix lookup
tables and matchlists (mydestination, relay_domains, etc.). This
is enabled only with "smtpuf8 = yes".
[Feature 20150112] With smtputf8_enable=yes, SMTP commands with
UTF-8 syntax errors are rejected, table lookup results with invalid
UTF-8 syntax are handled as configuration errors, and UTF-8 syntax
errors in policy server replies result in execution of the policy
server's default action.
Major changes - tls support
---------------------------
(see "Major changes - delivery status notifications" above for
turning 4XX soft errors into 5XX bounces when a remote SMTP server
does not offer STARTTLS support).
[Feature 20140209] the Postfix SMTP client now also falls back to
plaintext when TLS fails AFTER the TLS protocol handshake.
[Feature 20140218] The Postfix SMTP client now requires that a queue
file is older than $minimal_backoff_time, before falling back from
failed TLS to plaintext (both during or after the TLS handshake).
[Feature 20141021] Per IETF TLS WG consensus, the tls_session_ticket_cipher
default setting was changed from aes-128-cbc to aes-256-cbc.
[Feature 20150116] TLS wrappermode support in the Postfix smtp(8)
client (new smtp_tls_wrappermode parameter) and in posttls-finger(1)
(new -w option). There still is life in that deprecated protocol,
and people should not have to jump hoops with stunnel.
@
text
@a204 1
reject_rhsbl_reverse_client dbl.spamhaus.org,
d217 1
a217 1
again later). The end of each list is equivalent to a PERMIT result.
@
1.1.1.3.14.1
log
@Pull up the following, requeste by kim in ticket #1779:
external/ibm-public/postfix/dist/README_FILES/BDAT_README up to 1.1.1.2
external/ibm-public/postfix/dist/README_FILES/MAILLOG_README up to 1.1.1.4
external/ibm-public/postfix/dist/README_FILES/POSTSCREEN_3_5_README up to 1.1.1.1
external/ibm-public/postfix/dist/html/BDAT_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/MAILLOG_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/makedefs.1.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/postlogd.8.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/POSTSCREEN_3_5_README.html up to 1.1.1.2
external/ibm-public/postfix/dist/html/postfix-doc.css up to 1.1.1.1
external/ibm-public/postfix/dist/man/man1/makedefs.1 up to 1.3
external/ibm-public/postfix/dist/man/man8/postlogd.8 up to 1.3
external/ibm-public/postfix/dist/mantools/missing-proxy-read-maps up to 1.1.1.3
external/ibm-public/postfix/dist/mantools/spelldiff up to 1.1.1.1
external/ibm-public/postfix/dist/mantools/check-double-cc up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/check-double-install-proto-text up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/check-double-proto-html up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/comment.c up to 1.2
external/ibm-public/postfix/dist/mantools/check-postfix-files up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/check-spell-cc up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/check-spell-install-proto-text up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/check-spell-proto-html up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/deroff up to 1.1.1.1
external/ibm-public/postfix/dist/mantools/find-double up to 1.1.1.1
external/ibm-public/postfix/dist/mantools/check-double-history up to 1.1.1.1
external/ibm-public/postfix/dist/mantools/check-spell-history up to 1.1.1.1
external/ibm-public/postfix/dist/mantools/check-table-proto up to 1.1.1.1
external/ibm-public/postfix/dist/proto/BDAT_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/MAILLOG_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/POSTSCREEN_3_5_README.html up to 1.1.1.2
external/ibm-public/postfix/dist/proto/stop.double-cc up to 1.1.1.2
external/ibm-public/postfix/dist/proto/stop.double-install-proto-text up to 1.1.1.1
external/ibm-public/postfix/dist/proto/stop.double-proto-html up to 1.1.1.2
external/ibm-public/postfix/dist/proto/stop.spell-cc up to 1.1.1.2
external/ibm-public/postfix/dist/proto/stop.spell-proto-html up to 1.1.1.2
external/ibm-public/postfix/dist/proto/stop.double-history up to 1.1.1.1
external/ibm-public/postfix/dist/proto/stop.spell-history up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/bounce_notify_util_tester.c up to 1.2
external/ibm-public/postfix/dist/src/bounce/logfile-no-msgid-no-eoh-event up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/logfile-no-msgid-with-eoh-event up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/logfile-with-msgid-no-eoh-event up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/logfile-with-msgid-with-eoh-event up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/logfile-with-msgid-with-filter up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/logfile-with-msgid-with-long-line up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/msgfile-no-msgid-no-eoh-event up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/msgfile-no-msgid-with-eoh-event up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/msgfile-with-msgid-no-eoh-event up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/msgfile-with-msgid-with-eoh-event up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/obs_template_test.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/msgfile-with-msgid-with-filter up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/msgfile-with-msgid-with-long-line up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/no-msgid-no-eoh-event-no-thread.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/no-msgid-no-eoh-event-with-thread.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/no-msgid-with-eoh-event-no-thread.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/no-msgid-with-eoh-event-with-thread.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/with-msgid-no-eoh-event-no-thread.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/with-msgid-no-eoh-event-with-thread.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/with-msgid-with-eoh-event-no-thread.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/with-msgid-with-eoh-event-with-thread.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/with-msgid-with-filter-no-thread.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/with-msgid-with-filter-with-thread.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/with-msgid-with-long-line-no-thread.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/bounce/with-msgid-with-long-line-with-thread.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in13e up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in13f up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in13g up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in13h up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in13i up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref13e up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref13f up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref13g up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref13h up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref13i up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/test-queue-file13e up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/test-queue-file13f up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/test-queue-file13g up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/test-queue-file13h up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/test-queue-file13i up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in17a up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in17b up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in17c up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in17d up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in17e up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in17f up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.in17g up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17a1 up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17a2 up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17b1 up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17b2 up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17c1 up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17c2 up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17d1 up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17d2 up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17e1 up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17e2 up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17f1 up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17f2 up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17g1 up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref17g2 up to 1.1.1.1
external/ibm-public/postfix/dist/src/cleanup/test-queue-file17 up to 1.1.1.1
external/ibm-public/postfix/dist/src/dns/dns_str_resflags.c up to 1.3
external/ibm-public/postfix/dist/src/dns/dns_sec.c up to 1.2
external/ibm-public/postfix/dist/src/global/header_body_checks_strip.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/global/info_log_addr_form.c up to 1.2
external/ibm-public/postfix/dist/src/global/info_log_addr_form.h up to 1.2
external/ibm-public/postfix/dist/src/global/mail_addr_crunch.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/global/mail_addr_crunch.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/global/mail_addr_find.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/global/map_search.c up to 1.4
external/ibm-public/postfix/dist/src/global/map_search.h up to 1.2
external/ibm-public/postfix/dist/src/global/mail_addr_find.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/global/mail_addr_form.c up to 1.2
external/ibm-public/postfix/dist/src/global/mail_addr_form.h up to 1.2
external/ibm-public/postfix/dist/src/global/mail_addr_map.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/global/maillog_client.c up to 1.3
external/ibm-public/postfix/dist/src/global/maillog_client.h up to 1.2
external/ibm-public/postfix/dist/src/global/map_search.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/global/normalize_mailhost_addr.c up to 1.3
external/ibm-public/postfix/dist/src/global/normalize_mailhost_addr.h up to 1.2
external/ibm-public/postfix/dist/src/global/off_cvt.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/global/off_cvt.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/global/quote_822_local.in up to 1.1.1.2
external/ibm-public/postfix/dist/src/global/quote_822_local.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/global/quote_flags.c up to 1.2
external/ibm-public/postfix/dist/src/global/reject_deliver_request.c up to 1.2
external/ibm-public/postfix/dist/src/global/compat_level.c up to 1.3
external/ibm-public/postfix/dist/src/global/compat_level.h up to 1.3
external/ibm-public/postfix/dist/src/global/test_main.c up to 1.2
external/ibm-public/postfix/dist/src/global/compat_level_convert.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/global/compat_level_convert.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/global/compat_level_expand.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/global/compat_level_expand.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/global/config_known_tcp_ports.c up to 1.2
external/ibm-public/postfix/dist/src/global/config_known_tcp_ports.h up to 1.2
external/ibm-public/postfix/dist/src/global/config_known_tcp_ports.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/global/delivered_hdr.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/global/hfrom_format.c up to 1.2
external/ibm-public/postfix/dist/src/global/hfrom_format.h up to 1.2
external/ibm-public/postfix/dist/src/global/hfrom_format.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/global/login_sender_match.c up to 1.2
external/ibm-public/postfix/dist/src/global/login_sender_match.h up to 1.2
external/ibm-public/postfix/dist/src/global/login_sender_match.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/global/sasl_mech_filter.c up to 1.2
external/ibm-public/postfix/dist/src/global/sasl_mech_filter.h up to 1.2
external/ibm-public/postfix/dist/src/global/test_main.h up to 1.2
external/ibm-public/postfix/dist/src/master/dgram_server.c up to 1.3
external/ibm-public/postfix/dist/src/postconf/extract_cfg.sh up to 1.1.1.1
external/ibm-public/postfix/dist/src/postconf/test64.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/postconf/test65.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/postconf/test66.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/postconf/test67.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/postconf/test68.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/postconf/test69.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/postconf/test70.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/postconf/test71.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/postmap/file_test.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/postmap/file_test.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/postmap/quote_test.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/postmap/quote_test.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/postmap/lmdb_abb up to 1.1.1.1
external/ibm-public/postfix/dist/src/postmap/lmdb_abb.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/smtp/smtp_misc.c up to 1.2
external/ibm-public/postfix/dist/src/smtp/smtp_map11.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/smtpd/smtpd_addr_valid.in up to 1.1.1.2
external/ibm-public/postfix/dist/src/smtpd/smtpd_addr_valid.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/tls/bad-back-to-back-keys.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/bad-back-to-back-keys.pem.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/bad-ec-cert-before-key.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/bad-ec-cert-before-key.pem.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/bad-key-cert-mismatch.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/bad-key-cert-mismatch.pem.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/bad-rsa-key-last.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/bad-rsa-key-last.pem.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/ecca-cert.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/ecca-pkey.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/ecee-cert.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/ecee-pkey.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/ecroot-cert.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/ecroot-pkey.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/good-mixed-keyfirst.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/good-mixed-keyfirst.pem.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/good-mixed-keylast.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/good-mixed-keylast.pem.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/good-mixed-keymiddle.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/good-mixed-keymiddle.pem.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/goodchains.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/goodchains.pem.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/mkcert.sh up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/rsaca-cert.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/rsaca-pkey.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/rsaee-cert.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/rsaee-pkey.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/rsaroot-cert.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/rsaroot-pkey.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/tls_proxy_client_misc.c up to 1.4
external/ibm-public/postfix/dist/src/tls/tls_proxy_client_print.c up to 1.4
external/ibm-public/postfix/dist/src/tls/tls_proxy_client_scan.c up to 1.4
external/ibm-public/postfix/dist/src/tls/tls_proxy_context_print.c up to 1.3
external/ibm-public/postfix/dist/src/tls/tls_proxy_context_scan.c up to 1.3
external/ibm-public/postfix/dist/src/tls/tls_proxy_server_print.c up to 1.3
external/ibm-public/postfix/dist/src/tls/tls_proxy_server_scan.c up to 1.3
external/ibm-public/postfix/dist/src/tls/warn-mixed-multi-key.pem up to 1.1.1.1
external/ibm-public/postfix/dist/src/tls/warn-mixed-multi-key.pem.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/trivial-rewrite/transport.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/trivial-rewrite/transport.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/mkmap_db.c up to 1.2
external/ibm-public/postfix/dist/src/util/mkmap.h up to 1.2
external/ibm-public/postfix/dist/src/util/argv_attr.h up to 1.3
external/ibm-public/postfix/dist/src/util/argv_attr_print.c up to 1.3
external/ibm-public/postfix/dist/src/util/argv_attr_scan.c up to 1.3
external/ibm-public/postfix/dist/src/util/byte_mask.c up to 1.2
external/ibm-public/postfix/dist/src/util/byte_mask.h up to 1.2
external/ibm-public/postfix/dist/src/util/byte_mask.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/byte_mask.ref0 up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/byte_mask.ref1 up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/byte_mask.ref2 up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_file.c up to 1.3
external/ibm-public/postfix/dist/src/util/dict_cidr_file.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/logwriter.c up to 1.2
external/ibm-public/postfix/dist/src/util/dict_cidr_file.map up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_cidr_file.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_inline_file.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_pcre_file.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_pcre_file.map up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_pcre_file.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_pipe_test.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_pipe_test.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_random.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_random_file.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_regexp_file.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_regexp_file.map up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_regexp_file.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_static_file.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_thash.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_thash.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_union_test.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_union_test.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/logwriter.h up to 1.2
external/ibm-public/postfix/dist/src/util/miss_endif_cidr.map up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/miss_endif_cidr.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/miss_endif_pcre.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/miss_endif_re.map up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/miss_endif_regexp.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/msg_logger.c up to 1.3
external/ibm-public/postfix/dist/src/util/msg_logger.h up to 1.2
external/ibm-public/postfix/dist/src/util/split_qnameval.c up to 1.2
external/ibm-public/postfix/dist/src/util/unix_dgram_connect.c up to 1.3
external/ibm-public/postfix/dist/src/util/unix_dgram_listen.c up to 1.3
external/ibm-public/postfix/dist/src/util/vbuf_print_test.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/vbuf_print_test.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/vstream_test.in up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/vstream_test.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/util/vstring_test.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/sane_strtol.c up to 1.2
external/ibm-public/postfix/dist/src/util/argv_split_at.c up to 1.2
external/ibm-public/postfix/dist/src/util/dict_stream.c up to 1.2
external/ibm-public/postfix/dist/src/util/dict_inline_cidr.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_inline_pcre.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_inline_regexp.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/dict_stream.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/find_inet.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/hash_fnv.c up to 1.3
external/ibm-public/postfix/dist/src/util/hash_fnv.h up to 1.3
external/ibm-public/postfix/dist/src/util/known_tcp_ports.c up to 1.2
external/ibm-public/postfix/dist/src/util/known_tcp_ports.h up to 1.2
external/ibm-public/postfix/dist/src/util/known_tcp_ports.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/ldseed.c up to 1.2
external/ibm-public/postfix/dist/src/util/ldseed.h up to 1.2
external/ibm-public/postfix/dist/src/util/mystrtok.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/util/sane_strtol.h up to 1.2
external/ibm-public/postfix/dist/src/util/inet_addr_sizes.c up to 1.2
external/ibm-public/postfix/dist/src/util/inet_addr_sizes.h up to 1.2
external/ibm-public/postfix/dist/src/util/inet_prefix_top.c up to 1.2
external/ibm-public/postfix/dist/src/util/inet_prefix_top.h up to 1.2
external/ibm-public/postfix/dist/src/util/mkmap_cdb.c up to 1.2
external/ibm-public/postfix/dist/src/util/mkmap_dbm.c up to 1.2
external/ibm-public/postfix/dist/src/util/mkmap_fail.c up to 1.2
external/ibm-public/postfix/dist/src/util/mkmap_lmdb.c up to 1.2
external/ibm-public/postfix/dist/src/util/mkmap_open.c up to 1.2
external/ibm-public/postfix/dist/src/util/mkmap_sdbm.c up to 1.2
external/ibm-public/postfix/dist/src/postlogd/Makefile.in up to 1.1.1.3
external/ibm-public/postfix/dist/src/postlogd/postlogd.c up to 1.3
external/ibm-public/postfix/dist/RELEASE_NOTES-3.1 up to 1.1.1.1
external/ibm-public/postfix/dist/RELEASE_NOTES-3.2 up to 1.1.1.1
external/ibm-public/postfix/dist/RELEASE_NOTES-3.3 up to 1.1.1.1
external/ibm-public/postfix/dist/RELEASE_NOTES-3.4 up to 1.1.1.1
external/ibm-public/postfix/dist/RELEASE_NOTES-3.5 up to 1.1.1.1
external/ibm-public/postfix/dist/RELEASE_NOTES-3.6 up to 1.1.1.1
external/ibm-public/postfix/dist/WISHLIST up to 1.1.1.2
external/ibm-public/postfix/dist/RELEASE_NOTES-3.7 up to 1.1.1.1
external/ibm-public/postfix/dist/README_FILES/CYRUS_README delete
external/ibm-public/postfix/dist/src/global/mkmap.h delete
external/ibm-public/postfix/dist/src/global/mkmap_cdb.c delete
external/ibm-public/postfix/dist/src/global/mkmap_db.c delete
external/ibm-public/postfix/dist/src/global/mkmap_dbm.c delete
external/ibm-public/postfix/dist/src/global/mkmap_fail.c delete
external/ibm-public/postfix/dist/src/global/mkmap_lmdb.c delete
external/ibm-public/postfix/dist/src/global/mkmap_open.c delete
external/ibm-public/postfix/dist/src/global/mkmap_sdbm.c delete
external/ibm-public/postfix/dist/src/smtp/map11_map delete
external/ibm-public/postfix/dist/src/tls/tls_proxy_print.c delete
external/ibm-public/postfix/dist/src/tls/tls_proxy_scan.c delete
external/ibm-public/postfix/dist/src/util/percentm.c delete
external/ibm-public/postfix/dist/src/util/percentm.h delete
external/ibm-public/postfix/Makefile.inc up to 1.31 (+patch)
external/ibm-public/postfix/dist/AAAREADME up to 1.1.1.4
external/ibm-public/postfix/dist/HISTORY up to 1.1.1.29
external/ibm-public/postfix/dist/INSTALL up to 1.1.1.9
external/ibm-public/postfix/dist/LICENSE up to 1.1.1.2
external/ibm-public/postfix/dist/Makefile up to 1.1.1.3
external/ibm-public/postfix/dist/Makefile.in up to 1.1.1.10
external/ibm-public/postfix/dist/Makefile.init up to 1.1.1.3
external/ibm-public/postfix/dist/RELEASE_NOTES up to 1.1.1.17
external/ibm-public/postfix/dist/TLS_ACKNOWLEDGEMENTS up to 1.1.1.2
external/ibm-public/postfix/dist/TLS_CHANGES up to 1.1.1.2
external/ibm-public/postfix/dist/TLS_LICENSE up to 1.1.1.2
external/ibm-public/postfix/dist/US_PATENT_6321267 up to 1.1.1.2
external/ibm-public/postfix/dist/makedefs up to 1.16
external/ibm-public/postfix/dist/postfix-env.sh up to 1.1.1.2
external/ibm-public/postfix/dist/postfix-install up to 1.8
external/ibm-public/postfix/dist/README_FILES/AAAREADME up to 1.1.1.6
external/ibm-public/postfix/dist/README_FILES/ADDRESS_CLASS_README up to 1.1.1.2
external/ibm-public/postfix/dist/README_FILES/ADDRESS_REWRITING_README up to 1.1.1.5
external/ibm-public/postfix/dist/README_FILES/ADDRESS_VERIFICATION_README up to 1.10
external/ibm-public/postfix/dist/README_FILES/BACKSCATTER_README up to 1.1.1.5
external/ibm-public/postfix/dist/README_FILES/BASIC_CONFIGURATION_README up to 1.1.1.6
external/ibm-public/postfix/dist/README_FILES/BUILTIN_FILTER_README up to 1.1.1.3
external/ibm-public/postfix/dist/README_FILES/COMPATIBILITY_README up to 1.1.1.3
external/ibm-public/postfix/dist/README_FILES/CONNECTION_CACHE_README up to 1.1.1.5
external/ibm-public/postfix/dist/README_FILES/DATABASE_README up to 1.1.1.9
external/ibm-public/postfix/dist/README_FILES/DB_README up to 1.1.1.3
external/ibm-public/postfix/dist/README_FILES/DEBUG_README up to 1.1.1.5
external/ibm-public/postfix/dist/README_FILES/FILTER_README up to 1.1.1.4
external/ibm-public/postfix/dist/README_FILES/FORWARD_SECRECY_README up to 1.1.1.5
external/ibm-public/postfix/dist/README_FILES/INSTALL up to 1.10
external/ibm-public/postfix/dist/README_FILES/IPV6_README up to 1.1.1.4
external/ibm-public/postfix/dist/README_FILES/LDAP_README up to 1.1.1.4
external/ibm-public/postfix/dist/README_FILES/LINUX_README up to 1.1.1.3
external/ibm-public/postfix/dist/README_FILES/LMDB_README up to 1.1.1.3
external/ibm-public/postfix/dist/README_FILES/MILTER_README up to 1.1.1.9
external/ibm-public/postfix/dist/README_FILES/MULTI_INSTANCE_README up to 1.1.1.7
external/ibm-public/postfix/dist/README_FILES/MYSQL_README up to 1.1.1.5
external/ibm-public/postfix/dist/README_FILES/OVERVIEW up to 1.1.1.5
external/ibm-public/postfix/dist/README_FILES/PCRE_README up to 1.1.1.3
external/ibm-public/postfix/dist/README_FILES/PGSQL_README up to 1.1.1.4
external/ibm-public/postfix/dist/README_FILES/POSTSCREEN_README up to 1.1.1.7
external/ibm-public/postfix/dist/README_FILES/QSHAPE_README up to 1.1.1.4
external/ibm-public/postfix/dist/README_FILES/RELEASE_NOTES up to 1.1.1.17
external/ibm-public/postfix/dist/README_FILES/SASL_README up to 1.1.1.11
external/ibm-public/postfix/dist/README_FILES/SCHEDULER_README up to 1.1.1.4
external/ibm-public/postfix/dist/README_FILES/SMTPD_ACCESS_README up to 1.1.1.6
external/ibm-public/postfix/dist/README_FILES/SMTPD_POLICY_README up to 1.1.1.7
external/ibm-public/postfix/dist/README_FILES/SMTPD_PROXY_README up to 1.1.1.6
external/ibm-public/postfix/dist/README_FILES/SMTPUTF8_README up to 1.1.1.3
external/ibm-public/postfix/dist/README_FILES/SOHO_README up to 1.1.1.4
external/ibm-public/postfix/dist/README_FILES/SQLITE_README up to 1.1.1.4
external/ibm-public/postfix/dist/README_FILES/STANDARD_CONFIGURATION_README up to 1.1.1.6
external/ibm-public/postfix/dist/README_FILES/STRESS_README up to 1.1.1.6
external/ibm-public/postfix/dist/README_FILES/TLS_LEGACY_README up to 1.1.1.3
external/ibm-public/postfix/dist/README_FILES/TLS_README up to 1.14
external/ibm-public/postfix/dist/README_FILES/TUNING_README up to 1.1.1.5
external/ibm-public/postfix/dist/README_FILES/VIRTUAL_README up to 1.1.1.3
external/ibm-public/postfix/dist/README_FILES/XCLIENT_README up to 1.1.1.4
external/ibm-public/postfix/dist/conf/LICENSE up to 1.1.1.2
external/ibm-public/postfix/dist/conf/TLS_LICENSE up to 1.1.1.2
external/ibm-public/postfix/dist/conf/access up to 1.1.1.8
external/ibm-public/postfix/dist/conf/aliases up to 1.1.1.5
external/ibm-public/postfix/dist/conf/canonical up to 1.1.1.5
external/ibm-public/postfix/dist/conf/generic up to 1.1.1.4
external/ibm-public/postfix/dist/conf/header_checks up to 1.1.1.6
external/ibm-public/postfix/dist/conf/main.cf up to 1.10
external/ibm-public/postfix/dist/conf/master.cf up to 1.11
external/ibm-public/postfix/dist/conf/post-install up to 1.4
external/ibm-public/postfix/dist/conf/postfix-files up to 1.9
external/ibm-public/postfix/dist/conf/postfix-script up to 1.4
external/ibm-public/postfix/dist/conf/postfix-tls-script up to 1.5
external/ibm-public/postfix/dist/conf/postmulti-script up to 1.3
external/ibm-public/postfix/dist/conf/relocated up to 1.1.1.3
external/ibm-public/postfix/dist/conf/transport up to 1.1.1.5
external/ibm-public/postfix/dist/conf/virtual up to 1.1.1.6
external/ibm-public/postfix/dist/html/ADDRESS_CLASS_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/ADDRESS_REWRITING_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/ADDRESS_VERIFICATION_README.html up to 1.11
external/ibm-public/postfix/dist/html/BACKSCATTER_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/BASIC_CONFIGURATION_README.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/BUILTIN_FILTER_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/CDB_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/COMPATIBILITY_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/CONNECTION_CACHE_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/CONTENT_INSPECTION_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/DATABASE_README.html up to 1.1.1.10
external/ibm-public/postfix/dist/html/DB_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/DEBUG_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/DSN_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/ETRN_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/FILTER_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/FORWARD_SECRECY_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/INSTALL.html up to 1.10
external/ibm-public/postfix/dist/html/IPV6_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/LDAP_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/LINUX_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/LMDB_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/LOCAL_RECIPIENT_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/MAILDROP_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/MEMCACHE_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/MILTER_README.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/MULTI_INSTANCE_README.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/MYSQL_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/Makefile.in up to 1.1.1.7
external/ibm-public/postfix/dist/html/NFS_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/OVERVIEW.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/PACKAGE_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/PCRE_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/PGSQL_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/POSTSCREEN_README.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/QSHAPE_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/RESTRICTION_CLASS_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/SASL_README.html up to 1.1.1.11
external/ibm-public/postfix/dist/html/SCHEDULER_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/SMTPD_ACCESS_README.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/SMTPD_POLICY_README.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/SMTPD_PROXY_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/SMTPUTF8_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/SOHO_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/SQLITE_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/STANDARD_CONFIGURATION_README.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/STRESS_README.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/TLS_LEGACY_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/TLS_README.html up to 1.15
external/ibm-public/postfix/dist/html/TUNING_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/UUCP_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/VERP_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/VIRTUAL_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/XCLIENT_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/XFORWARD_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/access.5.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/aliases.5.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/anvil.8.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/bounce.5.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/bounce.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/canonical.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/cidr_table.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/cleanup.8.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/defer.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/discard.8.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/dnsblog.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/error.8.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/flush.8.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/generic.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/header_checks.5.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/index.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/ldap_table.5.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/lmdb_table.5.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/lmtp.8.html up to 1.1.1.12
external/ibm-public/postfix/dist/html/local.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/mailq.1.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/master.5.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/master.8.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/memcache_table.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/mysql_table.5.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/newaliases.1.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/nisplus_table.5.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/oqmgr.8.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/pcre_table.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/pgsql_table.5.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/pickup.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/pipe.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/postalias.1.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/postcat.1.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/postconf.1.html up to 1.1.1.11
external/ibm-public/postfix/dist/html/postconf.5.html up to 1.19
external/ibm-public/postfix/dist/html/postdrop.1.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/postfix-manuals.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/postfix-tls.1.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/postfix-wrapper.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/postfix.1.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/postkick.1.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/postlock.1.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/postlog.1.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/postmap.1.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/postmulti.1.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/postqueue.1.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/postscreen.8.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/postsuper.1.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/posttls-finger.1.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/proxymap.8.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/qmgr.8.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/qmqp-sink.1.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/qmqp-source.1.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/qmqpd.8.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/qshape.1.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/regexp_table.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/relocated.5.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/scache.8.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/sendmail.1.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/showq.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/smtp-sink.1.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/smtp-source.1.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/smtp.8.html up to 1.1.1.12
external/ibm-public/postfix/dist/html/smtpd.8.html up to 1.1.1.13
external/ibm-public/postfix/dist/html/socketmap_table.5.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/spawn.8.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/sqlite_table.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/tcp_table.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/tlsmgr.8.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/tlsproxy.8.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/trace.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/transport.5.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/trivial-rewrite.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/verify.8.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/virtual.5.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/virtual.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/man/Makefile.in up to 1.1.1.7
external/ibm-public/postfix/dist/man/man1/postalias.1 up to 1.4
external/ibm-public/postfix/dist/man/man1/postcat.1 up to 1.4
external/ibm-public/postfix/dist/man/man1/postconf.1 up to 1.4
external/ibm-public/postfix/dist/man/man1/postdrop.1 up to 1.4
external/ibm-public/postfix/dist/man/man1/postfix-tls.1 up to 1.3
external/ibm-public/postfix/dist/man/man1/postfix.1 up to 1.6
external/ibm-public/postfix/dist/man/man1/postkick.1 up to 1.3
external/ibm-public/postfix/dist/man/man1/postlock.1 up to 1.3
external/ibm-public/postfix/dist/man/man1/postlog.1 up to 1.5
external/ibm-public/postfix/dist/man/man1/postmap.1 up to 1.4
external/ibm-public/postfix/dist/man/man1/postmulti.1 up to 1.4
external/ibm-public/postfix/dist/man/man1/postqueue.1 up to 1.5
external/ibm-public/postfix/dist/man/man1/postsuper.1 up to 1.4
external/ibm-public/postfix/dist/man/man1/posttls-finger.1 up to 1.5
external/ibm-public/postfix/dist/man/man1/sendmail.1 up to 1.4
external/ibm-public/postfix/dist/man/man1/smtp-sink.1 up to 1.3
external/ibm-public/postfix/dist/man/man5/access.5 up to 1.4
external/ibm-public/postfix/dist/man/man5/aliases.5 up to 1.5
external/ibm-public/postfix/dist/man/man5/canonical.5 up to 1.4
external/ibm-public/postfix/dist/man/man5/cidr_table.5 up to 1.5
external/ibm-public/postfix/dist/man/man5/generic.5 up to 1.4
external/ibm-public/postfix/dist/man/man5/header_checks.5 up to 1.3
external/ibm-public/postfix/dist/man/man5/ldap_table.5 up to 1.5
external/ibm-public/postfix/dist/man/man5/lmdb_table.5 up to 1.3
external/ibm-public/postfix/dist/man/man5/master.5 up to 1.4
external/ibm-public/postfix/dist/man/man5/mysql_table.5 up to 1.5
external/ibm-public/postfix/dist/man/man5/pcre_table.5 up to 1.4
external/ibm-public/postfix/dist/man/man5/pgsql_table.5 up to 1.5
external/ibm-public/postfix/dist/man/man5/postconf.5 up to 1.19
external/ibm-public/postfix/dist/man/man5/regexp_table.5 up to 1.4
external/ibm-public/postfix/dist/man/man5/relocated.5 up to 1.3
external/ibm-public/postfix/dist/man/man5/socketmap_table.5 up to 1.3
external/ibm-public/postfix/dist/man/man5/sqlite_table.5 up to 1.4
external/ibm-public/postfix/dist/man/man5/tcp_table.5 up to 1.3
external/ibm-public/postfix/dist/man/man5/transport.5 up to 1.4
external/ibm-public/postfix/dist/man/man5/virtual.5 up to 1.5
external/ibm-public/postfix/dist/man/man8/anvil.8 up to 1.3
external/ibm-public/postfix/dist/man/man8/bounce.8 up to 1.4
external/ibm-public/postfix/dist/man/man8/cleanup.8 up to 1.4
external/ibm-public/postfix/dist/man/man8/discard.8 up to 1.3
external/ibm-public/postfix/dist/man/man8/dnsblog.8 up to 1.4
external/ibm-public/postfix/dist/man/man8/error.8 up to 1.3
external/ibm-public/postfix/dist/man/man8/flush.8 up to 1.3
external/ibm-public/postfix/dist/man/man8/local.8 up to 1.4
external/ibm-public/postfix/dist/man/man8/master.8 up to 1.4
external/ibm-public/postfix/dist/man/man8/oqmgr.8 up to 1.3
external/ibm-public/postfix/dist/man/man8/pickup.8 up to 1.3
external/ibm-public/postfix/dist/man/man8/pipe.8 up to 1.4
external/ibm-public/postfix/dist/man/man8/postscreen.8 up to 1.5
external/ibm-public/postfix/dist/man/man8/proxymap.8 up to 1.3
external/ibm-public/postfix/dist/man/man8/qmgr.8 up to 1.3
external/ibm-public/postfix/dist/man/man8/qmqpd.8 up to 1.4
external/ibm-public/postfix/dist/man/man8/scache.8 up to 1.3
external/ibm-public/postfix/dist/man/man8/showq.8 up to 1.3
external/ibm-public/postfix/dist/man/man8/smtp.8 up to 1.5
external/ibm-public/postfix/dist/man/man8/smtpd.8 up to 1.5
external/ibm-public/postfix/dist/man/man8/spawn.8 up to 1.4
external/ibm-public/postfix/dist/man/man8/tlsmgr.8 up to 1.3
external/ibm-public/postfix/dist/man/man8/tlsproxy.8 up to 1.5
external/ibm-public/postfix/dist/man/man8/trivial-rewrite.8 up to 1.4
external/ibm-public/postfix/dist/man/man8/verify.8 up to 1.4
external/ibm-public/postfix/dist/man/man8/virtual.8 up to 1.4
external/ibm-public/postfix/dist/mantools/ccformat up to 1.1.1.3
external/ibm-public/postfix/dist/mantools/check-postlink up to 1.1.1.3
external/ibm-public/postfix/dist/mantools/fixman up to 1.1.1.3
external/ibm-public/postfix/dist/mantools/make-relnotes up to 1.1.1.3
external/ibm-public/postfix/dist/mantools/make_soho_readme up to 1.1.1.4
external/ibm-public/postfix/dist/mantools/makemanidx up to 1.1.1.4
external/ibm-public/postfix/dist/mantools/man2html up to 1.1.1.5
external/ibm-public/postfix/dist/mantools/manlint up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/manspell up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/postconf2man up to 1.1.1.5
external/ibm-public/postfix/dist/mantools/postlink up to 1.1.1.13
external/ibm-public/postfix/dist/mantools/readme2html up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/spell up to 1.1.1.3
external/ibm-public/postfix/dist/mantools/srctoman up to 1.1.1.3
external/ibm-public/postfix/dist/proto/ADDRESS_CLASS_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/ADDRESS_REWRITING_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/ADDRESS_VERIFICATION_README.html up to 1.11
external/ibm-public/postfix/dist/proto/BACKSCATTER_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/BASIC_CONFIGURATION_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/BUILTIN_FILTER_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/CDB_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/COMPATIBILITY_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/CONNECTION_CACHE_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/CONTENT_INSPECTION_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/DATABASE_README.html up to 1.1.1.10
external/ibm-public/postfix/dist/proto/DB_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/DEBUG_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/DSN_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/ETRN_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/FILTER_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/FORWARD_SECRECY_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/INSTALL.html up to 1.10
external/ibm-public/postfix/dist/proto/IPV6_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/LDAP_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/LINUX_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/LMDB_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/LOCAL_RECIPIENT_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/MAILDROP_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/MEMCACHE_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/MILTER_README.html up to 1.1.1.9
external/ibm-public/postfix/dist/proto/MULTI_INSTANCE_README.html up to 1.1.1.8
external/ibm-public/postfix/dist/proto/MYSQL_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/Makefile.in up to 1.1.1.7
external/ibm-public/postfix/dist/proto/NFS_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/OVERVIEW.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/PACKAGE_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/PCRE_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/PGSQL_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/POSTSCREEN_README.html up to 1.1.1.8
external/ibm-public/postfix/dist/proto/QSHAPE_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/RESTRICTION_CLASS_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/SASL_README.html up to 1.1.1.11
external/ibm-public/postfix/dist/proto/SCHEDULER_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/SMTPD_ACCESS_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/SMTPD_POLICY_README.html up to 1.1.1.7
external/ibm-public/postfix/dist/proto/SMTPD_PROXY_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/SMTPUTF8_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/SQLITE_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/STANDARD_CONFIGURATION_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/STRESS_README.html up to 1.1.1.7
external/ibm-public/postfix/dist/proto/TLS_LEGACY_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/TLS_README.html up to 1.14
external/ibm-public/postfix/dist/proto/TUNING_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/UUCP_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/VERP_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/VIRTUAL_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/XCLIENT_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/XFORWARD_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/access up to 1.1.1.8
external/ibm-public/postfix/dist/proto/aliases up to 1.1.1.6
external/ibm-public/postfix/dist/proto/canonical up to 1.1.1.5
external/ibm-public/postfix/dist/proto/cidr_table up to 1.1.1.6
external/ibm-public/postfix/dist/proto/generic up to 1.1.1.4
external/ibm-public/postfix/dist/proto/header_checks up to 1.1.1.7
external/ibm-public/postfix/dist/proto/ldap_table up to 1.1.1.7
external/ibm-public/postfix/dist/proto/lmdb_table up to 1.1.1.3
external/ibm-public/postfix/dist/proto/master up to 1.1.1.8
external/ibm-public/postfix/dist/proto/mysql_table up to 1.1.1.8
external/ibm-public/postfix/dist/proto/pcre_table up to 1.1.1.6
external/ibm-public/postfix/dist/proto/pgsql_table up to 1.1.1.8
external/ibm-public/postfix/dist/proto/postconf.html.prolog up to 1.1.1.5
external/ibm-public/postfix/dist/proto/postconf.man.prolog up to 1.1.1.4
external/ibm-public/postfix/dist/proto/postconf.proto up to 1.19
external/ibm-public/postfix/dist/proto/regexp_table up to 1.1.1.6
external/ibm-public/postfix/dist/proto/relocated up to 1.1.1.3
external/ibm-public/postfix/dist/proto/socketmap_table up to 1.1.1.3
external/ibm-public/postfix/dist/proto/sqlite_table up to 1.1.1.5
external/ibm-public/postfix/dist/proto/stop up to 1.1.1.7
external/ibm-public/postfix/dist/proto/tcp_table up to 1.1.1.4
external/ibm-public/postfix/dist/proto/transport up to 1.1.1.5
external/ibm-public/postfix/dist/proto/virtual up to 1.1.1.6
external/ibm-public/postfix/dist/src/anvil/Makefile.in up to 1.1.1.3
external/ibm-public/postfix/dist/src/anvil/anvil.c up to 1.4
external/ibm-public/postfix/dist/src/bounce/2template_test.in up to 1.1.1.2
external/ibm-public/postfix/dist/src/bounce/Makefile.in up to 1.1.1.5
external/ibm-public/postfix/dist/src/bounce/bounce.c up to 1.4
external/ibm-public/postfix/dist/src/bounce/bounce_notify_util.c up to 1.4
external/ibm-public/postfix/dist/src/bounce/bounce_service.h up to 1.3
external/ibm-public/postfix/dist/src/bounce/bounce_template.c up to 1.4
external/ibm-public/postfix/dist/src/bounce/bounce_template.h up to 1.3
external/ibm-public/postfix/dist/src/bounce/bounce_templates.c up to 1.3
external/ibm-public/postfix/dist/src/bounce/template_test.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/cleanup/Makefile.in up to 1.1.1.9
external/ibm-public/postfix/dist/src/cleanup/cleanup.c up to 1.8
external/ibm-public/postfix/dist/src/cleanup/cleanup.h up to 1.10
external/ibm-public/postfix/dist/src/cleanup/cleanup_addr.c up to 1.3
external/ibm-public/postfix/dist/src/cleanup/cleanup_api.c up to 1.4
external/ibm-public/postfix/dist/src/cleanup/cleanup_body_edit.c up to 1.3
external/ibm-public/postfix/dist/src/cleanup/cleanup_envelope.c up to 1.5
external/ibm-public/postfix/dist/src/cleanup/cleanup_init.c up to 1.7
external/ibm-public/postfix/dist/src/cleanup/cleanup_map11.c up to 1.3
external/ibm-public/postfix/dist/src/cleanup/cleanup_map1n.c up to 1.4
external/ibm-public/postfix/dist/src/cleanup/cleanup_message.c up to 1.4
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.c up to 1.5
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref13c up to 1.1.1.2
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.ref13d up to 1.1.1.2
external/ibm-public/postfix/dist/src/cleanup/cleanup_out.c up to 1.3
external/ibm-public/postfix/dist/src/cleanup/cleanup_out_recipient.c up to 1.4
external/ibm-public/postfix/dist/src/cleanup/cleanup_region.c up to 1.3
external/ibm-public/postfix/dist/src/cleanup/cleanup_state.c up to 1.4
external/ibm-public/postfix/dist/src/discard/Makefile.in up to 1.1.1.3
external/ibm-public/postfix/dist/src/discard/discard.c up to 1.3
external/ibm-public/postfix/dist/src/dns/Makefile.in up to 1.1.1.5
external/ibm-public/postfix/dist/src/dns/dns.h up to 1.6
external/ibm-public/postfix/dist/src/dns/dns_lookup.c up to 1.8
external/ibm-public/postfix/dist/src/dns/dns_rr.c up to 1.3
external/ibm-public/postfix/dist/src/dns/dns_rr_eq_sa.c up to 1.3
external/ibm-public/postfix/dist/src/dns/dns_rr_eq_sa.in up to 1.1.1.3
external/ibm-public/postfix/dist/src/dns/dns_rr_eq_sa.ref up to 1.1.1.5
external/ibm-public/postfix/dist/src/dns/dns_rr_to_pa.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/dns/dns_rr_to_sa.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/dns/dns_sa_to_rr.c up to 1.3
external/ibm-public/postfix/dist/src/dns/dns_sa_to_rr.ref up to 1.1.1.5
external/ibm-public/postfix/dist/src/dns/dns_strrecord.c up to 1.3
external/ibm-public/postfix/dist/src/dns/dns_strtype.c up to 1.2
external/ibm-public/postfix/dist/src/dns/dnsbl_ttl_127.0.0.1_bind_ncache.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/dns/dnsbl_ttl_127.0.0.1_bind_plain.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/dns/dnsbl_ttl_127.0.0.2_bind_plain.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/dns/error.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/dns/mxonly_test.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/dns/no-a.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/dns/no-aaaa.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/dns/no-mx.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/dns/nullmx_test.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/dns/nxdomain_test.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/dns/test_dns_lookup.c up to 1.3
external/ibm-public/postfix/dist/src/dnsblog/Makefile.in up to 1.1.1.3
external/ibm-public/postfix/dist/src/dnsblog/dnsblog.c up to 1.4
external/ibm-public/postfix/dist/src/error/Makefile.in up to 1.1.1.3
external/ibm-public/postfix/dist/src/error/error.c up to 1.3
external/ibm-public/postfix/dist/src/flush/Makefile.in up to 1.1.1.4
external/ibm-public/postfix/dist/src/flush/flush.c up to 1.4
external/ibm-public/postfix/dist/src/fsstone/Makefile.in up to 1.1.1.3
external/ibm-public/postfix/dist/src/global/Makefile.in up to 1.1.1.10
external/ibm-public/postfix/dist/src/global/abounce.c up to 1.3
external/ibm-public/postfix/dist/src/global/anvil_clnt.c up to 1.4
external/ibm-public/postfix/dist/src/global/anvil_clnt.h up to 1.3
external/ibm-public/postfix/dist/src/global/been_here.c up to 1.4
external/ibm-public/postfix/dist/src/global/been_here.h up to 1.3
external/ibm-public/postfix/dist/src/global/bounce.c up to 1.3
external/ibm-public/postfix/dist/src/global/bounce_log.c up to 1.3
external/ibm-public/postfix/dist/src/global/cleanup_strerror.c up to 1.2
external/ibm-public/postfix/dist/src/global/cleanup_user.h up to 1.3
external/ibm-public/postfix/dist/src/global/clnt_stream.c up to 1.4
external/ibm-public/postfix/dist/src/global/clnt_stream.h up to 1.2
external/ibm-public/postfix/dist/src/global/db_common.c up to 1.3
external/ibm-public/postfix/dist/src/global/debug_peer.c up to 1.3
external/ibm-public/postfix/dist/src/global/defer.c up to 1.3
external/ibm-public/postfix/dist/src/global/deliver_pass.c up to 1.3
external/ibm-public/postfix/dist/src/global/deliver_request.c up to 1.3
external/ibm-public/postfix/dist/src/global/deliver_request.h up to 1.3
external/ibm-public/postfix/dist/src/global/delivered_hdr.c up to 1.3
external/ibm-public/postfix/dist/src/global/dict_ldap.c up to 1.5
external/ibm-public/postfix/dist/src/global/dict_memcache.c up to 1.3
external/ibm-public/postfix/dist/src/global/dict_mysql.c up to 1.4
external/ibm-public/postfix/dist/src/global/dict_pgsql.c up to 1.4
external/ibm-public/postfix/dist/src/global/dict_proxy.c up to 1.3
external/ibm-public/postfix/dist/src/global/dict_proxy.h up to 1.3
external/ibm-public/postfix/dist/src/global/dict_sqlite.c up to 1.4
external/ibm-public/postfix/dist/src/global/dsb_scan.c up to 1.3
external/ibm-public/postfix/dist/src/global/dsb_scan.h up to 1.2
external/ibm-public/postfix/dist/src/global/dsn_print.c up to 1.3
external/ibm-public/postfix/dist/src/global/dsn_print.h up to 1.2
external/ibm-public/postfix/dist/src/global/dynamicmaps.c up to 1.4
external/ibm-public/postfix/dist/src/global/ehlo_mask.c up to 1.3
external/ibm-public/postfix/dist/src/global/ehlo_mask.h up to 1.3
external/ibm-public/postfix/dist/src/global/flush_clnt.c up to 1.3
external/ibm-public/postfix/dist/src/global/haproxy_srvr.c up to 1.3
external/ibm-public/postfix/dist/src/global/haproxy_srvr.h up to 1.2
external/ibm-public/postfix/dist/src/global/header_body_checks.c up to 1.3
external/ibm-public/postfix/dist/src/global/header_body_checks.h up to 1.3
external/ibm-public/postfix/dist/src/global/log_adhoc.c up to 1.3
external/ibm-public/postfix/dist/src/global/mail_addr_crunch.c up to 1.3
external/ibm-public/postfix/dist/src/global/mail_addr_crunch.h up to 1.2
external/ibm-public/postfix/dist/src/global/mail_addr_find.c up to 1.4
external/ibm-public/postfix/dist/src/global/mail_addr_find.h up to 1.2
external/ibm-public/postfix/dist/src/global/mail_addr_map.c up to 1.3
external/ibm-public/postfix/dist/src/global/mail_addr_map.h up to 1.2
external/ibm-public/postfix/dist/src/global/mail_command_client.c up to 1.4
external/ibm-public/postfix/dist/src/global/mail_conf.c up to 1.3
external/ibm-public/postfix/dist/src/global/mail_conf.h up to 1.3
external/ibm-public/postfix/dist/src/global/mail_conf_int.c up to 1.3
external/ibm-public/postfix/dist/src/global/mail_conf_long.c up to 1.2
external/ibm-public/postfix/dist/src/global/mail_conf_nint.c up to 1.2
external/ibm-public/postfix/dist/src/global/mail_conf_time.c up to 1.4
external/ibm-public/postfix/dist/src/global/mail_copy.c up to 1.3
external/ibm-public/postfix/dist/src/global/mail_dict.c up to 1.3
external/ibm-public/postfix/dist/src/global/mail_error.c up to 1.2
external/ibm-public/postfix/dist/src/global/mail_params.c up to 1.5
external/ibm-public/postfix/dist/src/global/mail_params.h up to 1.19
external/ibm-public/postfix/dist/src/global/mail_parm_split.c up to 1.3
external/ibm-public/postfix/dist/src/global/mail_proto.h up to 1.5
external/ibm-public/postfix/dist/src/global/mail_queue.h up to 1.3
external/ibm-public/postfix/dist/src/global/mail_stream.c up to 1.3
external/ibm-public/postfix/dist/src/global/mail_task.c up to 1.3
external/ibm-public/postfix/dist/src/global/mail_version.h up to 1.6
external/ibm-public/postfix/dist/src/global/maps.c up to 1.4
external/ibm-public/postfix/dist/src/global/maps.h up to 1.2
external/ibm-public/postfix/dist/src/global/maps.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/global/memcache_proto.c up to 1.3
external/ibm-public/postfix/dist/src/global/mime_state.c up to 1.3
external/ibm-public/postfix/dist/src/global/mkmap_proxy.c up to 1.2
external/ibm-public/postfix/dist/src/global/msg_stats.h up to 1.2
external/ibm-public/postfix/dist/src/global/msg_stats_print.c up to 1.3
external/ibm-public/postfix/dist/src/global/msg_stats_scan.c up to 1.3
external/ibm-public/postfix/dist/src/global/namadr_list.in up to 1.1.1.4
external/ibm-public/postfix/dist/src/global/namadr_list.ref up to 1.1.1.5
external/ibm-public/postfix/dist/src/global/off_cvt.c up to 1.2
external/ibm-public/postfix/dist/src/global/opened.c up to 1.2
external/ibm-public/postfix/dist/src/global/post_mail.c up to 1.4
external/ibm-public/postfix/dist/src/global/post_mail.h up to 1.3
external/ibm-public/postfix/dist/src/global/quote_822_local.c up to 1.3
external/ibm-public/postfix/dist/src/global/quote_822_local.h up to 1.2
external/ibm-public/postfix/dist/src/global/quote_flags.h up to 1.2
external/ibm-public/postfix/dist/src/global/rcpt_buf.c up to 1.4
external/ibm-public/postfix/dist/src/global/rcpt_buf.h up to 1.2
external/ibm-public/postfix/dist/src/global/rcpt_print.c up to 1.3
external/ibm-public/postfix/dist/src/global/rcpt_print.h up to 1.2
external/ibm-public/postfix/dist/src/global/rec_type.h up to 1.3
external/ibm-public/postfix/dist/src/global/record.c up to 1.4
external/ibm-public/postfix/dist/src/global/resolve_clnt.c up to 1.4
external/ibm-public/postfix/dist/src/global/resolve_clnt.h up to 1.2
external/ibm-public/postfix/dist/src/global/rewrite_clnt.c up to 1.3
external/ibm-public/postfix/dist/src/global/scache.h up to 1.3
external/ibm-public/postfix/dist/src/global/scache_clnt.c up to 1.3
external/ibm-public/postfix/dist/src/global/sent.c up to 1.3
external/ibm-public/postfix/dist/src/global/server_acl.c up to 1.3
external/ibm-public/postfix/dist/src/global/server_acl.in up to 1.1.1.2
external/ibm-public/postfix/dist/src/global/server_acl.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/global/smtp_reply_footer.c up to 1.3
external/ibm-public/postfix/dist/src/global/smtp_stream.c up to 1.5
external/ibm-public/postfix/dist/src/global/smtp_stream.h up to 1.4
external/ibm-public/postfix/dist/src/global/smtputf8.h up to 1.3
external/ibm-public/postfix/dist/src/global/split_addr.c up to 1.3
external/ibm-public/postfix/dist/src/global/split_addr.h up to 1.2
external/ibm-public/postfix/dist/src/global/strip_addr.c up to 1.4
external/ibm-public/postfix/dist/src/global/strip_addr.h up to 1.2
external/ibm-public/postfix/dist/src/global/strip_addr.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/global/trace.c up to 1.3
external/ibm-public/postfix/dist/src/global/uxtext.c up to 1.3
external/ibm-public/postfix/dist/src/global/verify.c up to 1.4
external/ibm-public/postfix/dist/src/global/verify_clnt.c up to 1.3
external/ibm-public/postfix/dist/src/global/verify_sender_addr.c up to 1.4
external/ibm-public/postfix/dist/src/global/xtext.c up to 1.3
external/ibm-public/postfix/dist/src/local/Makefile.in up to 1.1.1.8
external/ibm-public/postfix/dist/src/local/alias.c up to 1.3
external/ibm-public/postfix/dist/src/local/forward.c up to 1.4
external/ibm-public/postfix/dist/src/local/local.c up to 1.4
external/ibm-public/postfix/dist/src/local/local_expand.c up to 1.3
external/ibm-public/postfix/dist/src/local/mailbox.c up to 1.4
external/ibm-public/postfix/dist/src/local/unknown.c up to 1.8
external/ibm-public/postfix/dist/src/master/Makefile.in up to 1.1.1.7
external/ibm-public/postfix/dist/src/master/event_server.c up to 1.4
external/ibm-public/postfix/dist/src/master/mail_server.h up to 1.4
external/ibm-public/postfix/dist/src/master/master.c up to 1.4
external/ibm-public/postfix/dist/src/master/master.h up to 1.2
external/ibm-public/postfix/dist/src/master/master_conf.c up to 1.2
external/ibm-public/postfix/dist/src/master/master_ent.c up to 1.4
external/ibm-public/postfix/dist/src/master/master_listen.c up to 1.2
external/ibm-public/postfix/dist/src/master/master_monitor.c up to 1.3
external/ibm-public/postfix/dist/src/master/master_proto.h up to 1.2
external/ibm-public/postfix/dist/src/master/master_sig.c up to 1.3
external/ibm-public/postfix/dist/src/master/master_spawn.c up to 1.3
external/ibm-public/postfix/dist/src/master/master_vars.c up to 1.3
external/ibm-public/postfix/dist/src/master/master_wakeup.c up to 1.3
external/ibm-public/postfix/dist/src/master/multi_server.c up to 1.4
external/ibm-public/postfix/dist/src/master/single_server.c up to 1.4
external/ibm-public/postfix/dist/src/master/trigger_server.c up to 1.4
external/ibm-public/postfix/dist/src/milter/Makefile.in up to 1.1.1.4
external/ibm-public/postfix/dist/src/milter/milter.c up to 1.5
external/ibm-public/postfix/dist/src/milter/milter.h up to 1.4
external/ibm-public/postfix/dist/src/milter/milter8.c up to 1.5
external/ibm-public/postfix/dist/src/milter/milter_macros.c up to 1.3
external/ibm-public/postfix/dist/src/milter/test-milter.c up to 1.3
external/ibm-public/postfix/dist/src/oqmgr/Makefile.in up to 1.1.1.5
external/ibm-public/postfix/dist/src/oqmgr/qmgr.c up to 1.3
external/ibm-public/postfix/dist/src/oqmgr/qmgr.h up to 1.3
external/ibm-public/postfix/dist/src/oqmgr/qmgr_active.c up to 1.3
external/ibm-public/postfix/dist/src/oqmgr/qmgr_deliver.c up to 1.3
external/ibm-public/postfix/dist/src/oqmgr/qmgr_entry.c up to 1.3
external/ibm-public/postfix/dist/src/oqmgr/qmgr_error.c up to 1.2
external/ibm-public/postfix/dist/src/oqmgr/qmgr_feedback.c up to 1.2
external/ibm-public/postfix/dist/src/oqmgr/qmgr_message.c up to 1.4
external/ibm-public/postfix/dist/src/pickup/Makefile.in up to 1.1.1.3
external/ibm-public/postfix/dist/src/pickup/pickup.c up to 1.4
external/ibm-public/postfix/dist/src/pipe/Makefile.in up to 1.1.1.4
external/ibm-public/postfix/dist/src/pipe/pipe.c up to 1.4
external/ibm-public/postfix/dist/src/postalias/Makefile.in up to 1.1.1.6
external/ibm-public/postfix/dist/src/postalias/fail_test.in up to 1.1.1.2
external/ibm-public/postfix/dist/src/postalias/fail_test.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/postalias/postalias.c up to 1.5
external/ibm-public/postfix/dist/src/postcat/Makefile.in up to 1.1.1.5
external/ibm-public/postfix/dist/src/postcat/postcat.c up to 1.4
external/ibm-public/postfix/dist/src/postconf/Makefile.in up to 1.1.1.11
external/ibm-public/postfix/dist/src/postconf/extract.awk up to 1.1.1.6
external/ibm-public/postfix/dist/src/postconf/install_vars.h up to 1.2
external/ibm-public/postfix/dist/src/postconf/postconf.c up to 1.4
external/ibm-public/postfix/dist/src/postconf/postconf.h up to 1.4
external/ibm-public/postfix/dist/src/postconf/postconf_builtin.c up to 1.4
external/ibm-public/postfix/dist/src/postconf/postconf_dbms.c up to 1.5
external/ibm-public/postfix/dist/src/postconf/postconf_edit.c up to 1.3
external/ibm-public/postfix/dist/src/postconf/postconf_lookup.c up to 1.4
external/ibm-public/postfix/dist/src/postconf/postconf_main.c up to 1.4
external/ibm-public/postfix/dist/src/postconf/postconf_master.c up to 1.8
external/ibm-public/postfix/dist/src/postconf/postconf_misc.c up to 1.3
external/ibm-public/postfix/dist/src/postconf/postconf_user.c up to 1.4
external/ibm-public/postfix/dist/src/postconf/test28.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/postconf/test29.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/postconf/test34.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/postconf/test35.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/postconf/test40.ref up to 1.1.1.4
external/ibm-public/postfix/dist/src/postconf/test41.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/postconf/test42.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/postconf/test43.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/postconf/test44.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/postconf/test58.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/postconf/test59.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/postdrop/Makefile.in up to 1.1.1.5
external/ibm-public/postfix/dist/src/postdrop/postdrop.c up to 1.4
external/ibm-public/postfix/dist/src/postfix/Makefile.in up to 1.1.1.5
external/ibm-public/postfix/dist/src/postfix/postfix.c up to 1.6
external/ibm-public/postfix/dist/src/postkick/Makefile.in up to 1.1.1.4
external/ibm-public/postfix/dist/src/postkick/postkick.c up to 1.4
external/ibm-public/postfix/dist/src/postlock/Makefile.in up to 1.1.1.4
external/ibm-public/postfix/dist/src/postlock/postlock.c up to 1.4
external/ibm-public/postfix/dist/src/postlog/Makefile.in up to 1.1.1.5
external/ibm-public/postfix/dist/src/postlog/postlog.c up to 1.5
external/ibm-public/postfix/dist/src/postmap/Makefile.in up to 1.1.1.7
external/ibm-public/postfix/dist/src/postmap/fail_test.in up to 1.1.1.2
external/ibm-public/postfix/dist/src/postmap/fail_test.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/postmap/postmap.c up to 1.5
external/ibm-public/postfix/dist/src/postmulti/Makefile.in up to 1.1.1.4
external/ibm-public/postfix/dist/src/postmulti/postmulti.c up to 1.4
external/ibm-public/postfix/dist/src/postqueue/Makefile.in up to 1.1.1.5
external/ibm-public/postfix/dist/src/postqueue/postqueue.c up to 1.5
external/ibm-public/postfix/dist/src/postqueue/showq_compat.c up to 1.4
external/ibm-public/postfix/dist/src/postqueue/showq_json.c up to 1.4
external/ibm-public/postfix/dist/src/postscreen/Makefile.in up to 1.1.1.7
external/ibm-public/postfix/dist/src/postscreen/postscreen.c up to 1.5
external/ibm-public/postfix/dist/src/postscreen/postscreen.h up to 1.4
external/ibm-public/postfix/dist/src/postscreen/postscreen_dnsbl.c up to 1.4
external/ibm-public/postfix/dist/src/postscreen/postscreen_early.c up to 1.4
external/ibm-public/postfix/dist/src/postscreen/postscreen_endpt.c up to 1.4
external/ibm-public/postfix/dist/src/postscreen/postscreen_haproxy.c up to 1.3
external/ibm-public/postfix/dist/src/postscreen/postscreen_haproxy.h up to 1.2
external/ibm-public/postfix/dist/src/postscreen/postscreen_misc.c up to 1.4
external/ibm-public/postfix/dist/src/postscreen/postscreen_send.c up to 1.3
external/ibm-public/postfix/dist/src/postscreen/postscreen_smtpd.c up to 1.5
external/ibm-public/postfix/dist/src/postscreen/postscreen_starttls.c up to 1.4
external/ibm-public/postfix/dist/src/postscreen/postscreen_state.c up to 1.4
external/ibm-public/postfix/dist/src/postscreen/postscreen_tests.c up to 1.4
external/ibm-public/postfix/dist/src/postsuper/Makefile.in up to 1.1.1.4
external/ibm-public/postfix/dist/src/postsuper/postsuper.c up to 1.4
external/ibm-public/postfix/dist/src/posttls-finger/Makefile.in up to 1.1.1.4
external/ibm-public/postfix/dist/src/posttls-finger/posttls-finger.c up to 1.5
external/ibm-public/postfix/dist/src/proxymap/Makefile.in up to 1.1.1.6
external/ibm-public/postfix/dist/src/proxymap/proxymap.c up to 1.4
external/ibm-public/postfix/dist/src/qmgr/Makefile.in up to 1.1.1.5
external/ibm-public/postfix/dist/src/qmgr/qmgr.c up to 1.3
external/ibm-public/postfix/dist/src/qmgr/qmgr.h up to 1.3
external/ibm-public/postfix/dist/src/qmgr/qmgr_active.c up to 1.3
external/ibm-public/postfix/dist/src/qmgr/qmgr_deliver.c up to 1.3
external/ibm-public/postfix/dist/src/qmgr/qmgr_entry.c up to 1.3
external/ibm-public/postfix/dist/src/qmgr/qmgr_error.c up to 1.2
external/ibm-public/postfix/dist/src/qmgr/qmgr_feedback.c up to 1.2
external/ibm-public/postfix/dist/src/qmgr/qmgr_message.c up to 1.4
external/ibm-public/postfix/dist/src/qmqpd/Makefile.in up to 1.1.1.6
external/ibm-public/postfix/dist/src/qmqpd/qmqpd.c up to 1.4
external/ibm-public/postfix/dist/src/qmqpd/qmqpd_peer.c up to 1.3
external/ibm-public/postfix/dist/src/scache/Makefile.in up to 1.1.1.3
external/ibm-public/postfix/dist/src/scache/scache.c up to 1.4
external/ibm-public/postfix/dist/src/sendmail/Makefile.in up to 1.1.1.4
external/ibm-public/postfix/dist/src/sendmail/sendmail.c up to 1.4
external/ibm-public/postfix/dist/src/showq/Makefile.in up to 1.1.1.3
external/ibm-public/postfix/dist/src/showq/showq.c up to 1.5
external/ibm-public/postfix/dist/src/smtp/Makefile.in up to 1.1.1.10
external/ibm-public/postfix/dist/src/smtp/lmtp_params.c up to 1.5
external/ibm-public/postfix/dist/src/smtp/smtp.c up to 1.13
external/ibm-public/postfix/dist/src/smtp/smtp.h up to 1.5
external/ibm-public/postfix/dist/src/smtp/smtp_addr.c up to 1.5
external/ibm-public/postfix/dist/src/smtp/smtp_addr.h up to 1.3
external/ibm-public/postfix/dist/src/smtp/smtp_chat.c up to 1.4
external/ibm-public/postfix/dist/src/smtp/smtp_connect.c up to 1.5
external/ibm-public/postfix/dist/src/smtp/smtp_key.c up to 1.3
external/ibm-public/postfix/dist/src/smtp/smtp_map11.c up to 1.3
external/ibm-public/postfix/dist/src/smtp/smtp_map11.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/smtp/smtp_params.c up to 1.5
external/ibm-public/postfix/dist/src/smtp/smtp_proto.c up to 1.5
external/ibm-public/postfix/dist/src/smtp/smtp_rcpt.c up to 1.3
external/ibm-public/postfix/dist/src/smtp/smtp_reuse.c up to 1.4
external/ibm-public/postfix/dist/src/smtp/smtp_sasl_auth_cache.c up to 1.3
external/ibm-public/postfix/dist/src/smtp/smtp_sasl_glue.c up to 1.3
external/ibm-public/postfix/dist/src/smtp/smtp_sasl_proto.c up to 1.3
external/ibm-public/postfix/dist/src/smtp/smtp_session.c up to 1.5
external/ibm-public/postfix/dist/src/smtp/smtp_state.c up to 1.3
external/ibm-public/postfix/dist/src/smtp/smtp_tls_policy.c up to 1.4
external/ibm-public/postfix/dist/src/smtp/smtp_trouble.c up to 1.3
external/ibm-public/postfix/dist/src/smtpd/Makefile.in up to 1.1.1.11
external/ibm-public/postfix/dist/src/smtpd/pfilter.c up to 1.2 (+patch)
external/ibm-public/postfix/dist/src/smtpd/smtpd.c up to 1.20
external/ibm-public/postfix/dist/src/smtpd/smtpd.h up to 1.5
external/ibm-public/postfix/dist/src/smtpd/smtpd_acl.in up to 1.1.1.2
external/ibm-public/postfix/dist/src/smtpd/smtpd_acl.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/smtpd/smtpd_chat.c up to 1.4
external/ibm-public/postfix/dist/src/smtpd/smtpd_chat.h up to 1.3
external/ibm-public/postfix/dist/src/smtpd/smtpd_check.c up to 1.6
external/ibm-public/postfix/dist/src/smtpd/smtpd_check.h up to 1.3
external/ibm-public/postfix/dist/src/smtpd/smtpd_check.in up to 1.1.1.3
external/ibm-public/postfix/dist/src/smtpd/smtpd_check.in2 up to 1.1.1.3
external/ibm-public/postfix/dist/src/smtpd/smtpd_check.in3 up to 1.1.1.2
external/ibm-public/postfix/dist/src/smtpd/smtpd_check.ref up to 1.1.1.5
external/ibm-public/postfix/dist/src/smtpd/smtpd_check.ref2 up to 1.1.1.3
external/ibm-public/postfix/dist/src/smtpd/smtpd_check_backup.in up to 1.1.1.3
external/ibm-public/postfix/dist/src/smtpd/smtpd_check_backup.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/smtpd/smtpd_check_dsn.in up to 1.1.1.2
external/ibm-public/postfix/dist/src/smtpd/smtpd_check_dsn.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/smtpd/smtpd_dns_filter.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/smtpd/smtpd_dnswl.in up to 1.1.1.4
external/ibm-public/postfix/dist/src/smtpd/smtpd_dnswl.ref up to 1.1.1.4
external/ibm-public/postfix/dist/src/smtpd/smtpd_error.in up to 1.1.1.2
external/ibm-public/postfix/dist/src/smtpd/smtpd_error.ref up to 1.1.1.4
external/ibm-public/postfix/dist/src/smtpd/smtpd_exp.in up to 1.1.1.3
external/ibm-public/postfix/dist/src/smtpd/smtpd_exp.ref up to 1.1.1.5
external/ibm-public/postfix/dist/src/smtpd/smtpd_expand.h up to 1.3
external/ibm-public/postfix/dist/src/smtpd/smtpd_haproxy.c up to 1.3
external/ibm-public/postfix/dist/src/smtpd/smtpd_milter.c up to 1.3
external/ibm-public/postfix/dist/src/smtpd/smtpd_nullmx.in up to 1.1.1.2
external/ibm-public/postfix/dist/src/smtpd/smtpd_nullmx.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/smtpd/smtpd_peer.c up to 1.5
external/ibm-public/postfix/dist/src/smtpd/smtpd_proxy.c up to 1.3
external/ibm-public/postfix/dist/src/smtpd/smtpd_resolve.c up to 1.3
external/ibm-public/postfix/dist/src/smtpd/smtpd_resolve.h up to 1.3
external/ibm-public/postfix/dist/src/smtpd/smtpd_sasl_glue.c up to 1.5
external/ibm-public/postfix/dist/src/smtpd/smtpd_sasl_proto.c up to 1.3
external/ibm-public/postfix/dist/src/smtpd/smtpd_server.in up to 1.1.1.4
external/ibm-public/postfix/dist/src/smtpd/smtpd_server.ref up to 1.1.1.4
external/ibm-public/postfix/dist/src/smtpd/smtpd_state.c up to 1.2
external/ibm-public/postfix/dist/src/smtpstone/Makefile.in up to 1.1.1.5
external/ibm-public/postfix/dist/src/smtpstone/smtp-sink.c up to 1.3
external/ibm-public/postfix/dist/src/smtpstone/smtp-source.c up to 1.3
external/ibm-public/postfix/dist/src/spawn/Makefile.in up to 1.1.1.5
external/ibm-public/postfix/dist/src/spawn/spawn.c up to 1.4
external/ibm-public/postfix/dist/src/tls/Makefile.in up to 1.1.1.10
external/ibm-public/postfix/dist/src/tls/tls.h up to 1.5
external/ibm-public/postfix/dist/src/tls/tls_bio_ops.c up to 1.1.1.6
external/ibm-public/postfix/dist/src/tls/tls_certkey.c up to 1.4
external/ibm-public/postfix/dist/src/tls/tls_client.c up to 1.13
external/ibm-public/postfix/dist/src/tls/tls_dane.c up to 1.5
external/ibm-public/postfix/dist/src/tls/tls_dh.c up to 1.5
external/ibm-public/postfix/dist/src/tls/tls_fprint.c up to 1.4
external/ibm-public/postfix/dist/src/tls/tls_mgr.c up to 1.4
external/ibm-public/postfix/dist/src/tls/tls_misc.c up to 1.5
external/ibm-public/postfix/dist/src/tls/tls_proxy.h up to 1.4
external/ibm-public/postfix/dist/src/tls/tls_proxy_clnt.c up to 1.4
external/ibm-public/postfix/dist/src/tls/tls_rsa.c up to 1.4
external/ibm-public/postfix/dist/src/tls/tls_scache.c up to 1.4
external/ibm-public/postfix/dist/src/tls/tls_server.c up to 1.12
external/ibm-public/postfix/dist/src/tls/tls_session.c up to 1.3
external/ibm-public/postfix/dist/src/tls/tls_verify.c up to 1.4
external/ibm-public/postfix/dist/src/tlsmgr/Makefile.in up to 1.1.1.6
external/ibm-public/postfix/dist/src/tlsmgr/tlsmgr.c up to 1.4
external/ibm-public/postfix/dist/src/tlsproxy/Makefile.in up to 1.1.1.4
external/ibm-public/postfix/dist/src/tlsproxy/tlsproxy.c up to 1.6
external/ibm-public/postfix/dist/src/tlsproxy/tlsproxy.h up to 1.2
external/ibm-public/postfix/dist/src/tlsproxy/tlsproxy_state.c up to 1.3
external/ibm-public/postfix/dist/src/trivial-rewrite/Makefile.in up to 1.1.1.5
external/ibm-public/postfix/dist/src/trivial-rewrite/resolve.c up to 1.4
external/ibm-public/postfix/dist/src/trivial-rewrite/rewrite.c up to 1.3
external/ibm-public/postfix/dist/src/trivial-rewrite/transport.c up to 1.4
external/ibm-public/postfix/dist/src/trivial-rewrite/trivial-rewrite.c up to 1.4
external/ibm-public/postfix/dist/src/trivial-rewrite/trivial-rewrite.h up to 1.3
external/ibm-public/postfix/dist/src/util/Makefile.in up to 1.1.1.11
external/ibm-public/postfix/dist/src/util/allascii.c up to 1.3
external/ibm-public/postfix/dist/src/util/alldig.c up to 1.2
external/ibm-public/postfix/dist/src/util/argv.c up to 1.4
external/ibm-public/postfix/dist/src/util/argv.h up to 1.4
external/ibm-public/postfix/dist/src/util/attr.h up to 1.5
external/ibm-public/postfix/dist/src/util/attr_clnt.c up to 1.3
external/ibm-public/postfix/dist/src/util/attr_clnt.h up to 1.3
external/ibm-public/postfix/dist/src/util/attr_print0.c up to 1.3
external/ibm-public/postfix/dist/src/util/attr_print64.c up to 1.3
external/ibm-public/postfix/dist/src/util/attr_print_plain.c up to 1.3
external/ibm-public/postfix/dist/src/util/attr_scan0.c up to 1.3
external/ibm-public/postfix/dist/src/util/attr_scan0.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/util/attr_scan64.c up to 1.3
external/ibm-public/postfix/dist/src/util/attr_scan64.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/util/attr_scan_plain.c up to 1.3
external/ibm-public/postfix/dist/src/util/attr_scan_plain.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/util/auto_clnt.c up to 1.4
external/ibm-public/postfix/dist/src/util/auto_clnt.h up to 1.2
external/ibm-public/postfix/dist/src/util/base32_code.h up to 1.3
external/ibm-public/postfix/dist/src/util/base64_code.h up to 1.3
external/ibm-public/postfix/dist/src/util/binhash.c up to 1.3
external/ibm-public/postfix/dist/src/util/binhash.h up to 1.3
external/ibm-public/postfix/dist/src/util/casefold.c up to 1.3
external/ibm-public/postfix/dist/src/util/check_arg.h up to 1.3
external/ibm-public/postfix/dist/src/util/cidr_match.c up to 1.4
external/ibm-public/postfix/dist/src/util/cidr_match.h up to 1.2
external/ibm-public/postfix/dist/src/util/clean_env.c up to 1.3
external/ibm-public/postfix/dist/src/util/clean_env.h up to 1.2
external/ibm-public/postfix/dist/src/util/connect.h up to 1.2
external/ibm-public/postfix/dist/src/util/dict.c up to 1.4
external/ibm-public/postfix/dist/src/util/dict.h up to 1.5
external/ibm-public/postfix/dist/src/util/dict_alloc.c up to 1.3
external/ibm-public/postfix/dist/src/util/dict_cache.c up to 1.4
external/ibm-public/postfix/dist/src/util/dict_cdb.c up to 1.3
external/ibm-public/postfix/dist/src/util/dict_cdb.h up to 1.2
external/ibm-public/postfix/dist/src/util/dict_cidr.c up to 1.5
external/ibm-public/postfix/dist/src/util/dict_cidr.in up to 1.1.1.2
external/ibm-public/postfix/dist/src/util/dict_cidr.map up to 1.1.1.2
external/ibm-public/postfix/dist/src/util/dict_cidr.ref up to 1.1.1.4
external/ibm-public/postfix/dist/src/util/dict_db.c up to 1.4
external/ibm-public/postfix/dist/src/util/dict_db.h up to 1.4
external/ibm-public/postfix/dist/src/util/dict_dbm.h up to 1.2
external/ibm-public/postfix/dist/src/util/dict_fail.c up to 1.2
external/ibm-public/postfix/dist/src/util/dict_fail.h up to 1.2
external/ibm-public/postfix/dist/src/util/dict_inline.c up to 1.4
external/ibm-public/postfix/dist/src/util/dict_lmdb.c up to 1.4
external/ibm-public/postfix/dist/src/util/dict_lmdb.h up to 1.3
external/ibm-public/postfix/dist/src/util/dict_open.c up to 1.4
external/ibm-public/postfix/dist/src/util/dict_pcre.c up to 1.5
external/ibm-public/postfix/dist/src/util/dict_pcre.in up to 1.1.1.2
external/ibm-public/postfix/dist/src/util/dict_pcre.map up to 1.1.1.3
external/ibm-public/postfix/dist/src/util/dict_pcre.ref up to 1.1.1.4
external/ibm-public/postfix/dist/src/util/dict_random.c up to 1.4
external/ibm-public/postfix/dist/src/util/dict_random.h up to 1.3
external/ibm-public/postfix/dist/src/util/dict_regexp.c up to 1.5
external/ibm-public/postfix/dist/src/util/dict_regexp.map up to 1.1.1.2
external/ibm-public/postfix/dist/src/util/dict_regexp.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/util/dict_sdbm.h up to 1.2
external/ibm-public/postfix/dist/src/util/dict_static.c up to 1.4
external/ibm-public/postfix/dist/src/util/dict_thash.c up to 1.4
external/ibm-public/postfix/dist/src/util/dict_thash.map up to 1.1.1.3
external/ibm-public/postfix/dist/src/util/dict_union.c up to 1.3
external/ibm-public/postfix/dist/src/util/dict_utf8.c up to 1.3
external/ibm-public/postfix/dist/src/util/dict_utf8_test.in up to 1.1.1.2
external/ibm-public/postfix/dist/src/util/dup2_pass_on_exec.c up to 1.2
external/ibm-public/postfix/dist/src/util/edit_file.c up to 1.4
external/ibm-public/postfix/dist/src/util/edit_file.h up to 1.3
external/ibm-public/postfix/dist/src/util/extpar.c up to 1.4
external/ibm-public/postfix/dist/src/util/find_inet.c up to 1.3
external/ibm-public/postfix/dist/src/util/gccw.c up to 1.2
external/ibm-public/postfix/dist/src/util/hex_code.c up to 1.3
external/ibm-public/postfix/dist/src/util/hex_code.h up to 1.4
external/ibm-public/postfix/dist/src/util/hex_quote.c up to 1.2
external/ibm-public/postfix/dist/src/util/host_port.h up to 1.3
external/ibm-public/postfix/dist/src/util/htable.c up to 1.4
external/ibm-public/postfix/dist/src/util/inet_addr_host.c up to 1.3
external/ibm-public/postfix/dist/src/util/inet_addr_list.in up to 1.1.1.2
external/ibm-public/postfix/dist/src/util/inet_addr_list.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/util/inet_connect.c up to 1.3
external/ibm-public/postfix/dist/src/util/inet_listen.c up to 1.3
external/ibm-public/postfix/dist/src/util/inet_proto.c up to 1.4
external/ibm-public/postfix/dist/src/util/inet_proto.h up to 1.2
external/ibm-public/postfix/dist/src/util/killme_after.c up to 1.2
external/ibm-public/postfix/dist/src/util/listen.h up to 1.3
external/ibm-public/postfix/dist/src/util/load_lib.c up to 1.3
external/ibm-public/postfix/dist/src/util/lstat_as.h up to 1.3
external/ibm-public/postfix/dist/src/util/mac_expand.c up to 1.4
external/ibm-public/postfix/dist/src/util/mac_expand.h up to 1.4
external/ibm-public/postfix/dist/src/util/mac_expand.in up to 1.1.1.4
external/ibm-public/postfix/dist/src/util/mac_expand.ref up to 1.1.1.4
external/ibm-public/postfix/dist/src/util/mac_parse.h up to 1.3
external/ibm-public/postfix/dist/src/util/make_dirs.c up to 1.2
external/ibm-public/postfix/dist/src/util/match_list.c up to 1.3
external/ibm-public/postfix/dist/src/util/match_ops.c up to 1.3
external/ibm-public/postfix/dist/src/util/midna_domain.c up to 1.4
external/ibm-public/postfix/dist/src/util/midna_domain.h up to 1.4
external/ibm-public/postfix/dist/src/util/midna_domain_test.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/util/msg_output.c up to 1.4
external/ibm-public/postfix/dist/src/util/msg_output.h up to 1.3
external/ibm-public/postfix/dist/src/util/msg_syslog.c up to 1.2
external/ibm-public/postfix/dist/src/util/msg_syslog.h up to 1.3
external/ibm-public/postfix/dist/src/util/mvect.c up to 1.3
external/ibm-public/postfix/dist/src/util/myaddrinfo.c up to 1.3
external/ibm-public/postfix/dist/src/util/myaddrinfo.h up to 1.3
external/ibm-public/postfix/dist/src/util/myaddrinfo.ref up to 1.1.1.5
external/ibm-public/postfix/dist/src/util/myaddrinfo4.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/util/myflock.c up to 1.3
external/ibm-public/postfix/dist/src/util/myflock.h up to 1.3
external/ibm-public/postfix/dist/src/util/mymalloc.c up to 1.4
external/ibm-public/postfix/dist/src/util/mymalloc.h up to 1.4
external/ibm-public/postfix/dist/src/util/mystrtok.c up to 1.4
external/ibm-public/postfix/dist/src/util/name_mask.c up to 1.3
external/ibm-public/postfix/dist/src/util/nbbio.c up to 1.3
external/ibm-public/postfix/dist/src/util/netstring.c up to 1.3
external/ibm-public/postfix/dist/src/util/peekfd.c up to 1.3
external/ibm-public/postfix/dist/src/util/printable.c up to 1.3
external/ibm-public/postfix/dist/src/util/recv_pass_attr.c up to 1.3
external/ibm-public/postfix/dist/src/util/sane_fsops.h up to 1.3
external/ibm-public/postfix/dist/src/util/sane_link.c up to 1.2
external/ibm-public/postfix/dist/src/util/sane_rename.c up to 1.2
external/ibm-public/postfix/dist/src/util/sane_socketpair.h up to 1.3
external/ibm-public/postfix/dist/src/util/slmdb.c up to 1.4
external/ibm-public/postfix/dist/src/util/sock_addr.c up to 1.3
external/ibm-public/postfix/dist/src/util/sock_addr.h up to 1.2
external/ibm-public/postfix/dist/src/util/split_nameval.c up to 1.2
external/ibm-public/postfix/dist/src/util/stat_as.h up to 1.3
external/ibm-public/postfix/dist/src/util/stringops.h up to 1.5
external/ibm-public/postfix/dist/src/util/sys_compat.c up to 1.3
external/ibm-public/postfix/dist/src/util/sys_defs.h up to 1.14
external/ibm-public/postfix/dist/src/util/timed_wait.h up to 1.3
external/ibm-public/postfix/dist/src/util/unix_pass_fd_fix.c up to 1.2
external/ibm-public/postfix/dist/src/util/unix_send_fd.c up to 1.8
external/ibm-public/postfix/dist/src/util/unsafe.c up to 1.2
external/ibm-public/postfix/dist/src/util/valid_hostname.c up to 1.3
external/ibm-public/postfix/dist/src/util/valid_hostname.h up to 1.2
external/ibm-public/postfix/dist/src/util/vbuf.c up to 1.3
external/ibm-public/postfix/dist/src/util/vbuf_print.c up to 1.4
external/ibm-public/postfix/dist/src/util/vstream.c up to 1.4
external/ibm-public/postfix/dist/src/util/vstream.h up to 1.4
external/ibm-public/postfix/dist/src/util/vstream_tweak.c up to 1.3
external/ibm-public/postfix/dist/src/util/vstring.c up to 1.4
external/ibm-public/postfix/dist/src/util/vstring.h up to 1.4
external/ibm-public/postfix/dist/src/util/vstring_vstream.c up to 1.2
external/ibm-public/postfix/dist/src/util/vstring_vstream.h up to 1.3
external/ibm-public/postfix/dist/src/util/watchdog.c up to 1.3
external/ibm-public/postfix/dist/src/verify/Makefile.in up to 1.1.1.6
external/ibm-public/postfix/dist/src/verify/verify.c up to 1.4
external/ibm-public/postfix/dist/src/virtual/Makefile.in up to 1.1.1.5
external/ibm-public/postfix/dist/src/virtual/mailbox.c up to 1.3
external/ibm-public/postfix/dist/src/virtual/virtual.c up to 1.4
external/ibm-public/postfix/dist/src/xsasl/Makefile.in up to 1.1.1.4
external/ibm-public/postfix/dist/src/xsasl/xsasl.h up to 1.3
external/ibm-public/postfix/dist/src/xsasl/xsasl_cyrus_client.c up to 1.3
external/ibm-public/postfix/dist/src/xsasl/xsasl_cyrus_server.c up to 1.4
external/ibm-public/postfix/dist/src/xsasl/xsasl_dovecot_server.c up to 1.4
external/ibm-public/postfix/dist/src/xsasl/xsasl_saslc_client.c up to 1.2
external/ibm-public/postfix/dist/src/xsasl/xsasl_server.c up to 1.2
external/ibm-public/postfix/lib/dns/Makefile up to 1.4
external/ibm-public/postfix/lib/global/Makefile up to 1.10
external/ibm-public/postfix/lib/masterlib/Makefile up to 1.3
external/ibm-public/postfix/lib/milter/Makefile up to 1.2
external/ibm-public/postfix/lib/tls/Makefile up to 1.4
external/ibm-public/postfix/lib/util/Makefile up to 1.11
external/ibm-public/postfix/lib/xsasl/Makefile up to 1.3
external/ibm-public/postfix/libexec/smtp/Makefile up to 1.4
external/ibm-public/postfix/libexec/smtpd/Makefile up to 1.9 (+patch)
external/ibm-public/postfix/libexec/tlsproxy/Makefile up to 1.2
external/ibm-public/postfix/sbin/postconf/Makefile up to 1.9
doc/3RDPARTY (apply patch)
Update Postfix to 3.8.4.
@
text
@d10 1
a10 2
d58 1
a58 1
anti-spammer denylists. See, for example, the information on
d90 2
a91 2
Denylist oriented: some SMTP server access controls
query denylists with known to be bad sites such as open mail
d94 1
a94 1
effectiveness of these denylists depends on how complete and how
d190 6
a208 6
# Relay control (Postfix 2.10 and later): local clients and
# authenticated clients may specify any destination domain.
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
d221 2
a222 3
allowlisting; the smtpd_relay_restrictions example above allows mail from local
networks, and from SASL authenticated clients, but otherwise rejects mail
to arbitrary destinations.
d249 2
a250 2
smtpd_recipient_restrictions
≥
2.10
Required if smtpd_relay_restrictions does not enforce
d254 2
a255 1
< 2.10
Required
d257 2
a258 2
smtpd_relay_restrictions
≥ 2.10
Required if smtpd_recipient_restrictions does not enforce
d262 1
a262 2
< 2.10
Not available
d323 1
a323 1
Mixing is needed for complex allowlisting policies. For
@
1.1.1.3.12.1
log
@Merge changes from current as of 20200406
@
text
@d190 6
a208 6
# Relay control (Postfix 2.10 and later): local clients and
# authenticated clients may specify any destination domain.
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
d249 2
a250 2
smtpd_recipient_restrictions
≥
2.10
Required if smtpd_relay_restrictions does not enforce
d254 2
a255 1
< 2.10
Required
d257 2
a258 2
smtpd_relay_restrictions
≥ 2.10
Required if smtpd_recipient_restrictions does not enforce
d262 1
a262 2
< 2.10
Not available
@
1.1.1.4
log
@This is the Postfix 3.5 (stable) release.
The stable Postfix release is called postfix-3.5.x where 3=major
release number, 5=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-3.6-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 3.3 or earlier, read RELEASE_NOTES-3.4
before proceeding.
License change
---------------
This software is distributed with a dual license: in addition to the
historical IBM Public License 1.0, it is now also distributed with the
more recent Eclipse Public License 2.0. Recipients can choose to take
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
Major changes - multiple relayhost in SMTP
------------------------------------------
[Feature 20200111] the Postfix SMTP and LMTP client support a list
of nexthop destinations separated by comma or whitespace. These
destinations will be tried in the specified order.
The list form can be specified in relayhost, transport_maps,
default_transport, and sender_dependent_default_transport_maps.
Examples:
/etc/postfix/main.cf:
relayhost = foo.example, bar.example
default_transport = smtp:foo.example, bar.example.
NOTE: this is an SMTP and LMTP client feature. It does not work for
other Postfix delivery agents.
Major changes - certificate access
----------------------------------
[Feature 20190517] Search order support for check_ccert_access.
Search order support for other tables is in design (canonical_maps,
virtual_alias_maps, transport_maps, etc.).
The following check_ccert_access setting uses the built-in search
order: it first looks up the client certificate fingerprint, then
the client certificate public-key fingerprint, and it stops when a
decision is made.
/etc/postfix/main.cf:
smtpd_mumble_restrictions =
...
check_ccert_access hash:/etc/postfix/ccert-access
...
The following setting, with explicit search order, produces the
exact same result:
/etc/postfix/main.cf:
smtpd_mumble_restrictions =
...
check_ccert_access {
hash:/etc/postfix/ccert-access {
search_order = cert_fingerprint, pubkey_fingerprint } }
...
Support is planned for other certificate features.
Major changes - dovecot usability
---------------------------------
[Feature 20190615] The SMTP+LMTP delivery agent can now prepend
Delivered-To, X-Original-To and Return-Path headers, just like the
pipe(8) and local(8) delivery agents.
This uses the "flags=DORX" command-line flags in master.cf. See the
smtp(8) manpage for details.
This obsoletes the "lmtp_assume_final = yes" setting, and replaces
it with "flags=...X...", for consistency with the pipe(8) delivery
agent.
Major changes - forced expiration
---------------------------------
[Feature 20200202] Support to force-expire email messages. This
introduces new postsuper(1) command-line options to request expiration,
and additional information in mailq(1) or postqueue(1) output.
The forced-to-expire status is stored in a queue file attribute.
An expired message is returned to the sender when the queue manager
attempts to deliver that message (note that Postfix will never
deliver messages in the hold queue).
The postsuper(1) -e and -f options both set the forced-to-expire
queue file attribute. The difference is that -f will also release
a message if it is in the hold queue. With -e, such a message would
not be returned to the sender until it is released with -f or -H.
In the mailq(1) or postqueue(1) -p output, a forced-to-expire message
is indicated with # after the queue file name. In postqueue(1) JSON
output, there is a new per-message field "forced_expire" (with value
true or false) that shows the forced-to-expire status.
Major changes - haproxy2 protocol
---------------------------------
[Feature 20200112] Support for the haproxy v2 protocol. The Postfix
implementation supports TCP over IPv4 and IPv6, as well as non-proxied
connections; the latter are typically used for heartbeat tests.
The haproxy v2 protocol introduces no additional Postfix configuration.
The Postfix smtpd(8) and postscreen(8) daemons accept both v1 and
v2 protocol versions.
Major changes - logging
-----------------------
[Incompat 20191109] Postfix daemon processes now log the from= and
to= addresses in external (quoted) form in non-debug logging (info,
warning, etc.). This means that when an address localpart contains
spaces or other special characters, the localpart will be quoted,
for example:
from=<"name with spaces"@@example.com>
Older Postfix versions would log the internal (unquoted) form:
from=
The external and internal forms are identical for the vast majority
of email addresses that contain no spaces or other special characters
in the localpart.
Specify "info_log_address_format = internal" for backwards
compatibility.
The logging in external form is consistent with the address form
that Postfix 3.2 and later prefer for table lookups. It is therefore
the more useful form for non-debug logging.
Major changes - IP address normalization
----------------------------------------
[Incompat 20190427] Postfix now normalizes IP addresses received
with XCLIENT, XFORWARD, or with the HaProxy protocol, for consistency
with direct connections to Postfix. This may change the appearance
of logging, and the way that check_client_access will match subnets
of an IPv6 address.
This is the Postfix 3.4 (stable) release.
The stable Postfix release is called postfix-3.4.x where 3=major
release number, 4=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-3.5-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 3.2 or earlier, read RELEASE_NOTES-3.3
before proceeding.
License change
---------------
This software is distributed with a dual license: in addition to the
historical IBM Public License 1.0, it is now also distributed with the
more recent Eclipse Public License 2.0. Recipients can choose to take
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
Summary of changes
------------------
Incompatible changes, bdat support, containers, database support,
logging, safety, tls connection pooling, tls support, usability,
Incompatible changes
--------------------
[Incompat 20180826] The Postfix SMTP server announces CHUNKING (BDAT
command) by default. In the unlikely case that this breaks some
important remote SMTP client, disable the feature as follows:
/etc/postfix/main.cf:
# The logging alternative:
smtpd_discard_ehlo_keywords = chunking
# The non-logging alternative:
smtpd_discard_ehlo_keywords = chunking, silent_discard
See BDAT_README for more.
[Incompat 20190126] This introduces a new master.cf service 'postlog'
with type 'unix-dgram' that is used by the new postlogd(8) daemon.
Before backing out to an older Postfix version, edit the master.cf
file and remove the postlog entry.
[Incompat 20190106] Postfix 3.4 drops support for OpenSSL 1.0.1
(end-of-life was December 31, 2016) and all earlier releases.
[Incompat 20180701] To avoid performance loss under load, the
tlsproxy(8) daemon now requires a zero process limit in master.cf
(this setting is provided with the default master.cf file). By
default, a tlsproxy(8) process will retire after several hours.
To set the tlsproxy process limit to zero:
# postconf -F tlsproxy/unix/process_limit=0
# postfix reload
Major changes - bdat support
--------------------
[Feature 20180826] Postfix SMTP server support for RFC 3030 CHUNKING
(the BDAT command) without BINARYMIME, in both smtpd(8) and
postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions,
and smtpd_proxy_filter. See BDAT_README for more.
Major changes - containers
--------------------------
[Feature 20190126] Support for logging to file or stdout, instead
of using syslog.
- Logging to file solves a usability problem for MacOS, and
eliminates multiple problems with systemd-based systems.
- Logging to stdout is useful when Postfix runs in a container, as
it eliminates a syslogd dependency.
See MAILLOG_README for configuration examples and logfile rotation.
[Feature 20180422] Better handling of undocumented(!) Linux behavior
whether or not signals are delivered to a PID=1 process.
Major changes - database support
--------------------------------
[Feature 20181105] Support for (key, list of filenames) in map
source text.
- Currently, this feature is used only by tls_server_sni_maps.
- When a map is created from source with "postmap -F maptype:mapname",
the command processes each key as usual and processes each value
as a list of filenames, concatenates the content of those files
(with one newline character in-between files), and stores an entry
with (key, base64-encoded result).
- When a map is queried with "postmap -F -q ...", the command
base64-decodes each value. It reports an error when a value is
not in base64 form.
This "postmap -F -q ..." behavior also works when querying the
memory-resident map types cidr:, inline:, pcre:, randmap:, regexp:,
and static:. Postfix reads the files specified as table values,
stores base64-encoded content, and base64-decodes content upon
table lookup.
Internally, Postfix will turn on this behavior for lookups (not
updates) when a map is opened with the DICT_FLAG_RHS_IS_FILE flag.
Major changes - logging
-----------------------
[Feature 20190126] Support for logging to file or stdout, instead
of using syslog.
- Logging to file solves a usability problem for MacOS, and
eliminates multiple problems with systemd-based systems.
- Logging to stdout is useful when Postfix runs in a container, as
it eliminates a syslogd dependency.
See MAILLOG_README for configuration examples and logfile rotation.
Major changes - safety
----------------------
[Feature 20180623] Automatic retirement: dnsblog(8) and tlsproxy(8) process
will now voluntarily retire after after max_idle*max_use, or some
sane limit if either limit is disabled. Without this, a process
could stay busy for days or more.
Major changes - tls connection pooling
--------------------------------------
[Feature 20180617] Postfix SMTP client support for multiple deliveries
per TLS-encrypted connection. This is primarily to improve mail
delivery performance for destinations that throttle clients when
they don't combine deliveries.
This feature is enabled with "smtp_tls_connection_reuse=yes" in
main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps.
It supports all Postfix TLS security levels including dane and
dane-only.
The implementation of TLS connection reuse relies on the same
scache(8) service as used for delivering plaintext SMTP mail, the
same tlsproxy(8) daemon as used by the postscreen(8) service for
inbound connections, and relies on the same hints from the qmgr(8)
daemon. It reuses the configuration parameters described in
CONNECTION_CACHE_README.
The Postfix SMTP client now logs whether an SMTP-over-TLS connection
is newly established ("TLS connection established") or whether the
connection is reused ("TLS connection reused").
The following illustrates how TLS connections are reused:
Initial plaintext SMTP handshake:
smtp(8) -> remote SMTP server
Reused SMTP/TLS connection, or new SMTP/TLS connection:
smtp(8) -> tlsproxy(8) -> remote SMTP server
Cached SMTP/TLS connection:
scache(8) -> tlsproxy(8) -> remote SMTP server
Major changes - tls support
---------------------------
[Feature 20190106] SNI support in the Postfix SMTP server, the
Postfix SMTP client, and in the tlsproxy(8) daemon (both server and
client roles). See the postconf(5) documentation for the new
tls_server_sni_maps and smtp_tls_servername parameters.
[Feature 20190106] Support for files that contain multiple (key,
certificate, trust chain) instances. This was required to implement
server-side SNI table lookups, but it also eliminates the need for
separate cert/key files for RSA, DSA, Elliptic Curve, and so on.
The file format is documented in the TLS_README sections "Server-side
certificate and private key configuration" and "Client-side certificate
and private key configuration", and in the postconf(5) documentation
for the parameters smtp_tls_chain_files, smtpd_tls_chain_files,
tlsproxy_client_chain_files, and tlsproxy_tls_chain_files.
Note: the command "postfix tls" does not yet support the new
consolidated certificate chain format. If you switch to the new
format, you'll need to manage your keys and certificates directly,
rather than via postfix-tls(1).
Major changes - usability
-------------------------
[Feature 20180812] Support for smtpd_reject_footer_maps (as well
as the postscreen variant postscreen_reject_footer_maps) for more
informative reject messages. This is indexed with the Postfix SMTP
server response text, and overrides the footer specified with
smtpd_reject_footer. One will want to use a pcre: or regexp: map
with this.
This is the Postfix 3.3 (stable) release.
The stable Postfix release is called postfix-3.3.x where 3=major
release number, 3=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-3.4-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 3.1 or earlier, read RELEASE_NOTES-3.2
before proceeding.
License change
---------------
This software is distributed with a dual license: in addition to the
historical IBM Public License 1.0, it is now also distributed with the
more recent Eclipse Public License 2.0. Recipients can choose to take
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
Major changes - compatibility safety net
----------------------------------------
[20180106] With compatibility_level < 1, the Postfix SMTP server
now warns for mail that would be blocked by the Postfix 2.10
smtpd_relay_restrictions feature, without blocking that mail. This
extends the compatibility safety net for sites that upgrade from
earlier Postfix versions (questions on the postfix-users list show
there is a steady trickle). See COMPATIBILITY_README for details.
Major changes - configuration
-----------------------------
[20170617] The postconf command now warns about unknown parameter
names in a Postfix database configuration file. As with other unknown
parameter names, these warnings can help to find typos early.
[20180113] New read-only service_name parameter that contains the
master.cf service name of a Postfix daemon process (it that is empty
in a non-daemon process). This can make Postfix SMTP server logging
logging distinct by setting the syslog_name in master.cf with "-o
syslog_name=postfix/$service_name" for the "submission" and "smtps"
services, and can make Postfix SMTP client distinct by setting "-o
syslog_name=postfix/$service_name" for the "relay" service.
Major changes - container support
---------------------------------
[20171218] Preliminary support to run Postfix in the foreground,
with "postfix start-fg". This requires that Postfix multi-instance
support is disabled. To receive Postfix syslog information on the
container's host, mount the host's /dev/log socket inside the
container (example: "docker run -v /dev/log:/dev/log ..."), and
specify a distinct Postfix "syslog_name" prefix that identifies the
logging from the Postfix instance. Postfix does not log systemd
events.
Major changes - database support
---------------------------------
[20170617] The postconf command warns about unknown parameter names
in a Postfix database configuration file.
[20171227] The pgsql_table(5) hosts parameter now supports the
postgresql:// URI syntax. Contributed by Magosányi Árpád.
Major changes - header format
-----------------------------
[20180010] This release changes the format of 'full name' information
in Postfix-generated From: headers, when a local program such as
/bin/mail submits a message without From: header.
Postfix-generated From: headers with 'full name' information are
now formatted as "From: name " by default. Specify
"header_from_format = obsolete" to get the earlier form "From:
address (name)". See the postconf(5) manpage for more details.
Major changes - invisible changes
---------------------------------
[20170617] Additional paranoia in the VSTRING implementation: a
null byte after the end of vstring buffers (this is a safety net
so that C-style string operations won't scribble past the end);
earlier detection of bad length and precision format string specifiers
(these are the result of programming error, as Postfix format strings
cannot be specified externally).
Major changes - milter support
------------------------------
[20171223] Milter applications can now send RET and ENVID parameters
in SMFIR_CHGFROM (change envelope sender) requests.
Major changes - mixed IPv6/IPv4 support
---------------------------------------
[20170505] Workaround for mail delivery problems when 1) both Postfix
IPv6 and IPv4 support are enabled, 2) some destination announces
more primary IPv6 MX addresses than primary IPv4 MX addresses, 3)
the destination is unreachable over IPv6, and 4) Postfix runs into
the smtp_mx_address_limit before it can try to deliver over IPv4.
When both Postfix IPv6 and IPv4 support are enabled, the Postfix
SMTP client will now relax MX preferences so that it can schedule
similar numbers of IPv4 and IPv6 destination addresses. This ensures
that an IPv6 connectivity problem will not prevent mail from being
delivered over IPv4 (and vice versa). Specify "smtp_balance_inet_protocols
= no" to disable this workaround.
Major changes - xclient
-----------------------
[20171218] The Postfix SMTP server now allows the XCLIENT command
before STARTTLS when TLS is required. This is useful for servers
that run behind a reverse proxy server such as nginx.
This is the Postfix 3.2 (stable) release.
The stable Postfix release is called postfix-3.2.x where 3=major
release number, 2=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-3.3-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 3.0 or earlier, read RELEASE_NOTES-3.1
before proceeding.
Invisible changes
-----------------
In addition to the visible changes described below, there is an
ongoing overhaul of low-level code. With each change come updated
tests to ensure that future changes will not 'break' compatibility
with past behavior.
Major changes - address mapping
-------------------------------
[Feature 20170128] Postfix 3.2 fixes the handling of address
extensions with email addresses that contain spaces. For example,
the virtual_alias_maps, canonical_maps, and smtp_generic_maps
features now correctly propagate an address extension from "aa
bb+ext"@@example.com to "cc dd+ext"@@other.example, instead of
producing broken output.
Major changes - header/body_checks
----------------------------------
[Feature 20161008] "PASS" and "STRIP" actions in header/body_checks.
"STRIP" is similar to "IGNORE" but also logs the action, and "PASS"
disables header, body, and Milter inspection for the remainder of
the message content. Contributed by Hobbit.
Major changes - log analysis
----------------------------
[Feature 20160330] The collate.pl script by Viktor Dukhovni for
grouping Postfix logfile records into "sessions" based on queue ID
and process ID information. It's in the auxiliary/collate directory
of the Postfix source tree.
Major changes - maps support
----------------------------
[Feature 20160527] Postfix 3.2 cidr tables support if/endif and
negation (by prepending ! to a pattern), just like regexp and pcre
tables. The primarily purpose is to improve readability of complex
tables. See the cidr_table(5) manpage for syntax details.
[Incompat 20160925] In the Postfix MySQL database client, the default
option_group value has changed to "client", to enable reading of
"client" option group settings in the MySQL options file. This fixes
a "not found" problem with Postfix queries that contain UTF8-encoded
non-ASCII text. Specify an empty option_group value (option_group
=) to get backwards-compatible behavior.
[Feature 20161217] Stored-procedure support for MySQL databases.
Contributed by John Fawcett. See mysql_table(5) for instructions.
[Feature 20170128] The postmap command, and the inline: and texthash:
maps now support spaces in left-hand field of the lookup table
"source text". Use double quotes (") around a left-hand field that
contains spaces, and use backslash (\) to protect embedded quotes
in a left-hand field. There is no change in the processing of the
right-hand field.
Major changes - milter support
------------------------------
[Feature 20160611] The Postfix SMTP server local IP address and
port are available in the policy delegation protocol (attribute
names: server_address, server_port), in the Milter protocol (macro
names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol
(attribute names: DESTADDR, DESTPORT).
[Feature 20161024] smtpd_milter_maps support for per-client Milter
configuration that overrides smtpd_milters, and that has the same
syntax. A lookup result of "DISABLE" turns off Milter support. See
MILTER_README.html for details.
Major changes - policy delegation
---------------------------------
[Feature 20160611] The Postfix SMTP server local IP address and
port are available in the policy delegation protocol (attribute
names: server_address, server_port), in the Milter protocol (macro
names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol
(attribute names: DESTADDR, DESTPORT).
Major changes - postqueue
-------------------------
[Incompat 20170129] The postqueue command no longer forces all
message arrival times to be reported in UTC. To get the old behavior,
set TZ=UTC in main.cf:import_environment (this override is not
recommended, as it affects all Postfix utities and daemons).
Major changes - safety
----------------------
[Incompat 20161227] For safety reasons, the sendmail -C option must
specify an authorized directory: the default configuration directory,
a directory that is listed in the default main.cf file with
alternate_config_directories or multi_instance_directories, or the
command must be invoked with root privileges (UID 0 and EUID 0).
This mitigates a recurring problem with the PHP mail() function.
Major changes - sasl
--------------------
[Feature 20160625] The Postfix SMTP server now passes remote client
and local server network address and port information to the Cyrus
SASL library. Build with ``make makefiles "CCARGS=$CCARGS
-DNO_IP_CYRUS_SASL_AUTH"'' for backwards compatibility.
Major changes - smtputf8
------------------------
[Feature 20161103] Postfix 3.2 disables the 'transitional' compatibility
between the IDNA2003 and IDNA2008 standards for internationalized
domain names (domain names beyond the limits of US-ASCII).
This change makes Postfix behavior consistent with contemporary web
browsers. It affects the handling of some corner cases such as
German sz and Greek zeta. See http://unicode.org/cldr/utility/idna.jsp
for more examples.
Specify "enable_idna2003_compatibility = yes" to restore historical
behavior (but keep in mind that the rest of the world may not make
that same choice).
Major changes - tls
-------------------
[Feature 20160828] Fixes for deprecated OpenSSL 1.1.0 API features,
so that Postfix will build without depending on backwards-compatibility
support.
[Incompat 20161204] Postfix 3.2 removes tentative features that
were implemented before the DANE spec was finalized:
- Support for certificate usage PKIX-EE(1),
- The ability to disable digest agility (Postfix now behaves as if
"tls_dane_digest_agility = on"), and
- The ability to disable support for "TLSA 2 [01] [12]" records
that specify the digest of a trust anchor (Postfix now behaves
as if "tls_dane_trust_anchor_digest_enable = yes).
[Feature 20161217] Postfix 3.2 enables elliptic curve negotiation
with OpenSSL >= 1.0.2. This changes the default smtpd_tls_eecdh_grade
setting to "auto", and introduces a new parameter tls_eecdh_auto_curves
with the names of curves that may be negotiated.
The default tls_eecdh_auto_curves setting is determined at compile
time, and depends on the Postfix and OpenSSL versions. At runtime,
Postfix will skip curve names that aren't supported by the OpenSSL
library.
Major changes - xclient
-----------------------
[Feature 20160611] The Postfix SMTP server local IP address and
port are available in the policy delegation protocol (attribute
names: server_address, server_port), in the Milter protocol (macro
names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol
(attribute names: DESTADDR, DESTPORT).
@
text
@d190 6
a208 6
# Relay control (Postfix 2.10 and later): local clients and
# authenticated clients may specify any destination domain.
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
d249 2
a250 2
smtpd_recipient_restrictions
≥
2.10
Required if smtpd_relay_restrictions does not enforce
d254 2
a255 1
< 2.10
Required
d257 2
a258 2
smtpd_relay_restrictions
≥ 2.10
Required if smtpd_recipient_restrictions does not enforce
d262 1
a262 2
< 2.10
Not available
@
1.1.1.5
log
@Import Postfix-3.7.3 (previous version was 3.5.2)
This is the Postfix 3.7 (stable) release.
The stable Postfix release is called postfix-3.7.x where 3=major
release number, 7=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-3.8-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 3.5 or earlier, read RELEASE_NOTES-3.6
before proceeding.
License change
---------------
This software is distributed with a dual license: in addition to the
historical IBM Public License 1.0, it is now also distributed with the
more recent Eclipse Public License 2.0. Recipients can choose to take
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
Bugfix for messages not delivered after "warning: Unexpected record type 'X'
============================================================================
Due to a bug introduced in Postfix 3.7.0, a message could falsely
be flagged as corrupt with "warning: Unexpected record type 'X'".
Such messages were moved to the "corrupt" queue directory, where
they may still be found. See below for instructions to deal with
these falsely flagged messages.
This could happen for messages with 5000 or more recipients, or
with fewer recipients on a busy mail server. The problem was first
reported by Frank Brendel, reproduced by John Alex.
A file in the "corrupt" queue directory may be inspected with the
command "postcat /var/spool/postfix/corrupt/. If delivery
of the file is still desired, the file can be moved back to
/var/spool/postfix/incoming after updating Postfix and executing
"postfix reload".
Major changes - configuration
-----------------------------
[Feature 20210605] Support to inline the content of small cidr:,
pcre:, and regexp: tables in Postfix parameter values.
Example:
smtpd_forbidden_commands =
CONNECT GET POST regexp:{{/^[^A-Z]/ Thrash}}
This is the new smtpd_forbidden_commands default value. It will
immediately disconnect a remote SMTP client when a command does not
start with a letter (a-z or A-Z).
The basic syntax is:
/etc/postfix/main.cf:
parameter = .. map-type:{ { rule-1 }, { rule-2 } .. } ..
/etc/postfix/master.cf:
.. -o { parameter = .. map-type:{ { rule-1 }, { rule-2 } .. } .. } ..
where map-type is one of cidr, pcre, or regexp.
Postfix ignores whitespace after '{' and before '}', and writes each
rule as one text line to a nameless in-memory file:
in-memory file:
rule-1
rule-2
..
Postfix parses the result as if it is a file in /etc/postfix.
Note: if a rule contains $, specify $$ to keep Postfix from trying
to do $name expansion as it evaluates the parameter value.
Major changes - lmdb support
----------------------------
[Feature 20210605] Overhauled the LMDB client's error handling, and
added integration tests for future-proofing. There are no visible
changes in documented behavior.
Major changes - logging
-----------------------
[Feature 20210815] To make the maillog_file feature more useful,
the postlog(1) command is now set-gid postdrop, so that unprivileged
programs can use it to write logging through the postlogd(8) daemon.
This required hardening the postlog(1) command against privilege
escalation attacks. DO NOT turn on the set-gid bit with older
postlog(1) implementations.
Major changes - pcre2 support
-----------------------------
[Feature 20211127] Support for the pcre2 library (the legacy pcre
library is no longer maintained). The Postfix build procedure
automatically detects if the pcre2 library is installed, and if it
is unavailable, the Postfix build procedure will detect if the
legacy pcre library is installed. See PCRE_README if you need to
build Postfix with a specific library.
Visible differences: some error messages may have a different text,
and the 'X' pattern flag is no longer supported with pcre2.
Major changes - security
------------------------
[Feature 20220102] Postfix programs now randomize the initial state
of in-memory hash tables, to defend against hash collision attacks
involving a large number of attacker-chosen lookup keys. Presently,
the only known opportunity for such attacks involves remote SMTP
client IPv6 addresses in the anvil(8) service. The attack would
require making hundreds of short-lived connections per second from
thousands of different IP addresses, because the anvil(8) service
drops inactive counters after 100s. Other in-memory hash tables
with attacker-chosen lookup keys are by design limited in size. The
fix is cheap, and therefore implemented for all Postfix in-memory
hash tables. Problem reported by Pascal Junod.
[Feature 20211030] The postqueue command now sanitizes non-printable
characters (such as newlines) in strings before they are formatted
as json or as legacy output. These outputs are piped into other
programs that are run by administrative users. This closes a
hypothetical opportunity for privilege escalation.
[Feature 20210815] Updated defense against remote clients or servers
that 'trickle' SMTP or LMTP traffic, based on per-request deadlines
and minimum data rates.
Per-request deadlines:
The new {smtpd,smtp,lmtp}_per_request_deadline parameters replace
{smtpd,smtp,lmtp}_per_record_deadline, with backwards compatible
default settings. This defense is enabled by default in the Postfix
SMTP server in case of overload.
The new smtpd_per_record_deadline parameter limits the combined
time for the Postfix SMTP server to receive a request and to send
a response, while the new {smtp,lmtp}_per_record_deadline parameters
limit the combined time for the Postfix SMTP or LMTP client to send
a request and to receive a response.
Minimum data rates:
The new smtpd_min_data_rate parameter enforces a minimum plaintext
data transfer rate for DATA and BDAT requests, but only when
smtpd_per_record_deadline is enabled. After a read operation transfers
N plaintext bytes (possibly after TLS decryption), and after the
DATA or BDAT request deadline is decreased by the elapsed time of
that read operation, the DATA or BDAT request deadline is increased
by N/smtpd_min_data_rate seconds. However, the deadline is never
increased beyond the smtpd_timeout value. The default minimum data
rate is 500 (bytes/second) but is still subject to change.
The new {smtp,lmtp}_min_data_rate parameters enforce the corresponding
minimum DATA transfer rates for the Postfix SMTP and LMTP client.
Major changes - tls support
---------------------------
[Cleanup 20220121] The new tlsproxy_client_security_level parameter
replaces tlsproxy_client_level, and the new tlsproxy_client_policy_maps
parameter replaces tlsproxy_client_policy. This is for consistent
parameter naming (tlsproxy_client_xxx corresponds to smtp_tls_xxx).
This change was made with backwards-compatible default settings.
[Feature 20210926] Postfix was updated to support OpenSSL 3.0.0 API
features, and to work around OpenSSL 3.0.0 bit-rot (avoid using
deprecated API features).
Other code health
-----------------
[typos] Typo fixes by raf.
[pre-release checks] Added pre-release checks to detect a) new typos
in documentation and source-code comments, b) missing entries in
the postfix-files file (some documentation would not be installed),
c) missing rules in the postlink script (some text would not have
a hyperlink in documentation), and d) missing map-based $parameter
names in the proxy_read_maps default value (the proxymap daemon
would not automatically authorize some proxied maps).
[memory stream] Improved support for memory-based streams made it
possible to inline small cidr:, pcre:, and regexp: maps in Postfix
parameter values, and to eliminate some ad-hoc code that converted
tlsproxy(8) protocol data to or from serialized form.
*************************************************************************
This is the Postfix 3.6 (stable) release.
The stable Postfix release is called postfix-3.6.x where 3=major
release number, 6=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-3.7-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 3.4 or earlier, read RELEASE_NOTES-3.5
before proceeding.
License change
---------------
This software is distributed with a dual license: in addition to the
historical IBM Public License 1.0, it is now also distributed with the
more recent Eclipse Public License 2.0. Recipients can choose to take
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
Major changes - internal protocol identification
------------------------------------------------
[Incompat 20200920] Internal protocols have changed. You need to
"postfix stop" before updating, or before backing out to an earlier
release, otherwise long-running daemons (pickup, qmgr, verify, tlsproxy,
postscreen) may fail to communicate with the rest of Postfix, causing
mail delivery delays until Postfix is restarted.
This change does not affect message files in Postfix queue directories,
only the communication between running Postfix programs.
With this change, every Postfix internal service, including the postdrop
command, announces the name of its protocol before doing any other I/O.
Every Postfix client program, including the Postfix sendmail command,
will verify that the protocol name matches what it is supposed to be.
The purpose of this change is to produce better error messages, for
example, when someone configures the discard daemon as a bounce
service in master.cf, or vice versa.
This change may break third-party programs that implement a
Postfix-internal protocol such as qpsmtpd. Such programs have never
been supported. Fortunately, this will be an easy fix: look at the
first data from the cleanup daemon: if it is a protocol announcement,
you're talking to Postfix 3.6 or later. That's the only real change.
Major changes - tls
-------------------
[Incompat 20200705] The minimum supported OpenSSL version is 1.1.1,
which will reach the end of life by 2023-09-11. Postfix 3.6 is
expected to reach the end of support in 2025. Until then, Postfix
will be updated as needed for compatibility with OpenSSL.
The default fingerprint digest has changed from md5 to sha256 (Postfix
3.6 with compatibility_level >= 3.6). With a lower compatibility_level
setting, Postfix defaults to using md5, and logs a warning when a Postfix
configuration specifies no explicit digest type.
Export-grade Diffie-Hellman key exchange is no longer supported,
and the tlsproxy_tls_dh512_param_file parameter is ignored,
[Feature 20200906] The tlstype.pl helper script by Viktor Dukhovni
reports TLS information per message delivery. This processes output
from the collate.pl script. See auxiliary/collate/README.tlstype and
auxiliary/collate/tlstype.pl.
Major changes - compatibility level
-----------------------------------
[Feature 20210109] Starting with Postfix version 3.6, the compatibility
level is "3.6". In future Postfix releases, the compatibility level will
be the Postfix version that introduced the last incompatible change. The
level is formatted as 'major.minor.patch', where 'patch' is usually
omitted and defaults to zero. Earlier compatibility levels are 0, 1 and 2.
This also introduces main.cf and master.cf support for the <=level,
" which matches an empty sender address, and the
"@@domain" wildcard pattern. More information about those can be found
in the postconf(5) manpage.
Example:
/etc/postfix/main.cf:
# Allow root and postfix full control, anyone else can only
# send mail as themselves. Use "uid:" followed by the numerical
# UID when the UID has no entry in the UNIX password file.
local_login_sender_maps =
inline:{ { root = *}, { postfix = * } },
pcre:/etc/postfix/login_senders
/etc/postfix/login_senders:
# Allow both the bare username and the user@@domain forms.
/(.+)/ $1 $1@@example.com
Major changes - order of relay and recipient restrictions
---------------------------------------------------------
[Incompat 20210131] With smtpd_relay_before_recipient_restrictions=yes,
the Postfix SMTP server will evaluate smtpd_relay_restrictions before
smtpd_recipient_restrictions. This is the default behavior with
compatibility_level >= 3.6.
This change makes the implemented behavior consistent with existing
documentation. There is a backwards-compatibility warning that allows
users to freeze historical behavior. See COMPATIBILITY_README for
details.
Major changes - respectful logging
----------------------------------
[Feature 20210220] Postfix version 3.6 deprecates terminology
that implies white is better than black. Instead, Postfix prefers
'allowlist', 'denylist', and variations on those words. This change
affects Postfix documentation, and postscreen parameters and logging.
To keep the old postscreen logging set "respectful_logging = no"
in main.cf.
Noel Jones assisted with the initial transition.
Changes in documentation
------------------------
Postfix documentation was updated to use 'allowlist', 'denylist', etc.
These documentation changes do not affect Postfix behavior.
Changes in parameter names
--------------------------
The following postscreen parameters replace names that contain 'blacklist'
or 'whitelist':
postscreen_allowlist_interfaces
postscreen_denylist_action
postscreen_dnsbl_allowlist_threshold
These new parameters have backwards-compatible default settings
that support the old parameter names, so that the name change should
not affect Postfix behavior. This means that existing management tools
that use the old parameter names should keep working as before.
This compatibility safety net may break when some management tools
use the new parameter names, and some use the old names, such that
different tools will disagree on how Postfix works.
Changes in logging
------------------
The following logging replaces forms that contain 'blacklist' or
'whitelist':
postfix/postscreen[pid]: ALLOWLIST VETO [address]:port
postfix/postscreen[pid]: ALLOWLISTED [address]:port
postfix/postscreen[pid]: DENYLISTED [address]:port
To avoid breaking logfile analysis tools, Postfix keeps logging the old
forms by default, as long as the compatibility_level parameter setting
is less than 3.6, and the respectful_logging parameter is not explicitly
configured. As a reminder, Postfix will log the following:
postfix/postscreen[pid]: Using backwards-compatible default setting
respectful_logging=no for client [address]:port
To keep logging the old form, make the setting "respectful_logging =
no" permanent in main.cf, for example:
# postconf "respectful_logging = no"
# postfix reload
To stop the reminder, configure the respectful_logging parameter to
"yes" or "no", or configure "compatibility_level = 3.6".
Major changes - threaded bounces
--------------------------------
[Feature 20201205] Support for threaded bounces. This allows mail
readers to present a non-delivery, delayed delivery, or successful
delivery notification in the same email thread as the original
message.
Unfortunately, this also makes it easy for users to mistakenly delete
the whole email thread (all related messages), instead of deleting
only the delivery status notification.
To enable, specify "enable_threaded_bounces = yes".
Other changes - smtpd_sasl_mechanism_list
-----------------------------------------
[Feature 20200906] The smtpd_sasl_mechanism_list parameter (default:
!external, static:rest) prevents confusing errors when a SASL backend
announces EXTERNAL support which Postfix does not support.
Other changes - delivery logging
--------------------------------
[Incompat 20200531] Postfix delivery agents now log an explicit record
when delegating delivery to a different Postfix delivery agent.
For example, with "best_mx_transport = local", an SMTP delivery
agent will now log when a recipient will be delivered locally. This
makes the delegating delivery agent visible, where it would otherwise
have remained invisible, which would complicate troubleshooting.
postfix/smtp[pid]: queueid: passing to transport=local
This will usually be followed by logging for an actual delivery:
postfix/local[pid]: queueid: to=, relay=local, ...
Other examples: the local delivery agent will log a record that it
defers mailbox delivery through mailbox_transport or through
fallback_transport.
Other changes - error logging
-----------------------------
[Incompat 20200531] Postfix programs will now log "Application error"
instead of "Success" or "Unknown error: 0" when an operation fails with
errno == 0, i.e., the error originates from non-kernel code.
Other changes - dns lookups
---------------------------
[Feature 20200509] The threadsafe resolver API (res_nxxx() calls)
is now the default, not because the API is threadsafe, but because
this is the API where new features are being added.
To build old style, build with:
make makefiles CCARGS="-DNO_RES_NCALLS..."
This is the default for systems that are known not to support the
threadsafe resolver API.
@
text
@d10 1
a10 1
d58 1
a58 1
anti-spammer denylists. See, for example, the information on
d90 2
a91 2
Denylist oriented: some SMTP server access controls
query denylists with known to be bad sites such as open mail
d94 1
a94 1
effectiveness of these denylists depends on how complete and how
d221 2
a222 3
allowlisting; the smtpd_relay_restrictions example above allows mail from local
networks, and from SASL authenticated clients, but otherwise rejects mail
to arbitrary destinations.
d323 1
a323 1
Mixing is needed for complex allowlisting policies. For
@
1.1.1.5.2.1
log
@Pullup the following, requested by kim in ticket #518:
external/ibm-public/postfix/dist/html/postfix-doc.css up to 1.1.1.1
external/ibm-public/postfix/dist/mantools/check-double-history up to 1.1.1.1
external/ibm-public/postfix/dist/mantools/check-spell-history up to 1.1.1.1
external/ibm-public/postfix/dist/mantools/check-table-proto up to 1.1.1.1
external/ibm-public/postfix/dist/proto/stop.double-history up to 1.1.1.1
external/ibm-public/postfix/dist/proto/stop.spell-history up to 1.1.1.1
external/ibm-public/postfix/dist/src/postconf/test71.ref up to 1.1.1.1
external/ibm-public/postfix/dist/src/util/mkmap_db.c up to 1.2
external/ibm-public/postfix/dist/src/util/mkmap.h up to 1.2
external/ibm-public/postfix/dist/src/util/inet_addr_sizes.c up to 1.2
external/ibm-public/postfix/dist/src/util/inet_addr_sizes.h up to 1.2
external/ibm-public/postfix/dist/src/util/inet_prefix_top.c up to 1.2
external/ibm-public/postfix/dist/src/util/inet_prefix_top.h up to 1.2
external/ibm-public/postfix/dist/src/util/mkmap_cdb.c up to 1.2
external/ibm-public/postfix/dist/src/util/mkmap_dbm.c up to 1.2
external/ibm-public/postfix/dist/src/util/mkmap_fail.c up to 1.2
external/ibm-public/postfix/dist/src/util/mkmap_lmdb.c up to 1.2
external/ibm-public/postfix/dist/src/util/mkmap_open.c up to 1.2
external/ibm-public/postfix/dist/src/util/mkmap_sdbm.c up to 1.2
external/ibm-public/postfix/dist/RELEASE_NOTES-3.7 up to 1.1.1.1
external/ibm-public/postfix/dist/src/global/mkmap.h delete
external/ibm-public/postfix/dist/src/global/mkmap_cdb.c delete
external/ibm-public/postfix/dist/src/global/mkmap_db.c delete
external/ibm-public/postfix/dist/src/global/mkmap_dbm.c delete
external/ibm-public/postfix/dist/src/global/mkmap_fail.c delete
external/ibm-public/postfix/dist/src/global/mkmap_lmdb.c delete
external/ibm-public/postfix/dist/src/global/mkmap_open.c delete
external/ibm-public/postfix/dist/src/global/mkmap_sdbm.c delete
external/ibm-public/postfix/dist/HISTORY up to 1.1.1.29
external/ibm-public/postfix/dist/INSTALL up to 1.1.1.9
external/ibm-public/postfix/dist/Makefile.in up to 1.1.1.10
external/ibm-public/postfix/dist/RELEASE_NOTES up to 1.1.1.17
external/ibm-public/postfix/dist/WISHLIST up to 1.1.1.2
external/ibm-public/postfix/dist/makedefs up to 1.16
external/ibm-public/postfix/dist/postfix-env.sh up to 1.1.1.2
external/ibm-public/postfix/dist/README_FILES/ADDRESS_CLASS_README up to 1.1.1.2
external/ibm-public/postfix/dist/README_FILES/BASIC_CONFIGURATION_README up to 1.1.1.6
external/ibm-public/postfix/dist/README_FILES/DEBUG_README up to 1.1.1.5
external/ibm-public/postfix/dist/README_FILES/FORWARD_SECRECY_README up to 1.1.1.5
external/ibm-public/postfix/dist/README_FILES/INSTALL up to 1.10
external/ibm-public/postfix/dist/README_FILES/IPV6_README up to 1.1.1.4
external/ibm-public/postfix/dist/README_FILES/MAILLOG_README up to 1.1.1.4
external/ibm-public/postfix/dist/README_FILES/MILTER_README up to 1.1.1.9
external/ibm-public/postfix/dist/README_FILES/MYSQL_README up to 1.1.1.5
external/ibm-public/postfix/dist/README_FILES/PGSQL_README up to 1.1.1.4
external/ibm-public/postfix/dist/README_FILES/QSHAPE_README up to 1.1.1.4
external/ibm-public/postfix/dist/README_FILES/RELEASE_NOTES up to 1.1.1.17
external/ibm-public/postfix/dist/README_FILES/SASL_README up to 1.1.1.11
external/ibm-public/postfix/dist/README_FILES/SMTPD_POLICY_README up to 1.1.1.7
external/ibm-public/postfix/dist/README_FILES/SMTPD_PROXY_README up to 1.1.1.6
external/ibm-public/postfix/dist/README_FILES/SQLITE_README up to 1.1.1.4
external/ibm-public/postfix/dist/README_FILES/STANDARD_CONFIGURATION_README up to 1.1.1.6
external/ibm-public/postfix/dist/README_FILES/TLS_README up to 1.14
external/ibm-public/postfix/dist/conf/aliases up to 1.1.1.5
external/ibm-public/postfix/dist/conf/main.cf up to 1.10
external/ibm-public/postfix/dist/conf/master.cf up to 1.11
external/ibm-public/postfix/dist/conf/postfix-files up to 1.9
external/ibm-public/postfix/dist/conf/postfix-script up to 1.4
external/ibm-public/postfix/dist/conf/postfix-tls-script up to 1.5
external/ibm-public/postfix/dist/conf/virtual up to 1.1.1.6
external/ibm-public/postfix/dist/html/ADDRESS_CLASS_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/ADDRESS_REWRITING_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/ADDRESS_VERIFICATION_README.html up to 1.11
external/ibm-public/postfix/dist/html/BACKSCATTER_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/BASIC_CONFIGURATION_README.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/BDAT_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/BUILTIN_FILTER_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/CDB_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/COMPATIBILITY_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/CONNECTION_CACHE_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/CONTENT_INSPECTION_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/DATABASE_README.html up to 1.1.1.10
external/ibm-public/postfix/dist/html/DB_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/DEBUG_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/DSN_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/ETRN_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/FILTER_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/FORWARD_SECRECY_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/INSTALL.html up to 1.10
external/ibm-public/postfix/dist/html/IPV6_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/LDAP_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/LINUX_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/LMDB_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/LOCAL_RECIPIENT_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/MAILDROP_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/MAILLOG_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/MEMCACHE_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/MILTER_README.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/MULTI_INSTANCE_README.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/MYSQL_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/NFS_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/OVERVIEW.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/PACKAGE_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/PCRE_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/PGSQL_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/POSTSCREEN_3_5_README.html up to 1.1.1.2
external/ibm-public/postfix/dist/html/POSTSCREEN_README.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/QSHAPE_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/RESTRICTION_CLASS_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/SASL_README.html up to 1.1.1.11
external/ibm-public/postfix/dist/html/SCHEDULER_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/SMTPD_ACCESS_README.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/SMTPD_POLICY_README.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/SMTPD_PROXY_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/SMTPUTF8_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/SOHO_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/SQLITE_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/STANDARD_CONFIGURATION_README.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/STRESS_README.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/TLS_LEGACY_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/TLS_README.html up to 1.15
external/ibm-public/postfix/dist/html/TUNING_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/UUCP_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/VERP_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/VIRTUAL_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/XCLIENT_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/XFORWARD_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/access.5.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/aliases.5.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/anvil.8.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/bounce.5.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/bounce.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/canonical.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/cidr_table.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/cleanup.8.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/defer.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/discard.8.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/dnsblog.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/error.8.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/flush.8.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/generic.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/header_checks.5.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/index.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/ldap_table.5.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/lmdb_table.5.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/lmtp.8.html up to 1.1.1.12
external/ibm-public/postfix/dist/html/local.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/mailq.1.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/makedefs.1.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/master.5.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/master.8.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/memcache_table.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/mysql_table.5.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/newaliases.1.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/nisplus_table.5.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/oqmgr.8.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/pcre_table.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/pgsql_table.5.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/pickup.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/pipe.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/postalias.1.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/postcat.1.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/postconf.1.html up to 1.1.1.11
external/ibm-public/postfix/dist/html/postconf.5.html up to 1.19
external/ibm-public/postfix/dist/html/postdrop.1.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/postfix-manuals.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/postfix-tls.1.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/postfix-wrapper.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/postfix.1.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/postkick.1.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/postlock.1.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/postlog.1.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/postlogd.8.html up to 1.1.1.3
external/ibm-public/postfix/dist/html/postmap.1.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/postmulti.1.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/postqueue.1.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/postscreen.8.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/postsuper.1.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/posttls-finger.1.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/proxymap.8.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/qmgr.8.html up to 1.1.1.9
external/ibm-public/postfix/dist/html/qmqp-sink.1.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/qmqp-source.1.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/qmqpd.8.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/qshape.1.html up to 1.1.1.4
external/ibm-public/postfix/dist/html/regexp_table.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/relocated.5.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/scache.8.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/sendmail.1.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/showq.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/smtp-sink.1.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/smtp-source.1.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/smtp.8.html up to 1.1.1.12
external/ibm-public/postfix/dist/html/smtpd.8.html up to 1.1.1.13
external/ibm-public/postfix/dist/html/socketmap_table.5.html up to 1.1.1.5
external/ibm-public/postfix/dist/html/spawn.8.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/sqlite_table.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/tcp_table.5.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/tlsmgr.8.html up to 1.1.1.6
external/ibm-public/postfix/dist/html/tlsproxy.8.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/trace.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/transport.5.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/trivial-rewrite.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/verify.8.html up to 1.1.1.8
external/ibm-public/postfix/dist/html/virtual.5.html up to 1.1.1.7
external/ibm-public/postfix/dist/html/virtual.8.html up to 1.1.1.7
external/ibm-public/postfix/dist/man/man1/postfix-tls.1 up to 1.3
external/ibm-public/postfix/dist/man/man1/postfix.1 up to 1.6
external/ibm-public/postfix/dist/man/man1/postlog.1 up to 1.5
external/ibm-public/postfix/dist/man/man1/postqueue.1 up to 1.5
external/ibm-public/postfix/dist/man/man1/posttls-finger.1 up to 1.5
external/ibm-public/postfix/dist/man/man5/aliases.5 up to 1.5
external/ibm-public/postfix/dist/man/man5/cidr_table.5 up to 1.5
external/ibm-public/postfix/dist/man/man5/ldap_table.5 up to 1.5
external/ibm-public/postfix/dist/man/man5/mysql_table.5 up to 1.5
external/ibm-public/postfix/dist/man/man5/pcre_table.5 up to 1.4
external/ibm-public/postfix/dist/man/man5/pgsql_table.5 up to 1.5
external/ibm-public/postfix/dist/man/man5/postconf.5 up to 1.19
external/ibm-public/postfix/dist/man/man5/regexp_table.5 up to 1.4
external/ibm-public/postfix/dist/man/man5/virtual.5 up to 1.5
external/ibm-public/postfix/dist/man/man8/postscreen.8 up to 1.5
external/ibm-public/postfix/dist/man/man8/smtp.8 up to 1.5
external/ibm-public/postfix/dist/man/man8/smtpd.8 up to 1.5
external/ibm-public/postfix/dist/man/man8/tlsproxy.8 up to 1.5
external/ibm-public/postfix/dist/mantools/check-double-cc up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/check-double-install-proto-text up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/check-double-proto-html up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/check-postfix-files up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/check-postlink up to 1.1.1.3
external/ibm-public/postfix/dist/mantools/check-spell-cc up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/check-spell-install-proto-text up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/check-spell-proto-html up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/make_soho_readme up to 1.1.1.4
external/ibm-public/postfix/dist/mantools/makemanidx up to 1.1.1.4
external/ibm-public/postfix/dist/mantools/man2html up to 1.1.1.5
external/ibm-public/postfix/dist/mantools/manlint up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/manspell up to 1.1.1.2
external/ibm-public/postfix/dist/mantools/missing-proxy-read-maps up to 1.1.1.3
external/ibm-public/postfix/dist/mantools/postlink up to 1.1.1.13
external/ibm-public/postfix/dist/mantools/spell up to 1.1.1.3
external/ibm-public/postfix/dist/proto/ADDRESS_CLASS_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/ADDRESS_REWRITING_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/ADDRESS_VERIFICATION_README.html up to 1.11
external/ibm-public/postfix/dist/proto/BACKSCATTER_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/BASIC_CONFIGURATION_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/BDAT_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/BUILTIN_FILTER_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/CDB_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/COMPATIBILITY_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/CONNECTION_CACHE_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/CONTENT_INSPECTION_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/DATABASE_README.html up to 1.1.1.10
external/ibm-public/postfix/dist/proto/DB_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/DEBUG_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/DSN_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/ETRN_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/FILTER_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/FORWARD_SECRECY_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/INSTALL.html up to 1.10
external/ibm-public/postfix/dist/proto/IPV6_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/LDAP_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/LINUX_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/LMDB_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/LOCAL_RECIPIENT_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/MAILDROP_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/MAILLOG_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/MEMCACHE_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/MILTER_README.html up to 1.1.1.9
external/ibm-public/postfix/dist/proto/MULTI_INSTANCE_README.html up to 1.1.1.8
external/ibm-public/postfix/dist/proto/MYSQL_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/NFS_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/OVERVIEW.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/PACKAGE_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/PCRE_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/PGSQL_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/POSTSCREEN_3_5_README.html up to 1.1.1.2
external/ibm-public/postfix/dist/proto/POSTSCREEN_README.html up to 1.1.1.8
external/ibm-public/postfix/dist/proto/QSHAPE_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/RESTRICTION_CLASS_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/SASL_README.html up to 1.1.1.11
external/ibm-public/postfix/dist/proto/SCHEDULER_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/SMTPD_ACCESS_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/SMTPD_POLICY_README.html up to 1.1.1.7
external/ibm-public/postfix/dist/proto/SMTPD_PROXY_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/SMTPUTF8_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/SQLITE_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/STANDARD_CONFIGURATION_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/STRESS_README.html up to 1.1.1.7
external/ibm-public/postfix/dist/proto/TLS_LEGACY_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/TLS_README.html up to 1.14
external/ibm-public/postfix/dist/proto/TUNING_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/UUCP_README.html up to 1.1.1.3
external/ibm-public/postfix/dist/proto/VERP_README.html up to 1.1.1.5
external/ibm-public/postfix/dist/proto/VIRTUAL_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/XCLIENT_README.html up to 1.1.1.6
external/ibm-public/postfix/dist/proto/XFORWARD_README.html up to 1.1.1.4
external/ibm-public/postfix/dist/proto/aliases up to 1.1.1.6
external/ibm-public/postfix/dist/proto/cidr_table up to 1.1.1.6
external/ibm-public/postfix/dist/proto/ldap_table up to 1.1.1.7
external/ibm-public/postfix/dist/proto/mysql_table up to 1.1.1.8
external/ibm-public/postfix/dist/proto/pcre_table up to 1.1.1.6
external/ibm-public/postfix/dist/proto/pgsql_table up to 1.1.1.8
external/ibm-public/postfix/dist/proto/postconf.html.prolog up to 1.1.1.5
external/ibm-public/postfix/dist/proto/postconf.proto up to 1.19
external/ibm-public/postfix/dist/proto/regexp_table up to 1.1.1.6
external/ibm-public/postfix/dist/proto/stop up to 1.1.1.7
external/ibm-public/postfix/dist/proto/stop.double-cc up to 1.1.1.2
external/ibm-public/postfix/dist/proto/stop.double-proto-html up to 1.1.1.2
external/ibm-public/postfix/dist/proto/stop.spell-cc up to 1.1.1.2
external/ibm-public/postfix/dist/proto/stop.spell-proto-html up to 1.1.1.2
external/ibm-public/postfix/dist/proto/virtual up to 1.1.1.6
external/ibm-public/postfix/dist/src/cleanup/cleanup_map1n.c up to 1.4
external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.c up to 1.5
external/ibm-public/postfix/dist/src/dns/Makefile.in up to 1.1.1.5
external/ibm-public/postfix/dist/src/dns/dns.h up to 1.6
external/ibm-public/postfix/dist/src/dns/dns_lookup.c up to 1.8
external/ibm-public/postfix/dist/src/dns/dns_rr.c up to 1.3
external/ibm-public/postfix/dist/src/dns/dns_rr_eq_sa.c up to 1.3
external/ibm-public/postfix/dist/src/dns/dns_sa_to_rr.c up to 1.3
external/ibm-public/postfix/dist/src/dns/dns_str_resflags.c up to 1.3
external/ibm-public/postfix/dist/src/dns/dns_strrecord.c up to 1.3
external/ibm-public/postfix/dist/src/dns/dns_strtype.c up to 1.2
external/ibm-public/postfix/dist/src/global/Makefile.in up to 1.1.1.10
external/ibm-public/postfix/dist/src/global/compat_level.c up to 1.3
external/ibm-public/postfix/dist/src/global/compat_level.h up to 1.3
external/ibm-public/postfix/dist/src/global/dict_ldap.c up to 1.5
external/ibm-public/postfix/dist/src/global/dict_memcache.c up to 1.3
external/ibm-public/postfix/dist/src/global/dict_mysql.c up to 1.4
external/ibm-public/postfix/dist/src/global/dict_pgsql.c up to 1.4
external/ibm-public/postfix/dist/src/global/dict_proxy.h up to 1.3
external/ibm-public/postfix/dist/src/global/dict_sqlite.c up to 1.4
external/ibm-public/postfix/dist/src/global/dynamicmaps.c up to 1.4
external/ibm-public/postfix/dist/src/global/header_body_checks.h up to 1.3
external/ibm-public/postfix/dist/src/global/mail_dict.c up to 1.3
external/ibm-public/postfix/dist/src/global/mail_params.h up to 1.19
external/ibm-public/postfix/dist/src/global/mail_proto.h up to 1.5
external/ibm-public/postfix/dist/src/global/mail_version.h up to 1.6
external/ibm-public/postfix/dist/src/global/map_search.c up to 1.4
external/ibm-public/postfix/dist/src/global/map_search.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/global/maps.c up to 1.4
external/ibm-public/postfix/dist/src/global/maps.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/global/mkmap_proxy.c up to 1.2
external/ibm-public/postfix/dist/src/global/namadr_list.in up to 1.1.1.4
external/ibm-public/postfix/dist/src/global/namadr_list.ref up to 1.1.1.5
external/ibm-public/postfix/dist/src/global/smtp_stream.c up to 1.5
external/ibm-public/postfix/dist/src/global/smtp_stream.h up to 1.4
external/ibm-public/postfix/dist/src/local/local_expand.c up to 1.3
external/ibm-public/postfix/dist/src/milter/milter8.c up to 1.5
external/ibm-public/postfix/dist/src/postalias/Makefile.in up to 1.1.1.6
external/ibm-public/postfix/dist/src/postalias/postalias.c up to 1.5
external/ibm-public/postfix/dist/src/postconf/Makefile.in up to 1.1.1.11
external/ibm-public/postfix/dist/src/postconf/postconf.h up to 1.4
external/ibm-public/postfix/dist/src/postconf/postconf_dbms.c up to 1.5
external/ibm-public/postfix/dist/src/postconf/postconf_edit.c up to 1.3
external/ibm-public/postfix/dist/src/postconf/postconf_main.c up to 1.4
external/ibm-public/postfix/dist/src/postconf/postconf_master.c up to 1.8
external/ibm-public/postfix/dist/src/postconf/postconf_misc.c up to 1.3
external/ibm-public/postfix/dist/src/postconf/test58.ref up to 1.1.1.3
external/ibm-public/postfix/dist/src/postfix/postfix.c up to 1.6
external/ibm-public/postfix/dist/src/postlog/postlog.c up to 1.5
external/ibm-public/postfix/dist/src/postlogd/Makefile.in up to 1.1.1.3
external/ibm-public/postfix/dist/src/postmap/Makefile.in up to 1.1.1.7
external/ibm-public/postfix/dist/src/postmap/postmap.c up to 1.5
external/ibm-public/postfix/dist/src/postqueue/postqueue.c up to 1.5
external/ibm-public/postfix/dist/src/postscreen/postscreen.c up to 1.5
external/ibm-public/postfix/dist/src/postscreen/postscreen_smtpd.c up to 1.5
external/ibm-public/postfix/dist/src/posttls-finger/posttls-finger.c up to 1.5
external/ibm-public/postfix/dist/src/proxymap/Makefile.in up to 1.1.1.6
external/ibm-public/postfix/dist/src/showq/showq.c up to 1.5
external/ibm-public/postfix/dist/src/smtp/Makefile.in up to 1.1.1.10
external/ibm-public/postfix/dist/src/smtp/lmtp_params.c up to 1.5
external/ibm-public/postfix/dist/src/smtp/smtp.c up to 1.13
external/ibm-public/postfix/dist/src/smtp/smtp.h up to 1.5
external/ibm-public/postfix/dist/src/smtp/smtp_addr.c up to 1.5
external/ibm-public/postfix/dist/src/smtp/smtp_addr.h up to 1.3
external/ibm-public/postfix/dist/src/smtp/smtp_connect.c up to 1.5
external/ibm-public/postfix/dist/src/smtp/smtp_params.c up to 1.5
external/ibm-public/postfix/dist/src/smtp/smtp_proto.c up to 1.5
external/ibm-public/postfix/dist/src/smtp/smtp_reuse.c up to 1.4
external/ibm-public/postfix/dist/src/smtp/smtp_session.c up to 1.5
external/ibm-public/postfix/dist/src/smtpd/Makefile.in up to 1.1.1.11
external/ibm-public/postfix/dist/src/smtpd/smtpd.c up to 1.20
external/ibm-public/postfix/dist/src/smtpd/smtpd.h up to 1.5
external/ibm-public/postfix/dist/src/smtpd/smtpd_check.c up to 1.6
external/ibm-public/postfix/dist/src/smtpd/smtpd_peer.c up to 1.5
external/ibm-public/postfix/dist/src/smtpd/smtpd_proxy.c up to 1.3
external/ibm-public/postfix/dist/src/smtpd/smtpd_sasl_glue.c up to 1.5
external/ibm-public/postfix/dist/src/smtpd/smtpd_server.in up to 1.1.1.4
external/ibm-public/postfix/dist/src/smtpd/smtpd_server.ref up to 1.1.1.4
external/ibm-public/postfix/dist/src/tls/Makefile.in up to 1.1.1.10
external/ibm-public/postfix/dist/src/tls/tls.h up to 1.5
external/ibm-public/postfix/dist/src/tls/tls_client.c up to 1.13
external/ibm-public/postfix/dist/src/tls/tls_dane.c up to 1.5
external/ibm-public/postfix/dist/src/tls/tls_dh.c up to 1.5
external/ibm-public/postfix/dist/src/tls/tls_fprint.c up to 1.4
external/ibm-public/postfix/dist/src/tls/tls_misc.c up to 1.5
external/ibm-public/postfix/dist/src/tls/tls_proxy.h up to 1.4
external/ibm-public/postfix/dist/src/tls/tls_proxy_client_misc.c up to 1.4
external/ibm-public/postfix/dist/src/tls/tls_proxy_client_print.c up to 1.4
external/ibm-public/postfix/dist/src/tls/tls_proxy_client_scan.c up to 1.4
external/ibm-public/postfix/dist/src/tls/tls_server.c up to 1.12
external/ibm-public/postfix/dist/src/tlsproxy/tlsproxy.c up to 1.6
external/ibm-public/postfix/dist/src/util/Makefile.in up to 1.1.1.11
external/ibm-public/postfix/dist/src/util/argv.c up to 1.4
external/ibm-public/postfix/dist/src/util/argv.h up to 1.4
external/ibm-public/postfix/dist/src/util/attr.h up to 1.5
external/ibm-public/postfix/dist/src/util/clean_env.c up to 1.3
external/ibm-public/postfix/dist/src/util/dict.c up to 1.4
external/ibm-public/postfix/dist/src/util/dict.h up to 1.5
external/ibm-public/postfix/dist/src/util/dict_cache.c up to 1.4
external/ibm-public/postfix/dist/src/util/dict_cdb.h up to 1.2
external/ibm-public/postfix/dist/src/util/dict_cidr.c up to 1.5
external/ibm-public/postfix/dist/src/util/dict_db.h up to 1.4
external/ibm-public/postfix/dist/src/util/dict_dbm.h up to 1.2
external/ibm-public/postfix/dist/src/util/dict_fail.h up to 1.2
external/ibm-public/postfix/dist/src/util/dict_lmdb.h up to 1.3
external/ibm-public/postfix/dist/src/util/dict_open.c up to 1.4
external/ibm-public/postfix/dist/src/util/dict_pcre.c up to 1.5
external/ibm-public/postfix/dist/src/util/dict_regexp.c up to 1.5
external/ibm-public/postfix/dist/src/util/dict_sdbm.h up to 1.2
external/ibm-public/postfix/dist/src/util/hash_fnv.c up to 1.3
external/ibm-public/postfix/dist/src/util/hash_fnv.h up to 1.3
external/ibm-public/postfix/dist/src/util/htable.c up to 1.4
external/ibm-public/postfix/dist/src/util/inet_connect.c up to 1.3
external/ibm-public/postfix/dist/src/util/make_dirs.c up to 1.2
external/ibm-public/postfix/dist/src/util/match_list.c up to 1.3
external/ibm-public/postfix/dist/src/util/mystrtok.c up to 1.4
external/ibm-public/postfix/dist/src/util/mystrtok.ref up to 1.1.1.2
external/ibm-public/postfix/dist/src/util/sock_addr.c up to 1.3
external/ibm-public/postfix/dist/src/util/sock_addr.h up to 1.2
external/ibm-public/postfix/dist/src/util/split_nameval.c up to 1.2
external/ibm-public/postfix/dist/src/util/stringops.h up to 1.5
external/ibm-public/postfix/dist/src/util/sys_defs.h up to 1.14
external/ibm-public/postfix/dist/src/util/unix_send_fd.c up to 1.8
external/ibm-public/postfix/dist/src/util/valid_hostname.c up to 1.3
external/ibm-public/postfix/dist/src/util/valid_hostname.h up to 1.2
external/ibm-public/postfix/dist/src/xsasl/xsasl_cyrus_server.c up to 1.4
external/ibm-public/postfix/lib/global/Makefile up to 1.10
external/ibm-public/postfix/lib/util/Makefile up to 1.11
doc/3RDPARTY (apply patch)
Update Postfix to 3.8.4.
@
text
@a10 1
@
1.1.1.6
log
@Import Postfix 3.8.4 (last was 3.7.3)
December 22, 2023: 3.8.4/3.7.9
==============================
Security: this release adds support to defend against an email
spoofing attack (SMTP smuggling) on recipients at a Postfix server.
For background, see https://www.postfix.org/smtp-smuggling.html.
Sites concerned about SMTP smuggling attacks should enable this
feature on Internet-facing Postfix servers. For compatibility with
non-standard clients, Postfix by default excludes clients in
mynetworks from this countermeasure.
The recommended settings are:
# Optionally disconnect remote SMTP clients that send bare newlines,
# but allow local clients with non-standard SMTP implementations
# such as netcat, fax machines, or load balancer health checks.
#
smtpd_forbid_bare_newline = yes
smtpd_forbid_bare_newline_exclusions = $mynetworks
The smtpd_forbid_bare_newline feature is disabled by default.
November 1, 2023: 3.8.3/3.7.8
=============================
Bugfix (defect introduced Postfix 2.5, date 20080104): the Postfix
SMTP server was waiting for a client command instead of replying
immediately, after a client certificate verification error in TLS
wrappermode. Reported by Andreas Kinzler.
Usability: the Postfix SMTP server (finally) attempts to log the
SASL username after authentication failure. In Postfix logging,
this appends ", sasl_username=xxx" after the reason for SASL
authentication failure. The logging replaces an unavailable reason
with "(reason unavailable)", and replaces an unavailable sasl_username
with "(unavailable)". Based on code by Jozsef Kadlecsik.
Compatibility bugfix (defect introduced: Postfix 2.11, date 20130405):
in forward_path, the expression ${recipient_delimiter} would expand
to an empty string when a recipient address had no recipient
delimiter. The compatibility fix is to use a configured recipient
delimiter value instead. Reported by Tod A. Sandman.
September 1, 2023: 3.8.2/3.7.7
==============================
Bugfix (defect introduced: Postfix alpha, 19980207): the valid_hostname()
check in the Postfix DNS client library was blocking unusual but
legitimate wildcard names (*.name) in some DNS lookup results and
lookup requests. Examples:
name class/type result
*.one.example IN CNAME *.other.example
*.other.example IN A 10.0.0.1
*.other.example IN TLSA ..certificate info...
Such syntax is blesed in RFC 1034 section 4.3.3.
Bugfix (defect introduced: Postfix 3.0, 20140218): when an address
verification probe fails during or after an opportunistic TLS
handshake, don't enforce a minimum time-in-queue before falling
back to plaintext. Problem reported by Serg.
June 5, 2023: 3.8.1/3.7.6
=========================
Optional: harden a Postfix SMTP server against remote SMTP clients
that violate RFC 2920 (or 5321) command pipelining constraints.
With "smtpd_forbid_unauth_pipelining = yes", the server disconnects
a client immediately, after responding with "554 5.5.0 Error: SMTP
protocol synchronization" and after logging "improper command
pipelining" with the unexpected remote SMTP client input. This
feature is disabled by default in Postfix 3.5-3.8 to avoid breaking
home-grown utilities, but it is enabled by default in Postfix 3.9.
A similar feature is enabled by default in the Exim SMTP server.
Optional: some OS distributions crank up TLS security to 11, and
in doing so increase the number of plaintext email deliveries. This
introduces basic OpenSSL configuration file support that may be
used to override OS-level settings. Details are in the postconf(5)
manpage under tls_config_file and tls_config_name.
Bugfix (defect introduced: Postfix 1.0): the command "postconf ..
name=v1 .. name=v2 .." (multiple instances of the same parameter
name) created multiple main.cf name=value entries with the same
parameter name. It now logs a warning and skips the earlier name(s)
and value(s). Found during code maintenance.
Bugfix (defect introduced: Postfix 3.3): the command "postconf -M
name1/type1='name2 type2 ...'" died with a segmentation violation
when the request matched multiple master.cf entries. The master.cf
file was not damaged. Problem reported by SATOH Fumiyasu.
Bugfix (defect introduced: Postfix 2.11): the command "postconf -M
name1/type1='name2 type2 ...'" could add a service definition to
master.cf that conflicted with an already existing service definition.
It now replaces all existing service definitions that match the
service pattern 'name1/type1' or the service name and type in 'name2
type2 ...' with a single service definition 'name2 type2 ...'.
Problem reported by SATOH Fumiyasu.
Bugfix (defect introduced: Postfix 3.8) the posttls-finger command
could access uninitialized memory when reconnecting. This also
fixes a malformed warning message when a destination contains
":service" information. Reported by Thomas Korbar.
Bugfix (defect introduced: Postfix 3.2): the MySQL client could
return "not found" instead of "error" (for example, resulting in
a 5XX SMTP status instead of 4XX) during the time that all MySQL
server connections were turned down after error. Found during code
maintenance. File: global/dict_mysql.c. This was already fixed in
Postfix 3.4-3.7.
April 18, 2023: 3.7.5
=====================
Bugfix (problem introduced in Postfix 3.5): check_ccert_access did
not handle inline map specifications. Report and fix by Sean
Gallagher.
Bugfix (problem introduced in Postfix 3.4): the posttls-finger
command failed to detect that a connection was resumed in the case
that a server did not return a certificate. Fix by Viktor Dukhovni.
Workaround: OpenSSL 3.x EVP_get_cipherbyname() can return lazily-bound
handles. Postfix now checks that the expected functionality will
be available instead of failing later. Fix by Viktor Dukhovni.
Safety: the long form "{ name = value }" in import_environment or
export_environment is not documented (with spaces around the '='),
but it was silently accepted, and it was stored in the process
environment as the invalid form "name = value", thus not setting
or overriding an entry for "name". This form is now stored as the
expected "name=value". Found during code maintenance.
Bugfix (problem introduced in Postfix 3.2): the MySQL client could
return "not found" instead of "error" (for example, resulting in
a 5XX SMTP status instead of 4XX) during the time that all MySQL
server connections were turned down after error. Found during code
maintenance.
April 17, 2023: 3.8.0
=====================
Support to look up DNS SRV records in the Postfix SMTP/LMTP client,
Based on code by Tomas Korbar (Red Hat). For example, with
"use_srv_lookup = submission" and "relayhost = example.com:submission",
the Postfix SMTP client will look up DNS SRV records for
_submission._tcp.example.com, and will relay email through the
hosts and ports that are specified with those records.
TLS obsolescence: Postfix now treats the "export" and "low" cipher
grade settings as "medium". The "export" and "low" grades are no
longer supported in OpenSSL 1.1.1, the minimum version required in
Postfix 3.6.0 and later. Also, Postfix default settings now exclude
deprecated or unused ciphers (SEED, IDEA, 3DES, RC2, RC4, RC5),
digest (MD5), key exchange algorithms (DH, ECDH), and public key
algorithm (DSS).
Attack resistance: the Postfix SMTP server can now aggregate
smtpd_client_*_rate and smtpd_client_*_count statistics by network
block instead of by IP address, to raise the bar against a memory
exhaustion attack in the anvil(8) server; Postfix TLS support
unconditionally disables TLS renegotiation in the middle of an SMTP
connection, to avoid a CPU exhaustion attack.
The PostgreSQL client encoding is now configurable with the "encoding"
Postfix configuration file attribute. The default is "UTF8".
Previously the encoding was hard-coded as "LATIN1", which is not
useful in the context of SMTP.
The postconf command now warns for #comment in or after a Postfix
parameter value. Postfix programs do not support #comment after
other text, and treat that as input.
January 12, 2023: 3.7.4
=======================
Workaround: with OpenSSL 3 and later always turn on
SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
opportunities for TLS session reuse. This is safe because the SMTP
protocol implements application-level framing, and is therefore
not affected by TLS truncation attacks. Fix by Viktor Dukhovni.
Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound
handles for digest implementations. In sufficiently hostile
configurations, Postfix could mistakenly believe that a digest
algorithm is available, and fail when it is not. A similar workaround
may be needed for EVP_get_cipherbyname(). Fix by Viktor Dukhovni.
Bugfix (bug introduced in Postfix 2.11): the checkok() macro in
tls/tls_fprint.c evaluated its argument unconditionally; it should
evaluate the argument only if there was no prior error. Found during
code review.
Bugfix (bug introduced in Postfix 2.8): postscreen died with a
segmentation violation when postscreen_dnsbl_threshold < 1. It
should reject such input with a fatal error instead. Discovered by
Benny Pedersen.
Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions.
Viktor Dukhovni.
Portability: Linux 6 support.
Added missing documentation that cidr:, pcre: and regexp: tables
support inline specification only in Postfix 3.7 and later.
@
text
@a10 1
@
1.1.1.6.2.1
log
@Sync with HEAD
@
text
@d2 1
a2 1
"https://www.w3.org/TR/html4/loose.dtd">
d60 1
a60 1
https://www.spamhaus.org/ and other websites.
@
1.1.1.7
log
@Import postfix-3.10.1 (previous was 3.8.4)
Summary:
Postfix 3.9 (July 2022): This release focused on enhancing the TLS
(Transport Layer Security) capabilities of Postfix. It introduced
support for TLSv1.3, allowing for more secure and efficient encrypted
communications. Additionally, improvements were made to the handling
of TLSA records, which are used in DNS-based Authentication of
Named Entities (DANE) to associate TLS certificates with domain
names.
Postfix 3.10 (July 2023): This version brought significant updates
to Postfix's SMTP (Simple Mail Transfer Protocol) functionalities.
It added support for the SMTPUTF8 extension, enabling the use of
UTF-8 encoding in email addresses and headers, which is essential
for internationalization. The release also included performance
optimizations, particularly in the handling of large mail queues,
and introduced new configuration parameters to provide administrators
with finer control over mail processing.
The changes are described more in detail in:
3.10 changes: RELEASE_NOTES
3.9 changes: RELEASE_NOTES_3.9
3.8 changes: RELEASE_NOTES_3.8
@
text
@d2 1
a2 1
"https://www.w3.org/TR/html4/loose.dtd">
d60 1
a60 1
https://www.spamhaus.org/ and other websites.
@
1.1.1.1.4.1
log
@file SMTPD_ACCESS_README.html was added on branch matt-nb5-mips64 on 2010-04-21 05:23:39 +0000
@
text
@d1 368
@
1.1.1.1.4.2
log
@sync to netbsd-5
@
text
@a0 368
Postfix SMTP relay and access control
Postfix
SMTP relay and access control
Introduction
The Postfix SMTP server receives mail from the network and is
exposed to the big bad world of junk email and viruses. This document
introduces the built-in and external methods that control what SMTP
mail Postfix will accept, what mistakes to avoid, and how to test
your configuration.
In a distant past, the Internet was a friendly environment.
Mail servers happily forwarded mail on behalf of anyone towards
any destination. On today's Internet, spammers abuse servers that
forward mail from arbitrary systems, and abused systems end up on
anti-spammer blacklists. See, for example, the information on
http://www.mail-abuse.org/ and other websites.
By default, Postfix has a moderately restrictive approach to
mail relaying. Postfix forwards mail only from clients in trusted
networks, or to domains that are configured as authorized relay
destinations. For a description of the default policy, see the
smtpd_recipient_restrictions parameter in the postconf(5) manual
page, and the information that is referenced from there.
Most of the Postfix SMTP server access controls are targeted
at stopping junk email.
Protocol oriented: some SMTP server access controls block
mail by being very strict with respect to the SMTP protocol; these
catch poorly implemented and/or poorly configured junk email
software, as well as email worms that come with their own non-standard
SMTP client implementations. Protocol-oriented access controls
become less useful over time as spammers and worm writers learn to
read RFC documents.
Blacklist oriented: some SMTP server access controls
query blacklists with known to be bad sites such as open mail
relays, open web proxies, and home computers that have been
compromised and that are under remote control by criminals. The
effectiveness of these blacklists depends on how complete and how
up to date they are.
Threshold oriented: some SMTP server access controls attempt
to raise the bar by either making the client do more work (greylisting)
or by asking for a second opinion (SPF and sender/recipient address
verification). The greylisting and SPF policies are implemented
externally, and are the subject of the SMTPD_POLICY_README document.
Sender/recipient address verification is the subject of the
ADDRESS_VERIFICATION_README document.
Unfortunately, all junk mail controls have the possibility of
falsely rejecting legitimate mail. This can be a problem for sites
with many different types of users. For some users it is unacceptable
when any junk email slips through, while for other users the world
comes to an end when a single legitimate email message is blocked.
Because there is no single policy that is "right" for all users,
Postfix supports different SMTP access restrictions for different
users. This is described in the RESTRICTION_CLASS_README document.
Besides the restrictions that can be made configurable per
client or per user as described in the next section, Postfix
implements a few restrictions that apply to all SMTP mail.
The built-in header_checks and body_checks content
restrictions, as described in the BUILTIN_FILTER_README document.
This happens while Postfix receives mail, before it is stored in
the incoming queue.
The external before-queue content restrictions, as described
in the SMTPD_PROXY_README document. This happens while Postfix
receives mail, before it is stored in the incoming queue.
Requiring that the client sends the HELO or EHLO command
before sending the MAIL FROM or ETRN command. This may cause problems
with home-grown applications that send mail. For this reason, the
requirement is disabled by default ("smtpd_helo_required = no").
Disallowing illegal syntax in MAIL FROM or RCPT TO commands.
This may cause problems with home-grown applications that send
mail, and with ancient PC mail clients. For this reason, the
requirement is disabled by default ("strict_rfc821_envelopes =
no").
Disallowing addresses that are not enclosed with <>
(example: "MAIL FROM: dude@@example.com").
Rejecting mail from a non-existent sender address. This form
of egress filtering helps to slow down worms and other malware, but
may cause problems with home-grown software that sends out mail
software with an unreplyable address. For this reason the requirement
is disabled by default ("smtpd_reject_unlisted_sender = no").
Rejecting mail for a non-existent recipient address. This
form of ingress filtering helps to keep the mail queue free of
undeliverable MAILER-DAEMON messages. This requirement is enabled
by default ("smtpd_reject_unlisted_recipient = yes").
Postfix allows you to specify lists of access restrictions for
each stage of the SMTP conversation. Individual restrictions are
described in the postconf(5) manual page.
Examples of simple restriction lists are:
/etc/postfix/main.cf:
# Allow connections from trusted networks only.
smtpd_client_restrictions = permit_mynetworks, reject
# Don't talk to mail systems that don't know their own hostname.
# With Postfix < 2.3, specify reject_unknown_hostname.
smtpd_helo_restrictions = reject_unknown_helo_hostname
# Don't accept mail from domains that don't exist.
smtpd_sender_restrictions = reject_unknown_sender_domain
# Whitelisting: local clients may specify any destination domain.
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
# Block clients that speak too early.
smtpd_data_restrictions = reject_unauth_pipelining
# Enforce mail volume quota via policy service callouts.
smtpd_end_of_data_restrictions = check_policy_service unix:private/policy
Each restriction list is evaluated from left to right until
some restriction produces a result of PERMIT, REJECT or DEFER (try
again later). The end of the list is equivalent to a PERMIT result.
By placing a PERMIT restriction before a REJECT restriction you
can make exceptions for specific clients or users. This is called
whitelisting; the fourth example above allows mail from local
networks but otherwise rejects mail to arbitrary destinations.
The table below summarizes the purpose of each SMTP access
restriction list. All lists use the exact same syntax; they differ
only in the time of evaluation and in the effect of a REJECT or
DEFER result.
Early Postfix versions evaluated SMTP access restrictions lists
as early as possible. The client restriction list was evaluated
before Postfix sent the "220 $myhostname..." greeting banner to
the SMTP client, the helo restriction list was evaluated before
Postfix replied to the HELO (EHLO) command, the sender restriction
list was evaluated before Postfix replied to the MAIL FROM command,
and so on. This approach turned out to be difficult to use.
Current Postfix versions postpone the evaluation of client,
helo and sender restriction lists until the RCPT TO or ETRN command.
This behavior is controlled by the smtpd_delay_reject parameter.
Restriction lists are still evaluated in the proper order of (client,
helo, etrn) or (client, helo, sender, recipient, data, or end-of-data)
restrictions.
When a restriction list (example: client) evaluates to REJECT or
DEFER the other restriction lists (example: helo, sender, etc.)
are skipped.
Around the time that smtpd_delay_reject was introduced, Postfix
was also changed to support mixed restriction lists that combine
information about the client, helo, sender and recipient or etrn
command.
Benefits of delayed restriction evaluation, and of restriction
mixing:
Some SMTP clients do not expect a negative reply early in
the SMTP session. When the bad news is postponed until the RCPT TO
reply, the client goes away as it is supposed to, instead of hanging
around until a timeout happens, or worse, going into an endless
connect-reject-connect loop.
Postfix can log more useful information. For example, when
Postfix rejects a client name or address and delays the action
until the RCPT TO command, it can log the sender and the recipient
address. This is more useful than logging only the client hostname
and IP address and not knowing whose mail was being blocked.
Mixing is needed for complex whitelisting policies. For
example, in order to reject local sender addresses in mail from
non-local clients, you need to be able to mix restrictions on client
information with restrictions on sender information in the same
restriction list. Without this ability, many per-user access
restrictions would be impossible to express.
By now the reader may wonder why we need smtpd client, helo
or sender restrictions, when their evaluation is postponed until
the RCPT TO or ETRN command. Some people recommend placing ALL the
access restrictions in the smtpd_recipient_restrictions list.
Unfortunately, this can result in too permissive access. How is
this possible?
The purpose of the smtpd_recipient_restrictions feature is to
control how Postfix replies to the RCPT TO command. If the restriction
list evaluates to REJECT or DEFER, the recipient address is rejected;
no surprises here. If the result is PERMIT, then the recipient
address is accepted. And this is where surprises can happen.
Here is an example that shows when a PERMIT result can result
in too much access permission:
Line 5 rejects mail from hosts that don't specify a proper
hostname in the HELO command (with Postfix < 2.3, specify
reject_unknown_hostname). Lines 4 and 9 make an exception to
allow mail from some machine that announces itself with "HELO
localhost.localdomain".
The problem with this configuration is that
smtpd_recipient_restrictions evaluates to PERMIT for EVERY host
that announces itself as "localhost.localdomain", making Postfix
an open relay for all such hosts.
In order to avoid surprises like these with
smtpd_recipient_restrictions, you should place non-recipient
restrictions AFTER the reject_unauth_destination restriction, not
before. In the above example, the HELO based restrictions should
be placed AFTER reject_unauth_destination, or better, the HELO
based restrictions should be placed under smtpd_helo_restrictions
where they can do no harm.
Postfix has several features that aid in SMTP access rule
testing:
soft_bounce
This is a safety net that changes
SMTP server REJECT actions into DEFER (try again later) actions.
This keeps mail queued that would otherwise be returned to the
sender. Specify "soft_bounce = yes" in the main.cf file to prevent
the Postfix SMTP server from rejecting mail permanently, by changing
all 5xx SMTP reply codes into 4xx.
warn_if_reject
This is a different safety net
that changes SMTP server REJECT actions into warnings. Instead of
rejecting a command, Postfix logs what it would reject. Specify
"warn_if_reject" in an SMTP access restriction list, before the
restriction that you want to test without actually rejecting mail.
XCLIENT
With this Postfix 2.1 feature, authorized
SMTP clients can impersonate other systems, so that you can do
realistic SMTP access rule tests. Examples of how to impersonate
other systems for access rule testing are given at the end of the
XCLIENT_README document.
@
1.1.1.1.2.1
log
@file SMTPD_ACCESS_README.html was added on branch netbsd-5 on 2009-09-15 06:02:23 +0000
@
text
@d1 368
@
1.1.1.1.2.2
log
@Apply patch (requested by tron in ticket #944):
Update Postfix to 2.6.5.
@
text
@a0 368
Postfix SMTP relay and access control
Postfix
SMTP relay and access control
Introduction
The Postfix SMTP server receives mail from the network and is
exposed to the big bad world of junk email and viruses. This document
introduces the built-in and external methods that control what SMTP
mail Postfix will accept, what mistakes to avoid, and how to test
your configuration.
In a distant past, the Internet was a friendly environment.
Mail servers happily forwarded mail on behalf of anyone towards
any destination. On today's Internet, spammers abuse servers that
forward mail from arbitrary systems, and abused systems end up on
anti-spammer blacklists. See, for example, the information on
http://www.mail-abuse.org/ and other websites.
By default, Postfix has a moderately restrictive approach to
mail relaying. Postfix forwards mail only from clients in trusted
networks, or to domains that are configured as authorized relay
destinations. For a description of the default policy, see the
smtpd_recipient_restrictions parameter in the postconf(5) manual
page, and the information that is referenced from there.
Most of the Postfix SMTP server access controls are targeted
at stopping junk email.
Protocol oriented: some SMTP server access controls block
mail by being very strict with respect to the SMTP protocol; these
catch poorly implemented and/or poorly configured junk email
software, as well as email worms that come with their own non-standard
SMTP client implementations. Protocol-oriented access controls
become less useful over time as spammers and worm writers learn to
read RFC documents.
Blacklist oriented: some SMTP server access controls
query blacklists with known to be bad sites such as open mail
relays, open web proxies, and home computers that have been
compromised and that are under remote control by criminals. The
effectiveness of these blacklists depends on how complete and how
up to date they are.
Threshold oriented: some SMTP server access controls attempt
to raise the bar by either making the client do more work (greylisting)
or by asking for a second opinion (SPF and sender/recipient address
verification). The greylisting and SPF policies are implemented
externally, and are the subject of the SMTPD_POLICY_README document.
Sender/recipient address verification is the subject of the
ADDRESS_VERIFICATION_README document.
Unfortunately, all junk mail controls have the possibility of
falsely rejecting legitimate mail. This can be a problem for sites
with many different types of users. For some users it is unacceptable
when any junk email slips through, while for other users the world
comes to an end when a single legitimate email message is blocked.
Because there is no single policy that is "right" for all users,
Postfix supports different SMTP access restrictions for different
users. This is described in the RESTRICTION_CLASS_README document.
Besides the restrictions that can be made configurable per
client or per user as described in the next section, Postfix
implements a few restrictions that apply to all SMTP mail.
The built-in header_checks and body_checks content
restrictions, as described in the BUILTIN_FILTER_README document.
This happens while Postfix receives mail, before it is stored in
the incoming queue.
The external before-queue content restrictions, as described
in the SMTPD_PROXY_README document. This happens while Postfix
receives mail, before it is stored in the incoming queue.
Requiring that the client sends the HELO or EHLO command
before sending the MAIL FROM or ETRN command. This may cause problems
with home-grown applications that send mail. For this reason, the
requirement is disabled by default ("smtpd_helo_required = no").
Disallowing illegal syntax in MAIL FROM or RCPT TO commands.
This may cause problems with home-grown applications that send
mail, and with ancient PC mail clients. For this reason, the
requirement is disabled by default ("strict_rfc821_envelopes =
no").
Disallowing addresses that are not enclosed with <>
(example: "MAIL FROM: dude@@example.com").
Rejecting mail from a non-existent sender address. This form
of egress filtering helps to slow down worms and other malware, but
may cause problems with home-grown software that sends out mail
software with an unreplyable address. For this reason the requirement
is disabled by default ("smtpd_reject_unlisted_sender = no").
Rejecting mail for a non-existent recipient address. This
form of ingress filtering helps to keep the mail queue free of
undeliverable MAILER-DAEMON messages. This requirement is enabled
by default ("smtpd_reject_unlisted_recipient = yes").
Postfix allows you to specify lists of access restrictions for
each stage of the SMTP conversation. Individual restrictions are
described in the postconf(5) manual page.
Examples of simple restriction lists are:
/etc/postfix/main.cf:
# Allow connections from trusted networks only.
smtpd_client_restrictions = permit_mynetworks, reject
# Don't talk to mail systems that don't know their own hostname.
# With Postfix < 2.3, specify reject_unknown_hostname.
smtpd_helo_restrictions = reject_unknown_helo_hostname
# Don't accept mail from domains that don't exist.
smtpd_sender_restrictions = reject_unknown_sender_domain
# Whitelisting: local clients may specify any destination domain.
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
# Block clients that speak too early.
smtpd_data_restrictions = reject_unauth_pipelining
# Enforce mail volume quota via policy service callouts.
smtpd_end_of_data_restrictions = check_policy_service unix:private/policy
Each restriction list is evaluated from left to right until
some restriction produces a result of PERMIT, REJECT or DEFER (try
again later). The end of the list is equivalent to a PERMIT result.
By placing a PERMIT restriction before a REJECT restriction you
can make exceptions for specific clients or users. This is called
whitelisting; the fourth example above allows mail from local
networks but otherwise rejects mail to arbitrary destinations.
The table below summarizes the purpose of each SMTP access
restriction list. All lists use the exact same syntax; they differ
only in the time of evaluation and in the effect of a REJECT or
DEFER result.
Early Postfix versions evaluated SMTP access restrictions lists
as early as possible. The client restriction list was evaluated
before Postfix sent the "220 $myhostname..." greeting banner to
the SMTP client, the helo restriction list was evaluated before
Postfix replied to the HELO (EHLO) command, the sender restriction
list was evaluated before Postfix replied to the MAIL FROM command,
and so on. This approach turned out to be difficult to use.
Current Postfix versions postpone the evaluation of client,
helo and sender restriction lists until the RCPT TO or ETRN command.
This behavior is controlled by the smtpd_delay_reject parameter.
Restriction lists are still evaluated in the proper order of (client,
helo, etrn) or (client, helo, sender, recipient, data, or end-of-data)
restrictions.
When a restriction list (example: client) evaluates to REJECT or
DEFER the other restriction lists (example: helo, sender, etc.)
are skipped.
Around the time that smtpd_delay_reject was introduced, Postfix
was also changed to support mixed restriction lists that combine
information about the client, helo, sender and recipient or etrn
command.
Benefits of delayed restriction evaluation, and of restriction
mixing:
Some SMTP clients do not expect a negative reply early in
the SMTP session. When the bad news is postponed until the RCPT TO
reply, the client goes away as it is supposed to, instead of hanging
around until a timeout happens, or worse, going into an endless
connect-reject-connect loop.
Postfix can log more useful information. For example, when
Postfix rejects a client name or address and delays the action
until the RCPT TO command, it can log the sender and the recipient
address. This is more useful than logging only the client hostname
and IP address and not knowing whose mail was being blocked.
Mixing is needed for complex whitelisting policies. For
example, in order to reject local sender addresses in mail from
non-local clients, you need to be able to mix restrictions on client
information with restrictions on sender information in the same
restriction list. Without this ability, many per-user access
restrictions would be impossible to express.
By now the reader may wonder why we need smtpd client, helo
or sender restrictions, when their evaluation is postponed until
the RCPT TO or ETRN command. Some people recommend placing ALL the
access restrictions in the smtpd_recipient_restrictions list.
Unfortunately, this can result in too permissive access. How is
this possible?
The purpose of the smtpd_recipient_restrictions feature is to
control how Postfix replies to the RCPT TO command. If the restriction
list evaluates to REJECT or DEFER, the recipient address is rejected;
no surprises here. If the result is PERMIT, then the recipient
address is accepted. And this is where surprises can happen.
Here is an example that shows when a PERMIT result can result
in too much access permission:
Line 5 rejects mail from hosts that don't specify a proper
hostname in the HELO command (with Postfix < 2.3, specify
reject_unknown_hostname). Lines 4 and 9 make an exception to
allow mail from some machine that announces itself with "HELO
localhost.localdomain".
The problem with this configuration is that
smtpd_recipient_restrictions evaluates to PERMIT for EVERY host
that announces itself as "localhost.localdomain", making Postfix
an open relay for all such hosts.
In order to avoid surprises like these with
smtpd_recipient_restrictions, you should place non-recipient
restrictions AFTER the reject_unauth_destination restriction, not
before. In the above example, the HELO based restrictions should
be placed AFTER reject_unauth_destination, or better, the HELO
based restrictions should be placed under smtpd_helo_restrictions
where they can do no harm.
Postfix has several features that aid in SMTP access rule
testing:
soft_bounce
This is a safety net that changes
SMTP server REJECT actions into DEFER (try again later) actions.
This keeps mail queued that would otherwise be returned to the
sender. Specify "soft_bounce = yes" in the main.cf file to prevent
the Postfix SMTP server from rejecting mail permanently, by changing
all 5xx SMTP reply codes into 4xx.
warn_if_reject
This is a different safety net
that changes SMTP server REJECT actions into warnings. Instead of
rejecting a command, Postfix logs what it would reject. Specify
"warn_if_reject" in an SMTP access restriction list, before the
restriction that you want to test without actually rejecting mail.
XCLIENT
With this Postfix 2.1 feature, authorized
SMTP clients can impersonate other systems, so that you can do
realistic SMTP access rule tests. Examples of how to impersonate
other systems for access rule testing are given at the end of the
XCLIENT_README document.
Postfix
SMTP relay and access control