head 1.47; access; symbols pkgsrc-2026Q1:1.47.0.2 pkgsrc-2026Q1-base:1.47 pkgsrc-2025Q4:1.45.0.6 pkgsrc-2025Q4-base:1.45 pkgsrc-2025Q3:1.45.0.4 pkgsrc-2025Q3-base:1.45 pkgsrc-2025Q2:1.45.0.2 pkgsrc-2025Q2-base:1.45 pkgsrc-2025Q1:1.43.0.4 pkgsrc-2025Q1-base:1.43 pkgsrc-2024Q4:1.43.0.2 pkgsrc-2024Q4-base:1.43 pkgsrc-2024Q3:1.39.0.4 pkgsrc-2024Q3-base:1.39 pkgsrc-2024Q2:1.39.0.2 pkgsrc-2024Q2-base:1.39 pkgsrc-2024Q1:1.37.0.4 pkgsrc-2024Q1-base:1.37 pkgsrc-2023Q4:1.37.0.2 pkgsrc-2023Q4-base:1.37 pkgsrc-2023Q3:1.35.0.4 pkgsrc-2023Q3-base:1.35 pkgsrc-2023Q2:1.35.0.2 pkgsrc-2023Q2-base:1.35 pkgsrc-2023Q1:1.33.0.2 pkgsrc-2023Q1-base:1.33 pkgsrc-2022Q4:1.32.0.2 pkgsrc-2022Q4-base:1.32 pkgsrc-2022Q3:1.31.0.2 pkgsrc-2022Q3-base:1.31 pkgsrc-2022Q2:1.30.0.2 pkgsrc-2022Q2-base:1.30 pkgsrc-2022Q1:1.29.0.4 pkgsrc-2022Q1-base:1.29 pkgsrc-2021Q4:1.29.0.2 pkgsrc-2021Q4-base:1.29 pkgsrc-2021Q3:1.28.0.4 pkgsrc-2021Q3-base:1.28 pkgsrc-2021Q2:1.28.0.2 pkgsrc-2021Q2-base:1.28 pkgsrc-2021Q1:1.26.0.4 pkgsrc-2021Q1-base:1.26 pkgsrc-2020Q4:1.26.0.2 pkgsrc-2020Q4-base:1.26 pkgsrc-2020Q3:1.25.0.4 pkgsrc-2020Q3-base:1.25 pkgsrc-2020Q2:1.25.0.2 pkgsrc-2020Q2-base:1.25 pkgsrc-2020Q1:1.21.0.6 pkgsrc-2020Q1-base:1.21 pkgsrc-2019Q4:1.21.0.8 pkgsrc-2019Q4-base:1.21 pkgsrc-2019Q3:1.21.0.4 pkgsrc-2019Q3-base:1.21 pkgsrc-2019Q2:1.21.0.2 pkgsrc-2019Q2-base:1.21 pkgsrc-2019Q1:1.19.0.4 pkgsrc-2019Q1-base:1.19 pkgsrc-2018Q4:1.19.0.2 pkgsrc-2018Q4-base:1.19 pkgsrc-2018Q3:1.17.0.2 pkgsrc-2018Q3-base:1.17 pkgsrc-2018Q2:1.16.0.2 pkgsrc-2018Q2-base:1.16 pkgsrc-2018Q1:1.14.0.4 pkgsrc-2018Q1-base:1.14 pkgsrc-2017Q4:1.14.0.2 pkgsrc-2017Q4-base:1.14 pkgsrc-2017Q3:1.11.0.4 pkgsrc-2017Q3-base:1.11 pkgsrc-2017Q2:1.10.0.2 pkgsrc-2017Q2-base:1.10 pkgsrc-2017Q1:1.8.0.2 pkgsrc-2017Q1-base:1.8 pkgsrc-2016Q4:1.6.0.4 pkgsrc-2016Q4-base:1.6 pkgsrc-2016Q3:1.6.0.2 pkgsrc-2016Q3-base:1.6 pkgsrc-2016Q2:1.5.0.2 pkgsrc-2016Q2-base:1.5 pkgsrc-2016Q1:1.4.0.4 pkgsrc-2016Q1-base:1.4 pkgsrc-2015Q4:1.4.0.2 pkgsrc-2015Q4-base:1.4 pkgsrc-2015Q3:1.1.0.2 pkgsrc-2015Q3-base:1.1; locks; strict; comment @# @; 1.47 date 2026.03.01.08.01.11; author taca; state Exp; branches; next 1.46; commitid kqGVeAQLPmYGifwG; 1.46 date 2026.01.07.08.47.49; author wiz; state Exp; branches; next 1.45; commitid 1wQ3ICD8eebefrpG; 1.45 date 2025.05.19.15.56.57; author taca; state Exp; branches; next 1.44; commitid J48eSBb04sBR7xVF; 1.44 date 2025.04.17.21.51.29; author wiz; state Exp; branches; next 1.43; commitid xcIXAVA292fk6sRF; 1.43 date 2024.12.07.07.03.59; author taca; state Exp; branches; next 1.42; commitid LgItCg95IS0NpxAF; 1.42 date 2024.11.14.22.20.39; author wiz; state Exp; branches; next 1.41; commitid JmuDYqwL4erbdFxF; 1.41 date 2024.11.01.12.53.23; author wiz; state Exp; branches; next 1.40; commitid QB4Wk02mZPuBuWvF; 1.40 date 2024.11.01.00.52.37; author wiz; state Exp; branches; next 1.39; commitid QT27BdVP362gvSvF; 1.39 date 2024.06.02.15.45.06; author taca; state Exp; branches; next 1.38; commitid BZqPD6JzxhPalqcF; 1.38 date 2024.05.29.16.33.24; author adam; state Exp; branches; next 1.37; commitid n8aFyEjEVZA0JUbF; 1.37 date 2023.12.22.17.29.18; author wiz; state Exp; branches; next 1.36; commitid 6b3zS8Qu49zQ9uRE; 1.36 date 2023.11.08.13.19.59; author wiz; state Exp; branches; next 1.35; commitid PsuHTklAIsF4bOLE; 1.35 date 2023.05.08.04.33.40; author triaxx; state Exp; branches; next 1.34; commitid ckdTFBoIJbbec7oE; 1.34 date 2023.04.19.08.10.43; author adam; state Exp; branches; next 1.33; commitid B8gCWhWtMX9vZGlE; 1.33 date 2023.01.28.09.28.30; author taca; state Exp; branches; next 1.32; commitid ePAeTvwSLpsD2ibE; 1.32 date 2022.11.23.16.20.34; author adam; state Exp; branches; next 1.31; commitid ju2K3LUYlTJKqQ2E; 1.31 date 2022.07.21.15.08.40; author taca; state Exp; branches; next 1.30; commitid 0wOD8w4PHTPW3MMD; 1.30 date 2022.04.18.19.11.34; author adam; state Exp; branches; next 1.29; commitid eC9Na3jrfOOUpIAD; 1.29 date 2021.12.08.16.05.30; author adam; state Exp; branches; next 1.28; commitid 2PyWjHx5T8rqARjD; 1.28 date 2021.06.02.15.29.57; author taca; state Exp; branches; next 1.27; commitid 0haljfqoMb4kuzVC; 1.27 date 2021.04.21.11.42.09; author adam; state Exp; branches; next 1.26; commitid fph0Axs0eT3az9QC; 1.26 date 2020.11.05.09.08.36; author ryoon; state Exp; branches; next 1.25; commitid VqGaBtHnBBcd5GuC; 1.25 date 2020.06.15.15.43.32; author taca; state Exp; branches; next 1.24; commitid rpfpcOXJZ4KdSkcC; 1.24 date 2020.06.02.08.24.15; author adam; state Exp; branches; next 1.23; commitid nisovMpvvZm3RCaC; 1.23 date 2020.04.26.09.33.26; author taca; state Exp; branches; next 1.22; commitid 54tum7ED52S4rS5C; 1.22 date 2020.04.12.08.28.56; author adam; state Exp; branches; next 1.21; commitid 7jZFLCnc3RCww44C; 1.21 date 2019.04.30.03.41.51; author taca; state Exp; branches; next 1.20; commitid sIzeaQDnjptS7klB; 1.20 date 2019.04.03.00.32.52; author ryoon; state Exp; branches; next 1.19; commitid pkuNrSZ2MZiLWPhB; 1.19 date 2018.12.15.16.35.23; author taca; state Exp; branches; next 1.18; commitid W7q0aH5lULyeMU3B; 1.18 date 2018.12.09.18.52.36; author adam; state Exp; branches; next 1.17; commitid Pdg91emznUBdJ93B; 1.17 date 2018.07.20.03.34.19; author ryoon; state Exp; branches; next 1.16; commitid 09Go9qhjDl36dPKA; 1.16 date 2018.05.21.14.49.47; author taca; state Exp; branches; next 1.15; commitid nAxAs9rxFrMySaDA; 1.15 date 2018.04.14.07.34.31; author adam; state Exp; branches; next 1.14; commitid OW5IgFIaJWdTEnyA; 1.14 date 2017.12.09.02.34.48; author taca; state Exp; branches; next 1.13; commitid iIBem96vnyXh3aiA; 1.13 date 2017.11.30.16.45.30; author adam; state Exp; branches; next 1.12; commitid 2LNaDKcCKaKZ25hA; 1.12 date 2017.10.13.17.14.23; author taca; state Exp; branches; next 1.11; commitid H5Nm4kkzCaltKUaA; 1.11 date 2017.09.18.09.53.26; author maya; state Exp; branches; next 1.10; commitid BMfpJecGogsW6F7A; 1.10 date 2017.04.24.20.12.28; author fhajny; state Exp; branches; next 1.9; commitid ktLHNwExi4LDgPOz; 1.9 date 2017.04.22.21.03.42; author adam; state Exp; branches; next 1.8; commitid FZEMSoU8Sj6ZBzOz; 1.8 date 2017.03.04.06.26.42; author taca; state Exp; branches; next 1.7; commitid phcHD2nHiXfXkcIz; 1.7 date 2017.01.21.23.49.02; author rillig; state Exp; branches; next 1.6; commitid QgHg8cTuP5r3sTCz; 1.6 date 2016.09.18.17.10.28; author taca; state Exp; branches; next 1.5; commitid BEk4oXUsnpjtgNmz; 1.5 date 2016.04.11.19.01.56; author ryoon; state Exp; branches; next 1.4; commitid mgqGURJPmT1r1f2z; 1.4 date 2015.10.10.01.58.12; author ryoon; state Exp; branches; next 1.3; commitid 78BsYZiClqZSgvEy; 1.3 date 2015.10.05.00.14.13; author taca; state Exp; branches; next 1.2; commitid Cznb19oiFBsvRQDy; 1.2 date 2015.10.05.00.05.31; author taca; state Exp; branches; next 1.1; commitid gtg9ws10BdOaOQDy; 1.1 date 2015.09.07.09.47.02; author fhajny; state Exp; branches 1.1.2.1; next ; commitid 42C2mmB9De5xViAy; 1.1.2.1 date 2015.10.06.18.41.34; author spz; state Exp; branches; next ; commitid q92HDKvb3mWqX4Ey; desc @@ 1.47 log @mail/postfix: update to 3.10.8 3.10.8 (2026-02-19) Fixes for all supported Postfix releases: * Improved Milter error handling for messages that arrive over a long-lived SMTP connection, by changing the default milter_default_action from "tempfail" to the new "shutdown" action (i.e. disconnect the remote SMTP client). The problem was that after a single Milter error, Postfix could tempfail all messages that the client sends over a long-lived connection, even if the Milter error was only temporary. This problem was reported by Ankit Kulkarni. * Bugfix (defect introduced: Postfix 2.11): "posttls-finger -v -v -v" terminated with a panic, caused by recursive logging. Reported by Geert Hendrickx, diagnosed by Viktor Dukhovni, and fixed by Wietse. @ text @# $NetBSD: Makefile,v 1.46 2026/01/07 08:47:49 wiz Exp $ COMMENT= Postfix SMTP server SQLite backend module POSTFIX_LIB= sqlite POSTFIX_LIBDIR= src/global POSTFIX_LIB_DICT= yes POSTFIX_LIB_MKMAP= no .include "../../mail/postfix/Makefile.module" CCARGS+= -I${BUILDLINK_PREFIX.sqlite3}/include AUXLIBS_MODULE= -L${BUILDLINK_PREFIX.sqlite3}/lib -lsqlite3 \ ${COMPILER_RPATH_FLAG}${BUILDLINK_PREFIX.sqlite3}/lib .include "../../databases/sqlite3/buildlink3.mk" .include "../../mk/bsd.pkg.mk" @ 1.46 log @*: recursive bump for icu 78.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.45 2025/05/19 15:56:57 taca Exp $ a3 1 PKGREVISION= 1 @ 1.45 log @mail/postfix: update to 3.10.2 Postfix 3.10.2 (2025-04-22) * Bugfix (defect introduced: date 19991116): when appending a setting to a main.cf or master.cf file that did not end in a newline character, the "postconf -e" command did not add an extra newline character before appending the new setting, causing information to become garbled. Fix by Michael Tokarev. * Bugfix (defect introduced: Postfix 2.3, date 20051222): the Dovecot auth client did not attempt to create a new connection after an I/O error on an existing connection. Reported by Oleksandr Kozmenko. * Improved and corrected error messages when converting (host or service) information to (symbolic text, numerical text, or binary) form. * Documentation: updated link to Dovecot documentation. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.44 2025/04/17 21:51:29 wiz Exp $ d4 1 @ 1.44 log @*: recursive bump for icu 77 and libxml2 2.14 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.43 2024/12/07 07:03:59 taca Exp $ a3 1 PKGREVISION= 1 @ 1.43 log @mail/postfix-sqlite: reset PKGREVISION Reset PKGREVISION during previous update. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.42 2024/11/14 22:20:39 wiz Exp $ d4 1 @ 1.42 log @*: recursive bump for icu 76 shlib major version bump @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.41 2024/11/01 12:53:23 wiz Exp $ a3 1 PKGREVISION= 3 @ 1.41 log @*: revbump for icu downgrade @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.40 2024/11/01 00:52:37 wiz Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.40 log @*: recursive bump for icu 76.1 shlib bump @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.39 2024/06/02 15:45:06 taca Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.39 log @Reset PKGREVISION along with updating postfix to 3.9.0. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.38 2024/05/29 16:33:24 adam Exp $ d4 1 @ 1.38 log @revbump after icu and protobuf updates @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.37 2023/12/22 17:29:18 wiz Exp $ a3 1 PKGREVISION= 1 @ 1.37 log @postfix*: update to 3.8.4 20230815 Bugfix (bug introduced: 20140218): when opportunistic TLS fails during or after the handshake, don't require that a probe message spent a minimum time-in-queue before falling back to plaintext. Problem reported by Serg. File: smtp/smtp.h. 20230819 Bugfix (defect introduced: 19980207): the valid_hostname() check in the Postfix DNS client library was blocking unusual but legitimate wildcard names (*.name) in some DNS lookup results and lookup requests. Examples: name class/type value *.one.example IN CNAME *.other.example *.other.example IN A 10.0.0.1 *.other.example IN TLSA ..certificate info... Such syntax is blesed in RFC 1034 section 4.3.3. This problem was reported first in the context of TLSA record lookups. Files: util/valid_hostname.[hc], dns/dns_lookup.c. 20230929 Bugfix (defect introduced Postfix 2.5, 20080104): the Postfix SMTP server was waiting for a client command instead of replying immediately, after a client certificate verification error in TLS wrappermode. Reported by Andreas Kinzler. File: smtpd/smtpd.c. 20231006 Usability: the Postfix SMTP server now attempts to log the SASL username after authentication failure. In Postfix logging, this appends ", sasl_username=xxx" after the reason for SASL authentication failure. The logging replaces an unavailable reason with "(reason unavailable)", and replaces an unavailable sasl_username with "(unavailable)". Based on code by Jozsef Kadlecsik. Files: xsasl/xsasl_server.c, xsasl/xsasl_cyrus_server.c, smtpd/smtpd_sasl_glue.c. 20231026 Bugfix (defect introduced: Postfix 2.11): in forward_path, the expression ${recipient_delimiter} would expand to an empty string when a recipient address had no recipient delimiter. Fixed by restoring Postfix 2.10 behavior to use a configured recipient delimiter value. Reported by Tod A. Sandman. Files: proto/postconf.proto, local/local_expand.c. 20231221 Security: with "smtpd_forbid_bare_newline = yes" (default "no" for Postfix < 3.9), reply with "Error: bare received" and disconnect when an SMTP client sends a line ending in , violating the RFC 5321 requirement that lines must end in . This prevents SMTP smuggling attacks that target a recipient at a Postfix server. For backwards compatibility, local clients are excluded by default with "smtpd_forbid_bare_newline_exclusions = $mynetworks". Files: mantools/postlink, proto/postconf.proto, global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h, smtpd/smtpd.c. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.36 2023/11/08 13:19:59 wiz Exp $ d4 1 @ 1.36 log @*: recursive bump for icu 74.1 @ text @d1 1 a1 2 # $NetBSD: Makefile,v 1.35 2023/05/08 04:33:40 triaxx Exp $ # a3 1 PKGREVISION= 1 @ 1.35 log @postfix-sqlite: Update to 3.8.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.34 2023/04/19 08:10:43 adam Exp $ d5 1 @ 1.34 log @revbump after textproc/icu update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.33 2023/01/28 09:28:30 taca Exp $ a4 1 PKGREVISION= 1 @ 1.33 log @mail/postfix: update to 3.7.4 Postfix 3.7.4 (2023-01-22) * Workaround: with OpenSSL 3 and later always turn on SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed opportunities for TLS session reuse. This is safe because the SMTP protocol implements application-level framing, and is therefore not affected by TLS truncation attacks. Fix by Viktor Dukhovni. * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound handles for digest implementations. In sufficiently hostile configurations, Postfix could mistakenly believe that a digest algorithm is available, and fail when it is not. A similar workaround may be needed for EVP_get_cipherbyname(). Fix by Viktor Dukhovni. * Bugfix (bug introduced in Postfix 2.11): the checkok() macro in tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate the argument only if there was no prior error. Found during code review. * Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation violation when postscreen_dnsbl_threshold < 1. It should reject such input with a fatal error instead. Discovered by Benny Pedersen. * Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions. Viktor Dukhovni. * Portability: Linux 6 support. * Added missing documentation that cidr:, pcre: and regexp: tables support inline specification only in Postfix 3.7 and later. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.32 2022/11/23 16:20:34 adam Exp $ d5 1 @ 1.32 log @massive revision bump after textproc/icu update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.31 2022/07/21 15:08:40 taca Exp $ a4 1 PKGREVISION= 1 @ 1.31 log @mail/postfix: update to 3.7.2 3.7.0 (2022-02-07) * Support to inline the content of small cidr:, pcre:, and regexp: tables in Postfix parameter values. An example is the new smtpd_forbidden_commands default value, "CONNECT GET POST regexp:{{/^[^A-Z]/ Thrash}}", to quickly drop connections from clients that send garbage. * To make the maillog_file feature more useful, including stdout logging from a container, the postlog(1) command is now set-gid postdrop, so that unprivileged programs can use it to write logging through the postlogd(8) daemon. This required hardening the postlog(1) command against privilege escalation attacks. * Support for library APIs: OpenSSL 3.0.0, PCRE2, Berkeley DB 18. * Postfix programs now randomize the initial state of in-memory hash tables, to defend against hash collision attacks involving a large number of attacker-chosen lookup keys. Presently, the only known opportunity for such attacks involves remote SMTP client IPv6 addresses in the anvil(8) service, and requires making hundreds of short-lived connections per second while cycling through thousands of different client IP addresses. * Updated defense against remote clients or servers that 'trickle' SMTP or LMTP traffic. This replaces the old per-record deadlines with per-request deadlines and minimum data rates. * Many typofixes by raf and Wietse. 3.7.1 (2022-04-18) * (problem introduced: Postfix 2.7) The milter_header_checks maps are now opened before the cleanup(8) server enters the chroot jail. Problem reported by Jesper Dybdal. * In an internal client module, "host or service not found" was a fatal error, causing the milter_default_action setting to be ignored. It is now a non-fatal error, just like a failure to connect. Problem reported by Christian Degenkolb. * The proxy_read_maps default value was missing up to 27 parameter names. The corresponding lookup tables were not automatically authorized for use with the proxymap(8) service. The parameter names were ending in _checks, _reply_footer, _reply_filter, _command_filter, and _delivery_status_filter. * (problem introduced: Postfix 3.0) With dynamic map loading enabled, an attempt to create a map with "postmap regexp:path" would result in a bogus error message "Is the postfix-regexp package installed?" instead of "unsupported map type for this operation". This happened with all non-dynamic map types (static, cidr, etc.) that have no 'bulk create' support. Problem reported by Greg Klanderman. * In PCRE_README, "pcre2 --libs" should be "pcre2 --libs8". Problem reported by Carlos Velasco. * Documented in the postlogd(8) daemon manpage that the Postfix >= 3.7 postlog(1) command can run with setgid permissions. 3.7.2 (2022-04-28) This reverts an overly complex change in the postscreen SMTP engine (made during Postfix 3.7 development), and replaces it with much simpler code. The bad change was crashing postscreen on some systems after receiving malformed input (for example, a TLS "hello" message). @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.30 2022/04/18 19:11:34 adam Exp $ d5 1 @ 1.30 log @revbump for textproc/icu update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.29 2021/12/08 16:05:30 adam Exp $ a4 1 PKGREVISION= 2 @ 1.29 log @revbump for icu and libffi @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.28 2021/06/02 15:29:57 taca Exp $ d5 1 a5 1 PKGREVISION= 1 @ 1.28 log @mail/postfix: update to 3.6.0 Postfix stable release 3.6.0 is available. This ends the support for legacy release Postfix 3.2. The main changes are below. See the RELEASE_NOTES file for further details. Incompatible changes: * This release requires "postfix stop" before updating, or before backing out to an earlier release, because some internal protocols have changed. Otherwise, long-running daemons (pickup, qmgr, verify, tlsproxy, postscreen) may fail to communicate with the rest of Postfix, causing mail delivery delays until Postfix is restarted. * Respectful logging. Postfix version 3.6 deprecates terminology that implies white is better than black. Instead, Postfix prefers 'allowlist', 'denylist', and variations on those words. This change affects Postfix documentation, and postscreen parameters and logging. To keep the old postscreen logging set "respectful_logging = no" in main.cf before setting "compatibility_level = 3.6". In any case, the old postscreen parameter names will keep working as before. Other changes: * The minimum supported OpenSSL version is 1.1.1, which will reach the end of life by 2023-09-11. Postfix 3.6 is expected to reach the end of support in 2025. Until then, Postfix will be updated as needed for compatibility with OpenSSL. The default fingerprint digest has changed from md5 to sha256 (Postfix 3.6 with compatibility_level >= 3.6). With a lower compatibility_level setting, Postfix defaults to using md5, and logs a warning when a Postfix configuration specifies no explicit digest type. The export-grade Diffie-Hellman key exchange is no longer supported, and the tlsproxy_tls_dh512_param_file parameter is ignored, * Better error messages when someone configures an incorrect program in master.cf. To recognize such mistakes, every Postfix internal service, including the postdrop command, announces the name of its protocol before doing any other I/O, and every Postfix client program, including the Postfix sendmail command, will verify that the protocol name matches what it expects. * Fine-grained control over the envelope sender address for submission with the Postfix sendmail (or postdrop) commands. Example: /etc/postfix/main.cf: # Allow root and postfix full control, anyone else can only # send mail as themselves. Use "uid:" followed by the numerical # UID when the UID has no entry in the UNIX password file. local_login_sender_maps = inline:{ { root = *}, { postfix = * } }, pcre:/etc/postfix/login_senders /etc/postfix/login_senders: # Allow both the bare username and the user@@domain forms. /(.+)/ $1 $1@@example.com * Threaded bounces. This allows mail readers to present a non-delivery, delayed delivery, or successful delivery notification in the same email thread as the original message. Unfortunately, this also makes it easy for users to mistakenly delete the whole email thread (all related messages), instead of deleting only the delivery status notification. To enable, specify "enable_threaded_bounces = yes". * Postfix by default no longer uses the services(5) database to look up the TCP ports for SMTP and LMTP services. Instead, this information is configured with the new known_tcp_ports configuration parameter (default: lmtp=24, smtp=25, smtps=submissions=465, submission=587). When a service is not specified in known_tcp_ports, Postfix will still query the services(5) database. * Starting with Postfix version 3.6, the compatibility level is "3.6". In future Postfix releases, the compatibility level will be the Postfix version that introduced the last incompatible change. The level is formatted as 'major.minor.patch', where 'patch' is usually omitted and defaults to zero. Earlier compatibility levels are 0, 1 and 2. This also introduces main.cf and master.cf support for the <=level, < level, and other operators to compare compatibility levels. With the standard <=, <, etc. operators, compatibility level 3.10 would be less than 3.9, which is undesirable. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.27 2021/04/21 11:42:09 adam Exp $ d5 1 @ 1.27 log @revbump for textproc/icu @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.26 2020/11/05 09:08:36 ryoon Exp $ a4 1 PKGREVISION= 2 @ 1.26 log @*: Recursive revbump from textproc/icu-68.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.25 2020/06/15 15:43:32 taca Exp $ d5 1 a5 1 PKGREVISION= 1 @ 1.25 log @mail/postfix: update to 3.5.3 Update postfix and related pacakges to 3.5.3. Quote freom release announce. Postfix 3.5.3, 3.4.13: * TLS handshake failure in the Postfix SMTP server during SNI processing, after the server-side TLS engine sent a TLSv1.3 HelloRetryRequest (HRR) to a remote SMTP client. Reported by J??n M??t??, fixed by Viktor Dukhovni. Postfix versions 3.5.3, 3.4.13, 3.3.11, 3.2.16: * The command "postfix tls deploy-server-cert" did not handle a missing optional argument. This bug was introduced in Postfix 3.1. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.24 2020/06/02 08:24:15 adam Exp $ d5 1 @ 1.24 log @Revbump for icu @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.23 2020/04/26 09:33:26 taca Exp $ a4 1 PKGREVISION= 1 @ 1.23 log @mail/postfix: update to 3.5.1 Update postfix to 3.5.1. 3.5.0 (2020-03-16) Postfix stable release 3.5.0 is available. Support has ended for legacy release Postfix 3.1. The main changes are below. See the RELEASE_NOTES file for further details. * Support for the haproxy v2 protocol. The Postfix implementation supports TCP over IPv4 and IPv6, as well as non-proxied connections; the latter are typically used for heartbeat tests. * Support to force-expire email messages. This introduces new postsuper(1) command-line options to request expiration, and additional information in mailq(1) or postqueue(1) output. * The Postfix SMTP and LMTP client support a list of nexthop destinations separated by comma or whitespace. These destinations will be tried in the specified order. Examples: /etc/postfix/main.cf: relayhost = foo.example, bar.example default_transport = smtp:foo.example, bar.example Incompatible changes: * Logging: Postfix daemon processes now log the from= and to= addresses in external (quoted) form in non-debug logging (info, warning, etc.). This means that when an address localpart contains spaces or other special characters, the localpart will be quoted, for example: from=<"name with spaces"@@example.com> Specify "info_log_address_format = internal" for backwards compatibility. * Postfix now normalizes IP addresses received with XCLIENT, XFORWARD, or with the HaProxy protocol, for consistency with direct connections to Postfix. This may change the appearance of logging, and the way that check_client_access will match subnets of an IPv6 address. 3.5.1 (2020-04-20) Postfix versions 3.5.1, 3.4.11, 3.3.9, 3.2.14: * Bitrot workaround for broken builds after an incompatible change in GCC 10. * Bitrot workaround for broken DANE/DNSSEC support after an incompatible change in GLIBC 2.31. This change avoids the need for new options in /etc/resolv.conf. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.22 2020/04/12 08:28:56 adam Exp $ d5 1 @ 1.22 log @Recursive revision bump after textproc/icu update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.21 2019/04/30 03:41:51 taca Exp $ a4 1 PKGREVISION= 1 @ 1.21 log @mail/postfix: update to 3.3.3 This announcement concerns fixes for problems that were introduced with Postfix 3.0 and later. This is the final update for Postfix 3.0. Fixed in Postfix 3.3 and later: * When the master daemon runs with PID=1 (init mode), it will now reap child processes from non-Postfix code running in the same container, instead of terminating with a panic. Reported by Tamas Gerczei. Fixed in Postfix 3.0 and later: * With smtputf8_enable=yes, table lookups could casefold the search string when searching a lookup table that does not use fixed-string keys (regexp, pcre, tcp, etc.). * With the posttls-finger test program, connections to unix-domain servers always resulted in "Failed to establish session" even after a connection was established. Reported by Jaroslav Skarva. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.20 2019/04/03 00:32:52 ryoon Exp $ d5 1 @ 1.20 log @Recursive revbump from textproc/icu @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.19 2018/12/15 16:35:23 taca Exp $ a4 1 PKGREVISION= 1 @ 1.19 log @mail/postfix: update to 3.3.2 Changes for all supported stable releases: * Support for OpenSSL 1.1.1, and support for TLSv1.3-specific features. - Updated Postfix TLS documentation examples for TLSv1.3. See FORWARD_SECRECY_README. - New TLSv1.3-specific attributes in Postfix logging and in Postfix "Received:" message headers: key exchange, server signature, client signature. - New option to selectively disable TLSv1.3 in *_tls_protocols settings. - New server-side support to avoid issuing multiple session tickets. - New support to allow OpenSSL >= 1.1.0 run-time micro version bumps without logging Postfix warnings about library version mismatches. Fixed in all stable releases: * Bugfix: smtpd_discard_ehlo_keywords could not disable "SMTPUTF8", because some lookup table was using "EHLO_MASK_SMTPUTF8" instead. * Bugfix: minor memory leak in DANE support when minting issuer certs. This affects a tiny minority of use cases. Fixed in Postfix 3.3.2: * Bugfix: the Postfix build did not abort if the m4 command was not installed, resulting in a broken postconf command. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.18 2018/12/09 18:52:36 adam Exp $ d5 1 @ 1.18 log @revbump after updating textproc/icu @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.17 2018/07/20 03:34:19 ryoon Exp $ a4 1 PKGREVISION= 2 @ 1.17 log @Recursive revbump from textproc/icu-62.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.16 2018/05/21 14:49:47 taca Exp $ d5 1 a5 1 PKGREVISION= 1 @ 1.16 log @mail/postfix: update to 3.3.1 [An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.3.1.html] Fixed in Postfix 3.3: * Postfix did not support running as a PID=1 process, which complicated Postfix deployment in containers. The "postfix start-fg" command will now run the Postfix master daemon as a PID=1 process if possible. Thanks for inputs from Andreas Schulze, Eray Aslan, and Viktor Dukhovni. * Segfault in the postconf(1) command after it could not open a Postfix database configuration file due to a file permission error (dereferencing a null pointer). Reported by Andreas Hasenack, fixed by Viktor Dukhovni. Fixed in Postfix 3.3, 3.2, 3.1, 3.0: * The luser_relay feature became a black hole, when the luser_relay parameter was set to a non-existent local address (i.e. mail disappeared silently). Reported by J?rgen Thomsen. * Missing error propagation in the tlsproxy(8) daemon could result in a segfault after TLS handshake error (dereferencing a 0xffff...ffff pointer). This daemon handles the TLS protocol when a non-whitelisted client sends a STARTTLS command to postscreen(8). @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.15 2018/04/14 07:34:31 adam Exp $ d5 1 @ 1.15 log @revbump after icu update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.14 2017/12/09 02:34:48 taca Exp $ a4 1 PKGREVISION= 1 @ 1.14 log @mail/postfix: Update to 3.2.4 [An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.2.4.html] This announcement concerns fixes for problems that were introduced with Postfix 3.0 and later. Older supported releases are unaffected. Fixed in Postfix 3.1 and later: * DANE interoperability. Postfix builds with OpenSSL 1.0.0 or 1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS records associated with an intermediate CA certificate. Problem report and initial fix by Erwan Legrand. Fixed in Postfix 3.0 and later: * Missing dynamicmaps support in the Postfix sendmail command. This broke authorized_submit_users settings that use a dynamically-loaded map type. Problem reported by Ulrich Zehl. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.13 2017/11/30 16:45:30 adam Exp $ d5 1 @ 1.13 log @Revbump after textproc/icu update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.12 2017/10/13 17:14:23 taca Exp $ a4 1 PKGREVISION= 1 @ 1.12 log @mail/postfix-sqlite: reset PKGREVISION reset PKGREVISION along with updating to 3.2.3. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.11 2017/09/18 09:53:26 maya Exp $ d5 1 @ 1.11 log @revbump for requiring ICU 59.x @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.10 2017/04/24 20:12:28 fhajny Exp $ a4 1 PKGREVISION= 1 @ 1.10 log @Reset PKGREVISION post-update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.9 2017/04/22 21:03:42 adam Exp $ d5 1 @ 1.9 log @Revbump after icu update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.8 2017/03/04 06:26:42 taca Exp $ a4 1 PKGREVISION= 1 @ 1.8 log @Reset PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7 2017/01/21 23:49:02 rillig Exp $ d5 1 @ 1.7 log @Fixed PKGREVISION to be only defined directly in the package Makefile. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2016/09/18 17:10:28 taca Exp $ a3 1 PKGREVISION= 1 @ 1.6 log @Update postfix to 3.1.2. 3.1.0 The main changes in no particular order are: * "postfix tls" command to simplify setup of opportunistic TLS, and to simplify SMTP server key/certificate management. * Positive and negative DNS reply TTL support in postscreen(8). * SASL AUTH rate limit in the Postfix SMTP server. * A safety limit on the number of address verify requests. * JSON-format Postfix queue listing. * Destination-independent delivery rate delay For details, see the RELEASE_NOTES file. 3.1.1 Fixed in all supported releases: * The Milter "replace sender" (SMFIR_CHGFROM) request lost an address that was added with sender_bcc_maps, resulting in a "rcpt count mismatch" warning. Reported by Joerg Backschues. This defect was introduced with Postfix 2.6. * The "bad filetype" example in the header_checks(5) manpage falsely rejected Content- headers with ``name="example"; x-apple-part-url="example.com"''. Reported by Cedric Knight. This defect was introduced with Postfix 2.6. 3.1.2 Fixed with Postfix 3.1.2: * Changes to make Postfix build with OpenSSL 1.1.0. Fixed with Postfix 3.1.2 and 3.0.6: * The makedefs script ignored readme_directory=pathname overrides. Fix by Todd C. Olson. * The tls_session_ticket_cipher documentation says that the default cipher for TLS session tickets is aes-256-cbc, but the implemented default was aes-128-cbc. Note that TLS session ticket keys are rotated after 1/2 hour, to limit the impact of attacks on session ticket keys. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 2016/04/11 19:01:56 ryoon Exp $ d4 1 @ 1.5 log @Recursive revbump from textproc/icu 57.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.4 2015/10/10 01:58:12 ryoon Exp $ a3 1 PKGREVISION= 3 @ 1.4 log @Recursive revbump from textproc/icu @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 2015/10/05 00:14:13 taca Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.3 log @Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2015/10/05 00:05:31 taca Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.2 log @Link with corect rpath. Fix PR pkg/50299. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1 2015/09/07 09:47:02 fhajny Exp $ d4 1 @ 1.1 log @Update mail/postfix to 3.0.2. Database and regexp map functionality is now split into separate packages: - postfix-cdb - postfix-ldap - postfix-lmdb - postfix-mysql - postfix-pcre - postfix-pgsql - postfix-sqlite Upstream changelog follows. Postfix 3.0.2 ------------- No delta against 2.11.6. Postfix 3.0.1 ------------- - Build error when compiling the Postfix SMTP server with SASL support but no TLS support. - The DNS "resource record to text" converter, used for xxx_dns_reply_filter pattern matching, appended a '.' to TXT record resource values. - The postscreen(8) manpage specified an incorrect Postfix version number for the postscreen_dnsbl_timeout parameter. - The postfix-install script expanded macros in parameter values when trying to detect parameter overrides, causing unnecessary main.cf updates during "postfix start" etc. - Some low-level cleanup of UTF-8 string handling with no visible change in behavior (besides better performance). Postfix 3.0.0 ------------- - SMTPUTF8 support for internationalized domain names and address localparts as defined in RFC 6530 and related documents. - Support for Postfix dynamically-linked libraries and database plugins. - An OPT-IN safety net for the selective adoption of new Postfix default settings. If you do nothing, the old Postfix default settings *should* remain in effect (complain to your downstream maintainer if that is not the case). - Support for operations on multiple lookup tables. The pipemap:{map1,map2...} database type implements a pipeline of lookup tables where the result from one lookup table becomes a query for the next table; the unionmap:{map1,map2,...} database type sends the @ text @d1 1 a1 1 # $NetBSD$ d15 1 a15 1 ${COMPILER_RPATH_FLAG}${BUILDLINK_PREFIX.}/lib @ 1.1.2.1 log @Pullup ticket #4833 - requested by taca mail/postfix-lmdb: build fix mail/postfix-mysql: build fix mail/postfix-pcre: build fix mail/postfix-pgsql: build fix mail/postfix-sqlite: build fix Revisions pulled up: - mail/postfix-lmdb/Makefile 1.1-1.3 - mail/postfix-mysql/Makefile 1.1-1.3 - mail/postfix-pcre/Makefile 1.1-1.3 - mail/postfix-pgsql/Makefile 1.1-1.3 - mail/postfix-sqlite/Makefile 1.1-1.3 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Mon Oct 5 00:05:31 UTC 2015 Modified Files: pkgsrc/mail/postfix-lmdb: Makefile pkgsrc/mail/postfix-mysql: Makefile pkgsrc/mail/postfix-pcre: Makefile pkgsrc/mail/postfix-pgsql: Makefile pkgsrc/mail/postfix-sqlite: Makefile Log Message: Link with corect rpath. Fix PR pkg/50299. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/postfix-lmdb/Makefile cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/postfix-mysql/Makefile cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/postfix-pcre/Makefile cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/postfix-pgsql/Makefile cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/postfix-sqlite/Makefile ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Mon Oct 5 00:14:13 UTC 2015 Modified Files: pkgsrc/mail/postfix-lmdb: Makefile pkgsrc/mail/postfix-mysql: Makefile pkgsrc/mail/postfix-pcre: Makefile pkgsrc/mail/postfix-pgsql: Makefile pkgsrc/mail/postfix-sqlite: Makefile Log Message: Bump PKGREVISION. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/postfix-lmdb/Makefile cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/postfix-mysql/Makefile cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/postfix-pcre/Makefile cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/postfix-pgsql/Makefile cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/postfix-sqlite/Makefile @ text @a3 1 PKGREVISION= 1 d15 1 a15 1 ${COMPILER_RPATH_FLAG}${BUILDLINK_PREFIX.sqlite3}/lib @