Postfix

Postfix updated to 2.9.4

A small update to incorporate changes also made in 2.10, I’ve installed this on my machine without a problem. However you are going to see a ton of warnings when compiling this baby. They are all about having a /* within comment section. The warnings will contain the following part:

warning: '/*' within block comment [-Wcomment]

You can ignore these, I’ve did some test and did not notice any problem in sending and receiving mail in my setup. The changes are:

  • The local(8) delivery agent’s BIFF client leaked an unprivileged UDP socket. Fix by Jaroslav Skarvada. This bug was introduced 19990127.
  • The SMTP server did not reject the AUTH command while a MAIL FROM transaction was in progress. Reported by Timo Sirainen. This bug was introduced 20000314.
  • The unused “pass” trigger client could close the wrong file descriptors. This bug was introduced with Postfix 2.8.

Postfix updated to 2.9.3

A small update on Postfix which will solve some SSL problems which you might have had. All the issues solved are:

  • OpenSSL related (all supported Postfix versions).
    • Some people have reported program crashes when the OpenSSL library was updated while Postfix was accessing the Postfix TLS session cache. To avoid this, the Postfix TLS session cache ID now includes the OpenSSL library version number. This cache ID is not shared via the network.
    • The OpenSSL workaround introduced with the previous stable and legacy releases did not compile with older gcc compilers. These compilers can’t handle #ifdef inside a macro invocation (NOT: definition).
  • The postconf command flagged parameter “-o name=value” settings in master.cf as “unused” when those settings were used only in main.cf. Problem reported by Michael Tokarev.
  • To avoid repeated warnings from postscreen(8) with “connect to private/dnsblog service: Connection refused” on FreeBSD, the dnsblog(8) daemon now uses the single_server program driver instead of the multi_server driver. This one-line code change has no performance impact for other systems, and eliminates a high-frequency accept() race on a shared socket that appears to cause trouble on FreeBSD. The same single_server program driver has proven itself for many years in smtpd(8). Problem reported by Sahil Tandon.

Postfix updated to 2.9.1

Postfix got updated quite quickly after the 2.9.0 release with 2 small bug fixes.

  • The “change header” Milter request could replace the wrong header. A long header name could match a shorter one, because a length check was done on the wrong string. Reported by Vladimir Vassiliev. This was introduced with Postfix 2.3.
  • “sendmail -bs” segfault, due to a missing guard statement after an smtpd_check_rewrite() call was moved closer to the command processor loop. Fix by Bartek Szady. This was introduced 20111219 near the end of the 2.9 development cycle.

From the earlier stable release 2.9.0, the main changes in no particular order are:

  • Support for long, non-repeating, queue IDs (queue file names). The main benefit of non-repeating names is simpler logfile analysis. See the description of “enable_long_queue_ids” in postconf(5) for details.
  • Memcache client support, and support to share postscreen(8) and verify(8) caches via the proxymap server. Details about memcache support are in memcache_table(5) and MEMCACHE_README.
  • Gradual degradation: if a database is unavailable (can’t open, most read or write errors) a Postfix daemon will log a warning and continue providing the services that don’t depend on that table, instead of immediately terminating with a fatal error. To terminate immediately when a database file can’t be opened, specify “daemon_table_open_error_is_fatal = yes”.
  • Revised postconf(1) command. It warns about unused parameter name=value settings in main.cf or master.cf (likely mistakes), understands “dynamic” parameter names such as names that depend on the name of a master.cf entry (finally, “postconf -n” shows all parameter settings), and it can display main.cf and master.cf in a more user-friendly format (postconf -nf, postconf -Mf).
  • Read/write deadline support in the SMTP client and server to defend against application-level DOS attacks that very slowly write or read data one byte at a time.

I’ve tested it and running it on my servers without any problems.

Too much at once

I feel the need to ask for patience as this week we got bombarders by a lot of updates. Dovecot did a major upgrade to 2.1, Apache released a major upgrade to 2.4, postfix released 2.9.1 a small bugfix and MySQL released 5.5.21.

I need to compile, test and adjust everything where necessary and as you might understand with major upgrade there is more going on then just a compile, run and test. There are new configuration options to be evaluated and older ones deprecated that might need a new one or a workaround for lost functionality.

So I’m working on it but it take a bit longer then usual…

Postfix updated to 2.8.7

Here is a new version of Postfix, just released and I’ve got it tested on Snow Leopard and Lion on my test and production machines. This release contains a workaround for a problem that is fixed in Postfix 2.9.

  • The postscreen daemon, which is not enabled by default, sent non-compliant SMTP responses (220- followed by 421) when it could not give a connection to a real smtpd process. These responses caused some remote SMTP clients to return mail as undeliverable.

    The workaround is to hang up after sending 220- without sending the 421 “sorry” reply; this is harmless.

    The complete fix involves too much change for a stable release: send the 220 greeting, wait for the EHLO command, then send the 421 “sorry” reply and hang up.

Howto upgrade postfix.

Next Page »