Postfix

Wietse just released a quick update on the just released 2.4.2, it looks like the 2.4.2 release introduced a compiler bug on some platforms which was easily fixed. The bugs solved in this last release where:

  • 20070425
    Bugfix: don’t falsely report “lost connection from localhost[127.0.0.1]” when Postfix is being portscanned. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.
  • 20070430
    Robustness: recommend a “0″ process limit for policy servers to avoid “connection refused” problems when the smtpd process limit exceeds the default process limit. File: proto/SMTPD_POLICY_README.html.
  • 20070501
    Safety: when IPv6 (or IPv4) is turned off, don’t treat an IPv6 (or IPv4) connection from e.g. inetd as if it comes from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.
  • 20070508
    Bugfix: Content-Transfer-Encoding: attribute values are case insensitive. File: src/cleanup/cleanup_message.c.
  • 20070514
    Bugfix: mailbox_transport(_maps) and fallback_transport(_maps) were broken when used with the error(8) or discard(8) transports. Cause: insufficient documentation. Files: error/error.c, discard/discard.c.
  • 20070520
    Bugfix (problem introduced Postfix 2.3): when DSN support was introduced it broke “agressive” recipient duplicate elimination with “enable_original_recipient = no”. File: cleanup/cleanup_out_recipient.c.
  • 20070529
    Bugfix (introduced Postfix 2.3): the sendmail/postdrop commands would hang when trying to submit a message larger than the per-message size limit. File: postdrop/postdrop.c.
  • 20070530
    Sabotage the saboteur who insists on breaking Postfix by adding gethostbyname() calls that cause maildir delivery to fail when the machine name is not found in /etc/hosts, or that cause Postfix processes to hang when the network is down.
  • 20070531
    Portability: Victor helpfully pointed out that change 20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.

If you have no issues currently and all is working fine, there is no real need to upgrade. If it ain’t broke, don’t fix it.

no comments

I’ve finaly gotten around to update and test my own installations of Postfix 2.4.0. It all works as promised and nothing has to be changed to get it working. Just follow the install instructions with the nex source and you’ll be up and running in no time. Here is a list of the major changes been made to this version:

  • Postfix can now manage thousands of connections without needing
    special main.cf, master.cf, or compile-time tweaks, on systems with BSD kqueue, Solaris /dev/poll, or Linux epoll support.
  • Milter support for message body replacement. The resulting queue
    files are backwards compatible with Postfix 2.3. The existing Milter
    support for message header manipulations was revised and is now
    implemented by much simpler code.
  • Minor improvements in TLS session cache management and in the
    implementation of certificate fingerprint based authentication. A
    more extensive revision of TLS internals will appear first in Postfix
    2.5 snapshots.
  • Improvements in queue manager performance when deferring large
    amounts of mail, or when delivering mail with lots of recipients.
  • Workarounds for SMTP servers that reply and hang up prematurely,
    for file system clocks that are out of sync, and for broken kernel
    lock management in POP servers.

One that is very good is that you no longer need to enter a valid domain name for myhostname in main.cf. Which confused many people and was difficult to use for people.

no comments

During my week of absence it looks like there happened a lot. Postfix got a new major release bringing it to 2.4.0 and Courier authlib got an update bringing it to 0.59.2. I haven’t looked at the releases themselves but I will test them this week to see if these releases can be used without breaking anything in our current configuration.

Another thing I’m glad to notice is that there is some movement in the development of Dspam. It’s been rather quiet the last few months but Jonathan Zdziarski has released version 3.8.0 from 3.6.8. Mostly because of a lot of new features. I haven’t tried it myself but the user mailinglist is buzzing with positive results. It is however an unofficial release and he hopes he can announce something really positive in the time to come that will really move the project forward. Can’t wait to find out what that will be…

I will post my findings on Postfix and Courier Authlib as soon as possible. Dspam will take a bit longer as it is more complex and I need time for other stuff as well, sorry…

no comments

Just got an email from the Postfix announcement mailinglist telling me that Wietse has released another update. It fixes minor problems and introduces one incompatibility.

  • postmap support for NIS maps was broken with Postfix 2.3.
  • Workaround to avoid breaking digital signatures for malformed MIME attachments.
  • Incorrect handling of ![address] forms in match lists. such as mynetworks, inet_interfaces etc.

from the announcement:

Incompatible changes with Postfix 2.3.7:
Postfix no longer inserts an empty-line header/body separator into malformed MIME attachments, to avoid breaking digital signatures.

This change introduces ambiguity. Postfix still treats the remainder of the attachment as body content; header_checks rules will therefore not detect forbidden MIME types inside a message/rfc822 attachment.

With the empty-line header/body separator no longer inserted by Postfix, other software may process the malformed attachment differently, and thus may become exposed to forbidden MIME types.

I see no problems in our setup for Postfix as we don’t do any header_checks inside Postfix, we only do that in DSpam and that is not affected as far as I can tell.

Comments Off

« Previous Page