#
2e5cb688 |
| 06-Jul-2014 |
tron <tron@NetBSD.org> |
Import Postfix 2.11.1. The main changes since version 2.10.* are: - Support for PKI-less TLS server certificate verification with DANE (DNS-based Authentication of Named Entities) where the CA publ
Import Postfix 2.11.1. The main changes since version 2.10.* are: - Support for PKI-less TLS server certificate verification with DANE (DNS-based Authentication of Named Entities) where the CA public key or the server certificate is identified via DNSSEC lookup. This requires a DNS resolver that validates DNSSEC replies. The problem with conventional PKI is that there are literally hundreds of organizations world-wide that can provide a certificate in anyone's name. DANE limits trust to the people who control the target DNS zone and its parent zones. - A new postscreen_dnsbl_whitelist_threshold feature to allow clients to skip postscreen tests based on their DNSBL score. This can eliminate email delays due to "after 220 greeting" protocol tests, which otherwise require that a client reconnects before it can deliver mail. Some providers such as Google don't retry from the same IP address, and that can result in large email delivery delays. - The recipient_delimiter feature now supports different delimiters, for example both "+" and "-". As before, this implementation recognizes exactly one delimiter character per email address, and exactly one address extension per email address. - Advanced master.cf query/update support to access service attributes as "name = value" pairs. For example to turn off chroot on all services use "postconf -F '*/*/chroot = n'", and to change/add a "-o name=value" setting use "postconf -P 'smtp/inet/name = value'". This was developed primarily to allow automated tools to manage Postfix systems without having to parse Postfix configuration files.
show more ...
|
#
e694ac3b |
| 02-Jan-2013 |
tron <tron@NetBSD.org> |
Import Postfix 2.9.5. Major changes since version 2.8.x: - Support for long, non-repeating, queue IDs (queue file names). The main benefit of non-repeating names is simpler logfile analysis. See
Import Postfix 2.9.5. Major changes since version 2.8.x: - Support for long, non-repeating, queue IDs (queue file names). The main benefit of non-repeating names is simpler logfile analysis. See the description of "enable_long_queue_ids" in postconf(5) for details. - Memcache client support, and support to share postscreen(8) and verify(8) caches via the proxymap server. Details about memcache support are in memcache_table(5) and MEMCACHE_README. - Gradual degradation: if a database is unavailable (can't open, most read or write errors) a Postfix daemon will log a warning and continue providing the services that don't depend on that table, instead of immediately terminating with a fatal error. To terminate immediately when a database file can't be opened, specify "daemon_table_open_error_is_fatal = yes". - Revised postconf(1) command. It warns about unused parameter name=value settings in main.cf or master.cf (likely mistakes), understands "dynamic" parameter names such as names that depend on the name of a master.cf entry (finally, "postconf -n" shows all parameter settings), and it can display main.cf and master.cf in a more user-friendly format (postconf -nf, postconf -Mf). - Read/write deadline support in the SMTP client and server to defend against application-level DOS attacks that very slowly write or read data one byte at a time.
show more ...
|