postconf_unused.c - OpenGrok history log for /netbsd/external/ibm-public/postfix/dist/src/postconf/postconf

Revision	Date	Author	Comments
# 2e5cb688	06-Jul-2014	tron <tron@NetBSD.org>	Import Postfix 2.11.1. The main changes since version 2.10.* are: - Support for PKI-less TLS server certificate verification with DANE (DNS-based Authentication of Named Entities) where the CA publ Import Postfix 2.11.1. The main changes since version 2.10.* are: - Support for PKI-less TLS server certificate verification with DANE (DNS-based Authentication of Named Entities) where the CA public key or the server certificate is identified via DNSSEC lookup. This requires a DNS resolver that validates DNSSEC replies. The problem with conventional PKI is that there are literally hundreds of organizations world-wide that can provide a certificate in anyone's name. DANE limits trust to the people who control the target DNS zone and its parent zones. - A new postscreen_dnsbl_whitelist_threshold feature to allow clients to skip postscreen tests based on their DNSBL score. This can eliminate email delays due to "after 220 greeting" protocol tests, which otherwise require that a client reconnects before it can deliver mail. Some providers such as Google don't retry from the same IP address, and that can result in large email delivery delays. - The recipient_delimiter feature now supports different delimiters, for example both "+" and "-". As before, this implementation recognizes exactly one delimiter character per email address, and exactly one address extension per email address. - Advanced master.cf query/update support to access service attributes as "name = value" pairs. For example to turn off chroot on all services use "postconf -F '//chroot = n'", and to change/add a "-o name=value" setting use "postconf -P 'smtp/inet/name = value'". This was developed primarily to allow automated tools to manage Postfix systems without having to parse Postfix configuration files. show more ...
# e694ac3b	02-Jan-2013	tron <tron@NetBSD.org>	Import Postfix 2.9.5. Major changes since version 2.8.x: - Support for long, non-repeating, queue IDs (queue file names). The main benefit of non-repeating names is simpler logfile analysis. See Import Postfix 2.9.5. Major changes since version 2.8.x: - Support for long, non-repeating, queue IDs (queue file names). The main benefit of non-repeating names is simpler logfile analysis. See the description of "enable_long_queue_ids" in postconf(5) for details. - Memcache client support, and support to share postscreen(8) and verify(8) caches via the proxymap server. Details about memcache support are in memcache_table(5) and MEMCACHE_README. - Gradual degradation: if a database is unavailable (can't open, most read or write errors) a Postfix daemon will log a warning and continue providing the services that don't depend on that table, instead of immediately terminating with a fatal error. To terminate immediately when a database file can't be opened, specify "daemon_table_open_error_is_fatal = yes". - Revised postconf(1) command. It warns about unused parameter name=value settings in main.cf or master.cf (likely mistakes), understands "dynamic" parameter names such as names that depend on the name of a master.cf entry (finally, "postconf -n" shows all parameter settings), and it can display main.cf and master.cf in a more user-friendly format (postconf -nf, postconf -Mf). - Read/write deadline support in the SMTP client and server to defend against application-level DOS attacks that very slowly write or read data one byte at a time. show more ...

Revision

Date

Author

Comments

# 2e5cb688

06-Jul-2014

tron <tron@NetBSD.org>

Import Postfix 2.11.1. The main changes since version 2.10.* are:
- Support for PKI-less TLS server certificate verification with DANE
(DNS-based Authentication of Named Entities) where the CA publ

Import Postfix 2.11.1. The main changes since version 2.10.* are:
- Support for PKI-less TLS server certificate verification with DANE
(DNS-based Authentication of Named Entities) where the CA public key
or the server certificate is identified via DNSSEC lookup. This
requires a DNS resolver that validates DNSSEC replies. The problem
with conventional PKI is that there are literally hundreds of
organizations world-wide that can provide a certificate in anyone's
name. DANE limits trust to the people who control the target DNS
zone and its parent zones.
- A new postscreen_dnsbl_whitelist_threshold feature to allow clients
to skip postscreen tests based on their DNSBL score. This can
eliminate email delays due to "after 220 greeting" protocol tests,
which otherwise require that a client reconnects before it can
deliver mail. Some providers such as Google don't retry from the
same IP address, and that can result in large email delivery delays.
- The recipient_delimiter feature now supports different delimiters,
for example both "+" and "-". As before, this implementation
recognizes exactly one delimiter character per email address, and
exactly one address extension per email address.
- Advanced master.cf query/update support to access service attributes
as "name = value" pairs. For example to turn off chroot on all
services use "postconf -F '*/*/chroot = n'", and to change/add a
"-o name=value" setting use "postconf -P 'smtp/inet/name = value'".
This was developed primarily to allow automated tools to manage Postfix
systems without having to parse Postfix configuration files.

# e694ac3b

02-Jan-2013

tron <tron@NetBSD.org>

Import Postfix 2.9.5. Major changes since version 2.8.x:
- Support for long, non-repeating, queue IDs (queue file names). The
main benefit of non-repeating names is simpler logfile analysis. See

Import Postfix 2.9.5. Major changes since version 2.8.x:
- Support for long, non-repeating, queue IDs (queue file names). The
main benefit of non-repeating names is simpler logfile analysis. See
the description of "enable_long_queue_ids" in postconf(5) for
details.
- Memcache client support, and support to share postscreen(8) and
verify(8) caches via the proxymap server. Details about memcache
support are in memcache_table(5) and MEMCACHE_README.
- Gradual degradation: if a database is unavailable (can't open, most
read or write errors) a Postfix daemon will log a warning and
continue providing the services that don't depend on that table,
instead of immediately terminating with a fatal error. To terminate
immediately when a database file can't be opened, specify
"daemon_table_open_error_is_fatal = yes".
- Revised postconf(1) command. It warns about unused parameter
name=value settings in main.cf or master.cf (likely mistakes),
understands "dynamic" parameter names such as names that depend on
the name of a master.cf entry (finally, "postconf -n" shows all
parameter settings), and it can display main.cf and master.cf in a
more user-friendly format (postconf -nf, postconf -Mf).
- Read/write deadline support in the SMTP client and server to defend
against application-level DOS attacks that very slowly write or read
data one byte at a time.