Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

postfix-bdb-3.8.4-150600.1.5 RPM for x86_64

From OpenSuSE Leap 15.6 for x86_64

Name: postfix-bdb Distribution: SUSE Linux Enterprise 15
Version: 3.8.4 Vendor: SUSE LLC <https://www.suse.com/>
Release: 150600.1.5 Build date: Thu May 9 12:46:14 2024
Group: Productivity/Networking/Email/Servers Build host: h04-ch2a
Size: 3515732 Source RPM: postfix-bdb-3.8.4-150600.1.5.src.rpm
Packager: https://www.suse.com/
Url: http://www.postfix.org
Summary: A fast, secure, and flexible mailer
Postfix aims to be an alternative to the widely-used sendmail program with bdb support

Provides

Requires

License

EPL-2.0 OR IPL-1.0

Changelog

* Thu Dec 28 2023 dmueller@suse.com
  - update default configuration to enable the long-term fix for
    bsc#1218304, bsc#1218314 CVE-2023-51764, SMTP smuggling attack:
    * smtpd_forbid_bare_newline = yes
    * smtpd_forbid_bare_newline_exclusions = $mynetworks
* Fri Dec 22 2023 suse+build@de-korte.org
  - update to 3.8.4
    * Security: this release adds support to defend
      against an email spoofing attack (SMTP smuggling) on
      recipients at a Postfix server. For background, see
      https://www.postfix.org/smtp-smuggling.html.
* Fri Nov 03 2023 suse+build@de-korte.org
  - update to 3.8.3
    * Bugfix (defect introduced Postfix 2.5, date 20080104): the
      Postfix SMTP server was waiting for a client command instead
      of replying immediately, after a client certificate verification
      error in TLS wrappermode. Reported by Andreas Kinzler.
    * Usability: the Postfix SMTP server (finally) attempts to log
      the SASL username after authentication failure. In Postfix
      logging, this appends ", sasl_username=xxx" after the reason
      for SASL authentication failure. The logging replaces an
      unavailable reason with "(reason unavailable)", and replaces
      an unavailable sasl_username with "(unavailable)". Based on
      code by Jozsef Kadlecsik.
    * Compatibility bugfix (defect introduced: Postfix 2.11, date
      20130405): in forward_path, the expression ${recipient_delimiter}
      would expand to an empty string when a recipient address had
      no recipient delimiter. The compatibility fix is to use a
      configured recipient delimiter value instead. Reported by Tod
      A. Sandman.
* Mon Oct 23 2023 varkoly@suse.com
  - Syntax error in update_postmaps script (bsc#1216061)
* Mon Sep 18 2023 varkoly@suse.com
  - postfix: config.postfix causes too tight permission on main.cf
    (bsc#1215372)
* Tue Aug 15 2023 varkoly@suse.com
  - CVE-2023-32182: postfix: config_postfix SUSE specific script
    potentially bad /tmp file usage (bsc#1211196)
    Use temp file created by mktemp
* Tue Jun 06 2023 suse+build@de-korte.org
  - update to 3.8.1
    * Optional: harden a Postfix SMTP server against remote SMTP
      clients that violate RFC 2920 (or 5321) command pipelining
      constraints. With "smtpd_forbid_unauth_pipelining = yes", the
      server disconnects a client immediately, after responding with
      "554 5.5.0 Error: SMTP protocol synchronization" and after
      logging "improper command pipelining" with the unexpected remote
      SMTP client input. This feature is disabled by default in Postfix
      3.5-3.8 to avoid breaking home-grown utilities, but it is enabled
      by default in Postfix 3.9. A similar feature is enabled by
      default in the Exim SMTP server.
    * Optional: some OS distributions crank up TLS security to 11,
      and in doing so increase the number of plaintext email deliveries.
      This introduces basic OpenSSL configuration file support that
      may be used to override OS-level settings.
      Details are in the postconf(5) manpage under tls_config_file
      and tls_config_name.
    * Bugfix (defect introduced: Postfix 1.0): the command "postconf
      .. name=v1 .. name=v2 .." (multiple instances of the same
      parameter name) created multiple main.cf name=value entries
      with the same parameter name. It now logs a warning and skips
      the earlier name(s) and value(s). Found during code maintenance.
    * Bugfix (defect introduced: Postfix 3.3): the command "postconf
    - M name1/type1='name2 type2 ...'" died with a segmentation
      violation when the request matched multiple master.cf entries.
      The master.cf file was not damaged. Problem reported by SATOH
      Fumiyasu.
    * Bugfix (defect introduced: Postfix 2.11): the command "postconf
    - M name1/type1='name2 type2 ...'" could add a service definition
      to master.cf that conflicted with an already existing service
      definition. It now replaces all existing service definitions
      that match the service pattern 'name1/type1' or the service
      name and type in 'name2 type2 ...' with a single service
      definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu.
    * Bugfix (defect introduced: Postfix 3.8) the posttls-finger
      command could access uninitialized memory when reconnecting.
      This also fixes a malformed warning message when a destination
      contains ":service" information. Reported by Thomas Korbar.
    * Bugfix (defect introduced: Postfix 3.2): the MySQL client could
      return "not found" instead of "error" (for example, resulting
      in a 5XX SMTP status instead of 4XX) during the time that all
      MySQL server connections were turned down after error. Found
      during code maintenance. File: global/dict_mysql.c. This was
      already fixed in Postfix 3.4-3.7.
* Tue Apr 18 2023 suse+build@de-korte.org
  - update to 3.8.0
    * Support to look up DNS SRV records in the Postfix SMTP/LMTP
      client, Based on code by Tomas Korbar (Red Hat). For example,
      with "use_srv_lookup = submission" and "relayhost =
      example.com:submission", the Postfix SMTP client will look up
      DNS SRV records for _submission._tcp.example.com, and will relay
      email through the hosts and ports that are specified with those
      records.
    * TLS obsolescence: Postfix now treats the "export" and "low"
      cipher grade settings as "medium". The "export" and "low" grades
      are no longer supported in OpenSSL 1.1.1, the minimum version
      required in Postfix 3.6.0 and later. Also, Postfix default
      settings now exclude deprecated or unused ciphers (SEED, IDEA,
      3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms
      (DH, ECDH), and public key algorithm (DSS).
    * Attack resistance: the Postfix SMTP server can now aggregate
      smtpd_client_*_rate and smtpd_client_*_count statistics by
      network block instead of by IP address, to raise the bar against
      a memory exhaustion attack in the anvil(8) server; Postfix TLS
      support unconditionally disables TLS renegotiation in the middle
      of an SMTP connection, to avoid a CPU exhaustion attack.
    * The PostgreSQL client encoding is now configurable with the
      "encoding" Postfix configuration file attribute. The default
      is "UTF8". Previously the encoding was hard-coded as "LATIN1",
      which is not useful in the context of SMTP.
    * The postconf command now warns for #comment in or after a Postfix
      parameter value. Postfix programs do not support #comment after
      other text, and treat that as input.
  - rebase/refresh patches
    * pointer_to_literals.patch
    * postfix-linux45.patch
    * postfix-master.cf.patch
    * postfix-ssl-release-buffers.patch
    * set-default-db-type.patch
* Sat Feb 25 2023 otto.hollmann@suse.com
  - update to 3.7.4
    * Workaround: with OpenSSL 3 and later always turn on
      SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
      opportunities for TLS session reuse. This is safe because the SMTP protocol
      implements application-level framing, and is therefore not affected by TLS
      truncation attacks.
    * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound
      handles for digest implementations. In sufficiently hostile configurations,
      Postfix could mistakenly believe that a digest algorithm is available, and
      fail when it is not. A similar workaround may be needed for
      EVP_get_cipherbyname().
    * Bugfix (bug introduced in Postfix 2.11): the checkok() macro in
      tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate
      the argument only if there was no prior error.
    * Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation
      violation when postscreen_dnsbl_threshold < 1. It should reject such input
      with a fatal error instead.
    * Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions.
    * Portability: Linux 6 support.
    * Added missing documentation that cidr:, pcre: and regexp: tables support
      inline specification only in Postfix 3.7 and later.
    * Rebased postfix-linux45.patch
* Thu Feb 09 2023 varkoly@suse.com
  - SELinux: postfix denied to access /var/spool/postfix/pid/master.pid
    (bsc#1207177) Apply proposed changes in postfix.service
  - remove patch included into the source:
      harden_postfix.service.patch
* Wed Jan 25 2023 kukuk@suse.com
  - Disable NIS support on Factory (deprecated and will be removed)
* Mon Nov 14 2022 varkoly@suse.com
  - postfix default main.cf myhostname default causes conflict
    (bsc#1192173)
    Use the postfix build in defaults for myhostname and mydestination
* Sun Oct 09 2022 michael@stroeder.com
  - update to 3.7.3
    * Fixed a bug where some messages were not delivered after
      "warning: Unexpected record type 'X'. (bsc#1213515)
    * Workaround: in a TLS server disable Postfix's 1-element internal session
      cache, to work around an OpenSSL 3.0 regression that broke TLS handshakes.
    * Code health: the fix for milter_header_checks (3.7.1, 3.6.6, 3.5.16, 3.4.26)
      introduced a missing msg_panic() argument (in code that never executes).
    * Code health: Postfix 3.3.0 introduced an uninitialized verify_append()
      request status in case of a null original recipient address.
    * Postfix 3.5.0 introduced debug logging noise in map_search_create().
* Tue Sep 06 2022 lnussel@suse.de
  - own /var/spool/mail (boo#1179574)
* Thu Aug 04 2022 chris@computersalat.de
  - use correct source signature file (gpg2)
* Mon Jul 11 2022 chris@computersalat.de
  - update to 3.7.2
    https://de.postfix.org/ftpmirror/official/postfix-3.7.2.RELEASE_NOTES
  - rebase patches
    * pointer_to_literals.patch
    * postfix-linux45.patch
    * postfix-main.cf.patch
    * postfix-master.cf.patch
    * postfix-no-md5.patch
    * postfix-ssl-release-buffers.patch
    * postfix-vda-v14-3.0.3.patch
    * set-default-db-type.patch
  - build against libpcre2
* Tue May 10 2022 chris@computersalat.de
  - remove *.swp from postfix-SUSE.tar.gz
* Tue May 03 2022 chris@computersalat.de
  - fix config.postfix 'hash' leftover with relay_recipients
  - update postfix-main.cf.patch about
    * smtp_tls_security_level (obsoletes smtp_use_tls, smtp_enforce_tls)
    * smtpd_tls_security_level (obsoletes smtpd_use_tls, smtpd_enforce_tls)
  - rebase/refresh patches
    * harden_postfix.service.patch
    * postfix-avoid-infinit-loop-if-no-permission.patch
    * postfix-master.cf.patch
    * postfix-vda-v14-3.0.3.patch
    * set-default-db-type.patch
* Mon May 02 2022 dimstar@opensuse.org
  - Change ed requires to /usr/bin/ed: allow busybox-ed to be used
    inside containers.
* Mon Apr 25 2022 mrueckert@suse.de
  - add missing requires for config.postfix and the postfix
    postinstall script:  perl and ed
* Mon Apr 18 2022 michael@stroeder.com
  - update to 3.6.6
    * (problem introduced: Postfix 2.7) The milter_header_checks maps
      are now opened before the cleanup(8) server enters the chroot
      jail.
    * In an internal client module, "host or service not found" was
      a fatal error, causing the milter_default_action setting to be
      ignored. It is now a non-fatal error, just like a failure to
      connect.
    * The proxy_read_maps default value was missing up to 27 parameter
      names. The corresponding lookup tables were not automatically
      authorized for use with the proxymap(8) service. The parameter
      names were ending in _checks, _reply_footer, _reply_filter,
      _command_filter, and _delivery_status_filter.
    * (problem introduced: Postfix 3.0) With dynamic map loading
      enabled, an attempt to create a map with "postmap regexp:path"
      would result in a bogus error message "Is the postfix-regexp
      package installed?" instead of "unsupported map type for this
      operation". This happened with all non-dynamic map types (static,
      cidr, etc.) that have no 'bulk create' support.
* Mon Apr 04 2022 varkoly@suse.com
  - config.postfix fails to set smtp_tls_security_level
    (bsc#1192314)
* Tue Mar 29 2022 ilya@ilya.cf
  - Refreshed spec-file via spec-cleaner and manual optimizated.
    * Added -p flag to all install commands.
    * Removed -f flag from all ln commands.
  - Changed file harden_postfix.service.patch (boo#1191988).
* Fri Mar 18 2022 michael@stroeder.com
  - update to 3.6.5
    * Glibc 2.34 implements closefrom(). This was causing a conflict
      with Postfix's implementation for systems that have no closefrom()
      implementation.
    * Support for Berkeley DB version 18.
  - removed obsolete postfix-3.6.2-glibc-234-build-fix.patch
* Mon Mar 14 2022 varkoly@suse.com
  - Postfix on start don't run postalias /etc/postfix/aliases
    (error open database /etc/postfix/aliases.lmdb). (bsc#1197041)
    Apply proposed patch
* Wed Feb 09 2022 varkoly@suse.com
  - config.postfix can't handle symlink'd /etc/resolv.cof
    (bsc#1195019)
    Adapt proposed change: using "cp -afL" by copying.
* Tue Jan 18 2022 michael@stroeder.com
  - Update to 3.6.4
    * Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient
      entries in postconf output. This was caused by an incomplete
      fix to send SMTP session transcripts to $bounce_notice_recipient.
    * Bug introduced in Postfix 3.0: the proxymap daemon did not
      automatically authorize proxied maps inside pipemap (example:
      pipemap:{proxy:maptype:mapname, ...}) or inside unionmap.
    * Bug introduced in Postfix 2.5: off-by-one error while writing
      a string terminator. This code passed all memory corruption
      tests, presumably because it wrote over an alignment padding
      byte, or over an adjacent character byte that was never read.
    * The proxymap daemon did not automatically authorize map features
      added after Postfix 3.3, caused by missing *_maps parameter
      names in the proxy_read_maps default value. Found during code
      maintenance.
* Mon Nov 08 2021 michael@stroeder.com
  - Update to 3.6.3
    * (problem introduced in Postfix 2.4, released in 2007): queue
      file corruption after a Milter (for example, MIMEDefang) made
      a request to replace the message body with a copy of that message
      body plus additional text (for example, a SpamAssassin report).
    * (problem introduced in Postfix 2.10, released in 2012): The
      postconf "-x" option could produce incorrect output, because
      multiple functions were implicitly sharing a buffer for
      intermediate results. Problem report by raf, root cause analysis
      by Viktor Dukhovni.
    * (problem introduced in Postfix 2.11, released in 2013): The
      check_ccert_access feature worked as expected, but produced a
      spurious warning when Postfix was built without SASL support.
      Fix by Brad Barden.
    * Fix for a compiler warning due to a missing 'const' qualifier
      when compiling Postfix with OpenSSL 3. Depending on compiler
      settings this could cause the build to fail.
    * The known_tcp_ports settings had no effect. It also wasn't fully
      implemented. Problem report by Peter.
    * Fix for missing space between a hostname and warning text.
* Fri Oct 22 2021 opensuse@dstoecker.de
  - Ensure postfix can write to home directory or server side
    filtering wont work (sieve)
* Fri Oct 22 2021 jsegitz@suse.com
  - Ensure service can write to /etc/postfix
* Thu Oct 21 2021 jsegitz@suse.com
  - Added hardening to systemd service (bsc#1181400). Added
    harden_postfix.service.patch
* Thu Oct 07 2021 varkoly@suse.com
  - config.postfix not updatet after lmdb switch
    (bsc#1190945)
    Adapt config.postfix
* Thu Aug 26 2021 varkoly@suse.com
  - postfix master.cf: to include "submissions" service
    (bsc#1189684)
    Adapt master.cf patch
* Tue Aug 24 2021 varkoly@suse.com
  - postfix fails with glibc 2.34
    Define HAS_CLOSEFROM
    (bsc#1189101)
    add patch
    - postfix-3.6.2-glibc-234-build-fix.patch
* Thu Aug 05 2021 chris@computersalat.de
  - fix config.postfix (follow up of bsc#1188477)
* Mon Jul 26 2021 varkoly@suse.com
  - Syntax error in config.postfix
    (bsc#1188477)
* Sun Jul 25 2021 michael@stroeder.com
  - Update to 3.6.2
    * In Postfix 3.6, fixed a false "Result too large" (ERANGE) fatal
      error in the compatibility_level parser, because there was no
      'errno = 0' statement before an strtol() call.
    * (problem introduced in Postfix 3.3) "Null pointer read" error
      in the cleanup daemon when "header_from_format = standard" (the
      default as of Postfix 3.3), and email was submitted with
      /usr/sbin/sendmail without From: header, and an all-space full
      name was specified in 1) the password file, 2) with "sendmail
    - F", or 3) with the NAME environment variable. Found by Renaud
      Metrich.
    * (problem introduced in Postfix 2.4) False "too many reverse
      jump" warnings in the showq daemon, because loop detection code
      was comparing memory addresses instead of queue file names.
      Reported by Mehmet Avcioglu.
    * (problem introduced in 1999) The Postfix SMTP server was sending
      all session transcripts to the error_notice_recipient (default:
      postmaster), instead of sending transcripts of bounced mail to
      the bounce_notice_recipient (default: postmaster). Reported by
      Hans van Zijst.
    * The texthash: map implementation broke tls_server_sni_maps,
      because it did not support multi-file inputs. Reported by
      Christopher Gurnee, who also found an instance of the missing
      code in the "postmap -F" source code. File: util/dict_thash.c.
* Wed Jul 14 2021 varkoly@suse.com
  - spamd wants to start before mail-transfer-agent.target, but that target doesn't exist
    (bsc#1066854)
* Tue Jul 06 2021 chris@computersalat.de
  - postfix-SUSE
    * rework sysconfig.postfix, add
    - POSTFIX_WITH_DKIM
    - POSTFIX_DKIM_CONN
    * rework config.postfix for main.cf
    - with_dkim
  - update postfix-main.cf.patch
    * add OpenDKIM settings
* Wed Jun 23 2021 chris@computersalat.de
  - postfix-mysql
    * add mysql_relay_recipient_maps.cf
  - postfix-SUSE
    * rework sysconfig.postfix, add
    - POSTFIX_RELAY_RECIPIENTS
    - POSTFIX_BACKUPMX
    * add relay_recipients
    * rework config.postfix for main.cf
    - is_backupmx
    - relay_recipient_maps
* Fri Jun 18 2021 gmbr3@opensuse.org
  - Add now working CONFIG parameter to sysusers generator
  - Remove unnecessary group line from postfix-vmail-user.conf
* Mon Jun 14 2021 michael@stroeder.com
  - Update to 3.6.1
    * Bugfix (introduced: Postfix 2.11): the command "postmap
      lmdb:/file/name" (create LMDB database from textfile) handled
      duplicate input keys ungracefully, discarding entries stored
      up to and including the duplicate key, and causing a double
      free() call with lmdb versions 0.9.17 and later. Reported by
      Adi Prasaja; double free() root cause analysis by Howard Chu.
    * Typo (introduced: Postfix 3.4): silent_discard should be
      silent-discard in BDAT_README.
* Sun Jun 06 2021 chris@computersalat.de
  - fix postfix-master.cf.patch
    * set correct indentation (again) for options of
    - submission (needs 3 spaces)
    - smtps (needs 4 spaces)
      to make config.postfix work nicely again
* Wed Jun 02 2021 mrueckert@suse.de
  - Update to 3.6.0
    - Major changes - internal protocol identification
      Internal protocols have changed. You need to "postfix stop"
      before updating, or before backing out to an earlier release,
      otherwise long-running daemons (pickup, qmgr, verify, tlsproxy,
      postscreen) may fail to communicate with the rest of Postfix,
      causing mail delivery delays until Postfix is restarted.
    For more see /usr/share/doc/packages/postfix/RELEASE_NOTES
  - refreshed patches to apply cleanly again:
    fix-postfix-script.patch
    ipv6_disabled.patch
    pointer_to_literals.patch
    postfix-linux45.patch
    postfix-main.cf.patch
    postfix-master.cf.patch
    postfix-no-md5.patch
    postfix-ssl-release-buffers.patch
    postfix-vda-v14-3.0.3.patch
    set-default-db-type.patch
* Tue Jun 01 2021 varkoly@suse.com
  - (bsc#1186669) - postfix.service has "Requires=var-run.mount"
    Remove bad requirements
* Mon Apr 12 2021 michael@stroeder.com
  - Update to 3.5.10 with security fixes:
    * Missing null pointer checks (introduced in Postfix 3.4) after
      an internal I/O error during the smtp(8) to tlsproxy(8) handshake.
      Found by Coverity, reported by Jaroslav Skarvada. Based on a
      fix by Viktor Dukhovni.
    * Null pointer bug (introduced in Postfix 3.0) and memory leak
      (introduced in Postfix 3.4) after an inline: table syntax error
      in main.cf or master.cf. Found by Coverity, reported by Jaroslav
      Skarvada. Based on a fix by Viktor Dukhovni.
    * Incomplete null pointer check (introduced: Postfix 2.10) after
      truncated HaProxy version 1 handshake message. Found by Coverity,
      reported by Jaroslav Skarvada. Fix by Viktor Dukhovni.
    * Missing null pointer check (introduced: Postfix alpha) after
      null argv[0] value.
* Wed Mar 10 2021 varkoly@suse.com
  - (bsc#1183305) - config.postfix uses db as suffix for postmaps
    Depending on DEF_DB_TYPE uses lmdb or db
* Fri Mar 05 2021 varkoly@suse.com
  - (bsc#1182833) - /usr/share/fillup-templates/sysconfig.postfix
    still refers to /etc/services
    Use getent to detect if smtps is already defined.
* Fri Feb 05 2021 varkoly@suse.com
  - (bsc#1180473) [Build 20201230] postfix has invalid default config
    (bsc#1181381) [Build 130.3] openQA test fails in mta, mutt -
    postfix broken: "queue file write error" and "error: unsupported
    dictionary type: hash"
    Export DEF_DB_TYPE before starting the perl script.
* Wed Jan 27 2021 varkoly@suse.com
  - bsc#1180473 - [Build 20201230] postfix has invalid default config
    Fixing config.postfix and sysconfig.postfix
* Mon Jan 25 2021 info@paolostivanin.com
  - Update to 3.5.9
    * improves the reporting of DNSSEC problems that may affect
      DANE security
* Thu Jan 07 2021 suse+build@de-korte.org
  - Only do the conversion from the hash/btree databases to lmdb when
    the default database type changes from hash to lmdb and do not
    stop and start the service (the old compiled databases can live
    together with the new ones)
    - convert-bdb-to-lmdb.sh
  - Clean up the specfile
    * Remove < 1330 conditional builds
    * Use generated postfix-files instead of the obsolete one from
      postfix-SUSE.tar.gz
    * Use dynamicmaps.cf.d instead of modifying dynamicmaps.cf upon
      (de)installation of optional mysql, pgsql and ldap subpackages
    * Use default location for post-install, postfix-tls-script,
      postfix-wrapper and postmulti-script
* Mon Jan 04 2021 varkoly@suse.com
  - Set lmdb to be the default db.
  - Convert btree tables to lmdb too. Stop postfix before converting from
    bdb to lmdb
  - This package is without bdb support. That's why convert must be done
    without any suse release condition.
    o remove patch postfix-no-btree.patch
    o add set-default-db-type.patch
* Fri Dec 25 2020 suse+build@de-korte.org
  - Set database type for address_verify_map and postscreen_cache_map
    to lmdb (btree requires Berkeley DB)
    o add postfix-no-btree.patch
* Fri Dec 25 2020 suse+build@de-korte.org
  - Set default database type to lmdb and fix update_postmaps script
* Thu Dec 24 2020 suse+build@de-korte.org
  - Use variable substition instead of sed to remove .db suffix and
    substitute hash: for lmdb: in /etc/postfix/master.cf as well.
    Check before substitution if there is something to do (to keep
    rpmcheck happy).
* Tue Dec 08 2020 varkoly@suse.com
  - bsc#1176650 L3: What is regularly triggering the "fillup"
    command and changing modify-time of /etc/sysconfig/postfix?
    o Remove miss placed fillup_only call from %verifyscript
* Thu Nov 26 2020 varkoly@suse.com
  - Remove Berkeley DB dependency (JIRA#SLE-12191)
    The pacakges postfix is build without Berkely DB support.
    lmdb will be used instead of BDB.
    The pacakges postfix-bdb is build with Berkely DB support.
    o add patch for main.cf for postfix-bdb package
      postfix-bdb-main.cf.patch
* Sun Nov 08 2020 michael@stroeder.com
  - Update to 3.5.8
    * The Postfix SMTP client inserted <CR><LF> into message headers longer
      than $line_length_limit (default: 2048), causing all subsequent header
      content to become message body content.
    * The postscreen daemon did not save a copy of the
      postscreen_dnsbl_reply_map lookup result. This has no effect when the
      recommended texthash: look table is used, but it could result in stale
      data with other lookup tables.
    * After deleting a recipient with a Milter, the Postfix recipient
      duplicate filter was not updated; the filter suppressed requests
      to add the recipient back.
    * Memory leak: the static: maps did not free their casefolding buffer.
    * With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a
      TLS handshake, after processing an XCLIENT command.
    * The smtp_sasl_mechanism_filter implementation ignored table lookup
      errors, treating them as 'not found'.
    * The code that looks for Delivered-To: headers ignored headers longer
      than $line_length_limit (default: 2048).
* Mon Aug 31 2020 michael@stroeder.com
  - Update to 3.5.7
    * Fixed random certificate verification failures with
      "smtp_tls_connection_reuse = yes", because tlsproxy(8) was using
      the wrong global TLS context for connections that use DANE or
      non-DANE trust anchors.
* Tue Aug 25 2020 kukuk@suse.com
  - Move ldap into an own sub-package like all other databases
  - Move manual pages to correct sub-package
* Fri Aug 21 2020 kukuk@suse.com
  - Use sysusers.d to create system accounts
  - Remove wrong %config for systemd directory content
* Sun Aug 09 2020 suse+build@de-korte.org
  - Use the correct signature file for source verification
  - Rename postfix-3.5.6.tar.gz.sig to postfix-3.5.6.tar.gz.asc (to
    prevent confusion, as the signature file from upstream with .sig
    extension is incompatible with the build service)
* Sun Jul 26 2020 michael@stroeder.com
  - Update to 3.5.6 with following fixes:
    * Workaround for unexpected TLS interoperability problems when Postfix
      runs on OS distributions with system-wide OpenSSL configurations.
    * Memory leaks in the Postfix TLS library, the largest one
      involving multiple kBytes per peer certificate.
* Thu Jul 16 2020 suse+build@de-korte.org
  - Add source verification (add postfix.keyring)
* Fri Jul 03 2020 kukuk@suse.com
  - Use systemd_ordering instead of systemd_require.
  - Move /etc/postfix/system to /usr/lib/postfix/systemd [bsc#1173688]
  - Drop /var/adm/SuSEconfig from %post, it does nothing.
  - Rename postfix-SuSE to postfix-SUSE
  - Delete postfix-SUSE/README.SuSE, company name spelled wrong,
    completly outdated and not used.
  - Delete postfix-SUSE/SPAMASSASSIN+POSTFIX.SuSE, company name
    spelled wrong, outdated and not used.
  - sysconfig.mail-postfix: Fix description of MAIL_CREATE_CONFIG,
    SuSEconfig is gone since ages.
  - update_chroot.systemd: Remove advice to run SuSEconfig.
  - Remove rc.postfix, not used, outdated.
  - mkpostfixcert: Remove advice to run SuSEconfig.
* Mon Jun 29 2020 michael@stroeder.com
  - Update to 3.5.4:
    * The connection_reuse attribute in smtp_tls_policy_maps always
      resulted in an "invalid attribute name" error.
    * SMTP over TLS connection reuse always failed for Postfix SMTP
      client configurations that specify explicit trust anchors (remote
      SMTP server certificates or public keys).
    * The Postfix SMTP client's DANE implementation would always send
      an SNI option with the name in a destination's MX record, even
      if the MX record pointed to a CNAME record. MX records that
      point to CNAME records are not conformant with RFC5321, and so
      are rare.
      Based on the DANE survey of ~2 million hosts it was found that
      with the corrected SMTP client behavior, sending SNI with the
      CNAME-expanded name, the SMTP server would not send a different
      certificate. This fix should therefore be safe.
* Mon Jun 15 2020 michael@stroeder.com
  - Update to 3.5.3:
    * TLS handshake failure in the Postfix SMTP server during SNI
      processing, after the server-side TLS engine sent a TLSv1.3
      HelloRetryRequest (HRR) to a remote SMTP client.
    * The command "postfix tls deploy-server-cert" did not handle a
      missing optional argument. This bug was introduced in Postfix
      3.1.
* Sun May 17 2020 michael@stroeder.com
  - Update to 3.5.2:
    * A TLS error for a database client caused a false 'lost connection'
      error for an SMTP over TLS session in the same Postfix process.
      This bug was introduced with Postfix 2.2.
    * The same bug existed in the tlsproxy(8) daemon, where a TLS
      error for one TLS session could cause a false 'lost connection'
      error for a concurrent TLS session in the same process. This
      bug was introduced with Postfix 2.8.
    * The Postfix build now disables DANE support on Linux systems
      with libc-musl such as Alpine, because libc-musl provides no
      indication whether DNS responses are authentic. This broke DANE
      support without a clear explanation.
    * Due to implementation changes in the ICU library, some Postfix
      daemons reported file access errrors (U_FILE_ACCESS_ERROR) after
      chroot(). This was fixed by initializing the ICU library before
      making the chroot() call.
    * Minor code changes to silence a compiler that special-cases
      string literals.
    * Segfault (null pointer) in the tlsproxy(8) client role when the
      server role was disabled. This typically happened on systems
      that do not receive mail, after configuring connection reuse
      for outbound SMTP over TLS.
    * The date portion of the maillog_file_rotate_suffix default value
      used the minute (%M) instead of the month (%m).
* Mon May 11 2020 suse+build@de-korte.org
  - boo#1106004 fix incorrect locations for files in postfix-files
* Sun Apr 19 2020 michael@stroeder.com
  - Dropped deprecated-RES_INSECURE1.patch to make DNSSEC-secured
    lookups and DANE mail transport work again
  - Update to 3.5.1:
    * Support for the haproxy v2 protocol. The Postfix implementation
      supports TCP over IPv4 and IPv6, as well as non-proxied
      connections; the latter are typically used for heartbeat tests.
    * Support to force-expire email messages. This introduces new
      postsuper(1) command-line options to request expiration, and
      additional information in mailq(1) or postqueue(1) output.
    * The Postfix SMTP and LMTP client support a list of nexthop
      destinations separated by comma or whitespace. These destinations
      will be tried in the specified order.
    * Incompatible changes:
    * Logging: Postfix daemon processes now log the from= and to=
      addresses in external (quoted) form in non-debug logging (info,
      warning, etc.). This means that when an address localpart
      contains spaces or other special characters, the localpart will
      be quoted, for example:
      from=<"name with spaces"@example.com>
      Specify "info_log_address_format = internal" for backwards compatibility.
    * Postfix now normalizes IP addresses received with XCLIENT,
      XFORWARD, or with the HaProxy protocol, for consistency with
      direct connections to Postfix. This may change the appearance
      of logging, and the way that check_client_access will match
      subnets of an IPv6 address.
* Fri Mar 13 2020 michael@stroeder.com
  - Update to 3.4.10:
    * Bug (introduced: Postfix 2.3): Postfix Milter client state
      was not properly reset after one Milter in a multi-Milter
      configuration failed during MAIL FROM, resulting in a Postfix
      Milter client panic during the next MAIL FROM command in the
      same SMTP session.
* Fri Feb 07 2020 varkoly@suse.com
  - bsc#1162891 server:mail/postfix: cond_slp bug on TW after
    moving /etc/services to /usr/etc/services
* Wed Feb 05 2020 varkoly@suse.com
  - bsc#1160413 postfix fails with -fno-common
* Mon Feb 03 2020 michael@stroeder.com
  - Update to 3.4.9:
    * Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were
      broken while adding support for negative DNS response caching
      in postscreen. Postfix was inadvertently changed to call
      res_query() instead of res_search().
    * Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro
      overrides from a Milter application. Postfix now evaluates the
      Milter macros for an SMTP CONNECT event after the Postfix-to-Milter
      connection is negotiated.
    * Bug (introduced: Postfix 3.0): sanitize (remote) server responses
      before storing them in the verify database, to avoid Postfix
      warnings about malformed UTF8. Found during code maintenance.
* Wed Nov 27 2019 michael@stroeder.com
  - Update to 3.4.8:
    * Fix for an Exim interoperability problem when postscreen after-220
      checks are enabled. Bug introduced in Postfix 3.4: the code
      that detected "PIPELINING after BDAT" looked at the wrong
      variable. The warning now says "BDAT without valid RCPT", and
      the error is no longer treated as a command PIPELINING error,
      thus allowing mail to be delivered. Meanwhile, Exim has been
      fixed to stop sending BDAT commands when postscreen rejects all
      RCPT commands.
    * Usability bug, introduced in Postfix 3.4: the parser for
      key/certificate chain files rejected inputs that contain an EC
      PARAMETERS object. While this is technically correct (the
      documentation says what types are allowed) this is surprising
      behavior because the legacy cert/key parameters will accept
      such inputs. For now, the parser skips object types that it
      does not know about for usability, and logs a warning because
      ignoring inputs is not kosher.
    * Bug introduced in Postfix 2.8: don't gratuitously enable all
      after-220 tests when only one such test is enabled. This made
      selective tests impossible with 'good' clients. This will be
      fixed in older Postfix versions at some later time.
* Tue Sep 24 2019 mliska@suse.cz
  - Backport deprecated-RES_INSECURE1.patch in order to fix
    boo#1149705.
* Sun Sep 22 2019 michael@stroeder.com
  - Update to 3.4.7:
    * Robustness: the tlsproxy(8) daemon could go into a loop, logging
      a flood of error messages. Problem reported by Andreas Schulze
      after enabling SMTP/TLS connection reuse.
    * Workaround: OpenSSL changed an SSL_Shutdown() non-error result
      value into an error result value, causing logfile noise.
    * Configuration: the new 'TLS fast shutdown' parameter name was
      implemented incorrectly. The documentation said
      "tls_fast_shutdown_enable", but the code said "tls_fast_shutdown".
      This was fixed by changing the code, because no-one is expected
      to override the default.
    * Performance: workaround for poor TCP loopback performance on
      LINUX, where getsockopt(..., TCP_MAXSEG, ...) reports a bogus
      TCP maximal segment size that is 1/2 to 1/3 of the real MSS.
      To avoid client-side Nagle delays or server-side delayed ACKs
      caused by multiple smaller-than-MSS writes, Postfix chooses a
      VSTREAM buffer size that is a small multiple of the reported
      bogus MSS. This workaround increases the multiplier from 2x to
      4x.
    * Robustness: the Postfix Dovecot client could segfault (null
      pointer read) or cause an SMTP server assertion to fail when
      talking to a fake Dovecot server. The Postfix Dovecot client
      now logs a proper error instead.
* Thu Sep 19 2019 varkoly@suse.com
  - bsc#1120757 L3: File Permissions->Paranoid can cause a system hang
    Break loop if postfix has no permission in spool directory.
    - add postfix-avoid-infinit-loop-if-no-permission.patch
* Fri Aug 09 2019 chris@computersalat.de
  - fix for boo#1144946
    mydestination - missing default localhost
    * update config.postfix
* Fri Jul 26 2019 varkoly@suse.com
  - bsc#1142881 - mkpostfixcert from Postfix still uses md
* Thu Jul 25 2019 matthias.gerstner@suse.com
  - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
    firewalld, see [1].
    [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
* Sun Jul 21 2019 chris@computersalat.de
  - update example POSTFIX_BASIC_SPAM_PREVENTION: permit_mynetworks for
    * POSTFIX_SMTPD_HELO_RESTRICTIONS
    * POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS
  - fix for: Can't connect to local MySQL server through socket
    '/run/mysql/mysql.sock'
    * update config.postfix
    * update update_chroot.systemd
* Wed Jul 03 2019 michael@stroeder.com
  - Update to 3.4.6:
    * Workaround for implementations that hang Postfix while shutting
      down a TLS session, until Postfix times out. With
      "tls_fast_shutdown_enable = yes" (the default), Postfix no
      longer waits for the TLS peer to respond to a TLS 'close'
      request. This is recommended with TLSv1.0 and later.
    * Fixed a too-strict censoring filter that broke multiline Milter
      responses for header/body events. Problem report by Andreas
      Thienemann.
    * The code to reset Postfix SMTP server command counts was not
      called after a HaProxy handshake failure, causing stale numbers
      to be reported. Problem report by Joseph Ward.
    * postconf(5) documentation: tlsext_padding is not a tls_ssl_options
      feature.
    * smtp(8) documentation: updated the BUGS section text about
      Postfix support to reuse open TLS connections.
    * Portability: added "#undef sun" to util/unix_dgram_connect.c.
* Wed Jun 26 2019 varkoly@suse.com
  - Ensure that postfix is member of all groups as before.
* Wed Jun 12 2019 dimstar@opensuse.org
  - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
    shortcut the build queues by allowing usage of systemd-mini
* Thu Jun 06 2019 tchvatal@suse.com
  - Drop the omc config fate#301838:
    * it is obsolete since SLE11
* Wed May 08 2019 varkoly@suse.com
  - bsc#1104543 config.postfix does not start tlsmgr in master.cf
    when using POSTFIX_SMTP_TLS_CLIENT="must". Applyed the proposed
    patch.
* Sun Mar 31 2019 michael@stroeder.com
  - Update to 3.4.5:
    Bugfix (introduced: Postfix 3.0): LMTP connections over
    UNIX-domain sockets were cached but not reused, due to a
    cache lookup key mismatch. Therefore, idle cached connections
    could exhaust LMTP server resources, resulting in two-second
    pauses between email deliveries. This problem was investigated
    by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
* Mon Mar 18 2019 varkoly@suse.com
  - Update to 3.4.4
    o Incompatible changes
    - The Postfix SMTP server announces CHUNKING (BDAT
      command) by default. In the unlikely case that this breaks some
      important remote SMTP client, disable the feature as follows:
      /etc/postfix/main.cf:
      [#] The logging alternative:
      smtpd_discard_ehlo_keywords = chunking
      [#] The non-logging alternative:
      smtpd_discard_ehlo_keywords = chunking, silent_discard
    - This introduces a new master.cf service 'postlog'
      with type 'unix-dgram' that is used by the new postlogd(8) daemon.
      Before backing out to an older Postfix version, edit the master.cf
      file and remove the postlog entry.
    - Postfix 3.4 drops support for OpenSSL 1.0.1
    - To avoid performance loss under load, the
      tlsproxy(8) daemon now requires a zero process limit in master.cf
      (this setting is provided with the default master.cf file). By
      default, a tlsproxy(8) process will retire after several hours.
    - To set the tlsproxy process limit to zero:
      postconf -F tlsproxy/unix/process_limit=0
      postfix reload
    o Major changes
    - Postfix SMTP server support for RFC 3030 CHUNKING
      (the BDAT command) without BINARYMIME, in both smtpd(8) and
      postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions,
      and smtpd_proxy_filter. See BDAT_README for more.
    - Support for logging to file or stdout, instead of using syslog.
    - Logging to file solves a usability problem for MacOS, and
      eliminates multiple problems with systemd-based systems.
    - Logging to stdout is useful when Postfix runs in a container, as
      it eliminates a syslogd dependency.
    - Better handling of undocumented(!) Linux behavior
      whether or not signals are delivered to a PID=1 process.
    - Support for (key, list of filenames) in map source text.
      Currently, this feature is used only by tls_server_sni_maps.
    - Automatic retirement: dnsblog(8) and tlsproxy(8) process
      will now voluntarily retire after after max_idle*max_use, or some
      sane limit if either limit is disabled. Without this, a process
      could stay busy for days or more.
    - Postfix SMTP client support for multiple deliveries
      per TLS-encrypted connection. This is primarily to improve mail
      delivery performance for destinations that throttle clients when
      they don't combine deliveries.
      This feature is enabled with "smtp_tls_connection_reuse=yes" in
      main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps.
      It supports all Postfix TLS security levels including dane and
      dane-only.
    - SNI support in the Postfix SMTP server, the
      Postfix SMTP client, and in the tlsproxy(8) daemon (both server and
      client roles). See the postconf(5) documentation for the new
      tls_server_sni_maps and smtp_tls_servername parameters.
    - Support for files that contain multiple (key, certificate, trust chain)
      instances. This was required to implement
      server-side SNI table lookups, but it also eliminates the need for
      separate cert/key files for RSA, DSA, Elliptic Curve, and so on.
    - Support for smtpd_reject_footer_maps (as well as the postscreen
      variant postscreen_reject_footer_maps) for more informative reject
      messages. This is indexed with the Postfix SMTP server response
      text, and overrides the footer specified with smtpd_reject_footer.
      One will want to use a pcre: or regexp: map with this.
    o Bugfixes
    - Andreas Schulze discovered that reject_multi_recipient_bounce
      was producing false rejects with BDAT commands. This problem
      already existed with Postfix 2.2 smtpd_end_of_data_restrictons.
      Postfix 3.4.4 fixes both.
* Tue Mar 05 2019 jslaby@suse.com
  - postfix-linux45.patch: support also newer kernels -- pretend
    we are still at kernel 3. Note that there are no conditionals for
    LINUX3 or LINUX4. And LINUX5 was generated, but not tested in the
    code which caused build failures.
* Mon Mar 04 2019 mrueckert@suse.de
  - skip set -x and fix version update changes entry
* Sat Mar 02 2019 michael@stroeder.com
  - Update to 3.3.3
    * When the master daemon runs with PID=1 (init mode), it will now
      reap child processes from non-Postfix code running in the same
      container, instead of terminating with a panic.
    * Bugfix (introduced: postfix-2.11): with posttls-finger,
      connections to unix-domain servers always resulted in "Failed
      to establish session" even after a connection was established.
      Jaroslav Skarva.  File: posttls-finger/posttls-finger.c.
    * Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes,
      table lookups could casefold the search string when searching
      a lookup table that does not use fixed-string keys (regexp,
      pcre, tcp, etc.). Historically, Postfix would not case-fold
      the search string with such tables. File: util/dict_utf8.c.
* Fri Mar 01 2019 max@suse.com
  - PostrgeSQL's pg_config is meant for linking server extensions,
    use libpq's pkg-config instead, if available.
    This is needed to fix build with PostgreSQL 11.
* Thu Feb 07 2019 chris@computersalat.de
  - rework config.postfix
    * disable commenting of smtpd_sasl_path/smtpd_sasl_type
      no need to comment, cause it is set to default anyway
      and 'uncommenting' would place it at end of file then
      which is not wanted
* Sat Jan 26 2019 chris@computersalat.de
  - rework postfix-main.cf.patch
    * disable virtual_alias_domains cause (default: $virtual_alias_maps)
  - rework config.postfix
    * disable PCONF of virtual_alias_domains
      virtual_alias_maps will be set anyway to the correct value
    * extend virtual_alias_maps with
    - mysql_virtual_alias_domain_maps.cf
    - mysql_virtual_alias_domain_catchall_maps.cf
  - rework postfix-mysql, added
    * mysql_virtual_alias_domain_maps.cf
    * mysql_virtual_alias_domain_catchall_maps.cf
    needed for reject_unverified_recipient
* Thu Dec 13 2018 malte.kraus@suse.com
  - binary hardening: link with full RELRO
* Sun Nov 25 2018 michael@stroeder.com
  - Update to 3.3.2
    * Support for OpenSSL 1.1.1 and TLSv1.3.
    * Bugfixes:
    - smtpd_discard_ehlo_keywords could not disable "SMTPUTF8", because
      some lookup table was using "EHLO_MASK_SMTPUTF8" instead.
    - minor memory leak in DANE support when minting issuer certs.
    - The Postfix build did not abort if the m4 command was not installed,
      resulting in a broken postconf command.
* Sat Nov 24 2018 chris@computersalat.de
  - add POSTFIX_RELAY_DOMAINS
    * more flexibility to add to relay_domains without breaking
      config.postfix
    * rework restriction examples in sysconf.postfix
      based on postfix-buch.com (2. edtion by Hildebrandt, Koetter)
  - disable weak cipher: RC4
    after check with https://ssl-tools.net/mailservers
* Mon Oct 22 2018 chris@computersalat.de
  - update config.postfix
    * don't reject mail from authenticated users even if
      reject_unknown_client_hostname would match,
      add permit_sasl_authenticated to all restrictions
      requires smtpd_delay_reject = yes
  - update postfix-main.cf.patch
    * recover removed setting smtpd_sasl_path and smtpd_sasl_type,
      set to default value
      config.postfix will not 'enable' (remove #) var, but place
      modified (enabled) var at end of file, far away from place
      where it should be
  - rebase patches
    * fix-postfix-script.patch
    * postfix-vda-v14-3.0.3.patch
    * postfix-linux45.patch
    * postfix-master.cf.patch
    * pointer_to_literals.patch
    * postfix-no-md5.patch
* Thu Oct 04 2018 varkoly@suse.com
  - bsc#1092939 - Postfixes postconf gives a lot of LDAP related warnings
    o add m4 as buildrequires, as proposed.
* Mon Aug 27 2018 tchvatal@suse.com
  - Add zlib-devel as buildrequires, previously included from
    openssl-devel
* Fri May 25 2018 varkoly@suse.com
  - bsc#1087471 Unreleased Postfix update breaks SUSE Manager
    o Removing setting smtpd_sasl_path and smtpd_sasl_type to empty
* Mon May 21 2018 michael@stroeder.com
  - Update to 3.3.1
    * Postfix did not support running as a PID=1 process, which
      complicated Postfix deployment in containers. The "postfix
      start-fg" command will now run the Postfix master daemon as a
      PID=1 process if possible. Thanks for inputs from Andreas
      Schulze, Eray Aslan, and Viktor Dukhovni.
    * Segfault in the postconf(1) command after it could not open a
      Postfix database configuration file due to a file permission
      error (dereferencing a null pointer). Reported by Andreas
      Hasenack, fixed by Viktor Dukhovni.
    * The luser_relay feature became a black hole, when the luser_relay
      parameter was set to a non-existent local address (i.e. mail
      disappeared silently). Reported by J?rgen Thomsen.
    * Missing error propagation in the tlsproxy(8) daemon could result
      in a segfault after TLS handshake error (dereferencing a
      0xffff...ffff pointer). This daemon handles the TLS protocol
      when a non-whitelisted client sends a STARTTLS command to
      postscreen(8).
* Wed May 09 2018 lnussel@suse.de
  - remove pre-requirements on sysvinit(network) and sysvinit(syslog).
    There seems to be no good reason for that other than blowing up
    the dependencies (bsc#1092408).
* Mon Apr 09 2018 adam.majer@suse.de
  - bsc#1071807 postfix-SuSE/config.postfix: only reload postfix
    if the actual service is running. This prevents spurious
    and irrelevant error messages in system logs.
* Thu Mar 22 2018 varkoly@suse.com
  - bsc#1082514 autoyast: postfix gets not set myhostname properly -
    set to localhost
* Mon Mar 12 2018 ilya@ilya.pp.ua
  - Refresh spec-file via spec-cleaner and manual optinizations.
    * Add %license macro.
    * Set license to IPL-1.0 OR EPL-2.0.
  - Update to 3.3.0
    * http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.0.RELEASE_NOTES
    * Dual license: in addition to the historical IBM Public License
      1.0, Postfix is now also distributed with the more recent Eclipse
      Public License 2.0. Recipients can choose to take the software
      under the license of their choice. Those who are more comfortable
      with the IPL can continue with that license.
    * The postconf command now warns about unknown parameter names
      in a Postfix database configuration file. As with other unknown
      parameter names, these warnings can help to find typos early.
    * Container support: Postfix 3.3 will run in the foreground with
      "postfix start-fg". This requires that Postfix multi-instance
      support is disabled (the default). To collect Postfix syslog
      information on the container's host, mount the host's /dev/log
      socket into the container, for example with "docker run -v
      /dev/log:/dev/log ...other options...", and specify a distinct
      Postfix syslog_name setting in the container (for example with
      "postconf syslog_name=the-name-here").
    * Milter support: applications can now send RET and ENVID parameters
      in SMFIR_CHGFROM (change envelope sender) requests.
    * Postfix-generated From: headers with 'full name' information
      are now formatted as "From: name <address>" by default. Specify
      "header_from_format = obsolete" to get the earlier form "From:
      address (name)".
    * Interoperability: when Postfix IPv6 and IPv4 support are both
      enabled, the Postfix SMTP client will now relax MX preferences
      and attempt to schedule similar numbers of IPv4 and IPv6
      addresses. This works around mail delivery problems when a
      destination announces lots of primary MX addresses on IPv6, but
      is reachable only over IPv4 (or vice versa). The new behavior
      is controlled with the smtp_balance_mx_inet_protocols parameter.
    * Compatibility safety net: with compatibility_level < 1, the
      Postfix SMTP server now warns for mail that would be blocked
      by the Postfix 2.10 smtpd_relay_restrictions feature, without
      blocking that mail. There still is a steady trickle of sites
      that upgrade from an earlier Postfix version.
* Tue Feb 13 2018 varkoly@suse.com
  - bsc#1065411 Package postfix should require package system-user-nobody
  - bsc#1080772 postfix smtpd throttle getting "hello" if no sasl auth
    was configured
* Thu Dec 07 2017 dimstar@opensuse.org
  - Fix usage of fillup_only:-y is not a valid option to this macro.
* Thu Nov 23 2017 rbrown@suse.com
  - Replace references to /var/adm/fillup-templates with new
    %_fillupdir macro (boo#1069468)
* Wed Nov 08 2017 kukuk@suse.de
  - Don't mark postfix.service as config file, this is no config
    file.
  - Some of the Requires(pre) are needed for post-install and at
    runtime, fix the requires.
* Mon Oct 30 2017 michael@stroeder.com
  - update to 3.2.4
    * DANE interoperability. Postfix builds with OpenSSL 1.0.0 or
      1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS
      records associated with an intermediate CA certificate. Problem
      report and initial fix by Erwan Legrand.
    * Missing dynamicmaps support in the Postfix sendmail command.
      This broke authorized_submit_users settings that use a
      dynamically-loaded map type. Problem reported by Ulrich Zehl.
* Fri Oct 20 2017 varkoly@suse.com
  - bnc#1059512 L3: Postfix Problem
    The applied changes breaks existing postfix configurations because
    daemon_directory was not adapted to the new value.
* Sun Oct 15 2017 chris@computersalat.de
  - fix build for SLE
    * nothing provides libnsl-devel
    * add bcond_with libnsl
* Wed Oct 04 2017 varkoly@suse.com
  - bnc#1059512 L3: Postfix Problem
    To manage multiple Postfix instances on a single host requires
    that daemon_directory and shlib_directory is different to
    avoid use of the shared directories also as per-instance directories.
    For this reason daemon_directory was set to /usr/lib/postfix/bin/.
    shlib_directory stands /usr/lib/postfix/.
* Thu Sep 28 2017 varkoly@suse.com
  - bnc#1016491 postfix raported to log "warning: group or other writable:"
    on each symlink in config.
    * Add fix-postfix-script.patch
* Mon Sep 25 2017 michael@stroeder.com
  - update to 3.2.3
    * Extension propagation was broken with "recipient_delimiter = .".
    This change reverts a change that was trying to be too clever.
    * The postqueue command would abort with a panic message after it
    experienced an output write error while listing the mail queue.
    This change restores a write error check that was lost with the
    Postfix 3.2 rewrite of the vbuf_print formatter.
    * Restored sanity checks for dynamically-specified width and precision
    in format strings (%*, %.*, and %*.*). These checks were lost with
    the Postfix 3.2 rewrite of the vbuf_print formatter.
* Thu Aug 17 2017 kukuk@suse.de
  - Add libnsl-devel build requires for glibc obsoleting libnsl
* Thu Jul 27 2017 varkoly@suse.com
  - bnc#1045264 L3: postmap problem
    * Applying proposed patch of leen.meyer@ziggo.nl in bnc#771811
* Fri Jun 16 2017 michael@stroeder.com
  - update to 3.2.2
    * Security: Berkeley DB versions 2 and later try to read settings
      from a file DB_CONFIG in the current directory. This undocumented
      feature may introduce undisclosed vulnerabilities resulting in
      privilege escalation with Postfix set-gid programs (postdrop,
      postqueue) before they chdir to the Postfix queue directory,
      and with the postmap and postalias commands depending on whether
      the user's current directory is writable by other users. This
      fix does not change Postfix behavior for Berkeley DB versions
      < 3, but it does reduce postmap and postalias 'create' performance
      with Berkeley DB versions 3.0 .. 4.6.
    * The SMTP server receive_override_options were not restored at
      the end of an SMTP session, after the options were modified by
      an smtpd_milter_maps setting of "DISABLE". Milter support
      remained disabled for the life time of the smtpd process.
    * After the Postfix 3.2 address/domain table lookup overhaul, the
      check_sender_access and check_recipient_access features ignored
      a non-default parent_domain_matches_subdomains setting.
* Wed Apr 19 2017 chris@computersalat.de
  - revert changes of postfix-main.cf.patch from rev=261
    * config.postfix will not 'enable' (remove #) var, but place
      modified (enabled) var at end of file, far away from place
      where it should be
    * keep vars enabled but empty
* Thu Apr 13 2017 werner@suse.de
  - Some cleanups
    * Fix SUSE postfix-files to avoid chown errors (anyway this file
      seems to be obsolete)
    * Avoid installing shared libraries twice
    * Refresh patch postfix-linux45.patch
* Sat Apr 08 2017 chris@computersalat.de
  - update postfix-master.cf.patch
    * recover lost (with 3.2.0 update) submission, smtps sections
    * merge with upstream update
  - update config.postfix
    * update master.cf generation for submission
  - rebase patches against 3.2.0
    * pointer_to_literals.patch
    * postfix-no-md5.patch
    * postfix-ssl-release-buffers.patch
    * postfix-vda-v14-3.0.3.patch
* Mon Mar 20 2017 kukuk@suse.de
  - Require system group mail
  - Use mail group name instead of GID
* Mon Mar 06 2017 mrueckert@suse.de
  - update to 3.2.0
    - [Feature 20170128] Postfix 3.2 fixes the handling of address
      extensions with email addresses that contain spaces. For
      example, the virtual_alias_maps, canonical_maps, and
      smtp_generic_maps features now correctly propagate an address
      extension from "aa bb+ext"@example.com to "cc
      dd+ext"@other.example, instead of producing broken output.
    - [Feature 20161008] "PASS" and "STRIP" actions in
      header/body_checks.  "STRIP" is similar to "IGNORE" but also
      logs the action, and "PASS" disables header, body, and Milter
      inspection for the remainder of the message content.
      Contributed by Hobbit.
    - [Feature 20160330] The collate.pl script by Viktor Dukhovni for
      grouping Postfix logfile records into "sessions" based on queue
      ID and process ID information. It's in the auxiliary/collate
      directory of the Postfix source tree.
    - [Feature 20160527] Postfix 3.2 cidr tables support if/endif and
      negation (by prepending ! to a pattern), just like regexp and
      pcre tables.  The primarily purpose is to improve readability
      of complex tables. See the cidr_table(5) manpage for syntax
      details.
    - [Incompat 20160925] In the Postfix MySQL database client, the
      default option_group value has changed to "client", to enable
      reading of "client" option group settings in the MySQL options
      file. This fixes a "not found" problem with Postfix queries
      that contain UTF8-encoded non-ASCII text.  Specify an empty
      option_group value (option_group =) to get backwards-compatible
      behavior.
    - [Feature 20161217] Stored-procedure support for MySQL
      databases.  Contributed by John Fawcett. See mysql_table(5) for
      instructions.
    - [Feature 20170128] The postmap command, and the inline: and
      texthash: maps now support spaces in left-hand field of the
      lookup table "source text". Use double quotes (") around a
      left-hand field that contains spaces, and use backslash (\) to
      protect embedded quotes in a left-hand field. There is no
      change in the processing of the right-hand field.
    - [Feature 20160611] The Postfix SMTP server local IP address and
      port are available in the policy delegation protocol (attribute
      names: server_address, server_port), in the Milter protocol
      (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT
      protocol (attribute names: DESTADDR, DESTPORT).
    - [Feature 20161024] smtpd_milter_maps support for per-client
      Milter configuration that overrides smtpd_milters, and that has
      the same syntax. A lookup result of "DISABLE" turns off Milter
      support. See MILTER_README.html for details.
    - [Feature 20160611] The Postfix SMTP server local IP address and
      port are available in the policy delegation protocol (attribute
      names: server_address, server_port), in the Milter protocol
      (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT
      protocol (attribute names: DESTADDR, DESTPORT).
    - [Incompat 20170129] The postqueue command no longer forces all
      message arrival times to be reported in UTC. To get the old
      behavior, set TZ=UTC in main.cf:import_environment (this
      override is not recommended, as it affects all Postfix utities
      and daemons).
    - [Incompat 20161227] For safety reasons, the sendmail -C option
      must specify an authorized directory: the default configuration
      directory, a directory that is listed in the default main.cf
      file with alternate_config_directories or
      multi_instance_directories, or the command must be invoked with
      root privileges (UID 0 and EUID 0).  This mitigates a recurring
      problem with the PHP mail() function.
    - [Feature 20160625] The Postfix SMTP server now passes remote
      client and local server network address and port information to
      the Cyrus SASL library. Build with ``make makefiles
      "CCARGS=$CCARGS -DNO_IP_CYRUS_SASL_AUTH"'' for backwards
      compatibility.
    - [Feature 20161103] Postfix 3.2 disables the 'transitional'
      compatibility between the IDNA2003 and IDNA2008 standards for
      internationalized domain names (domain names beyond the limits
      of US-ASCII).
      This change makes Postfix behavior consistent with contemporary
      web browsers. It affects the handling of some corner cases such
      as German sz and Greek zeta. See
      http://unicode.org/cldr/utility/idna.jsp for more examples.
      Specify "enable_idna2003_compatibility = yes" to restore
      historical behavior (but keep in mind that the rest of the
      world may not make that same choice).
    - [Feature 20160828] Fixes for deprecated OpenSSL 1.1.0 API
      features, so that Postfix will build without depending on
      backwards-compatibility support.
      [Incompat 20161204] Postfix 3.2 removes tentative features that
      were implemented before the DANE spec was finalized:
    - Support for certificate usage PKIX-EE(1),
    - The ability to disable digest agility (Postfix now behaves as
      if "tls_dane_digest_agility = on"), and
    - The ability to disable support for "TLSA 2 [01] [12]" records
      that specify the digest of a trust anchor (Postfix now
      behaves as if "tls_dane_trust_anchor_digest_enable = yes).
    - [Feature 20161217] Postfix 3.2 enables elliptic curve
      negotiation with OpenSSL >= 1.0.2.  This changes the default
      smtpd_tls_eecdh_grade setting to "auto", and introduces a new
      parameter tls_eecdh_auto_curves with the names of curves that
      may be negotiated.
      The default tls_eecdh_auto_curves setting is determined at
      compile time, and depends on the Postfix and OpenSSL versions.
      At runtime, Postfix will skip curve names that aren't supported
      by the OpenSSL library.
    - [Feature 20160611] The Postfix SMTP server local IP address and
      port are available in the policy delegation protocol (attribute
      names: server_address, server_port), in the Milter protocol
      (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT
      protocol (attribute names: DESTADDR, DESTPORT).
  - refresh postfix-master.cf.patch
* Mon Mar 06 2017 wr@rosenauer.org
  - make sure that system users can be created in %pre
* Sat Feb 18 2017 kukuk@suse.com
  - Fix requires:
    - shadow is needed for postfix-mysql pre-install section
    - insserv is not needed if systemd is used
* Sat Jan 21 2017 chris@computersalat.de
  - update postfix-mysql
    * update  mysql_*.cf files
    * update postfix-mysql.sql (INNODB, utf8)
  - update postfix-main.cf.patch
    * uncomment smtpd_sasl_path, smtpd_sasl_type
      can be changed via POSTFIX_SMTP_AUTH_SERVICE=(cyrus,dovecot)
    * add option for smtp_tls_policy_maps (commented)
  - update postfix-master.cf.patch
    * fix indentation of submission, smtps options for correct
      enabling via config.postfix
  - update config.postfix
    * fix sync of CA certificates
    * fix master.cf generation for submission, smtps
  - rebase postfix-vda-v14-3.0.3.patch
* Wed Jan 11 2017 varkoly@suse.com
  - FATE#322322 Update postfix to version 3.X
    Merging changes with SLES12-SP2
    Removeved patches: add_missed_library.patch bnc#947707.diff dynamic_maps.patch postfix-db6.diff
      postfix-opensslconfig.patch bnc#947519.diff dynamic_maps_pie.patch
      postfix-post-install.patch
      These are included in the new version of postfix
  - Remove references to SuSEconfig.postfix from sysconfig docs.
    (bsc#871575)
  - bnc#947519 SuSEconfig.postfix should enforce umask 022
  - bnc#947707 mail generated by Amavis being prevented from being re-adressed by /etc/postfix/virtual
  - bnc#972346 /usr/sbin/SuSEconfig.postfix is wrong
  - postfix-linux45.patch: handle Linux 4.x and Linux 5.x (used by aarch64)
    (bsc#940289)
* Tue Jan 03 2017 varkoly@suse.com
  - update to 3.1.4
    * The postscreen daemon did not merge the client test status information
      for concurrent sessions from the same IP address.
    * The Postfix SMTP server falsely rejected a sender address when validating
      a sender address with "smtpd_reject_unlisted_recipient = yes" or with
      "reject_unlisted_sender". Cause: the address validation code did not query sender_canonical_maps.
    * The virtual delivery agent did not detect failure to skip to the end
      of a mailbox file, so that mail would be delivered to the beginning of the file.
      This could happen when a mailbox file was already larger than the virtual mailbox size limit.
    * The postsuper logged an incorrect rename operation count after creating a missing directory.
    * The Postfix SMTP server falsely rejected mail when a sender-dependent "error"
      transport was configured. Cause: the SMTP server address validation code
      was not updated when the sender_dependent_default_transport_maps feature
      was introduced.
    * The Postfix SMTP server falsely rejected an SMTPUTF8 sender address, when "smtpd_delay_reject = no".
    * The "postfix tls deploy-server-cert" command used the wrong certificate
      and key file. This was caused by a cut-and-paste error in the postfix-tls-script file.
* Sat Nov 26 2016 chris@computersalat.de
  - improve config.postfix
    * improve SASL stuff
    * add POSTFIX_SMTP_AUTH_SERVICE=(cyrus|dovecot)
* Mon Nov 14 2016 chris@computersalat.de
  - improve config.postfix
    * improve with MySQL stuff
* Mon Nov 07 2016 chris@computersalat.de
  - update vda patch to latest available
    * remove postfix-vda-v13-3.10.0.patch
    * add postfix-vda-v14-3.0.3.patch
  - rebase patches (and to be p0)
    * pointer_to_literals.patch
    * postfix-main.cf.patch
    * postfix-master.cf.patch
    * postfix-no-md5.patch
    * postfix-ssl-release-buffers.patch
  - add /etc/postfix/ssl as default DIR for SSL stuff
    * cacerts -> ../../ssl/certs/
    * certs/
  - revert POSTFIX_SSL_PATH from '/etc/ssl' to '/etc/postfix/ssl'
  - improve config.postfix
    * revert smtpd_tls_CApath to POSTFIX_SSL_PATH/cacerts which is a
      symlink to /etc/ssl/certs
      Without reverting, 'gen_CA' would create files which would then be on
      the previous defined 'sslpath(/etc/ssl)/certs' (smtpd_tls_CApath)
      Cert reqs would be placed in 'sslpath(/etc/ssl)/certs/postfixreq.pem'
      which is not a good idea.
    * mkchroot: sync '/etc/postfix/ssl' to chroot
    * improve PCONF for smtp{,d}_tls_{cert,key}_file, adding/removing from
      main.cf, show warning if enabled and file is missing
* Sun Oct 09 2016 michael@stroeder.com
  - update to 3.1.3:
    * The Postfix SMTP server did not reset a previous session's
      failed/total command counts before rejecting a client that
      exceeds request or concurrency rates. This resulted in incorrect
      failed/total command counts being logged at the end of the
      rejected session.
    * The unionmap multi-table interface did not propagate table
      lookup errors, resulting in false "user unknown" responses.
    * The documentation was updated with a workaround for false "not
      found" errors with MySQL map queries that contain UTF8-encoded
      text. The workaround is to specify "option_group = client" in
      Postfix MySQL configuration files. This will be the default
      setting with Postfix 3.2 and later.
* Sun Sep 04 2016 michael@stroeder.com
  - update to 3.1.2:
    * Changes to make Postfix build with OpenSSL 1.1.0.
    * The makedefs script ignored readme_directory=pathname overrides.
      Fix by Todd C. Olson.
    * The tls_session_ticket_cipher documentation says that the default
      cipher for TLS session tickets is aes-256-cbc, but the implemented
      default was aes-128-cbc. Note that TLS session ticket keys are
      rotated after 1/2 hour, to limit the impact of attacks on session
      ticket keys.
* Thu Jun 02 2016 schwab@suse.de
  - postfix-post-install.patch: remove empty patch
* Sun May 29 2016 chris@computersalat.de
  - fix Changelog cause of Factory decline
* Tue May 24 2016 varkoly@suse.com
  - Fix typo in config.postfix
* Tue May 24 2016 varkoly@suse.com
  - bnc#981097 config.postfix creates broken main.cf for tls client configuration
  - bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete
  - update to 3.1.1:
  - The new address_verify_pending_request_limit
    parameter introduces a safety limit for the number of address
    verification probes in the active queue.  The default limit is 1/4
    of the active queue maximum size. The queue manager enforces the
    limit by tempfailing probe messages that exceed the limit. This
    design avoids dependencies on global counters that get out of sync
    after a process or system crash.
  - Machine-readable, JSON-formatted queue listing with "postqueue -j"
    (no "mailq" equivalent).
  - The milter_macro_defaults feature provides an optional list of macro
    name=value pairs. These specify default values for Milter macros when
    no value is available from the SMTP session context.
  - Support to enforce a destination-independent delay between email
    deliveries.  The following example inserts 20 seconds of delay
    between all deliveries with the SMTP transport, limiting the delivery
    rate to at most three messages per minute.
      smtp_transport_rate_delay = 20s
  - Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes
    that a "not found" result from a DNSBL server will be valid for one
    hour.  This may have been adequate five years ago when postscreen
    was first implemented, but nowadays, that one hour can result in
    missed opportunities to block new spambots.
    To address this, postscreen now respects the TTL of DNSBL "not
    found" replies, as well as the TTL of DNSWL replies (both "found"
    and "not found").  The TTL for a "not found" reply is determined
    according to RFC 2308 (the TTL of an SOA record in the reply).
    Support for DNSBL or DNSWL reply TTL values is controlled by two
    configuration parameters:
    postscreen_dnsbl_min_ttl (default: 60 seconds).
    postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour)
    The postscreen_dnsbl_ttl parameter is now obsolete, and has become
    the default value for the new postscreen_dnsbl_max_ttl parameter.
  - New "smtpd_client_auth_rate_limit" feature, to
    enforce an optional rate limit on AUTH commands per SMTP client IP
    address.  Similar to other smtpd_client_*_rate_limit features, this
    enforces a limit on the number of requests per $anvil_rate_time_unit.
  - New SMTPD policy service attribute "policy_context",
    with a corresponding "smtpd_policy_service_policy_context" configuration
    parameter.  Originally, this was implemented to share the same SMTPD
    policy service endpoint among multiple check_policy_service clients.
  - A new "postfix tls" command to quickly enable opportunistic TLS
    in the Postfix SMTP client or server, and to manage SMTP server keys
    and certificates, including certificate signing requests and
    TLSA DNS records for DANE.
* Tue Apr 19 2016 opensuse@dstoecker.de
  - build with working support for SMTPUTF8
* Sun Mar 20 2016 mrueckert@suse.de
  - fix build on sle11 by pointing _libexecdir to /usr/lib all the
    time.
* Sun Mar 20 2016 mrueckert@suse.de
  - some distros did not pull pkgconfig indirectly. pull it directly.
* Sun Mar 20 2016 mrueckert@suse.de
  - fix building the dynamic maps: the old build had postgresql e.g.
    with missing symbols.
    - convert to AUXLIBS_* instead of plain AUXLIBS which is needed
      for proper dynamic maps.
    - reordered the CCARGS and AUXLIBS* lines to group by feature
    - use pkgconfig or *_config tools where possible
  - picked up signed char from fedora spec file
  - enable lmdb support: new BR lmdb-devel, new subpackage
    postfix-lmdb.
  - don't delete vmail user/groups
* Wed Mar 09 2016 varkoly@suse.com
  - update to 3.1.0
  - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:,
    lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients.
    Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch
    could be removed.
  - Adapting all the patches to postfix 3.1.0
  - remove obsolete patches
    * add_missed_library.patch
    * postfix-opensslconfig.patch
  - update vda patch
    * remove postfix-vda-v13-2.10.0.patch
    * add postfix-vda-v13-3.10.0.patch
  - The patch postfix-db6.diff is not more neccessary
  - Backwards-compatibility safety net.
    With NEW Postfix installs, you MUST install a main.cf file with
    the setting "compatibility_level = 2". See conf/main.cf for an
    example.
    With UPGRADES of existing Postfix systems, you MUST NOT change the
    main.cf compatibility_level setting, nor add this setting if it
    does not exist.
    Several Postfix default settings have changed with Postfix 3.0.  To
    avoid massive frustration with existing Postfix installations,
    Postfix 3.0 comes with a safety net that forces Postfix to keep
    running with backwards-compatible main.cf and master.cf default
    settings. This safety net depends on the main.cf compatibility_level
    setting (default: 0). Details are in COMPATIBILITY_README.
  - Major changes - tls
    * [Feature 20160207] A new "postfix tls" command to quickly enable
    opportunistic TLS in the Postfix SMTP client or server, and to
    manage SMTP server keys and certificates, including certificate
    signing requests and TLSA DNS records for DANE.
    * As of the middle of 2015, all supported Postfix releases no longer
    nable "export" grade ciphers for opportunistic TLS, and no longer
    use the deprecated SSLv2 and SSLv3 protocols for mandatory or
    opportunistic TLS.
    * [Incompat 20150719] The default Diffie-Hellman non-export prime was
    updated from 1024 to 2048 bits, because SMTP clients are starting
    to reject TLS handshakes with primes smaller than 2048 bits.
    * [Feature 20160103] The Postfix SMTP client by default enables DANE
    policies when an MX host has a (DNSSEC) secure TLSA DNS record,
    even if the MX DNS record was obtained with insecure lookups.  The
    existence of a secure TLSA record implies that the host wants to
    talk TLS and not plaintext. For details see the
    smtp_tls_dane_insecure_mx_policy configuration parameter.
  - Major changes - default settings
    [Incompat 20141009] The default settings have changed for relay_domains
    (new: empty, old: $mydestination) and mynetworks_style (new: host,
    old: subnet).  However the backwards-compatibility safety net will
    prevent these changes from taking effect, giving the system
    administrator the option to make an old default setting permanent
    in main.cf or to adopt the new default setting, before turning off
    backwards compatibility. See COMPATIBILITY_README for details.
    [Incompat 20141001] A new backwards-compatibility safety net forces
    Postfix to run with backwards-compatible main.cf and master.cf
    default settings after an upgrade to a newer but incompatible Postfix
    version. See COMPATIBILITY_README for details.
    While the backwards-compatible default settings are in effect,
    Postfix logs what services or what email would be affected by the
    incompatible change. Based on this the administrator can make some
    backwards-compatibility settings permanent in main.cf or master.cf,
    before turning off backwards compatibility.
  - Major changes - address verification safety
    [Feature 20151227] The new address_verify_pending_request_limit
    parameter introduces a safety limit for the number of address
    verification probes in the active queue.  The default limit is 1/4
    of the active queue maximum size. The queue manager enforces the
    limit by tempfailing probe messages that exceed the limit. This
    design avoids dependencies on global counters that get out of sync
    after a process or system crash.
    Tempfailing verify requests is not as bad as one might think.  The
    Postfix verify cache proactively updates active addresses weeks
    before they expire. The address_verify_pending_request_limit affects
    only unknown addresses, and inactive addresses that have expired
    from the address verify cache (by default, after 31 days).
  - Major changes - json support
    [Feature 20151129] Machine-readable, JSON-formatted queue listing
    with "postqueue -j" (no "mailq" equivalent).  The output is a stream
    of JSON objects, one per queue file.  To simplify parsing, each
    JSON object is formatted as one text line followed by one newline
    character. See the postqueue(1) manpage for a detailed description
    of the output format.
  - Major changes - milter support
    [Feature 20150523] The milter_macro_defaults feature provides an
    optional list of macro name=value pairs. These specify default
    values for Milter macros when no value is available from the SMTP
    session context.
    For example, with "milter_macro_defaults = auth_type=TLS", the
    Postfix SMTP server will send an auth_type of "TLS" to a Milter,
    unless the remote client authenticates with SASL.
    This feature was originally implemented for a submission service
    that may authenticate clients with a TLS certificate, without having
    to make changes to the code that implements TLS support.
  - Major changes - output rate control
    [Feature 20150710] Destination-independent delivery rate delay
    Support to enforce a destination-independent delay between email
    deliveries.  The following example inserts 20 seconds of delay
    between all deliveries with the SMTP transport, limiting the delivery
    rate to at most three messages per minute.
    /etc/postfix/main.cf:
      smtp_transport_rate_delay = 20s
    For details, see the description of default_transport_rate_delay
    and transport_transport_rate_delay in the postconf(5) manpage.
  - Major changes - postscreen dnsbl
    [Feature 20150710] postscreen support for the TTL of DNSBL and DNSWL
    lookup results
    Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes
    that a "not found" result from a DNSBL server will be valid for one
    hour.  This may have been adequate five years ago when postscreen
    was first implemented, but nowadays, that one hour can result in
    missed opportunities to block new spambots.
    To address this, postscreen now respects the TTL of DNSBL "not
    found" replies, as well as the TTL of DNSWL replies (both "found"
    and "not found").  The TTL for a "not found" reply is determined
    according to RFC 2308 (the TTL of an SOA record in the reply).
    Support for DNSBL or DNSWL reply TTL values is controlled by two
    configuration parameters:
    postscreen_dnsbl_min_ttl (default: 60 seconds).
      This parameter specifies a minimum for the amount of time that
      a DNSBL or DNSWL result will be cached in the postscreen_cache_map.
      This prevents an excessive number of postscreen cache updates
      when a DNSBL or DNSWL server specifies a very small reply TTL.
    postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour)
      This parameter specifies a maximum for the amount of time that
      a DNSBL or DNSWL result will be cached in the postscreen_cache_map.
      This prevents cache pollution when a DNSBL or DNSWL server
      specifies a very large reply TTL.
    The postscreen_dnsbl_ttl parameter is now obsolete, and has become
    the default value for the new postscreen_dnsbl_max_ttl parameter.
  - Major changes - sasl auth safety
    [Feature 20151031] New "smtpd_client_auth_rate_limit" feature, to
    enforce an optional rate limit on AUTH commands per SMTP client IP
    address.  Similar to other smtpd_client_*_rate_limit features, this
    enforces a limit on the number of requests per $anvil_rate_time_unit.
  - Major changes - smtpd policy
    [Feature 20150913] New SMTPD policy service attribute "policy_context",
    with a corresponding "smtpd_policy_service_policy_context" configuration
    parameter.  Originally, this was implemented to share the same SMTPD
    policy service endpoint among multiple check_policy_service clients.
* Wed Dec 09 2015 varkoly@suse.com
  - bnc#958329 postfix fails to start when openslp is not installed
* Mon Oct 12 2015 michael@stroeder.com
  - upstream update postfix 2.11.7:
    * The Postfix Milter client aborted with a panic while adding a
      message header, after adding a short message header with the
      header_checks PREPEND action. Fixed by invoking the header
      output function while PREPENDing a message header.
    * False alarms while scanning the Postfix queue. Fixed by resetting
      errno before calling readdir(). This defect was introduced
      19970309.
    * The postmulti command produced an incorrect error message.
    * The postmulti command now refuses to create a new MTA instance
      when the template main.cf or master.cf file are missing. This
      is a common problem on Debian-like systems.
    * Turning on Postfix SMTP server HAProxy support broke TLS
      wrappermode. Fixed by temporarily using a 1-byte VSTREAM buffer
      to read the HAProxy connection hand-off information.
    * The xtext_unquote() function did not propagate error reports
      from xtext_unquote_append(), causing the decoder to return
      partial output, instead of rejecting malformed input. The Postfix
      SMTP server uses this function to parse input for the ENVID and
      ORCPT parameters, and for XFORWARD and XCLIENT command parameters.
* Wed Aug 12 2015 jkeil@suse.de
  - boo#934060: Remove quirky hostname logic from config.postfix
    * /etc/hostname doesn't contain anything useful
    * linux.local is no good either
    * postfix will use `hostname`.localdomain as fallback
* Tue Aug 04 2015 meissner@suse.com
  - postfix-no-md5.patch: replace fingerprint defaults by sha1. bsc#928885
* Tue Aug 04 2015 meissner@suse.com
  - %verifyscript is a new section, move it out of the %ifdef
    so the fillups are run afterwards.
* Wed Jul 22 2015 michael@stroeder.com
  - upstream update postfix 2.11.6:
    Default settings have been updated so that they no longer enable
    export-grade ciphers, and no longer enable the SSLv2 and SSLv3
    protocols.
  - removed postfix-2.11.5_linux4.patch because it's obsolete
  - Bugfix (introduced: Postfix 2.11): with connection caching
    enabled (the default), recipients could be given to the wrong
    mail server. (bsc#944722)
* Mon Jun 01 2015 crrodriguez@opensuse.org
  - postfix-SuSE.tar.gz/postfix.service: None of
    nss-lookup.target network.target local-fs.target time-sync.target
    should be Wanted or Required except by the services
    the implement the relevant functionality i.e network.target
    is wanted/required by networkmanager, wicked,
    systemd-network. other software must be ordered After them,
    see systemd.special(7)
* Sun May 17 2015 mpluskal@suse.com
  - Fix library symlink generation (boo#928662)
* Tue Apr 21 2015 mrueckert@suse.de
  - added postfix-2.11.5_linux4.patch:
    Allow building on kernel 4. Patch taken from:
    https://groups.google.com/forum/#!topic/mailing.postfix.users/fufS22sMGWY
* Sun Apr 19 2015 mrueckert@suse.de
  - update to postfix 2.11.5
    - Bugfix (introduced: Postfix 2.6):
      sender_dependent_relayhost_maps ignored the relayhost setting
      in the case of a DUNNO lookup result.  It would use the
      recipient domain instead.  Viktor Dukhovni. Wietse took the
      pieces of code that enforce the precedence of a
      sender-dependent relayhost, the global relayhost, and the
      recipient domain, and put that code together in once place so
      that it is easier to maintain.  File:
      trivial-rewrite/resolve.c.
    - Bitrot: prepare for future changes in OpenSSL API. Viktor
      Dukhovni. File: tls_dane.c.
    - Incompatibility: specifying "make makefiles" with "CC=command"
      will no longer override the default WARN setting.
* Mon Feb 09 2015 michael@stroeder.com
  - upstream update postfix 2.11.4:
    Postfix 2.11.4 only:
    * Fix a core dump when smtp_policy_maps specifies an invalid TLS
    level.
    * Fix a missing " in \%s\", in postconf(1) fatal error messages,
    which violated the C language spec. Reported by Iain Hibbert.
    All supported releases:
    * Stop excessive recursion in the cleanup server while recovering
    from a virtual alias expansion loop. Problem found at Two Sigma.
    * Stop exponential memory allocation with virtual alias expansion
    loops. This came to light after fixing the previous problem.
* Sun Feb 08 2015 varkoly@suse.com
  - correct pf_daemon_directory in spec. This must be /usr/lib/
* Thu Jan 22 2015 varkoly@suse.com
  - bnc#914086 syntax error in config.postfix
  - Adapt config.postfix to be able to run on SLE11 too.
* Mon Jan 19 2015 mpluskal@suse.com
  - Don't install sysvinit script when systemd is used
  - Make explicit PreReq dependencies conditional only for older
    systems
  - Don't try to set explicit attributes to symlinks
  - Cleanup spec file vith spec-cleaner
* Tue Jan 13 2015 varkoly@suse.com
  - bnc#912594 config.postfix creates config based on old options
* Tue Jan 06 2015 varkoly@suse.com
  - bnc#911806 config.postfix does not set up correct saslauthd socket directory for chroot
  - bnc#910265 config.postfix does not upgrade the chroot
  - bnc#908003 wrong access rights on /usr/sbin/postdrop causes
    permission denied when trying to send a mail as non root user
  - bnc#729154 wrong permissions for some postfix components
* Fri Nov 21 2014 tchvatal@suse.com
  - Remove keyring and things as it is md5 based one no longer
    accepted by gpg 2.1
* Fri Nov 14 2014 dimstar@opensuse.org
  - No longer perform gpg validation; osc source_validator does it
    implicit:
    + Drop gpg-offline BuildRequires.
    + No longer execute gpg_verify.
* Mon Oct 27 2014 dmueller@suse.com
  - restore previously lost fix:
    Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de
    - Ignore errors in %pre/%post.
* Mon Oct 20 2014 michael@stroeder.com
  - postfix 2.11.3:
    * Fix for configurations that prepend message headers with Postfix
      access maps, policy servers or Milter applications. Postfix now
      hides its own Received: header from Milters and exposes prepended
      headers to Milters, regardless of the mechanism used to prepend
      a header. This fix reverts a partial solution that was released
      on October 13, 2014, and replaces it with a complete solution.
    * Portability fix for MacOS X 10.7.x (Darwin 11.x) build procedure.
  - postfix 2.11.2:
    * Fix for DMARC implementations based on SPF policy plus DKIM
      Milter. The PREPEND access/policy action added headers ABOVE
      Postfix's own Received: header, exposing Postfix's own Received:
      header to Milters (protocol violation) and hiding the PREPENDed
      header from Milters. PREPENDed headers are now added BELOW
      Postfix's own Received: header and remain visible to Milters.
    * The Postfix SMTP server logged an incorrect client name in
      reject messages for check_reverse_client_hostname_access and
      check_reverse_client_hostname_{mx,ns}_access. They replied with
      the verified client name, instead of the name that was rejected.
    * The qmqpd daemon crashed with null pointer bug when logging a
      lost connection while not in a mail transaction.

Files

/etc/pam.d/smtp
/etc/permissions.d/postfix
/etc/permissions.d/postfix.paranoid
/etc/postfix
/etc/postfix/LICENSE
/etc/postfix/TLS_LICENSE
/etc/postfix/access
/etc/postfix/aliases
/etc/postfix/bounce.cf.default
/etc/postfix/canonical
/etc/postfix/dynamicmaps.cf
/etc/postfix/generic
/etc/postfix/header_checks
/etc/postfix/helo_access
/etc/postfix/main.cf
/etc/postfix/main.cf.default
/etc/postfix/makedefs.out
/etc/postfix/master.cf
/etc/postfix/openssl_postfix.conf.in
/etc/postfix/post-install
/etc/postfix/postfix-files
/etc/postfix/postfix-script
/etc/postfix/postfix-tls-script
/etc/postfix/postfix-wrapper
/etc/postfix/postmulti-script
/etc/postfix/relay
/etc/postfix/relay_ccerts
/etc/postfix/relocated
/etc/postfix/sasl_passwd
/etc/postfix/sender_canonical
/etc/postfix/ssl
/etc/postfix/ssl/cacerts
/etc/postfix/ssl/certs
/etc/postfix/transport
/etc/postfix/virtual
/etc/sasl2
/etc/sasl2/smtpd.conf
/usr/bin/mailq
/usr/bin/newaliases
/usr/lib/postfix
/usr/lib/postfix/bin
/usr/lib/postfix/bin/anvil
/usr/lib/postfix/bin/bounce
/usr/lib/postfix/bin/cleanup
/usr/lib/postfix/bin/discard
/usr/lib/postfix/bin/dnsblog
/usr/lib/postfix/bin/error
/usr/lib/postfix/bin/flush
/usr/lib/postfix/bin/lmtp
/usr/lib/postfix/bin/local
/usr/lib/postfix/bin/master
/usr/lib/postfix/bin/nqmgr
/usr/lib/postfix/bin/oqmgr
/usr/lib/postfix/bin/pickup
/usr/lib/postfix/bin/pipe
/usr/lib/postfix/bin/post-install
/usr/lib/postfix/bin/postfix-script
/usr/lib/postfix/bin/postfix-tls-script
/usr/lib/postfix/bin/postfix-wrapper
/usr/lib/postfix/bin/postlogd
/usr/lib/postfix/bin/postmulti-script
/usr/lib/postfix/bin/postscreen
/usr/lib/postfix/bin/proxymap
/usr/lib/postfix/bin/qmgr
/usr/lib/postfix/bin/qmqpd
/usr/lib/postfix/bin/scache
/usr/lib/postfix/bin/showq
/usr/lib/postfix/bin/smtp
/usr/lib/postfix/bin/smtpd
/usr/lib/postfix/bin/spawn
/usr/lib/postfix/bin/tlsmgr
/usr/lib/postfix/bin/tlsproxy
/usr/lib/postfix/bin/trivial-rewrite
/usr/lib/postfix/bin/verify
/usr/lib/postfix/bin/virtual
/usr/lib/postfix/dynamicmaps.cf
/usr/lib/postfix/dynamicmaps.cf.d
/usr/lib/postfix/libpostfix-dns.so
/usr/lib/postfix/libpostfix-global.so
/usr/lib/postfix/libpostfix-master.so
/usr/lib/postfix/libpostfix-tls.so
/usr/lib/postfix/libpostfix-util.so
/usr/lib/postfix/main.cf.proto
/usr/lib/postfix/makedefs.out
/usr/lib/postfix/master.cf.proto
/usr/lib/postfix/postfix-files
/usr/lib/postfix/postfix-files.d
/usr/lib/postfix/postfix-pcre.so
/usr/lib/postfix/systemd
/usr/lib/postfix/systemd/cond_slp
/usr/lib/postfix/systemd/config_postfix
/usr/lib/postfix/systemd/update_chroot
/usr/lib/postfix/systemd/update_postmaps
/usr/lib/postfix/systemd/wait_qmgr
/usr/lib/sendmail
/usr/lib/systemd/system/postfix.service
/usr/lib/sysusers.d/postfix-user.conf
/usr/lib64/libpostfix-dns.so
/usr/lib64/libpostfix-global.so
/usr/lib64/libpostfix-master.so
/usr/lib64/libpostfix-tls.so
/usr/lib64/libpostfix-util.so
/usr/sbin/check_mail_queue
/usr/sbin/config.postfix
/usr/sbin/mkpostfixcert
/usr/sbin/postalias
/usr/sbin/postcat
/usr/sbin/postconf
/usr/sbin/postdrop
/usr/sbin/postfix
/usr/sbin/postkick
/usr/sbin/postlock
/usr/sbin/postlog
/usr/sbin/postmap
/usr/sbin/postmulti
/usr/sbin/postqueue
/usr/sbin/postsuper
/usr/sbin/qmqp-source
/usr/sbin/rcpostfix
/usr/sbin/sendmail
/usr/sbin/smtp-sink
/usr/sbin/smtp-source
/usr/share/doc/packages/postfix-bdb
/usr/share/doc/packages/postfix-bdb/RELEASE_NOTES
/usr/share/fillup-templates/sysconfig.mail-postfix
/usr/share/fillup-templates/sysconfig.postfix
/usr/share/licenses/postfix-bdb
/usr/share/licenses/postfix-bdb/LICENSE
/usr/share/licenses/postfix-bdb/TLS_LICENSE
/usr/share/man/man1/mailq.1.gz
/usr/share/man/man1/newaliases.1.gz
/usr/share/man/man1/postalias.1.gz
/usr/share/man/man1/postcat.1.gz
/usr/share/man/man1/postconf.1.gz
/usr/share/man/man1/postdrop.1.gz
/usr/share/man/man1/postfix-tls.1.gz
/usr/share/man/man1/postfix.1.gz
/usr/share/man/man1/postkick.1.gz
/usr/share/man/man1/postlock.1.gz
/usr/share/man/man1/postlog.1.gz
/usr/share/man/man1/postmap.1.gz
/usr/share/man/man1/postmulti.1.gz
/usr/share/man/man1/postqueue.1.gz
/usr/share/man/man1/postsuper.1.gz
/usr/share/man/man1/sendmail.1.gz
/usr/share/man/man5/access.5.gz
/usr/share/man/man5/aliases.5.gz
/usr/share/man/man5/body_checks.5.gz
/usr/share/man/man5/bounce.5.gz
/usr/share/man/man5/canonical.5.gz
/usr/share/man/man5/cidr_table.5.gz
/usr/share/man/man5/generic.5.gz
/usr/share/man/man5/header_checks.5.gz
/usr/share/man/man5/master.5.gz
/usr/share/man/man5/memcache_table.5.gz
/usr/share/man/man5/nisplus_table.5.gz
/usr/share/man/man5/pcre_table.5.gz
/usr/share/man/man5/postconf.5.gz
/usr/share/man/man5/postfix-wrapper.5.gz
/usr/share/man/man5/regexp_table.5.gz
/usr/share/man/man5/relocated.5.gz
/usr/share/man/man5/socketmap_table.5.gz
/usr/share/man/man5/sqlite_table.5.gz
/usr/share/man/man5/tcp_table.5.gz
/usr/share/man/man5/transport.5.gz
/usr/share/man/man5/virtual.5.gz
/usr/share/man/man8/anvil.8.gz
/usr/share/man/man8/bounce.8.gz
/usr/share/man/man8/cleanup.8.gz
/usr/share/man/man8/defer.8.gz
/usr/share/man/man8/discard.8.gz
/usr/share/man/man8/dnsblog.8.gz
/usr/share/man/man8/error.8.gz
/usr/share/man/man8/flush.8.gz
/usr/share/man/man8/lmtp.8.gz
/usr/share/man/man8/local.8.gz
/usr/share/man/man8/master.8.gz
/usr/share/man/man8/oqmgr.8.gz
/usr/share/man/man8/pickup.8.gz
/usr/share/man/man8/pipe.8.gz
/usr/share/man/man8/postlogd.8.gz
/usr/share/man/man8/postscreen.8.gz
/usr/share/man/man8/proxymap.8.gz
/usr/share/man/man8/qmgr.8.gz
/usr/share/man/man8/qmqpd.8.gz
/usr/share/man/man8/scache.8.gz
/usr/share/man/man8/showq.8.gz
/usr/share/man/man8/smtp.8.gz
/usr/share/man/man8/smtpd.8.gz
/usr/share/man/man8/spawn.8.gz
/usr/share/man/man8/tlsmgr.8.gz
/usr/share/man/man8/tlsproxy.8.gz
/usr/share/man/man8/trace.8.gz
/usr/share/man/man8/trivial-rewrite.8.gz
/usr/share/man/man8/verify.8.gz
/usr/share/man/man8/virtual.8.gz
/var/adm/backup/postfix
/var/lib/postfix
/var/mail
/var/spool/mail
/var/spool/postfix
/var/spool/postfix/active
/var/spool/postfix/bounce
/var/spool/postfix/corrupt
/var/spool/postfix/defer
/var/spool/postfix/deferred
/var/spool/postfix/flush
/var/spool/postfix/hold
/var/spool/postfix/incoming
/var/spool/postfix/maildrop
/var/spool/postfix/pid
/var/spool/postfix/private
/var/spool/postfix/public
/var/spool/postfix/saved
/var/spool/postfix/trace


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 20:06:21 2024