Postfix 2.7.2 imported into NetBSD-current


November 27, 2010 posted by Matthias Scheler

Postfix 2.7.2 was imported into NetBSD-current today. The changes since Postfix 2.7.1 are:
  • Postfix no longer automatically appends the system default CA (certificate authority) certificates, when it reads the CA certificates specified with {smtp, lmtp, smtpd}_tls_CAfile or with {smtp, lmtp, smtpd}_tls_CApath. This prevents third-party certificates from getting mail relay permission with the permit_tls_all_clientcerts feature. Unfortunately, this change may cause compatibility problems with configurations that rely on certificate verification for other purposes. To get the old behavior, specify "tls_append_default_CA = yes".
  • A prior fix for compatibility with Postfix < 2.3 was incomplete. When pipe-to-command delivery fails with a signal, mail is now correctly deferred, instead of being returned to sender.
  • Poor smtpd_proxy_filter TCP performance over loopback (127.0.0.1) connections was fixed by adapting the output buffer size to the MTU.
  • The SMTP server no longer applies the reject_rhsbl_helo feature to non-domain forms such as network addresses. This would cause false positives with dbl.spamhaus.org.
  • The Postfix SMTP server failed to deliver a "421" response and hang up the connection after Milter error. Instead, the server delivered a "503 Access denied" response and left the connection open, due to some Postfix 1.1 workaround for RFC 2821.
  • The milter_header_checks parser failed to enable any of the actions that have no effect on message delivery (warn, replace, prepend, ignore, dunno, and ok).
[0 comments]

 



Post a Comment:
Comments are closed for this entry.