---------------------------- Líneas 1-500 -------------------------- Además de los nombres señalados abajo, las siguientes personas han dado una contribución util en varias ocasiones: Paul D. Robertson, Simon J. Mudd. Pido disculpas por los nombres que podrían faltar. 19980105 El valor por omisión para resolve_smtp_sender estaba mal (desde los días cuando era un booleano), causando un coredump de smtpd cuando el variable no estaba definido en main.cf Las instrucciones de INSTALL ahora tienen secciones individuales para las tres maneras básicas de usar vmailer. Las instrucciones de INSTALL ahora explican como tratar procesos en un entorno chroot. Adaptado para funcionar con RedHat 5.0. Impresionante, esta gente ha reorganizado sus archivos include bastante, ¿no? 19980106 En RedHat Linux 4.2/5.0, cuando un escuchador de FIFO abre el FIFO en modo O_RDONLY, el FIFO se puede leer siempre incluso cuando el escritor lo ha cerrado. Arreglo: abrir el FIFO en modo O_RDWR. Programa de Pruebas: util/fifo_rdonly_bug.c Desgraciadamente, el arreglo anterior causa un bug en BSD/OS 3.1 al abrir el FIFO en modo O_RDWR causa que select() diga que el FIFO está listo para ser leido antes de que se ha escrito datas a ello, así causando que read() se bloqueará o fallará la lectura. Programa de Pruebas: util/fifo_rdwr_bug.c printfck (comprobar los argumentos de las llamadas a funciones parecidas a printf) encontrado un argumento que faltaba en local/command.c Limpieza general de Makefile que no había tenido tiempo de realizar antes de la primera versión alpha. 19980107 Algunas veces el DNS dirá que el dominio no existe, aunque en realidad sí existe. Por lo tanto es una mala idea rechazar correo de dominios que supuestamente no existen. He cambiado smtpd para que dé respuestas de error de tipo **soft** cuando una prueba resolve_smtp_sender falla con HOST_NOT_FOUND. Nota: por omisión, esta prueba está todavía deshabilitada. Las rutinas de lectura de DB y DBM determinarán de manera automatica si las parejas (clave, valor) estaban escritos incluyendo un byte nulo de terminación o no. Las rutinas de escritura de DB y DBM usarán este valor para determinar como escribir, y volverán al valor por omisión del sistema de otra manera. Renombré el README a MUSINGS, y escribí un README que refleja el estado actual del software. Añadé las opciones -d (no desconectar) y -c (mostrar contador en línea) al programa de pruebas smtp-source. Estas herramientas son buenas pruebas de tortura para el software de correo, y para el sistema en que se está ejecutando. Bajé el paramtro process_limit (número de procesos en paralelo de clientes o servidores smtp) para evitar sorpresas desagradables. Puedes aumentar el parametro process_limit en main.cf. 19980111 Funcionalidad: cuando ejecutó por el superusuario, mailq ahora muestra la cola incluso cuando el sistema de correo no está ejecutando. Con este fin, mailq (sendmail -bp) ejecuta el programa showq directamente en vez de conectar al servicio de sockets UNIX-domain, y baja sus privilegios etc. como siempre. 19980119 Arreglo de Bug: Edwin Kremer encontró un error en el código para comparar los nombres de host (para patrones de nombre os direccion prefijados por !). Arreglo de Bug: al recibir una señal SIGHUP, el master ahora disconecta de sus procesos hijo, para que la generación actual de hijos se suicidan, y para que la próxima generación de procesos hijo usarán las configuraciones nuevas. Arreglo de Bug: el servidor smtp ahora no realiza las pruebas de busqueda de dominio DNS para foo@[address] Arreglo de Bug: no añadir el dominio local a foo@[address] 19980120 Arreglo de Bug: bug antiguo de baja prioridad en código que atraviesa listas y que causó que master **drop core** cuando un servicio estaba deshabilitado en master.cf. Robustness: el sistema de correo debe poder arrancar y aceptar mensajes locales incluso cuando el servicio de nombres no funciona. Por este motivo el sistema de correo no usa gethostbyname() para buscar su propio nombre. Los sitios que usan hostnames cortos tendrán que especificar su FQDN en main.cf (finalmente esto se hará por el procidimiento de instalación/configuración). ¿Debe el lenguaje de configuración soportar backticks para que uno pueda decir `domainname`? ¿Qué pasaría con todas estas cosas de $name entre backtics? Seguridad: el master ahora crea los FIFOs y sockets UNIX-domain como el mail_owner en vez de como root, para mejorar la protección contra sistemas de correo **subverted**. chmod() es susceptible a **race conditions**. fchmod(), aunque más seguro, muchas veces no funciona con sockets. Portabilidad: anticipar que todos los principales UNIXes crearán sockets de UNIX-domain con los permisos modificados por el proceso umask (requerido por POSIX). Para esta razón, siempre hacemos un chmod() en sockets UNIX-domain, salvo que el sistema nos permita usar el más seguro fchmod(). Portabilidad: los servidores semi-residentes ahora tratan correctamente las respuestas de accept() EWOULDBLOCK tanto como EGAIN (en algunos sistemas, EAGAIN y EWOULDBLOCK tendrían valores diferentes). Arreglo de Bug: los servidores semi-residentes ahora tratan correctamente las respuestas EINTR devueltos de accept(). Arreglo de Bug: Edwin Kremer encontró que mynetworks() calcularía (32 - mask) en vez de mask. 19980121 Funcionalidad: El agente de entrega local usa /etc/vmailer/relocated que especifica que correo debe ser devuelto con un mensaje "el usuario se ha traslado a XXX". El parámetro de configuración de main.cf es "relocated_maps". Igual que con el parametro "virtual_maps", se deshabilita esta facilidad por omisión, y puede tener valores como "files", o "files, nis" (en las máquinas que soportan NIS). 19980123 Limpieza: soporte para los dominios virtuales trasladado del gestor de colas hasta el servicio de resolución, donde debe estar. Funcionalidad: Se usa /etc/vmailer/canonical por el servicio rewrite para todas las direcciones, y una dirección canonica (user@domain) a otra dirección. El uso tipico es para generar direcciones Firstname.Lastname@domain, o para arreglar direcciones que no conformes de sistemas de correo que no aplican RFC822 correctamente. El parametro de configuración de main.cf es "canonical_maps". Igual que el parametro "virtual_maps", esta facilidad está deshabilitado por omisión, y el parametro puede tener valores como "files", o "files, nis" (para sistemas que soportan NIS). 19980124 Soporte para HPUX10 y muchos pequeños arreglos de Pieter Schoenmakers. Arreglo de Bug: isolated an old mysterious bug that could make the master deaf for new connections while no child process was running. A typical result was that no pickup daemon would be started after the previous one had terminated voluntarily. Arreglo de Bug: the NIS lookup code did not mystrdup() the NIS map name and would access free()d memory. 19980125 Arreglo de Bug: the vstream routines would sometimes ignore flushing errors. The error would still be reported by vstream_fclose() and vstream_ferror(). Funcionalidad: time limit on delivery to shell commands. Config parameter: command_time_limit. Default value: 100 sec. The idea is to prevent one bad .forward file or alias file entry from slowly using up all local delivery process slots. 19980126 Limpieza de Código: en preparación por las extensiones SMTP como SIZE, permite que un comando SMTP puede tener un número variable de opciones. 19980127 Arreglo de Bug: trasladó las búsquedas de las mapas canonical del modulo rewrite al servicio cleanup, para que la búsqueda de las mapas canonical no interfiere con la modificación de direcciones de parte de otros programas. se vuelve a la versión antigua de trivial-rewrite. Arreglo de Bug: trasladé las búsqedas del mapa virtual del resolver al gestor de colas, para que las búsquedas de dominios virtuales no interfieren con la resolución de direcciones de parte de otros programas. Se vuelve a la versión antigua del programa qmgr. 19980131 Funcionalidad: integrado y adaptado la opción de SIZE (RFC 1870) por Guido van Rooij's, evitando con ciudado los problemas potenciales de **overflow** (multiplicando números grandes) o **unsigned underflow** (por la resta de números). Limpieza de código: mejoré el código que trata las respuestas del servidor al comando HELO/EHLO, para que podamos reconocer con más fiabilidad las opciones soportadas por el servidor. 19980201 Portabilidad: integrado el soporte para IRIX 6 port por Oved Ben-Aroya. Portabilidad: el software ahora puede determinar solo si un servidor debe abirar su FIFO de manera lectura-escritura o solo-lectura, para evitar un bucle con un FIFO que siempre se queda en estado leíble. Arreglo de Bug: el servicio cleanup terminaría con un error falta de vstream_fseek() cuando el fichero de cola era demasiado grande. Arreglo de Bug: se podría matar el servicio cleanup con una señal cuando el fichero de cola era demasiado grande. 19980203 Portabilidad: algunos sistemas tienen statfs(), otros tienen statvfs(), y los archivos include están en un sitio differente en casi todos los sistemas. Portabilidad: el script makedefs ahora quita la opción de compilación -O cuando se compila con el compilador nativo de IBM con AIX... 19980204 Portabilidad: Soporte para HP-UX 9.x por Pieter Schoenmakers. Portabilidad: añadió soporte para HP-UX 9.x para SYSV-style ulimit() límite de tamaño de fichero. Portabilidad: añadió algunos includes que faltan según el compilador cc de UNIX de Digital. Arreglo de Bug: sys_defs.h ahora especifica correctamente el soporte para NIS para LINUX2, HPUX9 and HPUX10. Seguridad: arreglé una perdida de descriptores de archivos en el agente local de entrega que podría dar acceso al shell a los streams IPC de VMailer. Esto no debe causar ninguna vulnerabilidad, dado el diseño e implementación del programa, pero aún así es peligroso. Arreglo de Bug: la opción de sendmail -B (body type) no podía aceptar un valor. 19980205 Arreglo de Bug (SUNOS5): no se debería haber eliminado la definición de SVID_GETTOD de util/sys_defs.h. Arreglo de Bug (HPUX9): se me olvidó especificar si usar statfs() o statvfs(). Arreglo de Bug (HPUX9): no intenta aumentar el límite de tamaño de archivo. Arreglo de Bug (HPUX9): debe especificar el límite de tamaño de archivo en bloques de 512. 19980207 Robustness: el proceso master ahora aumenta el limite de tamaño de archivo cuando se arranca con un límite inferior al límite de tamaño de archivo de VMailer. Archivo: util/file_limit.c. Seguridad: las rutinas de búsqueda DNS ahora filtran todos los nombres resultantes con valid_hostname(). Se tratan nombres inválidos como errores temporales. Funcionalidad: compatibilidad qmail: cuando el parámetro home_mailbox está definido, se entrega correo a ~/$home_mailbox en vez de /var[/spool]/mail/username. Se espera que esto ayuda a quitar gente de usar qmail. :-) Robustness: varios de los probadores de VMailer configuraron por error relayhost con el mismo valor que myhostname. Los programas ahora explicitamente comprueban se existe este error. Arreglo de Bug: deliver_request_read() liberaría memoria no alocada cuando recibió una petición de entrega incompleta del gestor de colas. Robustness: local_destination_concurrency=1 evita la entrega en paralelo al mismo usuario (con efectos destrasosos cuando el usuario tiene un proceso muy lento en el archivo .forward o archivo de configuración procmail). Cada transporte puede tener su propio parámetro XXX_destination_concurrency, para limitar el número de entregas simultaneas al mismo destino. 19980208 Robustness: añadido un modo "abrir despacio", para aumentar de manera gradual el número de conexiones simultaneas al mismo sitio mientras las entregas funcionan, y para decrementar de manera gradual el número de conexiones cuando falla la conexión. Brad Knowles me dio la inspiración para hacerlo. Esto también arregla el problema del "estampido de la manada" (hacer un número grande de conexiones a un host muerto cuando toca reintentar reconectar a este host). A ver cuando otros mailers arreglan este problema. Funcionalidad: Añadido $smtpd_banner y $mail_version, para los que quieren mostrar al mundo la versión del software que están usando. Arreglo de Bug: vmailer-script ahora etiqueta bien cada entrada a syslog. 19980210 Portabilidad: incorporado NEXTSTEP 3 de Pieter Schoenmakers Arreglo de Bug: el programa de entrega local ahora comprueba que el destino es un archivo regular antes de intentar bloquearlo. 19980211 Robustness: the local delivery agent sets HOME, LOGNAME, and SHELL when delivering to a user shell command. PATH is always set, and TZ is passed through if it is set. 19980212 Funcionalidad: mailq (sendmail -bp) now also lists the maildrop queue (with mail that hasn't been picked up yet). 19980213 Funcionalidad: the smtpd now says: 502 HELP not implemented. This should impress the heck out of the competition :-) 19980214 Funcionalidad: local delivery to configurable system-wide command (e.g. procmail) avoids the need for per-user ~/.forward shell commands. Config parameter: mailbox_command. 19980215 Performance: avoid running a shell when a command contains no shell magic characters or built-in shell commands. This speeds up delivery to all commands. File: util/exec_command.c. Arreglo de Bug: the local delivery agent, after reading EOF from a child process, now sends SIGKILL only when the child does not terminate within a limited amount of time. This avoids some problems with procmail. File: util/timed_wait.c. 19980217 Portabilidad: incluir el soporte para NetInfo de Pieter Schoenmakers. 19980218 Funcionalidad: comando nuevo vmlock para ejecutar un comando mientras tengamos bloqueado el buzón. Funcionalidad: con "recipient_delimiter = +", se entrega correo para dirección local "user+foo" a "foo", con una cabecera "Delivered-To: user+foo@domain". Archivos: qmgr/qmgr_message.c, local/recipient.c. Esta funcionalidad tiene que ser la que menos ha costado. 19980219 Limpieza: trasladé el código de gestión de errores a funciones que deben siempre funcionar (non_blocking(), close_on_exec()). 19980223 Arreglo de Bug: bug de puntero nulo en programa cleanup después de procesar una cabecera From: sin dirección email (o solamente con un comentario). 19980226 Robustness: ahora detecta cuando getpwnam() devuelve un nombre distinto al nombre requerido. Funcionalidad: Añadió soporte %p para el módulo de impresión vbuf_print. Limpieza: mejoró la detección de bucles en alias/include/.forward y el código de supresión de duplicados en el agente de entrega local. Esta tiene que ser la cuarta iteración, y de nuevo se ha simplificado el código. 19980228 Robustness: no tratar cualquier cosa que empieza con caracters en blanco como un un registro de cabecera. Al contrario, prueba si existen blancos al principio de manera explicita donde lo permitimos. Archivos: global/is_header.c, bounce/bounce_flush_service.c, local/delivered.c. 19980301 Compatibilidad: el programa sendmail ahora acepta la opción en la línea de comandos -N (notificación de estado de entrega) aunque lo ignora por completo, igual que con otros directivos de sendmail. Arreglo de Bug: dns_lookup.c era demasiado conservador con los tamaños de buffers y informaría de manera incorrecta "respuesta de servidor de nombres corrupta". 19980302 Arreglo de Bug: el agente de entrega local no funcionaba correctamente con bytes nulos. 19980307 Funcionalidad: integrado el código de tablas de búsqueda de transporte de Pieter Schoenmaker's que enumeran una lista (transporte, salto siguiente) por destino. 19980309 Arreglo de Bug: el agente de entrega ya no renombra los archivos de cola corruptos, porque los programas podrían interferir uno con otro en el proceso. La alternativa es que cuando un agente de entrega detecta un archivo de cola corrupto, usa chmod en el archivo de cola, simula un error temporal, y le deja al gestor de colas tratar el problema. Arreglo de Bug: el servidor SMTP implementó VRFY de manera incorrecta. Funcionalidad: first shot at a pipe mailer, which can be used to extend VMailer with external mail transports such as UUCP (provided that the remote site understands domain addressing, because VMailer version 1 does not rewrite addresses). Limpieza: entendí el interfaz master/child para que el nombre del servicio (de master.cf) puede ser pasado al hijo. El programa pipe necesita el nombre de servicio para que pueda buscar los parámetros de configuración especificos del servicio (nivel de privilegio, limite de recipientes, limite de tiempo, etc..). 19980310-12 Limpieza: quité el código de pipe_command() para que pueda ser compartido entre el programa pipe y el agente de entrega local. 19980314 Compatibilidad: el programa sendmail ahora analiza cada recipiente en la línea de comandos como si fuera una cabeza RFC 822 del mensaje; algunos MUAs especifican recipientes seperados por comas en una línea de comandos; algunos MUAs incluso especifican "palabra " formas como argumentos de la línea de comandos. 19980315 Arreglo de Bug: La **randomization** del procesamiento de la cola de VMailer no era suficiente para sistemas sin carga y con pocos mensajes retrasados. Arreglo de Bug: smtpd ahora usa stream E/S con memoria intermedia doble para prevenir la perdida de entradas enviadas antes de las respuestas. 19980316 Arreglo de Bug: el código anti-relay de smtpd no trató todos los hosts en $mydestinations como locales, y así solo aceptaría correo para los hosts enumerados en $relay_domains (default: mi propio dominio). Arreglo de Bug: smtpd ahora responde con 502 cuando dado un comando desconocido. 19980318 Limpieza: los clientes resolve/rewrite ahora desconectan de manera automatica después de un tiempo configurable (ipc_idle). 19980322 Tolerancia: VRFY ahora permite user@domain, aunque el RFC requiere que los caracteres especiales como @ sean **escaped**. 19980325 Arreglo de Bug: un delimitador de recipiente de "-" podría interferir con direcciones especiales como owner-xxx o double-bounce. Tolerancia: El cliente SMTP ahora permite líneas en blanco en las respuestas del servidor SMTP. Tolerancia: el cliente SMTP ahora cambia a usar SMTP cuando supuestamente entendió que el servidor SMTP era capaz de ESMTP. Arreglo de Bug: eliminado llamadas a strtok() en preferencia por mystrtok(). Symptoma: El análisis de master.cf fallaría si $inet_interfaces consistía de más que una palabra. 19980328 Arreglo de Bug: patrones user->addr en tablas canonical y virtual solo coincidieron con $myorigin, no con los hosts enumerados en $mydestionation ---------------------------- Líneas 501-1000 -------------------------- matched only $myorigin, not hosts listed in $mydestination or addresses listed in $inet_interfaces. The man pages were wrong too. File: global/addr_match.c. 19980401 Robustness: FIFO file permissions now default to 0622. On some systems, opening a FIFO read-only could deafen the pickup daemon. Only the listener end (which is opened as root) needs read access anyway, so there should not be a loss of functionality by making FIFOs non-readable for non-mail processes. 19980402 Compatibility: sendmail -I and -c options added. 19980403 Feature: virtual lookups are now recursive. File: qmgr/qmgr_message.c 19980405 Implemented sendmail -bs (stand-alone) mode. This mode runs as the user and therefore deposits into the maildrop queue. 19980406 The pickup service now removes malformed maildrop files. 19980407 The pickup service now guards against maildrop files with time stamps dated into the future. 19980408 Bugfix: in the canonical and virtual maps, foo->address would match foo@$myorigin only. This has been fixed to also match hosts listed in main.cf:$mydestination and the addresses listed in main.cf:$inet_interfaces. Bugfix: added double buffering support to the VMailer SMTP server. This makes the SMTP server robust against SMTP clients that talk ahead of time, and should have been in there from day one. 19980409 Bugfix: the VMailer SMTP client now recognizes its own hostname in the SMTP greeting banner only when that name appears as the first word on the first line. 19980410 Feature: smtpd now logs the local queue ID along with the client name/address, and pickup now logs the local queue ID along with the message owner. Bugfix: still didn't do virtual/canonical lookups right (code used the non-case-folded key instead of the case folded one). 19980418 Bugfix: the SMTP server did not flush the "250 OK queued as XXXX" message from the SMTP conversation history. 19980419 Bugfix: qmgr would not notice that a malformed message has multiple senders, and would leak memory (Tom Ptacek). 19980421 Portability: in the mantools scripts, the expr pattern no longer has ^ at the beginning, and the scripts now use the expand program instead of my own detab utility. 19980425 NetBSD 1.x patch by Soren S. Jorvang. 19980511 Feature: the SMTP server now logs the protocol (SMTP or ESMTP) as part of the Received: header. Feature: smtpd now logs the last command when a session is aborted due to timeout, unexpected EOF, or too many client errors. 19980514 Bugfix: the queue manager did not update the counter for in-core message structures, so the in-core message limit had no effect. This can be bad when you have a large backlog with many messages eligible for delivery. Robustness: the queue manager now also limits the total number of in-core recipient structures, so that it won't use excessive amounts of memory on sites that have large mailing lists. 19980518 Bugfix: the SMTP client did not notice that the DNS client received a truncated response. As a result, a backup MX host could incorrectly claim that it was the best MX host and declare a mailer loop. Added start_msg/stop_msg entries to the vmailer startup script, for easy installation. Cleanup: VMailer databases are now explicitly specified as type:name, for example, hash:/etc/aliases or nis:mail.aliases, instead of implicitly as "files", "nis" and so on. Test program: util/dict_open. This change allowed me to eliminate a lot of redundant code from mkmap_xxx.c, and from everything that does map lookups. 19980525 Bugfix: local/dotforward.c compared the result of opening a user's ~/.forward against the wrong error value. 19980526 Bugfix: the smtpd VRFY command could look at free()d memory. Robustness: the smtpd program had a fixed limit on the number of token structures. The code now dynamically allocates token structures. Bugfix: the queue manager still used the deprecated parameter name xxx_deliver_concurrency for concurrency control, but the documentation talks about the preferred parameter name xxx_destination_concurrency. Fix: try xxx_destination_concurrency first, then fall back to xxx_deliver_concurrency. 19980621-19980702 Cleanup: the string read routines now report the last character read or VSTREAM_EOF. This change is necessary for the implementation of the long SMTP line bugfix. Bugfix: the smtp server exited the DATA command prematurely when the client sent long lines. Reason: the smtp server did not remember that it broke long lines, so that '.' could appear to be the first character on a line when in fact it wasn't. Bugfix: the queue manager made lots of stupid errors while reading $qmgr_message_recipient_limit chunks of recipients from a queue file. This code has been restructured. 19980706 Performance: the cleanup program now always adds return-receipt and errors-to records to a queue file, so that the queue manager does not have to plow through huge lists of recipients. Robustness: the initial destination concurrency now defaults to 2, so that one bad message or one bad connection does not stop all mail to a site. The configuration parameter is called initial_destination_concurrency. Performance: the per-message recipient limit is now enforced by the queue manager instead of by the transport. Thus, a large list of recipients for the same site is now mapped onto several delivery requests which can be handled in parallel, instead of being mapped onto one delivery request that is sent to limited numbers of recipients, one group after the other. 19980707 Cleanup: the queue manager now does an additional recipient sort after the recipients have been resolved, so that the code can do better aggregation of recipients by next hop destination. Feature: lines in the master.cf file can now be continued in the same manner as lines in the main.cf file, i.e. by starting the next line with whitespace. Feature: the smtp client now warns that a message may be delivered multiple times when the response to "." is not received (the problem described in RFC 1047). Cleanup: when the queue manager changes its little mind after contacting a delivery agent (for example, it decides to skip the host because a transport or host goes bad), the delivery agent no longer complains about premature EOF. File: global/deliver_request.c 19980709 Bugfix: when breaking long lines, the SMTP client did not escape leading dots in secondary etc. line fragments. Fix: don't break lines. This change makes VMailer line-length transparent. Files: global/smtp_stream.c, smtp/smtp_proto.c. 19980712 Cleanup: the queue manager to deliver agent protocol now distinguishes between domain-specific soft errors and recipient-specific soft errors. Result: many soft errors with SMTP delivery no longer affect other mail the same domain. 19980713 Feature: the file modification time stamp of deferred queue files is set to the nearest wakeup time of their recipient hosts, or if delivery was deferred due to a non-host problem, the time stamp is set into the future by the configurable minimal backoff time. Bugfix: the SMTP client and the MAILQ command would report as message size the total queue file size. That would grossly overestimate the size of a message with many recipients. Bugfix: the 19980709 fix screwed up locally-posted mail that didn't end in newline. 19980714 Robustness: the makedefs script now defaults to no optimization when compiling for purify. 19980715 Robustness: the makedefs script now defaults to no optimization when compiling with gcc 2.8, until this compiler is known to be OK. Workaround: when sending multiple messages over the same SMTP connection, some SMTP servers need an RSET command before the second etc. MAIL FROM command. The VMailer SMTP client now sends a redundant RSET command just in case. The queue manager now logs explicitly when delivery is deferred because of a "dead" message transport. 19980716 Feature: mailq and mail bounces now finally report why mail was deferred (the reason was logged to the syslog file only). Changes were made to the bounce service (generalized to be usable for defer logs), showq service (to show reasons) and the queue manager. As a result the defer directory (with one log per deferred message) may contain many files; also, this directory is accessed each time a message is let into the active queue, in order to delete its old defer log. This means that hashed directories are now a must. 19980718-20 Feature: configurable timeout for establishing smtp connections. Parameter: smtp_connect_timeout (default 0, which means use the timeout as wired into the kernel). Inspired by code from Lamont Jones. For a clean but far from trivial implementation, see util/timed_connect.c Cleaned up the interfaces that implement read/write deadlines. Instead of returning -2, the routines now set errno to ETIMEDOUT; the readable/writable tests are now separate. 19980722 Feature: the default indexed file type (hash, btree, dbm) is now configurable with the "database_type" parameter. The default value for this parameter is system specific. Feature: selectively turn on verbose logging for hosts that match the patterns specified via the "debug_peer_list" config parameter. Syntax is like the "bad_smtp_clients" parameter (see global/peer_list.c). The verbose logging level is specified with "debug_peer_level" (default 2). Security: the local delivery agent no longer delivers to files that have execute permission enabled. 19980723 Workarounds for Solaris 2.x UNIX-domain sockets: they lose data when you close them immediately after writing to them. This could screw up the delivery agent to queue manager protocol. 19980724 Cleanup: spent most of the day cleaning up queue manager code that defers mail when a site or transport dies, and fixed a few obscure problems in the process. 19980726 Feature: the admin can now configure what classes of problems result in mail to the postmaster. Configuration parameter: "notify_classes". Default is backwards compatible: bounce, policy, protocol, resource, and software. 19980726-28 Feature: the admin can now configure what smtp server access control restrictions must be applied, and in what order. Configuration parameters: smtpd_client_restrictions, smtpd_helo_restrictions, smtpd_mail_restrictions and smtpd_rcpt_restrictions. Defaults are intended to be backwards compatible. The bad_senders and bad_clients lists are gone and have become db (dbm, nis, etc) maps. Files: smtpd/smtpd_check.c, config/main.cf. 19980729-31 Feature: hashed queues. Rewrote parts of the mail queue API. Configuration parameters: "hash_queue_names" specifies what queue directories will be hashed (default: the defer log directory), "hash_queue_depth" specifies the number of subdirectories used for hashing (default 2). 19980802 Bugfix: the pipe mailer should expand command-line arguments with $recipient once for every recipient (producing one command-line argument per recipient), instead of replacing $recipient by of all recipients (i.e. producing only one command-line argument). This is required for compatibility with programs that expect to be run from sendmail, such as uux. Thanks to Ollivier Robert for helping me to get this right. Code cleanup: for the above, cleaned up the macro expansion code in dict.c and factored out the parsing into a separate module, mac_parse.c. 19980803 "|command" and /file/name destinations in alias databases are now executed with the privileges of the database owner (unless root or vmailer). Thus, with: "alias_maps = hash:/etc/aliases, hash:/home/majordomo/aliases", and with /home/majordomo/aliases* owned by the majordomo account, you no longer need the majordomo set-uid wrapper program, and you no longer need root privileges in order to install a new mailing list. 19980804 Added support for the real-time blackhole list. Example: "client_restrictions = permit_mynetworks, reject_maps_rbl" All SMTP server "reject" status codes are now configurable: unknown_client_reject_code, mynetworks_reject_code, invalid_hostname_reject_code, unknown_hostname_reject_code, unknown_address_reject_code, relay_domains_reject_code, access_map_reject_code, maps_rbl_reject_code. Default values are documented in the smtpd/smtpd_check.c man page. 19980806-8 Code cleanup: after eye balling line-by line diffs, started deleting code that duplicated functionality because it was at the wrong abstraction level (smtp_trouble.c), moved functionality that was in the wrong place (dictionary reference counts in maps.c instead of dict.c), simplified code that was too complex (password-file structure cache) and fixed some code that was just wrong. 19980808 Robustness: the number of queue manager in-core structures for dead hosts is limited; the limit scales with the limit on the number of in-core recipient structures. The idea is to not run out of memory under conditions of stress. 19980809 Feature: mail to files and commands can now be restricted by class: alias, forward file or include file. The default restrictions are: "allow_mail_to_files = alias, forward" and allow_mail_to_commands = alias, forward". The idea is to protect against buggy mailing list managers that allow intruders to subscribe /file/name or "|command". 19980810-12 Cleanup: deleted a couple hundred lines of code from the local delivery agent. It will never be a great program; sendmail compatibility is asking a severe toll. 19980814 Cleanup: made the program shut up about some benign error conditions that were reported by Daniel Eisenbud. 19980814-7 Documentation: made a start of HTML docs that describe all configuration parameters. Feature: while documenting things, added smtpd_helo_required. 19980817 Bugfix: at startup the queue manager now updates the time stamps of active queue files some time into the future. This eliminates duplicate deliveries after "vmailer reload". Bugfix: the local delivery agent now applies the recipient delimiter after looking in the alias database, instead of before. Documentation bugfixes by Matt Shibla, Tom Limoncelli, Eilon Gishri. 19980819 GLIBC fixes from Myrdraal. Bugfix: applied showq buffer reallocation workaround in the wrong place. Bugfix: can't use shorts in varargs lists. SunOS 4 has short uid_t and gid_t. pipe_command() would complain. Bugfix: can't use signed char in ctype macros. All ctype arguments are now casted to unsigned char. Thanks, Casper Dik. 19980820 Bugfix: save the alias lookup result before looking up the owner. The previous alpha release did this right. Cleanup: mail_trigger() no longer complains when the trigger FIFO or socket is unavailable. This change is necessary to shut up the sendmail mail posting program, so that it can be used on mail clients that mount their maildrop via NFS. Experiment: pickup and pipe now run as vmailer most of the time, and switch to user privileges only temporarily. Files: util/set_eugid.c global/pipe_command.c pipe/pipe.c pickup/pickup.c. Is this more secure/ What about someone manipulating such a process while not root? It still has ruid == 0. 19980822 Portability: with GNU make, commands such as "(false;true)" and "while :; do false; done" don't fail. Workaround: use "set -e" all over the place. Problem found by Jeff Wolfe. Feature: "check_XXX_access maptype:mapname" (XXX = client, helo, sender, recipient). Now you can make recipient and other SPAM restrictions dependent on client or sender access tables lookup results. 19980823 Bugfix: smtpd access table lookup keys were case sensitive. Added "permit" and "reject" operators. These are useful at the end of SPAM restriction lists (smtpd_XXX_restrictions). Added a first implementation of the permit_mx_backup SPAM restriction. This permits mail relaying to any domain that lists this mail system as an MX host (including mail for the local machine). Thanks to Ollivier Robert for useful discussions. 19980824 Bugfix: transport table lookup keys were case sensitive. 19980825 Portability: sa_len is some ugly #define on some SGI systems, so we must rename identifiers (file util/connect.c). Bugfix: uucp delivery errors are now sent to the sender. Thanks, Mark Delany. Bugfix: the pipe delivery agent now replaces empty sender by the mailer daemon address. Mark Delany, again. Portability: GNU getopt looks at all command-line arguments. Fix: insert -- into the pipe/uucp definition in master.cf. Bugfix: the smtp server command tokenizer silently discarded the [] around [text], so that HELO [x.x.x.x] was read as if the client had sent: HELO x.x.x.x. Thanks, Peter Bivesand. ---------------------------- Líneas 1001-1500 -------------------------- Arreglo de fallo: Las restricciones HELO de hostname de tipo mal/desconocido hostname tendrían que ser tratadas [text] como un nombre de dominio cualquiera. Arreglo de fallo: el valor $local_duplicate_filter_limit no fue escogido por el agente de entrega local. Esto significa que el agente de entrega local podría funcionar fuera de memoria en entregas de listas de correo grandes. 19980826 Rendimiento: mkmap/mkalias ahora funcionan con la misma velocidad que en sendmail. VMailer ahora usa una caché de entrada 4096 {4096-entry cache} con 1 Mbyte de memoria para búsquedas de DB. Fichero: util/dict_db.c. 19980902 Robustez: La restricción reject_unknown_hostname para hostnames HELO/EHLO permitirán ya nombres que tengan un registro MX en vez de un registro A. 19980903 Característica: añadir @$myorigin a una dirección no cualificada es configurable con el parámetro booleano append_at_myorigin (por defecto: yes). Característica: añadir .$mydomain a user@host es configurable con el parámetro booleano append_dot_mydomain parameter (por defecto: yes). Característica: site!user es reescrito a user@site, bajo el control del parámetro booleano swap_bangpath (por defecto: yes). Característica: permite una dirección IP desnuda {naked} en comandos HELO (por ejemplo una dirección sin los corchetes [] como es requerido por los RFC), para especificar "permit_naked_ip_address" como una de las restricciones en el parámetro de configuración "smtpd_helo_restrictions" 19980904 Limpieza de código: cuando un cliente SMTP aborta una sesión despues de enviar MAIL FROM, el servicio cleanup no avisa por más tiempo que eso está "favoreciendo más la entrada de cliente". Ficheros: cleanup/*.c. Gracias, Daniel Eisenbund, por hurgar. Limpieza de código: cuando un servidor SMTP desconecta en mitad de una sesión, no intenta enviar un QUIT sobre la conexión inexistente. Ficheros: global/smtp_stream.c, smtp/smtp.c. Gracias, Daniel Eisenbund, por hurgar, de nuevo. Limpieza de código: el número de versión de VMailer se ha cambiado de mail_params.h (el cual es incluido por montones de módulos) a un fichero global/mail_version.h aparate, así que un cambio de versión no alarga por mas tiempo en una recompilación masiva. Arreglo de fallo: Errors-To degeneró a una dirección de emisor, asi que la dirección nunca fué clasificada. Limpieza de código: soporte para Errors-To: cabeceras completadas. 19980905 Característica: Retraso de reparto exponencial por mensaje para mirar el tiempo total que un mensaje estuvo encolado. Gracias, Mark Delany. 19980906 Limpieza de código: sacado el codigo de retraso exponencial por maquina. Estuvo fuera de servicio para 19980818. En cualquier caso, era probablemente una mala idea, por que requería que el gestor de cola se guarde el estado en memoria por host/máquina. Todo lo que hacemos ahora es mantener el estado por $minimal_backoff_time segundos, pero solo para un número limitado de máquinas. Daniel Eisenbud localizó el problema. Característica perdida: La transcripción de la sesión SMTP muestra ahora quién dice qué. Esta característica se desechó inadvertidamente durante el desarrollo. Gracias, Daniel Eisenbud, por recordarlo. Documentación: el proceso de reescritura **hard-coded** del programa **trivial-rewrite** es descrito en html/rewrite.html. Característica: el agente de reparto local hace ahora busqueda de alias antes y despues de separar las subdirecciones del receptor. Esto le permite reenviar cualquier cosa de un usuario a otro usuario, sin perder la capacidad de redirigir específicas direcciones user-foo. 19980909 Característica: El cliente smtp ahora registra un aviso de que un servidor envía un cartel de bienvenida con el nombre de maquina del cliente, lo cual podria impkicar un bucle del programa de correo. 19980910 Característica: mapas canónicos separados para los reescritos de direcciones de emisor y receptor, así que tu puedes reescribir una dirección de emisor fea y tambien reenviar correo a esa misma dirección fea sin crear un bucle en el programa de correo. Ficheros: cleanup_envelope.c, cleanup_message.c, cleanup_rewrite.c. 19980911 Característica: los mapas virtuales ahora soportan direcciones múltiples en la parte correcta manual. En el caso de dominios virtuales esto puede eliminar la necesidad para la expansión de direcciones por medio de alias locales, haciendo a los dominios virtuales mucho más fácil de administrar. Esto requiere que yo moviese la búsqueda de tablas virtuales desde el gestor de cola hasta el servicio cleanup, asi que cada destino tiene un registro sobre el disco. Ficheros: qmgr.c, qmgr_message.c, cleanup_envelope.c, cleanup_rewrite.c, cleanup_virtual.c. Característica: sendmail/mailq/newaliases comunica en la bandera -v a los programas que finalizaron, para hacer la depuración un poco mas fácil. 19980914 Arreglo de fallo: algunas medidas anti-spam no reconocían algunas direcciones como locales y daban demasiado trabajo. Fichero: smtpd_check.c. Arreglo de fallo: las restrcciones smtp de busqueda en la tabla de emisor/destino destruían datos globales, asi que otras restricciones podrian fallar. Fichero: smtpd_check.c. Arreglo de fallo: después de la recarga de vmailer, los servidores de **single-threaded** podrían terminar antes de copiar los datos no escritos al cliente. Ejemplo: cleanup finalizaría antes de **acking** satisfactorio a pickup, así que el mensaje podría ser entregado dos veces. Fallo informado por Brian Candler. Limpieza total: borrada salida de error espúreo desde el script de vmailer. Informado por Brian Candler. Tolerancia: ignorar respuestas de servidor SMTP no numérico. Hay muchos ¿cerebros? dañados alli en la red. 19980915 Característica: La herramienta de medición de rendimiento de **smtp-sink** ahora anuncia por sí sola con un nombre neutral asi que puede ser ejecutada en la misma maquina que VMailer, sin causar a Postfix quejarse sobre un bucle en el programa de correo. Más robustez: en LINUX, el script de vmailer ahora hace chattr +S para forzar actualizaciones de directorio síncronas. Arreglo desarrollado por Chris Wedgwood. 19980916 Bugfix: when transforming an RFC 822 address to external form, there is no need to quote " characters in comments. This didn't break anything, it just looked ugly. File: global/tok822_parse.c 19980917 Workaround: with deliveries to /file/name, use fsync() and ftruncate() only on regular files. File: local/file.c Workaround: the plumbing code in master_spawn.c didn't check if it was dup2()/close()ing a descriptor to itself then closing it. Will have to redo the plumbing later. 19980918 Workaround: on multiprocessor Solaris machines, one-second rollover appears to happen on different CPUs at slightly different times. Made the queue manager more tolerant for such things. Problem reported by Daniel Eisenbud. Workaround: in preparation for deployment with a network-shared maildrop directory. make pickup more tolerant against clock drift between clients and servers. 19980921 New vstream_popen() module that opens a two-way channel across a socketpair-based pipe. This module isn't being used yet; it is here only to complete the vstream code. 19980922 Code cleanup: the xxx_server_main() interface for master child processes now uses a name-value argument list instead of an ugly and inflexible data structure. Bugfix: moved the test if a non-interactive process is run by hand, so that the "don't do this" error message can be printed to stderr before any significant processing. Bugfix: smtpd now can talk to unix-domain sockets without bailing out on a peer lookup problem. Files: smtpd/smtpd.c, util/peer_name.c. Safety: by default, the postmaster is no longer informed of protocol problems, policy violations or bounces. Safety: the SMTP server now sleeps before sending a [45]xx error response, in order to prevent clients from hammering the server with a connect/error/disconnect loop. Parameter: smtpd_error_sleep_time (default: 5). Feature: the logging facility is compile-time configurable (e.g., make makefiles "CCARGS=-DLOG_FACILITY=LOG_LOCAL1"). 19980923 Bugfix: changed virtual/canonical map search order from (user@domain, @domain, user) to (user@domain, user, @domain) so the search order is most specific to least specific. File: global/addr_map.c, lots of documentation. Bugfix: after the change of 19980910, cleanup_message extracted recipients from Reply-To: etc. headers. Found by Lamont Jones. 19980925 Bugfix: the change in virtual/canonical map search order broke @domain entries; they would never be looked up if the address matched $myorigin or $mydestinations. Found by Chip Christian who now regrets asking for the change. Bugfix: cleanup initialized an error mask incorrectly, so that it would keep writing to a file larger than the queue file size limit, and so it would treat the error as a recoverable one instead of sending a bounce. Thanks, Pieter Schoenmakers. Bugfix: the "queue file cleanup on fatal error" action was no longer enabled in the sendmail mail posting agent. Feature: the sendmail mail posting program now returns EX_UNAVAILABLE when the size of the input exceeds the queue file size limit. NB THIS CHANGE HAS BEEN WITHDRAWN. 19980926 Code cleanup: the dotlock file locking routine is no longer derived from Eric Allman's 4.3BSD port of mail.local. Code cleanup: the retry strategy of the file locking routines dot_lockfile() and deliver_flock() is now configurable (deliver_flock_attempts, deliver_flock_delay, deliver_flock_stale). Code cleanup: the master.pid lock file is now created with symlink paranoia, and is properly locked so that PID rollover will not cause false matches. Bugfix: the vbuf_print() formatting engine did not know about the '+' format specifier. Cleanup: replaced unnecessary instances of stdio calls by vstream ones. 19980929-19981002 Compatibility: added support for "sendmail -q". This required a change to the queue manager trigger protocol, and a code reorganization of the way queue scans were done. The queue manager socket now has become public. 10091002 SMTPD now logs "lost connection after end-of-message" instead of "lost connection after DATA". 10091005 More bullet proofing: timeouts on all triggers. 19981006 Bugfix: make the number of cleanup processes unlimited, in order to avoid deadlock. The number of instances needed is one per smtp/pickup process, and an indeterminate number per local delivery agent. Thanks, Thanks, David Miller and Terry Lorrah for cleueing me in. Bugfix: "sendmail -t" extracted recipients weren't subjected to virtual mapping. Daniel Eisenbud strikes again. 19981007 Compatibility: if the first input line ends in CRLF, the sendmail posting agent will treat all CRLF as LF. Otherwise, CRLF is left alone. This is a compromise between sendmail compatibility (all lines end in CRLF) and binary transparency (some, but not all, lines contain CRLF). 19981008 Robustness: stop recursive virtual expansion when the left-hand side appears in its own expansion. 19981009 Portability: trigger servers such as pickup and qmgr can now use either FIFOs or UNIX-domain sockets; hopefully at least one of them works properly. Trigger clients were already capable of using either form of local IPC. 19981011 Feature: masquerading. Strip subdomains from domains listed in $masquerade_domains. Exception: envelope recipients are left alone, in order to not screw up routing. 19981015 Code cleanup: moved the recipient duplicate filter from the user-level sendmail posting agent to the semi-resident cleanup service, so that the filter operates on the output from address canonicalization and of virtual expansion, instead of operating on their inputs. 19981016 Bugfix: after kill()ing a bunch of child processes, wait() sometimes fails before all children have been reaped, and must be called again, or the master will SIGSEGV later. Problem reported by Scott Cotton. Workaround: don't log a complaint when an SMTP client goes away without sending QUIT. 19981018 Workaround: Solaris 2.5 ioctl SIOCGIFCONF returns a hard error (EINVAL) when the result buffer is not large enough. This can happen on systems with many real or virtual interfaces. File: util/inet_addr_local.c. Problem reported by Scott Cotton. Workaround: the optional HELO/EHLO hostname syntax check now allows a single trailing dot. Workaround: with UNIX-domain sockets, LINUX connect() blocks until the server calls accept(). File: qmgr/qmgr_transport.c. Terry Lorrah and Scott Cotton provided the necessary evidence. 19981020 Robustness: recursive canonical mapping terminates when the result stops changing. Code cleanup: reorganized the address rewriting and mapping code in the cleanup service, to make it easier to implement the previous enhancement. 19981022 Code cleanup: more general queue scanning programming interface, in preparation for hashed queues. File: qmgr/qmgr_scan.c. Bugfix: a non-FIFO server with a process limit of 1 has a too short listen queue. Until now this was not a problem because only FIFO servers had a process limit of 1, and FIFOs have no listen queue. Fix: always configure a listen queue of proc_limit or more. File: master/master_listen.c. 19981023 Feature: by popular request, mail delay is logged when delivering, bouncing or deferring mail. 19981024 Cleanup: double-bounce mail is now absorbed by the queue manager, instead of the local delivery agent, so that the mail system will not go mad when no local delivery agent is configured. 19981025 Cleanup: moved the relocated table from the local delivery agent to the queue manager, so that the table can also be used for virtual addresses. Code reorg: in order for the queue manager to absorb recipients, the queue file has to stay open until all recipients have been assigned to a destination queue. 19981026 vmlogger command, so that vmailer-script logging becomes consistent with the rest of the VMailer system. Code reorg: logger interface now can handle multiple output handlers (e.g. syslog and stderr stream). Bugfix: a first line starting with whitespace is no longer treated as an extension of our own Received: header. Files: smtpd/smtpd.c, pickup/pickup.c. 19981027 Bugfix: the bang-path swapping code went into a loop on an address consisting of just a single !. Eilon Gishri had the privilege of finding this one. Workaround: the non-blocking UNIX-domain socket connect is now enabled only on systems that need it. It may cause kernel trouble on Solaris 2.x. Bugfix: the resolver didn't implement bangpath swapping, so that mail for site!user@mydomain would be delivered to a local user named "site!user". 19981028 Cleanup: a VSTREAM can now use different file descriptors for reading and writing. This was necessary to prevent "sendmail -bs" and showq from writing to stdin. Eilon Gishri observed the problem. 19981029 The RFC 822 address manipulation routines no longer give special attention to 8-bit data. Files: global/tok822_parse.c, global/quote_822_local.c. Bugfix: host:port and other non-domain stuff is no longer allowed in mail addresses. File: qmgr/qmgr_message.c. Workaround: LINUX accept() wakes up before the three-way handshake is complete, so it can fail with ECONNRESET. Files: master/single_server.c, master/multi_server.c. Feature: when delivering to user+foo, try ~user/.forward+foo before trying ~user/.forward. Bugfix: smtpd in "sendmail -bs" (stand-alone) mode didn't clean up when terminated by a signal. Bugfix: smtpd in "sendmail -bs" (stand-alone) mode should not try to enforce spam controls because it cannot access the address rewriting machinery. Cleanup: the percent hack (user%domain -> user@domain) is now configurable (allow_percent_hack, default: yes). Bugfix: daemons in -S (stand-alone) mode didn't change directory to the queue. This was no problem with daemons run by the sendmail compatibility program. 19981030 Feature: when virtual/canonical/relocated lookup fails for an address that contains the optional recipient delimiter (e.g., user+foo@domain), the search is done again with the unextended address (e.g., user@domain). File: global/addr_find.c. Code reorg: the address searching is now implemented by a separate module global/addr_find.c, so that the same code can be used for both (non-mapping) relocated table lookups and for canonical and virtual mapping. The actual mapping is still done in the global/addr_map.c module. Robustness: the SMTP client now skips hosts that don't send greeting banner text. File: smtp/smtp_connect.c Feature: preliminary support to disable delivered-to. This is desirable for mailing list managers that don't want to advertise internal aliases. Generic support: when the recipient_feature_delimiter configuration parameter is set, the local delivery agent uses it to split the recipient localpart into fields. Any field that has a known name such as "nodelivered" enables the corresponding delivery feature. 19981031 Code reorg: address splitting on recipient delimiter is now centralized in global/split_addr.c, which knows about all reserved names that should never be split. Robustness: when a request for an internal service cannot be satisfied because the master has terminated, terminate instead of trying to reach the service every 30 seconds. Safety: the local delivery agent now runs as vmailer most of the time, just like pickup and pipe. Files: local/local.c, local/mailbox.c 19981101 Compatibility: the tokenizer for alias/forward/etc. expansion now updates an optional counter with the number of destinations found; If no destinations is found in a .forward file, deliver to the mailbox instead. Thanks, Daniel Eisenbud, for showing the way to go. ---------------------------- Líneas 1501-2000 -------------------------- Robustez: el demonio pickup debería incluir siempre un registro de tiempo-de-envío, aún cuando el agente de envío de sendmail no lo haya hecho. Sin embargo, sólo como antes, se ignorarán los tiempos de envío proporcionados por el usuario. Ollivier Robert encontró esto. Robustez: las entradas duplicadas en aliases o mapas producen ahora un aviso de advertencia en lugar de un error fatal (y un fichero incompleto). Robustez: mkmap ahora imprime un aviso de advertencia cuando una entrada está en formato "key: value", el cual es el formato esperado para bases de datos alias, no para mapas. Portabilidad: en LINUX, anteponer "+" a la cadena de opciones getopt() de tal forma que getopt() se detenga al primer argumento que no sea una opción. Sugerencia de Marco d'Itri. 19981103 Se limpiaron las implementaciones de set_eugid() y open_as(), y se adicionó stat_as() y fstat_as() para que el agente de entrega local busque ficheros include y ficheros .forward con los privilegios correctos. 19981104 Arreglo de bug: la rutina :include: ahora stat()s/open()s ficheros incluidos en aliases como root, no como nobody. Arreglo de bug: el master colapsaba cuando un servicio con el temporizador **wakeup** estaba desactivado o renombrado. Arreglo: eliminar algún **coupling** patológico entre la gestión del proceso y la gestión del **wakeup**. Funcionalidad: implementación parcial de ETRN (produce una exploración completa de la cola de mensajes pospuestos). Gracias Lamont Jones por recordarme que las cosas pueden ser ya útiles antes de que ellas sean perfectas. Limpieza: se simplificó el **tokenizer** SMTPD. Arreglo de bug: sendmail -bs no notificaba correctamente sobre el correo nuevo al sistema de correo. Compatibilidad: los comandos MAIL FROM y RCPT TO aceptan ahora las formas de direcciones más comunes sin que se tengan que encerrarse entre <>. Los <> se continúan necesitando para direcciones que contienen una "cadena", una [dirección], o dos puntos (:). 19981105 Arreglo de bug: "master -t" atribuía que el master corre cuando de hecho el directorio pid no existe, causando problema con el primer tiempo de arranque (reportado por varios). Portabilidad: se adicionó un módulo sane_accept() que mapea todos los resultados de error benéficos accept() a EAGAIN. De acuerdo a comunicación privada con Alan Cox, Linux 2.0.x accept() puede devolver una variedad de condiciones de error, así que se va a la fija y se permite cualquier error que pueda ocurrir cuando no se pueda enviar la señal SYN+ACK. Portabilidad: NETBSD1 usar ficheros dotlock (Perry Metzger). Arreglo de bug: el agente de entrega local no formateaba de acuerdo a las reglas las direcciones de remitente owner-foo, así que los usuarios locales miraban owner-foo en lugar de owner-foo@$myorigin (Perry Metzger). Soporte a OPENSTEP4, similar a NEXTSTEP3 (Gerben Wierda). 19981106 Portabilidad: el arranque del master tomaba mucho tiempo en AIX porque AIX tenía un límite de apertura de fichero por proceso muy grande. El arreglo se hizo para revisar únicamente el estado de la primera pareja de cientos de ficheros descriptores en su lugar. Fichero: master/master.c. Arreglo de bug: el correo a user@[net.work.addr.ess] estaba roto debido a una prueba inversa. Fichero: qmgr/qmgr_message.c. 19981107 Compatibilidad: no sobreescribe la direccióon del sobre del remitente cuando un alias no tiene ningún alias owner-foo (problema detectado por Christophe Kalt). Arreglo de bug: el correo a usuarios locales en ficheros include eran entregados directamente si el alias no tenia un alias owner-foo, y si el la base de datos del alias y fichero include pertenecian al root. Funcionalidad: con direcciones user+foo, cualquier extensión de dirección +foo que no concordaba explícitamente en bases de datos canónicas, virtuales o de alias se propagaban a la tabla de búsqueda de resultados. 19981108 Arreglo de bug: fallo menor de asignación de memoria en el código de búsqueda de la tabla user+foo. Configurabilidad: especifica virtual.domain en el mapa virtual, y correo a unknown@virtual.domain se devolverá automáticamente. El valor por omisión $relay_domains incluye ahora $virtual_maps, de tal forma que el servidor SMTP aceptará correo para el dominio. Marco d'Itri me puso en el camino correcto. Configurabilidad: El parámetro de configuración mydestinations acepta ahora expresiones /fichero/nombre y tablas de búsqueda type:name. Limpieza de código: para hacer posibles las dos mejoras previas, se revisó el motor de concordancia cadena/servidor/dirección de tal forma que pueda manipular cualquier mezcla de cadenas, patrones /fichero/nombre y tablas de búsqueda type:name. Ficheros: util/ match_{list,ops}.c, global/{domain,namadr,string}_list.c. 19981110 Limpieza de código: se reemplazaron las llamadas pendientes isxxx() por ISXXX(). 19981111 Arreglo de bug: el código "bounce unknown virtual user" estaba en el lugar equivocado. Problema abordado con la ayuda de Chip Christian. Portabilidad: según se afirma, Solaris 2.5.1 puede colgarse esperando que se acepte una conexión UNIX-domain, de forma que toma la misma solución que se diseño para LINUX. Problema reportado por Scott Cotton. 19981112 Administración: "vmailer stop" permite ahora a los agentes de entrega finalizar lo que están haciendo, tal como "vmailer reload". Administración; "vmailer abort" causa terminación inmediata. Arreglo: procesos zombies se apilan con HP-UX. Razón: select() no devuelve al recibir la señal SIGCHLD cuando se especifica SA_RESTART para sigaction(). Arreglo: acortar el temporizador select() a 10 segundos, #ifdef BRAINDEAD_SELECT_RESTARTS. Gracias, Lamont Jones. 19981117 Cambio de nombre: VMailer es ahora Postfix. Suspiro. 19981118 Limpieza: se generalizó la rutina safe_open() de tal forma que ya no está limitado a ficheros mailbox, ficheros lock, etc. Arreglo de bug (encontrado durante revisión de código): vstream*printf() podía escribir fuera del bufer stream después de un I/O error, ya que vbuf_print() ignoraba el resultado de VBUF_SPACE(). Arreglo de bug (encontrado durante revisión de código): resolve_local() podía sobreescribir su argumento, pero la documentación no decía eso. 19981121 Limpieza: la rutina is_header() permite ahora datos de 8-bits en etiquetas de cabecera. 19981123 Arreglo de bug (encontrado durante revisión de código): el argumento de la ruta mail_queue_enter() no era opcional. Fichero: global/mail_queue.c 19981124 Limpieza: se eliminaron pruebas redundantes para un resultado cero de vstream_fdopen(). A diferencia de la rutina stdio fdopen(), la rutina vstream_fdopen() tiene éxito o nunca se devuelve. Arreglo de bug: el gestor de la cola mira ahora el temporizador antes de examinar una marca de tiempo del fichero, para evitar reclamos falsos por los tiempos warps en máquinas ocupadas. Fichero: qmgr/qmgr_active.c. 19981125 Compatibilidad: permite punto al final de user@domain. La reescritura de direcciones de acuerdo a las reglas ahora lo elimina. Tema traído por Eilon Gishri. Fichero: trivial-rewrite/rewrite.c. Robustez: se cambió el orden de búsqueda DNS de dominios MAIL FROM etc. de MX luego A a A luego MX, sólo en el caso que la búsqueda MX falle con un error de servidor. Cambios de nombre: vmcat, vmlock, vmlogger y vmtrigger a postcat, postlock, postlog y postkick. También se renombraron mkmap y mkalias a postmap y postalias. 19981126 Arreglo: Lamont Jones encontró una forma para que HP-UX termine select() después de SIGCHLD. El código es #ifdef USE_SIG_RETURN. Ficheros: util/sys_defs.h, master/master_sig.c. Arreglo de bug: el código de detección del bucle Delivered-To: había dejado de trabajar, cuando hace tiempo se cambió la rutina is_header(). Fichero: local/delivered.c. 19981128 Arreglo de bug: postcat abría archivos de cola en modo lectura-escritura pero sólo se necesitaba acceso de sólo lectura. Fichero: postcat/postcat.c. 19981129 Seguridad se adicionó un sleep(1) para todos las finalizaciones fatales y de pánico. Fichero: util/msg.c. 19981201 Robustez: postcat insiste ahora que un fichero comience con un registro de tiempo. Consistencia: se adicionó las opciones de línea-de-comandos "-c config_dir" donde era apropiado. 19981202 Páginas del manual, versión en-línea. 19981203 Páginas del manual, versión html; documentación introductoria. 19981206 Sendmail aceptaba silenciosamente las opciones no soportadas -qRsite y -qSsite. Ahora imprime un mensaje de error y termina. Se separó el árbol de contribución del código de IBM; se movió el código LDAP y NEXTSTEP/OPENSTEP al árbol de contribuciones de fuentes porque obviamente yo no lo escribí. 19981206-9 Tenía que escribir una utilidad de configuración postconf para determinar confiablemente sobre todos los parámetros de configuración y sus valores por omisión. Documentación de arreglos de bugs por Matt Shibla, de Scott Drassinower y Greg A. Woods. 19981209 En máquinas con nombres cortos, postconf -d **cored** mientras reportaba un error fatal. No debería reportar ese error en el primer lugar. Gracias, Eilon Gishri. Se cambió la entrada de las FAQ sobre rechazo de correo para *.my.domain en un firewall. Chip Christian estaba en lo cierto, yo estaba equivocado. 19981214 Portabilidad: con getopt GNU, optind no es inicialmente 1, rompiendo una asunción en sendmail/sendmail.c. Liviu Daia. Molestia: en sistemas que no están en red, no advierte que únicamente se encontró un interfaz de red. Fichero: global/inet_addr_local.c. Reportado por varios. Arreglo de bug: en sistemas que no están en red, el cliente smtp asume que estaba corriendo en modo host virtual y que hará un bind al interfaz loopback. Fichero: smtp/smtp_connect.c. Liviu Daia, de nuevo. 19981220 Robustez: cuando estaba buscando un registro A o MX, no se rendía cuando la consulta A fallaba por un error del servidor. Fichero: dns/dns_lookup.c. Reportado por Scott Drassinower. 19981221 Arreglo de bug: "bounce mail for non-existent virtual user" no trabajaba cuando un host relay diferente a los predeterminados estaba configurado en main.cf o en la tabla de transporte. Fichero: qmgr/qmgr_message.c. Arreglo de bug: el directorio maildrop no debería ser legible por todo mundo. Ficheros: conf/postfix-script, showq/showq.c. Documentación: se corrigieron varias omisiones y errores. Documentación: se removieron referencias al parámetro de configuración del delimitador de la funcionalidad de destinatario roto. Arreglo de bug: se escribe al fichero mailbox como destinatario, de forma que la cuota de fichero trabaje como se esperaba. Arreglo de bug: pickup moría cuando este trataba remover un no-fichero en el directorio maildrop (Jeff Wolfe). 19981222 Sendmail ya no espera registrar el ID de la cola cuando no es capaz de notificar al demonio pickup. Esta es una adición posterior al parche "unreadable maildrop queue". Los ficheros user.lock se crean ahora a nombre del root, de forma que postfix no necesita permiso de escritura del directorio del grupo. 19981224 Seguridad: permite al fichero de la cola enlazar cuentas > 1, para evitar no-entrega de ficheros maildrop con enlaces a un directorio no-maildrop. Fichero: global/mail_open_ok.c, y cualquier cosa que llame este código (qmgr, pickup, showq). Si los enlaces duros múltiples se convierten en problema, mire la utilidad "postdrop" set-gid abajo. 19981225 Robustez: el gestor de cola ya no aborta cuando un fichero de la cola desaparece súbitamente (e.g. cuando el fichero se borra a mano). Funcionalidad: cuando un directorio maildrop escribible es un problema, los sitios pueden hacer de la nueva utilidad "postdrop" set-gid. Este comando nunca se usa cuando el directorio maildrop es escribible por todo mundo. Robustez: se hace la rutina de creación de fichero de la cola más resistente contra **race attack** de denegación del servicio. Fichero: global/mail_queue.c 19981226 Nuevo módulo suid_priv para habilitar/deshabilitar privilegios en un programa set-uid/gid. Al final decidí no usarlo. 19981228 Robustez: se hace el demonio pickup más resistente contra **non-file race attack**. Limpieza: interfaz genérico mail_stream.c para escribir ficheros **streams** de la cola a ficheros, demonios o comandos. Esto simplifica el código en smtpd y en sendmail que debe ser capaz de canalizar correo utilizando el comando postdrop. El demonio cleanup se ha modificado para usar el mismo interfaz. Resultado: menos código. Funcionalidad: smtpd registra ahora el único destinatario en cabeceras Received:. Funcionalidad: directorio para commmand y daemon separados Ambos por omisión para $program_directory. Instale conf/postfix-script si usted desea usar esta funcionalidad. 19981230 Parche para evitar conflicto con Makefile no-escribible a alto-nivel. (Lamont Jones). 19981231 Portabilidad: versión de Postfix para UnixWare 7 por Ronald Joe Record, SCO. 19990104 Arreglo de bug: fencepost (Jon Ribbens, de Oaktree Internet Solutions Ltd.) Ficheros: quote_82[12]_local.c. Arreglo de bug: valor por omisión erróneo para relay_domains (Juergen Kirschbaum, de Bayerische Landesbank). Fichero: mail_params.h. Arreglo de bug: se cambió respuesta 5xx para "too many recipients" a 4xx. Fichero: smtpd.c. 19990106 Funcionalidad: defer_transports especifica los nombres de transportes que se deberían usar únicamente cuando se usa "sendmail -q" (o equivalente). Por ejemplo, "defer_transports = smtp" es útil para sitios que están desconectados la mayor parte del tiempo. Fichero: qmgr_message.c. 19990107 Funcionalidad: local_command_shell especifica un intérprete de comandos no-predeterminado para entrega al comando del agente de entrega local. Por ejemplo, "local_command_shell = /some/where/smrsh -c" restringe lo que puede aparecer en destinos "|command". Fichero: global/pipe_command.c. 19990112-16 Funcionalidad: soporte de **SMTP command pipelining** se basa en una versión inicial de Jon Ribbens de Oaktree Internet Solutions Ltd. Este tomó varios días de masajes antes que yo me sintiera cómodo con él. Ficheros: smtp.c, smtp_proto.c. Arreglo de bug: el servidor SMTP descartaba respuestas uno-a-uno, las cuales causaban niveles de desempeño con clientes **pipelined** por debajo de lo óptimo. Las rutinas vstream descartan ahora el bufer de escritura cuando se llama la rutina read(), en lugar de hacerlo cuando la aplicacion cambia de escritura a lectura. El retardo en el borrado previene al servidor SMTP de eliminar respuestas uno-a-uno y en consecuencia el disparo del algoritmo de Nagle. Fichero: util/vstream.c. 19990117 Arreglo de bugs y mejoras para las herramientas smtpstone de Drew Derbyshire, de Kendra Electronic Wonderworks: envía el comando helo, envía las cabeceras del mensaje, formatea el contenido del mensaje a líneas < 80, trabaja alrededor de pilas NT, hace más robusto el reconocimiento de ".". Ficheros: smtp-source.c, smtp-sink.c. Estrategia: mirar la cola de correos pospuestos únicamente cuando la cola de mensajes entrantes este vacía; limitar el número de destinatarios leido de un fichero de cola dependiendo del número de destinatarios que ya están en el núcleo. Ficheros: qmgr.c, qmgr_message.c. Funcionalidad: se posponen las restricciones anti-UCE. La decisión de rechazar correo basura basada en el nombre/dirección del cliente, el nombre del servidor HELO o la dirección del remitente se puden posponer ahora hasta el comando RCPT TO (o HELO o MAIL FROM si prefiere). Ficheros: smtpd_check.c. 19990118 Funcionalidad: actualizaciones incrementales de bases de datos alias y de otras tablas de búsqueda. Tanto postalias como postmap toman ahora una opción -i para actualizaciones incrementales desde la entrada estándar. Ficheros: global/mkmap_*.c, post{map,alias}/post{map,alias}.c. Compatibilidad: newaliases ahora puede actualizar múltiples bases de datos alias: lístelas en el parámetro "alias_database" en main.cf. Por el mismo **token**, postalias ahora puede actualizar múltiples mapas con un comando. Ficheros: post{map,alias}/post{map,alias}.c Funcionalidad: mail to <> se envía ahora a la dirección especificada con el parámetro de configuración "empty_address_recipient" el cual envía por omisión a MAILER-DAEMON (idea de Lamont Jones de Hewlett-Packard). Fichero: cleanup/cleanup_envelope.c. Compatibilidad: la tabla de transporte usa ahora .domain.name para emparejar subdominios, igual a las tablas del gestor de correo sendmail (parche de Lamont Jones, de Hewlett-Packard). Funcionalidad: mailq termina ahora con un resumen del tamaño total de la cola (Eilon Gishri, de Israel Inter University Computation Center). 19990119 Funcionalidad: excepciones de enmascaramiento de direcciones para nombres de usuarios listados en el parámetro de configuración "masquerade_exceptions". Fichero: cleanup/ cleanup_masquerade.c. Funcionalidad: soporte a maildir estilo-qmail, basado en código inicial de Kevin W. Brown, de Quantum Internet Services Inc. Arreglo: connect() de Solaris 2.algo falla con ECONNREFUSED cuando el sistema está ocupado (Chris Cappuccio, de Empire Net). Fichero: global/mail_connect.c. Funcionalidad: el servicio de limpieza adiciona ahora una cabecera Return-Path: cuando ninguna está presente. Esta cabecera es necesaria para algunos programas de entrega de correo (ver abajo). Fichero: cleanup_message.c. Funcionalidad: el gestor de correo pipe soporta ahora macros $user, $extension y $mailbox en expansiones de command-line. Esto, más la cabecera Return-Path: (mirar arriba), debería ser suficiente para soportar cyrus IMAP fuera de la caja. Basado en código inicial de Joerg Henne, de Cogito Informationssysteme GMBH. Fichero: pipe/pipe.c. Arreglo de bug: con las extensiones de direcciones habilitadas, las búsquedas canonicas y virtuales se hacen ahora en el orden apropiado: user+foo@domain, user@domain, user+foo, user, @domain. Fichero: global/mail_addr_find.c. 19990119 Funcionalidad: el gestor de correo local ahora antepone una cabecera de Received: con el ID de la cola para correo reenviado, con el objeto de facilitar el seguimiento de un mensaje. Fichero: local/forward.c. Limpieza: después de "postfix reload", no más reclamos de pipe rotos de clientes resolve/rewrite. 19990121 Funcionalidad: pickup (nuevamente) registra el uid y la dirección del remitente. Por petición reiterada de Scott Cotton, de Internet Consultants Group, Inc. Portabilidad: función doze() para sistemas sin usleep(). Limpieza: los clientes se registran ahora consistentemente como máquina[dirección]. 19990122 Cambio en el soporte maildir: especifica "home_mailbox = Maildir/". Lo mágico es el / final. Sugerido por Daniel Eisenbud, de University of California at Berkeley. Soporte maildir de aliases, :include: y .forward files. Especifica /file/name/ - se requiere el / final. Sugerido por Daniel Eisenbud, de University of California at Berkeley. ---------------------------- Líneas 2001-2500 -------------------------- Arreglo: temporizador vigilante para prevenir que el gestor de la cola se bloquee en algunos sistemas. Arreglo de bug: en cabeceras Received:, la información "for " estaba en el lugar equivocado. Indicado por Jon Ribbens, de Oaktree Internet Solutions Ltd. 19990124 Portabilidad: más arreglos para GNU getopt() por Liviu Daia, del Institute of Mathematics, Romanian Academy. Fichero: sendmail/sendmail.c. 19990125 Arreglo de bug: Postfix no debería enmascarar direcciones de destinatarios extraídas de las cabeceras del mensaje. Problema reportado por David Blacka, de Network Solutions. Fichero: cleanup/cleanup_message.c. 19990126 Funcionalidad: parámetro smtpd_etrn_restrictions para restringuir quién puede usar ETRN y qué dominios se pueden especificar. Ejemplo: "smtpd_etrn_restrictions = permit_mynetworks, reject". Solicitado por Jon Ribbens, de Oaktree Internet Solutions Ltd. Fichero: smtpd/smtpd_check.c. 19990127 Arreglo de bug: en un intento por quitar algunos ciclos, las rutinas anti correo basura usaban la dirección resuelta equivocada. Esta "optimización" ahora está desactivada. Problema reportado por Sam Eaton, de Pavilion Internet Plc. Fichero: smtpd/smtpd_check.c. Funcionalidad: notificationes BIFF. Por razones de compatibilidad esta funcionalidad está activa por omisión. Este "protocolo" puede ser un tragón real de desempeño. Especifique "biff = no" en main.cf si su máquina tiene gran cantidad de usuarios de sesiones de línea de comandos. Funcionalidad solicitada por Dan Farmer - es una de las cosas que uno hace por los amigos. Ficheros: local/mailbox.c, local/biff_notify.c. Arreglo de bug: otro caso de problema de sensitividad, esta vez con búsquedas virtuales para reconocer unknown@virtual.domain. Problema reportado por Bo Kleve, de Linkoping University. Fichero: qmgr/qmgr_message.c. 19990128 Funcionalidad: con "soft_bounce = yes", entrega pospuesta en lugar de devolución del correo. Esta es una medida de seguridad de red por errores de configuración con agentes de entrega. No tiene efecto en errores en mapas virtuales, mapas canónicos, o en restricciones de correo basura. Funcionalidad solicitada por Bennett Todd. Fichero: global/bounce.c. 19990129 Compatibilidad: la documentación qmail maildir.5 prescribe nombres de archivo maildir de la forma time.pid.hostname, lo cual está mal porque los procesos Postfix llevan a cabo entregas múltiples. En otra parte el autor de qmail ha documentado cómo los ficheros maildir se deberían nombrar bajo tales condiciones. Postfix se ha cambiado por conformidad. Fichero: local/maildir.c. 19990131 Funcionalidad: tratamiento especial de owner-foo y foo-request los cuales pueden ser deshabilitado. Especifique "owner_request_special = no". Solicitado por Matthew Green y otros. Ficheros: local/alias.c, global/split_addr.c. Esto afecta búsquedas canónicas, virtuales y de alias. 19990204 Portabilidad: manejo de señal para HP-UX 9 por Lamont Jones de Hewlett Packard. Fichero: master/master_sig.c. Robustez: desabilitar movimiento aleatorio al interior de una cola por-sitio para evitar *message starvation* bajo carga pesada. Fichero: qmgr_entry.c. Robustez: bajo algunas condiciones el gestor de la cola podría declarar una máquina muerta justo después de un fallo en la entrega. Fichero: qmgr_queue.c. 19990212 Funcionalidad: saltar servidores SMTP que nos saludan con un código de estado 4XX. Ejemplo: "smtp_skip_4xx_greeting = yes". Por omisión, el cliente Postfix SMTP pospone la entrega cuando un servidor declina hablarnos. Fichero: smtp/smtp_connect.c. Robustez: en el arranque el gestor de la cola mueve ahora los archivos activos de la cola a la cola de mensajes entrantes en lugar de la cola de mensajes pospuestos, para evitar retardos anómalos en la entrega en sistemas que tienen una enorme cola de mensajes entrantes. Ficheros: qmgr/qmgr.c, qmgr/qmgr_active.c, global/mail_flush.c, conf/postfix-script* 19990213 Robustez: se adicionaron temporizadores vigilantes para evitar atascos en sistemas con implementaciones rotas de socket select(). Fichero: qmgr_transport.c, qmgr_deliver.c. 19990218 Funcionalidad: entrega amigable-NFS a mailbox para evitar el uso de privilegios root tanto como sea posible. Con contribución de Mike Muus, de Army Research Lab, USA. Funcionalidad: el servidor de pruebas smtp-sink soporta ahora canalización de comandos SMTP. Para este fin tuvimos que generalizar el temporizador y soporte vstream. Se arregla el desempeño pobre 19990222. Limpieza: rutinas de timer event tienen ahora el mismo interfaz que las rutinas read/write event (tipo de evento + contexto). Fichero: util/events.c. Funcionalidad: la nueva rutina vstream_peek() dice que tantos datos sin leer quedan pendientes en un bufer VSTREAM. Esta es la variante vstream de la rutina peekfd() para los bufers de lectura del kernel. Fichero: util/vstream.c. Funcionalidad: soporte de exploración de directorio para directorios de cola de correo hashed. Hasta ahora los resultados son desalentadores: con depth = 2 (16 directorios con 16 subdirectorios), mailq toma 5 segundos con una cola vacía a menos que todos los directorios pasen al cache en memoria. Necesitamos algo de mapeo antes que los directorios de cola hashed lleguen a ser prácticos. Hashing con depth=1 no vuelven tan lento a mailq, pero no ayuda mucho tampoco. Ficheros: util/scan_dir.c, global/mail_scan_dir.c. 19990221 Arreglo: con "ignore_mx_lookup_error = yes", el cliente SMTP siempre lleva a cabo una búsqueda A cuando una búsqueda MX no se puede completar, en lugar de tratar una falla de búsqueda MX como una condición de error temporal. Infortunadamente hay muchos servidores DNS rotos en Internet. Fichero: smtp/smtp_addr.c. 19990222 Desempeño: reescritas la parte principal del servidor de pruebas smtp-sink de tal forma que puede hacer pipelining sin pérdida de desempeño. 19990223 Arreglo: algunas veces hotmail.com desecha la conexión después de "." (causando el registro de diagnósticos erróneos) o espera minutos después de recibir QUIT. Solución: no esperar la respuesta a QUIT. Fichero: smtp/smtp_proto.c. Esto se desactiva con: "smtp_skip_quit_response = no". 19990224 Funcionalidad: el gestor de correo pipe acepta user=username:groupname, basado en código enviado por Philip A. Prindeville, de Mirapoint, Inc., USA. Fichero: pipe/pipe.c. Arreglo: use protección de archivos para prevenir que procesos múltiples hagan select() en el mismo socket. Esto produce problemas de desempeño en grandes sistemas BSD. Ficheros: master/*_server.c. 19990225 Arreglo de bug: con "inet_interfaces = 127.0.0.1", no realiza bind al interfaz loopback. Problema reportado por Steve Bellovin de AT&T. Fichero: smtp/smtp_addr.c. Funcionalidad: comando "postsuper" para remover archivos de cola viejos para actualizar colas después de los cambios a los parámetros de la estructura de la cola (hash_queue_names, hash_queue_depth). Este comando es para correrse desde el script de línea de comandos de mantenimiento postfix-script. 19990301 Funcionalidad: nueva opción postconf -h (suprime `name = ' en la salida) para hacer del programa más fácil de usar en, p.e., scripts de sesiones de intérpretes de comandos. Funcionalidad: módulo dict_unix de forma que usted puede adicionar la tabla de contraseñas UNIX a la lista de control de acceso SMTPD. 19990302 Funcionalidad: "luser_relay = destination" captura correo para destinatarios locales no-existentes. Esto trabaja únicamente cuando el agente de entrega local hace entrega mailbox (incluyendo entrega vía mailbox_command), no cuando la entrega mailbox se delega a otro transporte de mensaje. Funcionalidad: nuevas restricciones reject_non_fqdn_{hostname,sender,recipient} para requerir formas fully.qualified.domain en comandos HELO, MAIL FROM y RCPT TO (mientras que aún se permite la dirección del remitente <>). 19990304 Arreglo de bug: se hechó reversa al cambio 19990119 para permitir insertar siempre Return-Path: si esa cabecera no está presente. Los agentes pipe y local ahora son responsables de anteponer Return-Path:. Ficheros: cleanup/cleanup_message.c, global/mail_copy.[hc], pipe/pipe.c, global/header_opts.c. Esto produce un cambio incompatible para el parámetro de las banderas pipe, debido a Return-Path: ahora debe solicitarse explícitamente. 19990305 Arreglo de bug: showq (el servidor mailq) asumía incorrectamente que todos los destinatarios de un mensaje pospuesto se listan en el correspondiente archivo de registro defer. Ahora lista todos los destinatarios. Ficheros: showq/showq.c, cleanup/cleanup_envelope.c (asegurese que los registros del remitente siempre precedan a los registros del destinatario). Limpieza: restricciones HELO smtpd validan formas [numéricas]. Ficheros: util/valid_hostname.c, smtpd/smtpd_check.c. Código inicial por by Philip A. Prindeville, de Mirapoint, Inc., USA. 19990306 Limpieza: se re-hizo el módulo valid_hostname, y se adicionó un requisito de longitud de etiqueta máxima (63). Funcionalidad: el parámetro fallback_relay especifica máquinas de respaldo extras en caso que las máquinas de relay regular no se encuentren o no estén disponibles. Ficheros: smtp/smtp_addr.c. Funcionalidad: "always_bcc = address" especifica donde enviar una copia de cada mensaje que entra al sistema. Sin embargo, si esa copia se devuelve, se informará al remitente de la devolución. Ficheros: smtpd/smtpd.c, pickup/pickup.c Compatibilidad: el mapa de transporte ahora enrutará en dominios top-level, de tal forma que usted puede vaciar todo de .bitnet a un relay bitnet. 19990307 Funcionalidad: búsquedas LDAP, actualizado por Jon Hensley, de Merit Network, USA. Funcionalidad: soporte de expresión regular (PCRE) por Andrew McNamara, de connect.com.au Pty. Ltd., Australia. Para usar este código especifique pcre:/file/name. Usted puede usar esto en cualquier parte donde usted usaría un archivo DB o DBM, NIS o LDAP. Consulte: PCRE_README para mirar como habilitar este código. Funcionalidad: "delay_warning_time = 4" hace que Postfix envíe un aviso de advertencia "your mail is delayed" después de aprox. 4 horas. Daniel Eisenbud, de University of California en Berkeley. Ficheros: qmgr/qmgr_active.c, qmgr/qmgr_message. Avisos Postmaster de mensajes retardados se deshabilitan por omisión. Para recibir avisos postmaster, especifique "notify_classes = ... delay ...". Limpieza: no enviar correo devuelto no-entregable a postmaster. Esto estaba causando cantidad de dificultades con correo basura de direcciones de remitentes inválidos a destinatarios no-existentes. Este cambio fue revertido en 19990311. 19990308 Arreglo de bug: la rutina dotforward era demasiado entusiasta descartando información de extensión, asi que la información Delivered-To: difería para \mailbox y |command. Problema reportado por Rafi Sadowski, de Open University, Israel. Arreglo de bug: parece que yo nunca me ocupe de fijar el método de acceso btree. Finalmente lo hice. Problema reportado por: Matt Smith, de AvTel Communications Inc., USA. 19990311 Devuelto por solicitud popular: con "notify_classes = 2bounce ..." Postfix enviará correo devuelto no-entregable al postmaster. Lo predeterminado es no enviar devoluciones dobles. Este cambio revierte un cambio hecho en 19990307. 19990312 Funcionalidad: gestor de salida configurable para esqueletos de servidor. Philip A. Prindeville, de Mirapoint, Inc., USA. Ficheros: master/*server.c. Funcionalidad: parámetro de configuración mail_spool_directory para especificar el directorio spool de correo UNIX. La configuración predeterminada es dependiente del sistema. 19990313 Limpieza: compartir descriptores de fichero para conexiones clientes resolve y rewrite. Esto coloca menos presión en el servicio trivial-rewrite. Portabilidad: soporta para UnixWare 2.1 por Dmitry E. Kiselyov, de Nizhny Novgorod City Health Emergency Station. Funcionalidad: retardos configurables en los programas de prueba smtpstone. Con aporte de Philip A. Prindeville, de Mirapoint, Inc., USA. Ficheros: smtpstone/*.c. Arreglo de bug: un problema de "signal 11" en el programa trivial-rewrite que ocurría ocasionalmente después de "postfix reload". Razón: algunos clientes rewrite sobreescribían involuntariamente su entrada, y cuando ellos tenían que retransmitir la pregunta, la entrada era una cadena de longitud-cero, la cual trivial-rewrite no debería recibir. 19990314 Funcionalidad: "mailbox_transport = cyrus" delega toda entrega mailbox local a una entrada de master.cf llamada "cyrus" (el mismo truco para procmail), incluyendo usuarios que no se encuentran en la base de datos de contraseñas UNIX. Esto da la flexibilidad de expansiones $name del gestor de correo pipe, sin pérdida de aliases locales y procesando ~/.forward. Resultado de discusiones con Rupa Schomaker, de RS Consulting. 19990315 Funcionalidad: el parámetro mydestination ahora puede ser una cadena vacía, para máquinas que no reciben ningún correo localmente. Asegúrese de especificar una ruta por omisión para correo que viene a la máquina o el correo hará un ciclo infinito. 19990316 Arreglo de bug: la infraestructura de apoyo a las comprobaciones SMTPD aplicaba las mismas pruebas de validez como el código de producción. Problema reportado por Alain Thivillon, de Herve Schauer Consultants, France. Fichero: smtpd/smtpd_check.c. Portabilidad: algunos sitemas pueden tener más de 59 segundos en un minuto. Basado en un arreglo de Liviu Daia, del Institute of Mathematics, de la Romanian Academy. Fichero: global/mail_date.c. Mejora: incluye la dirección de red del cliente en el rechazo por respuesta RBL. Lamont Jones, de Hewlett-Packard. Arreglo: use fstat() para estimar si maildrop es escribible por todo el mundo. access() usa el uid real, lo cual es muy malo. Robustez: no haga búsquedas parciales de direcciones (user@, domain, user, @domain) con tablas estilo-regexp. Seguridad: no permita que las tablas estilo-regexp se usen para aliases. Sería demasiado fácil incluirlos en "|command" o :include: o /file/name. 19990317 Funcionalidad: "fallback_transport = cyrus" delega destinatarios no-UNIX a una entrada master.cf llamada "cyrus", permitiéndole a usted tener conjuntamente tanto buzones UNIX como no-UNIX. 19990319 Arreglo: en derivados 4.4 BSD, fstat() puede retornar EBADF en un descriptor de fichero abierto. Ahora, eso fue una sorpresa. Esto causaba que la salidas/errores estándares de las órdenes cron no fueran entregadas. Arreglo de bug: "local -v" paraba de trabajar. Arreglo: más temporizadores vigilantes para sistemas poco amigables postfix. Por ahora cada demonio Postfix tiene uno. Llámelo seguro de vida. Robustez: se incrementó el tiempo máximo para recibir o entregar correo de $ipc_timeout (predeterminado: 3600 segundos) al más generoso $daemon_timeout (predeterminado: 18000 segundos). No deseamos falsas alarmas. Portabilidad: IRIX 5.2 no tiene usleep(). 19990320 Arreglo de bug: \username estaba roto. Frank Dziuba fue el primero en notarlo. 19990321 Arreglo: a partir de ahora, Postfix en Solaris usa pipes stream en lugar de sockets de dominio-UNIX. A pesar de arreglos, esto estaba causando más problemas que cualquier otra cosa en todos los sistemas combinados. 19990322 Portabilidad: el makedefs identificaba incorrectamente a IRIX 6.5.x como IRIX 5.x. Arreglo de Brian Truelsen de Maersk Mc-Kinney Moller Institute for Production Technology, Denmark. Funcionalidad: restricción reject_unknown_recipient_domain para direcciones de destinatarios. Por el bien de la simetría, nosotros tenemos ahora también reject_unknown_sender_domain. Esto significa que la vieja restricción reject_unknown_address se está retirando progresivamente. Sugerido por Rask Ingemann Lambertsen, de Denmark Technical University. Funcionalidad: las restricciones de dominio de remitente/destinatario desconocido distinguen ahora entre errores soft (siempre: 450) y errores hard (configurable con el parámetro unknown_address_reject_code, por omisión: 450; use 550 bajo su propio riesgo). Funcionalidad: ninguna restricción de correo basura HELO significa que ningún chequeo de modo de empleo se hará en argumentos hostname HELO/EHLO. Arreglo de bug: el arreglo inicial Solaris para sockets dominio-UNIX podían causar que el gestor de la cola se bloqueara si Postfix corría en un límite de proceso del agente de entrega[delivery agent process limit]. Después de otra reescritura de código se eliminó ese problema. Gracias a Chris Cappuccio, de Empire Net, por la ayuda con las pruebas. 19990323 Arreglo de bug: demasiado reenvío cuando los usuarios listan su propio nombre en su archivo .forward (e.g. un correo a user@localhost que iba a través de .forward, era reenviado a user@$myorigin, e iba a través de .forward nuevamente). Problema reportado por Roman Dolejsi, de Prague University of Economics. 19990324 Arreglo de bug: nombre de mapa faltante en restricciones check_xxx_access podía causar un error de segmentacion. Lamont Jones, de Hewlett-Packard. Funcionalidad: parámetro de configuración forward_path (por omisión: $home/.forward$recipient_delimiter$extension,$home/.forward). Basado en código inicial de Philip A. Prindeville, de Mirapoint, Inc., USA. Ficheros: local/dotforward.c. 19990325 Arreglo: mapas de alias NIS Solaris necesitaban entradas especiales (YP_MASTER_NAME, YP_LAST_MODIFIED). Lo que es peor, claves/valores normales incluyen un byte nulo al final, pero los YP_XXX no. Problema reportado por Walcir Fontanini, state University of Campinas, Brazil. Fichero: postalias/postalias.c. Compatibilidad: aparentemente NIS Solaris incluye un byte nulo al fin de las claves y valores. Fichero: util/sys_defs.h. Funcionalidad: soporte de biblioteca para parámetros config que no son $name expandidos al arranque del programa. Esto era necesario para forward_path, y también será necesario para hacer personalizables las cabeceras del mensaje. Arreglo de bug: pcre no manipulaba \\ correctamente. Lamont Jones, de Hewlett-Packard. Fichero: util/dict_pcre.c. 19990326 Compatibilidad: Postfix ahora coloca dos espacios después del remitente en una cabecera "From sender date...". Encontrado por John A. Martin, corregido por Lamont Jones, de Hewlett-Packard. Arreglo de bug: cuando un destinatario aparecía múltiples veces en un alias local o expansión include, el estado de entrega podía quedar sin inicializar, causando que el correo sea pospuesto y entregado de nuevo. Fichero: local/recipient.c. 19990327 Limpieza: las rutinas del diccionario ahora toman un argumento bandera extra para controlar tales cosas como avisos de advertencia sobre duplicados, y adición de bytes nulos a key/value. Esto último era necesario para una implementación limpia de soporte de mapas de alias master NIS. Funcionalidad: expresiones regulares POSIX por Lamont Jones. Mirar config/sample-regexp.c. A la fecha, habilitado bajo *BSD y Linux únicamente. 19990328 Limpieza de código: los diccionarios tienen ahora banderas que dicen si las llaves lookup son cadenas corregidas o si las llaves están sujetas a concordancia de patrones. Esto es necesario para evitar el paso parcial de direcciones a tablas de búsqueda basadas en regexp (user, @domain, user@, domain). Ficheros: util/dict*.c. Arreglo de bug: se corrige fallo de memoria y vaciados de memoria en las rutinas regexp y pcre (ninguno manipulaba un archivo de patrón vacío). 19990329 Limpieza de código: las rutinas del diccionario de E/S hacen ahora su propia protección dependiendo de la configuración de las banderas del diccionario. Esto significa que el interfaz de bajo nivel dict_get() ahora puede usarse en búsquedas de diccionario seguras. Esto es necesario para el soporte de llaves de búsqueda parciales de 19990328. Ficheros: util/dict*.c. global/maps.c. Funcionalidad: las concordancias de expresiones regulares ya no están limitadas a formas de direcciones user@domain en mapas access/canonical/virtual, pero también pueden usarse para dominios en mapas de transporte. Esto necesitaba el soporte de llave de búsqueda parcial para evitar pasar direcciones parciales a tablas de búsqueda basadas en regexp (user, @domain, user@, domain). Ficheros: global/maps.c global/mail_addr_find.c. ---------------------------- Líneas 2501-3000 -------------------------- Feature: new dictionary types can be registered with dict_open_register(). File: util/dict_open.c. 19990330 Bug fix: match_list membership dictionary lookups were case sensitive when they should not. Patch by Lutz Jaenicke, BTU Cottbus, Germany. 19990402 Feature: $domain macro support in forward_path. Philip A. Prindeville, Mirapoint, Inc., USA. File: local/dotforward.c. Feature: if an address extension (+foo) is explicitly matched by the .forward+foo file name, do not propagate the extension to recipient addresses. This is more consistent with the way aliases are expanded. File: local/dotforward.c. 19990404 Bugfix: after receiving mail, the SMTP server didn't reset the cleanup error flag, so that multiple deliveries over the same SMTP session could fail due to errors with previous deliveries. Found by Lamont Jones, Hewlett-Packard. 19990405 Feature: MIME-encapsulated bounces. Philip A. Prindeville, Mirapoint, Inc., USA. File: bounce/bounce_notify_service.c Cleanup: vstreams now properly look at the EOF flag before attempting to read, eliminating the need for typing Ctrl-D twice to test programs; the EOF flag is reset after each unget or seek operation. Files: util/vstream.c, util/vbuf.c. Feature: in preparation for configurable message headers the mac_parse() routine now balances the parentheses in ${name} or $(name). We need this in order to support conditional expressions such as ${name?text} where `text' contains other ${name} expressions. 19990406 Cleanup: changed MIME header information to make bounces more RFC 1892 compliant. 19990407 Feature: "best_mx_transport = local" delivers mail locally if the local machine is the best mail exchanger (by default, mail is bounced with a "mail loops back to myself" error). Config: in order to make feature tracking easier the source code distribution now has a copy of the default settings in conf/main.cf.default. Feature: separate configurable postmaster addresses for single bounces (bounce_notice_recipient), double bounces (2bounce_notice_recipient), delayed mail (delay_notice_recipient), and for other mailer errors (error_notice_recipient). The default for all is "postmaster". 19990408 Workaround: on Solaris 2.x, the master appears to lose its exclusive lock on the master.pid file, so keep grabbing the lock each time the master wakes up from select(). Robustness: don't flush VSTREAM buffers after I/O error. This prevents surprises when calling vstream_fclose() after truncating a mailbox to its original size. Portability: on LINUX systems, if exists, don't look for . Workaround: specify "sun_mailtool_compatibility = yes" to avoid clashes with the mailtool application. This disables kernel locks on mailbox files. Use only where needed. Portability: renamed readline to readlline, to avoid clashes with mysql. 19990409 Bugfix: ignore temp queue files that aren't old enough. Problem reported by Vivek Khera, Khera Communications, Inc. Bugfix: fixed typo in dict_db.c that caused processes to not release DB shared locks. Feature: auto-detection of changes to DB or DBM lookup tables. This avoids the need to run "postfix reload" after change to the smtp access table and other tables. Feature: regular expression checks for message headers. This requires support for POSIX or for PCRE regular expressions. Specify "header_checks = regexp:/file/name" or "header_checks = pcre:/file/name", and specify "/^header-name: badstuff/ REJECT" in the pattern file (patterns are case-insensitive by default). Code by Lamont Jones, Hewlett-Packard. It is to be expected that full content filtering will be delegated to an external command. 19990410 Bugfix: auto-detection of changes to DB or DBM lookup tables wasn't done for TCP connections. 19990410 Feature: $recipient expansion in forward_path. Philip A. Prindeville, Mirapoint, Inc., USA. File: local/dotforward.c Feature: the smtp client consistently treats a numerical hostname as an address. File: smtp/smtp_addr.c. 19990414 Compatibility: support comment lines starting with # in $mydestination include files. This makes Postfix more compatible with sendmail.cw files. File: util/match_list.c. Feature: if your machines have short host names, specify "mydomain = domain.name", and you no longer have to specify "myhostname = host.domain.name". Files: global/mail_params.c, postconf/postconf.c. 19990420 Cleanup: bounce mail when a mailbox goes over file quota, instead of deferring delivery. File: local/mailbox.c. 19990421 Feature: auto-detection of changes to DB or DBM lookup tables now includes the case where a file is unlinked. Philip A. Prindeville, Mirapoint, Inc., USA. File: util/dict.c. 19990422 Robustness: Lotus mail sends MAIL FROM: <@> instead of <>. Problem reported by Erik Toubro Nielsen, IFAD, Denmark. Files: trivial-rewrite/rewrite.c (@ becomes empty address) and global/rewrite_clnt.c (allow empty response). Bugfix: showq could segfault when writing to a broken pipe. Problem reported by Bryan Fullerton, Canadian Broadcasting Corporation. Files: util/vbuf_print.c. Cleanup: got rid of the "fatal: write error: Broken pipe" message when mailq output is piped into a program that terminates early. Cleanup: bounce messages are multipart/mixed with the error report as part of the first message segment, because users had trouble extracting the delivery error report from the attachment. 19990423 Cleanup: the default junk mail reject code is now 554 (service unavailable) rather than 550 (user unknown). Folded in the updated dict_ldap.c module by John Hensley, Merit Network, USA. Folded in the vstream_popen.c updates by Philip A. Prindeville, Mirapoint, Inc., USA. This copies a lot of code from pipe_command(); the next step is to trim that module. 19990425 Workaround: renamed config.h to mail_conf.h etc. in order to avoid name collisions with LINUX (yes, they have a system include file called config.h). For compatibility with people who have written software for Postfix, there's a config.h that aliases the old names to the new ones. That file will go away eventually. 19990426 Feature: error mailer, in order to easily bounce mail for specific destinations. In the transport table, specify: "host.domain error:host.domain is unavailable". Too bad that the transport table triggers on destination domain only; it would be nice to bounce specific users as well. 19990427 Cleanup: "disable_dns_lookups = yes" now should disable all DNS lookups by the SMTP client. 19990428 Bugfix: with DBM files, Postfix was watching the "dir" file modification time for changes. It should be watching the "pag" file instead. 19990429 Cleanup: all callbacks in the master to server API now pass on the service name and the application-specific argument vector. Files: master/*server.c. 19990504 Feature: conditional macro expansion. ${name?text} expands to text when name is defined, otherwise the result is empty. ${name:text} expands to text when name is undefined, otherwise the result is empty. File: util/mac_expand.c. Feature: conditional macro expansion of the forward_path configuration parameters of $user, $home, $shell, $recipient, $extension, $domain, $mailbox and $recipient_delimiter. Files: local/dotforward.c, local/local_expand.c. 19990506 Cleanup: eliminated misleading warnings about unknown HELO etc. SMTPD restrictions when the HELO etc. information is not available. File: smtpd/smtpd_check.c. 19990507 Feature: all smtpd reject messages now contain the MAIL FROM and RCPT TO addresses, if available. 19990508 Feature: conditional macro expansion of the luser_relay configuration parameter. It is no longer possible to specify /file/name or "|command" destinations. File: local/unknown.c. Cleanup: changed the mac_parse interface so that the application callback routine can return status information. Updated the dict_regexp and dict_pcre modules accordingly. Cleanup: changed the mac_expand interface so that the caller provides an attribute lookup routine, instead of having to provide a copy of all attributes upfront. Files: util/mac_expand.c, local/local_expand.c. Feature: control over how address extensions are propagated to other addresses. By default, propagation of unmatched address extensions is now restricted to canonical and virtual mappings. Specify "propagate_unmatched_extensions = canonical, virtual, alias, forward, include" to restore previous behavior. 19990509 Feature: USER, EXTENSION, DOMAIN, RECIPIENT (entire address) and MAILBOX (address localpart) environment variables are exported to shell commands (including mailbox_command). Feature: new command_expansion_filter parameter to control what characters may appear in message attributes that are exported via environment variables. Cleanup: SMTPD reject messages are more informative, and more complete sender/recipient information is logged for the local sysadmin. 19990510 Bugfix: missing MIME header in postmaster bounce notices. Found by Samuel Tardieu, Ecole Nationale Superieure des Telecommunications, France. Feature: UCE restrictions are always delayed until RCPT TO, VRFY or ETRN. To change back to the default specify "smtpd_delay_reject = no" in /etc/postfix/main.cf. Bugfix: missing duplicate filter call. This caused too many deliveries when a user is listed multiple times in an alias. Reported by Hideyuki Suzuki, School of Engineering, University of Tokyo. Backed out on 19990512 because it caused problems. Fixed 19990513 but needs further study. Feature: it is now possible to move queue files back into the maildrop queue, so that they can benefit from changes in canonical and virtual mappings. In order to make this possible, some restrictions on queue file contents were relaxed. Files: pickup/pickup.c, cleanup/cleanup_extracted.c. Feature: made a start with integrating Joerg Henne's dictionary extensions to remove entries and to iterate over entries. That code is almost four months old by now. 19990511 Feature: added a "undeliverable postmaster notification discarded" warning when mail is dropped on the floor. Requested by Michael Hasenstein, SuSE, Germany. 19990517 Bugfix: reject_non_fqdn_sender/recipient would pass user@[ip_address] regardless of destination. Eric Cholet had the honor of suffering from this one. 19990527 More SMTP client logging for easier debugging: the smtp client now logs hostname[ip.addr], and logs every failed attempt to reach an MX host, not just the last one. 19990601 Bugfix: emit a blank line before a MIME boundary; the line is part of the boundary. File: bounce/bounce_notify_service.c. Wolfgang Segmuller, IBM Research. 19990610 Bugfix: the "is this the loopback interface" test was broken. Reported by Claus Fischer @microworld.com. File: smtp/smtp_connect.c. Usability: added helpful warnings about restrictions that are being ignored after check_relay_domains, etc. Portability: Reliant Unix support by Gert-Jan Looy, Siemens, the Netherlands. 19990611 Robustness: the postfix-script start-up procedure now detects a missing master program, avoiding misleading warnings that the mail system is already running. Fix suggested by David E. Smith @technopagan.org. Portability: Mac OS X Server Port by Mark Miller @swoon.net. Feature: on systems that use dotlock files for mailbox locking, the local delivery agent now will attempt to use dotlock files when delivering to user-specified files. Dotlock files for user-specified destinations are created with the privileges of the user. For backwards compatibility, Postfix will attempt to create dotlocks for user-specified destinations only when the user has parent directory write permission. Feature: specify "expand_owner_alias = yes" in order to use the right-hand side of an owner- alias, instead of using the left-hand side address. Needed by Juergen Georgi. 19990622 Bugfix: the local delivery agent did not set user attributes when delivering to root, so that forward_path did not expand properly. Found by Jozsef Kadlecsik, KFKI Research Institute for Particle and Nuclear Physics, Hungary. File: local/dotforward.c. Bugfix: the unix:passwd.byname mechanism is not suitable for smtpd access control - the user name would have to end in @, or the access control software would have to be changed. Removed the example from the RELEASE_NOTES file. 19990623 Bugfix: the smtp server did not reset the error flag after ".". Found by James Ponder, Oaktree Internet Solutions Ltd. File: smtpd/smtpd.c. Bugfix: fencepost error in the doze() routine (an usleep() replacement for systems without one). Found by Simon J Mudd. File: util/doze.c. 19990624 Portability: support for AIX 3.2.5 (!) by Florian Lohoff @rfc822.org. Portability: Ultrix 4.3 support by Christian von Roques @pond.sub.org. Feature: mysql support by Scott Cotton and Joshua Marcus, Internet Consultants Group, Inc. Files: util/dict_myqsl.*. 19990627 Bugfix: Postfix is now distributed under the new IBM Public License (version 1, dated June 14, 1999). Feature: the Delivered-To: header can be turned off for delivery to command or file/mailbox. The default setting is: "prepend_delivered_header = command, file, forward". Turning off the Delivered-To: header when forwarding mail is not recommended. 19990628 Feature: the postlock command now returns EX_TEMPFAIL when the destination file is locked by another process. 19990705 Workaround: in the SMTP client, move the "mail loops back to myself test" from the 220 greeting to the HELO response. This change does not weaken the test, and makes Postfix more robust against broken software that greets with the client hostname. 19990706 Workaround: in the INSTALL file, use `&&' instead of `;' in (cd path; tar ...) pipelines because some UNIX re-invented shells don't bail out when cd fails. Matthias Andree @stud.uni-dortmund.de. 19990709 Bugfix: $user was not set when delivering to a non-user. Found by Vladimir Ulogov @ rohan.control.att.com when configuring a luser_relay that contained $user. 19990714 Robustness: add PATH statement to Solaris2 chroot setup script to avoid running the ucb commands. Problem found by Panagiotis Astithas @ ece.ntua.gr. 19990721 Bugfix: don't claim a "mail loops to myself" error when the best MX host was not found in the DNS. Found by Andrew McNamara, connect.com.au Pty Ltd. File: smtp/smtp_addr.c. 19990810 Feature: added "-c config_dir" support to the postconf command. This probably means that "-f file" will never be implemented. 19990812 Bugfix: showq didn't print properly when listing a maildrop file. Fix by: Andrew McNamara, connect.com.au Pty Ltd. File: showq/showq.c. Feature: added SENDER to the list of parameters exported to external commands. File: local/command.c. Code by: Lars Hecking, National Microelectronics Research Centre, Ireland. 19990813 Bugfix: sendmail -t (extract recipients from headers) did not work when the always_bcc feature was turned on. Reported by: Denis Shaposhnikov @ neva.vlink.ru. 19990813 Bugfix: "sendmail -bd" returns a bogus exit status (the child process ID). Fix by Lamont Jones of Hewlett-Packard. File: sendmail/sendmail.c. 19990824 Bugfix: null pointer dereference while rejecting VRFY before MAIL FROM. Found by Laurent Wacrenier @ fr.clara.net. 19990826 Portability: more MacOS X Server patches; some NEXTSTEP/OPENSTEP code that had been removed for the first public beta release; NEXTSTEP/OPENSTEP now defaults to netinfo for the aliases database. Submitted by Gerben Wierda. Portability: workaround for a FreeBSD 3.x active network interface without IP address by Pierre Beyssac @ enst.fr. File: inet_addr_local.c. 19990831 Workaround: sendmail now prints a warning when installed set-uid or when run by a set-uid command. Reportedly, the linuxconf software turns on the set-uid bit, which could open up a security loophole. File: sendmail/sendmail.c. Bugfix: Postfix daemons now temporarily lock DB/DBM files while opening them, in order to avoid "invalid argument" errors because some other process is changing the file. Files: util/dict_db.c, util/dict_dbm.c. Robustness: Postfix locks queue files during delivery, to prevent duplicate delivery when "postfix reload" is immediately followed by "sendmail -q". This involves a change of the deliver_request interface: delivery agents no longer need to open and close queue files explicitly. Files: global/deliver_request.c, pipe/pipe.c, smtp/smtp.c, local/local.c, qmgr/qmgr_active.c, qmgr/qmgr_message.c. Feature: reject_unauth_destination SMTP recipient restriction that rejects destinations not in $relay_domains. By Lamont Jones of Hewlett-Packard. File: smtpd/smtpd_check.c. ---------------------------- Líneas 3001-3500 -------------------------- Security: do not allow weird characters in the expansion of $names that appear in $forward_path. Just like with shell commands, replace bad characters in expansions by underscores. Configuration parameter: forward_expansion_filter. 19990902 Documentation: added a sample postfix alias to the examples in the INSTALL document and in the conf/aliases file. Reminded by Simon J. Mudd @ alltrading.com. 19990903 Bugfix: in case of some error conditions the pickup daemon could leak small amounts of memory. 19990905 Bugfix: no more "skipping further client input" warnings when a message header is rejected. Feature: reject_unauth_pipelining SMTP restriction that rejects mail from clients that improperly use SMTP command pipelining. Robustness: the LDAP client by default no longer looks up names containing "*". See the lookup_wildcards feature in LDAP_README. Update by John Hensley. Documentation: address masquerading with exceptions FAQ by Jim Seymour @ jimsun.LinxNet.com. Bugfix: mysql reconnect after disconnect by Scott Cotton Internet Consultants Group, Inc. File: util/dict_myqsl.c. Portability: the Postfix to PCRE interface now expects version 2.08. Postfix is no longer compatible with PCRE versions before 2.6. 19990906 Feature: INSTALL.sh script that makes Postfix installation a bit less painful. This script can be used for installing and for upgrading Postfix. It replaces files instead of overwriting them, and leaves existing configuration and queue files intact. 19990907 Bugfix: reject_non_fqdn_sender used the wrong test to see if a sender address was given and could dump core. This must have been broken ever since the UCE tests were moved to the RCPT TO stage in 19990510. Bugfix: check_sender_access was recognized as a valid restriction name only if a sender had been specified. 19990908 Portability: Unixware has only after sendmail is installed. Changed postlock.c to use global/sys_exits.h. 19990909 Performance: added one-entry cache to the address rewriting client and to the address resolving client. This is because UCE restrictions tend to produce the same query repeatedly. Files: global/rewrite_clnt.c, global/resolve_clnt.c. Feature: the UCE restrictions are now fully recursive so you can have per-client/helo/sender/recipient restrictions. Instead of OK, REJECT or [45]xx, you can specify a sequence of restrictions on the right-hand side of an SMTPD access table. This means you can no longer use canonical/virtual/alias maps as SMTPD access tables. But the loss is compensated for. File: smtpd/smtpd_access.c. Feature: restriction classes, essentially a short-hand for restriction lists. These short hands are useful mostly on the right-hand side of SMTPD access tables. You must use restriction classes in order to have lookup tables on the right-hand side of an SMTPD access table. File: smtpd/smtpd_access.c. Feature: "permit_recipient_map maptype:mapname" permits a recipient address when it matches the specified table. Lookups are done just as with canonical/virtual maps. With this, you can also use passwd/aliases as SMTPD access maps. File: smtpd/smtpd_access.c. 19990910 Changed "permit_address_map" into "permit_recipient_map" and added a test for the case that they specify a lookup table on the right-hand side of an SMTPD access map. File: smtpd/smtpd_access.c. Cleanup: removed spurious sender address checks for <>. File: smtpd/smtpd_check.c. Cleanup: the smtp client now consistently logs host[address] for all connection attempts. 19990919 Feature: in an SMTPD access map, an all-numeric right-hand side now means OK, for better cooperation with out-of-band authentication mechanisms. 19990922 Security: recipient addresses must not start with '-', in order to protect external commands. The old behavior is re-instated when main.cf specifies: "allow_min_user = yes". Credits to Mads Kiilerich @ Kiilerich.com. File: qmgr/qmgr_message.c. Bugfix: after 19990831, the queue manager would throw away defer logs after deferring mail to known-to-be-dead hosts or message transports. This means that in some cases, mailq would not show why mail is delayed, and that delayed mail could be sent back with recipients missing from the error report. Reported by Giulio Orsero @ tiscalinet.it. 19990923 Bugfix: the above bugfix broke bounces of mail with bad address syntax and relocated users. Problem diagnosed by Dick Porter @ acm.org. Documentation: added DO NOT EDIT THIS FILE. EDIT MAIN.CF INSTEAD notices to the sample-xxx.cf files. 19991007 Compatibility: ignore the sendmail -U (initial user submission) option. Thomas Quinot @ cuivre.fr.eu.org. 19991103 Code cleanup: don't send postmaster notifications when an SMTP client sends a DATA command while no recipients were accepted. This can happen when a pipelined client runs into an UCE block. File: smtpd/smtpd.c. 19991104 Robustness: do not apply UCE header checks to mail that is generated by Postfix (bounces, forwarded mail etc.). Files: smtpd/smtpd.c, pickup/pickup.c, cleanup/cleanup_message.c. Robustness: new generic watchdog module that can deal with clocks that jump occasionally. Files: util/watchdog.c, master/master.c, master/{single,multi,trigger}_server.c. This hopefully ends the false watchdog alarms that happen when clocks are set or when laptops are resumed. Code cleanup: BSMTP requires dot quoting as per RFC 821. Based on code by Florian Lohoff @ rfc822.org. Files: global/mail_copy.[hc], pipe/pipe.c. 19991105 Bugfix: the crufty code in inet_addr_local() did not find IP aliases. File: util/inet_addr_local.c. Portability: the INSTALL.sh utility did not find users or groups in NIS or Netinfo tables. The script no longer searches the /etc/passwd and /etc/group files. Instead it now queries the unix:passwd.byname and unix:group.byname maps. For this, a -q (query) option was added to postmap (and to postalias, for symmetry). Files: util/dict_unix.c, postalias/postalias.c, postmap/postmap.c, INSTALL.sh. Bugfix: LDAP lookup timeout settings were ignored. Patch by John Hensley. File: util/dict_ldap.c. 19991108 Bugfix: when doing a fresh install, INSTALL.sh didn't set main.cf:mail_owner properly (Simon J. Mudd). 19991109 Bugfix: when doing a fresh install, INSTALL.sh no longer worked (missing main.cf file). Fix: add "-c" argument to the postmap commands (Lars Hecking @ nmrc.ucc.ie). Documentation: removed spurious "do not edit" comments from the sample pcre and regexp configuration files. 19991110-13 Code cleanup: greatly simplified the SMTPD command parser and somewhat simplified the code that groks RFC 822-style address syntax in MAIL FROM and RCPT TO commands. New parameter: strict_rfc821_envelopes (default: no) to reject RFC 822 address forms (with comments etc.) in SMTP envelopes. By default, the Postfix SMTP server only logs a warning. 19991113 Oops, also updated the SMTP VRFY code in the light of changes to the SMTPD command parser. Cleanup: the local delivery agent now explicitly rejects recipients with an empty username. 19991114 Workaround: with some gawk versions, postconf/extract.awk reportedly returns a non-zero exit status upon success. Added an explicit exit(0) statement. 19991115 Feature: DNS TXT record lookup support, based on initial code by Simon J Mudd. File: dns/dns_lookup.c. Feature: RBL TXT record lookups, based on initial code by Simon J Mudd. File: smtpd/smtpd_check.c. Feature: permit_auth_destination restriction based on code by Jesper Skriver @ skriver.dk. Code cleanup: the transport table now can override all deliveries, including local ones. 19991116 Code cleanup: a new "local_transports" configuration parameter explicitly lists all transports that deliver mail locally. The first name listed there is the default local transport. This is the end of the "empty next-hop hostname" hack to indicate that a destination is local. Files: trivial-rewrite/resolve.c, global/local_transport.[hc] Feature: "postconf -m" shows what lookup table types are available. Code by Scott Cotton, Internet Consultants Group, Inc. Feature: "postconf -e" edits any number of main.cf parameters. The edit is done on a copy, and the copy is renamed into the place of the original. File: postconf/postconf.c, util/readlline.[hc]. 19991117 Portability: SunOS 4 has no SA_RESTART. File: util/watchdog.c. Feature: on systems with h_errno, the "reject_unknown_client" restriction now distinguishes between soft errors (always reply with 450) and hard errors (use the user-specified reply code). This should lessen the load by broken mailers that re-connect once a minute. Feature: forward/reverse name/address check for SMTP client hostnames. This fends off some hypothetical attacks by spammers who are in control of their own reverse mapping. Robustness: postconf no longer aborts when it can't figure out the local domain name; it prints a warning instead. This allows you to use "postconf -e" to fix the problem. 19991118 Bugfix: the RFC822 address parser would misparse a leading \ as an atom all by itself. Problem reported by Keith Stevenson @ louisville.edu. File: global/tok822_parse.c. 19991119 Bugfix: tiny memory leak in pipe_command() when fork() fails. File: global/pipe_command.c. 19991120 Bugfix: reversed test for all-numerical results in SMTPD access maps. File: smtpd/smtpd_check.c. 19991121 Robustness: INSTALL.sh no longer uses postmap for sanity checks. Feature: INSTALL.sh now has an install_root option. Bugfix: INSTALL.sh now installs manual pages with proper permissions and ownership. Bugfix: the LDAP client did not properly escape special characters in lookup keys (patch by John Hensley). File: util/dict_ldap.c. 19991122 Bugfix: missing absolute path in INSTALL.sh broke fresh install. 19991124 Bugfix: the local delivery agent's recipient duplicate filter did not work when configured to use unlimited memory (which is not a recommended setting). Patrik Rak @raxoft.cz. 19991125 Bugfix: postconf didn't have an umask(022) call at the beginning (problem experienced by Matthias Andree). 19991126 Bugfix: DNS TXT records now have string lengths before text (Mark Martinec @ nsc.ijs.si). 19991127 Update: the LDAP client code now supports escapes as per RFC2254 (John Hensley). 19991207 Performance: one message with many recipients no longer stops other mail from being delivered. The queue manager now frees in-memory recipients as soon as a message is delivered to one destination, rather than waiting until all in-memory destinations of that message have been tried. Patch by Patrik Rak @ raxoft.cz. Files: qmgr/qmgr_entry.c, qmgr/qmgr_message.c. Performance: when delivering mail to a huge list of recipients, the queue manager now reads more recipients from the queue file before delivery concurrency drops too low. Files: qmgr/qmgr_entry.c, qmgr/qmgr_message.c. 19991208 Updated LDAP client code by John Hensley with escape sequences as per RFC 2254. File: util/dict_ldap.c. Updated MYSQL client code by Scott Cotton. File: dict_mysql.c. Feature: added -N/-n options to include/exclude terminating nulls in keys and values in postmap/postalias DB or DBM files. Normally, Postfix uses whatever is appropriate for the host system. A non-default setting can be necessary for inter-operability with third-party software. Bugfix: the local delivery agent would deliver to the user instead of the .forward file when the .forward file was already visited via some non-recursive path. Patch by Patrik Rak @ raxoft.cz. Files: global/been_here.c, local/dotforward.c. Robustness: attempt to deliver all addresses in the expansion of an alias or .forward file, even when some addresses must be deferred. File: local/token.c. 19991211 Performance: qmgr_fudge_factor controls what percentage of delivery resources Postfix will devote to one message. With 100%, delivery of one message does not begin before delivery of the previous message is completed. This is good for list performance, bad for one-to-one mail. With 10%, response time for one-to-one mail improves much, but list performance suffers. In the worst case, people near the start of a mailing list get a burst of postings today, while people near the end of the list get that same burst of postings a whole day later. Files: qmgr/qmgr_message.c, qmgr/qmgr_entry.c. Bugfix: address rewriting would panic on a lone \ at the end of a line where an address was expected. Jason Hoos @ thwack.net. File: global/rewrite_clnt.c. 19991215 Bugfix: the strict RFC821 envelope address check should not be applied to VRFY commands. File: smtpd/smtpd.c. Cleanup: permit_recipient_maps is gone, because that could only be used inside UCE restrictions. 19991216 Feature: allow an empty inet_interfaces parameter, just like an empty mydestination parameter. It's needed for true null clients and for firewalls that deliver no local mail. Feature: "disable_vrfy_command = yes" disables some forms of address harvesting used by spammers. Workaround: added the alias map parameter definition to the smtpd code. This is a symptom of a general problem with parameters that have non-empty default values: unless a program explicitly defines such a parameter, the parameter defaults to the empty string when used in other parameters. There's also a problem with evaluation order. Feature: the SMTP server rejects mail for unknown users in virtual domains that are defined by Postfix virtual domain files. File: smtpd/smtpd_check.c. Feature: reject mail for unknown local users at the SMTP port. The local_recipient_maps configuration parameter specifies maps with all addresses that are local with respect to $mydestination or $inet_interfaces. Example: "local_recipient_maps = $alias_maps unix:passwd.byname". This feature is disabled by default. You may have to copy the passwd file into the chroot jail. File: smtpd/smtpd_check.c. Feature: the sendmail -f option now understands '' and even understands address forms with RFC 822-style comments. 19991217 Cleanup: no more UCE checks for VRFY commands. It still reports unknown local/virtual users. File: smtpd/smtpd_check.c. Robustness: upon Postfix startup, report discrepancies between system files inside and outside the chroot jail. Files: conf/postfix-script-nosgid, conf/postfix-script-sgid. 19991218 Cleanup: INSTALL.sh produces relative symlinks, which is necessary when install_root is not /. 19991219 Documentation: completely reorganized the FAQ and added many new entries. Rewrote the UCE html documentation. Cleanup: INSTALL.sh uses a configurable directory for scratch files, so that it can install from a file system that is not writable by the super-user. Cleanup: INSTALL.sh gives helpful hints when the "mv" command is unable to move symlinks across file system boundaries. 19991220 Cleanup: it is no longer necessary to list $virtual_maps as part of the relay_domains definition. The SMTP server now by default accepts mail for destinations that match $inet_interfaces, $mydestination or $virtual_maps, whether or not these are specified in relay_domains. We still need the ugly "virtual.domain whatever" hack in the virtual maps. Files: smtpd/smtpd_check.c and lots of documentation and sample config files. 19991221 Removed cyrus -q flag (ignore quotas) from the sample master.cf file. 19991223 Bugfix: smtpd should not check for unknown users when running in stand-alone (sendmail -bs) mode. Problem experienced by Chuck Mead. File: smtpd/smtpd.c. Retraction: the "local_transports" configuration parameter is gone. Adjusted code and documentation accordingly. Instead, use just one "local_transport" parameter with the name of the default local transport. Files: smtpd/smtpd_check.c, qmgr/qmgr_message.c, trivial-rewrite/ resolve.c, local/resolve.c. Feature: Postfix SMTPD now insists that the smtpd recipient restrictions contain at least one restriction that by default rejects mail. This should make it much more difficult to change Postfix into an open relay. File: smtpd/smtpd_check.c. Retraction: null-length inet_interfaces is too confusing. 19991224 Bugfix: the relative symlink code in INSTALL.sh computed the ../ prefix from the wrong pathname. 1999122[5-7] Feature: "allow_untrusted_routing = no" (default) prevents forwarding of source-routed mail from untrusted clients to destinations that are blessed by the relay_domains parameter (example: user@domain2@domain1 etc.). This plugs a mail relay loophole where a backup MX host forwards junk mail to a primary MX host which forwards the junk to the Internet. Files: global/quote_822_local.c, smtp/quote_821_local.c, trivial-rewrite/rewrite.c, trivial-rewrite/resolve.c, smtp/smtpd_check.c. In order to make this possible, the Postfix resolver data structure and protocol has changed, so that all resolver ---------------------------- Líneas 3501-4000 -------------------------- clients need to be re-compiled. Side effect from the above change: from now on, an address with @ in the recipient localpart no longer bounces with "user unknown" but instead is rejected with "relay access denied" or "source-routed relay access denied". 19991227 Workaround: the BSD/OS "mkdir -p" and "cmp -s" commands misbehave on boundary cases: directory exists or file does not exist. Those who re-invent... 19991229 Added the no source routing info requirement to addresses accepted by the permit_mx_backup UCE restriction. 19991230 Added a spawn daemon (not compiled and installed by default) to enable LMTP delivery over UNIX-domain sockets. The goal is to simplify the experimental LMTP delivery agent by ripping out the privileged code that forks the LMTP server. 20000102 Clarified documentation after early feedback on the 19991231 release by Drew Derbyshire, Ollivier Robert, Khetan Gajjar. Sanity check: a common error is to list Postfix virtual domains in the mydestination parameter. This causes the new optional local_recipient_maps feature to reject mail for virtual users. The SMTP server now explicitly tests for this common error and logs a warning instead of refusing the mail. File: smtpd/smtpd_check.c. 20000104 Bugfix: a case sensitivity bug had slipped through in the anti-relaying code, causing mail for USER@VIRTUAL.DOMAIN to be rejected with "relay access denied". This was found by Jim Maenpaa @ jmm.com. Questionable feature: set "smtp_skip_5xx_greeting = yes" to make Postfix more sendmail compatible, even though this is wrong, IMNSHO. File: smtp/smtp_connect.c. Portability: Ultrix patch from Simon Burge @ thistledown.com.au. Portability: Siemens Pyramid (dcosx) patch by Thomas D. Knox @ vushta.com. Performance: FreeBSD has bidirectional pipes that are faster than socketpairs. Anticipating on more platform-specific optimizations, all duplex pipe plumbing is now isolated in a duplex_pipe.c module that provides a system-independent interface. 20000105 Cleanup: the INSTALL.sh script now updates the sample files in /etc/postfix even when main.cf exists. 20000106 Bugfix: the SMTP server should consult the relocated map for virtual destinations (Denis Shaposhnikov). Files: smtpd/smtpd.c smtpd/smtpd_check.c. 20000108 Workaround: rename() over NFS can fail with ENOENT even when the operation succeeds (Graham Orndorff @ WebTV). This is not news. Any non-idempotent operation can fail over NFS when the NFS server's acknowledgment is lost and the NFS client code retries the operation (other examples are: create, symlink, link, unlink, mkdir, rmdir). Postfix has workarounds for the cases where this is most likely to cause trouble. Files: util/sane_{rename,link}.[hc]. If you want reliable mail system, do not use NFS. 20000115 Workaround: better detection of bad hardware. Added SIGBUS to the list of signals that the master will log before exiting. 20000122 Portability: preliminary SCO5 port Christopher Wong @ csports.com. This still needs to a workaround for "find" not supporting "-type s" (actually, UNIX-domain sockets have no unique representation in the file system and show up as FIFOs). 20000115-22 Bugfix: in case of a too long message header, don't extract recipients from message headers. With the previous behavior, Bcc information could be left in the message body, as one person found out the hard way. Files: cleanup/cleanup.c, cleanup/cleanup_extracted.c, global/cleanup_user.h. 20000124 Whatever: RFC 1869 amends RFC 821 and specifies that code 555 is to be used when a MAIL FROM or RCPT TO parameter is not implemented or not recognized. Russ Allbery @stanford.edu. This reply code is added to the list of reply codes that cause the Postfix SMTP client to mail a transcript to the postmaster. File: smtp/smtp_trouble.c. 20000126 Emergency feature: qmgr_site_hog_factor (default: 90 percent) limits the amount of resources that Postfix devotes to a single destination. With less than 100, Postfix defers the excess mail so that one site with a large backlog does not block other deliveries. Files: qmgr/qmgr.c, qmgr/qmgr_message.c. 20000128 Cleanup: the queue manager no longer replaces the nexthop field by the recipient localpart when a destination matches $mydestination/$inet_interfaces. The price is the introduction of a new parameter local_destination_recipient_limit which defaults to 1 in order to maintain backwards compatibility. Files: qmgr/qmgr.c, qmgr/qmgr_message.c. 20000129 Bugfix: extracted recipients were misfiled when a message was moved back to the maildrop queue. But they still worked due to a coincidence. Feature: bounce_recip() bounces a recipient immediately without accessing a bounce logfile. This is necessary for VERP bounces, for bounces by delivery agents that change the sender address, and for bounces that for some reason must not use temporary logfiles. Files: global/bounce.c, bounce/bounce_recip_service.c. 20000130 Bugfix: the too long header fix of 20000115-22 lost mail with too long headers that didn't need to extract recipients from message headers. Bugfix: the too long header fix of 20000115-22 lost mail without (blank line + message body). Code rewrite: reorganized the cleanup daemon source code so that the cleanup service can be called one record at a time (see cleanup/cleanup_api.c); also got rid of the global state variables and fixed a couple bugs that were introduced with 20000115-22. 20000204 Feature: in daemon mode, the MAIL FROM size check can be postponed until RCPT TO so that Postfix can log sender and recipient. Simon J Mudd. Files: smtpd/smtpd.c Robustness: limit the number of recipient addresses that can be extracted from message headers. Parameter: extract_recipient_limit (default: 10240). Files: cleanup/cleanup_message.c, cleanup/cleanup_extracted.c. Cleanup: the message header reject logging now includes sender and recipient address (if possible), so that the logging looks more like the other reject logging. File: cleanup/cleanup_message.c. Documentation: added sections on regular expression tables to the access, canonical, virtual, transport and relocated man pages, and write new man pages that are specific to regular expressions: pcre_table.5 and regexp_table.5. 20000214 Bugfix: postconf reported some parameters more than once because the parameter extracting script didn't recognize lines that differ in whitespace only. File: postconf/extract.awk. Reported by Kenn Martin. 20000221 Logging: the SMTP client now logs log host+port when it is unable to connect to a non-MX host, just like it logs host+port when unable to connect to an MX host. 20000226 Bugfix: the SMTP server's "User unknown" test didn't notice LDAP etc. dictionary access errors. The code now reports a 450 status (try again instead of bounce) if the reply is not definitive. File: smtp/smtpd_check.c. Robustness: the smtp-source program could stall when making hundreds of parallel connections to a Postfix system with only one SMTP server process. The fix is to use non-blocking connect() calls, very carefully. File: smtpstone/smtp-source.c. 20000303 Feature: with smtp_always_send_ehlo the SMTP client will send EHLO regardless of the content of the SMTP server's greeting. File: smtp/smtp_proto.c. 20000304 Feature: DICT_FLAG_SYNC_UPDATE flag for synchronous dictionary updates, if supported by the underlying mechanism. Files: util/dict.h, util/dict_open.c, util/dict_db.c. 20000307 Cleanup: the manual pages in Postfix configuration files no longer contain troff formatting codes. The text is now generated from prototype files in a new "proto" subdirectory. Requested by Matthias Andree @ stud.uni-dortmund.de. 20000308 Bugfix: the unused db and dbm "delete" routines would clobber the per-dictionary flags when called before reading or writing the table. Files: util/dict_dbm.c, util/dict_db.c. Lutz Jaenicke @ aet.TU-Cottbus.DE. Bugfix: the SMTP server would produce a cryptic message when a queue file write error happened before it had written any recipients. Keith Stevenson. File: smtpd/smtpd.c. Robustness: the db and dbm "delete" routines didn't adjust to dictionaries with/without one trailing null in lookup keys and values. Did a complete rewrite of the routines. Files: util/dict_db.c, util/dict_dbm.c. Feature: specify "-d key" to postalias or postmap in order to remove one key. This still needs to be generalized to multi-key removal (read stdin?). Files: postmap/postmap.c, postalias/postalias.c. Test: added test targets for the dictionary delete operations. Files: util/Makefile.in, util/dict_test.{c,in,ref}. Feature: added data offset and recipient count fields to the first queue file record output from the cleanup daemon. The recipient counts provides an initial estimate for a more advanced queue manager scheduling algorithm. Files: cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c. 20000311 Portability: HP-UX awk can't handle bare { in regexps (Lamont Jones. HP). File: postconf/extract.awk. Compatibility: sendmail now recognizes '.' as end of input. File: sendmail/sendmail.c. 20000313 Compatibility: dtcm (CDE desktop calendar manager) leaks a file descriptor into its child process, and requires that sendmail closes the descriptor, otherwise mail notification will hang. These GUI programmers never figured out that the child process must close the writing end of a pipe. File: sendmail/sendmail.c. 20000314 Feature: SASL authentication in the SMTP server and client. Based on code contributed by Till Franke, SuSE. Specify: "smtpd_sasl_auth_enable = yes" and "smtp_sasl_auth_enable = yes". The "permit_sasl_authenticated" UCE restriction gives special treatment to authenticated clients. 20000315 Workaround: added -blibpath option for AIX 4.x, to close hole in case postdrop needs to be set-gid. 20000320 Portability: FreeBSD 5.x added to the list of supported systems (Mark Huizer). 20000323 Portability: INSTALL.sh looks if sendmail is in /usr/lib rather than in /usr/sbin. 20000326 Bugfix: settings in one mysql configuration file would act as the implicit defaults for the next one, which could be confusing. Patch by Scott Cotton. File: util/dict_mysql.c. Robustness: limit the number of "junk" commands that can be issued in an SMTP session (ex.: NOOP, VRFY, ETRN, RSET). Problem report by Michael Ju. Tokarev @ tls.msk.ru. Files: global/mail_params.h, smtpd/smtpd.c. 20000413 Portability: more MacOS X patches by Gerben Wierda. Bugfix: RFC 822 requires the presence of at least one destination message header. The cleanup daemon now generates a generic "To: undisclosed-recipients:;" message header when no destination header is present. The header content is specified with the undisclosed_recipients_header parameter. Problem pointed out by Geoff Gibbs, UK-Human Genome Mapping Project-Resource Centre. 20000416 Workaround: allow <(comment)> as SMTP MAIL FROM address. 20000417 The SASL authentication in the SMTP server and client works, but only on Linux and Solaris, neither of which I wish to run on my laptop. 20000418 Added LMTP support to the smtp-source and smtp-sink utilities so that I don't have to install Cyrus IMAP just to test LMTP. 20000419 Bugfix: removed the () from the tokenized representation of RFC 822 comments, so that comments with \( or \) can be unparsed correctly. Problem reported by Bodo Moeller. 20000423 Bugfix: mail_copy() could prepend > or . in the middle of long lines. Found by code inspection. 20000427 New code: unescape module that translates C escape sequences into their equivalent character values. File: util/unescape.c. Feature: the pipe mailer now has a way to specify the output record delimiter (for example, eol=\r\n). This is necessary for transports that require CRLF instead of UNIX-style LF. 20000502 In order to support timeouts more conveniently, VSTREAMs now have built into them the concept of timeout. Instead of calling read() and write(), the low-level VSTREAM interface now by default uses timed_read() and timed_write() which receive a timeout parameter; vstream_ctl(stream, VSTREAM_CTL_TIMEOUT...) sets the timeout deadline on a stream, and vstream_ftimeout(stream) queries a stream for timeout errors. This change simplified timeout handling considerably. Files: util/vbuf.h, util/vstream.[hc], global/smtp_stream.c, global/timed_ipc.c. 20000504 Added application context to VSTREAMs, which is passed on transparently to application-provided read/write routines. vstream_ctl(stream, VSTREAM_CTL_CONTEXT...) sets the context. Files: util/vstream.[hc]. Added vstream_setjmp() and vstream_longjmp() support to make exception handling more convenient. Turn on exception handling with vstream_ctl(stream, VSTREAM_CTL_EXCEPT...). Files: util/vstream.[hc]. Cleaned up the smtp_stream module further and got rid of the global state that limited the use of this module to one stream per process. Files: global/smtp_stream.[hc]. 20000505 Bugfix: the SMTP server now flushes unwritten output before tarpit delays, to avoid protocol timeouts in pipelined sessions when a client causes lots of errors. Found by Lamont Jones, HP. File: smtpd/smtpd_chat.c. Finished the LMTP client, which is based on a modified version of the SMTP client by Philippe Prindeville, Mirapoint, Inc., later modified by Amos Gouaux, UTDallas, and then Wietse ripped it all up again. Currently this talks LMTP over TCP only. Feature: override main.cf parameters in master.cf. Specify "-o parameter=value" after the program name. This allows you to selectively override myhostname etc. See also the new smtp_bind_address parameter below. 20000506 Convenience: the LMTP and SMTP clients now append the local domain to unqualified nexthop destinations. This makes it more convenient to set up transport maps. Files: lmtp/lmtp_addr.c, smtp/smtp_addr.c. Sendmail compatibility: the Postfix SMTP client now skips servers that greet the client with a 4xx or 5xx status code. To disable, set both smtp_skip_4xx_greeting and smtp_skip_5xx_greeting to "no". 20000507 Portability: NetBSD has migrated to /etc/mail/aliases. We can expect to see this happen more often when systems start shipping Sendmail 8.10. File: util/sys_defs.h Updated LDAP code by John Hensley, with support for dereferencing of LDAP aliases, which have nothing to do with Postfix aliases. Feature: "smtp_bind_address=x.x.x.x" specifies the source IP address for SMTP client connections. Specify in master.cf as "smtp -o smtp_bind_address=x.x.x.x" in order to give different delivery agents different source addresses. 20000510 Cleanup: mailbox_transport did not work with the lmtp delivery agent. This dates back to when Postfix used empty nexthop information to indicate that a destination was local. File: global/deliver_pass.c. Bugfix: configuration parameters for one mysql dictionary would become default settings for the next one. File: dict_mysql.c. This patch was merged into Postfix a while back but apparently that Postfix version was nuked when other parts were redesigned. Update by Scott Cotton. Bugfix: some Postfix delivery agents would abort on addresses of the form `stuff@.' which could be generated only locally. Found by Patrik Rak. File: trivial-rewrite/resolve.c. Third-party Berkeley DB support for HP-UX by Lamont Jones. File: makedefs. 20000511 Bugfix: Postfix would incorrectly reject domain names with adjacent - characters. File: util/valid_hostname.c. Bugfix: the 20000505 pipeline tarpit delay flush was wrong and caused the client and server to get out of phase. Yuck! 20000513 Feature: VSTREAMs now have the concept of last fill/flush time, which is needed to prevent timeouts with pipelined SMTP sessions as detailed in the next item. Bugfix: delayed SMTP command/reply flushing to prevent sender delays from accumulating too much and causing timeouts with pipelined sessions. For example, client-side delays happen when a client does DNS lookups to replace hostname aliases in MAIL FROM or RCPT TO commands; server-side delays happen when an UCE restriction involves a time-consuming DNS lookup, or when a server generates tarpit delays. Files: lmtp/lmtp_proto.c, smtp/smtp_proto.c, smtpd/smtpd_chat.c. Portability: define ANAL_CAST for compilation environments that reject explicit casts between pointers and integral types. File: util/sys_defs.h, master/*server.c. Upon closer investigation, this turned out to be the result of someone's compiler configuration preferences. Therefore the change is likely to go away after a code cleanup. 20000514 Feature: mysql client support for multi-valued queries (select email, email2 from aliastbl where username='$local') By Loic Le Loarer @ m4x.org. File: util/dict_mysql.c. Finalized the delayed SMTP command/reply flushing code in the SMTP and LMTP clients after lots of testing and review. 20000520 Robustness: upon receipt of mail, map the mailer-daemon sender address back into the magic null string. File: cleanup/cleanup_envelope.c. 20000524 Bugfix: the code for masquerade_exceptions was case sensitive. Reported by Eduard Vopicka. File: cleanup/cleanup_masquerade.c. 20000526 Feature: experimental queue manager by Patrik Rak with a ---------------------------- Líneas 4001-4500 -------------------------- fancy pre-emptive scheduling algorithm that improves delivery performance of mail with few recipients. This queue manager is made available as "nqmgr". 20000528 Feature: the SMTP client SASL password file can contain entries for destination domain names (the address remote part) not just mail server hostnames. File: smtp_sasl_glue.c. Feature: smtpd_sasl_local_domain parameter (default: $myhostname) to specify the local SASL authentication realm. File: smtpd_sasl_glue.c. Feature: specify "body_checks=regexp:/file/name" for a very crude one line at a time message body content filter. This feature uses the same filtering syntax as the header_checks feature. File: cleanup/cleanup_message.c. See also the conf/sample-filter.cf file. 20000530 Feature: full content filtering through external software. This uses existing interfaces for sending mail to the external content filter and for injecting it back into Postfix. Details in FILTER_README. Files: pickup/pickup.c, smtpd/smtpd.c, qmgr/qmgr_message.c. 20000531 More SASL feedback by Liviu Daia, regarding the use of authentication realms. File smtpd/smtpd_sasl_glue.c. Added a simple shell-script based content filtering example to the FILTER_README file. Content filtering support for nqmgr by Patrik Rak. File: nqmgr/qmgr_message.c. Renamed "content inspection" etc. to "content filtering" in anticipation of a new hook for content inspection that only inspects mail without re-injecting it into Postfix. 20000601 Feature: limit the size of pipe mailer deliveries with the size=nnn command-line attribute. Patch by Andrew McNamara. 20000603 Bugfix: don't try to do SASL authentication when running in stand-alone (sendmail -bs) mode. Fix by Liviu Daia. Bug: the unauthorized pipelining test fails with single recipient mail when smtpd_delay_reject = yes. 20000617 Bugfix: conf/sample-ldap.cf was no longer up to date with reality. Patch by Lamont Jones, HP. Bugfix: the maildir delivery routine left temporary files lying around after unsuccessful delivery (problem reported by Brian Laughton @ Corp.Axxent.Ca). 20000621 AIX 4.x had POSIX regular expression support all the time I was working on Postfix. Better find out late than never. 20000623 Bugfix: the SMTP server did not reset the so-called junk command counter after successful delivery (Mark Hoffman @ wallst.com). File: smtpd/smtpd.c. 20000625 Cleanup: remove Content-Length from incoming mail. The sender has no authority over the format of mail as stored by the receiving system. File: global/header_opts.h. Feature: rewrite Mail-Followup-To: as sender. Files: global/header_opts.[hc]. Cleanup: rewrite Reply-To, Errors-To, Return-Receipt-To as sender, so that address masquerading works as expected. Files: global/header_opts.c. Feature: specify "require_home_directory = yes" to prevent mail from being delivered to a user whose home directory is not mounted. File: local/dotforward.c. Cleanup: the pipe deliver agent no longer appends a blank line when the F flag (prepend From_ line) is specified. Specify the B flag if you need that blank line. The local delivery agent no longer appends a blank line to mail that is delivered to external command. Files: pipe/pipe.c, global/mail_copy.[hc]. 20000708 Portability: support for NEXT/OPENSTEP requires extra include file in util/watchdog.c (Masaki Murase). 20000715 Added macros to turn on vstream/vstring/etc. format string checking by gcc, in addition to the checking that was already implemented with printfck. File: util/sys_defs.h, the macros for PRINTFLIKE and SCANFLIKE. Problem - unlike the printfck tool, gcc finds format argument type mismatches only in code that isn't #ifdef-ed out. 20000718 Robustness: make_dirs() now continues when a missing directory is created by another process. 20000720 Feature: the queue manager now logs the number of recipients when opening a queue file (a zero recipient count is logged with older queue files). File: global/opened.c. 20000726 Robustness: added watchdog_pat() routine to keep the watchdog quiet if a client stays connected for a lot of time. Files: util/watchdog.[hc], smtpd/smtpd.c. 20000729 Robustness: if relayhost is specified but the host does not exist, defer mail instead of bouncing it (which would lose the mail if the bounce would have to be delivered to that same non-existent relayhost). Problem reported by Chris Cooper @ maths.ox.ac.uk. File: smtp/smtp_connect.c. 20000821 Feature: added -r (replace key+value) option to postalias and postmap. Cleanup: smtpd now replies with 555 when the client sends unrecognized RCPT TO parameters, as required by RFC 1869 (problem report by Robert Norris @ its.monash.edu.au). File: smtpd/smtpd.c. 20000822 Logging: the SMTP server's SASL code logs the authentication method along with an authentication failure. Suggested by Ronald F. Guilmette @ monkeys.com. Workaround: some systems have file size resource limits that cannot be represented with the off_t type that is used by standard functions such as lseek(2). Problem reported by Blaz Zupan @ amis.net. 20000823 Feature: all this discussion about when to reject mail and when not made me decide to implement a TCP-based map type so that it becomes relatively simple to implement dynamic access controls, for example, hold off mail from an unknown client or sender until we have completed some investigation, after which we will either reject or accept. However, this code is turned off until it is finished. 20000905 Robustness: the dns client now rejects malformed domain names rather than depending on the DNS to report that the name does not exist. Linux returns a rather misleading server failure code as found out by Patrik Rak. File: dns/dns_lookup.c. 20000911 Feature: added IGNORE keyword to header_checks and body_checks to pretend that certain data does not exist. File: cleanup/cleanup_message.c. 20000911 Bugfix: the SASL code did not allow MAIL FROM... AUTH=sender without prior authentication. The RFC allows this, although one wonders what the reasoning behind this is. File: smtpd/smtpd_sasl_proto.c. 20000913 Bugfix: the rmail script did not handle remote UUCP systems that send a from_ line with unqualified envelope sender. Reported by Luciano Mannucci. Compatibility: don't insert Sender: header lines. Sendmail has not done so for at least 10 years, if it ever did. Problem reported by Brad Knowles. File: cleanup/cleanup_message.c. 20000916 Bugfix: when propagating an address extension in a virtual or canonical mapping, cleanup accesses memory that is no longer allocated. This can happen when the result address length is more than 100 characters. Problem reported by Adi Prasaja @ satunet.com. File: global/mail_addr_crunch.c. Bugfix: fixed a misleading error message when the cleanup server reaches the queue file size limit. Fix by Robby Griffin @ MIT.EDU. File: cleanup/cleanup_extracted.c. 20000917 Bugfix: postalias -i would complain about duplicate entries for the Sendmail-compatible @ entry and for the NIS-compatible YP_LAST_MODIFIED and YP_MASTER_NAME entries. 20000918 Gross hack: prevent looping on a bad recipient by always forwarding recipients in :include: files to a new mail delivery request, even when owner-listname is not set. File: local/recipient.c. 20000919 Convenience: INSTALL.sh now imports default settings from the process environment, in order to make scripting easier. Robustness: INSTALL.sh now systematically skips over CVS, RCS and SCCS cruft. Portability: another fix for NEXTSTEP (Masaki MURASE). File: util/spawn_command.h. 20000920 Cleanup: in a transport table entry, do not ignore port numbers specified as [host]:port. In fact, this is now becoming the preferred form, in order to avoid parsing problems with IPV6 addresses. Postfix supports both forms, but future versions will print a warning for the old form. Problem reported by Claus Fischer @ werhats.at Bugfix: missing initialization for state->sasl_method can cause permit_sasl_authenticated to always succeed. Report and fix by Lutz Jaenicke @ aet.TU-Cottbus.DE. FAQ: added notes about how to delete, copy or restore queue files in a safe manner. 20000921 File reorganization. No code change except Makefiles. All sources are pushed down by one directory level to keep file listings usable. Released as 20000922, so that I have a reference to run "diff -cr against. Bugfix: the spawn service was installed without man pages. Portability: MacOSX hints and tips by Joe Block, University of Central Florida School of Optics/CREOL Portability: The MacOSX gcc compiler does not understand the new printf_like/scanf_like attributes. File: util/sys_defs.h. 20000922 nqmgr update from Patrik Rak for the changed queue manager to delivery agent protocol. Lame feature: syslog_facility parameter to control where syslogd sends Postfix logging (default: syslog_facility = mail). However, errors during command-line parsing are still logged with the default syslog facility, as are errors while processing the main.cf file (surprise). Based on code by Andrew McNamara. 20000923 Cleanup: new bounce logfile API so that Postfix can change to an extensible bounce logfile format with per-recipient sender addresses (needed for VERP and for reporting local list delivery problems to the list owner) and other attributes. File: global/bounce_log.[hc]. Cleanup: replaced the ad-hoc logfile parsing code in showq by something that uses the generic bounce logfile API. 20000924 Feature: Postfix bounced mail and delayed mail notifications now have the standard RFC 1894 form (DSN). The bounce service now uses the generic bounce logfile API. File: bounce/bounce_notify_service.c, bounce/bounce_notify_util.c. Cleanup: deleted the per-recipient bounce protocol. Future bounce logfiles will support per-recipient bounce addresses. Files: global/bounce.c, bounce/bounce_recip_service. 20000925 Workaround: sendmail allows MAIL FROM and RCPT TO envelope addresses like > so we will never get rid of them. To disallow, specify "strict_rfc821_envelopes = yes". File: smtpd/smtpd.c. 20000926-20001003 Feature: a "flush" server that keeps per-destination records of deferred mail. It is the basis of a faster ETRN and "sendmail -qRsite" implementation. This code was rewritten half a dozen times. 20000928 Bugfix: the stricter dns_lookup() argument checks revealed that Postfix was doing DNS lookups for domain literals ([ip.address]) when expanding aliases in MAIL FROM and RCPT TO address parameters. Reported by Jim Littlefield. File: smtp/smtp_unalias.c. Documentation: added text on the biff=yes/no parameter to conf/sample-local.cf (text provided by Paul Wagland, relational-consultancy.com. Robustness? Log errors from SASL library code as warnings not as fatal errors. Files: smtp*/*glue.c. 20001001 Feature: in master.cf, specify ? after wakeup time to avoid waking up services that aren't being used. 20001003 Feature: the fast flush refresh and purge time interval parameters can now be specified in user-specified units by providing an appropriate suffix: s (seconds), m (minutes), h (hours), d (days), w (weeks). unit. This was needed so that I could test the flush server code in a reasonable way (its timeouts are normally specified in days or hours, and I don't have that much time for testing). Other Postfix time interval parameters will be migrated as time permits. Files: conf/sample-flush.cf, global/mail_conf_time.c, postconf/postconf.c. Unfeature: qmgr_hog_factor is now disabled by default. It was just too confusing. If you don't know what this means, do not worry. 20001005 Cleanup: after "postfix reload" do not penalize mail that was in the active queue, but make it ready for immediate delivery so that ETRN etc. works as intended. Files: *qmgr/qmgr.c, *qmgr/qmgr_active.c. Portability: Redhat 7 library interfaces have changed incompatibly, which breaks existing software. File makedefs. Consistency: the fallback_relay parameter did not understand the [] or host:port syntax, and there was no way to suppress MX record lookups. Files: smtp/smtp_addr.c, smtp/smtp_connect.c. Convenience: you can now specify multiple SMTP destinations in the relayhost or fallback_relay configuration parameters. The specified destinations will be tried in the specified order. File: smtp/smtp_connect.c. Many typographical corrections by Matthias Andree. 20001024 Documentation: the canonical, virtual etc. manual pages did not document the effect of leading whitespace. 20001025 Bugfix: virtual map expansion stopped too early with self-referential aliases. Reported by Michael Douglass @ datafoundry.net. File: cleanup/cleanup_map1n.c. 20001026 Horror: postmap and postalias (newaliases) silently lose the file lock while building a lookup table with Berkeley DB 2.x and later on Solaris, HP-UX, IRIX, and UNIXWARE. The result is that table lookups fail while the table is being built, so that mail is lost. In order to avoid this misbehavior one has to use an undocumented feature that is NOT available with the DB1.85 compatibility interface. Therefore, Postfix now supports three Berkeley DB programming interfaces of increasing complexity. File: util/dict_db.c. Bugfix: some character manipulations were not portable for signed/unsigned characters. Files: global/quote_821_local.c, global/quote_822_local.c. Workaround: apparently, some software sends SMTP mail that begins with "From sender time-stamp". Sendmail silently ignores such RFC violating garbage, and therefore Postfix needs to jump another hoop. File: smtpd/smtpd.c. 20001028 Bugfix: the flush server tried to access config files after going to the chroot jail. Found by Lutz Jaenicke, TU-Cottbus.DE. File: flush/flush.c. Update: revised LDAP module from primary maintainer John Hensley, with contributions from many other people. Files: util/dict_ldap.c, LDAP_README. Update: LINUX2 chroot setup script by Matthias Andree, uni-dortmund.de. Feature: specify unix:/path/name for LMTP connections over UNIX-domain sockets, and specify inet:host or inet:host:port for IPV4. If no unix: or inet: is specified, IPV4 is assumed. File: lmtp/lmtp_connect.c. Feature: added UNIX-domain support to the smtpstone test programs in order to test the LMTP client UNIX-domain support. 20001030 Bugfix: further testing in preparation for 19991231-pl10 revealed that the DB map code was now broken for every platform. 20001031 Performance: the slow start (gradually increase number of parallel connections to the same site) was too gentle and Postfix would back off too quickly. Files: qmgr/qmgr_queue.c and nqmgr/qmgr_queue.c. 20001101 FAQ update by Ralph Hildebrandt. 20001104 Portability: RedHat Linux has changed incompatibly, again. Fixed with the help of Matthias Andree. File: makedefs. 20001109 Cleanup: changed prototype of internal function that did not return a useful result. File: src/util/vstream_popen.c. 20001110 Workaround: the Debian post install script passes an open file descriptor into the master server and waits forever. Reported by Lamont Jones. File: master/master.c. 20001114 Compatibility: added sendmail -G (gateway submission) option for compatibility with the sendmail rmail command. Requested by David Gilbert, Velocet Communications. 20001116 Documentation: added MAILER-DAEMON to the list of sample masquerade_exceptions settings in conf/sample-rewrite.cf. Suggested by Karl O. Pinc, pop.artic.edu. Performance: the slow start (gradually increase number of parallel connections to the same site) was too gentle and Postfix would back off too quickly. Files: qmgr/qmgr_queue.c and nqmgr/qmgr_queue.c. Yup, changed the same code, again. We now allow for a margin above the actual concurrency, with the size of the initial destination concurrency. Final solution by Patrik Rak. Bugfix: the recipient home directory test broke mailbox_transport support for non-UNIX recipients. File: local/recipient.c. 20001117 Robustness: additional integrity tests for the nqmgr by Patrik Rak. File: nqmgr/qmgr_message.c. 20001118 Bugfix: the new LDAP client code did not work properly if the new ldap_domain parameter was not specified. LaMont Jones, HP. File: util/dict_ldap.c. Feature: the soft_bounce safety net is extended to the SMTP server. With "soft_bounce = yes", The SMTP server changes all 5xx (reject) replies into 4xx (try again) replies. ---------------------------- Líneas 4501-5000 -------------------------- Documentation: the virtual(5) man page now documents both Postfix-style virtual domains and Sendmail-style virtual domains, including their interaction with local usernames, aliases and mailing lists. Hopefully, this ends some of the confusion surrounding virtual domain support. Updated several FAQ entries concerning virtual domain support. Documentation: added FAQ entry for the biff service. 20001119 Bugfix: per-destination queue names were case sensitive so that the same site could have multiple queues. Reported by Patrik Rak. Files: *qmgr/qmgr_message.c. 20001120 Bugfix: per-destination deferred mail logfiles were case sensitive so that the same site could have multiple deferred mail logfiles, so that not all mail would be flushed with ETRN. Reported by Ralph Hildebrandt. Files: flush/flush.c. Portability: added (int) casts to printf-like arguments that specify the width of %*letter conversions. On some systems, sizeof and pointer difference expressions are wider than an int. Reported by Valentin Nechayev @ lucky.net. 20001121: Compatibility: Postfix now retries delivery when an external command is killed by a signal, because people expect such behavior from Sendmail. File: global/pipe_command.c. 20001123-30 Feature: mailbox locking is now configurable. The configuration parameter name is "mailbox_delivery_lock". Depending on the operating system one can specify one or more of "flock", "fcntl" and "dotlock". Use "postconf -l" to find out what locking methods Postfix supports. The default setting is system dependent. All mailbox file opens are now done by one central mbox_open() routine. This affects the operation of the postlock command, and of local delivery to mailbox or /file/name. Files: util/safe_open.c, util/myflock.c, global/deliver_flock.c, global/mbox_conf.c, global/mbox_open.c. local/mailbox.c, local/file.c, postlock/postlock.c. Compatibility: the old sun_mailtool_compatibility parameter is being phased out. It still works (by turning off flock/fcntl locks), but logs a warning as a reminder that it will go away. Compatibility: when delivering to /file/name, the local delivery agent now logs a warning when it is unable to create a /file/name.lock file, and then delivers the mail (older Postfix versions would silently deliver). 20001202 Feature: specify "smtp_never_send_ehlo = no" to disable ESMTP. Someone asked for this long ago. Files: smtp/smtp.c, smtp/smtp_proto.c. Feature? Bugfix? The smtp client now skips server replies that do not start with "CODE SPACE" or with "CODE HYPHEN", and flags them as protocol errors. Older versions silently treat "CODE TEXT" as "CODE SPACE TEXT". File: smtp/smtp_chat.c. 20001203 Documentation: postmap(1) and postalias(1) did not document the process exit status for "-q key". 20001204 Bugfix: the Postfix master daemon no longer imported MAIL_CONF and some other necessary environment parameters. Postfix now has explicit "import_environment" and "export_environment" configuration parameters that control what environment parameters are shared with non-Postfix processes. Files: util/clean_env.c, util/spawn_command.c, util/vstream_popen.c, global/pipe_command.c, and everything that invokes this code. 20001208 Bugfix: while processing massive amounts of one-recipient mail, qmgr could deadlock for 10 seconds while sending a bounce message. All queue manager bounce send requests are now implemented asynchronously. Files: global/abounce.[hc] (asynchronous bounce client), qmgr/qmgr_active.c. Problem reported by El Bunzo (webpower.nl) and Tiger Technologies (tigertech.com). 20001209 Feature: mailbox_transport and fallback_transport can now have the form transport:nexthop, with suitable defaults when either transport or nexthop are omitted, just like in the Postfix transport map. This allows you to specify for example, "mailbox_transport = lmtp:unix:/file/name". File: global/deliver_pass.c. 20001210 Bugfix: the local_destination_concurrency_limit paramater no longer worked as per-user concurrency limit but instead worked as per-domain limit, so that the limit of "2" in the default main.cf files resulted in poor local delivery performance. Files: qmgr/qmgr_message.c, qmgr/qmgr_deliver.c. Problem reported by David Schweikert (ee.ethz.ch) and Dallas Wisehaupt (cynicism.com). 20001210 Feature: support for MYSQL connections over UNIX-domain sockets by Piotr Klaban. Files: util/dict_mysql.c, MYSQL_README. 20001211 Small dirt: postconf -m produced too much output due to a missing "else", and the optional SASL code needed a fix for the changed name_mask API. 20001212 Workaround: due to an error, record type L for "filter transport name" was the same as that for the already existing record type L for "record not ending in newline", causing the pickup daemon to discard all records not ending in newline. The code cannot be changed without breaking compatibility with queued mail, so the pickup server is changed to discard type L records only from the message envelope, not from the content. File: pickup/pickup.c. 20001213 Bugfix: dict_ldap did not properly initialize a handle after connection timeout. Problem reported by Alain Thivillon. File: util/dict_ldap.c. 20001214 Feature: local_transport and default_transport now also understand the transport[:destination] notation, so that all transport config parameters are similar again. File: trivial-rewrite/resolve.c, trivial-rewrite/transport.c. Code cleanup: mailbox_transport and fallback_transport no longer allow the user to omit the transport part of a transport:destination specification. That just did not make any sense at all. The :destination part is still optional. File: global/deliver_pass.c. Feature: most time-related configuration parameters take a one-letter suffix that specifies the time unit: s (second), m (minutes), h (hours), d (days), w (weeks). "postconf -d" output includes the default time unit. Files: many. Code cleanup: in a CONFIG_TIME_TABLE, the default time unit is now always the last character of a default time value. It is no longer necessary to specify the default time unit separately. This change means that it will not be possible to specify default values in the form of function calls, but that was unused anyway. Files: global/mail_conf_time.c, and user code. 20001217 Bugfix: reorganized some code in the MYSQL client to end a number of memory allocation/deallocation problems. This code needs more work. File: dict_mysql.c. 20001218 Bugfix: the MYSQL client did not provide function pointers for unimplemented operations, causing "postmap -d" to dump core instead if issuing an error message. This is what I get for accepting code that I cannot test myself. 20001221 Code cleanup: configuration parameters that are $name expanded at run-time now have their own data type hierarchy instead of being piggy-backed on top of strings that are $name expanded at program initialization time. Files: global/mail_conf.h, global/mail_conf_raw.c, and code that calls it. 20001230 Update: replaced the default rbl.maps.vix.com setting by the current blackholes.mail-abuse.org. 20010102 Code cleanup: the queue manager is a bit greedier with allocating a delivery agent. Problem pointed out by Patrik Rak. All bugs in the solution are mine. Files: *qmgr/qmgr_active.c. 20010105 Bugfix: the FILTER_README shell script example did not correctly pass exit status to the parent. Bugfix: soft errors in client hostname lookups would be treated as hard errors. Fix by Michael Herrmann (informatik.tu-muenchen.de). File: smtpd/smtpd_peer.c. 20010110 Bugfix: the mkdir() EEXIST race condition workaround was not complete. Matthias Andree, Daniel Roesen. Files: global/mail_queue.c, util/make_dirs.c. 20010111 Portability: IRIX 6.5.10 defines sa_len as a macro, causing a name collision with a variable used by Postfix. Roberto Totaro, enigma.ethz.ch. File: smtpstone/smtp-source.c. 20010116 Bugfix: REJECT by header/body_checks was flagged in smtpd as a bounce, should be policy, in order to make postmaster notifications more consistent. File: smtpd/smtpd.c. Merged updated chroot setup procedure by Matthias Andree. Files: examples/chroot-setup/LINUX2. 20010117 Formatting: changed the seconds and days formats in the "your mail is delayed" text so that it does not switch to scientific notation. File: bounce/bounce_notify_util.c. 20010119 Feature: SASL support for the LMTP client. Recent CYRUS software requires this for Postfix over TCP sockets. 20010120 Bugfix: the 20001005 revised fallback_relay support caused Postfix to send mail to the fallback even when the local machine was an MX host for the final destination. Result: mailer loop. Found by Laurent Wacrenier (teaser.fr). Files: smtp/smtp_connect.c, smtp/smtp_addr.c. 20010121 Workaround: specify "broken_sasl_auth_clients = yes" in order to support old Microsoft clients that implement a non-standard version of RFC 2554 (AUTH command). Workaround: Lotus Domino 5.0.4 violates RFC 2554 and replies to EHLO with AUTH=LOGIN. File: smtp/smtp_proto.c. 20010125 Code cleanup: wrote creator/destructor for dictionary objects that provides default methods that trap all attempts to perform an unimplemented operation. Based on an ansatz by Laurent Wacrenier (teaser.fr). Files: util/dict*.[hc]. Code cleanup: INSTALL.sh does not ask questions when stdin is not connected to a tty (as in: make install instances across line boundaries. sed(1) is an amazing tool. File: mantools/postlink. 20010204 Laid the ground work for logging of table accesses. This will give more insight into how Postfix uses its lookup tables. User interface comes later. File: util/dict_debug.c. 20010216 Bugfix: the pipe delivery agent expanded $size as if it were a recipient, instead of expanding it as $nexthop or as $sender. Reported by Michael Tokarev. File: pipe/pipe.c. 20010221 Bugfix: poor LMTP performance for domains that are listed in $mydestination, because Postfix would send one recipient at a time, with multiple deliveries of recipients of the same message in parallel; a similar problem could exist with virus scanning and with firewall relay hosts that forward mail for $mydestination to an inside machine. This behavior is now changed to depend on the transport-specific xxx_destination_recipient_limit parameter. This also means that you can now get qmail behavior for SMTP deliveries by setting smtp_destination_recipient_limit=1. File: {qmgr,nqmgr}/qmgr_message.c. Workaround: Solaris socketpair() can fail with EINTR. Added a sane_socketpair.c module that joins the ranks of the other sane_whatever workarounds. Reported by Andrew McNamara. File: util/sane_socketpair.[hc] 20010222 Documentation: the default main.cf file has a prominent warning that mynetworks should be properly configured in order to reject unauthorized mail relay requests from strangers. Documentation: the INSTALL document, section "mandatory configuration file edits" has a section that explains that mynetworks should be properly configured in order to reject unauthorized mail relay requests from strangers. 20010223 Documentation: the basic.html document has a section that explains that mynetworks should be properly configured in order to reject unauthorized mail relay requests from strangers. Feature: new "mynetworks_style" parameter that controls how mynetworks (trusted networks) is derived from the inet_interfaces (machine interfaces) setting. Specify "class" for entire class A, B, C networks; "subnet" for the local subnets only; or "host" for maximal privacy. Files: util/inet_addr_local.[hc], global/own_inet_addr.[hc], global/mynetworks.[hc], postconf/postconf.c. Portability: MACOSX patches by Gerben Wierda. Portability: Solaris /dev/null is a symlink, which tripped up the code to safely open a file before local delivery. We now grudgingly allow symlinks owned by root. File: util/safe_open.c. 20010224 Bugfix: "postconf mynetworks" ignored the inet_interfaces setting. That was a very old one. File: postconf/postconf.c. INCOMPATIBLE CHANGE: POSTFIX NO LONGER RELAYS MAIL FOR CLIENTS IN THE ENTIRE CLASS A/B/C NETWORK. POSTFIX BY DEFAULT RELAYS MAIL FOR CLIENTS IN THE LOCAL SUBNETWORK. Specify "mynetworks_style = class" to get the old behavior. 20010225 Portability: master sigchld handler based on writing to a pipe, so that the master wakes up from select(). Based on code by Erik Forsberg, Linkoping University, Sweden. File: master/master_sig.c. Disabled until after the major release. Code cleanup: Postfix should now run with no alias database. Code cleanup: local_destination_recipient_limit and local_destination_concurrency_limit have become first-class configuration parameters. Files: global/mail_params.h, *qmgr/qmgr.c, postconf/postconf.c. 20010226 Documentation suggestions by Lars Hecking and Richard Huxton, Matthias Andree and many others. Code cleanup: some queue/transport operations need to be moved, after the code cleanup of the recipient/concurrency limit handling. Patrik Rak. Files: *qmgr/qmgr_message.c. 20010301 Feature: configurable name in syslog output (default: "syslog_name = postfix") so that different Postfix instances can be recognized by their logging. File: global/mail_task.c. 20010313 Workaround for logic mismatch in nqmgr that was exposed with the introduction of the asynchronous bounce client. Patrik Rak. 20010313 Bugfix: the RFC 822 untokenizer quoted newlines inside comments. File: global/tok822_parse.c. 20010316 Cleanup: removed an extraneous warning when a queue file write error happened. 20010321 Workaround: LMTP connection caching never worked for destinations starting with unix: or inet:. File: lmtp/lmtp_connect.c. ---------------------------- Líneas 5001-5500 -------------------------- 20010322 Portability: Solaris <2.6 does not have srandom() and random() in libc. File: util/rand_sleep.c. It does not have to be cryptographically strong. Bugfix: the fast ETRN flush server could not handle [ipaddr] or domain names with one-character hostname part. This fix changes the destination to logfile name mapping, so that you need to populate the new files with "sendmail -q". The old files go away automatically. File: flush/flush.c. 20010327 Speed up mailq (sendmail -bp) display by flushing output after each file. File: showq/showq.c. Portability: missing string.h includes, %p wants (void *), Lamont Jones, HP. 20010328 Bugfix: swapped logic caused cleanup to stall when the queue file size exceeded the file size limit by less than one the VSTREAM buffer size, so that the "file too big" was detected after flushing the last queue file record. File: cleanup/cleanup.c. 20010329 Portability: workaround for missing prototype problem in dict_ldap.c. This module should move to the global directory, because it depends on Postfix main.cf parameter information. Workaround: after sending a trigger message over a socket, do not immediately close the client side, but close it from a background thread that waits until the server closes the socket first. This avoids trouble with socket implementations that destroy a socket when the client closes a socket before the server has received the client's data. Files: util/{inet,unix,stream}_trigger.c, util/events.c, master/master_trigger.c, postkick/postkick.c. 20010403 Workaround: the mysql library can return null pointers rather than zero-length strings. File: util/dict_mysql.c. 20010404 Ergonomics: log additional information about the reason why "mail for XXX loops back to myself" when the local machine is the best MX host. File: smtp/smtp_addr.c. 20010406 Changed some noisy LDAP client warnings into optional logging. LaMont Jones, util/dict_ldap.c. 20010411 Bugfix: the SMTP server now replies with 550 instead of 503 when it receives the DATA command without having received a valid recipient address. This is needed for the Sendmail client-side pipelining implementation. Problem reported by Lutz Jaenicke. File: smtpd/smtpd.c. Cleanup: shut up if chattr fails on Reiserfs and other file systems that do not support the respective attributes. Files: conf/postfix-script-{no,}sgid. 20010413 Ergonomics: Postfix applications now warn when a DB or DBM file is out of date, and recommend to rebuild the table. Files: util/dict_db.c, util/dict_dbm.c. 20010414 Feature: specify a key of "-" to the postmap or postalias -q or -d option, and the keys will be read from standard input, one key per line. Files: postmap/postmap.c, postalias/postalias.c. Bugfix: with a non-default inet_interfaces setting, the master ignored host information in master.cf host:port settings. Fix by Jun-ichiro itojun Hagino @ iijlab.net. Files: master/master.h, master/master_ent.c. 20010426 Bugfix: the SMTP server did not parse invalid MAIL FROM or RCPT TO addresses such as > the way it was supposed to do. I thought this was taken care of years ago. File: smtpd/smtpd.c. 20010427 Bugfix: smtpd would reject mail instead of replying with a 4xx temporary error code when, for example, an LDAP or mysql server was unavailable. Remotely based on a fix by Robert Kiessling @ de.easynet.net. File: smtpd/smtpd_check.c. 20010429 Feature: the Postfix SMTP client now by default randomly shuffles destination IP addresses of equal preference. Specify "smtp_randomize_addresses = no" to disable. Shuffling code by Elias Levy @ SecurityFocus.com Files: dns/dns_rr.c, smtp/smtp_addr.c. 20010501 Bugfix: The SMTP server's 550 in reply to DATA should be a 554 response. And it wasn't Sendmail. Claus Assman. Bugfix: the INSTALL.sh test for non-interactive upgrade broke rooted installations that specify settings via the environment. Simon Mudd. Bugfix: mailq output is now really flushed one message at a time. File: sendmail/sendmail.c. Feature: "postsuper -d queueID" deletes one message queue file; "postsuper -d -" reads zero or more queue IDs from standard input, and deletes one instance of each file. File: postsuper/postsuper.c. Code cleanup: in order to make postsuper -d safe with a running Postfix mail system, some routines had to be made tolerant for sudden queue file disappearances. Files: global/deliver_request.c, *qmgr/qmgr_move.c. Code cleanup: in order to make postsuper -d more usable, the showq command was extended to safely list the possibly world-writable maildrop directory. File: showq/showq.c. 20010504 Feature: postsuper -d will also delete defer and bounce logfiles when the named queue file is found. 20010505 RFC 2821 feature: an SMTP server must reset all buffers upon receipt of EHLO. File: smtpd/smtpd_check.c. RFC 2821 feature: an SMTP server must accept a recipient address of "postmaster" without domain name. File: smtpd/smtpd_check.c. RFC 2821 recommendation: reply with 503 to commands sent after 554 greeting. File: smtpd/smtpd.c. RFC 2821 recommendation: if VRFY is enabled, list it in the EHLO response. File: smtpd/smtpd.c. RFC 2821 recommendation: SMTP clients should use EHLO. The default setting of smtp_always_send_ehlo has changed from 0 (send EHLO if server greets with ESMTP) to 1 (always send EHLO). In all cases, Postfix falls back to HELO if the server does not support EHLO. File: smtp/smtp_proto.c. 20010507 Bugfix: with soft_bounce=yes, the SMTP server would log 5xx replies even though it would send 4xx replies to the client (Phil Howard, ipal.net). File: smtpd/smtpd_check.c. 20010515 Compatibility: Microsoft sends "AUTH=MBS_BASIC LOGIN". Updated the parsing code in smtp/smtp_proto.c. Problem reported by Ralf Tessmann, Godot GmbH. 20010520 Standard: deleted the non-standard "via" portion from Received: headers generated by Postfix bounce or other notification processes. File: global/post_mail.c. Robustness: eliminated stack-based recursion from the RFC 822 address parser. File: global/tok822_parse.c. Standard: annotated the source code with comments based on RFC 2821 and 2822. Not all the RFC changes make sense. RFC 2821 recommendation: treat a RCPT 552 reply as if the server sent 452. Files: smtp/smtp_proto.c, lmtp/lmtp_proto.c. Cleanup: moved ownership of the debug_peer parameters from the applications to the library, so that a Postfix shared library does not suffer from undefined references. Files: smtp/smtp.c, lmtp/lmtp.c, smtpd/smtpd.c, global/mail_params.c. LaMont Jones, for Debian. 20010522 Feature: "postsuper -r queueID" re-queues a message, and "postsuper -r ALL" re-queues all mail. The message is moved to the maildrop queue so that the pickup daemon will copy it to a new queue file, and so that address rewriting will be done again. This is useful after changes of address rewriting or virtual mappings. Feature: "postsuper -d ALL [queue-name]" deletes a bunch of mail. 20010523 Feature: "postsuper -s" (which is done by default) renames queue files whose name (queue ID) does not match the message file inode number. Bugfix: memory leak in the LDAP client module. Alain Thivillon, France Teaser - Groupe Firstream. 20010525 Portability: gcc 2.6.3 does not have __attribute__ (Clive Jones, dgw.co.uk). File: util/sys_defs.h. Bugfix: the SMTP and LMTP clients claimed that a queue file needed to be delivered again (even when all recipients were erased from the queue file) when no QUIT or RSET reply was received (by default, this does not happen with SMTP mail because the SMTP client does not wait for QUIT replies and does not send RSET to deliver mail). As a result of the same bug the LMTP client followed a dangling pointer when sending QUIT after process idle timeout while the LMTP server had disconnected. Files: smtp/smtp_proto.c, lmtp/lmtp_proto.c. 20010526 newaliases no longer complains when an empty list is specified with the alias_database configuration parameter. File: sendmail/sendmail.c. 20010529 Workaround: old PIX firewall code messes up when the final "." at the end of DATA spans a packet boundary. When Postfix detects PIX SMTP fixup mode, Postfix flushes the output buffers before sending the final ".". File: smtp/smtp_proto.c. 20010530 Portability: updated code for Mac OS X, accounting for the post-Beta changes. Code by Joe Block, UCF School of Optics/CREOL. 20010601 Safety: postdrop turns off interrupts when cleaning up after interrupt. The additional safety does not hurt anyone. File: src/postdrop/postdrop.c. 20010607 Safety: dropped the RFC 2821 compliant code that treats 552 RCPT TO replies as 452. It created more problems than it solved. Files: smtp/smtp_proto.c, lmtp/lmtp_proto.c. Logging: the SMTP server now logs a warning if RBL lookups have problems other than "not found". file: smtpd/smtpd_check.c. 20010610 Feature: address quoting and case folding flags for the pipe(8) mailer. 20010611 Workaround: some MTAs fall on their face when they receive unexpectedly long lines. From now on, Postfix defaults to breaking long lines at 2048 (like Sendmail so it has got to be right). To get the old, content preserving, behavior specify "smtp_truncate_lines = no". File: smtp/smtp_proto.c. 20010614 Bugfix: did not really undo 2821 552->452 mapping. 20010628 Bugfix: postfix-script used a hard-coded maildrop group owner instead of using the install-time specified name stored in /etc/postfix/install.cf. Problem reported by David Terrell @ meat.net. 20010701 Feature: mail_spool_directory ending in / causes maildir style delivery. Bugfix: the FreeBSD kernel parameters kern.ipc.nmbclusters and kern.ipc.maxsockets cannot be set with sysctl commands. File: html/faq.html. Len Conrad @ Go2France.com. Cleanup: the virtual delivery agent was poorly integrated so that the SMTP server and queue manager did not reject mail for unknown users. Files: smtpd/smtpd_check.c. 20010705 Feature: QMQP server, compatible with qmail and the ezmlm list manager. Files: util/netstring.[hc], qmqpd/qmqpd*.c. 20010706 Feature: QMQP stress test message generator program. Files: smtpstone/qmqp-source.c, smtpstone/qmqp-sink.c. 20010708 Bugfix: with disable_dns=yes, the SMTP client treated all host lookup errors as permanent. File: smtp/smtp_addr.c. 20010709 Feature: VERP support, based on a patch by Peng Yong, and with the missing parts filled in so that the Postfix bounce daemon can send one VERP bounce per undeliverable recipient. Files: , sendmail/sendmail.c, smtpd/smtpd.c, qmgr/qmgr_deliver.c, bounce/bounce_notify_verp.c, qmqpd/qmqpd.c, plus a couple support routines in the global library. Cleanup: with recipient_delimiter=+ (or any character other than -) Postfix will now recognize address extensions even with owner-foo+extension addresses. This is necessary to make VERP work for mailing lists. 20010710 Bugfix: potential memory leak in the queue managers with the new VERP delimiter record. Fix by Patrik Rak. 20010711 Cleanup: you can now specify the VERP delimiter characters on the sendmail(1) command line, but they are still optional. Safety: with maildir style delivery and with hashed mailboxes the system mail spool directory must not be world writable. 20010713 Safety: the verp_delimiter_filter parameter (default: -=+) limits what characters Postfix accepts as VERP delimiter characters. 20010714 Logging: the queue manager now logs a "status=expired" record when it returns a message that is too old. Files: *qmgr/qmgr_active.c. 20010719 Feature: stiffer coupling between mail receiving rates and mail delivery rates, using a trivial token-based scheme, implemented by reading and writing an in-memory pipe. The queue manager produces one token when it retrieves mail from the incoming queue. The cleanup daemon consumes one token when it adds mail to the incoming queue. If no token is available the cleanup server pauses for $in_flow_delay seconds and proceeds anyway. The delay allows mail sending process to catch up and access the disk while not blocking inbound mail. Valid delays are 0..10 seconds. 20010727 Bugfix: updated LDAP client module from LaMont Jones, HP. This also introduces new LDAP query filter patterns: %u (address localpart) and %d (domain part). Files: conf/sample-ldap.cf, util/dict_ldap.c. 20010729 Bugfix: recursive smtpd_whatever_restrictions clobbered intermediate results when switching between sender and recipient address restrictions. Problem found by Victor Duchovni, morganstanley.com. In order to fix, introduced address resolver result caching, which should also help to speed up sender/recipient address restriction processing. Bugfix: the not yet announced DUNNO access table lookup result did not prevent lookups with substrings of the same lookup key. Found by Victor Duchovni, morganstanley.com. 20010730 Robustness: trim trailing whitespace from regexp and pcre right-hand sides, for consistency with DB/DBM tables. Files: util/dict_pcre.c, util/dict_regexp.c. 20010731 Robustness: eliminate duplicate IP addresses after expansion of hostnames in $inet_interfaces, so that Postfix does not suddenly refuse to start up after someone changes the DNS. Files: util/inet_addr_list.c global/own_inet_addr.c. Feature: specify "disable_verp_bounces = yes" to have Postfix send one RFC-standard, non-VERP, bounce report for multi-recipient mail, even when VERP style delivery was requested. 20010801 Bugfix: postconf was using unexpanded values internally for myhostname, inet_interfaces, and mynetworks_style. This broke the "postconf -d" mynetworks computation. File: postconf/postconf.c. 20010803 Feature: masquerade_classes parameter for fine control of address masquerading. The default setting is backwards compatible: envelope_sender header_sender header_recipient. Files: cleanup/whatever.c. 20010822 Code cleanup: the bounce daemon complained about data that it was not going to send back anyway. Fix: stop reading the original message when the bounce message reaches the bounce message size limit. File: bounce/bounce_notify_util.c. 20010826 Logging: postsuper now logs the queue ID when it requeues a message, or when it deletes a message from the mail queue. File: postsuper/postsuper.c. 20010830 Safety: the SMTP server now sends a 4xx (try again later) response when an UCE restriction is misconfigured, instead of ignoring the bad restriction and possibly accepting mail that it should not accept. File: smtpd/smtpd_check.c. 20010907 Workaround: the Postfix qmqp-source program produced mail not ending in newline. qmail-qmqpd accepts such mail, but qmail-remote is unable to deliver it. Matthias Andree, uni-dortmund.de. File: smtpstone/qmqp-source.c. 20010910 Bugfix: the smtp-sink stress test program broke when RCPT TO commands crossed network packet boundaries. Problem reported by Matthias Andree, uni-dortmund.de. File: smtpstone/smtp-sink.c. 20010917 Code cleanup: permit_mx_backup implements the old behavior (accept mail if the local MTA is MX relay), and allows an additional restriction via the permit_mx_backup_networks parameter (accept mail only if the primary MX hosts match the specified list of network blocks). This second restriction is now entirely optional, for backwards compatibility. Bugfix: an address extension could be appended multiple times to the result of a canonical or virtual map lookup. File: global/mail_addr_map.c. Fix by Victor Duchovni, Morgan Stanley. Bugfix: split_addr() would split an address even when there was no data before the recipient delimiter. In combination with the above bug, this could cause an address to grow exponentially in size. Problem reported by Victor Duchovni, Morgan Stanley. File: global/split_addr.c. 20010918 Bugfix: the mail_addr_map() fix was almost but not quite right. It took two clever people and several iterations of email to really fix the mail_addr_map() problem. Thanks to Victor Duchovni and Liviu Daia. 20011006 Cleanup: Postfix no longer flushes the whole deferred queue after an ETRN request for a random domain name (i.e. a domain name not matched by $fast_flush_domains); the SMTP server instead replies with "459 service unavailable". Files: smtpd/smtpd.c, global/flush_clnt.c, flush/flush.c. 20011008 Bugfix: there was a minute memory leak when an smtpd access restriction was misconfigured. File: smtpd/smtpd_check.c. ---------------------------- Líneas 5501-6000 -------------------------- 20011010 Code cleanup: Postfix daemons now print the name of the UNIX-domain socket (instead of "unknown stream") in case of a malformed client request. Files: master/*server.c. 20011010-14 Code cleanup: replaced the ugly mail_print() and mail-scan() protocols by (name,value) attribute lists. This gives better error detection when we make changes to internal protocols, and allows new attributes to be introduced without breaking everything immediately. Files: util/attr_print.c util/attr_scan.c global/mail_command_server.c global/mail_command_client.c as wel as most Postfix applications and daemons. 20011015 Put base 64 encoding into place on the replaced internal protocols. Files: util/base64_code.[hc]. Feature: header/body REJECT rules can now provide text that is sent to the originator. Files: cleanup/cleanup.c, cleanup/cleanup_message.c, conf/sample-filter.cf. 20011016 Bugfix: As of 20000625, Errors-To: was broken, because the code to extract the address was not moved from recipient address rewriting to sender address rewriting. Problem reported by Roelof Osinga @ nisser.com. File: cleanup/cleanup_message.c. 20011029 Bugfix: virtual map expansion terminated early because the detection of self-referential entries was flawed. File: cleanup/cleanup_map1n.c. 20011031 Bugfix: mail_date() mis-formatted negative time zone offsets with fractional hours (-03-30 instead of -0330). Fix by Chad House, greyfirst.ca. File: global/mail_date.c. 20011102 Feature: new -f option to postmap and postalias (do not lowercase the lookup key while creating a table). Files: util/dict.h postmap/postmap.c postalias/postalias.c. Code cleanup: simplified the attribute print/scan routines, and removed the never-used support for sending and receiving integer arrays and string arrays. Files: util/attr_print.c, util/attr_scan.c. Bugfix: qmqpd could read past the end of a string while looking for qmail's VERP magic token in the envelope sender address. File: qmqpd/qmqpd.c. Code cleanup: finished testing the new internal protocols. The only bug was with the flush server, which still needs to support the old (string + null byte) protocol for triggers from the Postfix master daemon. 20011103 Bugfix: Postfix would log the wrong error text when locally submitted mail was deferred due to "soft_bounce = yes". Bugfix: The LDAP client dropped any entries that don't have the result_attribute, but errored out when a DN didn't exist. The behavior is now consistent: treat non-existant DN's in a special result attribute expansion the same as DN's with no attribute. LaMont Jones, HP. 20011104 Bugfix: the new smtp-sink -n option (terminate after the specified number of deliveries) wasn't optional. Portability: updated Mac OS X documentation and install scripts by Gerben Wierda. 20011105 Bugfix: missing terminator in new attribute-based function call caused signal 11. File: src/cleanup/cleanup.c. Lame workaround for ESTALE errors with mail delivery over NFS. Additional bandages were added to the local delivery agent. However, Wietse maintains that Postfix offers no guarantee for reliable delivery over NFS. Feature: put "warn_if_reject" before an smtpd restriction, and that restriction logs warnings without rejecting mail. This makes it easier to test configurations "live" without having to lose mail. File: smtpd/smtpd_check.c. 20011107 Workaround: in order to get mail past PIX firewall bugs, the Postfix SMTP client now blocks until the socket send buffer is empty before sending the final ".". Files: util/sock_empty_wait.c, smtp/smtp_proto.c. Changed into sleep(10) on 20011119. Sleep suggested by Hobbit. 20011108 Feature: added string-null encoding for internal protocols. Files: util/attr_print0.c, util/attr_scan0.c. Feature: configurable parent domain matching for domain and hostname/address match lists: either .domain or the domain name itself. Files: util/match_ops.c util/match_list.c Feature: added pretend-to-be-behind-PIX mode to the smtp-sink test program, in order to stress test some PIX bug workaround code. 20011109 Workaround: Linux and Solaris systems have no reasonable way to block until a socket drains. On these systems Postfix simply waits for 10 seconds, in order to work around PIX "." bugs. File: util/sock_empty_wait.c. 20011114 Bugfix: reset the smtpd command transaction log between deliveries. File: smtpd/smtpd.c. 20011115 Feature: mailbox_command_maps no longer requires that every user has an entry. If the user does not have a command entry, the local delivery agent tries the other delivery methods (mailbox_command, home_mailbox). File: local/mailbox.c. Bugfix: reset the smtpd command transaction log between non-deliveries. File: smtpd/smtpd.c. 20011116 Bugfix: consolidated all the command transaction log resets and eliminated one missing reset (Victor Duchovni, Morgan Stanley). File: smtpd/smtpd.c. 20011118 Cleanup: replaced unnecessary match_list wrapper code by macros. Files: global/{string,domain,namadr}_list.[hc]. 20011119 Feature: configurable parent domain matching strategy for transport map lookups. File: trivial-rewrite/transport.c. New parent_domain_matches_subdomains parameter. This lists all the Postfix features where a domain name matches itself and all its subdomains (instead of requiring ".domain.name" for subdomain matches). Planning for future backwards compatibility :-) File: global/match_parent_style.c. Workaround: simplified the PIX "." bug to always sleep for 10 seconds. File: smtp/smtp_proto.c. 20011120 Workaround: disable attribute string length restriction so that trivial-rewrite does not refuse to rewrite broken mail headers. Files: util/attr_scan*.c. 20011121 Bugfix: missing long integer support in the new IPC protocols. Files: util/attr_scan*.c, util/attr_print*.c. Portability: AIX5 (Adrian P. van Bloois), MAC OS X 10.1.1 (Gerben Wierda). 20011125 Bugfix: spurious postmaster notifications because some flag was not reset. Feature: new parameter smtpd_sender_login_maps that specifies the (SASL) login name that owns a MAIL FROM address. Specify a regexp table in order to require a simple one-to-one mapping. This is used in the reject_sender_login_mismatch sender anti-spoofing feature. Feature: restriction reject_sender_login_mismatch refuses a MAIL FROM address when $smtpd_sender_login_maps specifies an owner but the client is not (SASL) logged in as the MAIL FROM address owner, or when a client is (SASL) logged in but the client login name does not own the MAIL FROM address according to $smtpd_sender_login_maps. File: smtpd/smpd_check.c. Documentation: added some redundancy to the LMTP_README file so people can keep track of the difference between the Postfix LMTP client and the non-Postfix LMTP server. 20011126 Feature: smtpd_noop_commands specifies a list of commands that are treated as NOOP (no operation) commands, without syntax check or state change. File: smtpd/smtpd.c. Bugfix: the "mark queue file as corrupt" code did not work because it was never used. Files: global/mark_corrupt.c, global/mail_copy.c, global/pipe_command.c, *qmgr/qmgr_active.c, local/maildir.c, local/mailbox.c, local/command.c, pipe/pipe.c, virtual/mailbox.c, virtual/maildir.c. Bugfix: the bounce daemon broke in the unlikely case of a non-existing queue file. File: bounce/bounce_notify_util.c. 20011127 Feature: added WARN command to header/body_checks files as proposed by Michael Tokarev. File: cleanup/cleanup_message.c. Bugfix: the postdrop program was broken after the change of Postfix internal protocols. This broke "sendmail -bs" mail submissions with "secure" maildrop directory. Reported by Craig Loomis, apo.nmsu.edu. File: postdrop/postdrop.c. Feature: a first start at fault injection for testing unlikely error scenarios (such as corrupt queue files). Parameter: fault_injection_code, must be left at zero for production use. 20011128 Robustness: add a file size limit to the sendmail and postdrop submission programs to stop run-away process accidents. This is not a defense against DOS attack. Files: sendmail/sendmail.c, postdrop/postdrop.c. That resulted in a considerable amount of work to properly propagate "file too large" conditions back to the sendmail mail posting user interface. Took the opportunity to express other mail submission fatal exits with the exit status codes. Files: sendmail/sendmail.c, postdrop/postdrop.c. 20011129 Maintenance: dict_ldap.c wasn't updated after the revision of the string matching routines. File: util/dict_ldap.c. 20011208 Maintenance: LDAP module and documentation from LaMont Jones. This version adds verbose logging for LDAP library routines. Files: src/util/dict_ldap.[hc], LDAP_README, conf/sample-ldap.cf Portability: made memory alignment restrictions configurable. File: util/mymalloc.c. Bugfix? Avoid surprises with source routed destinations and OK entries in SMTPD access maps. File: smtpd/smtpd_access.c. Security: "postfix check" looks for damage by well-intended but misguided use of "chown -R postfix /var/spool/postfix". That would make chrooted Postfix less secure than non-chrooted Postfix. These extra tests may cause complaints with third-party patches such as TLS that introduce their own files into the jail. Feature: static map type that always returns the map name as lookup value, regardless of lookup key value. Contributed Jeff Miller (jeffm at ghostgun.com) Feature: turn off the PIX . workaround for the first mail delivery attempt, i.e. when mail is queued for less than $smtp_pix_workaround_threshold_time (default: 500) seconds. New parameter $smtp_pix_workaround_delay_time to control the delay before sending . (default: 10 seconds) when doing the PIX . workaround. 20011210 Bugfix: the 20011128 change in sendmail and postdrop did not handle the case of message_size_limit=0. Fix by Will Day, Georgia Tech. 20011212 Compatibility: The SMTP server now accepts as if the client sent . Reportedly, some badly written windows software produces such garbage, and some badly written windows anti-VIRUS software cannot handle such garbage. File: global/smtp_stream.c. 20011214 Bugfix: postmap/postalias queries ignored the -f flag. Reported by Hamish Marson. 20011217 Compatibility: Sendmail now has a -L option to set the syslogging label. Postfix sendmail uses syslog_name instead, and ignores the -L option. Security: subtle hardening of the Postfix chroot jail, Postfix queue file permissions and access methods, in case someone compromises the postfix account. Michael Tokarev, who received the insights from Solar Designer, who tested Postfix with a kernel module that is paranoid about open() calls. Files: master/master_wakeup.c, util/fifo_trigger.c, postfix-script. Convenience: issue a warning instead of aborting when the local machine name is not in fully-qualified domain form. This would otherwise break initial postfix installation which needs the postconf command. File: global/mail_params.c. 20011220 Added more garbage detection to postconf -e input processing. 20011221 Feature: SMTPD access map lookups of null sender addresses. If your access maps cannot store or look up null string key values, specify "smtpd_null_access_lookup_key = <>" and the null sender address will be looked up as <> instead. File: src/smtpd_access.c. 20011223 Safety: configuration file comments no longer span multiple lines when the next line begins with whitespace; multi-line input is no longer terminated by a comment line, by an all white space line, or by an empty line. Michael Tokarev made the crucial suggestion to simplify the readline routine. Files: util/readlline.c, postconf/postconf.c. Cleanup: proper detection of big number overflow in EHLO and MAIL FROM size announcements, with input from Victor Duchovni, Morgan Stanley. Files: global/off_cvt.c, smtpd/smtpd.c, smtp/smtp_proto.c, util/alldig.c. Forward compatibility: added queue file record types for original recipient and for generic named attributes. Cleanup: safe_open() now returns sensible errno values so that the fifo_trigger() external interface is restored. 20011225 Upgrade: PCRE_README now describes PCRE version 3.x. Cleanup: flush SMTPD command history upon receipt of EHLO, RSET, and upon DATA completion, only if it exceeds $smtpd_history_flush_threshold lines (default: 100). Distant derivative of code by Michael Tokarev. File: smtpd/smtpd.c. 20011228 Bugfix: a readlline() error message showed less text than intended. Christian von Roques. Cleanup: postfix now installs with group-writable maildrop directory and with a set-gid postdrop mail submission command. The pickup service is now unprivileged. The world-writable maildrop directory no longer exists. The cleanup service is now public, in preparation for local sendmail/postdrop mail submission that avoids the maildrop queue directory while Postfix is up. Cleanup: moved the main.cf/master.cf file editing from the postfix-script file to the INSTALL.sh file. Cleanup: INSTALL.sh no longer accepts "no" as the destination of Postfix manual pages. 20011230 Cleanup: the code for "mailq", "sendmail -q", and for "sendmail -qRsite" was moved from the sendmail command to a new set-gid postqueue command. The pickup and qmgr FIFOs are no longer world writable. Files: sendmail/sendmail.c, postqueue/postqueue.c. 20020101 Security: new alternate_config_directories parameter that specifies what directories a set-gid command will accept as its configuration directory. The list must be specified in the default main.cf file. File: global/mail_conf.c. Cleanup: "sendmail -qRsite" is no longer implemented by connecting to the SMTP port. It is now implemented by talking to the fast flush service. File: postqueue/postqueue.c. 20020203 Cleanup: INSTALL.sh now records all installation information in the main.cf file. The now obsolete install.cf file is used only when upgrading from an older Postfix release. Cleanup: INSTALL.sh now takes name=value settings on the command line, and has a new "-upgrade" command line option to turn on non-interactive installation. Security: additional run-time checks to discourage sharing of Postfix user/group ID values with other accounts. 20020105 Cleanup: SMTPD access maps now return DUNNO (undetermined) instead of OK when a recipient address contains multiple domains (user@dom1@dom2, etcetera). Victor Duchovni, Morgan Stanley. File: smtpd/smtpd_check.c. 20020106 Bugfix: SMTPD access maps did not handle address extensions. File: smtpd/smtpd_check.c. 20020107 Bugfix: postfix-script, when creating a missing maildrop queue directory, still referenced install.cf when setting maildrop directory group ownership; and the postfix command did not export the setgid_group parameter to the postfix-script shell script. Victor Duchovni. Bugfix: postfix-script, when creating a missing public queue directory, did not set group ownership of the public directory. 20020109 Cleanup: rewrote the Postfix installation procedure again. It is now separated into 1) a primary installation script (postfix-install) that installs files locally or that builds a package for distribution and that stores file owner and permission information in /etc/postfix/post-files, and 2) a post-installation script (/etc/postfix/post-install) that creates missing directories, that sets file/directory ownership and permissions, and that upgrades existing configuration files if necessary. 20020110 Workaround: AIX null read() return on an empty but open non-blocking pipe. File: master/master_flow.c. Report: Hamish Marson. 20020111 Feedback: feedback, bugfixes, and brain-dead shell workarounds for the install scripts by Victor Duchovni and Simon Mudd. 20020113 Rewrote postfix-install. The postfix-files file now controls what is installed. Refined the semantics of many post-install operations. post-install now auto-saves settings that override main.cf. 20020114 Bugfix: alternate_config_directories did not take comma or whitespace as separators. File: global/mail_conf.c. Victor Duchovni, Morgan Stanley. Bugfix: the rewritten postfix-install script did not chattr +S the Postfix queue. 20020115 Cleanup: added sample_directory and readme_directory installation parameters for sample configuration files and for README files. Files: postconf.c, postfix-install, conf/postfix-files, conf/post-install. Robustness: the postfix command now exports all installation parameter settings, and input filters the environment, so that the startup shell scripts produce a consistent result. Files: postconf.c. 20020117 Portability: patch from LaMont Jones for compiling dict_ldap.c with the Netscape SDK. Feature: added "r" (recursive chown/chgrp) flag to the postfix-files database, for more convenient change of Postfix queue ownership. Files: conf/postfix-files, conf/post-install. ---------------------------- Líneas 6001-6500 -------------------------- 20020122 Documentación: Muchos arreglos pequeños. Documentación: actualizar el archivo VIRTUAL_README por Victor Duchovni, Morgan Stanley. Arreglo de Bug: postqueue -s dereferenció un puntero nulo cuando se le dio un argumento de dominio númerico. LaMont Jones, HP. Limpieza: smtpd ahora logs un aviso cuando se usa permit_sasl_authenticated con la autenticación SASL deshabilitada, en vez de simplemente ignorar la restricción. LaMont Jones, HP. Archivo: smtpd/smtpd.c. Seguridad: cuando postmap crea un archivo que no existe, el archivo nuevo inherde los permisos de lectura de grupo/otros del archivo fuente. Basado en el código de LaMont Jones, HP. Archivo: postmap/postmap.c. 20020123 Portabilidad: algunos sistemas Linux instalan libnsl.so sin el archivo libnsl.a, causando un problema de referencia no definida de yp_match. Archivo: makedefs. 20020124 Portability: post-install now requests that command_directory is given on the command line when the postconf command is in an unusual place. Safety: extra code to detect and report Berkeley DB version mismatches between compile time and run time. This test is limited to mismatches in the major version number only. File: util/dict_db.c. Based on code by Lawrence Greenfield, Carnegie-Mellon university. Safety: the postfix command and the master daemon abort if they are running set-uid. Documentation: the postmap manual page described an out of date input file format. 20020129 Workaround: SCO version 3.2 can't ioctl(FIONREAD) a pipe. Therefore, input mail flow control is disabled by default. Files: makedefs, global/mail_params.h, conf/main.cf. Problem reported by Kurt Andersen, Agilent. 20020201 Workaround: changed the default smtpd_null_access_lookup_key setting to <>, because some Bezerkeloid DB implementations can't handle null-length lookup keys. File: global/mail_params.h. Bugfix: backed out a null-length address panic call by ignoring the problem, like Postfix did in the past. File: global/resolve_local.c. Safety: "postfix check" will now warn if /usr/lib/sendmail and /usr/sbin/sendmail differ, and will propose to replace one by a symlink to the other. File: conf/postfix-script. 20020204 Sanity: additional permission checks for "postfix check" that warn for setgid_group group ownership mismatches. by Matthias Andree, uni-dortmund.de. File: conf/postfix-script. Bugfix: "postfix check" used a too simplistic way to recognize file ownership (grepping ls output). It now uses the recently discovered "find -prune". Peter Bieringer, Matthias Andree. File: conf/postfix-script. 20020218 Workaround: log a warning and disconnect when an SMTP client ignores our negative replies and starts sending message content without permission. File: smtpd/smtpd.c. 20020220 Bugfix: mismatch in the file being locked by dict_dbm and the file being locked by postmap, so that locks did not work correctly. Victor Duchovni, Morgan Stanley. 20020222 Workaround: Solaris bug 4380626: strcasecmp() and strncasecmp() produce incorrect results with 8-bit characters. For example, non-ASCII characters could compare equal to ASCII characters, and that could result in any number of security problems. Files: util/strcasecmp.c, COPYRIGHT (the BSD license). Bugfix: off-by-one error, causing a null byte to be written outside dynamically allocated memory in the queue manager with addresses of exactly 100 bytes long, resulting in SIGSEGV on systems with an "exact fit" malloc routine. Experienced by Ralf Hildebrandt; diagnosed by Victor Duchovny. Files: *qmgr/qmgr_message.c. This is not a security problem. Bugfix: make all recipient comparisons transitive, because Solaris qsort() causes SIGSEGV errors otherwise. Victor Duchovny, Morgan Stanley. File: *qmgr/qmgr_message.c. 20020302 Bugfix: don't strip source route (@domain...:) when the result would be an empty address. This avoids problems when append_at_myorigin is set to "no" (which is not supported). Problem reported by Charles McColgan, Big Fish Communications. File: trivial-rewrite/rewrite.c. 20020304 Cleanup: postqueue should not not complain when output fails with "broken pipe". 20020308 Bugfix? reply with 550 not 552 when content is rejected. 552 is reserved for "too much mail". Documentation: add note to sendmail manual page that running "sendmail -bs" as $mail_owner enables SMTP server UCE and access control checks. This is meant for use from inetd etc. Matthias Andree. 20020311 Bugfix: DBM maps should use different files for locking and for change detection. Problem reported by Victor Duchovny, Morgan Stanley. Files: util/dict.h util/dict.c util/dict_db.c util/dict_dbm.c global/mkmap.c local/alias.c. 20020313 Bugfix: mailq could show addresses with unusual characters twice. Problem reported by Victor Duchovny, Morgan Stanley. File: showq/showq.c. Bugfix: null recipients weren't properly recorded in bounce/defer logfiles. Such recipient addresses are not accepted in SMTP mail, but they could appear within locally submitted mail. File: bounce/bounce_append_service.c. 20020318 Workaround: Berkeley DB can't handle null key lookups, which happen with HELO names ending in ".". Victor Duchovni, Morgan Stanley. File: smtpd/smtpd_check.c. Logging: log a hint when mail is deferred because the soft_bounce parameter is set. People sometimes forget to turn it off. File: global/bounce.c. 20020319 Cleanup: add a msg_warn() call when fork() fails in pipe_command(), to make problems easier to investigate. Chris Wedgwood. File: global/pipe_command.c. 20020324 Cleanup: more graceful handling of long physical message header lines upon input. Physical header lines can now extend up to $header_size_limit characters. When a logical message header is too long, the excess text is discarded and Postfix no longer switches to body mode, to avoid breaking MIME encapsulation. Based on code by Victor Duchovni, Morgan Stanley. Files: cleanup/cleanup_out.c, cleanup/cleanup_message.c. Cleanup: more graceful handling of long physical message header or body lines upon output by the SMTP client. The SMTP client output line length is controlled by a new parameter smtp_line_length_limit (default: 990; specify 0 to disable the limit). Long lines are folded by inserting , to avoid breaking MIME encapsulation. Based on code by Victor Duchovni, Morgan Stanley. File: smtp/smtp_proto.c. 20020325 Cleanup: allow additional text after a WARN command in a header/body_checks pattern file, so that one can change REJECT+text into WARN+text and vice versa. Based on code by Fredrik Thulin, Stockholm University. Cleanup: log a warning when an unknown command is found in a header/body_checks pattern file, or when additional text is found after a command that does not expect additional text. Based on code by Fredrik Thulin, Stockholm University. Bugfix: sendmail should not recognize "." as the end of input when the current read operation started in the middle of a line. Victor Duchovni, Morgan Stanley. File: sendmail/sendmail.c. 20020328 Portability fix for OPENSTEP and NEXTSTEP by Gerben Wierda. File: util/sys_defs.h. 20020329 Bugfix: defer_transports broke because the flush server triggered mail delivery (as if ETRN was sent) while doing some internal housekeeping of per-destination logfiles. Problem experienced by LaMont Jones, HP. File: flush/flush.c. Bugfix: virtual mapping broke for addresses with embedded whitespace. Fix by Victor Duchovni, Morgan Stanley. File: cleanup/cleanup_map1n.c. 20020330 Bugfix: postqueue did not pass on non-default configuration directory settings when running showq while the mail system is down. The super-user is now exempted from environment stripping in postqueue/postqueue.c. Problem reported by Victor Duchovni, Morgan Stanley. Problemas Abiertos: Bajo: sendmail no guarda recipientes nulos introducidos vía la línea de comandos. Bajo: no hacer búsquedas user@domain y @domain en consultas local_recipient_maps. Bajo: después de reorganizar todos los parámetros de configuración, añadir "flags" a todos los parámetros cuyos valores se pueden leer de un archivo. Medio: Se necesita un cache para el procesamiento de búsquedas de mapas. Parece que los servidores LDAP lo requieren mucho. Se necesita un mecanismo de expirar los resultados del cache que son demasiado viejos. Medio: hacer posible la conversión de direcciones configurable habilitado/deshabilitado para el envelope (sobre) y/o cabeceras. Bajo: protocolo genérico showq, para permitir un procesamiento más inteligente que solo para mailq. Quizá incluir dentro de postsuper. Bajo: dominio predeterminado para añadir a recipientes que no llevan un dominio explicito. Bajo: El valor de $process_id_directory no se usa in ningún sitio en Postfix. Prlblema reportado por Michael Smith, texas.net. Se debería documentar, o mejor, el código debería avisar sobre intentos de modificar un paramétro de tipo lectura. Bajo: postconf -e puede editar parámetros que postconf no enumerará.