Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

postfix-3.6.2-7.4 RPM for aarch64

From OpenSuSE Ports Tumbleweed for aarch64

Name: postfix Distribution: openSUSE Tumbleweed
Version: 3.6.2 Vendor: openSUSE
Release: 7.4 Build date: Thu Jan 13 16:06:54 2022
Group: Productivity/Networking/Email/Servers Build host: obs-arm-11
Size: 5330036 Source RPM: postfix-3.6.2-7.4.src.rpm
Summary: A fast, secure, and flexible mailer
Postfix aims to be an alternative to the widely-used sendmail program.




IPL-1.0 OR EPL-2.0


* Thu Oct 07 2021 Peter Varkoly <>
  - config.postfix not updatet after lmdb switch
    Adapt config.postfix
* Thu Aug 26 2021 Peter Varkoly <>
  - postfix to include "submissions" service
    Adapt patch
* Tue Aug 24 2021 Peter Varkoly <>
  - postfix fails with glibc 2.34
    add patch
    - postfix-3.6.2-glibc-234-build-fix.patch
* Thu Aug 05 2021
  - fix config.postfix (follow up of bsc#1188477)
* Mon Jul 26 2021 Peter Varkoly <>
  - Syntax error in config.postfix
* Sun Jul 25 2021 Michael Ströder <>
  - Update to 3.6.2
    * In Postfix 3.6, fixed a false "Result too large" (ERANGE) fatal
      error in the compatibility_level parser, because there was no
      'errno = 0' statement before an strtol() call.
    * (problem introduced in Postfix 3.3) "Null pointer read" error
      in the cleanup daemon when "header_from_format = standard" (the
      default as of Postfix 3.3), and email was submitted with
      /usr/sbin/sendmail without From: header, and an all-space full
      name was specified in 1) the password file, 2) with "sendmail
    - F", or 3) with the NAME environment variable. Found by Renaud
    * (problem introduced in Postfix 2.4) False "too many reverse
      jump" warnings in the showq daemon, because loop detection code
      was comparing memory addresses instead of queue file names.
      Reported by Mehmet Avcioglu.
    * (problem introduced in 1999) The Postfix SMTP server was sending
      all session transcripts to the error_notice_recipient (default:
      postmaster), instead of sending transcripts of bounced mail to
      the bounce_notice_recipient (default: postmaster). Reported by
      Hans van Zijst.
    * The texthash: map implementation broke tls_server_sni_maps,
      because it did not support multi-file inputs. Reported by
      Christopher Gurnee, who also found an instance of the missing
      code in the "postmap -F" source code. File: util/dict_thash.c.
* Wed Jul 14 2021 Peter Varkoly <>
  - spamd wants to start before, but that target doesn't exist
* Tue Jul 06 2021 Christian Wittmer <>
  - postfix-SUSE
    * rework sysconfig.postfix, add
    * rework config.postfix for
    - with_dkim
  - update
    * add OpenDKIM settings
* Wed Jun 23 2021 Christian Wittmer <>
  - postfix-mysql
    * add
  - postfix-SUSE
    * rework sysconfig.postfix, add
    * add relay_recipients
    * rework config.postfix for
    - is_backupmx
    - relay_recipient_maps
* Fri Jun 18 2021 Callum Farmer <>
  - Add now working CONFIG parameter to sysusers generator
  - Remove unnecessary group line from postfix-vmail-user.conf
* Mon Jun 14 2021 Michael Ströder <>
  - Update to 3.6.1
    * Bugfix (introduced: Postfix 2.11): the command "postmap
      lmdb:/file/name" (create LMDB database from textfile) handled
      duplicate input keys ungracefully, discarding entries stored
      up to and including the duplicate key, and causing a double
      free() call with lmdb versions 0.9.17 and later. Reported by
      Adi Prasaja; double free() root cause analysis by Howard Chu.
    * Typo (introduced: Postfix 3.4): silent_discard should be
      silent-discard in BDAT_README.
* Sun Jun 06 2021 Christian Wittmer <>
  - fix
    * set correct indentation (again) for options of
    - submission (needs 3 spaces)
    - smtps (needs 4 spaces)
      to make config.postfix work nicely again
* Wed Jun 02 2021 Marcus Rueckert <>
  - Update to 3.6.0
    - Major changes - internal protocol identification
      Internal protocols have changed. You need to "postfix stop"
      before updating, or before backing out to an earlier release,
      otherwise long-running daemons (pickup, qmgr, verify, tlsproxy,
      postscreen) may fail to communicate with the rest of Postfix,
      causing mail delivery delays until Postfix is restarted.
    For more see /usr/share/doc/packages/postfix/RELEASE_NOTES
  - refreshed patches to apply cleanly again:
* Tue Jun 01 2021 Peter Varkoly <>
  - (bsc#1186669) - postfix.service has "Requires=var-run.mount"
    Remove bad requirements
* Mon Apr 12 2021 Michael Ströder <>
  - Update to 3.5.10 with security fixes:
    * Missing null pointer checks (introduced in Postfix 3.4) after
      an internal I/O error during the smtp(8) to tlsproxy(8) handshake.
      Found by Coverity, reported by Jaroslav Skarvada. Based on a
      fix by Viktor Dukhovni.
    * Null pointer bug (introduced in Postfix 3.0) and memory leak
      (introduced in Postfix 3.4) after an inline: table syntax error
      in or Found by Coverity, reported by Jaroslav
      Skarvada. Based on a fix by Viktor Dukhovni.
    * Incomplete null pointer check (introduced: Postfix 2.10) after
      truncated HaProxy version 1 handshake message. Found by Coverity,
      reported by Jaroslav Skarvada. Fix by Viktor Dukhovni.
    * Missing null pointer check (introduced: Postfix alpha) after
      null argv[0] value.
* Wed Mar 10 2021 Peter Varkoly <>
  - (bsc#1183305) - config.postfix uses db as suffix for postmaps
    Depending on DEF_DB_TYPE uses lmdb or db
* Fri Mar 05 2021 Peter Varkoly <>
  - (bsc#1182833) - /usr/share/fillup-templates/sysconfig.postfix
    still refers to /etc/services
    Use getent to detect if smtps is already defined.
* Fri Feb 05 2021 Peter Varkoly <>
  - (bsc#1180473) [Build 20201230] postfix has invalid default config
    (bsc#1181381) [Build 130.3] openQA test fails in mta, mutt -
    postfix broken: "queue file write error" and "error: unsupported
    dictionary type: hash"
    Export DEF_DB_TYPE before starting the perl script.
* Wed Jan 27 2021 Peter Varkoly <>
  - bsc#1180473 - [Build 20201230] postfix has invalid default config
    Fixing config.postfix and sysconfig.postfix
* Mon Jan 25 2021 Paolo Stivanin <>
  - Update to 3.5.9
    * improves the reporting of DNSSEC problems that may affect
      DANE security
* Thu Jan 07 2021 Arjen de Korte <>
  - Only do the conversion from the hash/btree databases to lmdb when
    the default database type changes from hash to lmdb and do not
    stop and start the service (the old compiled databases can live
    together with the new ones)
  - Clean up the specfile
    * Remove < 1330 conditional builds
    * Use generated postfix-files instead of the obsolete one from
    * Use instead of modifying upon
      (de)installation of optional mysql, pgsql and ldap subpackages
    * Use default location for post-install, postfix-tls-script,
      postfix-wrapper and postmulti-script
* Mon Jan 04 2021 Peter Varkoly <>
  - Set lmdb to be the default db.
  - Convert btree tables to lmdb too. Stop postfix before converting from
    bdb to lmdb
  - This package is without bdb support. That's why convert must be done
    without any suse release condition.
    o remove patch postfix-no-btree.patch
    o add set-default-db-type.patch
* Fri Dec 25 2020 Arjen de Korte <>
  - Set database type for address_verify_map and postscreen_cache_map
    to lmdb (btree requires Berkeley DB)
    o add postfix-no-btree.patch
* Fri Dec 25 2020 Arjen de Korte <>
  - Set default database type to lmdb and fix update_postmaps script
* Thu Dec 24 2020 Arjen de Korte <>
  - Use variable substition instead of sed to remove .db suffix and
    substitute hash: for lmdb: in /etc/postfix/ as well.
    Check before substitution if there is something to do (to keep
    rpmcheck happy).
* Tue Dec 08 2020 Peter Varkoly <>
  - bsc#1176650 L3: What is regularly triggering the "fillup"
    command and changing modify-time of /etc/sysconfig/postfix?
    o Remove miss placed fillup_only call from %verifyscript
* Thu Nov 26 2020 Peter Varkoly <>
  - Remove Berkeley DB dependency (JIRA#SLE-12191)
    The pacakges postfix is build without Berkely DB support.
    lmdb will be used instead of BDB.
    The pacakges postfix-bdb is build with Berkely DB support.
    o add patch for for postfix-bdb package
* Sun Nov 08 2020 Michael Ströder <>
  - Update to 3.5.8
    * The Postfix SMTP client inserted <CR><LF> into message headers longer
      than $line_length_limit (default: 2048), causing all subsequent header
      content to become message body content.
    * The postscreen daemon did not save a copy of the
      postscreen_dnsbl_reply_map lookup result. This has no effect when the
      recommended texthash: look table is used, but it could result in stale
      data with other lookup tables.
    * After deleting a recipient with a Milter, the Postfix recipient
      duplicate filter was not updated; the filter suppressed requests
      to add the recipient back.
    * Memory leak: the static: maps did not free their casefolding buffer.
    * With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a
      TLS handshake, after processing an XCLIENT command.
    * The smtp_sasl_mechanism_filter implementation ignored table lookup
      errors, treating them as 'not found'.
    * The code that looks for Delivered-To: headers ignored headers longer
      than $line_length_limit (default: 2048).
* Mon Aug 31 2020 Michael Ströder <>
  - Update to 3.5.7
    * Fixed random certificate verification failures with
      "smtp_tls_connection_reuse = yes", because tlsproxy(8) was using
      the wrong global TLS context for connections that use DANE or
      non-DANE trust anchors.
* Tue Aug 25 2020 Thorsten Kukuk <>
  - Move ldap into an own sub-package like all other databases
  - Move manual pages to correct sub-package
* Fri Aug 21 2020 Thorsten Kukuk <>
  - Use sysusers.d to create system accounts
  - Remove wrong %config for systemd directory content
* Sun Aug 09 2020 Arjen de Korte <>
  - Use the correct signature file for source verification
  - Rename postfix-3.5.6.tar.gz.sig to postfix-3.5.6.tar.gz.asc (to
    prevent confusion, as the signature file from upstream with .sig
    extension is incompatible with the build service)
* Sun Jul 26 2020 Michael Ströder <>
  - Update to 3.5.6 with following fixes:
    * Workaround for unexpected TLS interoperability problems when Postfix
      runs on OS distributions with system-wide OpenSSL configurations.
    * Memory leaks in the Postfix TLS library, the largest one
      involving multiple kBytes per peer certificate.
* Thu Jul 16 2020 Arjen de Korte <>
  - Add source verification (add postfix.keyring)
* Fri Jul 03 2020 Thorsten Kukuk <>
  - Use systemd_ordering instead of systemd_require.
  - Move /etc/postfix/system to /usr/lib/postfix/systemd [bsc#1173688]
  - Drop /var/adm/SuSEconfig from %post, it does nothing.
  - Rename postfix-SuSE to postfix-SUSE
  - Delete postfix-SUSE/README.SuSE, company name spelled wrong,
    completly outdated and not used.
  - Delete postfix-SUSE/SPAMASSASSIN+POSTFIX.SuSE, company name
    spelled wrong, outdated and not used.
  - sysconfig.mail-postfix: Fix description of MAIL_CREATE_CONFIG,
    SuSEconfig is gone since ages.
  - update_chroot.systemd: Remove advice to run SuSEconfig.
  - Remove rc.postfix, not used, outdated.
  - mkpostfixcert: Remove advice to run SuSEconfig.
* Mon Jun 29 2020 Michael Ströder <>
  - Update to 3.5.4:
    * The connection_reuse attribute in smtp_tls_policy_maps always
      resulted in an "invalid attribute name" error.
    * SMTP over TLS connection reuse always failed for Postfix SMTP
      client configurations that specify explicit trust anchors (remote
      SMTP server certificates or public keys).
    * The Postfix SMTP client's DANE implementation would always send
      an SNI option with the name in a destination's MX record, even
      if the MX record pointed to a CNAME record. MX records that
      point to CNAME records are not conformant with RFC5321, and so
      are rare.
      Based on the DANE survey of ~2 million hosts it was found that
      with the corrected SMTP client behavior, sending SNI with the
      CNAME-expanded name, the SMTP server would not send a different
      certificate. This fix should therefore be safe.
* Mon Jun 15 2020 Michael Ströder <>
  - Update to 3.5.3:
    * TLS handshake failure in the Postfix SMTP server during SNI
      processing, after the server-side TLS engine sent a TLSv1.3
      HelloRetryRequest (HRR) to a remote SMTP client.
    * The command "postfix tls deploy-server-cert" did not handle a
      missing optional argument. This bug was introduced in Postfix
* Sun May 17 2020 Michael Ströder <>
  - Update to 3.5.2:
    * A TLS error for a database client caused a false 'lost connection'
      error for an SMTP over TLS session in the same Postfix process.
      This bug was introduced with Postfix 2.2.
    * The same bug existed in the tlsproxy(8) daemon, where a TLS
      error for one TLS session could cause a false 'lost connection'
      error for a concurrent TLS session in the same process. This
      bug was introduced with Postfix 2.8.
    * The Postfix build now disables DANE support on Linux systems
      with libc-musl such as Alpine, because libc-musl provides no
      indication whether DNS responses are authentic. This broke DANE
      support without a clear explanation.
    * Due to implementation changes in the ICU library, some Postfix
      daemons reported file access errrors (U_FILE_ACCESS_ERROR) after
      chroot(). This was fixed by initializing the ICU library before
      making the chroot() call.
    * Minor code changes to silence a compiler that special-cases
      string literals.
    * Segfault (null pointer) in the tlsproxy(8) client role when the
      server role was disabled. This typically happened on systems
      that do not receive mail, after configuring connection reuse
      for outbound SMTP over TLS.
    * The date portion of the maillog_file_rotate_suffix default value
      used the minute (%M) instead of the month (%m).
* Mon May 11 2020 Arjen de Korte <>
  - boo#1106004 fix incorrect locations for files in postfix-files
* Sun Apr 19 2020 Michael Ströder <>
  - Dropped deprecated-RES_INSECURE1.patch to make DNSSEC-secured
    lookups and DANE mail transport work again
  - Update to 3.5.1:
    * Support for the haproxy v2 protocol. The Postfix implementation
      supports TCP over IPv4 and IPv6, as well as non-proxied
      connections; the latter are typically used for heartbeat tests.
    * Support to force-expire email messages. This introduces new
      postsuper(1) command-line options to request expiration, and
      additional information in mailq(1) or postqueue(1) output.
    * The Postfix SMTP and LMTP client support a list of nexthop
      destinations separated by comma or whitespace. These destinations
      will be tried in the specified order.
    * Incompatible changes:
    * Logging: Postfix daemon processes now log the from= and to=
      addresses in external (quoted) form in non-debug logging (info,
      warning, etc.). This means that when an address localpart
      contains spaces or other special characters, the localpart will
      be quoted, for example:
      from=<"name with spaces">
      Specify "info_log_address_format = internal" for backwards compatibility.
    * Postfix now normalizes IP addresses received with XCLIENT,
      XFORWARD, or with the HaProxy protocol, for consistency with
      direct connections to Postfix. This may change the appearance
      of logging, and the way that check_client_access will match
      subnets of an IPv6 address.
* Fri Mar 13 2020 Michael Ströder <>
  - Update to 3.4.10:
    * Bug (introduced: Postfix 2.3): Postfix Milter client state
      was not properly reset after one Milter in a multi-Milter
      configuration failed during MAIL FROM, resulting in a Postfix
      Milter client panic during the next MAIL FROM command in the
      same SMTP session.
* Fri Feb 07 2020 Peter Varkoly <>
  - bsc#1162891 server:mail/postfix: cond_slp bug on TW after
    moving /etc/services to /usr/etc/services
* Wed Feb 05 2020 Peter Varkoly <>
  - bsc#1160413 postfix fails with -fno-common
* Mon Feb 03 2020 Michael Ströder <>
  - Update to 3.4.9:
    * Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were
      broken while adding support for negative DNS response caching
      in postscreen. Postfix was inadvertently changed to call
      res_query() instead of res_search().
    * Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro
      overrides from a Milter application. Postfix now evaluates the
      Milter macros for an SMTP CONNECT event after the Postfix-to-Milter
      connection is negotiated.
    * Bug (introduced: Postfix 3.0): sanitize (remote) server responses
      before storing them in the verify database, to avoid Postfix
      warnings about malformed UTF8. Found during code maintenance.
* Wed Nov 27 2019 Michael Ströder <>
  - Update to 3.4.8:
    * Fix for an Exim interoperability problem when postscreen after-220
      checks are enabled. Bug introduced in Postfix 3.4: the code
      that detected "PIPELINING after BDAT" looked at the wrong
      variable. The warning now says "BDAT without valid RCPT", and
      the error is no longer treated as a command PIPELINING error,
      thus allowing mail to be delivered. Meanwhile, Exim has been
      fixed to stop sending BDAT commands when postscreen rejects all
      RCPT commands.
    * Usability bug, introduced in Postfix 3.4: the parser for
      key/certificate chain files rejected inputs that contain an EC
      PARAMETERS object. While this is technically correct (the
      documentation says what types are allowed) this is surprising
      behavior because the legacy cert/key parameters will accept
      such inputs. For now, the parser skips object types that it
      does not know about for usability, and logs a warning because
      ignoring inputs is not kosher.
    * Bug introduced in Postfix 2.8: don't gratuitously enable all
      after-220 tests when only one such test is enabled. This made
      selective tests impossible with 'good' clients. This will be
      fixed in older Postfix versions at some later time.
* Tue Sep 24 2019 Martin Liška <>
  - Backport deprecated-RES_INSECURE1.patch in order to fix
* Sun Sep 22 2019 Michael Ströder <>
  - Update to 3.4.7:
    * Robustness: the tlsproxy(8) daemon could go into a loop, logging
      a flood of error messages. Problem reported by Andreas Schulze
      after enabling SMTP/TLS connection reuse.
    * Workaround: OpenSSL changed an SSL_Shutdown() non-error result
      value into an error result value, causing logfile noise.
    * Configuration: the new 'TLS fast shutdown' parameter name was
      implemented incorrectly. The documentation said
      "tls_fast_shutdown_enable", but the code said "tls_fast_shutdown".
      This was fixed by changing the code, because no-one is expected
      to override the default.
    * Performance: workaround for poor TCP loopback performance on
      LINUX, where getsockopt(..., TCP_MAXSEG, ...) reports a bogus
      TCP maximal segment size that is 1/2 to 1/3 of the real MSS.
      To avoid client-side Nagle delays or server-side delayed ACKs
      caused by multiple smaller-than-MSS writes, Postfix chooses a
      VSTREAM buffer size that is a small multiple of the reported
      bogus MSS. This workaround increases the multiplier from 2x to
    * Robustness: the Postfix Dovecot client could segfault (null
      pointer read) or cause an SMTP server assertion to fail when
      talking to a fake Dovecot server. The Postfix Dovecot client
      now logs a proper error instead.
* Thu Sep 19 2019 Peter Varkoly <>
  - bsc#1120757 L3: File Permissions->Paranoid can cause a system hang
    Break loop if postfix has no permission in spool directory.
    - add postfix-avoid-infinit-loop-if-no-permission.patch
* Fri Aug 09 2019
  - fix for boo#1144946
    mydestination - missing default localhost
    * update config.postfix
* Fri Jul 26 2019 Peter Varkoly <>
  - bsc#1142881 - mkpostfixcert from Postfix still uses md
* Thu Jul 25 2019
  - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
    firewalld, see [1].
* Sun Jul 21 2019
  - update example POSTFIX_BASIC_SPAM_PREVENTION: permit_mynetworks for
  - fix for: Can't connect to local MySQL server through socket
    * update config.postfix
    * update update_chroot.systemd
* Wed Jul 03 2019 Michael Ströder <>
  - Update to 3.4.6:
    * Workaround for implementations that hang Postfix while shutting
      down a TLS session, until Postfix times out. With
      "tls_fast_shutdown_enable = yes" (the default), Postfix no
      longer waits for the TLS peer to respond to a TLS 'close'
      request. This is recommended with TLSv1.0 and later.
    * Fixed a too-strict censoring filter that broke multiline Milter
      responses for header/body events. Problem report by Andreas
    * The code to reset Postfix SMTP server command counts was not
      called after a HaProxy handshake failure, causing stale numbers
      to be reported. Problem report by Joseph Ward.
    * postconf(5) documentation: tlsext_padding is not a tls_ssl_options
    * smtp(8) documentation: updated the BUGS section text about
      Postfix support to reuse open TLS connections.
    * Portability: added "#undef sun" to util/unix_dgram_connect.c.
* Wed Jun 26 2019 Peter Varkoly <>
  - Ensure that postfix is member of all groups as before.
* Wed Jun 12 2019 Dominique Leuenberger <>
  - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
    shortcut the build queues by allowing usage of systemd-mini
* Thu Jun 06 2019 Tomáš Chvátal <>
  - Drop the omc config fate#301838:
    * it is obsolete since SLE11
* Wed May 08 2019 Peter Varkoly <>
  - bsc#1104543 config.postfix does not start tlsmgr in
    when using POSTFIX_SMTP_TLS_CLIENT="must". Applyed the proposed
* Sun Mar 31 2019 Michael Ströder <>
  - Update to 3.4.5:
    Bugfix (introduced: Postfix 3.0): LMTP connections over
    UNIX-domain sockets were cached but not reused, due to a
    cache lookup key mismatch. Therefore, idle cached connections
    could exhaust LMTP server resources, resulting in two-second
    pauses between email deliveries. This problem was investigated
    by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
* Mon Mar 18 2019 Peter Varkoly <>
  - Update to 3.4.4
    o Incompatible changes
    - The Postfix SMTP server announces CHUNKING (BDAT
      command) by default. In the unlikely case that this breaks some
      important remote SMTP client, disable the feature as follows:
      [#] The logging alternative:
      smtpd_discard_ehlo_keywords = chunking
      [#] The non-logging alternative:
      smtpd_discard_ehlo_keywords = chunking, silent_discard
    - This introduces a new service 'postlog'
      with type 'unix-dgram' that is used by the new postlogd(8) daemon.
      Before backing out to an older Postfix version, edit the
      file and remove the postlog entry.
    - Postfix 3.4 drops support for OpenSSL 1.0.1
    - To avoid performance loss under load, the
      tlsproxy(8) daemon now requires a zero process limit in
      (this setting is provided with the default file). By
      default, a tlsproxy(8) process will retire after several hours.
    - To set the tlsproxy process limit to zero:
      postconf -F tlsproxy/unix/process_limit=0
      postfix reload
    o Major changes
    - Postfix SMTP server support for RFC 3030 CHUNKING
      (the BDAT command) without BINARYMIME, in both smtpd(8) and
      postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions,
      and smtpd_proxy_filter. See BDAT_README for more.
    - Support for logging to file or stdout, instead of using syslog.
    - Logging to file solves a usability problem for MacOS, and
      eliminates multiple problems with systemd-based systems.
    - Logging to stdout is useful when Postfix runs in a container, as
      it eliminates a syslogd dependency.
    - Better handling of undocumented(!) Linux behavior
      whether or not signals are delivered to a PID=1 process.
    - Support for (key, list of filenames) in map source text.
      Currently, this feature is used only by tls_server_sni_maps.
    - Automatic retirement: dnsblog(8) and tlsproxy(8) process
      will now voluntarily retire after after max_idle*max_use, or some
      sane limit if either limit is disabled. Without this, a process
      could stay busy for days or more.
    - Postfix SMTP client support for multiple deliveries
      per TLS-encrypted connection. This is primarily to improve mail
      delivery performance for destinations that throttle clients when
      they don't combine deliveries.
      This feature is enabled with "smtp_tls_connection_reuse=yes" in, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps.
      It supports all Postfix TLS security levels including dane and
    - SNI support in the Postfix SMTP server, the
      Postfix SMTP client, and in the tlsproxy(8) daemon (both server and
      client roles). See the postconf(5) documentation for the new
      tls_server_sni_maps and smtp_tls_servername parameters.
    - Support for files that contain multiple (key, certificate, trust chain)
      instances. This was required to implement
      server-side SNI table lookups, but it also eliminates the need for
      separate cert/key files for RSA, DSA, Elliptic Curve, and so on.
    - Support for smtpd_reject_footer_maps (as well as the postscreen
      variant postscreen_reject_footer_maps) for more informative reject
      messages. This is indexed with the Postfix SMTP server response
      text, and overrides the footer specified with smtpd_reject_footer.
      One will want to use a pcre: or regexp: map with this.
    o Bugfixes
    - Andreas Schulze discovered that reject_multi_recipient_bounce
      was producing false rejects with BDAT commands. This problem
      already existed with Postfix 2.2 smtpd_end_of_data_restrictons.
      Postfix 3.4.4 fixes both.
* Tue Mar 05 2019 Jiri Slaby <>
  - postfix-linux45.patch: support also newer kernels -- pretend
    we are still at kernel 3. Note that there are no conditionals for
    LINUX3 or LINUX4. And LINUX5 was generated, but not tested in the
    code which caused build failures.
* Mon Mar 04 2019 Marcus Rueckert <>
  - skip set -x and fix version update changes entry
* Sat Mar 02 2019 Michael Ströder <>
  - Update to 3.3.3
    * When the master daemon runs with PID=1 (init mode), it will now
      reap child processes from non-Postfix code running in the same
      container, instead of terminating with a panic.
    * Bugfix (introduced: postfix-2.11): with posttls-finger,
      connections to unix-domain servers always resulted in "Failed
      to establish session" even after a connection was established.
      Jaroslav Skarva.  File: posttls-finger/posttls-finger.c.
    * Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes,
      table lookups could casefold the search string when searching
      a lookup table that does not use fixed-string keys (regexp,
      pcre, tcp, etc.). Historically, Postfix would not case-fold
      the search string with such tables. File: util/dict_utf8.c.
* Fri Mar 01 2019 Reinhard Max <>
  - PostrgeSQL's pg_config is meant for linking server extensions,
    use libpq's pkg-config instead, if available.
    This is needed to fix build with PostgreSQL 11.
* Thu Feb 07 2019
  - rework config.postfix
    * disable commenting of smtpd_sasl_path/smtpd_sasl_type
      no need to comment, cause it is set to default anyway
      and 'uncommenting' would place it at end of file then
      which is not wanted
* Sat Jan 26 2019
  - rework
    * disable virtual_alias_domains cause (default: $virtual_alias_maps)
  - rework config.postfix
    * disable PCONF of virtual_alias_domains
      virtual_alias_maps will be set anyway to the correct value
    * extend virtual_alias_maps with
  - rework postfix-mysql, added
    needed for reject_unverified_recipient
* Thu Dec 13 2018
  - binary hardening: link with full RELRO
* Sun Nov 25 2018 Michael Ströder <>
  - Update to 3.3.2
    * Support for OpenSSL 1.1.1 and TLSv1.3.
    * Bugfixes:
    - smtpd_discard_ehlo_keywords could not disable "SMTPUTF8", because
      some lookup table was using "EHLO_MASK_SMTPUTF8" instead.
    - minor memory leak in DANE support when minting issuer certs.
    - The Postfix build did not abort if the m4 command was not installed,
      resulting in a broken postconf command.
* Sat Nov 24 2018
    * more flexibility to add to relay_domains without breaking
    * rework restriction examples in sysconf.postfix
      based on (2. edtion by Hildebrandt, Koetter)
  - disable weak cipher: RC4
    after check with
* Mon Oct 22 2018
  - update config.postfix
    * don't reject mail from authenticated users even if
      reject_unknown_client_hostname would match,
      add permit_sasl_authenticated to all restrictions
      requires smtpd_delay_reject = yes
  - update
    * recover removed setting smtpd_sasl_path and smtpd_sasl_type,
      set to default value
      config.postfix will not 'enable' (remove #) var, but place
      modified (enabled) var at end of file, far away from place
      where it should be
  - rebase patches
    * fix-postfix-script.patch
    * postfix-vda-v14-3.0.3.patch
    * postfix-linux45.patch
    * pointer_to_literals.patch
    * postfix-no-md5.patch
* Thu Oct 04 2018
  - bsc#1092939 - Postfixes postconf gives a lot of LDAP related warnings
    o add m4 as buildrequires, as proposed.
* Mon Aug 27 2018
  - Add zlib-devel as buildrequires, previously included from
* Fri May 25 2018
  - bsc#1087471 Unreleased Postfix update breaks SUSE Manager
    o Removing setting smtpd_sasl_path and smtpd_sasl_type to empty
* Mon May 21 2018
  - Update to 3.3.1
    * Postfix did not support running as a PID=1 process, which
      complicated Postfix deployment in containers. The "postfix
      start-fg" command will now run the Postfix master daemon as a
      PID=1 process if possible. Thanks for inputs from Andreas
      Schulze, Eray Aslan, and Viktor Dukhovni.
    * Segfault in the postconf(1) command after it could not open a
      Postfix database configuration file due to a file permission
      error (dereferencing a null pointer). Reported by Andreas
      Hasenack, fixed by Viktor Dukhovni.
    * The luser_relay feature became a black hole, when the luser_relay
      parameter was set to a non-existent local address (i.e. mail
      disappeared silently). Reported by J?rgen Thomsen.
    * Missing error propagation in the tlsproxy(8) daemon could result
      in a segfault after TLS handshake error (dereferencing a
      0xffff...ffff pointer). This daemon handles the TLS protocol
      when a non-whitelisted client sends a STARTTLS command to
* Wed May 09 2018
  - remove pre-requirements on sysvinit(network) and sysvinit(syslog).
    There seems to be no good reason for that other than blowing up
    the dependencies (bsc#1092408).
* Mon Apr 09 2018
  - bsc#1071807 postfix-SuSE/config.postfix: only reload postfix
    if the actual service is running. This prevents spurious
    and irrelevant error messages in system logs.
* Thu Mar 22 2018
  - bsc#1082514 autoyast: postfix gets not set myhostname properly -
    set to localhost
* Mon Mar 12 2018
  - Refresh spec-file via spec-cleaner and manual optinizations.
    * Add %license macro.
    * Set license to IPL-1.0 OR EPL-2.0.
  - Update to 3.3.0
    * Dual license: in addition to the historical IBM Public License
      1.0, Postfix is now also distributed with the more recent Eclipse
      Public License 2.0. Recipients can choose to take the software
      under the license of their choice. Those who are more comfortable
      with the IPL can continue with that license.
    * The postconf command now warns about unknown parameter names
      in a Postfix database configuration file. As with other unknown
      parameter names, these warnings can help to find typos early.
    * Container support: Postfix 3.3 will run in the foreground with
      "postfix start-fg". This requires that Postfix multi-instance
      support is disabled (the default). To collect Postfix syslog
      information on the container's host, mount the host's /dev/log
      socket into the container, for example with "docker run -v
      /dev/log:/dev/log ...other options...", and specify a distinct
      Postfix syslog_name setting in the container (for example with
      "postconf syslog_name=the-name-here").
    * Milter support: applications can now send RET and ENVID parameters
      in SMFIR_CHGFROM (change envelope sender) requests.
    * Postfix-generated From: headers with 'full name' information
      are now formatted as "From: name <address>" by default. Specify
      "header_from_format = obsolete" to get the earlier form "From:
      address (name)".
    * Interoperability: when Postfix IPv6 and IPv4 support are both
      enabled, the Postfix SMTP client will now relax MX preferences
      and attempt to schedule similar numbers of IPv4 and IPv6
      addresses. This works around mail delivery problems when a
      destination announces lots of primary MX addresses on IPv6, but
      is reachable only over IPv4 (or vice versa). The new behavior
      is controlled with the smtp_balance_mx_inet_protocols parameter.
    * Compatibility safety net: with compatibility_level < 1, the
      Postfix SMTP server now warns for mail that would be blocked
      by the Postfix 2.10 smtpd_relay_restrictions feature, without
      blocking that mail. There still is a steady trickle of sites
      that upgrade from an earlier Postfix version.
* Tue Feb 13 2018
  - bsc#1065411 Package postfix should require package system-user-nobody
  - bsc#1080772 postfix smtpd throttle getting "hello" if no sasl auth
    was configured



Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Apr 2 23:34:54 2022