Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

postfix-postgresql-3.10.4-1.1 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: postfix-postgresql Distribution: openSUSE Tumbleweed
Version: 3.10.4 Vendor: openSUSE
Release: 1.1 Build date: Tue Aug 19 19:45:58 2025
Group: Productivity/Networking/Email/Servers Build host: reproducible
Size: 27419 Source RPM: postfix-3.10.4-1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: http://www.postfix.org
Summary: Postfix plugin to support PostgreSQL maps
Postfix plugin to support PostgreSQL maps. This library will be loaded
by starting postfix if you'll access a postmap which is stored in
PostgreSQL.

Provides

Requires

License

EPL-2.0 OR IPL-1.0

Changelog

* Tue Aug 19 2025 Arjen de Korte <suse+build@de-korte.org>
  - update to 3.10.4
    * Fixes for postscreen(8):
    - Bugfix (defect introduced: Postfix 2.2, date 20050203): after
      detecting a lookup table change, and after starting a new
      postscreen process, the old postscreen process logged an ENOTSOCK
      error while attempting to accept a connection on a socket that
      it was no longer listening on. This error was introduced first
      in the multi_server skeleton code, and was five years later
      duplicated in the event_server skeleton that was created for
      postscreen.
    - Bugfix (defect introduced: Postfix 2.8, date 20101230):
      after detecting a cache table change and before starting a new
      postscreen process, the old postscreen process did not close the
      postscreen_cache_map, and therefore kept an exclusive lock that
      could prevent a new postscreen process from starting.
    * Fixes for tlsproxy(8):
    - Bugfix (defect introduced: Postfix 3.7): incorrect backwards
      compatible support for the legacy configuration parameters
      tlsproxy_client_level and tlsproxy_client_policy. This
      disabled the tlsproxy TLS client role when a legacy parameter
      was set (instead of the newer tlsproxy_client_security_level
      or tlsproxy_client_policy_maps).
    - Bugfix (defect introduced: Postfix 3.4): with the TLS client role
      disabled by configuration, the tlsproxy daemon dereferenced a
      null pointer while handling a tlsproxy client request.
    * Reducing process churn: Postfix daemons no longer automatically
      restart after a btree:, dbm:, hash:, lmdb:, or sdbm: table file
      modification time change, when they opened that table for writing.
    * Portability: deleted an <openssl/engine.h> build dependency,
      because the feature is being removed from OpenSSL, and Postfix
      no longer needs it.
    * Cleanup: with "tls_required_enable = yes", the Postfix SMTP client
      will no longer maintain TLSRPT statistics for messages that contain
      a "TLS-Required: no" header. This can prevent TLSRPT notifications
      for TLSRPT notifications.
    * Bugfix (defect introduced: Postfix 3.6, date 20200710): Postfix TLS
      client code logged "Untrusted TLS connection" (wrong) instead of
      "Trusted TLS connection" (right), for a new or resumed TLS session,
      when a server offered a trusted (valid PKI trust chain) certificate
      that did not match the expected server name pattern.
* Sun Aug 03 2025 Arjen de Korte <suse+build@de-korte.org>
  - update to 3.10.3
    * Bugfix (defect introduced: Postfix-3.10, date 20250117): include
      the current TLS security level in the SMTP connection cache
      lookup key for lookups by next-hop destination, to avoid reusing
      the same SMTP connection when sending messages with and without
      a "TLS-Required: no" header. Likewise, include the current TLS
      security level in the TLS session lookup key, to avoid reusing
      the same TLS session info when sending messages with and without
      a "TLS-Required: no" header.
    * Bugfix (defect introduced: Postfix-3.10, date 20250117): the
      Postfix SMTP client attempted to look up TLSA records even with
      "TLS-Required: no". This could result in unnecessary failures.
* Mon Jun 02 2025 Peter Varkoly <varkoly@suse.com>
  - Fix place of pam file
  - [Build 20250527] postfix mail delivery fails (bsc#1243886)
  - move /var/spool/mail/ to separate package (bsc#1179574)
    Revert last bad change
  - Adapt rpmlint
* Wed May 21 2025 Peter Varkoly <varkoly@suse.com>
  -  [sle16][postfix] postfix service failed to start due to
    "chmod: cannot access '/etc/postfix/virtual.lmdb': No such file or directory"
    (bsc#1243409)
* Tue May 20 2025 Peter Varkoly <varkoly@suse.com>
  - move /var/spool/mail/ to separate package (bsc#1179574)
* Thu May 08 2025 Peter Varkoly <varkoly@suse.com>
  - postfix incorrect logic for the master.cf handling for tls ports
    (bsc#1242822)
* Tue Apr 22 2025 Arjen de Korte <suse+build@de-korte.org>
  - update to 3.10.2
    * Bugfix (defect introduced: date 19991116): when appending a
      setting to a main.cf or master.cf file that did not end in a
      newline character, the "postconf -e" command did not add an
      extra newline character before appending the new setting, causing
      information to become garbled.
    * Bugfix (defect introduced: Postfix 2.3, date 20051222): the
      Dovecot auth client did not attempt to create a new connection
      after an I/O error on an existing connection.
    * Improved and corrected error messages when converting (host or
      service) information to (symbolic text, numerical text, or
      binary) form.
    * Documentation: updated link to Dovecot documentation.
* Tue Apr 15 2025 Giacomo Comes <gcomes.obs@gmail.com>
  - update postfix-main.cf.patch
    * remove duplicated entry smtp_dns_support_level
* Wed Apr 09 2025 chris@computersalat.de
  - fix compile option -std=gnu17 (only for >= 1600)
  - sync changes file
* Tue Apr 08 2025 Friedrich Haubensak <hsk17@mail.de>
  - add -std=gnu17 to CCARGS to fix gcc15 compile time error, as
    Wietse Venema suggests (marc.info/?l=postfix-users&m=173542420611213)
* Sun Mar 16 2025 chris@computersalat.de
  - rework postfix-main.cf.patch
  - fix config.postfix
    * add missing: cpifnewer "/usr/@lib@/sasl2/*" usr/@lib@/sasl2
  - rebase patches
    * pointer_to_literals.patch
    * postfix-linux45.patch
    * postfix-master.cf.patch
    * postfix-ssl-release-buffers.patch
    * set-default-db-type.patch
  - keep spec and changes files in sync
* Tue Mar 11 2025 Giacomo Comes <gcomes.obs@gmail.com>
  - update postfix-main.cf.patch
    * comment deprecated parameters: smtp_use_tls and smtp_enforce_tls
      use parameter smtp_tls_security_level instead
    * comment deprecated parameters: smtpd_use_tls and smtpd_enforce_tls
      use parameter smtpd_tls_security_level instead
* Tue Feb 25 2025 Arjen de Korte <suse+build@de-korte.org>
  - update to 3.10.1
    * Bugfix (defect introduced: 20250210): a recent 'fix' for the
      default smtp_tls_dane_insecure_mx_policy setting resulted in
      unnecessary 'dnssec_probe' warnings, on systems that disable
      DNSSEC lookups (which is the default).
* Tue Feb 18 2025 Arjen de Korte <suse+build@de-korte.org>
  - update to 3.10.0
    * Internal protocol change: Postfix needs "postfix reload" (or "postfix
      stop" and "postfix start") after upgrade, because of a change in the
      delivery agent protocol. If this step is skipped, Postfix delivery
      agents will log a warning:
      unexpected attribute smtputf8 from xxx socket (expecting: sendopts)
      where xxx is the delivery agent service name.
    * Forward compatibility: Support for OpenSSL 3.5 post-quantum
      cryptography. To manage algorithm selection, OpenSSL introduces new
      TLS group syntax that Postfix will not attempt to imitate. Instead,
      Postfix now allows the tls_eecdh_auto_curves and tls_ffdhe_auto_groups
      parameter values to have an empty value. When both are set empty, the
      algorithm selection can be managed through OpenSSL configuration. For
      more, look for "Post-quantum" in the postconf(5) manpage.
    * Support for the RFC 8689 "TLS-Required: no" message header to request
      delivery of messages (such as TLSRPT summaries) even if the preferred
      TLS security policy cannot be enforced. This limits the Postfix SMTP
      client to "smtp_tls_security_level = may" which does not authenticate
      server certificates and which allows falling back to plaintext.
    * Support for the REQUIRETLS SMTP service extension will evolve in
      Postfix 3.11.
    * Support for the TLSRPT protocol (defined in RFC 8460). With this,
      a domain can publish a policy in DNS that requests daily summary
      reports for successful and failed SMTP-over-TLS connections to that
      domain's MX hosts. This supports both DANE (built-in) and MTA-STS
      (via an smtp_tls_policy_maps plugin). The implementation uses a
      TLSRPT library and reporting infrastructure that are maintained by
      sys4. For details, see TLSRPT_README.
    * Privacy: With "smtpd_hide_client_session = yes", the Postfix
      SMTP server generates a Received: header without client session
      info. This setting may be used with the MUA submission services
      (port 465 and 587).
    * Support for RFC 2047 encoding of non-ASCII "full name" information
      in Postfix-generated From: message headers. Encoding non-ASCII full
      names can avoid the need to use SMTPUTF8, and therefore can avoid
      incompatibility with sites that do not support SMTPUTF8. See the
      full_name_encoding_charset parameter description for details.
    * Database performance: When mysql: or pgsql: configuration specifies
      a single host, assume that it is a load balancer and reconnect
      immediately after a single failure, instead of failing all requests
      for 60s.
    * The Postfix Milter implementation now logs the reason for a
      'quarantine' action, instead of "milter triggers HOLD action".
    * The SMTP server now logs the queue ID (or "NOQUEUE") when a connection
      ends abnormally (timeout, lost connection, or too many errors),
      and the cleanup server now logs "queueid: canceled" when a message
      transaction is started but not completed. These changes simplify
      logfile analysis.
    * Dovecot SASL client logging for "Invalid authentication mechanism"
      now includes the name of that mechanism.
    * Postfix SMTP server 'reject' logging now shows the sasl_method,
      sasl_username, and sasl_sender if available.
* Thu Dec 05 2024 Arjen de Korte <suse+build@de-korte.org>
  - update to 3.9.1
    * The mail_version configuration parameter did not have a three-number
      value (3.9 instead of 3.9.0; it still had the two-number version
      from the development releases postfix-3.9-yyyymmdd). This broke
      pathnames derived from the mail_version value, such as
      shlib_directory.
    * Bugfix (defect introduced: Postfix 2.9, date 20111218): with
      "smtpd_sasl_auth_enable = no", the permit_sasl_authenticated feature
      ignored information that was received with the XCLIENT LOGIN
      command, so that the client was treated as unauthenticated. This was
      fixed by removing an unnecessary test.
    * Bugfix (defect introduced: postfix 3.0): the default master.cf
      syslog_name setting for the relay service did not preserve
      multi-instance information, which complicated logfile analysis.
    * Bugfix (defect introduced: Postfix 2.3, date 20051222): file
      descriptor leak after failure to connect to a Dovecot auth server.
      The impact is limited because Dovecot auth failures are rare, there
      are limits on the number of retries (one), on the number of errors
      per SMTP session (smtpd_hard_error_limit), on the number of sessions
      per SMTP server process (max_use), and on the number of file handles
      per process (managed with sysctl).
    * Bugfix (defect introduced: Postfix 3.4, date 20190121): the
      postsuper command failed with "open logfile '/path/to/file':
      Permission denied" when the maillog_file parameter specified a
      filename and Postfix was not running. This was fixed by opening the
      maillog_file before dropping root privileges.
    * Bugfix (defect introduced Postfix 3.0). No autodetection of UTF8
      text when missing message headers were automatically added by
      Postfix (for example, a From: header with UTF8 full name information
      from the password file). This caused Postfix to send UTF8 in message
      headers without using the SMTPUTF8 protocol.
* Tue Sep 24 2024 Peter Varkoly <varkoly@suse.com>
  - Missing posttls-finger in postfix though changes mention it
    (bsc#1221501)
* Fri Aug 09 2024 Thorsten Kukuk <kukuk@suse.com>
  - Remove rcpostfix symlink [jsc#PED-266]
* Wed Aug 07 2024 Thorsten Kukuk <kukuk@suse.com>
  - postfix-script requires cmp
* Thu Aug 01 2024 Peter Varkoly <varkoly@suse.com>
  - postfix gives warnings about deprecated parameters (bsc#1225397)
* Tue Jul 02 2024 chris@computersalat.de
  - update postfix-main.cf.patch
    * add smtp_dns_support_level =
  - rebase patches
    * fix-postfix-script.patch
    * pointer_to_literals.patch
    * postfix-linux45.patch
    * postfix-ssl-release-buffers.patch
    * postfix-vda-v14-3.0.3.patch
    * set-default-db-type.patch
* Tue Jun 18 2024 chris@computersalat.de
  - fix for Invalid cross-device link
    * failed to create hard link 'etc/localtime' => '/usr/share/zoneinfo/Etc/UTC'
* Tue Jun 11 2024 Adam Majer <adam.majer@suse.de>
  - Set built-in path values to suse values (bsc#1215689)
* Mon May 20 2024 chris@computersalat.de
  - Update update_chroot.systemd
    * Add missing checks for DKIM (openDKIM)
  - keep spec and changes files in sync
* Fri May 17 2024 Peter Varkoly <varkoly@suse.com>
  - config.postfix needs updating (bsc#1224207)
    * chkconfig -> systemctl
    * Link Cyrus lmtp only if this exsists
    * /usr/lib64/sasl2 does not need to exist
    * Fetch timezone via readlink from /etc/localtime
* Fri Apr 05 2024 Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
  - Move qshape(1) out of -doc, install it as a binary with the main package
* Thu Mar 07 2024 Arjen de Korte <suse+build@de-korte.org>
  - update to 3.9.0
    * As described in DEPRECATION_README, the SMTP server features
      "permit_naked_ip_address", "check_relay_domains", and
      "reject_maps_rbl" have been removed, after they have been logging
      a warning for some 20 years. These features now log a warning
      and return a "server configuration error" response.
    * The MySQL client no longer supports MySQL versions < 4.0. MySQL
      version 4.0 was released in 2003.
    * As covered in DEPRECATION_README, the configuration parameter
      "disable_dns_lookup" and about a dozen TLS-related parameters
      are now officially obsolete. These parameters still work, but
      the postconf command logs warnings that they will be removed
      from Postfix.
    * As covered in DEPRECATION_README, "permit_mx_backup" logs a
      warning that it will be removed from Postfix.
    * In message headers, Postfix now formats numerical days as
      two-digit days, i.e. days 1-9 have a leading zero instead of a
      leading space. This change was made because the RFC 5322 date
      and time specification recommends (i.e. SHOULD) that a single
      space be used in each place that folding white space appears.
      This change avoids a breaking change in the length of a date
      string.
    * The MySQL client default characterset is now configurable with
      the "charset" configuration file attribute. The default is
      "utf8mb4", consistent with the MySQL 8.0 built-in default, but
      different from earlier MySQL versions where the built-in default
      was "latin1".
    * Support to query MongoDB databases, contributed by Hamid Maadani,
      based on earlier code by Stephan Ferraro. See MONGODB_README
      and mongodb_table(5)
    * The RFC 3461 envelope ID is now exported in the local(8) delivery
      agent with the ENVID environment variable, and in the pipe(8)
      delivery agent with the ${envid} command-line attribute.
    * Configurable idle and retry timer settings in the mysql: and
      pgsql: clients. A shorter than default retry timer can sped up
      the recovery after error, when Postfix is configured with only
      one server in the "hosts" attribute. After the code was frozen
      for release, we have learned that Postfix can recover faster
      from some errors when the single server is specified multiple
      times in the "hosts" attribute.
    * Optional Postfix TLS support to request an RFC7250 raw public
      key instead of an X.509 public-key certificate. The configuration
      settings for raw key public support will be ignored when there
      is no raw public key support in the local TLS implementation
      (i.e. Postfix with OpenSSL versions before 3.2). See RELEASE_NOTES
      for more information.
    * Preliminary support for OpenSSL configuration files, primarily
      OpenSSL 1.1.1b and later. This introduces two new parameters
      "tls_config_file" and "tls_config_name", which can be used to
      limit collateral damage from OS distributions that crank up
      security to 11, increasing the number of plaintext email
      deliveries. Details are in the postconf(5) manpage under
      "tls_config_file" and "tls_config_name".
    * With "smtpd_forbid_unauth_pipelining = yes" (the default),
      Postfix defends against multiple "blind" SMTP attacks. This
      feature was back-ported to older stable releases but disabled
      by default.
    * With "smtpd_forbid_bare_newline = normalize" (the default)
      Postfix defends against SMTP smuggling attacks. See RELEASE_NOTES
      for details. This feature was back-ported to older stable
      releases but disabled by default.
    * Prevent outbound SMTP smuggling, where an attacker uses Postfix
      to send email containing a non-standard End-of-DATA sequence,
      to exploit inbound SMTP smuggling at a vulnerable remote SMTP
      server. With "cleanup_replace_stray_cr_lf = yes" (the default),
      the cleanup daemon replaces each stray <CR> or <LF> character
      in message content with a space character. This feature was
      back-ported to older stable releases with identical functionality.
    * The Postfix DNS client now limits the total size of DNS lookup
      results to 100 records; it drops the excess records, and logs
      a warning. This limit is 20x larger than the number of server
      addresses that the Postfix SMTP client is willing to consider
      when delivering mail, and is far below the number of records
      that could cause a tail recursion crash in dns_rr_append() as
      reported by Toshifumi Sakaguchi. This also introduces a similar
      limit on the number of DNS requests that a check_*_*_access
      restriction can make. All this was back-ported to older stable
      releases with identical functionality.
  - refreshed patch:
    % postfix-no-md5.patch
  - change obsoleted "disable_dns_lookups" to "smtp_dns_support_level"
    % postfix-SUSE.tar.gz
    % postfix-main.cf.patch
    % postfix-master.cf.patch
* Tue Mar 05 2024 Arjen de Korte <suse+build@de-korte.org>
  - update to 3.8.6
    * Bugfix (defect introduced: Postfix 2.3, date 20051222): the
      Dovecot auth client did not reset the 'reason' from a previous
      Dovecot auth service response, before parsing the next Dovecot
      auth server response in the same SMTP session, resulting in a
      nonsensical "authentication failed" warning message. Reported
      by Stephan Bosch.
    * Bugfix (defect introduced: Postfix 3.1, date: 20151128):
      "postqueue -j" produced broken JSON when escaping a control
      character as \uXXXX. Found during code maintenance.
    * Cleanup: this fixes posttls-finger certificate match expectations
      for all TLS security levels, including warnings for levels that
      don't implement certificate matching. By Viktor Dukhovni.
    * Bugfix (defect introduced: Postfix 2.3): after prepending a
      header at the top of a message (with an access(5), header_checks(5)
      or Milter action), the Postfix Milter "delete header" or "update
      header" action was skipping the prepended header, instead of
      skipping the Postfix-generated Received: header. Problem report
      by Carlos Velasco.
    * Workaround: tlsmgr logfile spam. Reportedly, some OS lies under
      load: it says that a socket is readable, then it says that the
      socket has unread data, and then it says that read returns EOF,
      causing Postfix to spam the log with a warning message.
    * Bugfix (defect introduced: Postfix 3.4): the SMTP server's BDAT
      command handler could be tricked to read $message_size_limit
      bytes into memory. Found during code maintenance.
    * Safety: limit the total size of DNS lookup results to 100
      records; drop the excess records, and log a warning. This limit
      is 20x larger than the number of server addresses that the
      Postfix SMTP client is willing to consider when delivering mail,
      and is far below the number of records that could cause a tail
      recursion crash in dns_rr_append() as reported by Toshifumi
      Sakaguchi. This fix also limits the number of DNS requests that
      a check_*_*_access restriction can make.
    * Performance, related to the previous problem: eliminate worst-case
      behavior where the queue manager could defer delivery to all
      destinations over a specific delivery transport, after only a
      single delivery agent crash. The scheduler now throttles
      deliveries to one destination, and allows other deliveries to
      keep making progress.
  - change to functioning mirror (http://cdn.postfix.johnriley.me/
    has been dead for a while although it is still listed upstream)
  - make output of %setup less verbose by restoring -q option
* Tue Mar 05 2024 Peter Varkoly <varkoly@suse.com>
  - %autosetup does not works with multiple -a.
    https://github.com/rpm-software-management/rpm/issues/1204
* Thu Feb 29 2024 Dominique Leuenberger <dimstar@opensuse.org>
  - Use %autosetup macro. Allows to eliminate the usage of deprecated
    %patchN.
* Tue Jan 23 2024 Arjen de Korte <suse+build@de-korte.org>
  - update to 3.8.5
    * Security: this release improves support to defend against an email
      spoofing attack (SMTP smuggling) on recipients at a Postfix server.
      For background, see https://www.postfix.org/smtp-smuggling.html.
* Sat Jan 06 2024 chris@computersalat.de
  - rework fix for bsc#1192173: keep myhostname and mydestination
    patched, but with upstream default to have them in correct place
    when updated via config.postfix
  - rework SMTP Smuggling defaults
    * yes is now alias of 'normalize'
      smtpd_forbid_bare_newline = normalize
    * another new option is 'reject' wich should be used in connection
      with
      smtpd_forbid_bare_newline_reject_code = 521
  - rework patches
    * postfix-bdb-main.cf.patch
    * postfix-main.cf.patch
  - rebase patches
    * postfix-linux45.patch
    * postfix-ssl-release-buffers.patch
    * postfix-vda-v14-3.0.3.patch
    * set-default-db-type.patch
  - sync changes files
    * add missing entries in postfix-bdb.changes
* Thu Dec 28 2023 Dirk Müller <dmueller@suse.com>
  - update default configuration to enable the long-term fix for
    bsc#1218304, bsc#1218314 CVE-2023-51764, SMTP smuggling attack:
    * smtpd_forbid_bare_newline = yes
    * smtpd_forbid_bare_newline_exclusions = $mynetworks
* Fri Dec 22 2023 Arjen de Korte <suse+build@de-korte.org>
  - update to 3.8.4 (bsc#1218304, CVE-2023-51764):
    * Security: this release adds support to defend
      against an email spoofing attack (SMTP smuggling) on
      recipients at a Postfix server. For background, see
      https://www.postfix.org/smtp-smuggling.html
* Fri Nov 03 2023 Arjen de Korte <suse+build@de-korte.org>
  - update to 3.8.3
    * Bugfix (defect introduced Postfix 2.5, date 20080104): the
      Postfix SMTP server was waiting for a client command instead
      of replying immediately, after a client certificate verification
      error in TLS wrappermode. Reported by Andreas Kinzler.
    * Usability: the Postfix SMTP server (finally) attempts to log
      the SASL username after authentication failure. In Postfix
      logging, this appends ", sasl_username=xxx" after the reason
      for SASL authentication failure. The logging replaces an
      unavailable reason with "(reason unavailable)", and replaces
      an unavailable sasl_username with "(unavailable)". Based on
      code by Jozsef Kadlecsik.
    * Compatibility bugfix (defect introduced: Postfix 2.11, date
      20130405): in forward_path, the expression ${recipient_delimiter}
      would expand to an empty string when a recipient address had
      no recipient delimiter. The compatibility fix is to use a
      configured recipient delimiter value instead. Reported by Tod
      A. Sandman.
* Mon Oct 23 2023 Peter Varkoly <varkoly@suse.com>
  - Syntax error in update_postmaps script (bsc#1216061)
* Mon Sep 18 2023 Peter Varkoly <varkoly@suse.com>
  - postfix: config.postfix causes too tight permission on main.cf
    (bsc#1215372)
* Tue Aug 15 2023 Peter Varkoly <varkoly@suse.com>
  - CVE-2023-32182: postfix: config_postfix SUSE specific script
    potentially bad /tmp file usage (bsc#1211196)
    Use temp file created by mktemp
* Tue Jun 06 2023 Arjen de Korte <suse+build@de-korte.org>
  - update to 3.8.1
    * Optional: harden a Postfix SMTP server against remote SMTP
      clients that violate RFC 2920 (or 5321) command pipelining
      constraints. With "smtpd_forbid_unauth_pipelining = yes", the
      server disconnects a client immediately, after responding with
      "554 5.5.0 Error: SMTP protocol synchronization" and after
      logging "improper command pipelining" with the unexpected remote
      SMTP client input. This feature is disabled by default in Postfix
      3.5-3.8 to avoid breaking home-grown utilities, but it is enabled
      by default in Postfix 3.9. A similar feature is enabled by
      default in the Exim SMTP server.
    * Optional: some OS distributions crank up TLS security to 11,
      and in doing so increase the number of plaintext email deliveries.
      This introduces basic OpenSSL configuration file support that
      may be used to override OS-level settings.
      Details are in the postconf(5) manpage under tls_config_file
      and tls_config_name.
    * Bugfix (defect introduced: Postfix 1.0): the command "postconf
      .. name=v1 .. name=v2 .." (multiple instances of the same
      parameter name) created multiple main.cf name=value entries
      with the same parameter name. It now logs a warning and skips
      the earlier name(s) and value(s). Found during code maintenance.
    * Bugfix (defect introduced: Postfix 3.3): the command "postconf
    - M name1/type1='name2 type2 ...'" died with a segmentation
      violation when the request matched multiple master.cf entries.
      The master.cf file was not damaged. Problem reported by SATOH
      Fumiyasu.
    * Bugfix (defect introduced: Postfix 2.11): the command "postconf
    - M name1/type1='name2 type2 ...'" could add a service definition
      to master.cf that conflicted with an already existing service
      definition. It now replaces all existing service definitions
      that match the service pattern 'name1/type1' or the service
      name and type in 'name2 type2 ...' with a single service
      definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu.
    * Bugfix (defect introduced: Postfix 3.8) the posttls-finger
      command could access uninitialized memory when reconnecting.
      This also fixes a malformed warning message when a destination
      contains ":service" information. Reported by Thomas Korbar.
    * Bugfix (defect introduced: Postfix 3.2): the MySQL client could
      return "not found" instead of "error" (for example, resulting
      in a 5XX SMTP status instead of 4XX) during the time that all
      MySQL server connections were turned down after error. Found
      during code maintenance. File: global/dict_mysql.c. This was
      already fixed in Postfix 3.4-3.7.
* Thu May 04 2023 Dominique Leuenberger <dimstar@opensuse.org>
  - Add _multibuild to define 2nd spec file as additional flavor.
    Eliminates the need for source package links in OBS.
* Tue Apr 18 2023 Arjen de Korte <suse+build@de-korte.org>
  - update to 3.8.0
    * Support to look up DNS SRV records in the Postfix SMTP/LMTP
      client, Based on code by Tomas Korbar (Red Hat). For example,
      with "use_srv_lookup = submission" and "relayhost =
      example.com:submission", the Postfix SMTP client will look up
      DNS SRV records for _submission._tcp.example.com, and will relay
      email through the hosts and ports that are specified with those
      records.
    * TLS obsolescence: Postfix now treats the "export" and "low"
      cipher grade settings as "medium". The "export" and "low" grades
      are no longer supported in OpenSSL 1.1.1, the minimum version
      required in Postfix 3.6.0 and later. Also, Postfix default
      settings now exclude deprecated or unused ciphers (SEED, IDEA,
      3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms
      (DH, ECDH), and public key algorithm (DSS).
    * Attack resistance: the Postfix SMTP server can now aggregate
      smtpd_client_*_rate and smtpd_client_*_count statistics by
      network block instead of by IP address, to raise the bar against
      a memory exhaustion attack in the anvil(8) server; Postfix TLS
      support unconditionally disables TLS renegotiation in the middle
      of an SMTP connection, to avoid a CPU exhaustion attack.
    * The PostgreSQL client encoding is now configurable with the
      "encoding" Postfix configuration file attribute. The default
      is "UTF8". Previously the encoding was hard-coded as "LATIN1",
      which is not useful in the context of SMTP.
    * The postconf command now warns for #comment in or after a Postfix
      parameter value. Postfix programs do not support #comment after
      other text, and treat that as input.
  - rebase/refresh patches
    * pointer_to_literals.patch
    * postfix-linux45.patch
    * postfix-master.cf.patch
    * postfix-ssl-release-buffers.patch
    * set-default-db-type.patch
* Sat Feb 25 2023 Otto Hollmann <otto.hollmann@suse.com>
  - update to 3.7.4
    * Workaround: with OpenSSL 3 and later always turn on
      SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
      opportunities for TLS session reuse. This is safe because the SMTP protocol
      implements application-level framing, and is therefore not affected by TLS
      truncation attacks.
    * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound
      handles for digest implementations. In sufficiently hostile configurations,
      Postfix could mistakenly believe that a digest algorithm is available, and
      fail when it is not. A similar workaround may be needed for
      EVP_get_cipherbyname().
    * Bugfix (bug introduced in Postfix 2.11): the checkok() macro in
      tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate
      the argument only if there was no prior error.
    * Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation
      violation when postscreen_dnsbl_threshold < 1. It should reject such input
      with a fatal error instead.
    * Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions.
    * Portability: Linux 6 support.
    * Added missing documentation that cidr:, pcre: and regexp: tables support
      inline specification only in Postfix 3.7 and later.
    * Rebased postfix-linux45.patch
* Thu Feb 09 2023 Peter Varkoly <varkoly@suse.com>
  - SELinux: postfix denied to access /var/spool/postfix/pid/master.pid
    (bsc#1207177) Apply proposed changes in postfix.service
  - remove patch included into the source:
      harden_postfix.service.patch
* Wed Jan 25 2023 Thorsten Kukuk <kukuk@suse.com>
  - Disable NIS support on Factory (deprecated and will be removed)
* Wed Jan 18 2023 Hu <cathy.hu@suse.com>
  - Fix SELinux labeling issue caused by /usr/sbin/config.postfix (bsc#1207227).
* Mon Nov 14 2022 Peter Varkoly <varkoly@suse.com>
  - postfix default main.cf myhostname default causes conflict
    (bsc#1192173)
    Use the postfix build in defaults for myhostname and mydestination
* Sun Oct 09 2022 Michael Ströder <michael@stroeder.com>
  - update to 3.7.3
    * Fixed a bug where some messages were not delivered after
      "warning: Unexpected record type 'X'. (bsc#1213515)
    * Workaround: in a TLS server disable Postfix's 1-element internal session
      cache, to work around an OpenSSL 3.0 regression that broke TLS handshakes.
    * Code health: the fix for milter_header_checks (3.7.1, 3.6.6, 3.5.16, 3.4.26)
      introduced a missing msg_panic() argument (in code that never executes).
    * Code health: Postfix 3.3.0 introduced an uninitialized verify_append()
      request status in case of a null original recipient address.
    * Postfix 3.5.0 introduced debug logging noise in map_search_create().
* Tue Sep 06 2022 Ludwig Nussel <lnussel@suse.de>
  - own /var/spool/mail (boo#1179574)
* Thu Aug 04 2022 chris@computersalat.de
  - use correct source signature file (gpg2)
* Mon Jul 11 2022 chris@computersalat.de
  - update to 3.7.2
    https://de.postfix.org/ftpmirror/official/postfix-3.7.2.RELEASE_NOTES
  - rebase patches
    * pointer_to_literals.patch
    * postfix-linux45.patch
    * postfix-main.cf.patch
    * postfix-master.cf.patch
    * postfix-no-md5.patch
    * postfix-ssl-release-buffers.patch
    * postfix-vda-v14-3.0.3.patch
    * set-default-db-type.patch
  - build against libpcre2
* Tue May 10 2022 chris@computersalat.de
  - remove *.swp from postfix-SUSE.tar.gz
* Tue May 03 2022 chris@computersalat.de
  - fix config.postfix 'hash' leftover with relay_recipients
  - update postfix-main.cf.patch about
    * smtp_tls_security_level (obsoletes smtp_use_tls, smtp_enforce_tls)
    * smtpd_tls_security_level (obsoletes smtpd_use_tls, smtpd_enforce_tls)
  - rebase/refresh patches
    * harden_postfix.service.patch
    * postfix-avoid-infinit-loop-if-no-permission.patch
    * postfix-master.cf.patch
    * postfix-vda-v14-3.0.3.patch
    * set-default-db-type.patch
* Mon May 02 2022 Dominique Leuenberger <dimstar@opensuse.org>
  - Change ed requires to /usr/bin/ed: allow busybox-ed to be used
    inside containers.
* Mon Apr 25 2022 Marcus Rueckert <mrueckert@suse.de>
  - add missing requires for config.postfix and the postfix
    postinstall script:  perl and ed
* Mon Apr 18 2022 Michael Ströder <michael@stroeder.com>
  - update to 3.6.6
    * (problem introduced: Postfix 2.7) The milter_header_checks maps
      are now opened before the cleanup(8) server enters the chroot
      jail.
    * In an internal client module, "host or service not found" was
      a fatal error, causing the milter_default_action setting to be
      ignored. It is now a non-fatal error, just like a failure to
      connect.
    * The proxy_read_maps default value was missing up to 27 parameter
      names. The corresponding lookup tables were not automatically
      authorized for use with the proxymap(8) service. The parameter
      names were ending in _checks, _reply_footer, _reply_filter,
      _command_filter, and _delivery_status_filter.
    * (problem introduced: Postfix 3.0) With dynamic map loading
      enabled, an attempt to create a map with "postmap regexp:path"
      would result in a bogus error message "Is the postfix-regexp
      package installed?" instead of "unsupported map type for this
      operation". This happened with all non-dynamic map types (static,
      cidr, etc.) that have no 'bulk create' support.
* Mon Apr 04 2022 Peter Varkoly <varkoly@suse.com>
  - config.postfix fails to set smtp_tls_security_level
    (bsc#1192314)
* Tue Mar 29 2022 Илья Индиго <ilya@ilya.cf>
  - Refreshed spec-file via spec-cleaner and manual optimizated.
    * Added -p flag to all install commands.
    * Removed -f flag from all ln commands.
  - Changed file harden_postfix.service.patch (boo#1191988).
* Fri Mar 18 2022 Michael Ströder <michael@stroeder.com>
  - update to 3.6.5
    * Glibc 2.34 implements closefrom(). This was causing a conflict
      with Postfix's implementation for systems that have no closefrom()
      implementation.
    * Support for Berkeley DB version 18.
  - removed obsolete postfix-3.6.2-glibc-234-build-fix.patch
* Mon Mar 14 2022 Peter Varkoly <varkoly@suse.com>
  - Postfix on start don't run postalias /etc/postfix/aliases
    (error open database /etc/postfix/aliases.lmdb). (bsc#1197041)
    Apply proposed patch
* Wed Feb 09 2022 Peter Varkoly <varkoly@suse.com>
  - config.postfix can't handle symlink'd /etc/resolv.cof
    (bsc#1195019)
    Adapt proposed change: using "cp -afL" by copying.
* Tue Jan 18 2022 Michael Ströder <michael@stroeder.com>
  - Update to 3.6.4
    * Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient
      entries in postconf output. This was caused by an incomplete
      fix to send SMTP session transcripts to $bounce_notice_recipient.
    * Bug introduced in Postfix 3.0: the proxymap daemon did not
      automatically authorize proxied maps inside pipemap (example:
      pipemap:{proxy:maptype:mapname, ...}) or inside unionmap.
    * Bug introduced in Postfix 2.5: off-by-one error while writing
      a string terminator. This code passed all memory corruption
      tests, presumably because it wrote over an alignment padding
      byte, or over an adjacent character byte that was never read.
    * The proxymap daemon did not automatically authorize map features
      added after Postfix 3.3, caused by missing *_maps parameter
      names in the proxy_read_maps default value. Found during code
      maintenance.

Files

/usr/lib/postfix/dynamicmaps.cf.d/postfix-pgsql.cf
/usr/lib/postfix/postfix-pgsql.so
/usr/share/man/man5/pgsql_table.5.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Oct 22 22:37:11 2025