1============================================================== 2NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE 3============================================================== 4Before upgrading from Postfix 1.1 you must stop Postfix ("postfix 5stop"). Some internal protocols have changed. No mail will be 6lost if you fail to stop and restart Postfix, but Postfix won't be 7able to receive any new mail, either. 8============================================================== 9NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE 10============================================================== 11 12In the text below, changes are labeled with the Postfix snapshot 13that introduced the change, and whether the change introduced a 14feature, an incompatibility, or whether the feature is obsolete. 15If you upgrade from a later Postfix version, then you do not have 16to worry about incompatibilities introduced in earlier versions. 17 18Official Postfix releases are called a.b.c where a=major release 19number, b=minor release number, c=patchlevel. Snapshot releases 20are now called a.b.c-yyyymmdd where yyyymmdd is the release date 21(yyyy=year, mm=month, dd=day). The mail_release_date configuration 22parameter contains the release date (both for official release and 23snapshot release). Patches change the patchlevel and the release 24date. Snapshots change only the release date, unless they include 25the same bugfixes as a patch release. 26 27Major changes with Postfix version 2.0.0 (released 20021222, 20021223) 28====================================================================== 29 30First comes the bad news - things that may break when you upgrade 31from Postfix 1.1. Then comes the good news - things that evolved 32in snapshots over the past year. 33 34For the release notes of Postfix 1.1 and earlier, see the 35RELEASE_NOTES-1.1 file. 36 37Unknown Recipients are now rejected by default 38============================================== 39 40[Incompatibility 20021209] The Postfix SMTP server now rejects mail 41for $mydestination domain recipients that it does not know about. 42This keeps undeliverable mail out of your queue. 43 44[Incompatibility 20021209] To avoid losing mail when upgrading from 45Postfix 1.1, you need to review the LOCAL_RECIPIENT_README file if 46one of the following is true: 47 48- You define $mydestination domain recipients in files other than 49 /etc/passwd or /etc/aliases. For example, you define $mydestination 50 domain recipients in the $virtual_mailbox_maps files. 51- You run the Postfix SMTP server chrooted (see master.cf). 52- You redefined the local delivery agent in master.cf. 53- You redefined the "local_transport" setting in main.cf. 54- You use the mailbox_transport feature of the Postfix local delivery agent. 55- You use the fallback_transport feature of the Postfix local delivery agent. 56- You use the luser_relay feature of the Postfix local delivery agent. 57 58Name change of virtual domain tables 59==================================== 60 61This release introduces separation of lookup tables for addresses 62and for domain names of virtual domains. 63 64[Incompat 20021209] the virtual_maps parameter is replaced by 65virtual_alias_maps (for address lookups) and virtual_alias_domains 66(for the names of what were formerly called "Postfix-style virtual 67domains"). 68 69 For backwards compatibility with Postfix version 1.1, the new 70 virtual_alias_maps parameter defaults to $virtual_maps, and the 71 new virtual_alias_domains parameter defaults to $virtual_alias_maps. 72 This means that you can still keep all information about a domain 73 in one file, just like before. 74 75For details, see the virtual(5) and sample-virtual.cf files. 76 77[Incompat 20021209] the virtual_mailbox_maps parameter now has a 78companion parameter called virtual_mailbox_domains (for the names 79of domains served by the virtual delivery agent). virtual_mailbox_maps 80is now used for address lookups only. 81 82 For backwards compatibility with Postfix version 1.1,, the new 83 virtual_mailbox_domains parameter defaults to $virtual_mailbox_maps. 84 This means that you can still keep all information about a domain 85 in one file, just like before. 86 87For details, see the VIRTUAL_README file. 88 89[Incompat 20021209] If you use the "advanced content filter" 90technique, you MUST NOT override the virtual aliases and virtual 91mailbox settings in the SMTP server that receives mail from the 92content filter, or else mail for virtual recipients will be rejected 93with "User unknown". 94 95For details, see the FILTER_README file. 96 97Incompatible queue file format changes 98====================================== 99 100[Incompat 20020527] Queue files created with the header/body_checks 101"FILTER" feature are not compatible with "postqueue -r" (move queue 102files back to the maildrop directory) of previous Postfix releases. 103 104[Incompat 20020512] Postfix queue files contain records that are 105incompatible with "postqueue -r" on all Postfix versions prior to 1061.1 and release candidates. This happens whenever the sender 107specifies MIME body type information via the SMTP `MAIL FROM' 108command, via the `sendmail -B' command line option, or via the 109Content-Transfer-Encoding: message header. 110 111[Incompat 20020512] Postfix queue files may contain records that 112are incompatible with "postqueue -r" on previous 1.1 Postfix versions 113and release candidates. This happens whenever the sender specifies 114the MIME body type only via the Content-Transfer-Encoding: message 115header, and not via `MAIL FROM' or `sendmail -B'. 116 117Features that are going away 118============================ 119 120[Obsolete 20021209] Sendmail-style virtual domains are no longer 121documented. This part of Postfix was too confusing. 122 123[Obsolete 20021209] The "reject_maps_rbl" restriction is going 124away. The SMTP server now logs a warning and suggests using the 125more flexible "reject_rbl_client" feature instead. 126 127[Obsolete 20021209] The "check_relay_domains" restriction is going 128away. The SMTP server logs a warning and suggests using the more 129robust "reject_unauth_destination" instead. This means that Postfix 130by default no longer grants relay permissions on the basis of the 131client hostname, and that relay clients must be authorized via 132other means such as permit_mynetworks. 133 134[Obsolete 20020917] In regexp lookup tables, the form /pattern1/!/pattern2/ 135is going away. Use the cleaner and more flexible "if !/pattern2/..endif" 136form. The old form still exists but is no longer documented, and 137causes a warning (suggesting to use the new format) to be logged. 138For details, see "man regexp_table". 139 140[Obsolete 20020819] The qmgr_site_hog_factor feature is gone (this 141would defer mail delivery for sites that occupy too much space in 142the active queue, and be a real performance drain due to excessive 143disk I/O). The new qmgr_clog_warn_time feature (see below) provides 144more useful suggestions for dealing with Postfix congestion. 145 146[Obsolete 20020819] The "permit_naked_ip_address" restriction on 147HELO command syntax is unsafe when used with most smtpd_XXX_restrictions 148and will go away. Postfix logs a warning, suggesting to use 149"permit_mynetworks" instead. 150 151MIME support 152============ 153 154[Feature 20020527] Postfix now has real MIME support. This improves 155content filtering efficiency and accuracy, and improves inter-operability 156with mail systems that cannot receive 8-bit mail. See conf/sample-mime.cf 157for details. 158 159[Feature 20020527] Postfix header_checks now properly recognize 160MIME headers in attachments. This is much more efficient than 161previous versions that recognized MIME headers via body_checks. 162MIME headers are now processed one multi-line header at a time, 163instead of one body line at a time. To get the old behavior, 164specify "disable_mime_input_processing = yes". More details in 165conf/sample-filter.cf. 166 167[Feature 20020527] Postfix now has three classes of header patterns: 168header_checks (for primary message headers except MIME headers), 169mime_header_checks (for MIME headers), and nested_header_checks 170(for headers of attached email messages except MIME headers). By 171default, all headers are matched with header_checks. 172 173[Feature 20020527] The Postfix SMTP client will now convert 8BITMIME 174mail to 7BIT when delivering to an SMTP server that does not announce 1758BITMIME support. To disable, specify "disable_mime_output_conversion 176= yes". However, this conversion is required by RFC standards. 177 178[Feature 20020528] Postfix can enforce specific aspects of the MIME 179standards while receiving mail. 180 181* Specify "strict_7bit_headers = yes" to disallow 8-bit characters 182 in message headers. These are always illegal. 183 184* Specify "strict_8bitmime_body = yes" to block mail with 8-bit 185 content that is not properly labeled as 8-bit MIME. This blocks 186 mail from poorly written mail software, including (bounces from 187 qmail, bounces from Postfix before snapshot 20020514, and Majordomo 188 approval requests) that contain valid 8BITMIME mail. 189 190* Specify "strict_8bitmime = yes" to turn on both strict_7bit_headers 191 and strict_8bitmime_body. 192 193* Specify "strict_mime_encoding_domain = yes" to block mail from 194 poorly written mail software. More details in conf/sample-mime.cf. 195 196[Incompat 20020527] Postfix now rejects mail if the MIME multipart 197structure is nested more than mime_nesting_limit levels (default: 198100) when MIME input processing is enabled while receiving mail, or 199when Postfix is performing 8BITMIME to 7BIT conversion while 200delivering mail. 201 202[Incompat 20020527] Postfix now recognizes "name :" as a valid 203message header, but normalizes it to "name:" for consistency 204(actually, there is so much code in Postfix that would break with 205"name :" that there is little choice, except to not recognize "name 206:" headers). 207 208[Incompat 20020512] Postfix queue files contain records that are 209incompatible with "postqueue -r" on all Postfix versions prior to 2101.1 and release candidates. This happens whenever the sender 211specifies MIME body type information via the SMTP `MAIL FROM' 212command, via the `sendmail -B' command line option, or via the 213Content-Transfer-Encoding: message header. 214 215[Incompat 20020512] Postfix queue files may contain records that 216are incompatible with "postqueue -r" on previous 1.1 Postfix versions 217and release candidates. This happens whenever the sender specifies 218the MIME body type only via the Content-Transfer-Encoding: message 219header, and not via `MAIL FROM' or `sendmail -B'. 220 221[Feature 20020512] The Postfix SMTP and LMTP clients now properly 222pass on the MIME body type information (7BIT or 8BITMIME), provided 223that the sender properly specifies MIME body type information via 224the SMTP MAIL FROM command, via the sendmail -B command line option, 225or via MIME message headers. This includes mail that is returned 226as undeliverable. 227 228Improved performance 229==================== 230 231[Incompat 20021209] The default queue directory hash_queue_depth 232setting is reduced to 1 level of subdirectories per Postfix queue. 233This improves "mailq" performance on most systems, but can result 234in poorer worst-case performance on systems with lots of mail in 235the queue. 236 237[Incompat 20021209] The Postfix SMTP client no longer expands CNAMEs 238in MAIL FROM or RCPT TO addresses (as permitted by RFC 2821). This 239eliminates one DNS lookup per sender and recipient, and can make 240a dramatic difference when sending mailing list mail via a relayhost. 241 242[Incompat 20021209] The Postfix installation procedure no longer 243sets the "chattr +S" bit on Linux queue directories. Wietse has 244gotten too annoyed with naive reviewers who complain about performance 245without having a clue of what they are comparing. 246 247[Feature 20021209] On mail gateway systems, separation of inbound 248mail relay traffic from outbound traffic. This eliminates a problem 249where inbound mail deliveries could become resource starved in the 250presence of a high volume of outbound mail. 251 252[Feature 20021013] The body_checks_size_limit parameter limits the 253amount of text per message body segment (or attachment, if you 254prefer to use that term) that is subjected to body_checks inspection. 255The default limit is 50 kbytes. This speeds up the processing of 256mail with large attachments. 257 258[Feature 20020917] Speedups of regexp table lookups by optimizing 259for the $number substitutions that are actually present in the 260right-hand side. Based on a suggestion by Liviu Daia. 261 262[Feature 20020917] Speedups of regexp and pcre tables, using 263IF..ENDIF support. Based on an idea by Bert Driehuis. To protect 264a block of patterns, use: 265 266 if /pattern1/ 267 /pattern2/ result2 268 /pattern3/ result3 269 endif 270 271IF..ENDIF can nest. Don't specify blanks at the beginning of lines 272inside IF..ENDIF, because lines beginning with whitespace are 273appended to the previous line. More details about the syntax are 274given in the pcre_table(5) and regexp_table(5) manual pages. 275 276[Feature 20020717] The default timeout for establishing an SMTP 277connection has been reduced to 30 seconds, because many system 278TCP/IP stacks have an atrociously large default timeout value. 279 280[Feature 20020505] Finer control over Berkeley DB memory usage, 281The parameter "berkeley_db_create_buffer_size" (default: 16 MBytes) 282specifies the buffer size for the postmap and postalias commands. 283The parameter "berkeley_db_read_buffer_size" (default: 128 kBytes) 284specifies the buffer size for all other applications. Specify 285"berkeley_db_read_buffer_size = 1048576" to get the old read buffer 286size. Contributed by Victor Duchovni. For more information, see 287the last paragraphs of the DB_README file. 288 289[Incompat 20021211] The default process limit is doubled from 50 290to 100. The default limits on the number of active queue files or 291recipients are doubled from 10000 to 20000. The default concurrency 292for parallel delivery to the same destination is doubled from 10 293to 20. 294 295Improved compatibility 296====================== 297 298[Feature 20020527] The Postfix SMTP client will now convert 8BITMIME 299mail to 7BIT when delivering to an SMTP server that does not announce 3008BITMIME support. To disable, specify "disable_mime_output_conversion 301= yes". However, this conversion is required by RFC standards. 302 303[Feature 20020512] The Postfix SMTP and LMTP clients now properly 304pass on the MIME body type information (7BIT or 8BITMIME), provided 305that the sender properly specifies MIME body type information via 306the SMTP MAIL FROM command, via the sendmail -B command line option, 307or via MIME message headers. This includes mail that is returned 308as undeliverable. 309 310[Incompat 20020326] The Postfix SMTP client now breaks message 311header or body lines that are longer than $smtp_line_length_limit 312characters (default: 990). Earlier Postfix versions broke lines 313at $line_length_limit characters (default: 2048). Postfix versions 314before 20010611 did not break long lines at all. Reportedly, some 315mail servers refuse to receive mail with lines that exceed the 1000 316character limit that is specified by the SMTP standard. 317 318[Incompat 20020326] The Postfix SMTP client now breaks long message 319header or body lines by inserting <CR> <LF> <SPACE>. Earlier 320Postfix versions broke long lines by inserting <CR> <LF> only. This 321broke MIME encapsulation, causing MIME attachments to "disappear" 322with Postfix versions after 20010611. 323 324[Incompat 20020326] Postfix now discards text when a logical message 325header exceeds $header_size_limit characters (default: 102400). 326Earlier Postfix versions would place excess text, and all following 327text, in the message body. The same thing was done when a physical 328header line exceeded $line_length_limit characters (default: 2048). 329Both behaviors broke MIME encapsulation, causing MIME attachments 330to "disappear" with all previous Postfix versions. 331 332[Incompat 20021015] The Postfix LMTP client no longer lowercases email 333addresses in MAIL FROM and RCPT TO commands. 334 335[Incompat 20021013] The default Linux kernel lock style for mailbox 336delivery is changed from flock() to fcntl(). This has no impact if 337your system uses procmail for local delivery, if you use maildir-style 338mailboxes, or when mailbox access software locks mailboxes with 339username.lock files (which is usually the case with non-maildir 340mailboxes). 341 342Address classes 343=============== 344 345[Feature 20021209] This release introduces the concept of address 346domain classes, each having its own default mail delivery transport: 347 348 Destination matches Default transport Default name 349 ============================================================== 350 $mydestination or 351 $inet_interfaces $local_transport local 352 $virtual_alias_domains (not applicable) (not applicable) 353 $virtual_mailbox_domains $virtual_transport virtual 354 $relay_domains $relay_transport relay 355 other $default_transport smtp 356 357The benefits of these changes are: 358 359- You no longer need to specify all the virtual(8) domains in the 360 Postfix transport map. The virtual(8) delivery agent has 361 become a first-class citizen just like local(8) or smtp(8). 362 363- On mail gateway systems, separation of inbound mail relay traffic 364 from outbound traffic. This eliminates a problem where inbound 365 mail deliveries could become resource starved in the presence of 366 a high volume of outbound mail. 367 368- The SMTP server rejects unknown recipients in a more consistent 369 manner than was possible with previous Postfix versions. 370 371See the ADDRESS_CLASS_README file for a description of address 372classes, their benefits, and their incompatibilities. 373 374New relay transport in master.cf 375================================ 376 377[Incompat 20021209] Postfix no longer defaults to the "smtp" 378transport for all non-local destinations. In particular, Postfix 379now uses the "relay" mail delivery transport for delivery to domains 380matching $relay_domains. This may affect your defer_transports 381settings. 382 383On mail gateway systems, this allows us to separate inbound mail 384relay traffic from outbound traffic, and thereby eliminate a problem 385where inbound mail deliveries could become resource starved in the 386presence of a high volume of outbound mail. 387 388[Incompat 20021209] This release adds a new "relay" service to the 389Postfix master.cf file. This is a clone of the "smtp" service. If 390your Postfix is unable to connect to the "relay" service then you 391have not properly followed the installation procedure. 392 393Revision of RBL blacklisting code 394================================= 395 396[Feature 20020923] Complete rewrite of the RBL blacklisting code. 397The names of RBL restrictions are now based on a suggestion that 398was made by Liviu Daia in October 2001. See conf/sample-smtpd.cf 399or html/uce.html for details. 400 401[Feature 20020923] "reject_rbl_client rbl.domain.tld" for client 402IP address blacklisting. Based on code by LaMont Jones. The old 403"reject_maps_rbl" is now implemented as a wrapper around the 404reject_rbl_client code, and logs a warning that "reject_maps_rbl" 405is going away. To upgrade, specify "reject_rbl_client domainname" 406once for each domain name that is listed in maps_rbl_domains. 407 408[Feature 20020923] "reject_rhsbl_sender rbl.domain.tld" for sender 409domain blacklisting. Also: reject_rhsbl_client and reject_rhsbl_recipient 410for client and recipient domain blacklisting. 411 412[Feature 20020923] "rbl_reply_maps" configuration parameter for 413lookup tables with template responses per RBL server. Based on code 414by LaMont Jones. If no reply template is found the default template 415is used as specified with the default_rbl_reply configuration 416parameter. The template responses support $name expansion of 417client, helo, sender, recipient and RBL related attributes. 418 419[Incompat 20020923] The default RBL "reject" server reply now 420includes an indication of *what* is being rejected: Client host, 421Helo command, Sender address, or Recipient address. This also 422changes the logfile format. 423 424[Feature 20020923] "smtpd_expansion_filter" configuration parameter 425to control what characters are allowed in the expansion of template 426RBL reply $name macros. Characters outside the allowed set are 427replaced by "_". 428 429More sophisticated handling of UCE-related DNS lookup errors 430============================================================ 431 432[Feature 20020906] More sophisticated handling of UCE-related DNS 433lookup errors. These cause Postfix to not give up so easily, so 434that some deliveries will not have to be deferred after all. 435 436[Feature 20020906] The SMTP server sets a defer_if_permit flag when 437an UCE reject restriction fails due to a temporary (DNS) problem, 438to prevent unwanted mail from slipping through. The defer_if_permit 439flag is tested at the end of the ETRN and recipient restrictions. 440 441[Feature 20020906] A similar flag, defer_if_reject, is maintained 442to prevent mail from being rejected because a whitelist operation 443(such as permit_mx_backup) fails due to a temporary (DNS) problem. 444 445[Feature 20020906] The permit_mx_backup restriction is made more 446strict. With older versions, some DNS failures would cause mail to 447be accepted anyway, and some DNS failures would cause mail to be 448rejected by later restrictions in the same restriction list. The 449improved version will defer delivery when Postfix could make the 450wrong decision. 451 452- After DNS lookup failure, permit_mx_backup will now accept the 453request if a subsequent restriction would cause the request to be 454accepted anyway, and will defer the request if a subsequent 455restriction would cause the request to be rejected. 456 457- After DNS lookup failure, reject_unknown_hostname (the hostname 458given in HELO/EHLO commands) reject_unknown_sender_domain and 459reject_unknown_recipient_domain will now reject the request if a 460subsequent restriction would cause the request to be rejected 461anyway, and will defer the request if a subsequent restriction 462would cause the request to be accepted. 463 464[Feature 20020906] Specify "smtpd_data_restrictions = 465reject_unauth_pipelining" to block mail from SMTP clients that send 466message content before Postfix has replied to the SMTP DATA command. 467 468Other UCE related changes 469========================= 470 471[Feature 20020717] The SMTP server reject_unknown_{sender,recipient}_domain 472etc. restrictions now also attempt to look up AAAA (IPV6 address) 473records. 474 475[Incompat 20020513] In order to allow user@domain@domain addresses 476from untrusted systems, specify "allow_untrusted_routing = yes" in 477main.cf. This opens opportunities for mail relay attacks when 478Postfix provides backup MX service for Sendmail systems. 479 480[Incompat 20020514] For safety reasons, the permit_mx_backup 481restriction no longer accepts mail for user@domain@domain. To 482recover the old behavior, specify "allow_untrusted_routing = yes" 483and live with the risk of becoming a relay victim. 484 485[Incompat 20020509] The Postfix SMTP server no longer honors OK 486access rules for user@domain@postfix-style.virtual.domain, to close 487a relaying loophole with postfix-style virtual domains that have 488@domain.name catch-all patterns. 489 490[Incompat 20020201] In Postfix SMTPD access tables, Postfix now 491uses <> as the default lookup key for the null address, in order 492to work around bugs in some Berkeley DB implementations. This 493behavior is controlled with the smtpd_null_access_lookup_key 494configuration parameter. 495 496Changes in transport table lookups 497================================== 498 499[Feature 20020610] user@domain address lookups in the transport 500map. This feature also understands address extensions. Transport 501maps still support lookup keys in the form of domain names, but 502only with non-regexp tables. Specify mailer-daemon@my.host.name 503in order to match the null address. More in the transport(5) manual 504page. 505 506[Feature 20020505] Friendlier behavior of Postfix transport tables. 507There is a new "*" wildcard pattern that always matches. The 508meaning of null delivery transport AND nexhop information field 509has changed to "do not modify": use the information that would be 510used if the transport table did not exist. This change makes it 511easier to route intranet mail (everything under my.domain) directly: 512you no longer need to specify explicit "local" transport table 513entries for every domain name that resolves to the local machine. 514For more information, including examples, see the updated transport(5) 515manual page. 516 517[Incompat 20020610] Regexp/PCRE-based transport maps now see the 518entire recipient address instead of only the destination domain 519name. 520 521[Incompat 20020505, 20021215] The meaning of null delivery transport 522and nexhop fields has changed incompatibly. 523 524- A null delivery transport AND nexthop information field means 525"do not modify": use the delivery transport or nexthop information 526that would be used if no transport table did not exist. 527 528- The delivery transport is not changed with a null delivery 529transport field and non-null nexthop field. 530 531- The nexthop is reset to the recipient domain with a non-null 532transport field and a null nexthop information field. 533 534Address manipulation changes 535============================ 536 537[Incompat 20020717] Postfix no longer strips multiple '.' characters 538from the end of an email address or domain name. Only one '.' is 539tolerated. 540 541[Feature 20020717] The masquerade_domains feature now supports 542exceptions. Prepend a ! character to a domain name in order to 543not strip its subdomain structure. More information in 544conf/sample-rewrite.cf. 545 546[Feature 20020717] The Postfix virtual delivery agent supports 547catch-all entries (@domain.tld) in lookup tables. These match users 548that do not have a specific user@domain.tld entry. The virtual 549delivery agent now ignores address extensions (user+foo@domain.tld) 550when searching its lookup tables, but displays the extensions in 551Delivered-To: message headers. 552 553[Feature 20020610] user@domain address lookups in the transport 554map. This feature also understands address extensions. Transport 555maps still support lookup keys in the form of domain names, but 556only with non-regexp tables. Specify mailer-daemon@my.host.name 557in order to match the null address. More in the transport(5) manual 558page. 559 560[Incompat 20020610] Regexp/PCRE-based transport maps now see the 561entire recipient address instead of only the destination domain 562name. 563 564[Incompat 20020513] In order to allow user@domain@domain addresses 565from untrusted systems, specify "allow_untrusted_routing = yes" in 566main.cf. This opens opportunities for mail relay attacks when 567Postfix provides backup MX service for Sendmail systems. 568 569[Incompat 20020509] The Postfix SMTP server no longer honors OK 570access rules for user@domain@postfix-style.virtual.domain, to close 571a relaying loophole with postfix-style virtual domains that have 572@domain.name catch-all patterns. 573 574[Incompat 20020509] The appearance of user@domain1@domain2 addresses 575has changed. In mail headers, such addresses are now properly 576quoted as "user@domain1"@domain2. As a side effect, this quoted 577form is now also expected on the left-hand side of virtual and 578canonical lookup tables, but only by some of the Postfix components. 579For now, it is better not to use user@domain1@domain2 address forms 580on the left-hand side of lookup tables. 581 582Regular expression and PCRE related changes 583=========================================== 584 585[Feature 20021209] Regular expression maps are now allowed with 586local delivery agent alias tables and with all virtual delivery 587agent lookup tables. However, regular expression substitution of 588$1 etc. is still forbidden for security reasons. 589 590[Obsolete 20020917] In regexp lookup tables, the form /pattern1/!/pattern2/ 591is going away. Use the cleaner and more flexible "if !/pattern2/..endif" 592form. The old form still exists but is no longer documented, and 593causes a warning (suggesting to use the new format) to be logged. 594 595[Incompat 20020610] Regexp/PCRE-based transport maps now see the 596entire recipient address instead of only the destination domain 597name. 598 599[Incompat 20020528] With PCRE pattern matching, the `.' metacharacter 600now matches all characters including newline characters. This makes 601PCRE pattern matching more convenient to use with multi-line message 602headers, and also makes PCRE more compatible with regexp pattern 603matching. The pcre_table(5) manual page has been greatly revised. 604 605New mail "HOLD" action and "hold" queue 606======================================= 607 608[Feature 20020819] New "hold" queue for mail that should not be 609delivered. "postsuper -h" puts mail on hold, and "postsuper -H" 610releases mail, moving mail that was "on hold" to the deferred queue. 611 612[Feature 20020821] HOLD and DISCARD actions in SMTPD access tables. 613As with the header/body version of the same, these actions apply 614to all recipients of the same queue file. 615 616[Feature 20020819] New header/body HOLD action that causes mail to 617be placed on the "hold" queue. Presently, all you can do with mail 618"on hold" is to examine it with postcat, to take it "off hold" with 619"postsuper -H", or to destroy it with "postsuper -d". See 620conf/sample-filter.cf. 621 622[Incompat 20020819] In mailq output, the queue ID is followed by 623the ! character when the message is in the "hold" queue (see below). 624This may break programs that process mailq output. 625 626Content filtering 627================= 628 629[Feature 20020823] Selective content filtering. In in SMTPD access 630tables, specify "FILTER transport:nexthop" for mail that needs 631filtering. More info about content filtering is in the Postfix 632FILTER_README file. This feature overrides the main.cf content_filter 633setting. Presently, this applies to all the recipients of a queue 634file. 635 636[Feature 20020527] Selective content filtering. In header/body_check 637patterns, specify "FILTER transport:nexthop" for mail that needs 638filtering. This requires different cleanup servers before and after 639the filter, with header/body checks turned off in the second cleanup 640server. More info about content filtering is in the Postfix 641FILTER_README file. This feature overrides the main.cf content_filter 642setting. Presently, this applies to all the recipients of a queue 643file. 644 645[Feature 20020527] Postfix now has real MIME support. This improves 646content filtering efficiency and accuracy, and improves inter-operability 647with mail systems that cannot receive 8-bit mail. See conf/sample-mime.cf 648for details. 649 650[Feature 20020527] Postfix header_checks now properly recognize 651MIME headers in attachments. This is much more efficient than 652previous versions that recognized MIME headers via body_checks. 653MIME headers are now processed one multi-line header at a time, 654instead of one body line at a time. To get the old behavior, 655specify "disable_mime_input_processing = yes". More details in 656conf/sample-filter.cf. 657 658[Feature 20020527] Postfix now has three classes of header patterns: 659header_checks (for primary message headers except MIME headers), 660mime_header_checks (for MIME headers), and nested_header_checks 661(for headers of attached email messages except MIME headers). By 662default, all headers are matched with header_checks. 663 664[Feature 20021013] The body_checks_size_limit parameter limits the 665amount of text per message body segment (or attachment, if you 666prefer to use that term) that is subjected to body_checks inspection. 667The default limit is 50 kbytes. This speeds up the processing of 668mail with large attachments. 669 670[Feature 20020917] Speedups of regexp table lookups by optimizing 671for the $number substitutions that are actually present in the 672right-hand side. Based on a suggestion by Liviu Daia. 673 674[Feature 20020917] Speedups of regexp and pcre tables, using 675IF..ENDIF support. Based on an idea by Bert Driehuis. To protect 676a block of patterns, use: 677 678 if /pattern1/ 679 /pattern2/ result2 680 /pattern3/ result3 681 endif 682 683IF..ENDIF can nest. Don't specify blanks at the beginning of lines 684inside IF..ENDIF, because lines beginning with whitespace are 685appended to the previous line. More details about the syntax are 686given in the pcre_table(5) and regexp_table(5) manual pages. 687 688Postmap/postalias/newaliases changes 689==================================== 690 691[Incompat 20020505] The postalias command now copies the source 692file read permissions to the result file when creating a table for 693the first time. Until now, the result file was created with default 694read permissions. This change makes postalias more similar to 695postmap. 696 697[Incompat 20020505] The postalias and postmap commands now drop 698super-user privileges when processing a non-root source file. The 699file is now processed as the source file owner, and the owner must 700therefore have permission to update the result file. Specify the 701"-o" flag to get the old behavior (process non-root files with root 702privileges). 703 704[Incompat 20020122] When the postmap command creates a non-existent 705result file, the new file inherits the group/other read permissions 706of the source file. 707 708Assorted changes 709================ 710 711[Feature 20021028] The local(8) and virtual(8) delivery agents now record 712the original recipient address in the X-Original-To: message header. 713This header can also be emitted by the pipe(8) delivery agent. 714 715[Incompat 20021028] With "domain in one mailbox", one message with 716multiple recipients is no longer delivered only once. It is now 717delivered as one copy for each original recipient, with the original 718recipient address listed in the X-Original-To: message header. 719 720[Feature 20021024] New proxy_interfaces parameter, for sites behind a 721network address translation gateway or other type of proxy. You 722should specify all the proxy network addresses here, to avoid avoid 723mail delivery loops. 724 725[Feature 20021013] Updated MacOS X support by Gerben Wierda. See 726the auxiliary/MacOSX directory. 727 728[Incompat 20021013] Subtle change in ${name?result} macro expansions: 729the expansion no longer happens when $name is an empty string. This 730probably makes more sense than the old behavior. 731 732[Incompat 20020917] The relayhost setting now behaves as documented, 733i.e. you can no longer specify multiple destinations. 734 735[Incompatibility 20021219] The use of the XVERP extension in the 736SMTP MAIL FROM command is now restricted to SMTP clients that match 737the hostnames, domains or networks listed with the authorized_verp_clients 738parameter (default: $mynetworks). 739 740[Feature 20020819] When the Postfix local delivery agent detects 741a mail delivery loop (usually the result of mis-configured mail 742pickup software), the undeliverable mail is now sent to the mailing 743list owner instead of the envelope sender address (usually the 744original poster who has no guilt, and who cannot fix the problem). 745 746[Warning 20020819] The Postfix queue manager now warns when mail 747for some destination is piling up in the active queue, and suggests 748a variety of remedies to speed up delivery (increase per-destination 749concurrency limit, increase active queue size, use a separate 750delivery transport, increase per-transport process limit). The 751qmgr_clog_warn_time parameter controls the time between warnings. 752To disable these warnings, specify "qmgr_clog_warn_time = 0". 753 754[Warning 20020717] The Postfix SMTP client now logs a warning when 755the same domain is listed in main.cf:mydestination as well as a 756Postfix-style virtual map. Such a mis-configuration may cause mail 757for users to be rejected with "user unknown". 758 759[Feature 20020331] A new smtp_helo_name parameter that specifies 760the hostname to be used in HELO or EHLO commands; this can be more 761convenient than changing the myhostname parameter setting. 762 763[Feature 20020331] Choice between multiple instances of internal 764services: bounce, cleanup, defer, error, flush, pickup, queue, 765rewrite, showq. This allows you to use different cleanup server 766settings for different SMTP server instances. For example, specify 767in the master.cf file: 768 769 localhost:10025 ... smtpd -o cleanup_service_name=cleanup2 ... 770 cleanup2 ... cleanup -o header_checks= body_checks= ... 771 772Logfile format changes 773====================== 774 775[Incompat 20021209] The Postfix SMTP client no longer expands CNAMEs 776in MAIL FROM addresses (as permitted by RFC 2821) before logging 777the recipient address. 778 779[Incompat 20021028] The Postfix SMTP server UCE reject etc. logging 780now includes the queue ID, the mail protocol (SMTP or ESMTP), and 781the hostname that was received with the HELO or EHLO command, if 782available. 783 784[Incompat 20021028] The Postfix header/body_checks logging now 785includes the mail protocol (SMTP, ESMTP, QMQP) and the hostname 786that was received with the SMTP HELO or EHLO command, if available. 787 788[Incompat 20021028] The Postfix status=sent/bounced/deferred logging 789now shows the original recipient address (as received before any 790address rewriting or aliasing). The original recipient address is 791logged only when it differs from the final recipient address. 792 793[Incompat 20020923] The default RBL "reject" server reply now 794includes an indication of *what* is being rejected: Client host, 795Helo command, Sender address, or Recipient address. This also 796changes the logfile format. 797 798LDAP related changes 799==================== 800 801[Incompat 20020819] LDAP API version 1 is no longer supported. The 802memory allocation and deallocation strategy has changed too much 803to maintain both version 1 and 2 at the same time. 804 805[Feature 20020513] Updated LDAP client module with better handling 806of dead LDAP servers, and with configurable filtering of query 807results. 808 809SASL related changes 810==================== 811 812[Incompat 20020819] The smtpd_sasl_local_domain setting now defaults 813to the null string, rather than $myhostname. This seems to work 814better with Cyrus SASL version 2. This change may cause incompatibility 815with the saslpasswd2 command. 816 817[Feature 20020331] Support for the Cyrus SASL version 2 library, 818contributed by Jason Hoos. This adds some new functionality that 819was not available in Cyrus SASL version 1, and provides bit-rot 820insurance for the time when Cyrus SASL version 1 eventually stops 821working. 822 823Berkeley DB related changes 824=========================== 825 826[Feature 20020505] Finer control over Berkeley DB memory usage, 827The parameter "berkeley_db_create_buffer_size" (default: 16 MBytes) 828specifies the buffer size for the postmap and postalias commands. 829The parameter "berkeley_db_read_buffer_size" (default: 256 kBytes) 830specifies the buffer size for all other applications. Specify 831"berkeley_db_read_buffer_size = 1048576" to get the old read buffer 832size. For more information, see the last paragraphs of the DB_README 833file. 834 835[Incompat 20020201] In Postfix SMTPD access tables, Postfix now 836uses <> as the default lookup key for the null address, in order 837to work around bugs in some Berkeley DB implementations. This 838behavior is controlled with the smtpd_null_access_lookup_key 839configuration parameter. 840 841[Incompat 20020201] Postfix now detects if the run-time Berkeley 842DB library routines do not match the major version number of the 843compile-time include file that was used for compiling Postfix. The 844software issues a warning and aborts in case of a discrepancy. If 845it didn't, the software was certain to crash with a segmentation 846violation. 847 848Assorted workarounds 849==================== 850 851[Incompat 20020201] On SCO 3.2 UNIX, the input rate flow control 852is now turned off by default, because of limitations in the SCO 853UNIX kernel. 854