This patch provides an emergency band-aid for the next wave of
MicroSoft email worms, fixes one bug, and makes external content
filtering a bit more robust.
- Feature: specify "body_checks = regexp:/etc/postfix/body_checks"
for an emergency content filter that looks at non-header lines
one line at a time (including MIME headers inside the message
body). This feature uses the same syntax as the header_checks
patterns. Details in conf/sample-filter.cf.
This feature is also available in Postfix snapshot 20000528.
- Bugfix: the masquerade_exceptions feature was case sensitive.
- Robustness: upon receipt of mail, Postfix maps MAILER-DAEMON@myorigin
sender address back into the magic null string, which prevents
mail from looping after processing by an external content filter.
- RFC 822 requires the presence of at least one destination
message header. Postfix now generates a generic "To:
undisclosed-recipients:;" message header when no destination
header is present. The header content is specified with the
new undisclosed_recipients_header parameter.
- Postfix now understands <(comment)> as SMTP MAIL FROM address,
because some broken software needs it. Postfix rejects such
illegal address forms with "strict_rfc821_envelopes = yes".
- Configuration parameters for one mysql dictionary would become
default settings for the next one. This patch was merged into
the development Postfix version a while back but apparently
that version was on a dead branch. Update by Scott Cotton.
- Some Postfix delivery agents would abort on addresses of the
form `stuff@.' which could unfortunately be generated locally.
- With local delivery, Postfix could insert > or . into the middle
of very long lines.
- SMTP sessions could time out when the remote client attempted
to deliver to a large number of rejected recipients. The SMTP
server now flushes unwritten output in-between tarpit delays,
to avoid protocol timeouts in pipelined SMTP sessions.
- Postfix would incorrectly reject domain names with adjacent `-'
characters.
-- Info from Wietse --
Patch 04 fixes one old problem that never happened, and fixes two
new problems introduced with patch 03, one of which urgent. The
problems were found as I was reorganizing the cleanup daemon code.
The too long header fix in patch 03 loses mail when a header is
found too long, and when that mail is't posted with "sendmail -t".
Actually the mail is not lost. The queue file stays in the incoming
queue, as a file with mode -rw-------.
In order to have such mail delivered, chdir into the directory
/var/spool/postfix/incoming, and look for mode -rw------- queue
files that are older than a few minutes (ls -lt|more) and chmod +x
those old mode -rw------- queue files.
DO NOT CHMOD +X ALL INCOMING QUEUE FILES because that causes Postfix
to discard messages that are still being received.
Postfix version 19991231 patchlevel 03 fixes low-priority defects
and provides workarounds for unusual conditions.
- Workaround to prevent one site with a huge backlog from blocking
all other deliveries. This is controlled by a new configuration
parameter qmgr_site_hog_factor (default: 90 percent) that limits
how much in-memory queue manager resources a site can claim.
- Workarounds for the most likely problems that will happen when
running the Postfix queue on top of NFS.
- The SMTP server did not look in the relocated table and would
report "User unknown" rather than letting the mail bounce the
way it is supposed to be.
- When requested to extract recipients from message headers, Postfix
now insists that no message header exceeds the header size limit.
This prevents Postfix from inadvertently disclosing Bcc: addresses.
This patch resolves several really old defects that were resolved
or discovered in the last couple weeks.
- Address rewriting would panic on a lone \ at the end of a line
where an address was expected. Reported by Jason Hoos.
- The local delivery agent would deliver to the user instead of
the .forward file when the .forward file was already visited
via some non-recursive path. Patch by Patrik Rak.
- Postfix now attempts to deliver all addresses in the expansion
of an alias or .forward file, even when some addresses must be
deferred. Problem reported by Andrew McNamara and others.
Porters: please make sure you use bsd.port.mk 1.75 or later when
updating ports. That version of the makefile adds all sums. Previous
versions of the makefile will still work for people installing ports.