[postfix-es] Postfix Snapshot 20021209 (Postfix 1.2 Release Candidate)
Wietse Venema
wietse en porcupine.org
Mar Dic 10 01:24:29 CET 2002
Postfix snapshot 20021209 is release candidate for Postfix official
release 1.2. If this version seems to work OK on a sufficient number
of systems then this will be renamed to official version 1.2.
If all is done well, the changes will be backwards compatible with
existing configuration files, and safety nets are in place for the
cases where Postfix isn't. In the mean time I'll keep polishing
documentation.
Snapshot 20021209 incorporates many of changes that were discussed
in the past week. See RELEASE_NOTES and HISTORY summaries below.
As you will see, a lot of earth was moved in the past week.
The same new functionality can also be found in the trace-20021209
release, which also includes the alpha quality sender address
verification code (performs OK for low-traffic sites, but still
needs hardening for heavy-duty usage). Sender address verification
will not be included with Postfix official release 1.2, but will
evolve in Postfix 1.2 snapshots.
To highlight the major changes with the 20021209 releases:
- The Postfix SMTP server rejects mail for unknown local recipients
by default; and you can specify an optional table for all known
relay_domains destinations, so that the SMTP server can reject mail
for unknown relay recipients as well. There's a limited safety net
for sites without accessible UNIX passwd file inside a chroot jail.
- Easier configuration with address domain classes (local, virtual
alias, virtual mailbox, relay), each class having its own delivery
transport, its own table with known recipients, and each having
its own list of domains. Mail that does not match one of the above
classes is sent out via the default "smtp" transport. The "virtual
mailbox" address class eliminates the need for transport map entries
for individual virtual domains, and the "relay" class (which uses
a new "relay" transport) alleviates the most common performance
problem with relaying inbound mail.
- Regular expression support in alias maps and in virtual mailbox
maps. However, you cannot use $1 etc. substitutions in table lookup
results because that would open security loopholes.
Available from ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/
256376 Dec 9 11:17 postfix-1.1.12-20021209.HISTORY
82629 Dec 9 12:49 postfix-1.1.12-20021209.RELEASE_NOTES
1320972 Dec 9 13:54 postfix-1.1.12-20021209.tar.gz
152 Dec 9 13:54 postfix-1.1.12-20021209.tar.gz.sig
259173 Dec 9 16:03 postfix-1.1.12-trace-20021209.HISTORY
86004 Dec 9 15:50 postfix-1.1.12-trace-20021209.RELEASE_NOTES
1347415 Dec 9 16:58 postfix-1.1.12-trace-20021209.tar.gz
152 Dec 9 16:58 postfix-1.1.12-trace-20021209.tar.gz.sig
And from mirrors listed at http://www.postfix.org/
Wietse
Summary from RELEASE_NOTES file:
================================
Incompatible changes with Postfix snapshot 1.1.12-20021209
==========================================================
This release adds a new "relay" service to the Postfix master.cf
file. If your Postfix is unable to connect to the "relay" service
then you have not properly followed the installation procedure.
The Postfix SMTP server now rejects mail for local recipients that
it does not know about. For this to work correctly, you need to
review the section titled "REJECTING UNKNOWN LOCAL USERS" in
conf/main.cf if one of the following is true:
- You run the Postfix SMTP server chrooted (see master.cf).
- You redefined the local delivery agent in master.cf.
- You redefined the "local_transport" setting in main.cf.
- You use the mailbox_transport or fallback_transport feature
of the Postfix local delivery agent.
Specify "local_recipient_maps =" (i.e. empty) to make the SMTP
server accept mail for all known and unknown local recipients. You
will be considered a bad network citizen, though.
Postfix no longer defaults to the "smtp" transport for all non-local
destinations. This may affect your defer_transports settings. In
particular, Postfix now uses the "relay" mail delivery transport
for domains matching $relay_domains. The old "smtp" transport is
now the default mail delivery transport for non-local domains that
do not match relay_domains.
The "virtual_maps" configuration parameter is now called
"virtual_alias_maps", for consistency with "virtual_mailbox_maps".
Default settings are backwards compatible with Postfix 1.1.
Postfix-style virtual domains are now called simulated virtual
domains. Sendmail-style virtual domains are no longer documented.
This part of Postfix was too confusing.
The default queue directory hash_queue_depth setting is reduced to
1 level of subdirectories per Postfix queue. This improves "mailq"
performance on most systems, but can result in poorer worst-case
performance on systems with lots of mail in the queue.
The "reject_maps_rbl" restriction is going away. The SMTP server
logs a warning and suggests using the more flexible "reject_rbl_client"
instead.
The "check_relay_domains" restriction is going away. The SMTP server
logs a warning and suggests using "reject_unauth_destination"
instead.
The Postfix installation procedure no longer sets the "chattr +S"
bit on Linux queue directories. Wietse has gotten too annoyed with
naive reviewers who complain about performance without having a
clue of what they are comparing.
Major changes with Postfix snapshot 1.1.11-20021209
===================================================
This release introduces separation of lookup tables for addresses
and for domain names of virtual domains.
- virtual_maps is replaced by virtual_alias_maps (for address
lookups) and virtual_alias_domains (for the names of what were
formerly called "Postfix-style virtual domains").
For backwards compatibility with Postfix version 1.1, the new
virtual_alias_maps parameter defaults to $virtual_maps, and the
new virtual_alias_domains parameter defaults to $virtual_alias_maps.
- virtual_mailbox_maps now has a companion parameter called
virtual_mailbox_domains (for the names of domains served by the
virtual delivery agent). virtual_mailbox_maps is now used for
address lookups only.
For backwards compatibility with Postfix version 1.1,, the new
virtual_mailbox_domains parameter defaults to $virtual_mailbox_maps.
This release introduces the concept of address domain classes, each
having its own default mail delivery transport:
Destination matches Default transport Default name
--------------------------------------------------------------
$mydestination or
$inet_interfaces $local_transport local
$virtual_alias_domains (not applicable) (not applicable)
$virtual_mailbox_domains $virtual_transport virtual
$relay_domains $relay_transport relay
other $default_transport smtp
The benefits of these changes are that:
- You no longer need to specify all the virtual(8) domains in the
Postfix transport map.
- A lot of table lookups could be eliminated from the SMTP server's
mail relay control and unknown user blocking code.
This release introduces better handling of unknown recipients. Each
address domain class now has its own table with known recipients,
so that you can reject mail for unknown addresses consistently.
Destination matches Recipients defined by Remarks
--------------------------------------------------------------
$mydestination or
$inet_interfaces $local_recipient_maps optional
$virtual_alias_domains $virtual_alias_maps none
$virtual_mailbox_domains $virtual_mailbox_maps none
$relay_domains $relay_recipient_maps optional
other (not applicable) (not applicable)
Finally, regular expression maps are now allowed with local delivery
agent alias tables and with all virtual delivery agent lookup tables.
However, regular expression substitution of $1 etc. is still
forbidden for security reasons.
Summary from HISTORY file:
20021203
Bugfix: the FILTER access table action included the FILTER
command in the filter request, where only the transport+destination
were expected. Noel Jones. File smtpd/smtpd_check.c.
Cleanup: virtual_maps is now called virtual_alias_maps, in
order to better distinguish it from virtual_mailbox_maps.
The default value is $virtual_maps for backwards compatibility.
New parameters virtual_alias_domains and virtual_mailbox_domains
for the "domain.tld whatever" lookups. These use the same
syntax as the mydestination parameter. Default settings
are backwards compatible with Postfix 1.1.
Concept: just like $mydestination+$inet_interfaces control
what routes to $local_transport, $virtual_mailbox_domains
now controls what routes to $virtual_transport (default
transport: virtual), and $relay_domains now controls what
routes to $relay_transport (default transport: relay, a
clone of the smtp transport). Everything else routes to
$default_transport as before. This eliminates the need
for transport map entries for every virtual(8) domain, and
avoids performance problems with inbound relay mail. This
was improvement was suggested by Victor Duchovni. File:
trivial-rewrite/resolve.c.
20021206
Cleanup: do allow regexps in aliases, virtual mailbox maps
but do not allow regular expression substitutions. Files:
util/dict.h, util/dict_regexp.c, util/dict_pcre.c.
20021207
Cleanup: deleted the description of sendmail-style virtual
domains from the virtual(5) manual page. This part of
Postfix was too confusing.
Performance: RFC 2821 blesses the use of CNAME domain names
in MAIL FROM and RCPT TO. Not having to expand CNAME domain
names speeds things up a bit. File: smtp/smtp_proto.c.
Workaround: exclude error mailer destinations from transport
mapping lookups :-(. File: trivial-rewrite/resolve.c.
Cleanup: relocated_maps lookups are now moved to the
trivial-rewrite server. As of now, the queue manager no
longer does any map lookups, so it won't restart when maps
change. Files: *qmgr/qmgr_message.c, trivial-rewrite/resolve.c.
Robustness: because the trivial-rewrite server now does
many more table lookups, some of which are often LDAP or
SQL based, trivial-rewrite clients must be be prepared for
the case that the resolver reports a failure while processing
a request (when it was unable to access a lookup table).
Files: trivial-rewrite/resolve.c, local/resolve.c,
smtpd/smtpd_check.c.
Robustness: moving possible LDAP or SQL table lookups into
the trivial-rewrite server also required that trivial-rewrite
be running as multiple processes to reduce lookup latencies.
Files: master/multi-server.c.
Workaround: don't discard all the DNS lookup results when
only one of the results has a malformed name or address.
File: dns/dns_lookup.c.
200201208
Cleanup: with the preliminary address domain classification
concept as implemented by the trivial-rewrite address
resolver, a lot of table lookups could be eliminated from
the SMTP server. Files: smtpd/smtpd_check.c.
Feature: new relay_recipient_maps parameter, for optional
maps with all the recipients in the domains that match
$relay_domains (so you can reject mail for unknown relay
recipients). This is for consistency with virtual_xx_maps
and virtual_xx_domains, and with local_recipient_maps and
the local delivery agent. File: smtpd/smtpd_check.c.
20021209
The Postfix installation procedure no longer sets the
"chattr +S" bit on Linux queue directories. Wietse has
gotten too annoyed with naive reviewers who complain about
performance without having a clue of what they are comparing.
"Security": local_recipient_maps is now turned on by default,
to reject mail for non-existent users at the SMTP port.
See conf/main.cf for instructions, section REJECTING UNKNOWN
LOCAL USERS.
Safety: detection of missing or inaccessible passwd file
database, to prevent massive complaints from people who
suddenly lose all their mail because local_recipient_maps
is now turned on by default.
-
Para ENVIAR mensajes a esta lista tienes que estar SUSCRITA a ella.
.
Envía la linea "unsubscribe postfix-es" en el cuerpo de un mensaje
a majordomo en WL0.org para quitarte de la lista.
Más información sobre la lista de distribución Postfix-es