Postfix 2.10. versus 2.11
Robert Schetterer
rs at sys4.de
Do Okt 2 18:57:47 CEST 2014
Am 02.10.2014 um 17:50 schrieb django at nausch.org:
> HI Joda! :P
>
> Ich hab mich einigermaßen von der hardcore-sys4-Woche erholt und bin
> gerade dabei meine Doku für Postfix 2.11 unter CentOS 7 zu überarbeiten.
>
> Wenn ich mich richtig erinnere, dann ist der Hauptvorteil von Postfix
> 2.11 zu Postfix 2.10 doch:
>
> ° PKI-less TLS server certificate verification based on DANE
>
> Aber war da nicht auch noch was in Punkto postscreen, oder verwechsle
> ich da grad was?
>
> Danke schon mal für's Feedback.
du suchst das hier
http://www.postfix.org/announcements/postfix-2.11.0.html
Support for PKI-less TLS server certificate verification with DANE
(DNS-based Authentication of Named Entities) where the CA public key or
the server certificate is identified via DNSSEC lookup. This requires a
DNS resolver that validates DNSSEC replies. The problem with
conventional PKI is that there are literally hundreds of organizations
world-wide that can provide a certificate in anyone's name. DANE limits
trust to the people who control the target DNS zone and its parent zones.
Support for LMDB databases. Originally developed as part of OpenLDAP,
LMDB is the first persistent Postfix database that can be shared among
multiple writers such as postscreen daemons (Postfix already supported
shared non-persistent memcached caches). Postfix currently requires LMDB
version 0.9.11 or later. See LMDB_README for details and limitations.
A new postscreen_dnsbl_whitelist_threshold feature to allow clients to
skip postscreen tests based on their DNSBL score. This can eliminate
email delays due to "after 220 greeting" protocol tests, which otherwise
require that a client reconnects before it can deliver mail. Some
providers such as Google don't retry from the same IP address, and that
can result in large email delivery delays.
The recipient_delimiter feature now supports different delimiters, for
example both "+" and "-". As before, this implementation recognizes
exactly one delimiter character per email address, and exactly one
address extension per email address.
....
>
>
> Ergebendst Dein Padawan Django ;)--
> "Bonnie & Clyde der Postmaster-Szene!" approved by Postfix-God
> http://wetterstation-pliening.info
> http://dokuwiki.nausch.org
> http://wiki.piratenpartei.de/Benutzer:Django
>
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Mehr Informationen über die Mailingliste postfix-users