OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Postfix 2.4 patchlevel 04 available

From: Wietse Venema (wietseporcupine.org)
Date: Tue Jul 31 2007 - 16:17:47 CDT

Wietse Venema:
> Postfix stable release 2.4.4 fixes multiple problems with Milter
> support, and provides workarounds for SASL inter-operability and
> loopback TCP performance problems.

Apparently, I bit-flipped something so that the TCP_NOPDELAY loopback
performance workaround is ineffective for Postfix 2.4.4. Can someone
check this (a look at util/vstream_tweak.c will suffice).

That's what I get for late code cleanups. Grr.

        Wietse

> Postfix snapshot 20070731 and earlier snapshots address the same
> problems. Postfix 2.3.12 will be released soon, with a back-ported
> version of the more important fixes.
>
> This is a summary of changes; for details please see HISTORY or
> RELEASE_NOTES below.
>
> MILTER bugfix:
> When a milter replied with ACCEPT at or before the first RCPT
> command, the cleanup server would apply the non_smtpd_milters
> setting as if the message was a local submission. Problem
> reported by Jukka Salmi.
>
> MILTER bugfix:
> Problem with header updates after body updates. Reported by
> Jose-Marcio Martins da Cruz.
>
> MILTER robustness:
> Assorted cleanups to harden error handling in the Postfix Milter
> client.
>
> SASL workaround for Postfix SMTP client:
> Some non-Cyrus SASL SMTP servers require SASL login without
> authzid (authoriZation ID), i.e. the client must send only the
> authcid (authentiCation ID) + the authcid's password. This is
> now the default Postfix SMTP client behavior.
>
> Loopback TCP performance workaround:
> Some systems exhibited poor SMTP and Milter performance with
> loopback (127.0.0.1) connections. Problem reported by Mark
> Martinec.
>
> Available from ftp://ftp.porcupine.org/mirrors/postfix-release/official:
>
> 26242 Jul 31 13:15 postfix-2.4-patch04.gz
> 472117 Jul 31 10:20 postfix-2.4.4.HISTORY
> 9175 Jul 20 11:27 postfix-2.4.4.RELEASE_NOTES
> 2934579 Jul 31 14:00 postfix-2.4.4.tar.gz
> 280 Jul 31 14:00 postfix-2.4.4.tar.gz.sig
>
> Soon available from the mirrors listed at http://www.postfix.org/
>
> Wietse
>
> RELEASE_NOTES file entries:
> ===========================
>
> By default, the Postfix Cyrus SASL client no longer sends a
> SASL authoriZation ID (authzid); it sends only the SASL
> authentiCation ID (authcid) plus the authcid's password. Specify
> "send_cyrus_sasl_authzid = yes" to get the old behavior, which
> is to send the (authzid, authcid, password), with the authzid
> equal to the authcid. This workaround for non-Cyrus SASL servers
> is back-ported from Postfix 2.5.
>
> HISTORY file entries:
> =====================
> 20070613
>
> Bugfix: the Milter client assumed that a Milter application
> does not modify the message header or envelope, after that same
> Milter application has modified the message body of that same
> email message. This is not a problem with updates by different
> Milter applications. Problem was triggered by Jose-Marcio
> Martins da Cruz. Also simplified the handling of queue file
> update errors. File: milter/milter8.c.
>
> 20070614
>
> Workaround: some non-Cyrus SASL SMTP servers require SASL login
> without authzid (authoriZation ID), i.e. the client must send
> only the authcid (authentiCation ID) + the authcid's password.
> In this case the server is supposed to derive the authzid from
> the authcid. This works as expected when authenticating to a
> Cyrus SASL SMTP server. To get the old behavior specify
> "send_cyrus_sasl_authzid = yes", in which case Postfix sends
> the (authzid, authcid, password), with the authzid equal to
> the authcid. File: xsasl/xsasl_cyrus_client.c.
>
> 20070619
>
> Portability: /dev/poll support for Solaris chroot jail setup
> scripts. Files: examples/chroot-setup/Solaris8,
> examples/chroot-setup/Solaris10.
>
> 20070719
>
> Cleanup: Milter client error handling, so that the (Postfix
> SMTP server's Milter client) does not get out of sync with
> Milter applications after the (cleanup server's Milter client)
> encounters some non-recoverable problem. Files: milter/milter8.c,
> smtpd/smtpd.c.
>
> 20070729
>
> Performance: workaround for poor TCP performance on loopback
> (127.0.0.1) connections. Problem reported by Mark Martinec.
> Files: util/vstream_tweak.c, milter/milter8.c, smtp/smtp_connect.c,
> smtpstone/*source.c.
>
> 20070730
>
> Bugfix: when a milter replied with ACCEPT at or before the
> first RCPT command, the cleanup server would apply the
> non_smtpd_milters setting as if the message was a local
> submission. Problem reported by Jukka Salmi. Also, the cleanup
> server would get out of sync with the milter when a milter
> replied with ACCEPT at the DATA command. Files:
> cleanup/cleanup_envelope.c, smtpd/smtpd.c, milter/milters.c.
>
>