Postfix 2.2 stable, 20050216 and -newdb-nonprod snapshots

Postfix snapshots 20050216 and 20050216-newdb-nonprod (new LDAP
and SQL client code) are available. These include fixes for:

- Missing vstring call in the new MySQL client.

- Falsely labeled as "corrupt" queue files while doing "make upgrade"
on a running Postfix system. For some reason people expect
mainframe-like performance where one routinely makes updates
without ever taking a system down :-)

Download from:

ftp://ftp.porcupine.org/mirrors/post...ase/index.html

Soon on mirror sites listed at http://www.postfix.org/

Below the signature are the changes since snapshot 20050206.

The number of changes to the Postfix 2.2 production snapshot release
gets smaller and smaller, and it looks like the stable Postfix 2.2
release can happen in the week after the UKUUG conference which I
attend next week.

Wietse

RELEASE_NOTES:
==============

Major changes with snapshot Postfix-2.2-20050212
================================================

When header address rewriting is enabled, Postfix now updates a
message header only when at least one address in that header
is modified. Older Postfix versions first parse and then unparse
a header so that there may be subtle changes in formatting, such
as the amount of whitespace between tokens, or in capitalization
of header labels such as FROM:/CC: because they are not replaced
by From:/Cc:.

Major changes with snapshot Postfix-2.2-20050211
================================================

The "generics" table feature is renamed to "generic", for consistency
with other Postfix table names which are also singular.

Major changes with snapshot Postfix-2.2-20050209
================================================

The policy delegation protocol now supplies TLS client certificate
information after successful verification. The new attribute names
are ccert_subject, ccert_issuer and cccert_fingerprint.

Major changes with snapshot Postfix-2.2-20050208
================================================

New "check_ccert_maps maptype:mapname" feature to enforce access
control based on (hexadecimal) client certificate fingerprints.

HISTORY file:
=============

20050207

Documentation: added a generic(5) manual page for consistency
with the already existing table driven mechanisms, added
references to or examples of the new generic mapping.

Bugfix: the header_checks REPLACE action mis-handled
multi-line replacement text in message headers, for example:
/(.*)/ REPLACE X-$1. File: cleanup/cleanup_message.c.

Bugfix: the header_checks REPLACE action should not drop
the input when the action is NOT executed. File:
cleanup/cleanup_message.c.

Bugfix? Cleanup? Documentation? main.cf now implements
${name[?:]value} as promised in the postconf(5) manual.
Implemented by deleting the macro processor in dict_eval(),
and using the one in mac_expand() instead. File: util/dict.c.

20050208

Feature: check_ccert_access maptype:mapname for access(5)
control, based on code by Victor Duchovni. File:
smtpd/smtpd_check.c and documentation.

Safety: don't allow unlimited message size with limited
mailbox size. File: local/local.c, virtual/virtual.c.

Feature: new smtpd policy attributes ccert_subject,
ccert_issuer and ccert_fingerprint, with TLS client
certificate information, but only when verification was
successful. Files: src/smtpd/smtpd_check.c.

Cleanup: corrected the address verification data flow in
the ADDRESS_VERIFICATION_README illustration.

20050209

Cleanup: the smtp generic mapping did syntax check on the
input address instead of the result. These tests were not
going to be useful in any case, because mail_addr_map()
canonicalizes the lookup result, including @dom1->@dom2
mapping. File: smtp_map11.c.

Cleanup: made the generic mapping documentation consistent
with the implementation.

Cleanup: documented the myorigin/mydomain address rewriting
in canonical, generic and virtual alias maps.

20050210

Bugfix: spurious fallback_relay warnings after 20050202.
Victor Duchovni. File: smtp/smtp_connect.c.

Bugfix: (introduced while adopting Postfix/TLS patch) the
TLS cache scan stopped after expiring one entry. Victor
Duchovni. File: tls/tls_scache.c.

Safety: delete-behind when removing expired entries from
TLS session caches. With some maps the enumeration method
mis-behaves when the current entry is deleted. File:
tls/tls_scache.c.

20050211

Cleanup: the "generics" feature (output address rewriting)
is renamed to "generic", for consistency with "canonical"
and "virtual".

20050212

Cleanup: remove old trace(8) logfile before attempting
delivery (and after locking the message file exclusively).
Files: *qmgr/qmgr_message.c.

Cleanup: don't parse-then-regenerate message headers when
no address is changed by address rewriting operations. This
behavior was copied from the SMTP client's generic mapping
code. Files: cleanup/cleanup_rewrite.c, cleanup/cleanup_map11.c,
cleanup/cleanup_masquerade.c, cleanup/cleanup_message.c..

20050215

Bugfix: don't chmod queue files while running "postfix
set-permissions". This avoids mail inadvertantly being
labeled as "corrupt" when a live Postfix system is upgraded.
Found by Victor Duchovni. File: conf/post-install.

20050216

Feature: in smtpd?_discard_ehlo_keyword(s|_address_maps)
specify the pseudo keyword "silent-discard" in order to
avoid logging that some EHLO keyword is being suppressed.
File: global/ehlo_mask.[hc].