headers
Wietse Venema | 6 Feb 16:45

Postfix legacy release 2.7.8, 2.6.14 and 2.5.17

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-2.7.8.html]

Postfix legacy releases 2.7.8, 2.6.14 and 2.5.17 are available.
This is the final update for Postfix 2.5, released in 2008. From
now on, the supported stable and legacy releases are Postfix 2.6
.. 2.9. New features appear in the Postfix 2.10 development release.

    * (Postfix 2.5, 2.6) While the Postfix SMTP client's protocol
      parser uses the last SMTP reply line as intended, the error
      processing routine was taking information from the beginning
      of the response. This was causing "Protocol error" bounces
      with postscreen multi-line responses and Postfix <= 2.6 clients.

    * (Postfix 2.5, 2.6, 2.7) The fix for local delivery agent
      database lookup errors was incomplete. The fix correctly added
      new code to detect database lookup errors with
      mailbox_transport_maps, mailbox_command_maps or
      fallback_transport_maps, but it failed to log the problem,
      and to produce a defer logfile record which is needed for
      "delayed mail" and "mail too old" delivery status notifications.

    * (Postfix 2.5, 2.6, 2.7) The trace(8) service, used for DSN
      SUCCESS notifications, did not distinguish between notifications
      for a non-bounce or a bounce message, causing it to "reply"
      to mail with the null sender address. Problem reported by
      Sabahattin Gucukoglu.

    * (Postfix 2.5, 2.6, 2.7) The "change header" milter request
      could replace the wrong header. A long header name could match
(Continue reading)

Permalink | Reply | 0 comments |
headers
Wietse Venema | 1 Feb 14:58

Postfix stable release 2.9.0

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-2.9.0.html]

Postfix stable release 2.9.0 is available. The main changes in no
particular order are:

    * Support for long, non-repeating, queue IDs (queue file names).
      The main benefit of non-repeating names is simpler logfile
      analysis. See the description of "enable_long_queue_ids" in
      postconf(5) for details.

    * Memcache client support, and support to share postscreen(8)
      and verify(8) caches via the proxymap server. Details are in
      memcache_table(5) and MEMCACHE_README.

    * Gradual degradation: if a database is unavailable (can't open,
      most read or write errors) a Postfix daemon will log a warning
      and continue providing the services that don't depend on that
      table, instead of immediately terminating with a fatal error.
      To terminate immediately when a database file can't be opened,
      specify "daemon_table_open_error_is_fatal = yes".

    * Revised postconf(1) command. It warns about unused parameter
      name=value settings in main.cf or master.cf (likely mistakes),
      understands "dynamic" parameter names such as names that
      depend on the name of a master.cf entry (finally, "postconf
      -n" shows all parameter settings), and it can display main.cf
      and master.cf in a more user-friendly format (postconf -nf,
      postconf -Mf).
(Continue reading)

Permalink | Reply | 0 comments |
headers
Wietse Venema | 1 Feb 14:57

Postfix legacy release 2.8.8

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-2.8.8.html]

Postfix legacy release 2.8.8 is available. This contains fixes that
are already part of Postfix 2.9 and 2.10.

    * The Postfix sqlite client, introduced with Postfix 2.8, had
      an embarassing bug in its quoting routine. As the result of
      a last-minute code cleanup before release, this routine
      returned the unquoted text instead of the quoted text. The
      opportunities for mis-use are limited: Postfix sqlite database
      files are usually owned by root, and Postfix daemons usually
      run with non-root privileges so they can't corrupt the database.
      This problem was reported by Rob McGee (rob0).

    * The Postfix 2.8.4 fix for local delivery agent database lookup
      errors was incomplete. The fix correctly added new code to
      detect database lookup errors with mailbox_transport_maps,
      mailbox_command_maps or fallback_transport_maps, but it failed
      to log the problem, and to produce a defer logfile record
      which is needed for "delayed mail" and "mail too old" delivery
      status notifications.

    * The trace(8) service, used for DSN SUCCESS notifications, did
      not distinguish between notifications for a non-bounce or a
      bounce message, causing it to "reply" to mail with the null
      sender address. Problem reported by Sabahattin Gucukoglu.

    * Support for Dovecot auth over TCP sockets, using code that
      already existed for testing purposes. Patrick Koetter kindly
(Continue reading)

Permalink | Reply | 0 comments |
headers
Wietse Venema | 7 Nov 15:55

Postfix stable release 2.8.7

 [An on-line version of this announcement will be available at
 http://www.postfix.org/announcements/postfix-2.8.7.html]

Postfix stable release 2.8.7 is available. This contains a workaround
for a problem that is fixed in Postfix 2.9.

    * The postscreen daemon, which is not enabled by default, sent
      non-compliant SMTP responses (220- followed by 421) when it
      could not give a connection to a real smtpd process. These
      responses caused some remote SMTP clients to return mail as
      undeliverable.

      The workaround is to hang up after sending 220- without sending
      the 421 "sorry" reply; this is harmless.

      The complete fix involves too much change for a stable release:
      send the 220 greeting, wait for the EHLO command, then send
      the 421 "sorry" reply and hang up.

You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.

	Wietse
Permalink | Reply | 0 comments |
headers
Wietse Venema | 24 Oct 14:10

Postfix stable release 2.8.6, 2.7.7, 2.6.13, 2.5.16

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-2.8.6.html]

Postfix stable release 2.8.6, 2.7.7, 2.6.13 and 2.5.16 are available.
These contain fixes that are also included with the Postfix 2.9
experimental release.

    * The Postfix SMTP daemon sent "bare" newline characters instead
      of <CR><LF> when a header_checks REJECT pattern matched
      multi-line header. This bug was introduced with Postfix 1.1.

    * The Postfix SMTP daemon sent "bare" newline characters instead
      of <CR><LF> when an smtpd_proxy_filter returned a multi-line
      response. This bug was introduced with Postfix 2.1.

    * For compatibility with future EAI (email address
      internationalization) implementations, the Postfix MIME
      processor no longer enforces the strict_mime_encoding_domain
      check on unknown message subtypes such as message/global*.
      This check is disabled by default.

    * The Postfix master daemon could report a panic error
      ("master_spawn: at process limit") after the process limit
      for some service was reduced with "postfix reload". This bug
      existed in all Postfix versions.

You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.

	Wietse
(Continue reading)

Permalink | Reply | 0 comments |
headers
Wietse Venema | 3 Sep 16:30

Postfix stable release 2.8.5, 2.7.6, 2.6.12, 2.5.15

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-2.8.5.html]

Postfix stable release 2.8.5, 2.7.6, 2.6.12, and 2.5.15 are available.
These contain fixes and workarounds for the Postfix Milter client
that were already included with the Postfix 2.9 experimental release.

    * The Postfix Milter client logged a "milter miltername: malformed
      reply" error when a Milter sent an SMTP response without
      enhanced status code (i.e. "XXX Text" instead of "XXX X.X.X
      Text").

    * The Postfix Milter client sent a random {client_connections}
      macro value when the remote SMTP client was not subject to
      any smtpd_client_* limit. As a workaround, it now sends a
      zero value instead.

You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.

	Wietse
Permalink | Reply | 0 comments |
headers
Wietse Venema | 11 Jul 14:22

Postfix legacy releases 2.7.5, 2.6.11 and 2.5.14

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-2.7.5.html]

Postfix legacy releases 2.7.5, 2.6.11 and 2.5.14 are available.
These contain fixes and workarounds that were already included
with Postfix stable release 2.8.4.

Fixed with Postfix version 2.7.5, 2.6.11 and 2.5.14:

    * Performance: a high load of DSN success notification requests
      could slow down the queue manager. Solution: make the trace
      client asynchronous, just like the bounce and defer clients.

    * The local(8) delivery agent ignored table lookup errors in
      mailbox_command_maps, mailbox_transport_maps, fallback_transport_maps
      and (while bouncing mail to alias) alias owner lookup.  

    * Workaround: dbl.spamhaus.org rejects lookups with "No IP
      queries" even if the name has an alphanumerical prefix. We
      play safe, and skip both RHSBL and RHSWL queries for names
      ending in a numerical suffix.  

    * The Postfix Milter client reported a temporary error instead
      of "file too large" in three cases.  

    * Linux kernel version 3 support. Linus Torvalds has reset the
      counters for reasons not related to changes in code.

Fixed with Postfix 2.7.5:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Wietse Venema | 7 Jul 21:51

Postfix 2.8.4 available

 Postfix stable release 2.8.4

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-2.8.4.html]

Postfix stable release 2.8.4 is available. This contains fixes and
workarounds that were already included with the Postfix 2.9
experimental release. Where applicable these fixes will also be
made available for the legacy releases Postfix 2.5..2.7.

    * Performance: a high load of DSN success notification requests
      could slow down the queue manager. Solution: make the trace
      client asynchronous, just like the bounce and defer clients.

    * The local(8) delivery agent ignored table lookup errors in
      mailbox_command_maps, mailbox_transport_maps, fallback_transport_maps
      and (while bouncing mail to alias) alias owner lookup.

    * Workaround: dbl.spamhaus.org rejects lookups with "No IP
      queries" even if the name has an alphanumerical prefix. We
      play safe, and skip both RHSBL and RHSWL queries for names
      ending in a numerical suffix.

    * The "sendmail -t" command reported "protocol error" instead
      of "file too large", "no space left on device" etc.

    * The Postfix Milter client reported a temporary error instead
      of "file too large" in three cases.

    * Linux kernel version 3 support. Linus Torvalds has reset the
(Continue reading)

Permalink | Reply | 0 comments |
headers
Wietse Venema | 9 May 14:39

Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)

[On-line version will be at http://www.postfix.org/CVE-2011-1720.html]

Summary
=======

The Postfix SMTP server has a memory corruption error when the Cyrus
SASL library is used with authentication mechanisms other than PLAIN
and LOGIN (the ANONYMOUS mechanism is unaffected but should not be
enabled for different reasons). See below for instructions to
determine what systems are affected.

Examples of affected Cyrus SASL authentication methods are CRAM-MD5,
DIGEST-MD5, EXTERNAL, GSSAPI, KERBEROS_V4, NTLM, OTP, PASSDSS-3DES-1,
and SRP.

The error was introduced with the Postfix SASL patch, and is present
in all Postfix versions where the command "postconf mail_release_date"
reports a value of 20000314 (March 14, 2000) or greater.

This problem was discovered by Thomas Jarosch of Intra2net AG.

The memory corruption is known to result in a program crash (SIGSEV).
Remote code execution cannot be excluded. Such code would execute
as the unprivileged "postfix" user. This user has no control over
processes that run with non-postfix privileges including Postfix
processes running as root; the impact may be reduced with configurations
that enable the Postfix chroot feature or that use platform-dependent
privilege-reducing features.

The problem is fixed in Postfix stable releases 2.5.13, 2.6.10,
(Continue reading)

Permalink | Reply | 0 comments |
headers
Wietse Venema | 21 Mar 22:07

Postfix 2.8.2 stable release available

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-2.8.2.html]

Postfix stable release 2.8.2 is available. This release has minor
fixes that are already in the experimental (2.9) release.

- Bugfix: postscreen DNSBL scoring error.  When a client disconnected
  and then reconnected before all DNSBL results for the earlier
  session arrived, DNSBL results for the earlier session would be
  added to the score for the later session. This is very unlikely
  to have affected any legitimate mail.

- Workaround: the SMTP client did not support mail to [ipv6:ipv6addr].

- Portability: FreeBSD closefrom() was back-ported to FreeBSD 7,
  breaking FreeBSD 7.x support retroactively.

- Portability: the SUN compiler had trouble with a pointer expression
  of the form ``("text1" "text2") + constant'' so we don't try to
  be so clever.

You can find Postfix version 2.8.2 at the mirrors listed at
http://www.postfix.org/

        Wietse
Permalink | Reply | 0 comments |
headers
Wietse Venema | 7 Mar 21:18

Postfix 2.7.3, 2.6.9, 2.5.12 and 2.4.16 available

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-2.7.3.html]

Postfix legacy releases 2.7.3, 2.6.9, 2.5.12 and 2.4.16 are available.
These releases contain a fix for CVE-2011-0411 which allows plaintext
command injection with SMTP sessions over TLS. This defect was
introduced with Postfix version 2.2. The same flaw exists in other
implementations of the STARTTLS command.

    Note: CVE-2011-0411 is an issue only for the minority of SMTP
    clients that actually verify server certificates. Without server
    certificate verification, clients are always vulnerable to
    man-in-the-middle attacks that allow attackers to inject
    plaintext commands or responses into SMTP sessions, and more.

Postfix 2.8 and 2.9 are not affected.

The following problems were fixed with the Postfix legacy releases:

    * Fix for CVE-2011-0411: discard buffered plaintext input,
      after reading the SMTP "STARTTLS" command or response.  

    * Fix to the local delivery agent: look up the "unextended"
      address in the local aliases database, when that address has
      a malformed address extension.  

    * Fix to virtual alias expansion: report a tempfail error,
      instead of silently ignoring recipients that exceed the
      virtual_alias_expansion_limit or the virtual_alias_recursion_limit.
(Continue reading)

Permalink | Reply | 0 comments |

Gmane