Postfix 2.2 Patch 09

Postfix 2.2.9 was released a few days ago. This is mostly a collection
of back-ported fixes from the Postfix 2.3 development branch.

Most of this patch hardens the TLS implementation against DNS-based
attacks, and eliminates some anomalies from the TLS per-site policy
engine. See the TLS_README document for tips on how to avoid
DNS-based attacks that can change the server hostname that Postfix
uses for logging, for TLS per-site policies, and for server
certificate verification.

The patch also adds a workaround that prevents Postfix from repeatedly
trying to deliver mail to domains with a malformed MX record (for
example, with a null MX hostname). Postfix 2.2.9 bounces such mail
immediately.

Available from the mirrors listed at http://www.postfix.org/download.html

    36105 Feb 21 16:36 postfix-2.2-patch09.gz
   373935 Feb 21 16:24 postfix-2.2.9.HISTORY
    19753 Mar  9  2005 postfix-2.2.9.RELEASE_NOTES
  2442158 Feb 21 16:38 postfix-2.2.9.tar.gz
      280 Feb 21 16:38 postfix-2.2.9.tar.gz.sig

A detailed change log can be found below the signature.

	Wietse

20010604

	Safety: new "smtp_cname_overrides_servername" parameter.