RELEASE_NOTES-2.0   [plain text]


==============================================================
NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE
==============================================================
Before upgrading from Postfix 1.1 you must stop Postfix ("postfix
stop").  Some internal protocols have changed.  No mail will be
lost if you fail to stop and restart Postfix, but Postfix won't be
able to receive any new mail, either.
==============================================================
NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE
==============================================================

In the text below, changes are labeled with the Postfix snapshot
that introduced the change, and whether the change introduced a
feature, an incompatibility, or whether the feature is obsolete.
If you upgrade from a later Postfix version, then you do not have
to worry about incompatibilities introduced in earlier versions.

Official Postfix releases are called a.b.c where a=major release
number, b=minor release number, c=patchlevel.  Snapshot releases
are now called a.b.c-yyyymmdd where yyyymmdd is the release date
(yyyy=year, mm=month, dd=day).  The mail_release_date configuration
parameter contains the release date (both for official release and
snapshot release).  Patches change the patchlevel and the release
date. Snapshots change only the release date, unless they include
the same bugfixes as a patch release.

Major changes with Postfix version 2.0.0 (released 20021222, 20021223)
======================================================================

First comes the bad news - things that may break when you upgrade
from Postfix 1.1. Then comes the good news - things that evolved
in snapshots over the past year.

For the release notes of Postfix 1.1 and earlier, see the
RELEASE_NOTES-1.1 file.

Unknown Recipients are now rejected by default
==============================================

[Incompatibility 20021209] The Postfix SMTP server now rejects mail
for $mydestination domain recipients that it does not know about.
This keeps undeliverable mail out of your queue.

[Incompatibility 20021209] To avoid losing mail when upgrading from
Postfix 1.1, you need to review the LOCAL_RECIPIENT_README file if
one of the following is true:

- You define $mydestination domain recipients in files other than
  /etc/passwd or /etc/aliases.  For example, you define $mydestination
  domain recipients in the $virtual_mailbox_maps files.
- You run the Postfix SMTP server chrooted (see master.cf).
- You redefined the local delivery agent in master.cf.
- You redefined the "local_transport" setting in main.cf.
- You use the mailbox_transport feature of the Postfix local delivery agent.
- You use the fallback_transport feature of the Postfix local delivery agent.
- You use the luser_relay feature of the Postfix local delivery agent.

Name change of virtual domain tables
====================================

This release introduces separation of lookup tables for addresses
and for domain names of virtual domains.

[Incompat 20021209] the virtual_maps parameter is replaced by
virtual_alias_maps (for address lookups) and virtual_alias_domains
(for the names of what were formerly called "Postfix-style virtual
domains").

  For backwards compatibility with Postfix version 1.1, the new
  virtual_alias_maps parameter defaults to $virtual_maps, and the
  new virtual_alias_domains parameter defaults to $virtual_alias_maps.
  This means that you can still keep all information about a domain
  in one file, just like before.

For details, see the virtual(5) and sample-virtual.cf files.

[Incompat 20021209] the virtual_mailbox_maps parameter now has a
companion parameter called virtual_mailbox_domains (for the names
of domains served by the virtual delivery agent). virtual_mailbox_maps
is now used for address lookups only.

  For backwards compatibility with Postfix version 1.1,, the new
  virtual_mailbox_domains parameter defaults to $virtual_mailbox_maps.
  This means that you can still keep all information about a domain
  in one file, just like before.

For details, see the VIRTUAL_README file.

[Incompat 20021209] If you use the "advanced content filter"
technique, you MUST NOT override the virtual aliases and virtual
mailbox settings in the SMTP server that receives mail from the
content filter, or else mail for virtual recipients will be rejected
with "User unknown".

For details, see the FILTER_README file.

Incompatible queue file format changes
======================================

[Incompat 20020527] Queue files created with the header/body_checks
"FILTER" feature are not compatible with "postqueue -r" (move queue
files back to the maildrop directory) of previous Postfix releases.

[Incompat 20020512] Postfix queue files contain records that are
incompatible with "postqueue -r" on all Postfix versions prior to
1.1 and release candidates. This happens whenever the sender
specifies MIME body type information via the SMTP `MAIL FROM'
command, via the `sendmail -B' command line option, or via the
Content-Transfer-Encoding:  message header.

[Incompat 20020512] Postfix queue files may contain records that
are incompatible with "postqueue -r" on previous 1.1 Postfix versions
and release candidates. This happens whenever the sender specifies
the MIME body type only via the Content-Transfer-Encoding:  message
header, and not via `MAIL FROM' or `sendmail -B'.

Features that are going away
============================

[Obsolete 20021209] Sendmail-style virtual domains are no longer
documented.  This part of Postfix was too confusing.

[Obsolete 20021209] The "reject_maps_rbl" restriction is going
away. The SMTP server now logs a warning and suggests using the
more flexible "reject_rbl_client" feature instead.

[Obsolete 20021209] The "check_relay_domains" restriction is going
away.  The SMTP server logs a warning and suggests using the more
robust "reject_unauth_destination" instead. This means that Postfix 
by default no longer grants relay permissions on the basis of the 
client hostname, and that relay clients must be authorized via 
other means such as permit_mynetworks.

[Obsolete 20020917] In regexp lookup tables, the form /pattern1/!/pattern2/
is going away. Use the cleaner and more flexible "if !/pattern2/..endif"
form.  The old form still exists but is no longer documented, and
causes a warning (suggesting to use the new format) to be logged.
For details, see "man regexp_table".

[Obsolete 20020819] The qmgr_site_hog_factor feature is gone (this
would defer mail delivery for sites that occupy too much space in
the active queue, and be a real performance drain due to excessive
disk I/O).  The new qmgr_clog_warn_time feature (see below) provides
more useful suggestions for dealing with Postfix congestion.

[Obsolete 20020819] The "permit_naked_ip_address" restriction on
HELO command syntax is unsafe when used with most smtpd_XXX_restrictions
and will go away. Postfix logs a warning, suggesting to use
"permit_mynetworks" instead.

MIME support
============

[Feature 20020527] Postfix now has real MIME support. This improves
content filtering efficiency and accuracy, and improves inter-operability
with mail systems that cannot receive 8-bit mail. See conf/sample-mime.cf
for details.

[Feature 20020527] Postfix header_checks now properly recognize
MIME headers in attachments. This is much more efficient than
previous versions that recognized MIME headers via body_checks.
MIME headers are now processed one multi-line header at a time,
instead of one body line at a time.  To get the old behavior,
specify "disable_mime_input_processing = yes".  More details in
conf/sample-filter.cf.

[Feature 20020527] Postfix now has three classes of header patterns:
header_checks (for primary message headers except MIME headers),
mime_header_checks (for MIME headers), and nested_header_checks
(for headers of attached email messages except MIME headers).  By
default, all headers are matched with header_checks.

[Feature 20020527] The Postfix SMTP client will now convert 8BITMIME
mail to 7BIT when delivering to an SMTP server that does not announce
8BITMIME support.  To disable, specify "disable_mime_output_conversion
= yes". However, this conversion is required by RFC standards.

[Feature 20020528] Postfix can enforce specific aspects of the MIME
standards while receiving mail.

* Specify "strict_7bit_headers = yes" to disallow 8-bit characters
  in message headers.  These are always illegal.

* Specify "strict_8bitmime_body = yes" to block mail with 8-bit
  content that is not properly labeled as 8-bit MIME. This blocks
  mail from poorly written mail software, including (bounces from
  qmail, bounces from Postfix before snapshot 20020514, and Majordomo
  approval requests) that contain valid 8BITMIME mail.

* Specify "strict_8bitmime = yes" to turn on both strict_7bit_headers
  and strict_8bitmime_body.

* Specify "strict_mime_encoding_domain = yes" to block mail from
  poorly written mail software. More details in conf/sample-mime.cf.

[Incompat 20020527] Postfix now rejects mail if the MIME multipart
structure is nested more than mime_nesting_limit levels (default:
100) when MIME input processing is enabled while receiving mail, or
when Postfix is performing 8BITMIME to 7BIT conversion while
delivering mail.

[Incompat 20020527] Postfix now recognizes "name :" as a valid
message header, but normalizes it to "name:" for consistency
(actually, there is so much code in Postfix that would break with
"name :" that there is little choice, except to not recognize "name
:" headers).

[Incompat 20020512] Postfix queue files contain records that are
incompatible with "postqueue -r" on all Postfix versions prior to
1.1 and release candidates. This happens whenever the sender
specifies MIME body type information via the SMTP `MAIL FROM'
command, via the `sendmail -B' command line option, or via the
Content-Transfer-Encoding:  message header.

[Incompat 20020512] Postfix queue files may contain records that
are incompatible with "postqueue -r" on previous 1.1 Postfix versions
and release candidates. This happens whenever the sender specifies
the MIME body type only via the Content-Transfer-Encoding:  message
header, and not via `MAIL FROM' or `sendmail -B'.

[Feature 20020512] The Postfix SMTP and LMTP clients now properly
pass on the MIME body type information (7BIT or 8BITMIME), provided
that the sender properly specifies MIME body type information via
the SMTP MAIL FROM command, via the sendmail -B command line option,
or via MIME message headers. This includes mail that is returned
as undeliverable.

Improved performance
====================

[Incompat 20021209] The default queue directory hash_queue_depth
setting is reduced to 1 level of subdirectories per Postfix queue.
This improves "mailq" performance on most systems, but can result
in poorer worst-case performance on systems with lots of mail in
the queue.

[Incompat 20021209] The Postfix SMTP client no longer expands CNAMEs
in MAIL FROM or RCPT TO addresses (as permitted by RFC 2821). This
eliminates one DNS lookup per sender and recipient, and can make
a dramatic difference when sending mailing list mail via a relayhost.

[Incompat 20021209] The Postfix installation procedure no longer
sets the "chattr +S" bit on Linux queue directories. Wietse has
gotten too annoyed with naive reviewers who complain about performance
without having a clue of what they are comparing.

[Feature 20021209] On mail gateway systems, separation of inbound
mail relay traffic from outbound traffic. This eliminates a problem
where inbound mail deliveries could become resource starved in the
presence of a high volume of outbound mail.

[Feature 20021013] The body_checks_size_limit parameter limits the
amount of text per message body segment (or attachment, if you
prefer to use that term) that is subjected to body_checks inspection.
The default limit is 50 kbytes. This speeds up the processing of
mail with large attachments.

[Feature 20020917] Speedups of regexp table lookups by optimizing
for the $number substitutions that are actually present in the
right-hand side.  Based on a suggestion by Liviu Daia.

[Feature 20020917] Speedups of regexp and pcre tables, using
IF..ENDIF support. Based on an idea by Bert Driehuis.  To protect
a block of patterns, use:

    if /pattern1/
    /pattern2/	result2
    /pattern3/	result3
    endif

IF..ENDIF can nest. Don't specify blanks at the beginning of lines
inside IF..ENDIF, because lines beginning with whitespace are
appended to the previous line. More details about the syntax are
given in the pcre_table(5) and regexp_table(5) manual pages.

[Feature 20020717] The default timeout for establishing an SMTP
connection has been reduced to 30 seconds, because many system
TCP/IP stacks have an atrociously large default timeout value.

[Feature 20020505] Finer control over Berkeley DB memory usage,
The parameter "berkeley_db_create_buffer_size" (default:  16 MBytes)
specifies the buffer size for the postmap and postalias commands.
The parameter "berkeley_db_read_buffer_size" (default:  128 kBytes)
specifies the buffer size for all other applications.  Specify
"berkeley_db_read_buffer_size = 1048576" to get the old read buffer
size. Contributed by Victor Duchovni. For more information, see
the last paragraphs of the DB_README file.

[Incompat 20021211] The default process limit is doubled from 50
to 100. The default limits on the number of active queue files or
recipients are doubled from 10000 to 20000. The default concurrency
for parallel delivery to the same destination is doubled from 10
to 20.

Improved compatibility
======================

[Feature 20020527] The Postfix SMTP client will now convert 8BITMIME
mail to 7BIT when delivering to an SMTP server that does not announce
8BITMIME support.  To disable, specify "disable_mime_output_conversion
= yes". However, this conversion is required by RFC standards.

[Feature 20020512] The Postfix SMTP and LMTP clients now properly
pass on the MIME body type information (7BIT or 8BITMIME), provided
that the sender properly specifies MIME body type information via
the SMTP MAIL FROM command, via the sendmail -B command line option,
or via MIME message headers. This includes mail that is returned
as undeliverable.

[Incompat 20020326] The Postfix SMTP client now breaks message
header or body lines that are longer than $smtp_line_length_limit
characters (default:  990). Earlier Postfix versions broke lines
at $line_length_limit characters (default: 2048). Postfix versions
before 20010611 did not break long lines at all.  Reportedly, some
mail servers refuse to receive mail with lines that exceed the 1000
character limit that is specified by the SMTP standard.

[Incompat 20020326] The Postfix SMTP client now breaks long message
header or body lines by inserting <CR> <LF> <SPACE>.  Earlier
Postfix versions broke long lines by inserting <CR> <LF> only. This
broke MIME encapsulation, causing MIME attachments to "disappear"
with Postfix versions after 20010611.

[Incompat 20020326] Postfix now discards text when a logical message
header exceeds $header_size_limit characters (default: 102400).
Earlier Postfix versions would place excess text, and all following
text, in the message body. The same thing was done when a physical
header line exceeded $line_length_limit characters (default: 2048).
Both behaviors broke MIME encapsulation, causing MIME attachments
to "disappear" with all previous Postfix versions.

[Incompat 20021015] The Postfix LMTP client no longer lowercases email
addresses in MAIL FROM and RCPT TO commands.

[Incompat 20021013] The default Linux kernel lock style for mailbox
delivery is changed from flock() to fcntl(). This has no impact if
your system uses procmail for local delivery, if you use maildir-style
mailboxes, or when mailbox access software locks mailboxes with
username.lock files (which is usually the case with non-maildir
mailboxes).

Address classes
===============

[Feature 20021209] This release introduces the concept of address
domain classes, each having its own default mail delivery transport:

  Destination matches      Default transport       Default name
  ==============================================================
  $mydestination or
     $inet_interfaces      $local_transport        local
  $virtual_alias_domains   (not applicable)        (not applicable)
  $virtual_mailbox_domains $virtual_transport      virtual
  $relay_domains           $relay_transport        relay
  other                    $default_transport      smtp

The benefits of these changes are:

- You no longer need to specify all the virtual(8) domains in the
  Postfix transport map. The virtual(8) delivery agent has
  become a first-class citizen just like local(8) or smtp(8).

- On mail gateway systems, separation of inbound mail relay traffic
  from outbound traffic. This eliminates a problem where inbound
  mail deliveries could become resource starved in the presence of
  a high volume of outbound mail.

- The SMTP server rejects unknown recipients in a more consistent
  manner than was possible with previous Postfix versions.

See the ADDRESS_CLASS_README file for a description of address
classes, their benefits, and their incompatibilities.

New relay transport in master.cf
================================

[Incompat 20021209] Postfix no longer defaults to the "smtp"
transport for all non-local destinations.  In particular, Postfix
now uses the "relay" mail delivery transport for delivery to domains
matching $relay_domains.  This may affect your defer_transports
settings.

On mail gateway systems, this allows us to separate inbound mail
relay traffic from outbound traffic, and thereby eliminate a problem
where inbound mail deliveries could become resource starved in the
presence of a high volume of outbound mail.

[Incompat 20021209] This release adds a new "relay" service to the
Postfix master.cf file. This is a clone of the "smtp" service.  If
your Postfix is unable to connect to the "relay" service then you
have not properly followed the installation procedure.

Revision of RBL blacklisting code
=================================

[Feature 20020923] Complete rewrite of the RBL blacklisting code.
The names of RBL restrictions are now based on a suggestion that
was made by Liviu Daia in October 2001. See conf/sample-smtpd.cf
or html/uce.html for details.

[Feature 20020923] "reject_rbl_client rbl.domain.tld" for client
IP address blacklisting. Based on code by LaMont Jones.  The old
"reject_maps_rbl" is now implemented as a wrapper around the
reject_rbl_client code, and logs a warning that "reject_maps_rbl"
is going away. To upgrade, specify "reject_rbl_client domainname"
once for each domain name that is listed in maps_rbl_domains.

[Feature 20020923] "reject_rhsbl_sender rbl.domain.tld" for sender
domain blacklisting. Also: reject_rhsbl_client and reject_rhsbl_recipient
for client and recipient domain blacklisting.

[Feature 20020923] "rbl_reply_maps" configuration parameter for
lookup tables with template responses per RBL server. Based on code
by LaMont Jones.  If no reply template is found the default template
is used as specified with the default_rbl_reply configuration
parameter.  The template responses support $name expansion of
client, helo, sender, recipient and RBL related attributes.

[Incompat 20020923] The default RBL "reject" server reply now
includes an indication of *what* is being rejected: Client host,
Helo command, Sender address, or Recipient address. This also
changes the logfile format.

[Feature 20020923] "smtpd_expansion_filter" configuration parameter
to control what characters are allowed in the expansion of template
RBL reply $name macros. Characters outside the allowed set are
replaced by "_".

More sophisticated handling of UCE-related DNS lookup errors
============================================================

[Feature 20020906] More sophisticated handling of UCE-related DNS
lookup errors.  These cause Postfix to not give up so easily, so
that some deliveries will not have to be deferred after all.

[Feature 20020906] The SMTP server sets a defer_if_permit flag when
an UCE reject restriction fails due to a temporary (DNS) problem,
to prevent unwanted mail from slipping through.  The defer_if_permit
flag is tested at the end of the ETRN and recipient restrictions.

[Feature 20020906] A similar flag, defer_if_reject, is maintained
to prevent mail from being rejected because a whitelist operation
(such as permit_mx_backup) fails due to a temporary (DNS) problem.

[Feature 20020906] The permit_mx_backup restriction is made more
strict. With older versions, some DNS failures would cause mail to
be accepted anyway, and some DNS failures would cause mail to be
rejected by later restrictions in the same restriction list.  The
improved version will defer delivery when Postfix could make the
wrong decision.

- After DNS lookup failure, permit_mx_backup will now accept the
request if a subsequent restriction would cause the request to be
accepted anyway, and will defer the request if a subsequent
restriction would cause the request to be rejected.

- After DNS lookup failure, reject_unknown_hostname (the hostname
given in HELO/EHLO commands) reject_unknown_sender_domain and
reject_unknown_recipient_domain will now reject the request if a
subsequent restriction would cause the request to be rejected
anyway, and will defer the request if a subsequent restriction
would cause the request to be accepted.

[Feature 20020906] Specify "smtpd_data_restrictions =
reject_unauth_pipelining" to block mail from SMTP clients that send
message content before Postfix has replied to the SMTP DATA command.

Other UCE related changes
=========================

[Feature 20020717] The SMTP server reject_unknown_{sender,recipient}_domain
etc.  restrictions now also attempt to look up AAAA (IPV6 address)
records.

[Incompat 20020513] In order to allow user@domain@domain addresses
from untrusted systems, specify "allow_untrusted_routing = yes" in
main.cf.  This opens opportunities for mail relay attacks when
Postfix provides backup MX service for Sendmail systems.

[Incompat 20020514] For safety reasons, the permit_mx_backup
restriction no longer accepts mail for user@domain@domain. To
recover the old behavior, specify "allow_untrusted_routing = yes"
and live with the risk of becoming a relay victim.

[Incompat 20020509] The Postfix SMTP server no longer honors OK
access rules for user@domain@postfix-style.virtual.domain, to close
a relaying loophole with postfix-style virtual domains that have
@domain.name catch-all patterns.

[Incompat 20020201] In Postfix SMTPD access tables, Postfix now
uses <> as the default lookup key for the null address, in order
to work around bugs in some Berkeley DB implementations. This
behavior is controlled with the smtpd_null_access_lookup_key
configuration parameter.

Changes in transport table lookups
==================================

[Feature 20020610] user@domain address lookups in the transport
map.  This feature also understands address extensions.  Transport
maps still support lookup keys in the form of domain names, but
only with non-regexp tables.  Specify mailer-daemon@my.host.name
in order to match the null address. More in the transport(5) manual
page.

[Feature 20020505] Friendlier behavior of Postfix transport tables.
There is a new "*" wildcard pattern that always matches.  The
meaning of null delivery transport AND nexhop information field
has changed to "do not modify": use the information that would be
used if the transport table did not exist. This change makes it
easier to route intranet mail (everything under my.domain) directly:
you no longer need to specify explicit "local" transport table
entries for every domain name that resolves to the local machine.
For more information, including examples, see the updated transport(5)
manual page.

[Incompat 20020610] Regexp/PCRE-based transport maps now see the
entire recipient address instead of only the destination domain
name.

[Incompat 20020505, 20021215] The meaning of null delivery transport
and nexhop fields has changed incompatibly.

- A null delivery transport AND nexthop information field means
"do not modify": use the delivery transport or nexthop information
that would be used if no transport table did not exist.

- The delivery transport is not changed with a null delivery
transport field and non-null nexthop field.

- The nexthop is reset to the recipient domain with a non-null
transport field and a null nexthop information field.

Address manipulation changes
============================

[Incompat 20020717] Postfix no longer strips multiple '.' characters
from the end of an email address or domain name. Only one '.' is
tolerated.

[Feature 20020717] The masquerade_domains feature now supports
exceptions.  Prepend a ! character to a domain name in order to
not strip its subdomain structure.  More information in
conf/sample-rewrite.cf.

[Feature 20020717] The Postfix virtual delivery agent supports
catch-all entries (@domain.tld) in lookup tables. These match users
that do not have a specific user@domain.tld entry. The virtual
delivery agent now ignores address extensions (user+foo@domain.tld)
when searching its lookup tables, but displays the extensions in
Delivered-To:  message headers.

[Feature 20020610] user@domain address lookups in the transport
map.  This feature also understands address extensions.  Transport
maps still support lookup keys in the form of domain names, but
only with non-regexp tables.  Specify mailer-daemon@my.host.name
in order to match the null address. More in the transport(5) manual
page.

[Incompat 20020610] Regexp/PCRE-based transport maps now see the
entire recipient address instead of only the destination domain
name.

[Incompat 20020513] In order to allow user@domain@domain addresses
from untrusted systems, specify "allow_untrusted_routing = yes" in
main.cf.  This opens opportunities for mail relay attacks when
Postfix provides backup MX service for Sendmail systems.

[Incompat 20020509] The Postfix SMTP server no longer honors OK
access rules for user@domain@postfix-style.virtual.domain, to close
a relaying loophole with postfix-style virtual domains that have
@domain.name catch-all patterns.

[Incompat 20020509] The appearance of user@domain1@domain2 addresses
has changed.  In mail headers, such addresses are now properly
quoted as "user@domain1"@domain2. As a side effect, this quoted
form is now also expected on the left-hand side of virtual and
canonical lookup tables, but only by some of the Postfix components.
For now, it is better not to use user@domain1@domain2 address forms
on the left-hand side of lookup tables.

Regular expression and PCRE related changes
===========================================

[Feature 20021209] Regular expression maps are now allowed with
local delivery agent alias tables and with all virtual delivery
agent lookup tables.  However, regular expression substitution of
$1 etc.  is still forbidden for security reasons.

[Obsolete 20020917] In regexp lookup tables, the form /pattern1/!/pattern2/
is going away. Use the cleaner and more flexible "if !/pattern2/..endif"
form.  The old form still exists but is no longer documented, and
causes a warning (suggesting to use the new format) to be logged.

[Incompat 20020610] Regexp/PCRE-based transport maps now see the
entire recipient address instead of only the destination domain
name.

[Incompat 20020528] With PCRE pattern matching, the `.' metacharacter
now matches all characters including newline characters. This makes
PCRE pattern matching more convenient to use with multi-line message
headers, and also makes PCRE more compatible with regexp pattern
matching.  The pcre_table(5) manual page has been greatly revised.

New mail "HOLD" action and "hold" queue
=======================================

[Feature 20020819] New "hold" queue for mail that should not be
delivered.  "postsuper -h" puts mail on hold, and "postsuper -H"
releases mail, moving mail that was "on hold" to the deferred queue.

[Feature 20020821] HOLD and DISCARD actions in SMTPD access tables.
As with the header/body version of the same, these actions apply
to all recipients of the same queue file.

[Feature 20020819] New header/body HOLD action that causes mail to
be placed on the "hold" queue. Presently, all you can do with mail
"on hold" is to examine it with postcat, to take it "off hold" with
"postsuper -H", or to destroy it with "postsuper -d". See
conf/sample-filter.cf.

[Incompat 20020819] In mailq output, the queue ID is followed by
the ! character when the message is in the "hold" queue (see below).
This may break programs that process mailq output.

Content filtering
=================

[Feature 20020823] Selective content filtering. In in SMTPD access
tables, specify "FILTER transport:nexthop" for mail that needs
filtering. More info about content filtering is in the Postfix
FILTER_README file.  This feature overrides the main.cf content_filter
setting. Presently, this applies to all the recipients of a queue
file.

[Feature 20020527] Selective content filtering. In header/body_check
patterns, specify "FILTER transport:nexthop" for mail that needs
filtering. This requires different cleanup servers before and after
the filter, with header/body checks turned off in the second cleanup
server.  More info about content filtering is in the Postfix
FILTER_README file.  This feature overrides the main.cf content_filter
setting. Presently, this applies to all the recipients of a queue
file.

[Feature 20020527] Postfix now has real MIME support. This improves
content filtering efficiency and accuracy, and improves inter-operability
with mail systems that cannot receive 8-bit mail. See conf/sample-mime.cf
for details.

[Feature 20020527] Postfix header_checks now properly recognize
MIME headers in attachments. This is much more efficient than
previous versions that recognized MIME headers via body_checks.
MIME headers are now processed one multi-line header at a time,
instead of one body line at a time.  To get the old behavior,
specify "disable_mime_input_processing = yes".  More details in
conf/sample-filter.cf.

[Feature 20020527] Postfix now has three classes of header patterns:
header_checks (for primary message headers except MIME headers),
mime_header_checks (for MIME headers), and nested_header_checks
(for headers of attached email messages except MIME headers).  By
default, all headers are matched with header_checks.

[Feature 20021013] The body_checks_size_limit parameter limits the
amount of text per message body segment (or attachment, if you
prefer to use that term) that is subjected to body_checks inspection.
The default limit is 50 kbytes. This speeds up the processing of
mail with large attachments.

[Feature 20020917] Speedups of regexp table lookups by optimizing
for the $number substitutions that are actually present in the
right-hand side.  Based on a suggestion by Liviu Daia.

[Feature 20020917] Speedups of regexp and pcre tables, using
IF..ENDIF support. Based on an idea by Bert Driehuis.  To protect
a block of patterns, use:

    if /pattern1/
    /pattern2/	result2
    /pattern3/	result3
    endif

IF..ENDIF can nest. Don't specify blanks at the beginning of lines
inside IF..ENDIF, because lines beginning with whitespace are
appended to the previous line. More details about the syntax are
given in the pcre_table(5) and regexp_table(5) manual pages.

Postmap/postalias/newaliases changes
====================================

[Incompat 20020505] The postalias command now copies the source
file read permissions to the result file when creating a table for
the first time. Until now, the result file was created with default
read permissions.  This change makes postalias more similar to
postmap.

[Incompat 20020505] The postalias and postmap commands now drop
super-user privileges when processing a non-root source file. The
file is now processed as the source file owner, and the owner must
therefore have permission to update the result file. Specify the
"-o" flag to get the old behavior (process non-root files with root
privileges).

[Incompat 20020122] When the postmap command creates a non-existent
result file, the new file inherits the group/other read permissions
of the source file.

Assorted changes
================

[Feature 20021028] The local(8) and virtual(8) delivery agents now record
the original recipient address in the X-Original-To: message header.
This header can also be emitted by the pipe(8) delivery agent.

[Incompat 20021028] With "domain in one mailbox", one message with
multiple recipients is no longer delivered only once. It is now
delivered as one copy for each original recipient, with the original
recipient address listed in the X-Original-To: message header.

[Feature 20021024] New proxy_interfaces parameter, for sites behind a
network address translation gateway or other type of proxy. You
should specify all the proxy network addresses here, to avoid avoid
mail delivery loops.

[Feature 20021013] Updated MacOS X support by Gerben Wierda. See
the auxiliary/MacOSX directory.

[Incompat 20021013] Subtle change in ${name?result} macro expansions:
the expansion no longer happens when $name is an empty string. This
probably makes more sense than the old behavior.

[Incompat 20020917] The relayhost setting now behaves as documented,
i.e. you can no longer specify multiple destinations.

[Incompatibility 20021219] The use of the XVERP extension in the
SMTP MAIL FROM command is now restricted to SMTP clients that match
the hostnames, domains or networks listed with the authorized_verp_clients
parameter (default:  $mynetworks).

[Feature 20020819] When the Postfix local delivery agent detects
a mail delivery loop (usually the result of mis-configured mail
pickup software), the undeliverable mail is now sent to the mailing
list owner instead of the envelope sender address (usually the
original poster who has no guilt, and who cannot fix the problem).

[Warning 20020819] The Postfix queue manager now warns when mail
for some destination is piling up in the active queue, and suggests
a variety of remedies to speed up delivery (increase per-destination
concurrency limit, increase active queue size, use a separate
delivery transport, increase per-transport process limit).  The
qmgr_clog_warn_time parameter controls the time between warnings.
To disable these warnings, specify "qmgr_clog_warn_time = 0".

[Warning 20020717] The Postfix SMTP client now logs a warning when
the same domain is listed in main.cf:mydestination as well as a
Postfix-style virtual map. Such a mis-configuration may cause mail
for users to be rejected with "user unknown".

[Feature 20020331] A new smtp_helo_name parameter that specifies
the hostname to be used in HELO or EHLO commands; this can be more
convenient than changing the myhostname parameter setting.

[Feature 20020331] Choice between multiple instances of internal
services:  bounce, cleanup, defer, error, flush, pickup, queue,
rewrite, showq.  This allows you to use different cleanup server
settings for different SMTP server instances.  For example, specify
in the master.cf file:

    localhost:10025 ... smtpd -o cleanup_service_name=cleanup2 ...
    cleanup2        ... cleanup -o header_checks= body_checks= ...

Logfile format changes
======================

[Incompat 20021209] The Postfix SMTP client no longer expands CNAMEs
in MAIL FROM addresses (as permitted by RFC 2821) before logging
the recipient address.

[Incompat 20021028] The Postfix SMTP server UCE reject etc. logging
now includes the queue ID, the mail protocol (SMTP or ESMTP), and
the hostname that was received with the HELO or EHLO command, if
available.

[Incompat 20021028] The Postfix header/body_checks logging now
includes the mail protocol (SMTP, ESMTP, QMQP) and the hostname
that was received with the SMTP HELO or EHLO command, if available.

[Incompat 20021028] The Postfix status=sent/bounced/deferred logging
now shows the original recipient address (as received before any
address rewriting or aliasing).  The original recipient address is
logged only when it differs from the final recipient address.

[Incompat 20020923] The default RBL "reject" server reply now
includes an indication of *what* is being rejected: Client host,
Helo command, Sender address, or Recipient address. This also
changes the logfile format.

LDAP related changes
====================

[Incompat 20020819] LDAP API version 1 is no longer supported. The
memory allocation and deallocation strategy has changed too much
to maintain both version 1 and 2 at the same time.

[Feature 20020513] Updated LDAP client module with better handling
of dead LDAP servers, and with configurable filtering of query
results.

SASL related changes
====================

[Incompat 20020819] The smtpd_sasl_local_domain setting now defaults
to the null string, rather than $myhostname. This seems to work
better with Cyrus SASL version 2. This change may cause incompatibility
with the saslpasswd2 command.

[Feature 20020331] Support for the Cyrus SASL version 2 library,
contributed by Jason Hoos. This adds some new functionality that
was not available in Cyrus SASL version 1, and provides bit-rot
insurance for the time when Cyrus SASL version 1 eventually stops
working.

Berkeley DB related changes
===========================

[Feature 20020505] Finer control over Berkeley DB memory usage,
The parameter "berkeley_db_create_buffer_size" (default:  16 MBytes)
specifies the buffer size for the postmap and postalias commands.
The parameter "berkeley_db_read_buffer_size" (default:  256 kBytes)
specifies the buffer size for all other applications.  Specify
"berkeley_db_read_buffer_size = 1048576" to get the old read buffer
size. For more information, see the last paragraphs of the DB_README
file.

[Incompat 20020201] In Postfix SMTPD access tables, Postfix now
uses <> as the default lookup key for the null address, in order
to work around bugs in some Berkeley DB implementations. This
behavior is controlled with the smtpd_null_access_lookup_key
configuration parameter.

[Incompat 20020201] Postfix now detects if the run-time Berkeley
DB library routines do not match the major version number of the
compile-time include file that was used for compiling Postfix. The
software issues a warning and aborts in case of a discrepancy. If
it didn't, the software was certain to crash with a segmentation
violation.

Assorted workarounds
====================

[Incompat 20020201] On SCO 3.2 UNIX, the input rate flow control
is now turned off by default, because of limitations in the SCO
UNIX kernel.