<<< Date Index >>>     <<< Thread Index >>>

Postfix snapshot 20030917 available



Postfix snapshot 20030917 adds the following new features:

- Support to black-list domains by their mail servers or by their
  name servers. This can also be used to block mail from domains
  that resolve to Verisign's mail dump for non-existent domains.

- LDAP session sharing between lookup tables in the same Postfix
  process.

Available from ftp://ftp.porcupine.org/mirrors/postfix-release/experimental:

   298020 Sep 17 14:46 postfix-2.0.16-20030917.HISTORY
    17875 Sep 17 16:09 postfix-2.0.16-20030917.RELEASE_NOTES
  1477020 Sep 17 16:10 postfix-2.0.16-20030917.tar.gz
      152 Sep 17 16:10 postfix-2.0.16-20030917.tar.gz.sig

And soon from the mirror sites listed at http://www.postfix.org

        Wietse

RELEASE_NOTES file:
===================

    Major changes with Postfix snapshot 2.0.16-20030917
    ===================================================

    New check_{helo,sender,recipient}_{ns,mx}_access maptype:mapname
    restriction that applies the specified access table to the NS or
    MX hosts of the host/domain given in HELO, EHLO, MAIL FROM or RCPT
    TO commands.  

    This can be used to block mail from so-called spammer havens, or
    from sender addresses that resolve to Verisign's wild-card mail
    responder, currently at IP address 64.94.110.11.

        /etc/postfix/main.cf:
            smtpd_mumble_restrictions = 
                ...
                reject_unknown_sender_domain 
                check_sender_mx_access hash:/etc/postfix/mx_access
                ...

        /etc/postfix/mx_access:
            spammer.haven.tld reject spammer mx host
            64.94.110.11 reject verisign wild-card domain

    Note: OK actions are not allowed for security reasons. Instead of
    OK, use DUNNO in order to exclude specific hosts from blacklists.
    If an OK result is found for an NS or MX host, Postfix rejects the
    SMTP command with "451 Server configuration error".

HISTORY file:
=============

20030916

        Feature: ``check_{sender,recipient}_mx_access maptype:mapname''
        applies the named Postfix access table to the MX host name
        and IP addresses for the sender or recipient address. If
        no MX record is found, the A record is used instead. File:
        smtpd/smtpd_check.c.

        Feature: ``check_{sender,recipient}_ns_access maptype:mapname''
        applies the named Postfix access table to the DNS server
        hostname and IP addresses for the sender or recipient
        address. If no NS record is found, the parent domain is
        used instead. File: smtpd/smtpd_check.c.

20030917

        Feature: ``check_helo_{ns,mx}_access maptype:mapname'',
        same semantics as sender and recipient.

        Multiple LDAP lookup tables in the one Postfix process now
        share one LDAP connection. Code by Victor Duchovni, Morgan
        Stanley.  File: util/dict_ldap.c.

        Performance: with prefix_domain specified for an LDAP lookup
        table, lookups of @domain are skipped. Code by Victor
        Duchovni, Morgan Stanley.  File: util/dict_ldap.c.

        Safety: check_mumble_{mx,ns}_access refuses to be used for
        whitelisting. The Postfix SMTP server will reject the
        request with "451 server configuration error" and will log
        a warning explaining why. File: smtpd/smtpd_check.c.