Postfix snapshot 20030917 available
Postfix snapshot 20030917 adds the following new features:
- Support to black-list domains by their mail servers or by their
name servers. This can also be used to block mail from domains
that resolve to Verisign's mail dump for non-existent domains.
- LDAP session sharing between lookup tables in the same Postfix
process.
Available from ftp://ftp.porcupine.org/mirrors/postfix-release/experimental:
298020 Sep 17 14:46 postfix-2.0.16-20030917.HISTORY
17875 Sep 17 16:09 postfix-2.0.16-20030917.RELEASE_NOTES
1477020 Sep 17 16:10 postfix-2.0.16-20030917.tar.gz
152 Sep 17 16:10 postfix-2.0.16-20030917.tar.gz.sig
And soon from the mirror sites listed at http://www.postfix.org
Wietse
RELEASE_NOTES file:
===================
Major changes with Postfix snapshot 2.0.16-20030917
===================================================
New check_{helo,sender,recipient}_{ns,mx}_access maptype:mapname
restriction that applies the specified access table to the NS or
MX hosts of the host/domain given in HELO, EHLO, MAIL FROM or RCPT
TO commands.
This can be used to block mail from so-called spammer havens, or
from sender addresses that resolve to Verisign's wild-card mail
responder, currently at IP address 64.94.110.11.
/etc/postfix/main.cf:
smtpd_mumble_restrictions =
...
reject_unknown_sender_domain
check_sender_mx_access hash:/etc/postfix/mx_access
...
/etc/postfix/mx_access:
spammer.haven.tld reject spammer mx host
64.94.110.11 reject verisign wild-card domain
Note: OK actions are not allowed for security reasons. Instead of
OK, use DUNNO in order to exclude specific hosts from blacklists.
If an OK result is found for an NS or MX host, Postfix rejects the
SMTP command with "451 Server configuration error".
HISTORY file:
=============
20030916
Feature: ``check_{sender,recipient}_mx_access maptype:mapname''
applies the named Postfix access table to the MX host name
and IP addresses for the sender or recipient address. If
no MX record is found, the A record is used instead. File:
smtpd/smtpd_check.c.
Feature: ``check_{sender,recipient}_ns_access maptype:mapname''
applies the named Postfix access table to the DNS server
hostname and IP addresses for the sender or recipient
address. If no NS record is found, the parent domain is
used instead. File: smtpd/smtpd_check.c.
20030917
Feature: ``check_helo_{ns,mx}_access maptype:mapname'',
same semantics as sender and recipient.
Multiple LDAP lookup tables in the one Postfix process now
share one LDAP connection. Code by Victor Duchovni, Morgan
Stanley. File: util/dict_ldap.c.
Performance: with prefix_domain specified for an LDAP lookup
table, lookups of @domain are skipped. Code by Victor
Duchovni, Morgan Stanley. File: util/dict_ldap.c.
Safety: check_mumble_{mx,ns}_access refuses to be used for
whitelisting. The Postfix SMTP server will reject the
request with "451 server configuration error" and will log
a warning explaining why. File: smtpd/smtpd_check.c.