On Wed, Dec 01, 2010 at 03:11:12PM -0600, Stan Hoeppner wrote:
> Victor Duchovni put forth on 12/1/2010 2:28 PM:
> > On Wed, Dec 01, 2010 at 09:19:52PM +0100, Bruno Costacurta wrote:
> >
> >> I intend to upgrade Postfix version 2.5.5 to 2.7.1.
> >
> > May as well use 2.7.2.
>
> The OP sticks to Debian Stable and Backports packages Viktor, as I do.
> We've waited almost 2 years for something newer than 2.5.5. Unless
> there are security issues (which Postfix never suffers) then the next
> backport we'll likely see is 2.8.x some weeks or months after Wietse
> officially releases it--this coming directly from the mouth (fingers) of
> the Debian Postfix maintainer, Lamont Jones, in a reply to my email to
> him of a few days ago.
It would be unwise of LaMont or Debian, having selected a particular
Postfix 2.x release (say 2.7) to not track the patch updates from time to
time. I understand that Debian stable or backports won't switch from 2.7
to 2.8 any time soon, but they should integrate patches in a reasonably
timely manner (weeks to months, not years). Between 2.7.1 and 2.7.2 we
have the changes below. They are not "critical", but O/S distributions
still need to not sit on bug-fixes too long...
20100610
Bugfix (introduced Postfix 2.2): Postfix no longer appends
the system default CA certificates to the lists specified
with *_tls_CAfile or with *_tls_CApath. This prevents
third-party certificates from getting mail relay permission
with the permit_tls_all_clientcerts feature. Unfortunately
this may cause compatibility problems with configurations
that rely on certificate verification for other purposes.
To get the old behavior, specify "tls_append_default_CA =
yes". Files: tls/tls_certkey.c, tls/tls_misc.c,
global/mail_params.h. proto/postconf.proto, mantools/postlink.
20100714
Compatibility with Postfix < 2.3: fix 20061207 was incomplete
(undoing the change to bounce instead of defer after
pipe-to-command delivery fails with a signal). Fix by Thomas
Arnett. File: global/pipe_command.c.
20100727
Bugfix: the milter_header_checks parser provided only the
actions that change the message flow (reject, filter,
discard, redirect) but disabled the non-flow actions (warn,
replace, prepend, ignore, dunno, ok). File:
cleanup/cleanup_milter.c.
20100827
Performance: fix for poor smtpd_proxy_filter TCP performance
over loopback (127.0.0.1) connections. Problem reported by
Mark Martinec. Files: smtpd/smtpd_proxy.c.
20101023
Cleanup: don't apply reject_rhsbl_helo to non-domain forms
such as network addresses. This would cause false positives
with dbl.spamhaus.org. File: smtpd/smtpd_check.c.
20101117
Bugfix: the "421" reply after Milter error was overruled
by Postfix 1.1 code that replied with "503" for RFC 2821
compliance. We now make an exception for "final" replies,
as permitted by RFC. Solution by Victor Duchovni. File:
smtpd/smtpd.c.
--
Viktor.
