---
- branch: MAIN
  date: Mon Sep 30 15:21:15 UTC 2013
  files:
  - new: '1.267'
    old: '1.266'
    path: pkgsrc/mail/postfix/Makefile
    pathrev: pkgsrc/mail/postfix/Makefile@1.267
    type: modified
  - new: '1.151'
    old: '1.150'
    path: pkgsrc/mail/postfix/distinfo
    pathrev: pkgsrc/mail/postfix/distinfo@1.151
    type: modified
  - new: '1.30'
    old: '1.29'
    path: pkgsrc/mail/postfix/patches/patch-ai
    pathrev: pkgsrc/mail/postfix/patches/patch-ai@1.30
    type: modified
  id: 20130930T152115Z.669b85330db1a97589f43b6d821965f50317a98f
  log: "Update postfix package to 2.10.2.  Here is brief changes.\n\n2.10.2\n\n* TLS
    Interoperability workaround: turn on SHA-2 digests by force. This\n  improves
    interoperability with clients and servers that deploy SHA-2 digests\n  without
    the required support for TLSv1.2-style digest negotiation.\n\n* TLS Performance
    workaround: the Postfix SMTP server TLS session cache had\n  become ineffective
    because recent OpenSSL versions enable session tickets by\n  default, resulting
    in a different ticket encryption key for each smtpd(8)\n  process. The workaround
    turns off session tickets. Postfix 2.11 will enable\n  session tickets properly.\n\n*
    TLS Interoperability workaround: Debian Exim versions before 4.80-3 may fail\n
    \ to communicate with Postfix and possibly other MTAs, with the following Exim\n
    \ SMTP client error message:\n\n\tTLS error on connection to server-name [server-address]\n\t(gnutls_handshake):
    The Diffie-Hellman prime sent by the server is not\n\tacceptable (not long enough)\n\n
    \ See the RELEASE_NOTES file for a Postfix SMTP server configuration\n  workaround.\n\n*
    Bugfix (defect introduced: 1997): memory leak while forwarding mail with the\n
    \ local(8) delivery agent, in code that handles a cleanup(8) server error.\n\n2.10.1\n\n*
    Workaround: down-stream maintainers fail to install the new\n  smtpd_relay_restrictions
    safety net, causing breakage that could have been\n  avoided. We now hard-code
    the safety net instead.\n\n2.10.0\n\n* Separation of relay policy (with smtpd_relay_restrictions)
    from spam policy\n  (with smtpd_{client, helo, sender, recipient}_restrictions),
    which makes\n  accidental open relay configuration less likely. The default is
    backwards\n  compatible.\n\n* HAproxy load-balancer support for postscreen(8)
    and smtpd(8). The nginx\n  proxy was already supported by Postfix 2.9 smtpd(8),
    using XCLIENT commands.\n\n* Support for the TLSv1 and TLSv2 protocols, as well
    as support to turn them\n  off if needed for inter-operability.\n\n* Laptop-friendly
    configuration. By default, Postfix now uses UNIX-domain\n  sockets instead of
    FIFOs, and thus avoids MTIME file system updates on an\n  idle mail system.\n\n*
    Revised postconf(1) command. The \"-x\" option expands $name in a parameter\n
    \ value (both main.cf and master.cf); the \"-o name=value\" option overrides a\n
    \ main.cf parameter setting; and postconf(1) now warns about a $name that has\n
    \ no name=value setting.\n\n* Sendmail-style \"socketmap\" lookup tables.\n"
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/mail/postfix'
  unixtime: '1380554475'
  user: taca