postfix-devel-3.5.9-150300.5.15.1<>,eep9|KJ=XqC][_Ɉ'zi4RZkXۉRNhDv1XG6gj5/GD PSbb0 '&]i%o[]J0?^۵NBٔ0U|uvdT–">;?d $ P 3JPX    H T U0Y^dHdlhhhi_(i8i}9k|}:t}FeGeHjInTXohYop\o]s^bcodefluv`zCpostfix-devel3.5.9150300.5.15.1Development headers for the postfix packagePostfix aims to be an alternative to the widely-used sendmail program.eeibs-power9-11 =ZSUSE Linux Enterprise 15SUSE LLC IPL-1.0 OR EPL-2.0https://www.suse.com/Development/Libraries/C and C++http://www.postfix.orglinuxppc64leYH & w4/zN 9aBTEL,/.gdK_`epJgw]jPxYbcR0%Wn   +z%Wd6eV `[c'UC{^3C5,j$.)2S)\4  f $N" Jy! f^v 3-w%h  OE7V1c we -MeH^XCgWt Wid l3)d_'z[ 8`GdF,& a/A큤eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee73d005a1ffc794a49045af35ac167a30a0ce9ae7f9f70d4919a2adf51f42169439d3fa69d8540abdec77e4c1cf6de4a100899925af46e769fa143b1e33afb6dcb5022cc0d62ea690ede10858e7ce904fc78814a93112bb5483bb04cf0dc48d2a72dcca6fff538c534da029d4684f5a0963f207f23d224fc344fb39827f5d9ec6101250b0f65495beff396c578e4a3f065dfcef060c313db0159cdc96bbe22f92c95aa177d230d9b49b1f8e109fe830bfb36ebbd1285faa1546dd2d2354c57bb6ef216c09b06878e99a7778bed3cf5a242c4e5d40ea89903ebec530bda8ee65a2b1dee3498bac1d663ff9189574baf6c1980ecf7e3eaad5796995d92ac30c1913f96428631cb2382e35871cfcf133daebd52dd2cec17b7bb7b9cfbf45048103d874b299d56325c664b4d6b81cbb01cbb194a3176dddc387c98b1eb811114047963d353d0f254a4f89f1ac342cd6236a8cb28a8017c63a860295938fcb5fdffb4a4ec1c390d0816b7bb25d63a14ae35d7bb92a568e358df3dd7c073b6d1685df14f72fc9a46660e2faba82f7d40629b8e5686f2461c50f5a9a1606bd91bcd323283576c50bdcd290e60dba43b0ff6dbecb1ad2738a40fbc0c6df0784f3841c98b293c76f5a249c464f759529e62a37ab7079a8fbeff30e7ef223260033c8a50b9887a0789a30b07c958a298f1a648485de199c2913327ca495c83695dd870ceac80bcc54d954d6af4de59ccf1ffdd5e5691a5c997ba768f2ab954ac0c73ca7c69ca2106f5979ee7dc7d2f4f0694579ffd6e2b223cdea2c9578df5892fa6a4c51470deeb876b6442726eb42e331d90ab0b201fcda13112045d5cea358ef00b037e5553e5862f7a333fc5578d3af9cbc23c8e87678dd360319d3f8996f2cc8a62cad09a72af467af249879a297f449d23917c802736ae58e197bc4b92de8629d90bfb305833822831efa17dbe29def2768ff653736c1098f3d6ed277bf8bc874049a52accdc041c5251addce1483c0ca312b05b08d7f40db0cd72a64bce33434ff798b378413a8ffa6678ad7762ab0a5766ecf2b95dca34f384eb08e59461a75e5bcc0ab1e30f56310d6f592793e98c5aeb59d91002bcdcfe4547c62700fc17c037ef11dd1a1a035e30c02cff18f5c9ec8c77a2c1d03c92e89ff83c009b8b653a41d43a2c01281cef51048fd685e87545340a0da4d51739fba614fef86d3ebd87741434524d76edc9f2e9b70918af923bafb3aa359001f5347e81c1259ad2117331e65e594de896695117f6ac8111ca19da46a5e671ae9077a99c593ad19d569d16c155b252123cbcbc82f71cf61786528d745fc64ee06f5ddfd8061b2d0e4a0075d01b564d5d8bcd2c96a465a9c9cd4e913a00bdee2ddb73a576072530d8061c227e746bd2232758ac3c8b34cc98a58f5df9c016e07155541b1854cbf903eb4815bf818a9669dfe0c247c1b01810b25f5dd0e71f7c65ce593481fcad7058c56c5e5baf1f65bd9435de28a1f9f1c3df83a94eee828e8a914a5f541be0608dd6ee30d48fae1053a298f0a221c07f5524f79b47ccf7f666a13c3b8f3ad43b2a5f5fcc786f90a9db8b0a71b11b1970e3fd91d62b8ce50efb2e5708ac5dc0d3f40e658bf75e2498069f637b8ac590c0c85c467dea853a710aa44794fdbe2100ed21c2f4fa8af69a03a8c3e3efd4485b15b04eedbe7c01898ce9f55df629c80ac9047c2b1884de27b6650d78711aeb9d863fc19899939a5fc6f1226aca222130ab0672e9ca73f44c48d5338ee2d5c369b8179a9ad671aa4e464aadf8236a5f266644605272050346b4f54779212bce2c8ed40ff3940dbb613f2858155fb3102aa35d75cdabc22860f8633971bee18a2b14a7b7c9462d594470365075054b0eef51eea1de1a7d6f24a0e3f0717b7e44b055d6c2ae2feffb9268976019535ec4bade566113014a506f794ead1e72ef51f8439546fb5c129d98635a98f9c3ac6f959d13258f96937b3881a884121657641d058b6782c5c8938457c9a316f569c7619b05924c97477f19a97633c13491ddbfa766f837f7254119faf3e2406df15ac4772e9f2a9c0295c775e3cd344ba55dffab7e7896e065e537e78d4a618531af7c94ff43d7a0a642f35b23327037d302d8e4f6f6603a08e15f587f37d73768870f7ed7cd94642c8998416d720ae02506bec4441a61177f1416da79f8d126d7b17fa1a7da8385dd0c4ea915ca6a467e5469df0f8f93716f67e7f58e1eae0363852deabe752fa3b833184c93e5626bd5b531e9b977f593de97075406d4938a121aa0e46481343865a59889381c988e055f7d9a30043e340959efaa522cf51b22677d02b1531419d279e483a47c8be473217c5cc1410a399c4ded6b15369704bafcb53d5a15f520d2320555214153f4491fd8e8906607f807f80497136e9fe14c0b0881b99faf69d3158fe5ecb38edda1f5a2bc231a3b63ca632d0fd950c6d4862536b8a7edab2b86cb543be91d084f1a913bdd6aa9158dce9c1a3e2560e7e6625a9d03013afd74a1d4e898857a433229eb0cec54393fe7452c18d8da3c3f63183e640004ddab989fc2c25058acb159660974d34a4b1619f1ed5c179b285111323147c2f04bd05b2a06790c36a38321cc2a117d8e778b633b3b2c35997d386b579e1c398c8573dc8707b9d0321bffbe081f414bd857f8622014396813cf6bc02aa90ba2c56eb27958ace4c6bf7afcc3f46c2913413e5102e8da7de9773a03456589c4cce47631a1c64d0b8bf94851c8517366f9233dd6dd684fb4806ffa27d390cc4b6a77b79bc3f11feb1739b43d4f6e06e525c222e7638fd8f28de45411bd8737ad32a98d69f98af547ff8c0e07b212092916f6e47f5e6503007a9771103df013522b08d5e9bd8bf60d2489c0759ff337e216af3f9e7bf76ff04370d06b81839b0ea9700b6dfc0829022cbc14df70e977a67b40c4e3d85f87b964fb4144d6febe81519def505e97f9e1621bb616a4d5d342e2b16577f83b4938623266aaefaf3314e4a6fa46baae4ebd4aa4be95c6fbdcb785181c49a5bbf9448fafea04f5c419d4d20163658b45c50d5880c93764386473b4f482fcfcb6482ebdc8fd7ce4a8338a32946586374709dc46c928c833419d61a1711dca11737cd7269ebfd022cca5cf79e22b324cce9b41b0f069cd04571612f621238e2f7b525217aed4d3ebf8686afc3937c99a200c2a0066b1bdd87a488f046130abc278af824b592139338bdc6e6cf977af9bb168780efe8fcf299dcab7cd731e1a6eb8b644dbeb6918284fe3ed67486be8bcb45b7aa41b13772e14489eb99db19634918896781b5fc9de276e718a85bc132a94021141a21c66ad0dce28a3e7ca0ed6cf0ce1926885dca18a42973e1b81df9db74ec8b75e507bd5690c28a596d78845fd72743353ff522a9a47eddee534431fb41de0fcf32d4be9fc3d7437ae13bad8ac7845c811a1c131da8ad3a0cd4a2e992da5c025aac53df30ab8a506cede426667f78083c37732afd96f109d17ba763222a80b62ee47e66a5c76b1cd918b7ec38b509a6d2479dea7400b2ae804c08bd7b8441b056dd093f3e6387a383e46a5edadd443fd71c49b8bb48654130063d7bc8dd88583ba207d786cf94ba95496e65535632454cb36c16952500929fbe7b05d85cfd9eef0066c9258c01e111f8964b36e9e5f2782b6988d74c51b113d934cd06dacbe094607bd15c3528403e0146e85cc64df7e66b922c770e5fa94457d7b65d4a56b62ed38dd355db90a90f6e85c6a3d53b749900e137e4d2a3a6df508afc8197a9bc588f48bc86cfcd400c7b633cd022edc3b4e7b23b426193e070b329e39f0b59f767416032be0994174aef3ff7dab965b6be8d2691bbad5fc114ee92e3575f68bda663e65a3412eff67ecd7f834fa7086cc2f703eb0b68260447e41720da80504e4f29df860121be8eed83315c7ca39fc86fdfc5011aaf0b9751c921027717746bb0e4108ed5cae03e70a4ad7f028a5408d11ada09a539a6ea4b8280785393df73bdfac85d53b59861fa41fac3a26e613e3fea7515c6d351c345b7567a79bd9b104bb6076e04481855329a9c99cde2113dff52f932a37673a07dd42d7b7f33c1a8f1ec6b50dee9f0fe923a50cdc4b19150e8f6bfe53ce135c6bf955f7355ddfc302afab672af7cff10725ea4b789562782b4ce641d34fa8fabc397db29df084d4e53a364830234df40298dfd8b50611f67a7354890ab8a5fd906b8d71c62eef6f10630416efcc56026218b4b16fd72d9be6cef88ad25a4eed8c8e5984c8f6290cb1c7201606ba3ceaf399cf93b96a06cba15f7cc67c5f09dd0e79bffcd792e2d64e749809356bb50e4542c8c88e65b14d6312771d5a506bd42669e647cfc663140055110086ec499fc2a4474549a85c315a7137a96582e007ae72e19efc5753a832d53552efe86b04dc0727fe0e0c4b0a23cc77759ff07dbbb95609b025f37e6e65c1b040d0cd394ff01c8e9640f6fa8db41d4c2899a33c91c76ca28f4b50b4178aa5db5ba76c639062dcb1dfdda4d3ef5c55163943c359b51db522b2ad8b888660a5dcf486bfd7d7f58c33492e6de63a7550e8f42f724cdc85f0c0fef3d6d965e3ca39e4668f242092369ba51acebef20e0b17c466f0a9f4c916a1f243050479977e418f2820ecb48391aa1af4d76c530e326be93ca21b5a646e4f89fba0e5426c8cbe7a2ae1e9a320c3188b8799093ddbb931675abd195922d03b9a3a81acf18521ebef320a3cd7bf2f0128dd43ac94a0ea0f7dfd46fc2c97cbf1f814881a5b582acdaa29b6b2de5c8e469829dec1f4117b5b47c1070617cdd4f13b6e820895550003cd393c50751e9504213ea2f6cdfd660f3f8d1c0a2a0ae71d6d9f9ffb7a60c8a6d07bf64d2f00b6a765a592ab30113ac772556481f98a095daef0e37d3a6ff36994ee888e17791a8872cf35e17e8418a0e88aeb44c85a1ca470f2e8bfbdab642d5fab171cd5b7c93d4abbe2370cb559499211c5f626c685cec5a3cbf495b25eb48d194359c49e9858b620c9f9f07ff71bd734aaf2e406c9095fa1d88d924f35b79984e8d0b4128c655c2ed19873a23652bb50050f43b3f4baa14c97037b405f9a878c4cd2c9faccdc685162808dbda0b27f58e5bb3aca5e5950091ddb13f0d45216d1e834899eda1232d4c8006b56b40e3a4b32abd7ba9680ba465de256acbff40657ffe5c0ee3cf7aeaea45d01c3af231131ba3a41acc3c71d41c1313d2e65b7dbee7a3e55204ab7543c80bde11d5533bfe093dbebc7c8bfb409041c12b644a7e9681ac47dc3c431b1e122fb5fb2e8afc273767593a6ba9e83e8312876277b07bd59ee15bfcf3adf91f01e537064a24d37f5149fe9053a8697e54e9775770ba323a80aa3b34ed11c78d75b41a60e9e29595bd26a84f56e00fa2fb9f0c8f88eab856d87e8617342fedf5a6544e8a98f542c3a90ae352e370715e30c0bbbc5370793cfd0f7eeb9946946751a308139847aac7c5d7f4842a845f430a9ffca9ef9fd9749be1ef4136098efdaf0316f3f88e3d584b8c0c94104bd09147760ed81de6dc8854309004023dec3f4fc9c44cee5f5f846757df39a7e0bb3dc72dad1e157fc588c4926687f8f0f7fb384f8a77c111ee322427ac85bb0746168994addd85c1613ea75068d68d36f29d384a128f765212784b729878a7450b0311728804f68d473d049a63b2f52d9c6279d3d16b003b77a014d65435fc90e7bc778eb00fe2cab3fb4e93a8b9c53410b12ef2aaea4ed05a6600dbaa424b61131f079144cf2a72e285294234fe90fd5885e24740a13078cb7395fc4186dc308faaf020ba195a52b7c1f13d4a77e53476d819176151721fff49cf28308e4b4b9aa364f860a7bdd36606a1f4e6a84369f926267f9b39400f4847bcdc228aebb3568c16a9b598b9669da6f57d35d62d05017f1afa8ca84387b88217850390813aac19117cc8e8d62b17153dcd9d5facf9b0699993a1449d294fb8a97b0095dae511669106857f9bf2f13ce3e70b49799a43afdbb0b8268d18651e271dd2303982769dd8212ea0ffe82409751d321750ca2fa69a963d486ad32cfd21039b00b1a3b27cc808b8dc0585163a0533d7d5950bccd531c63017cc0743458adbfc0f08cf57d7e4c08245fa33a26bcf9cc2d02ce53f99b7f4d4dd008f5aadd8586912ca3dd143b7cf37455426541e4e9c596ced1817da9b96397b319141962d0b963d4818e74336eab5a970b54f3c877f62250776b7571662039f9f30fbf45dd6a8ccbeb6663946db4c6a322b1ee08a1560d43ddbdc068f094af70404ab186331c994ff3180623cdb82c51eafc5aca7745ae41de677777a82dd851cd3de191b4acf7e791d091c8edb4b92995d38a68a3a8bb2030db84ad83b4eb80bb8f9356f184b9dda618b5127069873dffa6c33430787b96c0a7c7c6389d5d9ff097a9532830e25974926f38b22f22ed25507a38e178927ebf4be1756174757bd2adb68d895780836c93f747ac86ddfbf4ddf191d800417b9b15567df91792ca3294bc712d71a3b3a1dd0d2dfabf12bc304eb167ab3d2ba5248cf21f6aa557c0c87ee59e90e2b2d0ad73c516c30c08aa7f35e9052682de38472f6d5fff0e734b1cd694a7a045dc1e827992ec69c92f6fa65f6daa988091fe92a07c0e90cb573c6d83daabfcd15319e4e1c311766b63571bf5be32cf3a19084e2f81e9ea9675814c1bbf9c5bea4c32af70552f990098f119c877252c449e66f7668589e5e56aa8a80a4463d2c6b3ca148961df6b29793462fbb5f603448d0fffca929e693488e66c65268887bcec5798d2b27d2605ac09f237e1cfd4cf6bd38bab4741facad18c960a8e05c20adfe0e52230a362d8edf261721561c9b63771004c16d3e3a49c86a5b597f6c4983907eaafadd970ee608fe7cda7a79d464f3a77ce2bba01eb1a7d6bd0c704b3f65111020c3fe60e2d978d3ffae4f8cb48ba60f0ad39819e9f98043e1d616840995b0761eae914a1ff756ac91a2223618823db46497dcac679db200076a2bdc3ab6f3b58f9364802825639c6ee4a1c44e2e5db863acb45b334df1f30631a9b834e0ad6a83af392eac6e7c50c0ecb5a925160c4e0fc0e0e00a12e1e446914aa77904ebb1f58a9712cd92c5872a01cb8e3214ce06d682172b883606218c8bc7e5327b92e449e0035337205e456f45b707c62d1d86ba63d7a3fb8ecb9095afe45d3e178068a7c65f86b7c24f3f286cb87525e18cee6f7d333fbe7568025b6aeae75b294188846c66f727015328e1157cbdfec2512c39c43ef6c75268e3821b387425a426f80ce906ec707b79dfc5c67d45db47160055a43f57a2f5f6b8f987db4c549b0d850c52fe4ec5ded2cce050efad2e1818c3b273bffe9200254a5c6462f754f37c2eeb14ba4ede7781ed3af2e403c08385e9a14ce00742989fa8b7936355fce031e1b5fe0c9410a1d3a9b2ea425a3db9105afac103517edbbcaf8bfb791ec541730b072dda304298b46bd8e438239c2ea4af9df534d2f9a9b9cdfefe3e839ccf60dd22396dc4f2d254963ed313ba9d18cd3e8c9021b0da7d8b21046080a7fdd3fd41fbbee826d1cddb281a67e12415fcc799b60e13a30caeeff0346a3816ed8314b4852e237ab3b46600d635dc8e38718be7354c1763780fb2780f9fadf957c3662dd0dd855d287f009d25a42a85f8368e7d85d0763dd8b802f349c960fa2eb07ec0cb46b07b06c0a67320ca0fef773c6a2339b7c45bb5e0a72c90b01c3a761837a846fb3e93a6ebe543cf477873acd450ba182e82260882c4ea432ddc70fac75f52817825a9fc1683d53ae6c56a4ba83c082e45753e3e70cbbc1da2a3728a2cb6af08192b3e2f8ae54bfb54cb2082dfd99d1a42a2a021d5b95499c10617676ba0e5ca2c29be5edad8bb37fb26486d24aec7341f657dc289e99abf721c65248dd2e1822a4faff4c9dd0fb2dbe14a8cacb013bd3245560d40ccc5f10abe125e671c3e88ffc509f52cf9d42290399a1c3c0c8e64be93a3aacd4710b2a5363c2a219c5bfb6b79e2c04b11a4baf3eb100d4963a86316f32ebbab6559ede134896034bcc23fc88dd691bc6fd22bc3de8b592e59440b4ab88cb0965b646aebf7a74cb50c6112329aeebbf9fe5b579a458a4faa4a2741f13b68b53fe9dd3741d706f3e21f4cf31ed24b4887fec351adb0696642163fdf89e9609e52f991d5c19c2b9bac771eb55deffa4304a8fe9aebff4ea3b41a0f69c55307bb535514c4043798a2cfac3a8859a78d90148040a6be16d1a32b9b20f28e4ef617ddbeded98098f89cceff690511cfb12ab45e8a59fce1300eab5a2b6d2cfef36524e53f2123bfc02e670d3f88da91504aa9a5f4ade16db53994592152a011452edf3fb61fa1a5fc8be4730feafa6290a4b83df214265eff4a5710d72cfe60233820ce1581e058c6654055f5474fa6ba059390965f4edeef6df132e653ee9c5d91270460395e551a0ad43d538f1d01511e6f763d4695019adf5dec85eb56725ff51c82e250807f931da57f1d2835a729400d1d771cd973d14594853411f9d495f365630697179320af81876c03d5ac4d03b587790df8fa9791b1067f3f78b03a095b6f0d00a6da14e48f919df41f6c398b131b6e009c74117d1c10619143b3d07e3e4c5bf8e1cb516d43df7b3cece56233a4ddc77c09b277f409d160d8fc864bc7b120a88894fa4c9e7fe3f7fcd7bdeaf894c5d0247168630db2d9b6f87937fa39f321c5939b0abffe03b6ad5aee66cd7435c3c2a6a9df246873db5415e5b5066652ed3db64139aaeb9112620bcfaad1666926df3e4b501d5a323d83dffc0dc93612a8b143a5e5c3dfb4f7e1fcfd9e175cd7aa5f1f61fcd0cadb736e552582b074706b163b133adb9031a481a588567a9124a3f8b1388b4b5c210cd08eb736efa879dd2ed76d123e68fe617b4caf480ae102e366096b779a8f7abd5e25cceaa42488ede263422fb54aacbeabdc3451a580079ddc0994ef1969954a409290d14a76a1bd6501b1279b5b9a1e3f484cebe6dcf16c6d3c27218d337b6d50126e5c3afdec4173e738e338d413021f47dbda85f8b0e6fab42a3c9bcc1fc84c299095aeb849686d97df8b21ef103892903d2e2421115c7abd07e397b9380f6a172f09f14d988658e59168ac729e31234ceac1e49d3fac2b04fe0f8d522ef92bbcecb0aaa3398cc55e684200ce6d0525a5e19a64f1d5d0fbc081f996086261bd0c4406a48993b2f63a53fc5f9085f700ff71f20da8f807a62c301f927d186db9cdfec94dc54ac5c8dff4c5e00a8a173ce98eef5974a70a6d41160c8601844e4a0ea1adbedcd708c39c66ce005e7f23ee96f911243338ab88423e74de508eb9ad72deedc1bd34ecbb9d00fc8b8c52ac14ebfb74c68f5bc9143d70ec9506bb7ec913fe58cbfd9fc514cb00bb2baa8843637a558b3d6d75fb7f9ecfd6a2d6cda6503b5c1e1b19106eafdeed467fd99ca56e65a5fa359cfd00578ddc74ade538a1a2007b0fbb4c1028447de1a40215dd1dcc57e3c7603e7a29dec3366144661247a65f220c121a82262fc31b1ba0ee1c1127eebf1082af5cd38fb0a577d961c371cd4f62f580b6fb22e555f48d4a6e0317b90bb8924b43a99eab5f1d49233f52cc5939357eeae26524ff51c99e722b13838b5bdec9f1a0d9e2cee3d8dd929934764a5e2b3e44ca98dedd3a064183ad554b5ff3c9630a68f28ce6391d07733263266ec354acf45ee51c10bdc821f3587e592bdb85e8aa2e60988fae9c11a3533877edf0a1d4e205e5c26b249aac7adf2930eb68cc8f5784b89c3fa5e781b94854f69a2d41d259be30035c32f5a0a04fd138fa49a0590cfa6dfefe60865127840dc172ebba2d32e03555805207e00342461d0fa82e384186f474f2f3933e49cbd80eb434bde51f23c60391d0fc578d34fbf318b81131119afb5112394fcedb113dce3be0f323542ca6fa6939fc5f00bf600d2d95882c1a93312d3cbd469f0f7394d9a47063c7d18ed31e029b4096343389fa44970bdf416e02b2ad84c2f3d1f9bd26cce5e1eff4548235e92fea0eafe6b344bd4c1d31a8438fbc0fe69f2bc41e5ce448d79292d14607147e92d5e2be2cc2e1a1054c7dc70ecce18e191362f54c4e25374b13f4824714da7484a7814238d1ae58e9f9c93bb0bbbbdbe8d217b4c2655f5b20dc2630bb35d638b6a492a26aa76172cc83db5050b79d9fd7a7fe50cf534eaba928763185a2bd1a9323bec4c3871381f54c9d7637209c024d05c0e29a486f2efbbf0da8773ae2a513cc4c02db4a724a9c7abb63924780f961ff09a2016fcc12169c29249df53705ee11f5b84efbf70a32bdccc9f8b9abc1d11d553ddc52b9684ce63552200ffc5c179a5d61036f8505e4f514e6bb2dabc49d4f53d6fb671fe2542bcbf1a1fde4f8b45be888fb9f3e5806f23be50d96e53f5a678b7a877358620a5862f26716332070f55b90991e6301d4dd741c2028194e43f7c4f99e710a3903fa4fc385ad22b1c930a36d9368213599c3ff0b9851abf37b785ccb4af43debe2f15580be9e0ad329364a26fa20f5c33953a26b56dd018929ccb2dab90b63667224adf38f668c731711a9d803c31bc5d71f4b419d1c270032ec53be0e3205fd452e42496f4c8fb776850c6f0569526ad37c80a1782fca88c350b3c8a9b8e6f55038f46bd4d6215f9038d6debf18ee6ec6be859aa2ff8e8d598a27f9a3e7ed49581e7e31c3d069d37a8e6f8235e3f8b3cd2df5df1fa5b3e9636bcaad99899a5602ed2a9c473278a1a0d145c74de52f8d36410e8386152b1217823b49740409506d635726c326b4f8ba183926b3155236911d5b4bdf15859d62780c449aef2da9af46f4211e8d81bad4b3f5bd02cf91b848a041cc757a46acf3ef08b09e492fbb04a51756aed3861123952fccb0db7089413c6cf10286745abf7b385b500c037ecace1aa4068dafc04f5bcb4c8c3f70b71514230db0a09c70a283be98d8ca21843ab1f08065d56173044a104a5f04073fb674773ac42c26b2481c1495c75b12c883dcf7a6f502f698222751d253c524bed02256b403162a8875d20e472aa350aa7a5c5ae3cb1cdb6fbe6266cf899175a310d1ab7934f62af6497e4b42c750758644af1aac691dba48d903c1aae597ebe38202c76083ee8f2447a7cc4de8abaa7d3aa7a90fad2da3005cc95385f32a2424ec6c2db366069eec70f3a18b0b295bc41e548dcdc454c8ffb28ed5c501bc186ac4f0ed8de0bcc574a725c83f1e6dc2d8c1fa46573a58a1d35ab60b0b964eba22acfc765f851cda0ea0405716856fbd4804af202e10c3cb606fe2cc4d23b3e64b6e8fa9c94193cabe0ca9b597da6c5b9fb10c5a2acb9526ccb4f78badd3fd8e05aeacbfe02a4ac75ad73e081393f8c52d30af491ec049c8b1f380b4b9f1019e16a61edc17c9063184fa928a749996d0b45e754548cb7603f4341aad1490531222c3603b20a41f9248a12d371e572e30a3da40da3e4bdb883f0ecdf61f2b02cb4c4a66b2007d93c9edad013d55e10a81f27423d2158cec9faef517bc723081a215c2dfcb8f484368992507c7db0d8bd384c61c579dd1fddb4153777581409b9b4ab244a1646c79c6fde824522620b50bdc0b8c03d0576a52ef298b849ed54bd09bc44da5b0d9b6be8f8049fede1adb22d58ff4a9b6da6d9eda2a6cc38e4754baab2eb3aa2884fe1b5f6d6e973801e59d103b7f05206ffb37640d52be1c5b8d604adbbb420394e9230ca585e66d0a1bf47e7501ff7f560e61816210aea260f5f614a48fb571f0023560e4f8c3e16e72aeb3971939cb205ff216276e17e039d1408f0d4c2c6c1b26bdbf09d4a223466a2711b533b090989cd489faec704be8c120b0678e2bbc9e458054c29fc2ad54bbc1f58bf28692d1d7dcf877fe20f8c0a7f5e15863ec784985662cb56a0f9aaca589e2276dc257333ba1ed5b6eb2a5fa260291f33e5ca45ab77b5f3639a866fcd6404f12ab8d6767ac40a7a70930b43ac4f2255596078d465cd8e357e21e0e385e178a19659082be85c704eee942e56ef62be2216dded6184e2274f2c0cb87fff6e414f76a2097991fe8187aceaffd203ebd08f942a17081fb969dae381e1e273a3d88025c9955da968e90143f7801e4cf678a531b8d77aa7eb191bae22687b4c6caae5c8c2d04661414964317e773d64d45d3cefbf3383c327f43957ef78f72bbacf63d29b25acbfd5e40abc11d68454fb34dd2bb1543a7db25766a4dba85168cd91747a5a3004983dca251f94a3544a4eaf67d0efd90377e3a06372798da80676cdaa3821302e917d38976c6dc71c3776dc3e3507865ae46aa844a5de40087ae274fd7e299074b5726038953135ff5b0cad1c1fbeeb2fadd217ed5172466f1ca56fa21f4faee900011db7a5874f00a9bf679571c65rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpostfix-3.5.9-150300.5.15.1.src.rpmpostfix-develpostfix-devel(ppc-64)    postfixrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.5.93.0.4-14.6.0-14.0-15.2-14.14.3e(e;dܺ@a^@a'@``H`B@`3@`U`__@_@_@__j___L@_D@_?@_/@_p@_A@^^^b^'@^>@^=@^ku^=Q@^:@^8 @]e@]@]b@]m]M`@]:@]9]4S]]^@]@\@\\\@\~d\}@\zp@\y\\\LK\I[[=@[ͻ[[[[ZZUZZkZ@Z)-@Z@ZY@Y@YMY@Y@YY@YyYC@XQ@Xh@XX@XO@XO@X7@XM@Xv@Xk@X9y@X)@X lW1@W WPWJWDB@WDB@WVVVV@VhVU5@U@U@UUlI@UXU6;U3Tء@TOT@TTT@To)@TeTN3TD@varkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.cominfo@paolostivanin.comsuse+build@de-korte.orgvarkoly@suse.comsuse+build@de-korte.orgsuse+build@de-korte.orgsuse+build@de-korte.orgvarkoly@suse.comvarkoly@suse.commichael@stroeder.commichael@stroeder.comkukuk@suse.comkukuk@suse.comsuse+build@de-korte.orgmichael@stroeder.comsuse+build@de-korte.orgkukuk@suse.commichael@stroeder.commichael@stroeder.commichael@stroeder.comsuse+build@de-korte.orgmichael@stroeder.commichael@stroeder.comvarkoly@suse.comvarkoly@suse.commichael@stroeder.commichael@stroeder.commliska@suse.czmichael@stroeder.comvarkoly@suse.comchris@computersalat.devarkoly@suse.commatthias.gerstner@suse.comchris@computersalat.demichael@stroeder.comvarkoly@suse.comdimstar@opensuse.orgtchvatal@suse.comvarkoly@suse.commichael@stroeder.comvarkoly@suse.comjslaby@suse.commrueckert@suse.demichael@stroeder.commax@suse.comchris@computersalat.dechris@computersalat.demalte.kraus@suse.commichael@stroeder.comchris@computersalat.dechris@computersalat.devarkoly@suse.comtchvatal@suse.comvarkoly@suse.commichael@stroeder.comlnussel@suse.deadam.majer@suse.devarkoly@suse.comilya@ilya.pp.uavarkoly@suse.comdimstar@opensuse.orgrbrown@suse.comkukuk@suse.demichael@stroeder.comvarkoly@suse.comchris@computersalat.devarkoly@suse.comvarkoly@suse.commichael@stroeder.comkukuk@suse.devarkoly@suse.commichael@stroeder.comchris@computersalat.dewerner@suse.dechris@computersalat.dekukuk@suse.demrueckert@suse.dewr@rosenauer.orgkukuk@suse.comchris@computersalat.devarkoly@suse.comvarkoly@suse.comchris@computersalat.dechris@computersalat.dechris@computersalat.demichael@stroeder.commichael@stroeder.comschwab@suse.dechris@computersalat.devarkoly@suse.comvarkoly@suse.comopensuse@dstoecker.demrueckert@suse.demrueckert@suse.demrueckert@suse.devarkoly@suse.comvarkoly@suse.commichael@stroeder.comjkeil@suse.demeissner@suse.commeissner@suse.commichael@stroeder.comcrrodriguez@opensuse.orgmpluskal@suse.commrueckert@suse.demrueckert@suse.demichael@stroeder.comvarkoly@suse.comvarkoly@suse.commpluskal@suse.comvarkoly@suse.comvarkoly@suse.comtchvatal@suse.comdimstar@opensuse.orgdmueller@suse.commichael@stroeder.com- (bsc#1218304) VUL-0: postfix: new SMTP smuggling attack (bsc#1218314) SMTP Smuggling - Spoofing E-Mails Worldwide Apply patch containing the feature smtpd_forbid_unauth_pipelining as default yes. add patch: postfix-3.7-patch06 - Security: the Postfix SMTP server optionally disconnects remote SMTP clients that violate RFC 2920 (or 5321) command pipelining constraints. The server replies with "554 5.5.0 Error: SMTP protocol synchronization" and logs the unexpected remote SMTP client input. Specify "smtpd_forbid_unauth_pipelining = yes" to enable. - Workaround to limit collateral damage from OS distributions that crank up security to 11, increasing the number of plaintext email deliveries. This introduces basic OpenSSL configuration file support, with two new parameters "tls_config_file" and "tls_config_name". Details are in the postconf(5) manpage under "tls_config_file" and "tls_config_name".- postfix: config.postfix causes too tight permission on main.cf (bsc#1215372)- CVE-2023-32182: postfix: config_postfix SUSE specific script potentially bad /tmp file usage (bsc#1211196) Use temp file created by mktemp- config.postfix not updatet after lmdb switch (bsc#1190945) Adapt config.postfix- postfix master.cf: to include "submissions" service (bsc#1189684) Adapt master.cf patch- (bsc#1186669) - postfix.service has "Requires=var-run.mount" Remove bad requirements- (bsc#1183305) - config.postfix uses db as suffix for postmaps Depending on DEF_DB_TYPE uses lmdb or db- (bsc#1182833) - /usr/share/fillup-templates/sysconfig.postfix still refers to /etc/services Use getent to detect if smtps is already defined.- (bsc#1180473) [Build 20201230] postfix has invalid default config (bsc#1181381) [Build 130.3] openQA test fails in mta, mutt - postfix broken: "queue file write error" and "error: unsupported dictionary type: hash" Export DEF_DB_TYPE before starting the perl script.- bsc#1180473 - [Build 20201230] postfix has invalid default config Fixing config.postfix and sysconfig.postfix- Update to 3.5.9 * improves the reporting of DNSSEC problems that may affect DANE security- Only do the conversion from the hash/btree databases to lmdb when the default database type changes from hash to lmdb and do not stop and start the service (the old compiled databases can live together with the new ones) - convert-bdb-to-lmdb.sh - Clean up the specfile * Remove < 1330 conditional builds * Use generated postfix-files instead of the obsolete one from postfix-SUSE.tar.gz * Use dynamicmaps.cf.d instead of modifying dynamicmaps.cf upon (de)installation of optional mysql, pgsql and ldap subpackages * Use default location for post-install, postfix-tls-script, postfix-wrapper and postmulti-script- Set lmdb to be the default db. - Convert btree tables to lmdb too. Stop postfix before converting from bdb to lmdb - This package is without bdb support. That's why convert must be done without any suse release condition. o remove patch postfix-no-btree.patch o add set-default-db-type.patch- Set database type for address_verify_map and postscreen_cache_map to lmdb (btree requires Berkeley DB) o add postfix-no-btree.patch- Set default database type to lmdb and fix update_postmaps script- Use variable substition instead of sed to remove .db suffix and substitute hash: for lmdb: in /etc/postfix/master.cf as well. Check before substitution if there is something to do (to keep rpmcheck happy).- bsc#1176650 L3: What is regularly triggering the "fillup" command and changing modify-time of /etc/sysconfig/postfix? o Remove miss placed fillup_only call from %verifyscript- Remove Berkeley DB dependency (JIRA#SLE-12191) The pacakges postfix is build without Berkely DB support. lmdb will be used instead of BDB. The pacakges postfix-bdb is build with Berkely DB support. o add patch for main.cf for postfix-bdb package postfix-bdb-main.cf.patch- Update to 3.5.8 * The Postfix SMTP client inserted into message headers longer than $line_length_limit (default: 2048), causing all subsequent header content to become message body content. * The postscreen daemon did not save a copy of the postscreen_dnsbl_reply_map lookup result. This has no effect when the recommended texthash: look table is used, but it could result in stale data with other lookup tables. * After deleting a recipient with a Milter, the Postfix recipient duplicate filter was not updated; the filter suppressed requests to add the recipient back. * Memory leak: the static: maps did not free their casefolding buffer. * With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a TLS handshake, after processing an XCLIENT command. * The smtp_sasl_mechanism_filter implementation ignored table lookup errors, treating them as 'not found'. * The code that looks for Delivered-To: headers ignored headers longer than $line_length_limit (default: 2048).- Update to 3.5.7 * Fixed random certificate verification failures with "smtp_tls_connection_reuse = yes", because tlsproxy(8) was using the wrong global TLS context for connections that use DANE or non-DANE trust anchors.- Move ldap into an own sub-package like all other databases - Move manual pages to correct sub-package- Use sysusers.d to create system accounts - Remove wrong %config for systemd directory content- Use the correct signature file for source verification - Rename postfix-3.5.6.tar.gz.sig to postfix-3.5.6.tar.gz.asc (to prevent confusion, as the signature file from upstream with .sig extension is incompatible with the build service)- Update to 3.5.6 with following fixes: * Workaround for unexpected TLS interoperability problems when Postfix runs on OS distributions with system-wide OpenSSL configurations. * Memory leaks in the Postfix TLS library, the largest one involving multiple kBytes per peer certificate.- Add source verification (add postfix.keyring)- Use systemd_ordering instead of systemd_require. - Move /etc/postfix/system to /usr/lib/postfix/systemd [bsc#1173688] - Drop /var/adm/SuSEconfig from %post, it does nothing. - Rename postfix-SuSE to postfix-SUSE - Delete postfix-SUSE/README.SuSE, company name spelled wrong, completly outdated and not used. - Delete postfix-SUSE/SPAMASSASSIN+POSTFIX.SuSE, company name spelled wrong, outdated and not used. - sysconfig.mail-postfix: Fix description of MAIL_CREATE_CONFIG, SuSEconfig is gone since ages. - update_chroot.systemd: Remove advice to run SuSEconfig. - Remove rc.postfix, not used, outdated. - mkpostfixcert: Remove advice to run SuSEconfig.- Update to 3.5.4: * The connection_reuse attribute in smtp_tls_policy_maps always resulted in an "invalid attribute name" error. * SMTP over TLS connection reuse always failed for Postfix SMTP client configurations that specify explicit trust anchors (remote SMTP server certificates or public keys). * The Postfix SMTP client's DANE implementation would always send an SNI option with the name in a destination's MX record, even if the MX record pointed to a CNAME record. MX records that point to CNAME records are not conformant with RFC5321, and so are rare. Based on the DANE survey of ~2 million hosts it was found that with the corrected SMTP client behavior, sending SNI with the CNAME-expanded name, the SMTP server would not send a different certificate. This fix should therefore be safe.- Update to 3.5.3: * TLS handshake failure in the Postfix SMTP server during SNI processing, after the server-side TLS engine sent a TLSv1.3 HelloRetryRequest (HRR) to a remote SMTP client. * The command "postfix tls deploy-server-cert" did not handle a missing optional argument. This bug was introduced in Postfix 3.1.- Update to 3.5.2: * A TLS error for a database client caused a false 'lost connection' error for an SMTP over TLS session in the same Postfix process. This bug was introduced with Postfix 2.2. * The same bug existed in the tlsproxy(8) daemon, where a TLS error for one TLS session could cause a false 'lost connection' error for a concurrent TLS session in the same process. This bug was introduced with Postfix 2.8. * The Postfix build now disables DANE support on Linux systems with libc-musl such as Alpine, because libc-musl provides no indication whether DNS responses are authentic. This broke DANE support without a clear explanation. * Due to implementation changes in the ICU library, some Postfix daemons reported file access errrors (U_FILE_ACCESS_ERROR) after chroot(). This was fixed by initializing the ICU library before making the chroot() call. * Minor code changes to silence a compiler that special-cases string literals. * Segfault (null pointer) in the tlsproxy(8) client role when the server role was disabled. This typically happened on systems that do not receive mail, after configuring connection reuse for outbound SMTP over TLS. * The date portion of the maillog_file_rotate_suffix default value used the minute (%M) instead of the month (%m).- boo#1106004 fix incorrect locations for files in postfix-files- Dropped deprecated-RES_INSECURE1.patch to make DNSSEC-secured lookups and DANE mail transport work again - Update to 3.5.1: * Support for the haproxy v2 protocol. The Postfix implementation supports TCP over IPv4 and IPv6, as well as non-proxied connections; the latter are typically used for heartbeat tests. * Support to force-expire email messages. This introduces new postsuper(1) command-line options to request expiration, and additional information in mailq(1) or postqueue(1) output. * The Postfix SMTP and LMTP client support a list of nexthop destinations separated by comma or whitespace. These destinations will be tried in the specified order. * Incompatible changes: * Logging: Postfix daemon processes now log the from= and to= addresses in external (quoted) form in non-debug logging (info, warning, etc.). This means that when an address localpart contains spaces or other special characters, the localpart will be quoted, for example: from=<"name with spaces"@example.com> Specify "info_log_address_format = internal" for backwards compatibility. * Postfix now normalizes IP addresses received with XCLIENT, XFORWARD, or with the HaProxy protocol, for consistency with direct connections to Postfix. This may change the appearance of logging, and the way that check_client_access will match subnets of an IPv6 address.- Update to 3.4.10: * Bug (introduced: Postfix 2.3): Postfix Milter client state was not properly reset after one Milter in a multi-Milter configuration failed during MAIL FROM, resulting in a Postfix Milter client panic during the next MAIL FROM command in the same SMTP session.- bsc#1162891 server:mail/postfix: cond_slp bug on TW after moving /etc/services to /usr/etc/services- bsc#1160413 postfix fails with -fno-common- Update to 3.4.9: * Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were broken while adding support for negative DNS response caching in postscreen. Postfix was inadvertently changed to call res_query() instead of res_search(). * Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro overrides from a Milter application. Postfix now evaluates the Milter macros for an SMTP CONNECT event after the Postfix-to-Milter connection is negotiated. * Bug (introduced: Postfix 3.0): sanitize (remote) server responses before storing them in the verify database, to avoid Postfix warnings about malformed UTF8. Found during code maintenance.- Update to 3.4.8: * Fix for an Exim interoperability problem when postscreen after-220 checks are enabled. Bug introduced in Postfix 3.4: the code that detected "PIPELINING after BDAT" looked at the wrong variable. The warning now says "BDAT without valid RCPT", and the error is no longer treated as a command PIPELINING error, thus allowing mail to be delivered. Meanwhile, Exim has been fixed to stop sending BDAT commands when postscreen rejects all RCPT commands. * Usability bug, introduced in Postfix 3.4: the parser for key/certificate chain files rejected inputs that contain an EC PARAMETERS object. While this is technically correct (the documentation says what types are allowed) this is surprising behavior because the legacy cert/key parameters will accept such inputs. For now, the parser skips object types that it does not know about for usability, and logs a warning because ignoring inputs is not kosher. * Bug introduced in Postfix 2.8: don't gratuitously enable all after-220 tests when only one such test is enabled. This made selective tests impossible with 'good' clients. This will be fixed in older Postfix versions at some later time.- Backport deprecated-RES_INSECURE1.patch in order to fix boo#1149705.- Update to 3.4.7: * Robustness: the tlsproxy(8) daemon could go into a loop, logging a flood of error messages. Problem reported by Andreas Schulze after enabling SMTP/TLS connection reuse. * Workaround: OpenSSL changed an SSL_Shutdown() non-error result value into an error result value, causing logfile noise. * Configuration: the new 'TLS fast shutdown' parameter name was implemented incorrectly. The documentation said "tls_fast_shutdown_enable", but the code said "tls_fast_shutdown". This was fixed by changing the code, because no-one is expected to override the default. * Performance: workaround for poor TCP loopback performance on LINUX, where getsockopt(..., TCP_MAXSEG, ...) reports a bogus TCP maximal segment size that is 1/2 to 1/3 of the real MSS. To avoid client-side Nagle delays or server-side delayed ACKs caused by multiple smaller-than-MSS writes, Postfix chooses a VSTREAM buffer size that is a small multiple of the reported bogus MSS. This workaround increases the multiplier from 2x to 4x. * Robustness: the Postfix Dovecot client could segfault (null pointer read) or cause an SMTP server assertion to fail when talking to a fake Dovecot server. The Postfix Dovecot client now logs a proper error instead.- bsc#1120757 L3: File Permissions->Paranoid can cause a system hang Break loop if postfix has no permission in spool directory. - add postfix-avoid-infinit-loop-if-no-permission.patch- fix for boo#1144946 mydestination - missing default localhost * update config.postfix- bsc#1142881 - mkpostfixcert from Postfix still uses md- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html- update example POSTFIX_BASIC_SPAM_PREVENTION: permit_mynetworks for * POSTFIX_SMTPD_HELO_RESTRICTIONS * POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS - fix for: Can't connect to local MySQL server through socket '/run/mysql/mysql.sock' * update config.postfix * update update_chroot.systemd- Update to 3.4.6: * Workaround for implementations that hang Postfix while shutting down a TLS session, until Postfix times out. With "tls_fast_shutdown_enable = yes" (the default), Postfix no longer waits for the TLS peer to respond to a TLS 'close' request. This is recommended with TLSv1.0 and later. * Fixed a too-strict censoring filter that broke multiline Milter responses for header/body events. Problem report by Andreas Thienemann. * The code to reset Postfix SMTP server command counts was not called after a HaProxy handshake failure, causing stale numbers to be reported. Problem report by Joseph Ward. * postconf(5) documentation: tlsext_padding is not a tls_ssl_options feature. * smtp(8) documentation: updated the BUGS section text about Postfix support to reuse open TLS connections. * Portability: added "#undef sun" to util/unix_dgram_connect.c.- Ensure that postfix is member of all groups as before.- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini- Drop the omc config fate#301838: * it is obsolete since SLE11- bsc#1104543 config.postfix does not start tlsmgr in master.cf when using POSTFIX_SMTP_TLS_CLIENT="must". Applyed the proposed patch.- Update to 3.4.5: Bugfix (introduced: Postfix 3.0): LMTP connections over UNIX-domain sockets were cached but not reused, due to a cache lookup key mismatch. Therefore, idle cached connections could exhaust LMTP server resources, resulting in two-second pauses between email deliveries. This problem was investigated by Juliana Rodrigueiro. File: smtp/smtp_connect.c.- Update to 3.4.4 o Incompatible changes - The Postfix SMTP server announces CHUNKING (BDAT command) by default. In the unlikely case that this breaks some important remote SMTP client, disable the feature as follows: /etc/postfix/main.cf: [#] The logging alternative: smtpd_discard_ehlo_keywords = chunking [#] The non-logging alternative: smtpd_discard_ehlo_keywords = chunking, silent_discard - This introduces a new master.cf service 'postlog' with type 'unix-dgram' that is used by the new postlogd(8) daemon. Before backing out to an older Postfix version, edit the master.cf file and remove the postlog entry. - Postfix 3.4 drops support for OpenSSL 1.0.1 - To avoid performance loss under load, the tlsproxy(8) daemon now requires a zero process limit in master.cf (this setting is provided with the default master.cf file). By default, a tlsproxy(8) process will retire after several hours. - To set the tlsproxy process limit to zero: postconf -F tlsproxy/unix/process_limit=0 postfix reload o Major changes - Postfix SMTP server support for RFC 3030 CHUNKING (the BDAT command) without BINARYMIME, in both smtpd(8) and postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions, and smtpd_proxy_filter. See BDAT_README for more. - Support for logging to file or stdout, instead of using syslog. - Logging to file solves a usability problem for MacOS, and eliminates multiple problems with systemd-based systems. - Logging to stdout is useful when Postfix runs in a container, as it eliminates a syslogd dependency. - Better handling of undocumented(!) Linux behavior whether or not signals are delivered to a PID=1 process. - Support for (key, list of filenames) in map source text. Currently, this feature is used only by tls_server_sni_maps. - Automatic retirement: dnsblog(8) and tlsproxy(8) process will now voluntarily retire after after max_idle*max_use, or some sane limit if either limit is disabled. Without this, a process could stay busy for days or more. - Postfix SMTP client support for multiple deliveries per TLS-encrypted connection. This is primarily to improve mail delivery performance for destinations that throttle clients when they don't combine deliveries. This feature is enabled with "smtp_tls_connection_reuse=yes" in main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps. It supports all Postfix TLS security levels including dane and dane-only. - SNI support in the Postfix SMTP server, the Postfix SMTP client, and in the tlsproxy(8) daemon (both server and client roles). See the postconf(5) documentation for the new tls_server_sni_maps and smtp_tls_servername parameters. - Support for files that contain multiple (key, certificate, trust chain) instances. This was required to implement server-side SNI table lookups, but it also eliminates the need for separate cert/key files for RSA, DSA, Elliptic Curve, and so on. - Support for smtpd_reject_footer_maps (as well as the postscreen variant postscreen_reject_footer_maps) for more informative reject messages. This is indexed with the Postfix SMTP server response text, and overrides the footer specified with smtpd_reject_footer. One will want to use a pcre: or regexp: map with this. o Bugfixes - Andreas Schulze discovered that reject_multi_recipient_bounce was producing false rejects with BDAT commands. This problem already existed with Postfix 2.2 smtpd_end_of_data_restrictons. Postfix 3.4.4 fixes both.- postfix-linux45.patch: support also newer kernels -- pretend we are still at kernel 3. Note that there are no conditionals for LINUX3 or LINUX4. And LINUX5 was generated, but not tested in the code which caused build failures.- skip set -x and fix version update changes entry- Update to 3.3.3 * When the master daemon runs with PID=1 (init mode), it will now reap child processes from non-Postfix code running in the same container, instead of terminating with a panic. * Bugfix (introduced: postfix-2.11): with posttls-finger, connections to unix-domain servers always resulted in "Failed to establish session" even after a connection was established. Jaroslav Skarva. File: posttls-finger/posttls-finger.c. * Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes, table lookups could casefold the search string when searching a lookup table that does not use fixed-string keys (regexp, pcre, tcp, etc.). Historically, Postfix would not case-fold the search string with such tables. File: util/dict_utf8.c.- PostrgeSQL's pg_config is meant for linking server extensions, use libpq's pkg-config instead, if available. This is needed to fix build with PostgreSQL 11.- rework config.postfix * disable commenting of smtpd_sasl_path/smtpd_sasl_type no need to comment, cause it is set to default anyway and 'uncommenting' would place it at end of file then which is not wanted- rework postfix-main.cf.patch * disable virtual_alias_domains cause (default: $virtual_alias_maps) - rework config.postfix * disable PCONF of virtual_alias_domains virtual_alias_maps will be set anyway to the correct value * extend virtual_alias_maps with - mysql_virtual_alias_domain_maps.cf - mysql_virtual_alias_domain_catchall_maps.cf - rework postfix-mysql, added * mysql_virtual_alias_domain_maps.cf * mysql_virtual_alias_domain_catchall_maps.cf needed for reject_unverified_recipient- binary hardening: link with full RELRO- Update to 3.3.2 * Support for OpenSSL 1.1.1 and TLSv1.3. * Bugfixes: - smtpd_discard_ehlo_keywords could not disable "SMTPUTF8", because some lookup table was using "EHLO_MASK_SMTPUTF8" instead. - minor memory leak in DANE support when minting issuer certs. - The Postfix build did not abort if the m4 command was not installed, resulting in a broken postconf command.- add POSTFIX_RELAY_DOMAINS * more flexibility to add to relay_domains without breaking config.postfix * rework restriction examples in sysconf.postfix based on postfix-buch.com (2. edtion by Hildebrandt, Koetter) - disable weak cipher: RC4 after check with https://ssl-tools.net/mailservers- update config.postfix * don't reject mail from authenticated users even if reject_unknown_client_hostname would match, add permit_sasl_authenticated to all restrictions requires smtpd_delay_reject = yes - update postfix-main.cf.patch * recover removed setting smtpd_sasl_path and smtpd_sasl_type, set to default value config.postfix will not 'enable' (remove #) var, but place modified (enabled) var at end of file, far away from place where it should be - rebase patches * fix-postfix-script.patch * postfix-vda-v14-3.0.3.patch * postfix-linux45.patch * postfix-master.cf.patch * pointer_to_literals.patch * postfix-no-md5.patch- bsc#1092939 - Postfixes postconf gives a lot of LDAP related warnings o add m4 as buildrequires, as proposed.- Add zlib-devel as buildrequires, previously included from openssl-devel- bsc#1087471 Unreleased Postfix update breaks SUSE Manager o Removing setting smtpd_sasl_path and smtpd_sasl_type to empty- Update to 3.3.1 * Postfix did not support running as a PID=1 process, which complicated Postfix deployment in containers. The "postfix start-fg" command will now run the Postfix master daemon as a PID=1 process if possible. Thanks for inputs from Andreas Schulze, Eray Aslan, and Viktor Dukhovni. * Segfault in the postconf(1) command after it could not open a Postfix database configuration file due to a file permission error (dereferencing a null pointer). Reported by Andreas Hasenack, fixed by Viktor Dukhovni. * The luser_relay feature became a black hole, when the luser_relay parameter was set to a non-existent local address (i.e. mail disappeared silently). Reported by J?rgen Thomsen. * Missing error propagation in the tlsproxy(8) daemon could result in a segfault after TLS handshake error (dereferencing a 0xffff...ffff pointer). This daemon handles the TLS protocol when a non-whitelisted client sends a STARTTLS command to postscreen(8).- remove pre-requirements on sysvinit(network) and sysvinit(syslog). There seems to be no good reason for that other than blowing up the dependencies (bsc#1092408).- bsc#1071807 postfix-SuSE/config.postfix: only reload postfix if the actual service is running. This prevents spurious and irrelevant error messages in system logs.- bsc#1082514 autoyast: postfix gets not set myhostname properly - set to localhost- Refresh spec-file via spec-cleaner and manual optinizations. * Add %license macro. * Set license to IPL-1.0 OR EPL-2.0. - Update to 3.3.0 * http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.0.RELEASE_NOTES * Dual license: in addition to the historical IBM Public License 1.0, Postfix is now also distributed with the more recent Eclipse Public License 2.0. Recipients can choose to take the software under the license of their choice. Those who are more comfortable with the IPL can continue with that license. * The postconf command now warns about unknown parameter names in a Postfix database configuration file. As with other unknown parameter names, these warnings can help to find typos early. * Container support: Postfix 3.3 will run in the foreground with "postfix start-fg". This requires that Postfix multi-instance support is disabled (the default). To collect Postfix syslog information on the container's host, mount the host's /dev/log socket into the container, for example with "docker run -v /dev/log:/dev/log ...other options...", and specify a distinct Postfix syslog_name setting in the container (for example with "postconf syslog_name=the-name-here"). * Milter support: applications can now send RET and ENVID parameters in SMFIR_CHGFROM (change envelope sender) requests. * Postfix-generated From: headers with 'full name' information are now formatted as "From: name
" by default. Specify "header_from_format = obsolete" to get the earlier form "From: address (name)". * Interoperability: when Postfix IPv6 and IPv4 support are both enabled, the Postfix SMTP client will now relax MX preferences and attempt to schedule similar numbers of IPv4 and IPv6 addresses. This works around mail delivery problems when a destination announces lots of primary MX addresses on IPv6, but is reachable only over IPv4 (or vice versa). The new behavior is controlled with the smtp_balance_mx_inet_protocols parameter. * Compatibility safety net: with compatibility_level < 1, the Postfix SMTP server now warns for mail that would be blocked by the Postfix 2.10 smtpd_relay_restrictions feature, without blocking that mail. There still is a steady trickle of sites that upgrade from an earlier Postfix version.- bsc#1065411 Package postfix should require package system-user-nobody - bsc#1080772 postfix smtpd throttle getting "hello" if no sasl auth was configured- Fix usage of fillup_only:-y is not a valid option to this macro.- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Don't mark postfix.service as config file, this is no config file. - Some of the Requires(pre) are needed for post-install and at runtime, fix the requires.- update to 3.2.4 * DANE interoperability. Postfix builds with OpenSSL 1.0.0 or 1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS records associated with an intermediate CA certificate. Problem report and initial fix by Erwan Legrand. * Missing dynamicmaps support in the Postfix sendmail command. This broke authorized_submit_users settings that use a dynamically-loaded map type. Problem reported by Ulrich Zehl.- bnc#1059512 L3: Postfix Problem The applied changes breaks existing postfix configurations because daemon_directory was not adapted to the new value.- fix build for SLE * nothing provides libnsl-devel * add bcond_with libnsl- bnc#1059512 L3: Postfix Problem To manage multiple Postfix instances on a single host requires that daemon_directory and shlib_directory is different to avoid use of the shared directories also as per-instance directories. For this reason daemon_directory was set to /usr/lib/postfix/bin/. shlib_directory stands /usr/lib/postfix/.- bnc#1016491 postfix raported to log "warning: group or other writable:" on each symlink in config. * Add fix-postfix-script.patch- update to 3.2.3 * Extension propagation was broken with "recipient_delimiter = .". This change reverts a change that was trying to be too clever. * The postqueue command would abort with a panic message after it experienced an output write error while listing the mail queue. This change restores a write error check that was lost with the Postfix 3.2 rewrite of the vbuf_print formatter. * Restored sanity checks for dynamically-specified width and precision in format strings (%*, %.*, and %*.*). These checks were lost with the Postfix 3.2 rewrite of the vbuf_print formatter.- Add libnsl-devel build requires for glibc obsoleting libnsl- bnc#1045264 L3: postmap problem * Applying proposed patch of leen.meyer@ziggo.nl in bnc#771811- update to 3.2.2 * Security: Berkeley DB versions 2 and later try to read settings from a file DB_CONFIG in the current directory. This undocumented feature may introduce undisclosed vulnerabilities resulting in privilege escalation with Postfix set-gid programs (postdrop, postqueue) before they chdir to the Postfix queue directory, and with the postmap and postalias commands depending on whether the user's current directory is writable by other users. This fix does not change Postfix behavior for Berkeley DB versions < 3, but it does reduce postmap and postalias 'create' performance with Berkeley DB versions 3.0 .. 4.6. * The SMTP server receive_override_options were not restored at the end of an SMTP session, after the options were modified by an smtpd_milter_maps setting of "DISABLE". Milter support remained disabled for the life time of the smtpd process. * After the Postfix 3.2 address/domain table lookup overhaul, the check_sender_access and check_recipient_access features ignored a non-default parent_domain_matches_subdomains setting.- revert changes of postfix-main.cf.patch from rev=261 * config.postfix will not 'enable' (remove #) var, but place modified (enabled) var at end of file, far away from place where it should be * keep vars enabled but empty- Some cleanups * Fix SUSE postfix-files to avoid chown errors (anyway this file seems to be obsolete) * Avoid installing shared libraries twice * Refresh patch postfix-linux45.patch- update postfix-master.cf.patch * recover lost (with 3.2.0 update) submission, smtps sections * merge with upstream update - update config.postfix * update master.cf generation for submission - rebase patches against 3.2.0 * pointer_to_literals.patch * postfix-no-md5.patch * postfix-ssl-release-buffers.patch * postfix-vda-v14-3.0.3.patch- Require system group mail - Use mail group name instead of GID- update to 3.2.0 - [Feature 20170128] Postfix 3.2 fixes the handling of address extensions with email addresses that contain spaces. For example, the virtual_alias_maps, canonical_maps, and smtp_generic_maps features now correctly propagate an address extension from "aa bb+ext"@example.com to "cc dd+ext"@other.example, instead of producing broken output. - [Feature 20161008] "PASS" and "STRIP" actions in header/body_checks. "STRIP" is similar to "IGNORE" but also logs the action, and "PASS" disables header, body, and Milter inspection for the remainder of the message content. Contributed by Hobbit. - [Feature 20160330] The collate.pl script by Viktor Dukhovni for grouping Postfix logfile records into "sessions" based on queue ID and process ID information. It's in the auxiliary/collate directory of the Postfix source tree. - [Feature 20160527] Postfix 3.2 cidr tables support if/endif and negation (by prepending ! to a pattern), just like regexp and pcre tables. The primarily purpose is to improve readability of complex tables. See the cidr_table(5) manpage for syntax details. - [Incompat 20160925] In the Postfix MySQL database client, the default option_group value has changed to "client", to enable reading of "client" option group settings in the MySQL options file. This fixes a "not found" problem with Postfix queries that contain UTF8-encoded non-ASCII text. Specify an empty option_group value (option_group =) to get backwards-compatible behavior. - [Feature 20161217] Stored-procedure support for MySQL databases. Contributed by John Fawcett. See mysql_table(5) for instructions. - [Feature 20170128] The postmap command, and the inline: and texthash: maps now support spaces in left-hand field of the lookup table "source text". Use double quotes (") around a left-hand field that contains spaces, and use backslash (\) to protect embedded quotes in a left-hand field. There is no change in the processing of the right-hand field. - [Feature 20160611] The Postfix SMTP server local IP address and port are available in the policy delegation protocol (attribute names: server_address, server_port), in the Milter protocol (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol (attribute names: DESTADDR, DESTPORT). - [Feature 20161024] smtpd_milter_maps support for per-client Milter configuration that overrides smtpd_milters, and that has the same syntax. A lookup result of "DISABLE" turns off Milter support. See MILTER_README.html for details. - [Feature 20160611] The Postfix SMTP server local IP address and port are available in the policy delegation protocol (attribute names: server_address, server_port), in the Milter protocol (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol (attribute names: DESTADDR, DESTPORT). - [Incompat 20170129] The postqueue command no longer forces all message arrival times to be reported in UTC. To get the old behavior, set TZ=UTC in main.cf:import_environment (this override is not recommended, as it affects all Postfix utities and daemons). - [Incompat 20161227] For safety reasons, the sendmail -C option must specify an authorized directory: the default configuration directory, a directory that is listed in the default main.cf file with alternate_config_directories or multi_instance_directories, or the command must be invoked with root privileges (UID 0 and EUID 0). This mitigates a recurring problem with the PHP mail() function. - [Feature 20160625] The Postfix SMTP server now passes remote client and local server network address and port information to the Cyrus SASL library. Build with ``make makefiles "CCARGS=$CCARGS -DNO_IP_CYRUS_SASL_AUTH"'' for backwards compatibility. - [Feature 20161103] Postfix 3.2 disables the 'transitional' compatibility between the IDNA2003 and IDNA2008 standards for internationalized domain names (domain names beyond the limits of US-ASCII). This change makes Postfix behavior consistent with contemporary web browsers. It affects the handling of some corner cases such as German sz and Greek zeta. See http://unicode.org/cldr/utility/idna.jsp for more examples. Specify "enable_idna2003_compatibility = yes" to restore historical behavior (but keep in mind that the rest of the world may not make that same choice). - [Feature 20160828] Fixes for deprecated OpenSSL 1.1.0 API features, so that Postfix will build without depending on backwards-compatibility support. [Incompat 20161204] Postfix 3.2 removes tentative features that were implemented before the DANE spec was finalized: - Support for certificate usage PKIX-EE(1), - The ability to disable digest agility (Postfix now behaves as if "tls_dane_digest_agility = on"), and - The ability to disable support for "TLSA 2 [01] [12]" records that specify the digest of a trust anchor (Postfix now behaves as if "tls_dane_trust_anchor_digest_enable = yes). - [Feature 20161217] Postfix 3.2 enables elliptic curve negotiation with OpenSSL >= 1.0.2. This changes the default smtpd_tls_eecdh_grade setting to "auto", and introduces a new parameter tls_eecdh_auto_curves with the names of curves that may be negotiated. The default tls_eecdh_auto_curves setting is determined at compile time, and depends on the Postfix and OpenSSL versions. At runtime, Postfix will skip curve names that aren't supported by the OpenSSL library. - [Feature 20160611] The Postfix SMTP server local IP address and port are available in the policy delegation protocol (attribute names: server_address, server_port), in the Milter protocol (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol (attribute names: DESTADDR, DESTPORT). - refresh postfix-master.cf.patch- make sure that system users can be created in %pre- Fix requires: - shadow is needed for postfix-mysql pre-install section - insserv is not needed if systemd is used- update postfix-mysql * update mysql_*.cf files * update postfix-mysql.sql (INNODB, utf8) - update postfix-main.cf.patch * uncomment smtpd_sasl_path, smtpd_sasl_type can be changed via POSTFIX_SMTP_AUTH_SERVICE=(cyrus,dovecot) * add option for smtp_tls_policy_maps (commented) - update postfix-master.cf.patch * fix indentation of submission, smtps options for correct enabling via config.postfix - update config.postfix * fix sync of CA certificates * fix master.cf generation for submission, smtps - rebase postfix-vda-v14-3.0.3.patch- FATE#322322 Update postfix to version 3.X Merging changes with SLES12-SP2 Removeved patches: add_missed_library.patch bnc#947707.diff dynamic_maps.patch postfix-db6.diff postfix-opensslconfig.patch bnc#947519.diff dynamic_maps_pie.patch postfix-post-install.patch These are included in the new version of postfix - Remove references to SuSEconfig.postfix from sysconfig docs. (bsc#871575) - bnc#947519 SuSEconfig.postfix should enforce umask 022 - bnc#947707 mail generated by Amavis being prevented from being re-adressed by /etc/postfix/virtual - bnc#972346 /usr/sbin/SuSEconfig.postfix is wrong - postfix-linux45.patch: handle Linux 4.x and Linux 5.x (used by aarch64) (bsc#940289)- update to 3.1.4 * The postscreen daemon did not merge the client test status information for concurrent sessions from the same IP address. * The Postfix SMTP server falsely rejected a sender address when validating a sender address with "smtpd_reject_unlisted_recipient = yes" or with "reject_unlisted_sender". Cause: the address validation code did not query sender_canonical_maps. * The virtual delivery agent did not detect failure to skip to the end of a mailbox file, so that mail would be delivered to the beginning of the file. This could happen when a mailbox file was already larger than the virtual mailbox size limit. * The postsuper logged an incorrect rename operation count after creating a missing directory. * The Postfix SMTP server falsely rejected mail when a sender-dependent "error" transport was configured. Cause: the SMTP server address validation code was not updated when the sender_dependent_default_transport_maps feature was introduced. * The Postfix SMTP server falsely rejected an SMTPUTF8 sender address, when "smtpd_delay_reject = no". * The "postfix tls deploy-server-cert" command used the wrong certificate and key file. This was caused by a cut-and-paste error in the postfix-tls-script file.- improve config.postfix * improve SASL stuff * add POSTFIX_SMTP_AUTH_SERVICE=(cyrus|dovecot)- improve config.postfix * improve with MySQL stuff- update vda patch to latest available * remove postfix-vda-v13-3.10.0.patch * add postfix-vda-v14-3.0.3.patch - rebase patches (and to be p0) * pointer_to_literals.patch * postfix-main.cf.patch * postfix-master.cf.patch * postfix-no-md5.patch * postfix-ssl-release-buffers.patch - add /etc/postfix/ssl as default DIR for SSL stuff * cacerts -> ../../ssl/certs/ * certs/ - revert POSTFIX_SSL_PATH from '/etc/ssl' to '/etc/postfix/ssl' - improve config.postfix * revert smtpd_tls_CApath to POSTFIX_SSL_PATH/cacerts which is a symlink to /etc/ssl/certs Without reverting, 'gen_CA' would create files which would then be on the previous defined 'sslpath(/etc/ssl)/certs' (smtpd_tls_CApath) Cert reqs would be placed in 'sslpath(/etc/ssl)/certs/postfixreq.pem' which is not a good idea. * mkchroot: sync '/etc/postfix/ssl' to chroot * improve PCONF for smtp{,d}_tls_{cert,key}_file, adding/removing from main.cf, show warning if enabled and file is missing- update to 3.1.3: * The Postfix SMTP server did not reset a previous session's failed/total command counts before rejecting a client that exceeds request or concurrency rates. This resulted in incorrect failed/total command counts being logged at the end of the rejected session. * The unionmap multi-table interface did not propagate table lookup errors, resulting in false "user unknown" responses. * The documentation was updated with a workaround for false "not found" errors with MySQL map queries that contain UTF8-encoded text. The workaround is to specify "option_group = client" in Postfix MySQL configuration files. This will be the default setting with Postfix 3.2 and later.- update to 3.1.2: * Changes to make Postfix build with OpenSSL 1.1.0. * The makedefs script ignored readme_directory=pathname overrides. Fix by Todd C. Olson. * The tls_session_ticket_cipher documentation says that the default cipher for TLS session tickets is aes-256-cbc, but the implemented default was aes-128-cbc. Note that TLS session ticket keys are rotated after 1/2 hour, to limit the impact of attacks on session ticket keys.- postfix-post-install.patch: remove empty patch- fix Changelog cause of Factory decline- Fix typo in config.postfix- bnc#981097 config.postfix creates broken main.cf for tls client configuration - bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete - update to 3.1.1: - The new address_verify_pending_request_limit parameter introduces a safety limit for the number of address verification probes in the active queue. The default limit is 1/4 of the active queue maximum size. The queue manager enforces the limit by tempfailing probe messages that exceed the limit. This design avoids dependencies on global counters that get out of sync after a process or system crash. - Machine-readable, JSON-formatted queue listing with "postqueue -j" (no "mailq" equivalent). - The milter_macro_defaults feature provides an optional list of macro name=value pairs. These specify default values for Milter macros when no value is available from the SMTP session context. - Support to enforce a destination-independent delay between email deliveries. The following example inserts 20 seconds of delay between all deliveries with the SMTP transport, limiting the delivery rate to at most three messages per minute. smtp_transport_rate_delay = 20s - Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes that a "not found" result from a DNSBL server will be valid for one hour. This may have been adequate five years ago when postscreen was first implemented, but nowadays, that one hour can result in missed opportunities to block new spambots. To address this, postscreen now respects the TTL of DNSBL "not found" replies, as well as the TTL of DNSWL replies (both "found" and "not found"). The TTL for a "not found" reply is determined according to RFC 2308 (the TTL of an SOA record in the reply). Support for DNSBL or DNSWL reply TTL values is controlled by two configuration parameters: postscreen_dnsbl_min_ttl (default: 60 seconds). postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour) The postscreen_dnsbl_ttl parameter is now obsolete, and has become the default value for the new postscreen_dnsbl_max_ttl parameter. - New "smtpd_client_auth_rate_limit" feature, to enforce an optional rate limit on AUTH commands per SMTP client IP address. Similar to other smtpd_client_*_rate_limit features, this enforces a limit on the number of requests per $anvil_rate_time_unit. - New SMTPD policy service attribute "policy_context", with a corresponding "smtpd_policy_service_policy_context" configuration parameter. Originally, this was implemented to share the same SMTPD policy service endpoint among multiple check_policy_service clients. - A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE.- build with working support for SMTPUTF8- fix build on sle11 by pointing _libexecdir to /usr/lib all the time.- some distros did not pull pkgconfig indirectly. pull it directly.- fix building the dynamic maps: the old build had postgresql e.g. with missing symbols. - convert to AUXLIBS_* instead of plain AUXLIBS which is needed for proper dynamic maps. - reordered the CCARGS and AUXLIBS* lines to group by feature - use pkgconfig or *_config tools where possible - picked up signed char from fedora spec file - enable lmdb support: new BR lmdb-devel, new subpackage postfix-lmdb. - don't delete vmail user/groups- update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - remove obsolete patches * add_missed_library.patch * postfix-opensslconfig.patch - update vda patch * remove postfix-vda-v13-2.10.0.patch * add postfix-vda-v13-3.10.0.patch - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or opportunistic TLS. * [Incompat 20150719] The default Diffie-Hellman non-export prime was updated from 1024 to 2048 bits, because SMTP clients are starting to reject TLS handshakes with primes smaller than 2048 bits. * [Feature 20160103] The Postfix SMTP client by default enables DANE policies when an MX host has a (DNSSEC) secure TLSA DNS record, even if the MX DNS record was obtained with insecure lookups. The existence of a secure TLSA record implies that the host wants to talk TLS and not plaintext. For details see the smtp_tls_dane_insecure_mx_policy configuration parameter. - Major changes - default settings [Incompat 20141009] The default settings have changed for relay_domains (new: empty, old: $mydestination) and mynetworks_style (new: host, old: subnet). However the backwards-compatibility safety net will prevent these changes from taking effect, giving the system administrator the option to make an old default setting permanent in main.cf or to adopt the new default setting, before turning off backwards compatibility. See COMPATIBILITY_README for details. [Incompat 20141001] A new backwards-compatibility safety net forces Postfix to run with backwards-compatible main.cf and master.cf default settings after an upgrade to a newer but incompatible Postfix version. See COMPATIBILITY_README for details. While the backwards-compatible default settings are in effect, Postfix logs what services or what email would be affected by the incompatible change. Based on this the administrator can make some backwards-compatibility settings permanent in main.cf or master.cf, before turning off backwards compatibility. - Major changes - address verification safety [Feature 20151227] The new address_verify_pending_request_limit parameter introduces a safety limit for the number of address verification probes in the active queue. The default limit is 1/4 of the active queue maximum size. The queue manager enforces the limit by tempfailing probe messages that exceed the limit. This design avoids dependencies on global counters that get out of sync after a process or system crash. Tempfailing verify requests is not as bad as one might think. The Postfix verify cache proactively updates active addresses weeks before they expire. The address_verify_pending_request_limit affects only unknown addresses, and inactive addresses that have expired from the address verify cache (by default, after 31 days). - Major changes - json support [Feature 20151129] Machine-readable, JSON-formatted queue listing with "postqueue -j" (no "mailq" equivalent). The output is a stream of JSON objects, one per queue file. To simplify parsing, each JSON object is formatted as one text line followed by one newline character. See the postqueue(1) manpage for a detailed description of the output format. - Major changes - milter support [Feature 20150523] The milter_macro_defaults feature provides an optional list of macro name=value pairs. These specify default values for Milter macros when no value is available from the SMTP session context. For example, with "milter_macro_defaults = auth_type=TLS", the Postfix SMTP server will send an auth_type of "TLS" to a Milter, unless the remote client authenticates with SASL. This feature was originally implemented for a submission service that may authenticate clients with a TLS certificate, without having to make changes to the code that implements TLS support. - Major changes - output rate control [Feature 20150710] Destination-independent delivery rate delay Support to enforce a destination-independent delay between email deliveries. The following example inserts 20 seconds of delay between all deliveries with the SMTP transport, limiting the delivery rate to at most three messages per minute. /etc/postfix/main.cf: smtp_transport_rate_delay = 20s For details, see the description of default_transport_rate_delay and transport_transport_rate_delay in the postconf(5) manpage. - Major changes - postscreen dnsbl [Feature 20150710] postscreen support for the TTL of DNSBL and DNSWL lookup results Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes that a "not found" result from a DNSBL server will be valid for one hour. This may have been adequate five years ago when postscreen was first implemented, but nowadays, that one hour can result in missed opportunities to block new spambots. To address this, postscreen now respects the TTL of DNSBL "not found" replies, as well as the TTL of DNSWL replies (both "found" and "not found"). The TTL for a "not found" reply is determined according to RFC 2308 (the TTL of an SOA record in the reply). Support for DNSBL or DNSWL reply TTL values is controlled by two configuration parameters: postscreen_dnsbl_min_ttl (default: 60 seconds). This parameter specifies a minimum for the amount of time that a DNSBL or DNSWL result will be cached in the postscreen_cache_map. This prevents an excessive number of postscreen cache updates when a DNSBL or DNSWL server specifies a very small reply TTL. postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour) This parameter specifies a maximum for the amount of time that a DNSBL or DNSWL result will be cached in the postscreen_cache_map. This prevents cache pollution when a DNSBL or DNSWL server specifies a very large reply TTL. The postscreen_dnsbl_ttl parameter is now obsolete, and has become the default value for the new postscreen_dnsbl_max_ttl parameter. - Major changes - sasl auth safety [Feature 20151031] New "smtpd_client_auth_rate_limit" feature, to enforce an optional rate limit on AUTH commands per SMTP client IP address. Similar to other smtpd_client_*_rate_limit features, this enforces a limit on the number of requests per $anvil_rate_time_unit. - Major changes - smtpd policy [Feature 20150913] New SMTPD policy service attribute "policy_context", with a corresponding "smtpd_policy_service_policy_context" configuration parameter. Originally, this was implemented to share the same SMTPD policy service endpoint among multiple check_policy_service clients.- bnc#958329 postfix fails to start when openslp is not installed- upstream update postfix 2.11.7: * The Postfix Milter client aborted with a panic while adding a message header, after adding a short message header with the header_checks PREPEND action. Fixed by invoking the header output function while PREPENDing a message header. * False alarms while scanning the Postfix queue. Fixed by resetting errno before calling readdir(). This defect was introduced 19970309. * The postmulti command produced an incorrect error message. * The postmulti command now refuses to create a new MTA instance when the template main.cf or master.cf file are missing. This is a common problem on Debian-like systems. * Turning on Postfix SMTP server HAProxy support broke TLS wrappermode. Fixed by temporarily using a 1-byte VSTREAM buffer to read the HAProxy connection hand-off information. * The xtext_unquote() function did not propagate error reports from xtext_unquote_append(), causing the decoder to return partial output, instead of rejecting malformed input. The Postfix SMTP server uses this function to parse input for the ENVID and ORCPT parameters, and for XFORWARD and XCLIENT command parameters.- boo#934060: Remove quirky hostname logic from config.postfix * /etc/hostname doesn't contain anything useful * linux.local is no good either * postfix will use `hostname`.localdomain as fallback- postfix-no-md5.patch: replace fingerprint defaults by sha1. bsc#928885- %verifyscript is a new section, move it out of the %ifdef so the fillups are run afterwards.- upstream update postfix 2.11.6: Default settings have been updated so that they no longer enable export-grade ciphers, and no longer enable the SSLv2 and SSLv3 protocols. - removed postfix-2.11.5_linux4.patch because it's obsolete - Bugfix (introduced: Postfix 2.11): with connection caching enabled (the default), recipients could be given to the wrong mail server. (bsc#944722)- postfix-SuSE.tar.gz/postfix.service: None of nss-lookup.target network.target local-fs.target time-sync.target should be Wanted or Required except by the services the implement the relevant functionality i.e network.target is wanted/required by networkmanager, wicked, systemd-network. other software must be ordered After them, see systemd.special(7)- Fix library symlink generation (boo#928662)- added postfix-2.11.5_linux4.patch: Allow building on kernel 4. Patch taken from: https://groups.google.com/forum/#!topic/mailing.postfix.users/fufS22sMGWY- update to postfix 2.11.5 - Bugfix (introduced: Postfix 2.6): sender_dependent_relayhost_maps ignored the relayhost setting in the case of a DUNNO lookup result. It would use the recipient domain instead. Viktor Dukhovni. Wietse took the pieces of code that enforce the precedence of a sender-dependent relayhost, the global relayhost, and the recipient domain, and put that code together in once place so that it is easier to maintain. File: trivial-rewrite/resolve.c. - Bitrot: prepare for future changes in OpenSSL API. Viktor Dukhovni. File: tls_dane.c. - Incompatibility: specifying "make makefiles" with "CC=command" will no longer override the default WARN setting.- upstream update postfix 2.11.4: Postfix 2.11.4 only: * Fix a core dump when smtp_policy_maps specifies an invalid TLS level. * Fix a missing " in \%s\", in postconf(1) fatal error messages, which violated the C language spec. Reported by Iain Hibbert. All supported releases: * Stop excessive recursion in the cleanup server while recovering from a virtual alias expansion loop. Problem found at Two Sigma. * Stop exponential memory allocation with virtual alias expansion loops. This came to light after fixing the previous problem.- correct pf_daemon_directory in spec. This must be /usr/lib/- bnc#914086 syntax error in config.postfix - Adapt config.postfix to be able to run on SLE11 too.- Don't install sysvinit script when systemd is used - Make explicit PreReq dependencies conditional only for older systems - Don't try to set explicit attributes to symlinks - Cleanup spec file vith spec-cleaner- bnc#912594 config.postfix creates config based on old options- bnc#911806 config.postfix does not set up correct saslauthd socket directory for chroot - bnc#910265 config.postfix does not upgrade the chroot - bnc#908003 wrong access rights on /usr/sbin/postdrop causes permission denied when trying to send a mail as non root user - bnc#729154 wrong permissions for some postfix components- Remove keyring and things as it is md5 based one no longer accepted by gpg 2.1- No longer perform gpg validation; osc source_validator does it implicit: + Drop gpg-offline BuildRequires. + No longer execute gpg_verify.- restore previously lost fix: Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de - Ignore errors in %pre/%post.- postfix 2.11.3: * Fix for configurations that prepend message headers with Postfix access maps, policy servers or Milter applications. Postfix now hides its own Received: header from Milters and exposes prepended headers to Milters, regardless of the mechanism used to prepend a header. This fix reverts a partial solution that was released on October 13, 2014, and replaces it with a complete solution. * Portability fix for MacOS X 10.7.x (Darwin 11.x) build procedure. - postfix 2.11.2: * Fix for DMARC implementations based on SPF policy plus DKIM Milter. The PREPEND access/policy action added headers ABOVE Postfix's own Received: header, exposing Postfix's own Received: header to Milters (protocol violation) and hiding the PREPENDed header from Milters. PREPENDed headers are now added BELOW Postfix's own Received: header and remain visible to Milters. * The Postfix SMTP server logged an incorrect client name in reject messages for check_reverse_client_hostname_access and check_reverse_client_hostname_{mx,ns}_access. They replied with the verified client name, instead of the name that was rejected. * The qmqpd daemon crashed with null pointer bug when logging a lost connection while not in a mail transaction.ibs-power9-11 1703241111  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~     3.5.9-150300.5.15.13.5.9-150300.5.15.1postfixabounce.haddr_match_list.hanvil_clnt.hargv.hargv_attr.hattr.hattr_clnt.hattr_override.hauto_clnt.hbase32_code.hbase64_code.hbeen_here.hbinhash.hbounce.hbounce_log.hbyte_mask.hcanon_addr.hcfg_parser.hcheck_arg.hchroot_uid.hcidr_match.hclean_env.hcleanup_user.hclnt_stream.hcompat_va_copy.hconfig.hconnect.hconv_time.hctable.hdata_redirect.hdb_common.hdebug_peer.hdebug_process.hdefer.hdeliver_completed.hdeliver_flock.hdeliver_pass.hdeliver_request.hdelivered_hdr.hdict.hdict_cache.hdict_cdb.hdict_cidr.hdict_db.hdict_dbm.hdict_env.hdict_fail.hdict_ht.hdict_inline.hdict_ldap.hdict_lmdb.hdict_memcache.hdict_mysql.hdict_ni.hdict_nis.hdict_nisplus.hdict_pcre.hdict_pgsql.hdict_pipe.hdict_proxy.hdict_random.hdict_regexp.hdict_sdbm.hdict_sockmap.hdict_sqlite.hdict_static.hdict_tcp.hdict_thash.hdict_union.hdict_unix.hdir_forest.hdns.hdomain_list.hdot_lockfile.hdot_lockfile_as.hdsb_scan.hdsn.hdsn_buf.hdsn_filter.hdsn_mask.hdsn_print.hdsn_util.hdynamicmaps.hedit_file.hehlo_mask.hevents.hexec_command.hext_prop.hfile_id.hfind_inet.hflush_clnt.hfold_addr.hformat_tv.hfsspace.hfullname.hget_domainname.hget_hostname.hhaproxy_srvr.hheader_body_checks.hheader_opts.hheader_token.hhex_code.hhex_quote.hhost_port.hhtable.hinet_addr_host.hinet_addr_list.hinet_addr_local.hinet_proto.hinfo_log_addr_form.hinput_transp.hint_filt.hiostuff.hip_match.his_header.hkillme_after.hlex_822.hline_number.hline_wrap.hlisten.hload_file.hload_lib.hlog_adhoc.hlogwriter.hlstat_as.hmac_expand.hmac_parse.hmail_addr.hmail_addr_crunch.hmail_addr_find.hmail_addr_form.hmail_addr_map.hmail_conf.hmail_copy.hmail_date.hmail_dict.hmail_error.hmail_flow.hmail_flush.hmail_open_ok.hmail_params.hmail_parm_split.hmail_proto.hmail_queue.hmail_run.hmail_scan_dir.hmail_server.hmail_stream.hmail_task.hmail_version.hmaillog_client.hmake_dirs.hmap_search.hmaps.hmark_corrupt.hmask_addr.hmaster_proto.hmatch_list.hmatch_parent_style.hmatch_service.hmbox_conf.hmbox_open.hmemcache_proto.hmidna_adomain.hmidna_domain.hmilter.hmime_state.hmkmap.hmsg.hmsg_logger.hmsg_output.hmsg_stats.hmsg_syslog.hmsg_vstream.hmvect.hmyaddrinfo.hmyflock.hmymalloc.hmynetworks.hmypwd.hmyrand.hnamadr_list.hname_code.hname_mask.hnbbio.hnetstring.hnormalize_mailhost_addr.hnvtable.hoff_cvt.hopen_as.hopen_lock.hopened.hown_inet_addr.hpercentm.hpipe_command.hposix_signals.hpost_mail.hqmgr_user.hqmqp_proto.hquote_821_local.hquote_822_local.hquote_flags.hrcpt_buf.hrcpt_print.hreadlline.hrec_attr_map.hrec_streamlf.hrec_type.hrecipient_list.hrecord.hresolve_clnt.hresolve_local.hrewrite_clnt.hring.hsafe.hsafe_open.hsafe_ultostr.hsane_accept.hsane_connect.hsane_fsops.hsane_socketpair.hsane_time.hscache.hscan_dir.hsent.hserver_acl.hset_eugid.hset_ugid.hsigdelay.hslmdb.hsmtp_reply_footer.hsmtp_stream.hsmtputf8.hsock_addr.hspawn_command.hsplit_addr.hsplit_at.hstat_as.hstring_list.hstringops.hstrip_addr.hsys_defs.hsys_exits.htimecmp.htimed_connect.htimed_ipc.htimed_wait.htls.htls_mgr.htls_prng.htls_proxy.htls_scache.htok822.htrace.htrigger.huser_acl.husername.huxtext.hvalid_hostname.hvalid_mailhost_addr.hvalid_utf8_hostname.hvbuf.hvbuf_print.hverify.hverify_clnt.hverify_sender_addr.hverp_sender.hvstream.hvstring.hvstring_vstream.hwarn_stat.hwatchdog.hwildcard_inet_addr.hxsasl.hxtext.h/usr/include//usr/include/postfix/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:31975/SUSE_SLE-15-SP3_Update/d91e2cee8b7b7eb78fbbc6021e6bac87-postfix.SUSE_SLE-15-SP3_Updatedrpmxz5ppc64le-suse-linuxdirectoryC source, ASCII textASCII text}Dn<fCCoutf-8c75cfd0e95e4b12501cbaa5e402f2efe61c19ac859c942ef8ecdb9f14a17098a?P7zXZ !t/ ]"k%/΄O'W@[В}Uf{J x oSGBb{ۊgYTWg9vQ-vZ?Z!GU6ƒP(#nS^է߁t!x}.8w;'lmby4n c3bZxM[J2\I-?U\[MG6G$WzgB2*,a\7^][DX ݼrˣKs3tz!ZRVPC9j֒N.5r-7J'2/KŠIEԂ킄NZO/tp1E+f|؄lC|qHۄHm'7w)HgwhgY&V̮P߹۽=7Ab6^*-$*MsYiqU(\ti&'S2@ h!nKQY&:5'HL^!EdP yL%a]eh:s#41U ^8ȀݿH;XOPϝ0F3=fOF캴ϫH-Eي}}FzW!T_`l k#9fl= yRoO>b<QE]X*mɄa.T #&dBڌC39 f(2@&e&]] :@ \BuCv5R"{Wkds-}uɻ)n늃(Zﳝlg VS%d5qjd:YTKDʛ]puws1 ԯ,ta<#. 3R'ԏbm~Jo=*s3N &(xᰎHɥsu{}%BbOμ.} ${놸m|❤Ĭ6Ya01':ύ^ Vƒ8Lqڭ1s.-t0)lbs{&ԩC_̲b>sIXfKW+;j7[>}h[i+'U:2m:Y0*T\4?w"Ftڗ|:Zsɏ?RΞ3ιu8!t~DŽnW̓) 'GHkv|@tЮ嘟O'IO L#܎Xq^'2<ǑT)U݈𘩧&zA| T y|2=&l8_VetQooϥ>a\>Y8ο%ƻY+ 8ݙMhs՗YrD8<ò,e"יλ \I#@_f;\EA]+D} RW<͸*\wN-&7/db$q]>&ˎ9r^TC]Vm٫%a;w¶Xn\WF :)uMt"~W 8UE{ىNoV;I[udѢ.۠p=b}1ݨ`- F4|uLTt\+s*=i\)&Zf'E\EN9x kW iZ:4%bnWTa*A] 8ܣpUk7apn3aIsr׃6| bCyԊĚg_ieaup^m }=@W-H8k]]mjO7 m3b9!C(iohh3-j ]Y]+0&$UwK.5lyl\&A4桓K1 Z@q!AvY+V{W,v;RP HldED{%d"ݶ!nvaGcjsxWHNh_MƘEfi4"a7B#S[X 9:`5Bu^w+Ӹb NHцg`+S{a+kF{ ("6dC*.~ln"7҅rX=.X=QۢBTi4}JU4əaƼ.(tb' S՞0Ue+Ur%Nynה4TTR|;F3wm CTU @7cR YZ