update __postfix_master type to use new postfix features #239

New issue

Closed

opened 2021-11-20 15:22:15 +00:00 by ungleich-gitea · 3 comments

ungleich-gitea commented

2021-11-20 15:22:15 +00:00

Owner

Created by: asteven

The new postconf features look nice for a config management system.

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-2.11.0.html]

Postfix stable release 2.11.0 is available. This release ends support
for Postfix 2.7.

The main changes in no particular order are:

  * Support for PKI-less TLS server certificate verification with
    DANE (DNS-based Authentication of Named Entities) where the CA
    public key or the server certificate is identified via DNSSEC
    lookup. This requires a DNS resolver that validates DNSSEC
    replies. The problem with conventional PKI is that there are
    literally hundreds of organizations world-wide that can provide
    a certificate in anyone's name. DANE limits trust to the people
    who control the target DNS zone and its parent zones.

  * Support for LMDB databases. Originally developed as part of
    OpenLDAP, LMDB is the first persistent Postfix database that
    can be shared among multiple writers such as postscreen daemons
    (Postfix already supported shared non-persistent memcached
    caches). Postfix currently requires LMDB version 0.9.11 or
    later. See LMDB_README for details and limitations.

  * A new postscreen_dnsbl_whitelist_threshold feature to allow
    clients to skip postscreen tests based on their DNSBL score.
    This can eliminate email delays due to "after 220 greeting"
    protocol tests, which otherwise require that a client reconnects
    before it can deliver mail. Some providers such as Google don't
    retry from the same IP address, and that can result in large
    email delivery delays.

  * The recipient_delimiter feature now supports different delimiters,
    for example both "+" and "-". As before, this implementation
    recognizes exactly one delimiter character per email address,
    and exactly one address extension per email address.

  * Advanced master.cf query/update support to access service
    attributes as "name = value" pairs. For example to turn off
    chroot on all services use "postconf -F '*/*/chroot = n'", and
    to change/add a "-o name=value" setting use "postconf -P
    smtp/inet/name = value". This was developed primarily to allow

automated tools to manage Postfix systems without having to
parse Postfix configuration files.

*Created by: asteven* The new postconf features look nice for a config management system. ``` [An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-2.11.0.html] Postfix stable release 2.11.0 is available. This release ends support for Postfix 2.7. The main changes in no particular order are: * Support for PKI-less TLS server certificate verification with DANE (DNS-based Authentication of Named Entities) where the CA public key or the server certificate is identified via DNSSEC lookup. This requires a DNS resolver that validates DNSSEC replies. The problem with conventional PKI is that there are literally hundreds of organizations world-wide that can provide a certificate in anyone's name. DANE limits trust to the people who control the target DNS zone and its parent zones. * Support for LMDB databases. Originally developed as part of OpenLDAP, LMDB is the first persistent Postfix database that can be shared among multiple writers such as postscreen daemons (Postfix already supported shared non-persistent memcached caches). Postfix currently requires LMDB version 0.9.11 or later. See LMDB_README for details and limitations. * A new postscreen_dnsbl_whitelist_threshold feature to allow clients to skip postscreen tests based on their DNSBL score. This can eliminate email delays due to "after 220 greeting" protocol tests, which otherwise require that a client reconnects before it can deliver mail. Some providers such as Google don't retry from the same IP address, and that can result in large email delivery delays. * The recipient_delimiter feature now supports different delimiters, for example both "+" and "-". As before, this implementation recognizes exactly one delimiter character per email address, and exactly one address extension per email address. * Advanced master.cf query/update support to access service attributes as "name = value" pairs. For example to turn off chroot on all services use "postconf -F '*/*/chroot = n'", and to change/add a "-o name=value" setting use "postconf -P smtp/inet/name = value". This was developed primarily to allow ``` ``` automated tools to manage Postfix systems without having to parse Postfix configuration files. ```

ungleich-gitea added this to the future milestone 2021-11-20 15:22:15 +00:00

ungleich-gitea added the

Stale

label 2021-11-20 15:22:15 +00:00

ungleich-gitea closed this issue

2021-11-20 15:22:15 +00:00

ungleich-gitea commented

2021-11-20 15:49:39 +00:00

Author

Owner

closed

ungleich-gitea commented

2021-11-20 15:49:40 +00:00

Author

Owner

Created by: asteven

Nico Schottelius wrote on 01/18/2014 03:57 PM:

Sounds nice, but we need to support the old way anyway, don't we?

Yes. I just needed a place to put this info.

*Created by: asteven* Nico Schottelius wrote on 01/18/2014 03:57 PM: > Sounds nice, but we need to support the old way anyway, don't we? Yes. I just needed a place to put this info.

ungleich-gitea commented

2021-11-20 15:49:41 +00:00

Author

Owner

Created by: telmich

Sounds nice, but we need to support the old way anyway, don't we?

*Created by: telmich* Sounds nice, but we need to support the old way anyway, don't we?