===============================================================
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
===============================================================
The sender/recipient address verification code is lightly documented
and has been tested lightly. The code is proof-of-concept quality
and must not be used on high-volume sites.  Use at your own risk.
===============================================================
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
===============================================================

In the text below, incompatible changes are labeled with the Postfix
snapshot that introduced the change. If you upgrade from a later
Postfix version, then you do not have to worry about that particular
incompatibility.

Official Postfix releases are called a.b.c where a=major release
number, b=minor release number, c=patchlevel.  Snapshot releases
are now called a.b.c-yyyymmdd where yyyymmdd is the release date
(yyyy=year, mm=month, dd=day).  The mail_release_date configuration
parameter contains the release date (both for official release and
snapshot release).  Patches change the patchlevel and the release
date. Snapshots change only the release date, unless they include
the same bugfixes as a patch release.

Major changes with Postfix snapshot 2.0.13-20030706
===================================================

New receive_override_options parameter that eliminates the need
for different cleanup service instances before and after an external
content filter. One parameter controls what happens before or after
the content filter: rejecting unknown recipients, canonical mapping,
virtual alias expansion, masquerading, automatic BCC recipients
and header/body checks. See sample-filter.cf for details.

Incompatible changes with Postfix snapshot 2.0.13-20030704
==========================================================

Support for client side LDAP caching is gone.  OpenLDAP 2.1.13 and
later no longer support it, and the feature never worked well.
Postfix now ignores cache controlling parameters in an LDAP
configuration file and logs a warning. Credits to Victor Duchovni
and Lamont Jones.

Major changes with Postfix snapshot 2.0.13-20030704
===================================================

The Postfix SMTP server can be configured to send all mail into a
proxy server, for example a real-time SPAM filter. This proxy is
expected to send the mail into another Postfix SMTP server process
for normal delivery.  See the SMTPD_PROXY_README file for details.

Improved LDAP client robustness. Given suitable invalid database
contents, LDAP lookups can produce too many results, enter an
infinite loop in the expansion of "special result attributes" (LDAP
DNs and LDAP URLs) or can simply consume excessive server resources.
Credits to Victor Duchovni and Lamont Jones.

New CIDR-based lookup table, remotely based on code by Jozsef
Kadlecsik.  For details and examples, see "man cidr_table".

The TCP-based table lookup protocol is finished.  For details and
examples, see "man tcp_table". This will allow you to implement
your own greylisting, or to do your own open proxy tests before
accepting mail.

Support for !/pattern/ (negative matches) in PCRE lookup tables by
Victor Duchovni. See "man pcre_table" for more.

New enable_original_recipient parameter (default: yes) to control
whether Postfix keeps track of original recipient address information.
If this is turned off Postfix produces no X-Original-To: headers
and ignores the original recipient when eliminating duplicates
after virtual alias expansion. Code by Victor Duchovni.

Finer control over how long Postfix SMTPD waits for completion of
address verification probes: the address_verify_poll_{count,delay}
parameters control how often to query the verify server and how
long to wait between queries. Specify address_verify_poll_count=1
to implement a crude form of greylisting.

Major changes with Postfix snapshot 2.0.11-20030611
===================================================

Better verify server performance on busy servers by avoiding some
operations that can block the verify server process temporarily.
Probe messages are no longer subject to cleanup server in_flow_delay
settings when message arrival rates exceed message delivery rates.
However, probe messages are still subject to trigger_timeout delays
when the queue manager FIFO fills up; this is hopefully very rare.

Major changes with Postfix snapshot 2.0.11-20030609
===================================================

Address verification probes can now follow a different route than
ordinary mail.  To make this possible, the address resolver supports
multiple personalities.  The regular personality is used for regular
mail, and the alternate personality is used for address verification
probes. The alternate personality is controlled by parameters named
address_verify_X with X = relayhost, transport_maps, local_transport,
virtual_transport, relay_transport, and default_transport. These
alternate parameters have by default the same values as the regular
parameters. For more detail see the ADDRESS_VERIFICATION_README file.

Major changes with Postfix snapshot 2.0.11-20030606
===================================================

Complete rewrite of the queue file record reading loops in the
pickup, cleanup and in the queue manager daemons. This code had
deteriorated over time.  The new code eliminates an old problem
where the queue manager had to read most queue file records twice
in the case of an alias/include file expansion with more than
qmgr_message_recipient_limit recipients.

Incompatible changes with Postfix snapshot 2.0.8-20030417
=========================================================

"sendmail -t" no longer complains when recipients are given on the
command line. Instead, it now adds recipients from headers to the
recipients from the command-line.

Major changes with Postfix snapshot 2.0.8-20030417
==================================================

Automatic BCC recipients depending on sender or recipient address.
The configuration parameters in question are "sender_bcc_maps" and
"recipient_bcc_maps". See conf/sample-misc.cf for details.

Support for sending mail to hosts not in the DNS, without having
to turn off DNS lookups. The "smtp_host_lookup" parameter controls
how the Postfix SMTP client looks up hosts.  The default is to use
DNS and then the native mechanism. See conf/sample-smtp.cf.

Incompatible changes with Postfix snapshot 2.0.8-20040415
=========================================================

Too many people mess up their net/mask patterns, causing open
mail relay problems. Postfix processes now abort when given a
net/mask pattern with a non-zero host portion (for example,
168.100.189.2/28), and suggest to specify the proper net/mask
pattern instead (for example, 168.100.189.0/28).

Major changes with Postfix snapshot 2.0.8-20040415
==================================================

PostgreSQL table lookups. Specify "pgsql:/file/name" where "/file/name"
defines the database. See the sample-pgsql-aliases.cf file for
examples, and the PGSQL_README file for general information.

Workaround for file system clock drift that caused Postfix to ignore
new mail (this could happen with file systems mounted from a server).
Postfix now logs a warning and proceeds with only slightly reduced
performance, instead of ignoring new mail.

Incompatible changes with Postfix snapshot 2.0.6-20030305
=========================================================

Postfix truncates non-address information in message address headers
(comments, etc.) to 250 characters per address, in order to protect
vulnerable Sendmail systems against exploitation of a remote buffer
overflow problem (CERT advisory CA-2003-07).

Incompatible changes with Postfix snapshot 2.0.3-20030227
=========================================================

The smtpd_hard_error_limit and smtpd_soft_error_limit values now
behave as documented, that is, smtpd_hard_error_limit=1 causes
Postfix to disconnect upon the first client error. Previously,
there was an off-by-one error causing Postfix to change behavior
after smtpd_hard/soft_error_limit+1 errors.

Incompatible changes with Postfix snapshot 2.0.3-20030125
=========================================================

This release adds a new queue file record type for the address
specified in "REDIRECT user@domain" actions in access maps or
header/body_checks.

Major changes with Postfix snapshot 2.0.3-20030125
==================================================

Code cleanup up of queue manager internals. Queue names are no
longer mixed up with the next-hop destination, and the address
resolver loop is now easier to understand.

New "REDIRECT user@domain" action for access maps and header/body_checks
that overrides all the originally specified recipients of a message.
I would never recommend that people use this to redirect (bounced)
SPAM to the beneficiaries of an advertisement campaign. It would
have helped when someone began spamming the network with sender
addresses in one of my domains, and I got all the bounces.

Incompatible changes with Postfix snapshot 2.0.3-20030126
=========================================================

The maildir file naming algorithm has changed in accordance with
an updated version of http://cr.yp.to/proto/maildir.html. The name
is now TIME.VdevIinum.HOST

Incompatible changes with Postfix snapshot 2.0.3-20030124
=========================================================

The maildir file naming algorithm has changed. Pending a usable
version of http://cr.yp.to/proto/maildir.html, the name is now
TIME.DEV_INUM.HOST.

Incompatible changes with Postfix snapshot 2.0.1-20030112
=========================================================

The Postfix build procedure now uses the pcre-config utility (part
of PCRE version 3) to find out the pathnames of the PCRE include
file and object library, instead of probing /usr/include and/or
/usr/lib. To build with PCRE version 2 support you will have to
specify pathnames as described in PCRE_README. To build without
PCRE support, specify:  make Makefiles CCARGS="-DNO_PRCE".

Incompatible changes with Postfix snapshot 2.0.0-20030104
=========================================================

This release adds the new proxymap service (table lookup via a
proxy process) to the master.cf file. If you get warnings about
problems connecting to the proxymap service, then you did not
properly upgrade Postfix.

Major changes with Postfix snapshot 2.0.0-20030104
==================================================

This release introduces the proxymap service for Postfix lookup
table access. This can be used to overcome chroot restrictions in
the Postfix SMTP server (specify proxy:unix:passwd.byname for
password file lookup through the proxymap server) and can be used
to consolidate the number of open tables by sharing one open table
among multiple processes (specify proxy:mysql:/file/name to avoid
"too many connections" conditions). The proxy_read_maps parameter
specifies what maps are approved for access via the proxy service
(only map references starting with "proxy:" are considered approved).

Multi-server daemons (servers that accept simultaneous connections
from multiple clients) will now stop accepting new connections
after serving $max_use clients. This allows multi-server daemons
to automatically restart even on busy mail systems.

Clients of multi-server daemons such as trivial-rewrite and the
new proxymap service now automatically disconnect after $ipc_ttl
seconds of activity (default: 1000s). This allows multi-server
daemons to automatically restart even on busy mail systems.

Incompatible changes with Postfix snapshot 1.1.11-trace-20021119
================================================================

After upgrading an existing system you must use "postfix reload".
This is because many internal protocols have changed.

The file format of bounce/defer logfiles has changed from the old
one-line ad-hoc format to a more structured multi-line format. For
backwards compatibility, Postfix now creates bounce/defer logfile
entries that contain both the old and the new format, so that you
can go back to an older Postfix release without losing information.
Old Postfix versions will warn about malformed logfile entries,
but should work properly. To disable backwards compatibility specify
"backwards_bounce_logfile_compatibility = no" in main.cf.

The behavior of "sendmail -v" has changed. One -v option now sends
an email report with the status of each delivery attempt.  Multiple
-v options behave as before: turn on verbose logging in the sendmail
and postdrop commands.

The Postfix upgrade procedure will add two new services to your
master.cf file: "trace" and "verify". These servers can run inside
a chroot jail, have no interaction with users, and don't talk to
the network.

Major changes with Postfix snapshot 1.1.11-trace-20021119
=========================================================

New sender address verification blocks mail from addresses that
are not deliverable.  This is turned on with the reject_unverified_sender
UCE restriction. Addresses are verified by probing, that is, by
sending mail that is not actually delivered (SMTP interruptus).
Detailed information is in the SENDER_VERIFICATION_README file
and sample-verify.cf.

Address verification uses the new "verify" daemon that maintains
a database. The necessary entry is automatically added to master.cf
when you upgrade.

New "sendmail -bv" option. Postfix probes the specified recipient
addresses without actually delivering mail, and sends back an email
delivery report.  This is useful for testing address rewriting and
address routing of both envelope and header addresses. This feature
currently does not access or update the sender address verification
database.

Improved "sendmail -v" behavior. Postfix delivers mail as usual,
and emails a report of all the delivery attempts to the originator.

Bounce reports now show the original recipient information in
addition to the final recipient that was already available.

Both "sendmail -bv" and "sendmail -v" use the new "trace" daemon
that is automatically added to master.cf when you upgrade.
