postfix-2.6.1-2.6.1<>,rzKxz/=„\HӸbކe0^DsGr%S8Pg^gX*^(K8;ivNlHٯ]z`>5.dX17;/-Egr."g=K ߯jzۄy.Jpd;s>eqNB d?R](jBR-#KrH_X |{qUGQ3?RJ٤?<{ziRM#}e >@q?ad   : <TZa1   " 5 8(; ?BBE F6G6K6LDLLLZ(L\8Ld59M85:P5=>?@FGHIX| Y \]^b[cd3e8f=l?zQCpostfix2.6.12.6.1A fast, secure, and flexible mailerPostfix aims to be an alternative to the widely-used sendmail program. Authors: -------- Wietse Venema Kgcbuild24'openSUSE 11.2openSUSEIBM Public License ..http://bugs.opensuse.orgProductivity/Networking/Email/Servershttp://www.postfix.org/linuxx86_64VERSIONTEST=$(test -x usr/sbin/postconf && usr/sbin/postconf proxy_read_maps 2>/dev/null) if [ -z "$VERSIONTEST" -a -f var/spool/postfix/pid/master.pid ]; then if checkproc -p var/spool/postfix/pid/master.pid usr/lib/postfix/master; then echo "postfix is still running. You have to stop postfix in order to" echo "install a newer version." exit 1 fi fi /usr/sbin/groupadd -g 51 -o -r postfix 2> /dev/null || : /usr/sbin/groupadd -g 59 -o -r maildrop 2> /dev/null || : /usr/sbin/useradd -r -o -g postfix -u 51 -s /bin/false -c "Postfix Daemon" -d /var/spool/postfix postfix 2> /dev/null || : # ---------------------------------------------------------------------------if [ ${1:-0} -gt 1 ]; then #echo "executing upgrade-configuration" #/usr/sbin/postfix set-permissions upgrade-configuration setgid_group=maildrop #New map in 11.2 #TODO remove it later . /etc/sysconfig/postfix RELAY=`echo $POSTFIX_MAP_LIST | grep -P " relay | relay$"` if [ -z "$RELAY" ] then sed -i "s/^POSTFIX_MAP_LIST=.*/POSTFIX_MAP_LIST=\"$POSTFIX_MAP_LIST relay\"/" /etc/sysconfig/postfix touch /etc/postfix/relay postmap /etc/postfix/relay fi if [ ! -e /var/adm/BNC-555814.fixed ] then touch /var/adm/BNC-555814.fixed . /etc/sysconfig/mail if [ "$CONFIG_TYPE" = "undef" -a "$MAIL_CREATE_CONFIG" = "yes" ] then sed -i 's/SMTPD_LISTEN_REMOTE=.*/SMTPD_LISTEN_REMOTE=""/' /etc/sysconfig/mail fi fi if [ ! -e /var/adm/BNC-557239.fixed ] then touch /var/adm/BNC-557239.fixed . /etc/sysconfig/mail if [ "$CONFIG_TYPE" = "undef" -a "$MAIL_CREATE_CONFIG" = "yes" ] then sed -i '/^home_mailbox = Maildir\//d' /etc/postfix/main.cf cat /etc/postfix/main.cf | grep -v "^#" | md5sum > /var/adm/SuSEconfig/md5/etc/postfix/main.cf fi fi fi test -n "$FIRST_ARG" || FIRST_ARG=$1 FORCE_YES=0 set -- postfix PNAME=postfix INSSRV_ARRAY="" while [ ${#*} -gt 0 ] ; do SCRIPTNAME=$1 shift SV_B='^### BEGIN INIT INFO' SV_E='^### END INIT INFO' SV_KW=Default-Enabled SV_VALUE=`sed -n -e "/$SV_B/,/$SV_E/{/^# [^[:space:]]*$SV_KW:[[:space:]]*\([^[:space:]]*\).*/s//\1/p;}" < etc/init.d/$SCRIPTNAME` test "$FORCE_YES" = "1" && SV_VALUE="yes" test -n "$SV_VALUE" || SV_VALUE="yes" INSSRV_ARRAY="$INSSRV_ARRAY $SCRIPTNAME $SV_VALUE" done TEMPLATE_DIR=var/adm/fillup-templates SYSC_TEMPLATE=$TEMPLATE_DIR/sysconfig.$PNAME SD_NAME="" if [ -x bin/fillup ] ; then if [ -f $SYSC_TEMPLATE ] ; then echo "Updating etc/sysconfig/$SD_NAME$PNAME..." mkdir -p etc/sysconfig/$SD_NAME touch etc/sysconfig/$SD_NAME$PNAME bin/fillup -q etc/sysconfig/$SD_NAME$PNAME $SYSC_TEMPLATE fi else echo "ERROR: fillup not found. This should not happen. Please compare" echo "etc/sysconfig/$PNAME and $TEMPLATE_DIR/sysconfig.$PNAME and" echo "update by hand." fi set -- $INSSRV_ARRAY while [ ${#*} -gt 0 ] ; do SCRIPTNAME=$1 SV_VALUE=$2 shift 2 test -n "$SCRIPTNAME" -a -n "$SV_VALUE" || { echo "SCRIPTNAME or SV_VALUE unknown"; exit 1;} if test "$FIRST_ARG" = "1" -a "$SV_VALUE" = "no" ; then sbin/insserv ${YAST_IS_RUNNING:+-f} -r etc/init.d/$SCRIPTNAME elif test "$FIRST_ARG" = "1" -o "$FORCE_YES" = "1" ; then sbin/insserv ${YAST_IS_RUNNING:+-f} etc/init.d/$SCRIPTNAME fi done PNAME=mail SUBPNAME=-postfix TEMPLATE_DIR=var/adm/fillup-templates SYSC_TEMPLATE=$TEMPLATE_DIR/sysconfig.$PNAME$SUBPNAME SD_NAME="" if [ -x bin/fillup ] ; then if [ -f $SYSC_TEMPLATE ] ; then echo "Updating etc/sysconfig/$SD_NAME$PNAME..." mkdir -p etc/sysconfig/$SD_NAME touch etc/sysconfig/$SD_NAME$PNAME bin/fillup -q etc/sysconfig/$SD_NAME$PNAME $SYSC_TEMPLATE fi else echo "ERROR: fillup not found. This should not happen. Please compare" echo "etc/sysconfig/$PNAME and $TEMPLATE_DIR/sysconfig.$PNAME and" echo "update by hand." fi if test "$YAST_IS_RUNNING" != "instsys" ; then if test -x /sbin/SuSEconfig -a -f /sbin/conf.d/SuSEconfig.postfix ; then /sbin/SuSEconfig --module postfix else echo -e "\nWARNING: SuSEconfig or requested SuSEconfig module not present!\n" ; fi fi test -n "$FIRST_ARG" || FIRST_ARG=$1 if test "$FIRST_ARG" -ge 1 ; then test -f /etc/sysconfig/services && . /etc/sysconfig/services if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ; then for service in postfix ; do /etc/init.d/$service try-restart > /dev/null || : done fi fi ldconfig # --------------------------------------------------------------------------- test -n "$FIRST_ARG" || FIRST_ARG=$1 if test "$FIRST_ARG" = "0" ; then test -f /etc/sysconfig/services && . /etc/sysconfig/services if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_STOP_ON_REMOVAL" != yes ; then for service in postfix ; do /etc/init.d/$service stop > /dev/null done fi fi # --------------------------------------------------------------------------- test -n "$FIRST_ARG" || FIRST_ARG=$1 if test "$FIRST_ARG" -ge 1 ; then test -f /etc/sysconfig/services && . /etc/sysconfig/services if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ; then for service in postfix ; do /etc/init.d/$service try-restart > /dev/null || : done fi fi sbin/insserv etc/init.d ldconfig # --------------------------------------------------------------------------->~.]I -&Go{kz^q=%001s{: pDzp9())xJ@ 8if(ܸ:\@^J#t:([x9;@p)Kl:@IgzPPXbJ:; :0))*hJx\:\XJko[@((  3]bvjo I @ ,LB - "6 iK  <L ,  & ;$ +  9U,d4&I . kq8큤A큤A큀A큤큤큤큤A큤AAAAAAAAAAAAAAAAKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcKgcac34fc48aee9dc86f9995b8314add91767846acdac1a847c961931257ee2200566e5c4973e3733f9006d925991fd949b761ea9fd5b920b746326177f6ac04bbe64375f37431336ea1b1b3005fe3fa3542773858eee04a044a7a789bffb49ea3eecd2859052289e535e35d465ceaecf09549c68db338b1757d204579d0ccc9685ac85d9c473640db4ddbeeec42231f92cd2b77f800f1bc04c441d3b3a9bd0d28da8ab47389d5d4fd2e9807e284da7b879b3a7f8456c1dbc6ee2ba728810d6b04c0322c45b2909b502dadf937898ea9ab49b01ea6bce79642703d828bc8d226dab9553b3055ecff8d5010c0ad4b51e6069b6630b1bb4f730dc7fa63a42097f5a222b90c9cedd154d535f482de97b374e16b25a8721a93383a68f07c9150fa0e7a6267cd0cf5540dd9600b7762f7818c4b6dcdb315ad1c26ebe31f3df93b2f9091b4f478aaff4ecc2cb7ff3c95f0666f822fb4dfd372cf44c87b0f0072ecfd1e747f0d1dacb70631b5fc697b965d2894e20105efabeb6873b44751ef989bce1687c6a30d9797e7d97f7fbf825296ba9fbe901069ead69c8a705aaf8439033988beada086f9bbcd1b46c359104ba15ffaa7a6a42d8166de0a64348dfc4f4e3f0725d92575649f5b8f0ab84130aea5eaaf9d89b993eb414cfade2acbabcba64db7ff47dceb4cb2ab760cfac2a010b78e062646b0837f05261967f954246ef573095d5a216524b3812135fca571de432240252706deeebff379a811710f12cbd0c76b4675c725198bc3be98dd5c6ce1613c421eef0495e3517f9f420666bb0119d326e0df1efd0faf32925f7344b51c8ca38dc7f3e35cab0221beb6231a19319466f39147167efb12560f4117f75c47097e62587f539e9f1526dcc0ee15d538fdbf09e2c5781fb0debec4c08de81595f01ebf6c08af2bb3a5de619a89a4d15df70ba6092ca29a3dca38edad0521c0328e43ba8b6c565adc5bb73e01102251c7f79b30c57f8cc09d841b86dc79a9ed34e443ccdbba43f63db828f3bf24ac8fc1cffbaec1075f457943e1a2fede04351a2b7ab91d53706c232f6497539fa0c99df674b338eee76988847957f2433eff435ffbe551f792eb9f87c4ba97628f1d7bfb389c20f60ad2dd9ec13f0208db11a874d0560e7bb15d0ca1e2a7d128a2e9de182110f4dbf64cd8f5bd0f4f2e24beddb239512b6c565adc5bb73e01102251c7f79b30ce2b84b9e2c39f1d054188f52cda8e302770bb50c94531bd0d7350a6f57aa9994d0607a1b100b5930a7f029bcd7f3df94147167efb12560f4117f75c47097e62561a953587695ddbc15087adef60c1889518cc6d8cc9387b1bcb37a2f950cd0b9dc447b477f181e0c7622e363e7a49bcb3e2498969c1ace49c39c78276365886b768219648f9017e19e07a6d7476588ff5d785f2870ce1f090dfed5857d982d029112a5b6d517f2e7223e2f8205bbdfec3db1917b7f67188e0c69e7cede5abe85faa4b967f5772f900f6846c77dfe603974aac8dd4b771082cbfca34202b44a2a2c42ac9a106651375f415d5806bafc0cd77fca20dd2bc3f0c6f99935b034474197b1d3d36d888082ce6dc12e6360306ae6ad353236c23cebea71419d5c3112bded02d8b2fb938e63e41d18316a7f6bc565699491f07b9f0e3fd3d3dcd23654a54bcc51273debe58df477157f1da6d9e1ea07a8d2c68db65b998394f6b39c5194f53f94b5220c13a45d25dd72be3f2c6478c4e7a98b6e9996d1473014ecc2b4856218644506282c2283b20c17cfc707ef25eb7cf7eeb1aadae63496a5cfc0dbe82f40955516541a6ff1a09768887761cc55c65c56c9842abba2f0e8c30e17c5a27c302dfec5815adea5fb3ccf4a7ad8a90b75450a7a0227a96e81212d8482ccfa647beb4be2860ceab6d53f51ab277f36600cff4f8939b5a34101f10b16deb3d082ac8f31a09ff2a14bf5b8d52d42e985f1e35e9aeb70ba482721220d19476500f1e35e9aeb70ba482721220d19476500fe65430887429ab2cfc578c6d23d59fa069efec62535cb0167814feb37f5e10c3ff61e0a9e3300122ccf9b939a06b058cf75c2e4d2ab224e98505033814d56217d8b073159ec62b729b4d3f84738ba2405d52bc81358676cf5faeface82be5c31c4ae06f7cc5c2cde4668e34e54bea653e271b85c4eb014a9d75eb0a84a71d3e0ecf3671e3b51ead3f3617fab9c3b024589c50c020e15be1e12ddca22ce38116835b94854c6f675895843c1273d224a4ba6cb5713d9b41fca611700a4f02d0d26beb4fd3db237a9f9dd6c4690cf3774332616e8a59a81e0c2cead67a5d956dc7dcd931b1e70f571971c11787928f4f47a16a6d606773cdf4846271c6c49fb7d8481d403a167d9db2acb8a54a236406172365f4204dc57a1442fc51891c96c184425dd41d0a5c4301b7d1a1ba5c281fe69486819098ba561cfa42de4b1abe1ed6c5ae262cfe32cd96ec9364675c34319549b44dea76e6e4d93757c34c645ffcdf000e4f6db7abfd04a3186f35fd6a29d2bb776cb1d95400ea662bec0e392a75c433bcae9fb0a2b9666dc5bd9818f3e9b0b73a0df1b82c6065cd3d6d7edb2930d03e5c11c8de444a7ae69e11556a6d8b401e3989cee33234756d374fa181d4c8bece97b22020babab456ab0bb587c9e3fef39d413e0cc49119fbd61d2a5080e3306155fb81995d9a59e4b2336b7697d029ff37989fe73917d06ac2996d1c2134894f383a3fb4cc34c50b2b4a5dddb91eab5c0ea247b92f515bf11d2d77b298938bded71c7cf874e8a9c8f37bd1d021ec655bbde43dbc4ca3846feb9cd91f126d6dada39c03ca85afcc422deb16b38bf02618887e0c26b5d37f4a419b7204ad1ff0b3c6cb89c3e15206a4ebe1fbb8ae8f496333fb1fea5101ee36c2cae7530dc52cac78b7572827354a8586930aa074fd60edf2ef00f531dd0eed6aeca5232a82d7f182b8a4889fd0dbde4212da6830a826c6083706f3163fafe49e3c14dbf03e3e4fe9031965247d9bb612c1e97a99333e5e1019a9c557c1c9f9f23ecd29151652e5790606e9de604af1de94fdaf844f9925ca0692ef945bdb884e1f8c048ea9f55a2892e2b71629542a1332d9b00344af4f2636300cc1edc1ae36fb52b7a148a56d9e5fa080e91067e314081956aa17e6b07149fa53859752f8576f54eb1e03f5107ed954a5e58b0b434819696dff088da936481f864b525e9dd7cbf9d72369979851cf67179d7c1f960b5a58520510607f51e71eecf18236c7b4be0b9325665918887e0c26b5d37f4a419b7204ad1ff006b65d7717d0874aea6e6d86874f7c15c09cfb0bfa02452ad5bc1ef01278d6e85365f9faa1dcb2dd6764373ca8f16bf5b3ce9127f597f845c075245e084538b99b01ea6bce79642703d828bc8d226dab2b90c9cedd154d535f482de97b374e166d4bd433e1cd26fe4b613ed44501b5f0876afca0c7e4909be721b880164c5b2e/etc/init.d/postfix../sbin/sendmail../sbin/sendmail../sbin/sendmaillibpostfix-dns.so.1.0.1libpostfix-dns.so.1.0.1libpostfix-global.so.1.0.1libpostfix-global.so.1.0.1libpostfix-master.so.1.0.1libpostfix-master.so.1.0.1libpostfix-milter.so.1.0.1libpostfix-milter.so.1.0.1libpostfix-tls.so.1.0.1libpostfix-tls.so.1.0.1libpostfix-util.so.1.0.1libpostfix-util.so.1.0.1rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpostfixrootpostfixpostfixpostfixpostfixpostfixpostfixpostfixpostfixpostfixrootpostfixpostfixpostfixpostfixrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootmaildroprootrootrootrootrootrootmaildroprootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootmaildroprootrootmaildroprootrootpostfix-2.6.1-2.6.1.src.rpmsmtp_daemondict_ldap.so()(64bit)dict_pcre.so()(64bit)dict_tcp.so()(64bit)libpostfix-dns.so.1()(64bit)libpostfix-global.so.1()(64bit)libpostfix-master.so.1()(64bit)libpostfix-milter.so.1()(64bit)libpostfix-tls.so.1()(64bit)libpostfix-util.so.1()(64bit)postfixpostfix(x86-64)     @@@@@@@@@@@@@@@@@@@@@@@@@@@@ insservsedfillupcoreutilsgrepdiffutils/usr/bin/getent/usr/sbin/useradd/usr/sbin/groupadd/bin/sed/bin/awk/bin/greptextutilssh-utilsfileutilspcreopenldap2-clientnetcfg/bin/sh/bin/sh/bin/sh/bin/shrpmlib(PartialHardlinkSets)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)/bin/bash/bin/shlibc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.2)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.7)(64bit)libcrypto.so.0.9.8()(64bit)libdb-4.5.so()(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2.5)(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libnsl.so.1()(64bit)libnsl.so.1(GLIBC_2.2.5)(64bit)libpcre.so.0()(64bit)libpostfix-dns.so.1()(64bit)libpostfix-global.so.1()(64bit)libpostfix-master.so.1()(64bit)libpostfix-milter.so.1()(64bit)libpostfix-tls.so.1()(64bit)libpostfix-util.so.1()(64bit)libresolv.so.2()(64bit)libresolv.so.2(GLIBC_2.2.5)(64bit)libsasl2.so.2()(64bit)libssl.so.0.9.8()(64bit)rpmlib(PayloadIsLzma)4.0.4-14.0-13.0.4-14.4.6-1sendmailexim4.7.1KbK8K>J@J@J0@J@I)@IbIk0Ig<@Ia@I @I9@I9@HH@He@HH@Ht@HW@H)G#G@GGfGeGw@GUA@GG@G F@F@F@FF$@Fzh@Fw@Fm9@F9F @EElEd;ETiECF@E>@DDeDГDA@varkoly@suse.devarkoly@suse.devarkoly@suse.devarkoly@suse.devarkoly@suse.dechris@computersalat.dechris@computersalat.dechris@computersalat.devarkoly@suse.devarkoly@suse.devarkoly@suse.devarkoly@suse.devarkoly@suse.dero@suse.devarkoly@suse.devarkoly@suse.devarkoly@suse.devarkoly@suse.demt@suse.devarkoly@suse.devarkoly@suse.devarkoly@suse.devarkoly@suse.demkoenig@suse.devarkoly@suse.devarkoly@suse.devarkoly@suse.devarkoly@suse.devarkoly@suse.devarkoly@suse.desbrabec@suse.czvarkoly@suse.devarkoly@suse.devarkoly@suse.decthiel@suse.devarkoly@suse.demrueckert@suse.devarkoly@suse.devarkoly@suse.dedmueller@suse.delrupp@suse.devarkoly@suse.derguenther@suse.devarkoly@suse.devarkoly@suse.demrueckert@suse.devarkoly@suse.devarkoly@suse.devarkoly@suse.dero@suse.devarkoly@suse.devarkoly@suse.devarkoly@suse.de- bnc#573240 – sed error message on postfix update- bnc#566665 - changing SMTPD_LISTEN_REMOTE is not a good idea - bnc#557239 – postfix delivers mail to user's home instead of /var/spool/mail - build relay.db if neccessary - restart postfix after update- bnc#555814 – VUL-0: SMTPD_LISTEN_REMOTE="yes" by default - bnc#555732 - Invalid $(hostname -i) usage SuSEconfig.postfix - bnc#547928 – Postfix does not start during boot process - Avoid append relay multiple times in POSTFIX_MAP_LIST - bnc#549612 – SuSEconfig.postfix- bnc#540538 – postfix-2.6.1-10.1 installs new files in /etc/postfix and does not generate .db - bnc#519438 - Postfix: Running chrooted lets qmgr loosing his syslog-socket - remove obsolate version tests from SuSEconfig.postfix- bnc#525825 - when using cyrus in a chroot environment Suseconfig does not create socket /var/lib/imap/socket/lmtp- spec o fdupes if >= 1100- update to 2.6.1 o merge home:varkoly:Factory and o:F - spec mods o use of getent - rpmlint o remove unneeded dists from examples/chroot-setup/ o postin-without-ldconfig o files-duplicate /usr/share/doc/packages/postfix-doc/html/ o files-duplicate /usr/share/man/man?- added VDA patch o Mailbox / Maildir size limit, known also as "soft quota", to avoid user take all you disk space o Customizable "limit" message when the soft quota limit is reached. NOTE: message is sent to senders, but NOT to the owner of the mailbox. o Limit only 'INBOX', because some people use IMAP and don't want the same limit in IMAP folder that are differents from INBOX. o Support for 'Courier' style Maildir, usefull for people that use courier as pop3/imap server and to get fast soft quota summary. Note that it is also compatible with qmail maildir per default. o Supports for Courier 'maildirsize' file in Maildir folder that is used to read quotas quickly. Note that this option is not actived per default and can be dangerous on some NFS client implementation (like for example Solaris that cache some filesystem operations). o Customisable suffix for Maildir support, when share same external dict between postfix and pop3/imap server sometime "Maildir/" suffix is needed to avoid extra database handling (eg LDAP, MySQL...). - some improvements of SuSEconfig.postfix o POSTFIX_LISTEN: Comma separated list of IP's o POSTFIX_INET_PROTO: ipv4, ipv6, all o POSTFIX_MYHOSTNAME: define SMTPs FQHOSTNAME o POSTFIX_WITH_MYSQL: when using MySQL as backend o POSTFIX_BASIC_SPAM_PREVENTION: "custom" you can now define your own rules - POSTFIX_SMTPD_CLIENT_RESTRICTIONS - POSTFIX_SMTPD_HELO_RESTRICTIONS - POSTFIX_SMTPD_SENDER_RESTRICTIONS - POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS - added helo_access for helo checks - added relay for relaying domain - added MySQL stuff when using MySQL as backend (virtuser) o you should consider postfixAdmin as mgmnt interface o when runninng postfix chrooted: you have to run SUSEconfig each time when you have restarted MySQL because of linking mysql.sock- bnc#439287 - not all POSTFIX_ADD_* values are properly handled by SuSEconfig.postfix - bnc#483208 - Postfix configuration trashed after update - bnc#488268 - SuSEconfig.postfix chroot setup misses /etc/ssl/certs- bnc#465165 - postfix src package- bnc#464869 - SuSEconfig.postfix causes DNS lookup - bnc#460442 - amavisd-new and Postfix need fqdn-hostname in "uname -n"- update to 2.5.6 - The SMTP server did not ask for a client certificate with "smtpd_tls_req_ccert = yes". Reported by Rob Foehl. - Avoid reduced TCP performance when reusing an SMTP connection with a larger than 4096-byte TCP MSS value. In practice, this could happen only with loopback (localhost) connections.- (bnc#442456) - chrooted postfix and saslauthd- fix build- upgrade must not be executed during installation- (bnc#403976) - permissions on /var/lib/postfix changed - (bnc#433916) - postfix should be splitted into postfix and postfix-doc- (bnc#415216) - Postfix RPM Install Displays Multiple Warnings - clean up spec file- Update to Version 2.5 patchlevel 5 * Bugfix (introduced Postfix 2.4): epoll file descriptor leak. With Postfix >= 2.4 on Linux >= 2.6, Postfix has an epoll file descriptor leak when it executes non-Postfix commands in, for example, user-controlled $HOME/.forward files. * Security: some systems have changed their link() semantics, and will hardlink a symlink, contrary to POSIX and XPG4. Sebastian Krahmer, SuSE. File: util/safe_open.c. The solution introduces the following incompatible change: when the target of mail delivery is a symlink, the parent directory of that symlink must now be writable by root only (in addition to the already existing requirement that the symlink itself is owned by root). This change will break legitimate configurations that deliver mail to a symbolic link in a directory with less restrictive permissions. * Bugfix: dangling pointer in vstring_sprintf_prepend(). File: util/vstring.c.- init script: copy LSB *-Start tags to *-Stop - spec file: removed obsolete rc.config update hooks- (bnc#414959) postfix doesn't have any "Name: " tag in firewall definition - (bnc#405900) SuSEconfig.postfix changes owner and permissions of /tmp if smtpd_tls_CApath is not set - Update to Version 2.5 patchlevel 3 * Cleanup of code * defer delivery when a mailbox file is not owned by the recipient. Requested by Sebastian Krahmer, SuSE. Specify "strict_mailbox_ownership=no" to ignore ownership discrepancies. * Bugfix: null-terminate CN comment string after sanitization. * Bugfix (introduced Postfix 2.0): after "warn_if_reject reject_unlisted_recipient/sender", the SMTP server mistakenly remembered that recipient/sender validation was already done.- (fate#305005) Enable SMTPS in postfix ootb- (bnc#396985) sending of NUL character disallowed by RFC2822 - (bnc#397127) without relay is silent about undeliverable mails- (bnc#389670) - postfix generates invalid config- remove dir /usr/share/omc/svcinfo.d as it is provided now by filesystem- Update to Version 2.5 patchlevel 1 Changes: The Postfix 2.5 "postfix upgrade-configuration" command now works even with Postfix 2.4 or earlier versions of the postfix command. When installing Postfix 2.5.0 without upgrading from an existing master.cf file, the new master.cf file had an incorrect process limit for the proxywrite service. This service is used only by the obscure "smtp_sasl_auth_cache_name" and "lmtp_sasl_auth_cache_name" configuration parameters. Someone needed multi-line support for header/body Milter replies. The LDAP client's TLS support was broken in several ways.- #360572 - postfix %post script leaves lots of backup files in /etc/postfix/- Update to Version 2.5 patchlevel 0 Major changes - critical - ----------------------- [Incompat 20071224] The protocol to send Milter information from smtpd(8) to cleanup(8) processes was cleaned up. If you use the Milter feature, and upgrade a live Postfix system, you may see an "unexpected record type" warning from a cleanup(8) server process. To prevent this, execute the command "postfix reload". The incompatibility affects only systems that use the Milter feature. It does not cause loss of mail, just a minor delay until the remote SMTP client retries. [Incompat 20071212] The allow_min_user feature now applies to both sender and recipient addresses in SMTP commands. With earlier Postfix versions, only recipients were subject to the allow_min_user feature, and the restriction took effect at mail delivery time, causing mail to be bounced later instead of being rejected immediately. [Incompat 20071206] The "make install" and "make upgrade" procedures now create a Postfix-owned directory for Postfix-writable data files such as caches and random numbers. The location is specified with the "data_directory" parameter (default: "/var/lib/postfix"), and the ownership is specified with the "mail_owner" parameter. [Incompat 20071206] The tlsmgr(8) and verify(8) servers no longer use root privileges when opening the address_verify_map, * _tls_session_cache_database, and tls_random_exchange_name cache files. This avoids a potential security loophole where the ownership of a file (or directory) does not match the trust level of the content of that file (or directory). [Incompat 20071206] The tlsmgr(8) and verify(8) cache files should now be stored as Postfix-owned files under the Postfix-owned data_directory. As a migration aid, attempts to open these files under a non-Postfix directory are redirected to the Postfix-owned data_directory, and a warning is logged. This is an example of the warning messages: Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: request to update file /etc/postfix/prng_exch in non-postfix directory /etc/postfix Dec 6 12:56:22 bristle postfix/tlsmgr[7899]: warning: redirecting the request to postfix-owned data_directory /var/lib/postfix If you wish to continue using a pre-existing tls_random_exchange_name or address_verify_map file, move it to the Postfix-owned data_directory and change ownership from root to Postfix (that is, change ownership to the account specified with the mail_owner configuration parameter). [Feature 20071205] The "make install" and "make upgrade" procedures now create a Postfix-owned directory for Postfix-writable data files such as caches and random numbers. The location is specified with the "data_directory" parameter (default: "/var/lib/postfix"), and the ownership is specified with the "mail_owner" parameter. [Incompat 20071203] The "make upgrade" procedure adds a new service "proxywrite" to the master.cf file, for read/write lookup table access. If you copy your old configuration file over the updated one, you may see warnings in the maillog file like this: connect #xx to subsystem private/proxywrite: No such file or directory To recover, run "postfix upgrade-configuration" again. [Incompat 20070613] The pipe(8) delivery agent no longer allows delivery with the same group ID as the main.cf postdrop group. Major changes - malware defense - ------------------------------ [Feature 20080107] New "pass" service type in master.cf. Written years ago, this allows future front-end daemons to accept all connections from the network, and to hand over connections from well-behaved clients to Postfix. Since this feature uses file descriptor passing, it imposes no overhead once a connection is handed over to Postfix. See master(5) for a few details. [Feature 20070911] Stress-adaptive behavior. When a "public" network service runs into an "all processes are busy" condition, the master(8) daemon logs a warning, restarts the service, and runs it with "-o stress=yes" on the command line (under normal conditions it runs the service with "-o stress=" on the command line). This can be used to make main.cf parameter settings stress dependent, for example: /etc/postfix/main.cf: smtpd_timeout = ${stress?10}${stress:300} smtpd_hard_error_limit = ${stress?1}${stress:20} Translation: under conditions of stress, use an smtpd_timeout value of 10 seconds instead of 300, and use smtpd_hard_error_limit of 1 instead of 20. The syntax is explained in the postconf(5) manpage. The STRESS_README file gives examples of how to mitigate flooding problems. Major changes - tls support - -------------------------- [Incompat 20080109] TLS logging output has changed to make it more useful. Existing logfile parser regular expressions may need adjustment. - More log entries include the "hostnamename[ipaddress]" of the remote SMTP peer. - Certificate trust chain error reports show only the first error certificate (closest to the trust chain root), and the reporting is more human-readable for the most likely errors. - After the completion of the TLS handshake, the session is logged with TLS loglevel >= 1 as either "Untrusted", "Trusted" or "Verified" (SMTP client only). - "Untrusted" means that the certificate trust chain is invalid, or that the root CA is not trusted. - "Trusted" means that the certificate trust chain is valid, and that the root CA is trusted. - "Verified" means that the certificate meets the SMTP client's matching criteria for the destination: - In the case of a destination name match, "Verified" also implies "Trusted". - In the case of a fingerprint match, CA trust is not applicable. - The logging of protocol states with TLS loglevel >= 2 no longer reports bogus error conditions when OpenSSL asks Postfix to refill (or flush) network I/O buffers. This loglevel is for debugging only; use 0 or 1 in production configurations. [Feature 20080109] The Postfix SMTP client has a new "fingerprint" security level. This avoids dependencies on CAs, and relies entirely on bi-lateral exchange of public keys (really self-signed or private CA signed X.509 public key certificates). Scalability is clearly limited. For details, see the fingerprint discussion in TLS_README. [Feature 20080109] The Postfix SMTP server can now use SHA1 instead of MD5 to compute remote SMTP client certificate fingerprints. For backwards compatibility, the default algorithm is MD5. For details, see the "smtpd_tls_fingerprint_digest" parameter in the postconf(5) manual. [Feature 20080109] The maximum certificate trust chain depth (verifydepth) is finally implemented in the Postfix TLS library. Previously, the parameter had no effect. The default depth was changed to 9 (the OpenSSL default) for backwards compatibility. If you have explicity limited the verification depth in main.cf, check that the configured limit meets your needs. See the "lmtp_tls_scert_verifydepth", "smtp_tls_scert_verifydepth" and "smtpd_tls_ccert_verifydepth" parameters in the postconf(5) manual. [Feature 20080109] The selection of SSL/TLS protocols for mandatory TLS can now use exclusion rather than inclusion. Either form is acceptable; see the "lmtp_tls_mandatory_protocols", "smtp_tls_mandatory_protocols" and "smtpd_tls_mandatory_protocols" parameters in the postconf(5) manual. Major changes - scheduler - ------------------------ [Feature 20071130] Revised queue manager with separate mechanisms for per-destination concurrency control and for dead destination detection. The concurrency control supports less-than-1 feedback to allow for more gradual concurrency adjustments, and uses hysteresis to avoid rapid oscillations. A destination is declared "dead" after a configurable number of pseudo-cohorts(*) reports connection or handshake failure. (*) A pseudo-cohort is a number of delivery requests equal to a destination's delivery concurrency. The drawbacks of the old +/-1 feedback scheduler are a) overshoot due to exponential delivery concurrency growth with each pseudo-cohort(*) (5-10-20...); b) throttling down to zero concurrency after a single pseudo-cohort(*) failure. The latter was especially an issue with low-concurrency channels where a single failure could be sufficient to mark a destination as "dead", and suspend further deliveries. New configuration parameters: destination_concurrency_feedback_debug, default_destination_concurrency_positive_feedback, default_destination_concurrency_negative_feedback, default_destination_concurrency_failed_cohort_limit, as well as transport-specific versions of the same. The default parameter settings are backwards compatible with older Postfix versions. This may change after better defaults are field tested. The updated SCHEDULER_README document describes the theory behind the new concurrency scheduler, as well as Patrik Rak's preemptive job scheduler. See postconf(5) for more extensive descriptions of the configuration parameters. Major changes - small/home office - -------------------------------- [Feature 20080115] Preliminary SOHO_README document that combines bits and pieces from other document in one place, so that it is easier to find. This document describes the "mail sending" side only. [Feature 20071202] Output rate control in the queue manager. For example, specify "smtp_destination_rate_delay = 5m", to pause five minutes between message deliveries. More information in the postconf(5) manual under "default_destination_rate_delay". Major changes - smtp client - -------------------------- [Incompat 20080114] The Postfix SMTP client now by default defers mail after a remote SMTP server rejects a SASL authentication attempt. Specify "smtp_sasl_auth_soft_bounce = no" for the old behavior. [Feature 20080114] The Postfix SMTP client can now avoid making repeated SASL login failures with the same server, username and password. To enable this safety feature, specify for example "smtp_sasl_auth_cache_name = proxy:btree:/var/lib/postfix/sasl_auth_cache" (access through the proxy service is required). Instead of trying to SASL authenticate, the Postfix SMTP client defers or bounces mail as controlled with the new smtp_sasl_auth_soft_bounce configuration parameter. [Feature 20071111] Header/body checks are now available in the SMTP client, after the implementation was moved from the cleanup server to a library module. The SMTP client provides only actions that don't change the message delivery time or destination: warn, replace, prepend, ignore, dunno, ok. [Incompat 20070614] By default, the Postfix Cyrus SASL client no longer sends a SASL authoriZation ID (authzid); it sends only the SASL authentiCation ID (authcid) plus the authcid's password. Specify "send_cyrus_sasl_authzid = yes" to get the old behavior. Major changes - smtp server - -------------------------- [Feature 20070724] Not really major. New support for RFC 3848 (Received: headers with ESMTPS, ESMTPA, or ESMTPSA); updated SASL support according to RFC 4954, resulting in small changes to SMTP reply codes and (DSN) enhanced status codes. Major changes - milter - --------------------- [Incompat 20071224] The protocol to send Milter information from smtpd(8) to cleanup(8) processes was cleaned up. If you use the Milter feature, and upgrade a live Postfix system, you may see an "unexpected record type" warning from a cleanup(8) server process. To prevent this, execute the command "postfix reload". The incompatibility affects only systems that use the Milter feature. It does not cause loss of mail, just a minor delay until the remote SMTP client retries. [Feature 20071221] Support for most of the Sendmail 8.14 Milter protocol features. To enable the new features specify "milter_protocol = 6" and link the filter application with a libmilter library from Sendmail 8.14 or later. Sendmail 8.14 Milter features supported at this time: - NR_CONN, NR_HELO, NR_MAIL, NR_RCPT, NR_DATA, NR_UNKN, NR_HDR, NR_EOH, NR_BODY: The filter can tell Postfix that it won't reply to some of the SMTP events that Postfix sends. This makes the protocol less chatty and improves performance. - SKIP: The filter can tell Postfix to skip sending the rest of the message body, which also improves performance. - HDR_LEADSPC: The filter can request that Postfix does not delete the first space character between header name and header value when sending a header to the filter, and that Postfix does not insert a space character between header name and header value when receiving a header from the filter. This fixes a limitation in the old Milter protocol that can break DKIM and DK signatures. - SETSYMLIST: The filter can override one or more of the main.cf milter_xxx_macros parameter settings. Sendmail 8.14 Milter features not supported at this time: - RCPT_REJ: report rejected recipients to the mail filter. - CHGFROM: replace sender, with optional ESMTP command parameters. - ADDRCPT_PAR: add recipient, with optional ESMTP command parameters. It is unclear when (if ever) the missing features will be implemented. SMFIP_RCPT_REJ requires invasive changes in the SMTP server recipient processing and error handling. SMFIR_CHGFROM and SMFIR_ADDRCPT_PAR require ESMTP command-line parsing in the cleanup server. Unfortunately, Sendmail's documentation does not specify what ESMTP options are supported, but only discusses examples of things that don't work. Major changes - address verification - ----------------------------------- [Incompat 20070514] The default sender address for address verification probes was changed from "postmaster" to "double-bounce", so that the Postfix SMTP server no longer causes surprising behavior by excluding "postmaster" from SMTP server access controls. Major changes - ldap - ------------------- [Incompat 20071216] Due to an incompatible API change between OpenLDAP 2.0.11 and 2.0.12, an LDAP client compiled for OpenLDAP version <= 2.0.11 will refuse to work with an OpenLDAP library version >= 2.0.12 and vice versa. Major changes - logging - ---------------------- [Incompat 20080109] TLS logging output has changed to make it more useful. Existing logfile parser regular expressions may need adjustment. - More log entries include the "hostnamename[ipaddress]" of the remote SMTP peer. - Certificate trust chain error reports show only the first error certificate (closest to the trust chain root), and the reporting is more human-readable for the most likely errors. - After the completion of the TLS handshake, the session is logged with TLS loglevel >= 1 as either "Untrusted", "Trusted" or "Verified" (SMTP client only). - "Untrusted" means that the certificate trust chain is invalid, or that the root CA is not trusted. - "Trusted" means that the certificate trust chain is valid, and that the root CA is trusted. - "Verified" means that the certificate meets the SMTP client's matching criteria for the destination: - In the case of a destination name match, "Verified" also implies "Trusted". - In the case of a fingerprint match, CA trust is not applicable. - The logging of protocol states with TLS loglevel >= 2 no longer reports bogus error conditions when OpenSSL asks Postfix to refill (or flush) network I/O buffers. This loglevel is for debugging only; use 0 or 1 in production configurations. [Incompat 20071216] The SMTP "transcript of session" email now includes the remote SMTP server TCP port number. Major changes - loop detection - ----------------------------- [Incompat 20070422] [Incompat 20070422] When the pipe(8) delivery agent is configured to create the optional Delivered-To: header, it now first checks if that same header is already present in the message. If so, the message is returned as undeliverable. This test should have been included with Postfix 2.0 when Delivered-To: support was added to the pipe(8) delivery agent.- Remove previous fix- #301335 - [SuSEconfig]: Postfix module uses stderr- Update to Version 2.4 patchlevel 6 Bugfix (introduced Postfix 2.2.11): TLS client certificate with unparsable canonical name caused the SMTP server's policy client to allocate zero-length memory, triggering an assertion that it shouldn't do such things. File: smtpd/smtpd_check.c. Bugfix (introduced Postfix 2.4) missing initialization of event mask in the event_mask_drain() routine (used by the obsolete postkick(1) command). Found by Coverity. File: util/events.c. Workaround: the flush daemon forces an access time update for the per-destination logfile, to prevent an excessive rate of delivery attempts when the queue file system is mounted with "noatime". File: flush/flush.c. - #330276 – /sbin/conf.d/SuSEconfig.postfix could copy certs into smtpd_tls_CApath- Use correct SuSEfirewall2 rule directory.- #333629 - saslauthd typo in SuSEconfig.postfix- #331044 - Postfix uses receive_override_options in main.cf- fix the last fix- fix the last fix- Fixing bug: #297622 - SMTPD_LISTEN_REMOTE has no effect- Update to Version 2.4 patchlevel 5 Bugfix: the loopback TCP performance workaround was ineffective due to a wetware bit-flip during code cleanup. File: util/vstream_tweak.c. (patch level 4) Bugfix: the Milter client assumed that a Milter application does not modify the message header or envelope, after that same Milter application has modified the message body of that same email message. This is not a problem with updates by different Milter applications. Problem was triggered by Jose-Marcio Martins da Cruz. Also simplified the handling of queue file update errors. File: milter/milter8.c. Workaround: some non-Cyrus SASL SMTP servers require SASL login without authzid (authoriZation ID), i.e. the client must send only the authcid (authentiCation ID) + the authcid's password. In this case the server is supposed to derive the authzid from the authcid. This works as expected when authenticating to a Cyrus SASL SMTP server. To get the old behavior specify "send_cyrus_sasl_authzid = yes", in which case Postfix sends the (authzid, authcid, password), with the authzid equal to the authcid. File: xsasl/xsasl_cyrus_client.c. Portability: /dev/poll support for Solaris chroot jail setup scripts. Files: examples/chroot-setup/Solaris8, examples/chroot-setup/Solaris10. Cleanup: Milter client error handling, so that the (Postfix SMTP server's Milter client) does not get out of sync with Milter applications after the (cleanup server's Milter client) encounters some non-recoverable problem. Files: milter/milter8.c, smtpd/smtpd.c. Performance: workaround for poor TCP performance on loopback (127.0.0.1) connections. Problem reported by Mark Martinec. Files: util/vstream_tweak.c, milter/milter8.c, smtp/smtp_connect.c, smtpstone/*source.c. Bugfix: when a milter replied with ACCEPT at or before the first RCPT command, the cleanup server would apply the non_smtpd_milters setting as if the message was a local submission. Problem reported by Jukka Salmi. Also, the cleanup server would get out of sync with the milter when a milter replied with ACCEPT at the DATA command. Files: cleanup/cleanup_envelope.c, smtpd/smtpd.c, milter/milters.c. - rediffed patches- Update to Version 2.4 patchlevel 3 (patch level 1) Bugfix (introduced Postfix 2.3): segfault with HOLD action in access/header_checks/body_checks on 64-bit platforms. File: cleanup/cleanup_api.c. Portability (introduced 20070325): the fix for hardlinks and symlinks in postfix-install forgot to work around shells where "IFS=/ command" makes the IFS setting permanent. This is allowed by some broken standard, and affects Solaris. File: postfix-install. Portability (introduced 20070212): the workaround for non-existent library bugs with descriptors >= FD_SETSIZE broke with "fcntl F_DUPFD: Invalid argument" on 64-bit Solaris. Files: master/multi_server.c, *qmgr/qmgr_transport.c. Cleanup: on (Linux) platforms that cripple signal handlers with deadlock, "postfix stop" now forcefully stops all the processes in the master's process group, not just the master process alone. File: conf/postfix-script. (patch level 2) Bugfix: don't falsely report "lost connection from localhost[127.0.0.1]" when Postfix is being portscanned. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c. Robustness: recommend a "0" process limit for policy servers to avoid "connection refused" problems when the smtpd process limit exceeds the default process limit. File: proto/SMTPD_POLICY_README.html. Safety: when IPv6 (or IPv4) is turned off, don't treat an IPv6 (or IPv4) connection from e.g. inetd as if it comes from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c. Bugfix: Content-Transfer-Encoding: attribute values are case insensitive. File: src/cleanup/cleanup_message.c. Bugfix: mailbox_transport(_maps) and fallback_transport(_maps) were broken when used with the error(8) or discard(8) transports. Cause: insufficient documentation. Files: error/error.c, discard/discard.c. Bugfix (problem introduced Postfix 2.3): when DSN support was introduced it broke "agressive" recipient duplicate elimination with "enable_original_recipient = no". File: cleanup/cleanup_out_recipient.c. Bugfix (introduced Postfix 2.3): the sendmail/postdrop commands would hang when trying to submit a message larger than the per-message size limit. File: postdrop/postdrop.c. Sabotage the saboteur who insists on breaking Postfix by adding gethostbyname() calls that cause maildir delivery to fail when the machine name is not found in /etc/hosts, or that cause Postfix processes to hang when the network is down. (patch level 3) Portability: Victor helpfully pointed out that change 20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.- Bug 285553 amavisd inconsistency- provide smtp meta-service as well- don't PreRequire /sbin/ip: removed call in SuSEconfig.postfix- dynamic_maps.patch: readded the chunk for dict_tcp and dict_pcre - replaced prereq for postfix with a prereq on %{name} = %{version} - updated to postfix 2.4, patchlevel 0 Major changes - safety * As a safety measure, Postfix now by default creates mailbox dotlock files on all systems. This prevents problems with GNU POP3D which subverts kernel locking by creating a new mailbox file and deleting the old one Major changes - Milter support * The support for Milter header modification requests was revised. With minimal change in the on-disk representation, the code was greatly simplified, and regression tests were updated to ensure that old errors were not re-introduced. The queue file format is entirely backwards compatible with Postfix 2.3. * Support for Milter requests to replace the message body. Postfix now implements all the header/body modification requests that are available with Sendmail 8.13. * A new field is added to the queue file "size" record that specifies the message content length. Postfix 2.3 and older Postfix 2.4 snapshots will ignore this field, and will report the message size as it was before the body was replaced. Major changes - TLS support * The check_smtpd_policy client sends TLS certificate attributes (client ccert_subject, ccert_issuer) only after successful client certificate verification. The reason is that the certification verification status itself is not available in the policy request. * The check_smtpd_policy client sends TLS certificate fingerprint information even when the certificate itself was not verified. * The remote SMTP client TLS certificate fingerprint can be used for access control even when the certificate itself was not verified. * The format of SMTP server TLS session cache lookup keys has changed. The lookup key now includes the master.cf service name. Major changes - performance * Better support for systems that run thousands of Postfix processes. Postfix now supports FreeBSD kqueue(2), Solaris poll(7d) and Linux epoll(4) as more scalable alternatives to the traditional select(2) system call, and uses poll(2) when examining a single file descriptor for readability or writability. These features are supported on sufficiently recent versions of FreeBSD, NetBSD, OpenBSD, Solaris and Linux; support for other systems will be added as evidence becomes available that usable implementations exist. Major changes - delivery status notifications * Small changes were made to the default bounce message templates, to prevent HTML-aware software from hiding or removing the text "", and producing misleading text. * Postfix no longer announces its name in delivery status notifications. Users believe that Wietse provides a free help desk service that solves all their email problems. Major changes - ETRN support * More precise queue flushing with the ETRN, "postqueue -s site", and "sendmail -qRsite" commands, after minimization of race conditions. New per-queue-file flushing with "postqueue -i queueid" and "sendmail -qIqueueid". Major changes - small office/home office support * Postfix no longer requires a domain name. It uses "localdomain" as the default Internet domain name when no domain is specified via main.cf or via the machine's hostname. Major changes - SMTP access control * The check_smtpd_policy client sends TLS certificate attributes (client ccert_subject, ccert_issuer) only after successful client certificate verification. The reason is that the certification verification status itself is not available in the policy request. * The check_smtpd_policy client sends TLS certificate fingerprint information even when the certificate itself was not verified. * The remote SMTP client TLS certificate fingerprint can be used for access control even when the certificate itself was not verified. * The Postfix installation procedure no longer updates main.cf with "unknown_local_recipient_reject_code = 450". Four years after the introduction of mandatory recipient validation, this transitional tool is no longer neeed.- Add pwdutils BuildRequires to allow postinst script to succeed. - Add /usr/share/omc directory.- #247351 - postfix - Ports for SuSEfirewall added via packages - Move postfix.xml into the postfix-SuSE tarball - #228479 - Postfix is configured for inet_protocols=all if selecting ipv4 only support during installation. Now we set both inet_protocols and inet_interfaces to all. This means the available interfaces and protocols will be used. To avoid bogus warnings inet_proto.c was patched. - #251598 - postfix use pointers for literals- #144104 - postfix does not start - Implementing Fate #301840: Postfix XML Service Description Document - Enhancing /etc/sysconfig/postfix descripton to avoid problems like Bug 228678 - Problems with setting up chroot environment if /var/spool is not on same filesystem as /var- moved the dict handling into a preun script instead of postun and do not remove the dict entry on upgrade (#223176) - removed duplicates in the filelists.- #218229 - Postfix SuSEconfig script increases the max_proc line each run in master.cf- #206414 - /usr/lib/sasl2/smtpd.conf misplaced- #202119 – SuSEconfig script for Postfix incomplete - #202162 – Postfix 2.3.2 slightly incorrect, Cyrus SASL unavailable - #203174 – /sbin/conf.d/SuSEconfig.postfix should configure a TLS session cache for postfix 2.2 - #203575 – postfix-2.2.9-10 chokes without scache - #213589 - No development package/headers for postfix- also add libpostfix-milter.so*- updated to postfix 2.3, patchlevel 2 - Major changes - Name server replies that contain a malformed hostname are now flagged as permanent errors instead of transient errors. - DSN support as described in RFC 3461 .. RFC 3464. - The SMTP client now implements the LMTP protocol. - Milter (mail filter) application support, compatible with Sendmail version 8.13.6 and earlier. - Major changes - SASL authentication - Plug-in support for SASL authentication in the SMTP server and in the SMTP/LMTP client. - The Postfix-with-Cyrus-SASL build procedure has changed. - Support for sender-dependent ISP accounts. - Major changes - SMTP client - The SMTP client now implements the LMTP protocol. - This version addresses a performance stability problem with remote SMTP servers. - Major changes - SMTP server - The Postfix SMTP server now refuses to receive mail from the network if it isn't running with postfix mail_owner privileges. - Optional suppression of remote SMTP client hostname lookup and hostname verification. - SMTPD Access control based on the existence of an address->name mapping - Major changes - TLS - New concept: TLS security levels ("none", "may", "encrypt", "verify" or "secure") in the Postfix SMTP client. - Both the Postfix SMTP client and server can be configured without a client or server certificate. - See /usr/share/doc/packages/postfix/RELEASE_NOTES /usr/share/doc/packages/postfix/TLS_CHANGES /usr/share/doc/packages/postfix/README_FILES/SASL_README for detailed informations.- Only %{conf_backup_dir} is contained by the package not /var/adm/backup- Bugfix: #190639 Default number of processes for postfix - Bugfix: #190270 postfix-postgresql/bin/sh/bin/sh/bin/sh/bin/shbuild24 1265066926 @V @U @_ @x @+ + + + + + @] +! +" @^ @8 +# +% @\ @f @: @a @b +' @c @` +( +) @d @e @7 @[ @W E E @# B B B B B B' B, B1 B6 + B? * BD * + BM BR BW * * * * * B\ + Ba Bf Bk + Bp Bu Bz B B B @E @ @ B @ @ B @ @ B @ @ B @ @ B @! @ B @g B B B B B B B B B B B B B B B B E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E E @3 @P @9 @0 @Z @Y @. @; @< @= @> @D @h @i @j @k @m @o @l @n @p @q2.6.1-2.6.12.6.1-2.6.1 postfixsmtppostfixpostfix.paranoidpostfixLICENSETLS_LICENSEaccessbounce.cf.defaultcanonicaldynamicmaps.cfgenericheader_checkshelo_accessmain.cfmain.cf.defaultmakedefs.outmaster.cfopenssl_postfix.conf.inpostfix-filesrelayrelay_ccertsrelocatedsasl_passwdsender_canonicaltransportvirtualsasl2smtpd.confpostfixSuSEconfig.postfixrcpostfixmailqnewaliasespostfixanvilbouncecleanupdict_ldap.sodict_pcre.sodict_tcp.sodiscarderrorflushlmtplocalmain.cfmastermaster.cfnqmgroqmgrpickuppipepost-installpostfix-filespostfix-scriptpostfix-wrapperpostmulti-scriptproxymapqmgrqmqpdscacheshowqsmtpsmtpdspawntlsmgrtrivial-rewriteverifyvirtualsendmaillibpostfix-dns.solibpostfix-dns.so.1libpostfix-dns.so.1.0.1libpostfix-global.solibpostfix-global.so.1libpostfix-global.so.1.0.1libpostfix-master.solibpostfix-master.so.1libpostfix-master.so.1.0.1libpostfix-milter.solibpostfix-milter.so.1libpostfix-milter.so.1.0.1libpostfix-tls.solibpostfix-tls.so.1libpostfix-tls.so.1.0.1libpostfix-util.solibpostfix-util.so.1libpostfix-util.so.1.0.1mkpostfixcertpostaliaspostcatpostconfpostdroppostfixpostkickpostlockpostlogpostmappostmultipostqueuepostsuperqmqp-sourcesendmailsmtp-sinksmtp-sourcemailq.1.gznewaliases.1.gzpostalias.1.gzpostcat.1.gzpostconf.1.gzpostdrop.1.gzpostfix.1.gzpostkick.1.gzpostlock.1.gzpostlog.1.gzpostmap.1.gzpostmulti.1.gzpostqueue.1.gzpostsuper.1.gzsendmail.1.gzaccess.5.gzaliases.5.gzbody_checks.5.gzbounce.5.gzcanonical.5.gzcidr_table.5.gzgeneric.5.gzheader_checks.5.gzldap_table.5.gzmaster.5.gzmysql_table.5.gznisplus_table.5.gzpcre_table.5.gzpgsql_table.5.gzpostconf.5.gzpostfix-wrapper.5.gzregexp_table.5.gzrelocated.5.gztcp_table.5.gztransport.5.gzvirtual.5.gzanvil.8.gzbounce.8.gzcleanup.8.gzdefer.8.gzdiscard.8.gzerror.8.gzflush.8.gzlmtp.8.gzlocal.8.gzmaster.8.gzoqmgr.8.gzpickup.8.gzpipe.8.gzproxymap.8.gzqmgr.8.gzqmqpd.8.gzscache.8.gzshowq.8.gzsmtp.8.gzsmtpd.8.gzspawn.8.gztlsmgr.8.gztrace.8.gztrivial-rewrite.8.gzverify.8.gzvirtual.8.gzpostfix.xmlpostfixmain.cfmaster.cfsysconfig.mail-postfixsysconfig.postfixpostfixpostfixactivebouncecorruptdeferdeferredflushholdincomingmaildroppidprivatepublicsavedtrace/etc/init.d//etc/pam.d//etc/permissions.d//etc//etc/postfix//etc//etc/sasl2//etc/sysconfig/SuSEfirewall2.d/services//sbin/conf.d//sbin//usr/bin//usr/lib//usr/lib/postfix//usr/lib64//usr/sbin//usr/share/man/man1//usr/share/man/man5//usr/share/man/man8//usr/share/omc/svcinfo.d//var/adm/backup//var/adm/backup/postfix//var/adm/fillup-templates//var/lib//var/spool//var/spool/postfix/-fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:11.2:Update:Test/standard/e3fa82f915d0d4eb575e147117dc25cc-postfixcpiolzma2x86_64-suse-linuxdbVT^]b?]"k%QܮGVv'D,E 9RʫtSC1x(s]ƅɓ;?`hJ)0ɰ$g""q̂U~O87 N²)tW&ѓ[HbNnjP|pź v?Cv{kٍéܻ*8Yjg,LF$22Tf,a8=ALr;#Kilv^z궪NSz@nS0+v/H(bk##w#DfIݹ|(~EcIV>|{dhM91x05y ^ ٳQbQC醑鑀6uҡ05~\r[VDK{,O&}1t~N17Զ]Ù ' BGgR`כK!e!('Y9i&kߎYz>1iqk6L).9-MYWⷷyȏV.`I2yJ PFa^7+V5meVqavH\S 5"pTLy-6Au`u &Aw4\JK^!gm Š,*#LF3UfA2j Aޗ.6!Jh.̡B&T狝f}TBjك:sEt6RffQ]{buޛ݇Yp4HG 5<$[zE0,wJP[(kE+IƱ 靉[0ԓ}WSt~$bIGZGiU4vǞQPؖeFmm&A~wS]G۵%- Z\ml!WR> % ZvRW3D8UNwk\  :LD ԁ(,}U>4:i3IZz0(`'pF\x?M< ވda웽d[?"p7òPͱZqtg!RFX_'VuǝEQ*ieԅX5;HRW:^a0X%^% Wt]p 2zQie';R:8 +&Žemi"  ~KrCX(\y ";INWį4V'^AUpG&^^ D]yh- !2ω[=#SQ;l ;ws[jQ<^EVmzǭDI#`zh(5mr HO^Ѱ,08eKO;S%D4qrRnΚBѱ!VGTtӂagݙ(B50~Rk <݃X ^i7Ї%q60G+0?J `ޏxN 2+LJMe(a8^)#ɏt  L`pQy}ih3{k,-T'6+t ) *s%tΨę+Fqu?ilfN鉮`F-p\7Gy㬷8`#` 26Ҭf EHٝp~ LɂOY˜!eu򗟵rOoJā`nA_YDi;Tõ_)Se'Q-U80Ѽj%" Oϱa&[  ^.k:Pr>*ib6,\qf/̙\z˓:6 "flx~4P?f5^r<o0(s,zj1A xlY)SSE~^(81)^IӰ r3o0DB`OFD bN,KI13N1bMV g)WA2n%j^[r*!g0"'M*Qa.>ݯ9ӽ91zEC 1tѝ=&ȺwxX ׈j[Uٶegi2X;x+  uZ/-ީhdō*38>Խ>]B7R`/P`YECwxw׹{9ƺ~LX;Gwջ*fpIkԿNJkbH-^5Xk*K2 &x$4u'.BJk.}vFCZ_TG ~t ٶCV 0RH]hU.XAFBed68b{Xdb=UifQΈl[<x&$6r n$4E"p 4y+Gmݐy/ჲtQ'ݗ)P?c7 !+쎧"𚧎 : @Gl{kuȋΠj]-X%&}ij %B++cmshq~i~x\Qigp߽q)h)4{G~x;7% ~v3` 3"MP]y U3^AP -.ep,k^lxE:%Zjܜ4H4[K]-ї3FSR&kW$|4⤎h4#Ж2Bn7øTc2ijm^ʻ/8@"CKWѣWHV̞0s+uzζ:1nG;f3;ZEˤ|`\0`U:_~DDc2ܳ3=L,mg5%e}^B>4DBWH3RAua^?#O`#]m0~(lۧc`@r+`*.z,1:$.)@d8\ oq0}ӝִ#fl!a{jK.]2T>ԓcnƓ>=z⻋ܬ ,*ڭԑZ J<✹|ͲPOQ5H z+EMK$#kJK K!I|]qYrm,Ҥb@Q#,R8KMxQJ }7Rf+P1L͸FhPYz56OT*?ç5޷)}λ$j*j -Qft^'inՕ-d}֪OUG#fuSo;/ǣ9_ϨtUĨ?I02"(:j}xeUu<>CʷZ;Җ34_1Vc,Z'oWN#`*2m`&PQ+N.ts=RlJoқ?))mI:]@Lȥ~F\kAbi nz[h!ZJY[43/eX2L[b3%؂jcUpz XpQ-֏:f>) EOLA=BՄA~'%Ѓ$d3̇: >P~}b> M(IIaՃDbR< (NĞ-ݘ=EZHT[ߧˈbwFgB2i:0P?!'T*I閬+ >-0pkmN8[?@Mrep>j7W@s# U1^XHⓐR uPgglu 24H~hX_ߵ\yxOϤ+j JWe$w–BS]jh"ϥ7JNDh?wDd yqL~>OD733EfmT+'U,B/!;qv'PoL"$^:DǁІ1 wSҧx\50Ô(_l`7_vG~ydEKBijZ=$3V7AGxh u9oUh.' ƭ0PEO;%13:\?P2`@6VW.x0I=eCUp'^^Ƿ\;#\Q[{UPUf#xUh (a Oy_fRePPC'‰~4u26Tte+^OlQ {F|IMJqP`ǞzJ QG=[)[Ɂi dAK7X/heW{K _U6\sya cګ5gj YB"Ly)KDhӍsu4ށ$O[OcC}Uh*FTG5 ѺVq"d[Ac)5Z/EK&dD&9LOܼJ7T iba%t,ī?Qםw_^mB`?y%݃O lO [ծ^t._;*+?[2k8UUrz^mq̬D1:*S[W ]ɇ0!YJ+\gh{OF`R?0pKCn{G5{dw8KTZX+oAP%vhZ* \&6 d{f&JGpacBPpTvBQW>g@dxSj +,5w sB-"[:~D+H8J|JG oH73՜> dmKC"L *ޮqeP L!wًR1XTZOH{7RбG(U~rԘ ?T<rOBy"jlDXlLCfũsnd=BU껏㐣uIyQ8,l$`7D;HrJ] b$"K82;G{~4^Q|┘<_Gq|րۓC7d$FRcfi9K?c,Uwb58)|}#o12J%)EUT~2=U{Z=`2L;陲M=ה[4|˕z1:|ktu,aaݳ?Vj?7Ro Bm;ڐ 9bY#KS!rưꢍv.8yZ9A!,ܪS5#he{cX40<^ʗX<.0v\\d$L٬iilJ4K`ty\W`c0,=}vsYUz;|_N?VT6[;ёlS;v :G.9Q|}c(uP5Pzy|/#~+G& 5iq|o42e7JoREzjv^ SvRCN}h8ՎP~ $yo]0YwD@;>;j~bOG8 os _X=L~u& cQ;& J@qYdp9>? 0u AF=Z Hϥ,s܏='ٻs2(561-[Ė;Ѝ+L! *^,8pb 6}/6xMdyԁA&vVs;ZߙGHCЮYז^mDgt\pfǼ@Gr>vzs:bW#(#hgq[Q&QCpb~o[G|f`)8:b` 2:Bcל(uy'?bFINt419U\6";Q‡PJ:̮-"}Ii."CcݿԊ!ݚX1K\?@`0?8p4]a+~46^)rϙ s+,XNGXH~t+"` <bwy4{P3z(k!:p5#ȝ6qg:>ZHų>7?)Q9>㗓U3 28>OѢ"%f[tz҉ )]X"5b ?%)VyᅁnTUQ l"b?^냓1>YIyJ  \orD]|[ڗs2aG=2=Ct4qp{k2?JbFd >,+:0TQ~6c@vT֙܉0u2Ifnb%) sZ+ĕ$w <T44q 3Ґpmʝʉుd\% rp|=.:6X@Z6t=O4.8 0~>4s#' mqr#a٫#}F̳Y4:}ƛZ[j<8IIaIEMa'\Ur%lnD`KD68j ͆ߢ~7WLd䘾܅\Vj= ^ AqӜ# و +fֈwEY4S!%])Kܞ.bݎ%(|(9 ٹq=,/3S,gRA-LlMjr|D~,˧4dDZr&2%NOibG-ϖ!Rg+ΣLiq`#։NL?cY imF }@*("+r^v$51|VPKĬ/< [ΐhi~@ @PD}DGǜ3+in2>wP5,7Y- V^߰}MB Vb`Y{y)h K|r;O (Df?/$_ښrN?l<3KY" o/; ^ZCdS LxנfXU+p >JC30,^))-z3׋XMP[.~)(P̙ 4S6*Ero:yzׂoL];5Nݕ<}mFo:6+QceO~Y=GaSB>Pinf x^|iwrɬmݮ۱.l+Ջ]:XәPA<%}&N.1l|ѱrzskFzD ޷W_WO0i)8ZŷwLQ ǘYxtpQj5hbCeHzBj}25Md]By+{D~Þ6+rD 䥽4(Lk֊1Unx`PH, |5t G%|cCyx<6(ōo$9HQ`3k ܜJFMye9}vrld -JzXցp>d251?n18D>dqʍ*d&:1h t="ۦs%]jBZ[fѩ8d˥?v^; *) B?I*8!ŝ nhG O*|PzZ(LD0i9?qMөnUcMO"4 >йs=?#7۵Hy, WWnMS` Im`7:'ًԪw|/?!3;x㭻];QFg*~!\,=?!p'ea,)< $fIQ_g]\N9 |3F뤊d2Z:B:gAU<#LޱKRRWoe&ǘ^dzX#n x~W}+v2!t" q`!Fd_HmӓO}Egېx5F6?^f.8ﲆ @PjA]@Y+h+TZ%6ݘy Ka2w@<mS#˴WP=w HH?B+Z[)BJ:lرsrQ$uywxR`6^ܡT=| ߚx[OŠ="xl=vloQd8XC/ڹi&}FcD?61r4DfmLRUoyM)=,?l PюVmT$ hmvsbGcySaA!Z3HEjρnr~jcuik4~>gjdwJDG+ zKLq[wKr:!i!iN?t C8n)YwO*fwLy"ɳ?!X}-&fchAC3F~aK3+B\Gwq߸G ƼB$ʶBLս^$L.{Fz4(*JQALǸ.S6 p.$0jGb1+4*6Aa;+g!M8lB6tԏZ0" v{~T+D05ǦV-!<1>u{΋pPBa;4Ӷ=8SϘ _4P&)&eB9diA%0eoso#._La*hk.[{܍b1aPVsVyF3+x].;l%f4æ=1fUf$08.% Rʵy *ѝcnXg}"ʼFMMl~߫T3/\"SmTNK].AP"Rc[FAOКq[)u̒hL5t$YЭv]dA Fm\<\n>/ixuTN"N.]+;זlBu=H-,:#̥p8V3q=K\f}=d>AP{wQF{Zb{\+QZ߯?,Uo?i/NsS>x,[ٖ*lpO&aH<ڬ?aF64U.!K֘ cr?3Lk}y rB2 ifn zwFt?EL6 U3)4|[N\Fh wȔfLA3J04Ulk=Iա fGyzDZ)(!~>:#%MfY4fυ -'uy+KH!_W.ٵ `R]+,9YeqYd|I\P8Zíd]L)Oچ6e[H.&#Z#HnX8G3N3<mʝ3:ӂlctf{ÿkn$or-w 19S]b.@HOӈ5naI#KNT"!6rc_eViɯ׺3m{I^2eES$,a*b9s9x'iTĻqhzTޗEXʘ6oC/1[ۃTi=RR@WxQ }Co=T#;!9'B[r*CmGQp, |ρŐlFGe8t6T˭^6e"|^giOyݩ*䡏UGV_~Hq9ƇaXO#ٚ+cZ[K2uM^(AGu篴ť(57YmA3_f+A0Z,U˼ОDTSβ@b$۠4糈XKDPn}'XeD['qW+[({}_=xΕn4O[Wcٳ)j$ot"lTvV4.zʮGs ++)XfCD .'{Z=nf!BlW~@b x@ٟf==o󑸝>a\ɂDt]AtV.lU:kS$GV嵵k0wVZzE-M|0&u;:A,?4t ѯdMjg=#F:\  ڮ,t(cF_Yv+#Le:;L l&e>6O#4ˊ&_py&m4*k(.Ջ8ܔb8繫͹0^_.:c bgc5Og%H= vR}8;l>r4Qt35|ڙ~L7`)Ug ˎsؠi|Ap6Y<ړ4cSE;(?qG1csU=dpNF-4XEaY0.*6'P`G=Qj2eW֭#KjYTM'RǢ UkiTlyqC%42ҮT7V}lT}= wG AP:g%IM= , 5m49'C$7^U G o{vt7XeP"u%Ux>;%[#!|^1Yr+`tr8:&|w6x"qpvKF`L! WLH ~a,hXV+Mx1 ŷ9P|(_] 7Wl1^p!@^%V;)lU?cʛ-h~JC;B] 9-1N2_.8,EC+u3%wG7mv',ZU =P|iRz}TR(or3n]x8Қq}ז<+?4@^ZK +O p]_Oe[},;e>*Yxe={%V5=;ǛJ ,2}'~4iC`]9X>oV~JzJĨ OZ3MStG1,G1q 5zz(>SB\U+;ZDw8.3uk1W.UA/j8WZΈ1 13qnʁ$H l}FU{w\SE/6m!0ӥN`M*ײ*nu݌G 'na\>LLKFfMB{ l vP"@^SG̛'gή4M1׸=ӄF 4W[Tj-c!(d"eqᙶ`:zAJS<لߝʡ8Nc">J4a#:M)J9_Yu]3>k@5M8ث[oEMp/oS֐ C+)a}IgY61Xˮ2J,_[ K>P,']+"9 qO,ʼngJԤͦD F5$H]pMڄ7)v5gZ’gܼ.ZwoN"fu O_wuؗ!ᜀ6 mq1Z/B-3;\wAƒȯxxe,Y5*)[WQ8ÓַJh. ~ވUyPF#CvX74Fj6鉄[LfR=uRC7n`CDnVęKs0*aUIäeO8=̓-}, nZ[!3Pc'(;2zey ^JH} 2/ghYȝf㣌ɇ'XD 󩍬=H>"GɈƷ`y˲eB[U,*FI |\v:\qXOnZCar ^|Aڟ>Q`7 F^5-2uKļb&&_jBʄ9OjWAB'/qZ}οvj*lV OFz[d;bMt##7ºghf0Yh?`EeDWu@':2}pd+m`[2s i=&ыbex? ި~63ҳ&ktk"EX*YApJ%U5d q>Kik;z8Mxokhg)xjNIAtuC#!=܍[1Iǩ }k˕q|$@e(lO[|tg߅W9U]$D#7c6D=alksߐv6cҎK5c򉾔Ed8"ݷ%S~'mJw^$ |l*E Z(l`Ug~&O weOT}d ~.-MMe4sgsr$@M.LOŪ;qgsmפm[0l©b jX?ȋR0dg-\ۃUj P.q$ߎɽWUűuM_p_w3HK>i}%tOcC!yʻDǂ&bPi <): s&Jo`ƟۑP{c8d]DЅBy[y8K>ID%?4lR^RzخQi#z!4% z oz zTh_Bܘ&)&˅:7 :֗4 Vc^Mv.}ygU :X%!JGkO[7`5}z.\ NKc%g^ ʿ}0AN7o;b.iim/(E_\;;ifaQ2׷,+״Q$RˏlAtdwlKJ]W/>?^;"VV𔄦Fб *w(Tg Ll(=M\M ψpM^7_?uIHWXƺ+ws)=Naff^).XqMhE#N\U!,IU^͂)]B0?#ԧ뗥?!FNF׫6 I7mUW4J_\Jߓe Tę'sڽ u QG \7ՎTk; Ś&ݏ%|lL>M!ks%֣z(O>ش ?r}~ouJKy `׈&,3ñqٽ4-pd?GsL#& 5<|Ƹ*;7L-Ow3!#geIzβz.{LDZ`ҏ1b* %GX"%SQ-hgKnq9\Ee{Tkۜ1O*9[~. xӅS p)"5ez#6rYti<(p<~PJЌƛC ;a?a}Ksn*b)KgZaᐕٗ1:^ { LC;띖@(bM+;\ %x/+gwO,. ڢe*OݮWfS¸ƨM!W`gq;VxrʠMME)ߥ[%T D`2!f00A ٚ^=|=(a9M /4S)]ECl'Z#652ְ_zv2 .0C*VW,.ar8HVtZN& y0+/.&ک\r}RlI'J"1r<' Dzz ac>gHInIB!F;U},%ML{F0My]"s? TK1Vi_3?u0%oo߆{<G(]ח>h'Ӏ6[A>RS}^ѻT'u*/ĵgV㊇Õ5tm:i{vqmVf v\Ң5[*L}&P34񓗭gɶY? "ӢX3q G9(sDj@TxhfЗUb@%T_ >'u oe$&~a1q|WJ)K} !zo)fPYuG57KnHL+{C%l2}{e}\}/[0rpT.~1+4K}V*8BxNdnRboOW|my):lE(򐕝#!` ݼMdE͗l>ǼP.x5x2]$bm"% L XkV%ءZډ>er,[-MBʏ Kz [X||M_-ߥuf2X,RC+'叼el6_\_Vc*ʓ>CB)qN cgd Ŗ ˈ/꡿ji4sށJU:VKDf2)~㢖d!-rvDNV:H2Ї Vɶ^FChQHp"ILw1c U.:hDu+8j#$2~N*ѾMiLzL SltΑvq}RcSF޴9@y ='Us?ʾ9p_q>\ܜFgdXdR:]3tIc|$X53E@סG`J!O t\4W 6Dd_/ G7DgBŰkq\0 3֨y}:YNsh0MA|}@J:@ڃ.夷2˛Xdc |˛4/@`_|AnVqoVМ|>nH6E, 0M-ڎdYd@`d0#}Oܻh/%,ƥvFy/""oA4~OOc ZϤHR& 47Z [e/D/)_H (.sg8LZWm@`nF{M= V)[?)Ϊ!ֲPMo|ڈMwoo2odRuW͔P O=O[5 "-98펛}[TaV#1͂e:INf]6a&bac ,ΨγB:@T'$WqLDPK;r7oAA4&zVӈNK t<; ޔs1Kzx\93w=<zJ-`g`_†LM =}d !N&r]=@xCWga3 ϰե,L Opɫ MI04HFใ rq͓/{7h!Σ]JUW|n`j]iY{g5H:%BME{ ~zϫ&f{rEF)\pCSXnҌ6l-zlx1{Cpt3Qr8|{*;iB2;9rf0)QL7)L^qO?kP=f'_Γ&FB>_+}W9ey7#)TлoH%ur8I~%]3%7.b&Nir)}#ObR{ gu@191+P0d^x/5ߵ!Wò[JX)nNKY,T>;cupjd鑆ghs\b[z||;p6%li"b;'D]+-CJ :eZz)&I:wFį^_#ug",@~Oliֶ?٣p!<g+شҍY?\*64)z3z-t #S'yֲg'쯠;JO12@ ~lyF)eToM9XmpcWo !Sqmȧ0!(;]`0*sxMݫuV*KL7 1W..)vš%n{7 sY Mф0!]UEI>Ż&.t;E Ӈd2hϭ,m5iװr@s4/ nxPZCX0vU,@Nrpc}\2s ¥@Q9IŶ;Xೂ-[.Hbz&9 l|4$qi z.`RX''դN\ıv>RlB4v#c۬ OjM]#"د}ځjmԝcV}eLZ+F1K N %& y X1d~j\]qgp,r|Bl[$]o |wH\HNdZEDr $XжpWM˸QR[QI3saAL׹kr*D>o:V4/<#ɠqڱOaB "T2&:lᬤ G`C7.TZ z^EZD8=FtuBr9>OyeGSNYV~%ms'\)>YUzԧv[m5UCnkHqv'0leT/a=vu]_nedC\Ml7b%\L̺ëG(`Dݛ߽-C6"J 0"yٟK=zt+WY*#cX?v/e/TæȲ1兄9F2 @~ch8$ ӕo;[-?40+ΩyMx0IZ/vZN BB՘'kf+WlCā*l% %8ZFݫ!W,N;\6A0BVLgox )dz %i$ߚ$_ijsĩ»A7;+:'r+V']=6C4K,-b2c)= #H"6]}#-g&88 ]f~wk%z(ӴljrFbGpwhg]zPL/Cl"=?4<>cMpc\/9@ݑg[\1@nd%&-Q4I&X}5bTyq`u^-!Y`)+|.yyE;'Ѐ17iY^^j]gE|dz8#Bβj芷w |5؇cZm]!r%Ƙ[~h$faʚ'LxpYM^Ox#; w`?9=nb_N֫ I1c=z )(,ܽJr/<ܟq iP0-F@3Bx L>{ح^LFZO&SM.$SPe3v v@f!e0gis \c a맨^u,s#\֐XCI{3K7"X& Ǫoyl|n >0CC;CAױֹ-/N6,)2ǐ ADWJ:a6cKdIcdRmԽpBHWJ!^+dv^sw[cfp(? -ˍPQH&~1/DU?&5A9DcEI {n\Jf_CC\:yd5[j 8~5~S->EdF҅m%eD< V,)6R؝.IRr:gV5ojN {$n-GZqÂ`X!K(bGW)Lq琧Teo)T׫MyoN>ಁC=hρ)qq#r>TV %4we+A&@-g-Z}rW9gfn FA1HoR`IGUKE22mW?K]`6V{/'n5PYLdmN;]DVc:F ?+>/CR_;NY;m,@rcXeG,y>e·NGcf0I>:ti l[}_7ܷag}^/r1Ec\ݴ z6u+;2s4L thb2y7UahFBPz1BB=(NߠHlJBGLy%`%Ku1i=ip،> k>#!qށv 6B;9^B6}k[u| >B -}Rvu Q>fsR nt͢+_&L_~kZNc)1HD`ͯ0%=Aç埭|܅hlia+-|%/A+ 8*ݵ%y3II"L wF)PoyT'tM fڠ؁w J_CG|׋7ܥ7H$,4treFd<{YDƞ V_<.2Hk̏ ni.e.36z<\?T;V7M ?{EÔ 3]4