This is the Postfix 3.3 (stable) release. The stable Postfix release is called postfix-3.3.x where 3=major release number, 3=minor release number, x=patchlevel. The stable release never changes except for patches that address bugs or emergencies. Patches change the patchlevel and the release date. New features are developed in snapshot releases. These are called postfix-3.4-yyyymmdd where yyyymmdd is the release date (yyyy=year, mm=month, dd=day). Patches are never issued for snapshot releases; instead, a new snapshot is released. The mail_release_date configuration parameter (format: yyyymmdd) specifies the release date of a stable release or snapshot release. If you upgrade from Postfix 3.1 or earlier, read RELEASE_NOTES-3.2 before proceeding. Runtime detection of DNSSEC support ----------------------------------- The Postfix build system will no longer automatically disable DNSSEC support when it determines that Postfix will use libc-musl. This removes the earlier libc-musl workaround for Postfix 3.2.15, 3.3.10, 3.4.12, and 3.5.2. Now, when a Postfix process requests DNSSEC support (typically, for Postfix DANE support), the process may do a runtime test to determine if DNSSEC validation is available. DNSSEC support may be broken because of local configuration, libc incompatibility, or other infrastructure issues. Background: DNSSEC validation is needed for Postfix DANE support; this ensures that Postfix receives TLSA records with secure TLS server certificate info. When DNSSEC validation is unavailable, mail deliveries using opportunistic DANE will not be protected by server certificate info in TLSA records, and mail deliveries using mandatory DANE will not be made at all. The dnssec_probe parameter specifies the DNS query type (default: "ns") and DNS query name (default: ".") that Postfix may use to determine whether DNSSEC validation is available. Specify an empty value to disable this feature. By default, a Postfix process will send a DNSSEC probe after 1) the process made a DNS query that requested DNSSEC validation, 2) the process did not receive a DNSSEC validated response to this query or to an earlier query, and 3) the process did not already send a DNSSEC probe. When the DNSSEC probe has no response, or when the response is not DNSSEC validated, Postfix logs a warning that DNSSEC validation may be unavailable. Examples: warning: DNSSEC validation may be unavailable warning: reason: dnssec_probe 'ns:.' received a response that is not DNSSEC validated warning: reason: dnssec_probe 'ns:.' received no response: Server failure This feature was backported from Postfix 3.6. libc-musl workaround for Postfix 3.2.15, 3.3.10, 3.4.12, and 3.5.2 ------------------------------------------------------------------ Security: this release disables DANE support on Linux systems with libc-musl, because libc-musl provides no indication whether DNS responses are authentic. This broke DANE support without a clear explanation. TLS Workaround for Postfix 3.4.6, 3.3.5, 3.2.10 and 3.1.13 ----------------------------------------------------------- This release introduces a workaround for implementations that hang Postfix while shutting down a TLS session, until Postfix times out. With "tls_fast_shutdown_enable = yes" (the default), Postfix no longer waits for a remote TLS peer to respond to a TLS 'close' request. This behavior is recommended with TLSv1.0 and later. Specify "tls_fast_shutdown_enable = no" to get historical Postfix behavior. License change --------------- This software is distributed with a dual license: in addition to the historical IBM Public License 1.0, it is now also distributed with the more recent Eclipse Public License 2.0. Recipients can choose to take the software under the license of their choice. Those who are more comfortable with the IPL can continue with that license. Major changes - compatibility safety net ---------------------------------------- [20180106] With compatibility_level < 1, the Postfix SMTP server now warns for mail that would be blocked by the Postfix 2.10 smtpd_relay_restrictions feature, without blocking that mail. This extends the compatibility safety net for sites that upgrade from earlier Postfix versions (questions on the postfix-users list show there is a steady trickle). See COMPATIBILITY_README for details. Major changes - configuration ----------------------------- [20170617] The postconf command now warns about unknown parameter names in a Postfix database configuration file. As with other unknown parameter names, these warnings can help to find typos early. [20180113] New read-only service_name parameter that contains the master.cf service name of a Postfix daemon process (it that is empty in a non-daemon process). This can make Postfix SMTP server logging logging distinct by setting the syslog_name in master.cf with "-o syslog_name=postfix/$service_name" for the "submission" and "smtps" services, and can make Postfix SMTP client distinct by setting "-o syslog_name=postfix/$service_name" for the "relay" service. Major changes - container support --------------------------------- [20171218] Preliminary support to run Postfix in the foreground, with "postfix start-fg". This requires that Postfix multi-instance support is disabled. To receive Postfix syslog information on the container's host, mount the host's /dev/log socket inside the container (example: "docker run -v /dev/log:/dev/log ..."), and specify a distinct Postfix "syslog_name" prefix that identifies the logging from the Postfix instance. Postfix does not log systemd events. Major changes - database support --------------------------------- [20170617] The postconf command warns about unknown parameter names in a Postfix database configuration file. [20171227] The pgsql_table(5) hosts parameter now supports the postgresql:// URI syntax. Contributed by Magosányi Árpád. Major changes - header format ----------------------------- [20180010] This release changes the format of 'full name' information in Postfix-generated From: headers, when a local program such as /bin/mail submits a message without From: header. Postfix-generated From: headers with 'full name' information are now formatted as "From: name
" by default. Specify "header_from_format = obsolete" to get the earlier form "From: address (name)". See the postconf(5) manpage for more details. Major changes - invisible changes --------------------------------- [20170617] Additional paranoia in the VSTRING implementation: a null byte after the end of vstring buffers (this is a safety net so that C-style string operations won't scribble past the end); earlier detection of bad length and precision format string specifiers (these are the result of programming error, as Postfix format strings cannot be specified externally). Major changes - milter support ------------------------------ [20171223] Milter applications can now send RET and ENVID parameters in SMFIR_CHGFROM (change envelope sender) requests. Major changes - mixed IPv6/IPv4 support --------------------------------------- [20170505] Workaround for mail delivery problems when 1) both Postfix IPv6 and IPv4 support are enabled, 2) some destination announces more primary IPv6 MX addresses than primary IPv4 MX addresses, 3) the destination is unreachable over IPv6, and 4) Postfix runs into the smtp_mx_address_limit before it can try to deliver over IPv4. When both Postfix IPv6 and IPv4 support are enabled, the Postfix SMTP client will now relax MX preferences so that it can schedule similar numbers of IPv4 and IPv6 destination addresses. This ensures that an IPv6 connectivity problem will not prevent mail from being delivered over IPv4 (and vice versa). Specify "smtp_balance_inet_protocols = no" to disable this workaround. Major changes - xclient ----------------------- [20171218] The Postfix SMTP server now allows the XCLIENT command before STARTTLS when TLS is required. This is useful for servers that run behind a reverse proxy server such as nginx.