1This is the Postfix 3.10 stable release. 2 3The stable Postfix release is called postfix-3.10.x where 3=major 4release number, 10=minor release number, x=patchlevel. The stable 5release never changes except for patches that address bugs or 6emergencies. Patches change the patchlevel and the release date. 7 8New features are developed in snapshot releases. These are called 9postfix-3.11-yyyymmdd where yyyymmdd is the release date (yyyy=year, 10mm=month, dd=day). Patches are never issued for snapshot releases; 11instead, a new snapshot is released. 12 13The mail_release_date configuration parameter (format: yyyymmdd) 14specifies the release date of a stable release or snapshot release. 15 16If you upgrade from Postfix 3.8 or earlier, please read RELEASE_NOTES-3.9 17before proceeding. 18 19Dual license 20------------ 21 22As of Postfix 3.2.5 this software is distributed with a dual license: 23in addition to the historical IBM Public License (IPL) 1.0, it is 24now also distributed with the more recent Eclipse Public License 25(EPL) 2.0. Recipients can choose to take the software under the 26license of their choice. Those who are more comfortable with the 27IPL can continue with that license. 28 29Major changes - tls 30------------------- 31 32[Forward compatibility 20250212] Support for OpenSSL 3.5 post-quantum 33cryptography. To manage algorithm selection, OpenSSL introduces new 34TLS group syntax that Postfix will not attempt to imitate. Instead, 35Postfix now allows the tls_eecdh_auto_curves and tls_ffdhe_auto_groups 36parameter values to have an empty value. When both are set empty, 37the algorithm selection can be managed through OpenSSL configuration. 38For more, look for "Post-quantum" in the postconf(5) manpage. 39 40[Feature 20250117] Support for the RFC 8689 "TLS-Required: no" 41message header to request delivery of messages such as TLSRPT 42summaries even if the preferred TLS security policy cannot be 43enforced. This limits the Postfix SMTP client to "smtp_tls_security_level 44= may" which does not authenticate server certificates and which 45allows falling back to plaintext. 46 47Support for the REQUIRETLS SMTP service extension remains future work. 48 49[Feature 20240926] Support for the TLSRPT protocol (defined in RFC 508460). With this, a domain can publish a policy in DNS, and request 51daily summary reports for successful and failed SMTP-over-TLS 52connections to that domain's MX hosts. 53 54Postfix supports TLSRPT summaries for DANE (built-in) and MTA-STS 55(via an smtp_tls_policy_maps plugin). For details, see TLSRPT_README. 56 57Major changes - privacy 58----------------------- 59 60[Feature 20250205] With "smtpd_hide_client_session = yes", the 61Postfix SMTP server generates a Received: header without client 62session info This setting may be used with the MUA submission 63services (port 465 and 587), but it must not be used with the MTA 64service (port 25). 65 66Depending on the number of recipients, a redacted Received: header 67has one of the following forms: 68 69Received: by mail.example.com (Postfix) id postfix-queue-id 70 for <user@example.com>; Day, dd Mon yyyy hh:mm:ss tz-offset (zone) 71 72Received: by mail.example.com (Postfix) id postfix-queue-id 73 Day, dd Mon yyyy hh:mm:ss tz-offset (zone) 74 75The redacted form hides that a message was received with SMTP, and 76therefore it does not need to provide the information required by 77RFC 5321. It only has to satisfy RFC 5322. 78 79Major changes - rfc2047 80----------------------- 81 82[Feature 20250105] Support for automatic RFC 2047 encoding of 83non-ASCII "full name" information in Postfix-generated From: message 84headers. Encoding non-ASCII full names can avoid the need to use 85SMTPUTF8, and therefore can avoid incompatibility with sites that 86do not support SMTPUTF8. 87 88The encoded result looks like "=?charset?Q?gibberish?=: for 89quoted-printable encoding, or "=?charset?B?gibberish?=" for base64 90encoding. Postfix uses quoted-printable for a full name that is 91short or mostly ASCII, and uses base64 otherwise. 92 93Background: when a message without a From: header is submitted with 94the Postfix sendmail(1) command, Postfix may add a From: header and 95use the sender's full name specified with the Postfix sendmail(1) 96"-F" option, with the sendmail(1) "NAME" environment variable, or 97with the GECOS field in the UNIX password database. 98 99This introduces a new configuration parameter "full_name_encoding_charset" 100(default: utf8) which specifies the character set of the full name 101information in the Postfix sendmail(1) "-F" option or "NAME" 102environment variable, or in the GECOS field in the UNIX password 103database. The parameter value becomes part of the encoded full name, 104and informs a Mail User Agent how to display the decoded gibberish. 105 106Major changes - bugfix 107---------------------- 108 109[Incompat 20241130] The spawn(8) daemon failed to enforce the command 110time limit. It was sending the SIGKILL signal using the wrong 111effective UID and GID. The pipe(8) daemon has always done this 112right. 113 114Major changes - database 115------------------------ 116 117[Feature 20250207] When mysql: or pgsql: configuration specifies 118a single host, assume that it is a load balancer and reconnect 119immediately after a single failure, instead of failing all requests 120for 60s. 121 122[Feature 20250114] first/next iterator support for cdb: tables, and 123other cdb: table code cleanups by Michael Tokarev. 124 125[Feature 20241024] In a pgsql: client configuration, the setting 126"dbname" is required, but ignored when the setting "hosts" contains 127an URI with a database name. 128 129[Feature 20241025] The Postfix pgsql: client configuration now 130allows any well-formed URI prefix as a pgsql: client connection 131target (the PostgreSQL URI parser decides what is allowed). The 132dbname setting is now optional if the hosts setting specifies only 133URIs. 134 135Major changes - internal protocol 136--------------------------------- 137 138[Incompat 20250116] Postfix needs "postfix reload" after upgrade, 139because of a change in the delivery agent protocol. If this step 140is skipped, Postfix delivery agents will log a warning: 141 142 unexpected attribute smtputf8 from xxx socket (expecting: sendopts) 143 144where xxx is the delivery agent service name. 145 146Major changes - milter 147---------------------- 148 149[Incompat 20250106] The logging of the Milter 'quarantine' action 150has changed. Instead of logging "milter triggers HOLD action", it 151logs the reason given by a Milter application, or "default_action" 152if a Milter application was unavailable and the milter_default_action 153parameter or per-Milter "default_action" property specifies 154"quarantine". 155 156[Feature 20250106] The Postfix Milter implementation now logs the 157reason for a 'quarantine' action, instead of "milter triggers HOLD 158action". 159 160- If the quarantine action was requested by a Milter application, 161 Postfix will log the reason given by the application. 162 163- If the quarantine action was requested with the "milter_default_action" 164 parameter setting or with a per-Milter "default_action" property, 165 Postfix will log "default_action". 166 167Major changes - logging 168----------------------- 169 170[Feature 20250106] The Postfix Milter implementation now logs the 171reason for a 'quarantine' action, instead of "milter triggers HOLD 172action". 173 174- If the quarantine action was requested by a Milter application, 175 Postfix will log the reason given by the application. 176 177- If the quarantine action was requested with the "milter_default_action" 178 parameter setting or with a per-Milter "default_action" property, 179 Postfix will log "default_action". 180 181[Incompat 20250105] The SMTP server now logs the queue ID (or 182"NOQUEUE") when a connection ends abnormally (timeout, lost connection, 183or too many errors). 184 185[Feature 20250105] The SMTP server now logs the queue ID (or 186"NOQUEUE") when a connection ends abnormally (timeout, lost connection, 187or too many errors). 188 189[Incompat 20241104] The cleanup server now logs "queueid: canceled" 190when a message transaction is started but not completed. 191 192[Feature 20241104] The cleanup server now logs "queueid: canceled" 193when a message transaction is started but not completed. This 194provides a clear signal to logfile collation tools. 195 196[Incompat 20241031] the Dovecot SASL client logging for "Invalid 197authentication mechanism" now includes the name of that mechanism. 198 199[Incompat 20241023] Postfix SMTP server 'reject' logging now shows 200the sasl_method, sasl_username, and sasl_sender if available. 201