The stable Postfix release is called postfix-2.2.x where 2=major
-release number, 2=minor release number, x=patchlevel. The stable
+release number, 3=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
-postfix-2.3-yyyymmdd where yyyymmdd is the release date (yyyy=year,
+postfix-2.4-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
-Incompatibility with Postfix 2.1 and earlier
-============================================
+Major changes - critical
+------------------------
-If you upgrade from Postfix 2.1 or earlier, read RELEASE_NOTES-2.2
-before proceeding.
+See RELEASE_NOTES_2.2 if you upgrade from Postfix 2.1 or earlier.
-Major changes with snapshot 20060626
-====================================
+Postfix internal protocols have has changed. You need to "postfix
+reload" or restart Postfix, otherwise many servers will log warning
+messages with "unexpected attribute" or "problem talking to service
+rewrite: Unknown error: 0", and mail will not be delivered.
-Both the SMTP client and server can be configured without a client
-or server certificate. An SMTP server without certificate can use
-only anonymous ciphers, and will not interoperate with most clients.
+[Incompat 20060515] Milter support introduces a three new queue
+file record types. Queue files created with this Postfix version
+will be understood by older Postfix versions ONLY if Milter support
+is turned off, which is the default.
-The SMTP server supports anonymous ciphers when client certificates
-are not requested or required, and the administrator has not excluded
-the "aNULL" OpenSSL cipher type with smtpd_tls_exclude_ciphers.
-
-The SMTP client supports anonymous ciphers when no server certificate
-is required (notably Postfix 2.3 in "opportunistic" mode) and the
-administrator has not excluded the "aNULL" OpenSSL cipher type with
-smtp_tls_exclude_ciphers.
-
-Instead of cipher lists you can now specify cipher grades. The
-smtp_tls_mandatory_ciphers, lmtp_tls_mandatory_ciphers and
-smtpd_tls_ciphers parameters specify one of "high", "medium", "low",
-"export" or "null". See TLS_README for details.
-
-Incompatibility with Postfix snapshot 20060614
-==============================================
-
-The smtp_sasl_tls_verified_security_options feature is not yet
-complete, and will therefore not appear in the stable Postfix 2.3
-release.
-
-New smtp_tls_mandatory_protocols feature used for mandatory TLS
-destinations. The default value is "SSLv3, TLSv1". SSLv2 is by
-default no longer used with mandatory TLS.
-
-The smtp_tls_cipherlist parameter only applies when TLS is mandatory,
-it is ignored for opportunistic TLS sessions.
-
-At (lmtp|smtp|smtpd)_tls_loglevel >= 2, Postfix now also logs TLS
-session cache activity. Use level 2 and higher for debugging only,
-use levels 0 or 1 as production settings.
-
-Major changes with snapshot 20060614
-====================================
-
-New design of the TLS policy interface (minimum security levels,
-cipher and protocol selection).
-
-New smtp_tls_security_level parameter obsoletes the unnecessarily
-complex smtp_use_tls, smtp_enforce_tls and smtp_tls_enforce_peername
-parameters. Use smtp_tls_security_level instead. The old parameters
-will be removed in a future Postfix release.
-
-New smtp_tls_policy_maps feature obsoletes smtp_tls_per_site, the
-old feature is only used when smtp_tls_policy_maps is not set. Use
-smtp_tls_policy_maps instead. This also implements parent domain
-matching for destinations that are bare domains (without enclosing
-[] or optional :port suffix). One can now set TLS policy for a
-domain and all sub-domains.
-
-New smtpd_tls_protocols parameter complements the
-smtp_tls_mandatory_protocols parameter, only recommended for MSA
-configurations, not MX hosts.
-
-The unified SMTP/LMTP client now has complete sets of configuration
-parameters for each protocol.
+Major changes - DNS lookups
+---------------------------
-Incompatibility with snapshot 20060611
-======================================
+[Incompat 20050726] Name server replies that contain a malformed
+hostname are now flagged as permanent errors instead of transient
+errors. This change works around a questionable proposal to use
+syntactically invalid hostnames in MX records.
-Postfix internal protocols have has changed. You need to "postfix
-reload" or restart Postfix, otherwise the cleanup server or delivery
-agents will log "unexpected attribute" warnings and mail will not
-be delivered.
+Major changes - DSN
+-------------------
-Incompatibility with snapshot 20060515
-======================================
+[Feature 20050615] DSN support as described in RFC 3461 .. RFC 3464.
+This gives senders control over successful and failed delivery
+notifications. DSN involves extra parameters to the SMTP MAIL FROM
+and RCPT TO commands, as well as extra Postfix sendmail command
+line options that provide a sub-set of the functions of those extra
+SMTP command parameters.
-Milter support introduces a three new queue file record types. Queue
-files created with this Postfix version will be understood by older
-Postfix versions ONLY if Milter support is turned off, which is
-the default.
-
-Milter support introduces new logging event types: milter-reject,
-milter-discard and milter-hold, that identify actions from Milter
-applications. This may affect logfile processing software.
-
-Major changes with snapshot 20060515
-====================================
-
-Milter (mail filter) application support, compatible with Sendmail
-version 8. This allows you to run a large number of plug-ins to
-reject unwanted mail and to sign mail with, for example, domain
-keys. All Milter functions are implemented except replacing the
-message body, which will be added later. Milters are before-queue
-filters, so they don't change the queue ID.
+See DSN_README for details. Some implementation notes are in
+implementation-notes/DSN.
+
+[Incompat 20050828] When the cleanup server rejects the content or
+size of mail that was submitted with the Postfix sendmail command,
+forwarded with the local(8) delivery agent, or that was re-queued
+with "postsuper -r", Postfix no longer sends DSN SUCCESS notification
+of virtual alias expansions. Since all the recipients are reported
+as failed, the SUCCESS notification seems redundant.
+
+[Incompat 20050615] The new DSN support conflicts with VERP support.
+For Sendmail compatibility, Postfix now uses the sendmail -V command
+line option for DSN. In order to request VERP style delivery, you
+must now specify -XV instead of -V. The Postfix sendmail command
+will recognize if you try to use -V for VERP-style delivery. It
+will do the right thing and will remind you of the new syntax.
+
+Major changes - LMTP client
+---------------------------
+
+[Feature 20051208] The SMTP client now implements the LMTP protocol.
+Most but not all smtp_xxx parameters have an lmtp_xxx "ghost"
+parameter. This means there are lot of new LMTP features, including
+support for TLS and for the shared connection cache.
+
+[Feature 20060614] The unified SMTP/LMTP client now has complete
+sets of configuration parameters for each protocol.
+
+[Incompat 20051208] The LMTP client now reports the server as
+"myhostname[/path/name]". With the real server hostname in delivery
+status reports, the information will be more useful.
+
+Major changes - Milter support
+------------------------------
+
+[Feature 20060515] Milter (mail filter) application support,
+compatible with Sendmail version 8.13.6 and earlier. This allows
+you to run a large number of plug-ins to reject unwanted mail and
+to sign mail with, for example, domain keys. All Milter functions
+are implemented except replacing the message body, which will be
+added later. Milters are before-queue filters, so they don't change
+the queue ID.
See the MILTER_README document for a discussion of how to use Milter
support with Postfix.
-Incompatibility with snapshot 20060611
-======================================
-
-The PostgreSQL client was updated after the PostgreSQL developers
-made major database API changes in response to SQL injection problems.
-This breaks support for PGSQL versions prior to 8.1.4, 8.0.8, 7.4.13,
-and 7.3.15. Support for these requires major code changes which are
-not possible in the time that is left for completing the Postfix
-2.3 stable release.
-
-The SMTP server XCLIENT implementation has changed. The SMTP server
-now resets state to the initial server greeting stage, so that it
-can accurately simulate the effect of connection-level access
-restrictions. Without this change, XCLIENT will not work at all
-with Milter applications.
-
-The SMTP server XCLIENT and XFORWARD commands now expect that
-attributes are xtext encoded (RFC 1891). For backwards compatibility
-they will accept unencoded attribute values. The XFORWARD client
-code in the SMTP client and in the SMTPD_PROXY client will always
-encode attribute values. This change will have effect only for
-malformed hostname and helo parameter values.
-
-For more details, see the XCLIENT_README and XFORWARD_README
-documents.
-
-Incompatibility with snapshot 20060207
-======================================
-
-The Postfix SMTP server no longer complains when TLS support is not
-compiled in, but permit_tls_clientcerts, permit_tls_all_clientcerts,
-or check_ccert_access are used. These features now are effectively
-ignored. However, the reject_plaintext_session feature is not
-ignored and will reject mail.
-
-Incompatibility with snapshot 20060123
-======================================
-
-Postfix now preserves uppercase information while mapping addresses
-with canonical, virtual, relocated or generic maps; this happens
-even with $number substitutions in regular expression maps. However,
-the local(8) and virtual(8) delivery agents still fold addresses
-to lower case.
-
-By default, Postfix now folds the search string to lowercase only
-with tables that have fixed-case lookup fields such as btree:,
-hash:, dbm:, ldap:, or *sql:. The search string is no longer case
-folded with tables whose lookup fields can match both upper or lower
-case, such as regexp:, pcre:, or cidr:.
-
-For safety reasons, Postfix no longer allows $number substitution
-in regexp: or pcre: transport tables or per-sender relayhost tables.
-
-Major changes with snapshot 20060123
-====================================
+[Incompat 20060515] Milter support introduces a three new queue
+file record types. Queue files created with this Postfix version
+will be understood by older Postfix versions ONLY if Milter support
+is turned off, which is the default.
-Postfix now does a better job at preserving upper/lower case
-information while transforming addresses. The table lookup code
-was revised, and is now more careful about when it folds search
-strings to lower case. As a side effect, Postfix now also does a
-better job at being case insensitive where it should, for example
-while searching per-host TLS policies or SASL passwords.
+[Incompat 20060515] Milter support introduces new logfile event
+types: milter-reject, milter-discard and milter-hold, that identify
+actions from Milter applications. This may affect logfile processing
+software.
-Some obscure behavior was eliminated from the smtp_tls_per_site
-feature, without changes to the user interface. Some Postfix internals
-had to be re-structured in preparation for a more general TLS policy
-mechanism; this required that smtp_tls_per_site be re-implemented
-from scratch.
+Major changes - SASL authentication
+-----------------------------------
-Postfix 2.3 is expected to provide a new per-site TLS policy mechanism
-that eliminates DNS spoofing attacks more effectively; the legacy
-smtp_tls_per_site feature will be kept intact for a few releases
-so that sites can upgrade Postfix without being forced to use a
-different TLS policy mechanism.
-
-Incompatibility with snapshot 20060112
-======================================
-
-The queue manager delivery request protocol has changed. You must
-reload Postfix when upgrading. If you omit this step, delivery
-agents complain with "warning: unexpected attribute original_recipient"
-and mail will not be delivered.
-
-The Postfix SMTP/LMTP client by default no longer allows DNS CNAME
-records to override the server hostname that is used for logging,
-SASL password lookup, TLS policy selection and TLS server certificate
-verification. Specify "smtp_cname_overrides_servername = yes" to get
-the old behavior.
-
-Postfix DSN reports no longer make up their own surrogate SMTP
-replies for errors that were not reported by a remote SMTP server.
-
-Incompatibility with snapshot 20060103
-======================================
-
-The Postfix SMTP/LMTP client no longer defers mail when it receives
-a malformed SMTP server reply in a session with command pipelining.
-When helpful warnings are enabled, it will suggest that command
-pipelining be disabled for the affected destination.
-
-Major changes with snapshot 20051222
-====================================
-
-Dovecot SASL support (SMTP server only). Details can be found
-in the SASL_README document.
-
-You can now use "resolve_numeric_domain = yes" to stop Postfix
-from rejecting user@ipaddress as an invalid destination. It will
-deliver the mail to user@[ipaddress] instead.
-
-Incompatibility with snapshot 20051220
-======================================
-
-The Postfix-with-Cyrus-SASL build procedure has changed. You now
-need to specify -DUSE_CYRUS_SASL in addition to -DUSE_SASL_AUTH or
-else you end up without any Cyrus SASL support. The error messages
-are:
-
- unsupported SASL server implementation: cyrus
- unsupported SASL client implementation: cyrus
-
-Major changes with snapshot 20051220
-====================================
-
-Plug-in support for SASL authentication in the SMTP server and in
-the SMTP+LMTP client. With this, Postfix can support multiple SASL
-implementations without source code patches. Some distributors may
-even make SASL support a run-time linking option, just like they
-do with Postfix lookup tables.
+[Feature 20051220] Plug-in support for SASL authentication in the
+SMTP server and in the SMTP+LMTP client. With this, Postfix can
+support multiple SASL implementations without source code patches.
+Some distributors may even make SASL support a run-time linking
+option, just like they already do with Postfix lookup tables.
Hints and tips for plug-in developers are in the xsasl/README file.
and lmtp_sasl_path. These are better left alone; they are introduced
for the convenience of other SASL implementations.
-Incompatibility with snapshot 20051208
-======================================
+[Feature 20051222] Dovecot SASL support (SMTP server only). Details
+can be found in the SASL_README document.
-The fallback_relay feature is renamed to smtp_fallback_relay, to
-make clear that the combined SMTP+LMTP client uses this setting
-only for SMTP deliveries. The old name still works.
+[Incompat 20051220] The Postfix-with-Cyrus-SASL build procedure has
+changed. You now need to specify -DUSE_CYRUS_SASL in addition to
+-DUSE_SASL_AUTH or else you end up without any Cyrus SASL support.
+The error messages are:
-The LMTP client now reports the server as "myhostname[/path/name]".
-With the real server hostname in delivery status reports, the
-information will be more useful.
+ unsupported SASL server implementation: cyrus
+ unsupported SASL client implementation: cyrus
-Major changes with snapshot 20051208
-====================================
+[Feature 20051125] This snapshot adds support for sender-dependent
+ISP accounts.
-The SMTP client now implements the LMTP protocol. Most but not all
-smtp_xxx parameters have an lmtp_xxx "ghost" parameter. This means
-there are lot of new LMTP features, including support for TLS and
-for the shared connection cache. There are no lmtp_xxx "ghost"
-parameters for the HELO or EHLO commands, because those commands
-exist only in SMTP.
+- Sender-dependent smarthost lookup tables. The maps are searched
+ with the sender address and with the sender @domain. The result
+ overrides the global relayhost setting, but otherwise has identical
+ behavior. See the postconf(5) manual page for more details.
+
+ Example:
+ /etc/postfix/main.cf:
+ sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
+
+- Sender-dependent SASL authentication support. This disables SMTP
+ connection caching to ensure that mail from different senders
+ will use the correct authentication credentials. The SMTP SASL
+ password file is first searched by sender address, and then by
+ the remote domain and hostname as usual.
+
+ Example:
+ /etc/postfix/main.cf:
+ smtp_sasl_auth_enable = yes
+ smtp_sender_dependent_authentication = yes
+ smtp_sasl_password_maps = hash:/etc/postfix/sasl_pass
+
+Major changes - SMTP client
+---------------------------
-Incompatibility with snapshot 20051202
-======================================
+[Feature 20051208] The SMTP client now implements the LMTP protocol.
+Most but not all smtp_xxx parameters have an lmtp_xxx "ghost"
+parameter. This means there are lot of new LMTP features, including
+support for TLS and for the shared connection cache. There are no
+lmtp_xxx "ghost" parameters for the HELO or EHLO commands, because
+those commands exist only in SMTP.
-The Postfix SMTP daemon will not receive mail from the network if
-it isn't running with postfix mail_owner privileges. This prevents
-surprises when, for example, "sendmail -bs" is configured to run
-as root from xinetd.
+[Feature 20060614] The unified SMTP/LMTP client now has complete
+sets of configuration parameters for each protocol.
-Incompatibility with snapshot 20051125
-======================================
+[Incompat 20060112] The Postfix SMTP/LMTP client by default no
+longer allows DNS CNAME records to override the server hostname
+that is used for logging, SASL password lookup, TLS policy selection
+and TLS server certificate verification. Specify
+"smtp_cname_overrides_servername = yes" to get the old behavior.
-You MUST stop and restart Postfix, because the address resolver
-protocol has changed. If you don't stop and restart Postfix, you
-will have an endless stream of warning messages with "problem talking
-to service rewrite: Unknown error: 0" and "warning: unexpected
-attribute address in input from rewrite socket".
+[Incompat 20060103] The Postfix SMTP/LMTP client no longer defers
+mail when it receives a malformed SMTP server reply in a session
+with command pipelining. When helpful warnings are enabled, it
+will suggest that command pipelining be disabled for the affected
+destination.
-Major changes with snapshot 20051125
-====================================
+[Incompat 20051208] The fallback_relay feature is renamed to
+smtp_fallback_relay, to make clear that the combined SMTP+LMTP
+client uses this setting only for SMTP deliveries. The old name
+still works.
-This snapshot adds support for sender-dependent ISP accounts.
+[Feature 20051125] This snapshot adds support for sender-dependent
+ISP accounts.
- Sender-dependent smarthost lookup tables. The maps are searched
with the sender address and with the sender @domain. The result
smtp_sender_dependent_authentication = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_pass
-Incompatibility with snapshot 20051121
-======================================
+[Incompat 20051106] The relay=... logging has changed and now
+includes the remote SMTP server port number as hostname[hostaddr]:port.
-For compatibility reasons, the permit_mx_backup feature will accept
-mail for authorized destinations (see permit_mx_backup for definition).
-Only with other destinations will it require that the local MTA is
-listed as non-primary MX.
+[Incompat 20051026] The smtp_connection_cache_reuse_limit parameter
+(which limits the number of deliveries per SMTP connection) is
+replaced by the new smtp_connection_reuse_time_limit parameter (the
+time after which a connection is no longer stored into the connection
+cache).
-Incompatibility with snapshot 20051120
-======================================
+[Feature 20051026] This snapshot addresses a performance stability
+problem with remote SMTP servers. The problem is not specific to
+Postfix: it can happen when any MTA sends large amounts of SMTP
+email to a site that has multiple MX hosts. The insight that led
+to the solution, as well as an initial implementation, are due to
+Victor Duchovni.
-The permit_mx_backup feature now requires that the local MTA is not
-listed as primary MX host for the recipient domain. This prevents
-mail loop problems when someone points the primary MX record at
-Postfix.
+The problem starts when one of a set of MX hosts becomes slower
+than the rest. Even though SMTP clients connect to fast and slow
+MX hosts with equal probability, the slow MX host ends up with more
+simultaneous inbound connections than the faster MX hosts, because
+the slow MX host needs more time to serve each client request.
-Major changes with snapshot 20051113
-====================================
+The slow MX host becomes a connection attractor. If one MX host
+becomes N times slower than the rest, it dominates mail delivery
+latency unless there are more than N fast MX hosts to counter the
+effect. And if the number of MX hosts is smaller than N, the mail
+delivery latency becomes effectively that of the slowest MX host
+divided by the total number of MX hosts.
-Configurable bounce messages, based on a format that was developed
-by Nicolas Riendeau. The file with templates is specified with the
-bounce_template_file parameter. Details are in the bounce(5) manual
-page, and examples of the built-in templates can be found in a file
-bounce.cf.default in the Postfix configuration directory. The
-template for the default bounce message looks like this:
+The solution uses connection caching in a way that differs from
+Postfix 2.2. By limiting the amount of time during which a connection
+can be used repeatedly (instead of limiting the number of deliveries
+over that connection), Postfix not only restores fairness in the
+distribution of simultaneous connections across a set of MX hosts,
+it also favors deliveries over connections that perform well, which
+is exactly what we want.
- failure_template = <<EOF
- Charset: us-ascii
- From: MAILER-DAEMON (Mail Delivery System)
- Subject: Undelivered Mail Returned to Sender
- Postmaster-Subject: Postmaster Copy: Undelivered Mail
+The smtp_connection_reuse_time_limit feature implements the connection
+reuse time limit as discussed above. It limits the amount of time
+after which an SMTP connection is no longer stored into the connection
+cache. The default limit, 300s, can result in a huge number of
+deliveries over a single connection.
- This is the $mail_name program at host $myhostname.
+This solution will be complete when Postfix logging is updated to
+include information about the number of times that a connection was
+used. This information is needed to diagnose inter-operability
+problems with servers that exhibit bugs when they receive multiple
+messages over the same connection.
- I'm sorry to have to inform you that your message could not
- be delivered to one or more recipients. It's attached below.
+[Incompat 20050627] The Postfix SMTP client no longer applies the
+smtp_mx_session_limit to non-permanent errors during the TCP, SMTP,
+HELO or TLS handshake. Previous versions did that only with TCP
+and SMTP handshake errors.
+
+[Incompat 20050622] The Postfix SMTP client by default limits the
+number of MX server addresses to smtp_mx_address_limit=5. Previously
+this limit was disabled by default. The new limit prevents Postfix
+from spending lots of time trying to connect to lots of bogus MX
+servers.
+
+[Incompat 20050622] The Postfix SMTP handling of [45]XX server
+greetings was cleaned up. The server reply is now properly reported.
+
+Major changes - SMTP server
+---------------------------
+
+[Incompat 20060207] The Postfix SMTP server no longer complains
+when TLS support is not compiled in, but permit_tls_clientcerts,
+permit_tls_all_clientcerts, or check_ccert_access are used. These
+features now are effectively ignored. However, the
+reject_plaintext_session feature is not ignored and will reject
+mail.
+
+[Incompat 20051202] The Postfix SMTP daemon will not receive mail
+from the network if it isn't running with postfix mail_owner
+privileges. This prevents surprises when, for example, "sendmail
+-bs" is configured to run as root from xinetd.
+
+[Incompat 20051121] The permit_mx_backup feature still accepts mail
+for authorized destinations (see permit_mx_backup for definition),
+but with other destinations it requires that the local MTA is listed
+as non-primary MX. This prevents mail loop problems when someone
+points the primary MX record at Postfix.
+
+[Feature 20051011] Optional protection against SMTP clients that
+hammer the server with too many new (i.e. uncached) SMTP-over-TLS
+sessions. Cached sessions are much less expensive in terms of CPU
+cycles. Use the smtpd_client_new_tls_session_rate_limit parameter
+to specify a limit that is at least the inbound client concurrency
+limit, or else you may deny legitimate service requests.
+
+[Feature 20051011] Optional suppression of remote SMTP client
+hostname lookup and hostname verification. Specify "smtpd_peername_lookup
+= no" to eliminate DNS lookup latencies, but do so only under extreme
+conditions, as it makes Postfix logging less informative.
- For further assistance, please send mail to <postmaster>
+[Feature 20050724] SMTPD Access control based on the existence of
+an address->name mapping, with reject_unknown_reverse_client_hostname.
+There is no corresponding access table lookup feature, because the
+name is not validated in any way (except that it has proper syntax).
- If you do so, please include this problem report. You can
- delete your own text from the attached returned message.
+Several confusing SMTPD access restrictions were renamed:
- The $mail_name program
- EOF
+ reject_unknown_client -> reject_unknown_client_hostname,
+ reject_unknown_hostname -> reject_unknown_helo_hostname,
+ reject_invalid_hostname -> reject_invalid_helo_hostname,
+ reject_non_fqdn_hostname -> reject_non_fqdn_helo_hostname.
-Incompatibility with snapshot 20051106
-======================================
+The old names are still recognized and documented.
-The relay=... logging has changed and now includes the remote SMTP
-server port number as hostname[hostaddr]:port.
+Major changes - TLS
+-------------------
-Incompatibility with snapshot 20051105
-======================================
+[Feature 20060123] Postfix 2.3 provides a new per-site TLS policy
+mechanism that is more flexible and that eliminates DNS spoofing
+attacks more effectively. The legacy smtp_tls_per_site feature will
+be kept intact for a few releases so that sites can upgrade Postfix
+without being forced to use a different TLS policy mechanism.
-qshape needs to be updated. See the file qshape-microsecond-patch.
+[Feature 20060614] New smtp_tls_security_level parameter obsoletes
+the smtp_use_tls, smtp_enforce_tls and smtp_tls_enforce_peername
+parameters. The old parameters are still supported but will be
+removed in a future Postfix release.
-All delay logging now has sub-second resolution, including the
-over-all "delay=nnn" logging.
+[Feature 20060614] New smtpd_tls_protocols parameter complements
+the smtp_tls_mandatory_protocols parameter, only recommended for
+MSA configurations, not MX hosts.
-At this point the Postfix logging for a recipient looks like this:
+[Feature 20060626] Both the SMTP client and server can be configured
+without a client or server certificate. An SMTP server without
+certificate can use only anonymous ciphers, and will not inter-operate
+with most clients.
- Nov 3 16:04:31 myname postfix/smtp[30840]: 19B6B2900FE:
- to=<wietse@test.example.com>, orig_to=<wietse@test>,
- relay=mail.example.com[1.2.3.4], conn_use=2, delay=0.22,
- delays=0.04/0.01/0.05/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok)
+The SMTP server supports anonymous ciphers when client certificates
+are not requested or required, and the administrator has not excluded
+the "aNULL" OpenSSL cipher type with smtpd_tls_exclude_ciphers.
+The SMTP client supports anonymous ciphers when no server certificate
+is required (notably Postfix 2.3 in "opportunistic" mode) and the
+administrator has not excluded the "aNULL" OpenSSL cipher type with
+smtp_tls_exclude_ciphers.
-Incompatibility with snapshot 20051103
-======================================
+[Feature 20060626] You can specify cipher grades with the
+smtp_tls_mandatory_ciphers, lmtp_tls_mandatory_ciphers and
+smtpd_tls_ciphers parameters. Specify
+one of "high", "medium", "low", "export" or "null". See TLS_README
+for details.
+
+[Incompat 20060614] The smtp_sasl_tls_verified_security_options
+feature is not yet complete, and will therefore not appear in the
+stable Postfix 2.3 release.
+
+[Incompat 20060614] New smtp_tls_mandatory_protocols feature used
+for mandatory TLS destinations. The default value is "SSLv3, TLSv1".
+SSLv2 is by default no longer used with mandatory TLS.
+
+[Incompat 20060614] The smtp_tls_cipherlist parameter only applies
+when TLS is mandatory. It is ignored with opportunistic TLS sessions.
+
+[Incompat 20060614] At (lmtp|smtp|smtpd)_tls_loglevel >= 2, Postfix
+now also logs TLS session cache activity. Use level 2 and higher
+for debugging only, use levels 0 or 1 as production settings.
+
+[Incompat 20060207] The Postfix SMTP server no longer complains
+when TLS support is not compiled in, but permit_tls_clientcerts,
+permit_tls_all_clientcerts, or check_ccert_access are used. These
+features now are effectively ignored. However, the
+reject_plaintext_session feature is not ignored and will reject
+mail.
+
+[Feature 20060123] Some obscure behavior was eliminated from the
+smtp_tls_per_site feature, without changes to the user interface.
+Some Postfix internals had to be re-structured in preparation for
+a more general TLS policy mechanism; this required that smtp_tls_per_site
+be re-implemented from scratch.
+
+[Feature 20051011] Optional protection against SMTP clients that
+hammer the server with too many new (i.e. uncached) SMTP-over-TLS
+sessions. Cached sessions are much less expensive in terms of CPU
+cycles. Use the smtpd_client_new_tls_session_rate_limit parameter
+to specify a limit that is at least the inbound client concurrency
+limit, or else you may deny legitimate service requests.
+
+Major changes - VERP
+--------------------
+
+[Incompat 20050615] The new DSN support conflicts with VERP support.
+For Sendmail compatibility, Postfix now uses the sendmail -V command
+line option for DSN. In order to request VERP style delivery, you
+must now specify -XV instead of -V. The Postfix sendmail command
+will recognize if you try to use -V for VERP-style delivery. It
+will do the right thing and will remind you of the new syntax.
+
+Major changes - XCLIENT and XFORWARD
+------------------------------------
+
+[Incompat 20060611] The SMTP server XCLIENT implementation has
+changed. The SMTP server now resets state to the initial server
+greeting stage, so that it can accurately simulate the effect of
+connection-level access restrictions. Without this change, XCLIENT
+will not work at all with Milter applications.
+
+[Incompat 20060611] The SMTP server XCLIENT and XFORWARD commands
+now expect that attributes are xtext encoded (RFC 1891). For backwards
+compatibility they will accept unencoded attribute values. The
+XFORWARD client code in the SMTP client and in the SMTPD_PROXY
+client will always encode attribute values. This change will have
+effect only for malformed hostname and helo parameter values.
-pflogsumm needs to be updated. See the pflogsumm-conn-delays-dsn-patch
-file.
+For more details, see the XCLIENT_README and XFORWARD_README
+documents.
-The queue manager protocol has changed. You need to "postfix reload"
-after "make upgrade".
+Major changes - address rewriting
+---------------------------------
-The logging of recipient status information has changed. This may
-require changes to logfile processing tools.
+[Incompat 20060123] Postfix now preserves uppercase information
+while mapping addresses with canonical, virtual, relocated or generic
+maps; this happens even with $number substitutions in regular
+expression maps. However, the local(8) and virtual(8) delivery
+agents still fold addresses to lower case.
-- Postfix now logs an additional attribute with detailed delay
-information (delays=a/b/c/d) as described below.
+By default, Postfix now folds the search string to lowercase only
+with tables that have fixed-case lookup fields such as btree:,
+hash:, dbm:, ldap:, or *sql:. The search string is no longer case
+folded with tables whose lookup fields can match both upper or lower
+case, such as regexp:, pcre:, or cidr:.
-- Postfix now logs an additional attribute with the connection reuse
-count (conn_use=nnn) as described below.
+For safety reasons, Postfix no longer allows $number substitution
+in regexp: or pcre: transport tables or per-sender relayhost tables.
-Major changes with snapshot 20051103
-====================================
+[Feature 20060123] Postfix now does a better job at preserving
+upper/lower case information while transforming addresses. The
+table lookup code was revised, and is now more careful about when
+it folds search strings to lower case. As a side effect, Postfix
+now also does a better job at being case insensitive where it should,
+for example while searching per-host TLS policies or SASL passwords.
-This release makes a beginning with a series of new attributes in
-Postfix logfile records.
+Major changes - bounce message templates
+----------------------------------------
-- Better insight into the nature of performance bottle necks, with
-detailed logging of delays in various stages of message delivery.
-Postfix logs additional delay information as "delays=a/b/c/d" where
-a=time before queue manager, including message transmission; b=time
-in queue manager; c=connection setup time including DNS, HELO and
-TLS; d=message transmission time.
+[Feature 20051113] Configurable bounce messages, based on a format
+that was developed by Nicolas Riendeau. The file with templates is
+specified with the bounce_template_file parameter. Details are in
+the bounce(5) manual page, and examples of the built-in templates
+can be found in a file bounce.cf.default in the Postfix configuration
+directory. The template for the default bounce message looks like
+this:
-- Logging of the connection reuse count when SMTP connections are
-used for more than one message delivery. This information is needed
-because Postfix can now reuse connections hundreds of times or more,
-and can help to diagnose interoperability problems with servers
-that suffer from memory leaks or other resource leaks.
+ failure_template = <<EOF
+ Charset: us-ascii
+ From: MAILER-DAEMON (Mail Delivery System)
+ Subject: Undelivered Mail Returned to Sender
+ Postmaster-Subject: Postmaster Copy: Undelivered Mail
-At this point the Postfix logging for a recipient looks like this:
+ This is the $mail_name program at host $myhostname.
- Nov 3 16:04:31 myname postfix/smtp[30840]: 19B6B2900FE:
- to=<wietse@test.example.com>, orig_to=<wietse@test>,
- relay=mail.example.com[1.2.3.4], conn_use=2, delay=0,
- delays=0/0.01/0.05/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok)
+ I'm sorry to have to inform you that your message could not
+ be delivered to one or more recipients. It's attached below.
-The following two logfile fields may or may not be present:
+ For further assistance, please send mail to <postmaster>
- orig_to This is omitted when the address did not change.
- conn_use This is omitted when a connection is used once.
+ If you do so, please include this problem report. You can
+ delete your own text from the attached returned message.
+
+ The $mail_name program
+ EOF
+
+Major changes - broken SMTP clients
+-----------------------------------
+
+[Feature 20051222] You can now use "resolve_numeric_domain = yes"
+to stop Postfix from rejecting user@ipaddress as an invalid
+destination. It will deliver the mail to user@[ipaddress] instead.
-Incompatibility with snapshot 20051026
-======================================
+Major changes - built-in filters
+--------------------------------
-The connection cache protocol for SMTP connections has changed.
-You need to "postfix reload" after "make upgrade".
+[Feature 20050828] Configurable filters to reject or remove unwanted
+characters in email content. The message_reject_characters and
+message_strip_characters parameters understand the usual C-like
+escape sequences: \a \b \f \n \r \t \v \ddd (up to three octal
+digits) and \\.
-The smtp_connection_cache_reuse_limit parameter (which limits the
-number of deliveries per SMTP connection) is replaced by the new
-smtp_connection_reuse_time_limit parameter (the time after which a
-connection is no longer stored into the connection cache).
+[Incompat 20050828] When a header/body_checks or message_reject_characters
+rule rejects mail that was submitted with the Postfix sendmail
+command (or re-queued with "postsuper -r"), the returned message
+is now limited to just the message headers, to avoid the risk of
+exposure to harmful content in the message body or attachments.
-Major changes with snapshot 20051026
-====================================
+Major changes - connection caching
+----------------------------------
-This snapshot addresses a performance stability problem with remote
-SMTP servers. The problem is not specific to Postfix: it can happen
-when any MTA sends large amounts of SMTP email to a site that has
-multiple MX hosts. The insight that led to the solution, as well
-as an initial implementation, are due to Victor Duchovni.
+[Incompat 20051026] The smtp_connection_cache_reuse_limit parameter
+(which limits the number of deliveries per SMTP connection) is
+replaced by the new smtp_connection_reuse_time_limit parameter (the
+time after which a connection is no longer stored into the connection
+cache).
+
+[Feature 20051026] This snapshot addresses a performance stability
+problem with remote SMTP servers. The problem is not specific to
+Postfix: it can happen when any MTA sends large amounts of SMTP
+email to a site that has multiple MX hosts. The insight that led
+to the solution, as well as an initial implementation, are due to
+Victor Duchovni.
The problem starts when one of a set of MX hosts becomes slower
than the rest. Even though SMTP clients connect to fast and slow
problems with servers that exhibit bugs when they receive multiple
messages over the same connection.
-Incompatibility with snapshot 20051011
-======================================
-
-The Postfix local(8) delivery agent no longer updates its idea of
-the Delivered-To: address while it expands aliases or .forward
-files. With deeply nested aliases or .forward files, this can greatly
-reduce the number of queue files and cleanup process instances. To
-get the earlier behavior, specify "frozen_delivered_to = no".
-
-The frozen_delivered_to feature can help to alleviate a long-standing
-problem with multiple deliveries to recipients that are listed
-multiple times in a hierarchy of nested aliases. For this to work,
-only the top-level alias should have an owner- alias, and none of
-the subordinate aliases.
-
-Major changes with snapshot 20051011
-====================================
-
-Optional protection against SMTP clients that hammer the server
-with too many new (i.e. uncached) SMTP-over-TLS sessions. Cached
-sessions are much less expensive in terms of CPU cycles. Use the
-smtpd_client_new_tls_session_rate_limit parameter to specify a limit
-that is at least the inbound client concurrency limit, or else you
-may deny legitimate service requests.
+Major changes - database support
+--------------------------------
-Optional suppression of remote SMTP client hostname lookup and
-hostname verification. Specify "smtpd_peername_lookup = no" to
-eliminate DNS lookup latencies, but do so only under extreme
-conditions, as it makes Postfix logging less informative.
-
-Incompatibility with snapshot 20050828
-======================================
-
-When a header/body_checks or message_reject_characters rule rejects
-mail that was submitted with the Postfix sendmail command (or
-re-queued with "postsuper -r"), the returned message is now limited
-to just the message headers, to avoid the risk of exposure to harmful
-content in the message body or attachments.
-
-When the cleanup server rejects the content or size of mail that
-was submitted with the Postfix sendmail command, forwarded with the
-local(8) delivery agent, or that was re-queued with "postsuper -r",
-Postfix no longer sends DSN SUCCESS notification of virtual alias
-expansions. Since all the recipients are reported as failed, the
-SUCCESS notification seems redundant.
-
-Major changes with snapshot 20050828
-====================================
-
-Configurable filters to reject or remove unwanted characters in
-email content. The message_reject_characters and message_strip_characters
-parameters understand the usual C-like escape sequences: \a \b \f
-\n \r \t \v \ddd (up to three octal digits) and \\.
+[Incompat 20060611] The PostgreSQL client was updated after the
+PostgreSQL developers made major database API changes in response
+to SQL injection problems. This breaks support for PGSQL versions
+prior to 8.1.4, 8.0.8, 7.4.13, and 7.3.15. Support for these requires
+major code changes which are not possible in the time that is left
+for completing the Postfix 2.3 stable release.
-Incompatibility with snapshot 20050726
-======================================
+Major changes - enhanced status codes
+-------------------------------------
-Name server replies that contain a malformed hostname are now flagged
-as permanent errors instead of transient errors. This change works
-around a questionable proposal to use syntactically invalid hostnames
-in MX records.
+[Feature 20050328] This release introduces support for RFC 3463
+enhanced status codes. For example, status code 5.1.1 means
+"recipient unknown". Postfix recognizes enhanced status codes in
+remote server replies, generates enhanced status codes while handling
+email, and reports enhanced status codes in non-delivery notifications.
+This improves the user interaction with mail clients that translate
+enhanced status codes into text in the user's own language.
-Major changes with snapshot 20050724
-====================================
-
-SMTPD Access control based on the existence of an address->name
-mapping, with reject_unknown_reverse_client_hostname. There is
-no corresponding access table lookup feature, because the name
-is not validated in any way (except that it has proper syntax).
+You can, but don't have to, specify RFC 3463 enhanced status codes
+in the output from commands that receive mail from a pipe. If a
+command terminates with non-zero exit status, and an enhanced status
+code is present at the beginning of the command output, then that
+status code takes precedence over the non-zero exit status.
-Several confusing SMTPD access restrictions were renamed:
+You can, but don't have to, specify RFC 3463 enhanced status codes
+in Postfix access maps, header/body_checks REJECT actions, or in
+RBL replies. For example:
- reject_unknown_client -> reject_unknown_client_hostname,
- reject_unknown_hostname -> reject_unknown_helo_hostname,
- reject_invalid_hostname -> reject_invalid_helo_hostname,
- reject_non_fqdn_hostname -> reject_non_fqdn_helo_hostname.
+ REJECT 5.7.1 You can't go here from there
-The old names are still recognized and documented.
+The status 5.7.1 means "no authorization, message refused", and is
+the default for access maps, header/body_checks REJECT actions, and
+for RBL replies.
-Incompatibility with snapshot 20050716
-======================================
+[Feature 20050328] If you specify your own enhanced status code,
+the Postfix SMTP server will automatically change a leading '5'
+digit (hard error) into '4' where appropriate. This is needed, for
+example, with soft_bounce=yes.
-Internal interfaces have changed; this may break third-party patches
-because the text of function argument and result type definitions
-has changed. The type of buffer lengths and offsets were changed
-from "(unsigned) int" (32 bit on 32-bit and LP64 systems) to
-"(s)size_t" (64 bit on LP64 systems, 32 bit on 32-bit systems).
+[Feature 20050510] This release improves usability of enhanced
+status codes in Postfix access tables, RBL reply templates and in
+transport maps that use the error(8) delivery agent.
-Otherwise, this change makes no difference on 32-bit systems. On
-LP64 systems, however, software may mis-behave 1) when Postfix is
-linked with pre-compiled code that was compiled with old Postfix
-interface definitions and 2) when compiling Postfix source that was
-modified by a third-party patch: incorrect code may be generated
-when the patch passes the wrong integer argument type in contexts
-that disable automatic argument type conversions. Examples of such
-contexts are formatting with printf-like arguments, and invoking
-functions that write Postfix request or reply attributes across
-inter-process communication channels. Unfortunately, gcc does not
-report "(unsigned) int" versus "(s)size_t" format string argument
-mis-matches on 32-bit systems; they can be found only on 64-bit
-systems.
+- When the SMTP server rejects a sender address, it transforms a
+ recipient DSN status (e.g., 4.1.1-4.1.6) into the corresponding
+ sender DSN status, and vice versa.
-Major changes with snapshot 20050716
-====================================
+- When the SMTP server rejects non-address information (such as the
+ HELO command parameter or the client hostname/address), it
+ transforms a sender or recipient DSN status into a generic
+ non-address DSN status (e.g., 4.0.0).
-Improved portability to LP64 systems, by converting the type of
-buffer lengths and offsets from "(unsigned) int" to "(s)size_t".
-This change has zero effect on 32-bit systems. On LP64 platforms,
-however, this change not only eliminates some obscure portability
-bugs, it also eliminates unnecessary conversions between 32/64 bit
-integer types, because many system library routines take "(s)size_t"
-arguments or return "(s)size_t" values.
+These transformations are needed when the same access table or RBL
+reply template are used for client, helo, sender, or recipient
+restrictions; or when the same error(8) mailer information is used
+for both senders and recipients.
-Incompatibility with snapshot 20050707
-======================================
+Major changes - local alias expansion
+-------------------------------------
-The connection cache protocol is changed. You may need to "postfix
-reload" after upgrading.
+[Incompat 20051011] The Postfix local(8) delivery agent no longer
+updates its idea of the Delivered-To: address while it expands
+aliases or .forward files. With deeply nested aliases or .forward
+files, this can greatly reduce the number of queue files and cleanup
+process instances. To get the earlier behavior, specify
+"frozen_delivered_to = no".
-Incompatibility with snapshot 20050627
-======================================
+The frozen_delivered_to feature can help to alleviate a long-standing
+problem with multiple deliveries to recipients that are listed
+multiple times in a hierarchy of nested aliases. For this to work,
+only the top-level alias should have an owner- alias, and none of
+the subordinate aliases.
-The Postfix SMTP client no longer applies the smtp_mx_session_limit
-to non-permanent errors during the TCP, SMTP, HELO or TLS handshake.
-Previous versions did that only with TCP and SMTP handshake errors.
+Major changes - logging
+-----------------------
-Incompatibility with snapshot 20050622
-======================================
+[Incompat 20060515] Milter support introduces new logfile event
+types: milter-reject, milter-discard and milter-hold, that identify
+actions from Milter applications. This may affect logfile processing
+software.
-The Postfix SMTP client by default limits the number of MX server
-addresses to smtp_mx_address_limit=5. Previously this limit was
-disabled by default. The new limit prevents Postfix from spending
-lots of time trying to connect to lots of bogus MX servers.
+[Incompat 20051106] The relay=... logging has changed and now
+includes the remote SMTP server port number as hostname[hostaddr]:port.
-The Postfix SMTP error handling of [45]XX server greetings was
-cleaned up. The server reply is now properly reported.
+[Incompat 20051105] All delay logging now has sub-second resolution,
+including the over-all "delay=nnn" logging. A patch is available
+for pflogsumm (pflogsumm-conn-delays-dsn-patch). The qshape script
+has been updated (auxiliary/qshape/qshape.pl).
-Incompatibility with snapshot 20050615
-======================================
+At this point the Postfix logging for a recipient looks like this:
-Many internal protocols have changed. You must reload Postfix or
-else the queue manager and delivery agents will complain about
-unexpected request and reply attributes.
+ Nov 3 16:04:31 myname postfix/smtp[30840]: 19B6B2900FE:
+ to=<wietse@test.example.com>, orig_to=<wietse@test>,
+ relay=mail.example.com[1.2.3.4], conn_use=2, delay=0.22,
+ delays=0.04/0.01/0.05/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok)
-The new DSN support conflicts with VERP support. For Sendmail
-compatibility, Postfix now uses the sendmail -V command line option
-for DSN. In order to request VERP style delivery, you must now
-specify -XV instead of -V. The Postfix sendmail command will
-recognize if you try to use -V for VERP-style delivery. It will
-do the right thing and will remind you of the new syntax.
+[Feature 20051103] This release makes a beginning with a series of
+new attributes in Postfix logfile records.
-The queue file format is backwards compatible (again) with Postfix
-2.2. Postfix 2.3 stores attributes that older versions will ignore.
+- Better insight into the nature of performance bottle necks, with
+ detailed logging of delays in various stages of message delivery.
+ Postfix logs additional delay information as "delays=a/b/c/d"
+ where a=time before queue manager, including message transmission;
+ b=time in queue manager; c=connection setup time including DNS,
+ HELO and TLS; d=message transmission time.
-Major changes with snapshot 20050615
-====================================
+- Logging of the connection reuse count when SMTP connections are
+ used for more than one message delivery. This information is
+ needed because Postfix can now reuse connections hundreds of times
+ or more, and can help to diagnose inter-operability problems with
+ servers that suffer from memory leaks or other resource leaks.
-DSN support as described in RFC 3461 .. RFC 3464. This gives senders
-control over successful and failed delivery notifications. DSN
-involves extra parameters to the SMTP MAIL FROM and RCPT TO commands,
-as well as extra Postfix sendmail command line options that provide
-a sub-set of the functions of those extra SMTP command parameters.
+At this point the Postfix logging for a recipient looks like this:
-See DSN_README for details. Some implementation notes are in
-DSN_NOTES, in the top-level source code directory.
+ Nov 3 16:04:31 myname postfix/smtp[30840]: 19B6B2900FE:
+ to=<wietse@test.example.com>, orig_to=<wietse@test>,
+ relay=mail.example.com[1.2.3.4], conn_use=2, delay=0,
+ delays=0/0.01/0.05/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok)
-Major changes with snapshot 20050510
-====================================
+The following two logfile fields may or may not be present:
-This release improves usability of enhanced status codes in Postfix
-access tables, RBL reply templates and in transport maps that use
-the error(8) delivery agent.
+ orig_to This is omitted when the address did not change.
+ conn_use This is omitted when a connection is used once.
-- When the SMTP server rejects a sender address, it transforms a
- recipient DSN status (e.g., 4.1.1-4.1.6) into the corresponding
- sender DSN status, and vice versa.
+[Incompat 20050503] The format of some "warning:" messages in the
+maillog has changed so that they are easier to sort:
-- When the SMTP server rejects non-address information (such as the
- HELO command parameter or the client hostname/address), it
- transforms a sender or recipient DSN status into a generic
- non-address DSN status (e.g., 4.0.0).
+- The logging now talks about "access table", instead of using three
+ different expressions "access table", "access map" and "SMTPD
+ access map" for the same thing.
-These transformations are needed when the same access table or RBL
-reply template are used for client, helo, sender, or recipient
-restrictions; or when the same error(8) mailer information is used
-for both senders and recipients.
+- "non-SMTP command" is now logged BEFORE the client name/address
+ and the offending client input, instead of at the end.
-Incompatibility with snapshot 20050503
-======================================
+[Incompat 20050328] The logging format has changed. Postfix delivery
+agents now log the RFC 3463 enhanced status code as "dsn=x.y.z"
+where y and z can be up to three digits each.
-The format of some "warning:" messages in the maillog has changed
-so that they are easier to sort:
+Major changes - performance
+---------------------------
-- The logging now talks about "access table", instead of using three
-different expressions "access table", "access map" and "SMTPD access
-map" for the same thing.
+[Feature 20051026] This snapshot addresses a performance stability
+problem with remote SMTP servers. The problem is not specific to
+Postfix: it can happen when any MTA sends large amounts of SMTP
+email to a site that has multiple MX hosts. The insight that led
+to the solution, as well as an initial implementation, are due to
+Victor Duchovni.
-- "non-SMTP command" is now logged BEFORE the client name/address
-and the offending client input, instead of at the end.
+The problem starts when one of a set of MX hosts becomes slower
+than the rest. Even though SMTP clients connect to fast and slow
+MX hosts with equal probability, the slow MX host ends up with more
+simultaneous inbound connections than the faster MX hosts, because
+the slow MX host needs more time to serve each client request.
-Major change with snapshot 20050427+DSN
-=======================================
+The slow MX host becomes a connection attractor. If one MX host
+becomes N times slower than the rest, it dominates mail delivery
+latency unless there are more than N fast MX hosts to counter the
+effect. And if the number of MX hosts is smaller than N, the mail
+delivery latency becomes effectively that of the slowest MX host
+divided by the total number of MX hosts.
-This is experimental DSN support added to snapshot 20050427. The
-code is not for production purposes; it is not fully tested, some
-names and interfaces are still rough around the edges, and it does
-not update the oqmgr so you have to use qmgr instead. Some
-implementation notes and open issues are described in the
-DSN_SUPPORT_README file (top-level directory).
+The solution uses connection caching in a way that differs from
+Postfix 2.2. By limiting the amount of time during which a connection
+can be used repeatedly (instead of limiting the number of deliveries
+over that connection), Postfix not only restores fairness in the
+distribution of simultaneous connections across a set of MX hosts,
+it also favors deliveries over connections that perform well, which
+is exactly what we want.
-Incompatibility with snapshot 20050329
-======================================
+The smtp_connection_reuse_time_limit feature implements the connection
+reuse time limit as discussed above. It limits the amount of time
+after which an SMTP connection is no longer stored into the connection
+cache. The default limit, 300s, can result in a huge number of
+deliveries over a single connection.
-If you use TLS, you need to execute "postfix reload" because the
-TLS manager protocol has changed.
+This solution will be complete when Postfix logging is updated to
+include information about the number of times that a connection was
+used. This information is needed to diagnose inter-operability
+problems with servers that exhibit bugs when they receive multiple
+messages over the same connection.
-Incompatibility with snapshot 20050328
-======================================
+[Feature 20051011] Optional protection against SMTP clients that
+hammer the server with too many new (i.e. uncached) SMTP-over-TLS
+sessions. Cached sessions are much less expensive in terms of CPU
+cycles. Use the smtpd_client_new_tls_session_rate_limit parameter
+to specify a limit that is at least the inbound client concurrency
+limit, or else you may deny legitimate service requests.
-The logging format has changed. Postfix delivery agents now log the
-RFC 3463 enhanced status code as "dsn=x.y.z" where y and z can be
-up to three digits each. See the file pfloggsum-dsn-patch for an
-update to the pfloggsum script.
+[Feature 20051011] Optional suppression of remote SMTP client
+hostname lookup and hostname verification. Specify "smtpd_peername_lookup
+= no" to eliminate DNS lookup latencies, but do so only under extreme
+conditions, as it makes Postfix logging less informative.
-After you upgrade from Postfix 2.2 or 2.3 you need to execute
-"postfix reload", otherwise you will keep running the old Postfix
-queue manager, which gives no special treatment to the enhanced
-status codes that it receives from Postfix delivery agents.
+Major changes - portability
+---------------------------
-Major changes with snapshot 20050328
-====================================
+[Incompat 20050716] Internal interfaces have changed; this may break
+third-party patches because the text of function argument and result
+type definitions has changed. The type of buffer lengths and offsets
+were changed from "(unsigned) int" (32 bit on 32-bit and LP64
+systems) to "(s)size_t" (64 bit on LP64 systems, 32 bit on 32-bit
+systems).
-This release introduces support for RFC 3463 enhanced status codes.
-For example, status code 5.1.1 means "recipient unknown". Postfix
-recognizes enhanced status codes in remote server replies, generates
-enhanced status codes while handling email, and reports enhanced
-status codes in non-delivery notifications. This improves the user
-interaction with mail clients that hide the text of error messages
-from users.
+Otherwise, this change makes no difference on 32-bit systems. On
+LP64 systems, however, software may mis-behave 1) when Postfix is
+linked with pre-compiled code that was compiled with old Postfix
+interface definitions and 2) when compiling Postfix source that was
+modified by a third-party patch: incorrect code may be generated
+when the patch passes the wrong integer argument type in contexts
+that disable automatic argument type conversions. Examples of such
+contexts are formatting with printf-like arguments, and invoking
+functions that write Postfix request or reply attributes across
+inter-process communication channels. Unfortunately, gcc does not
+report "(unsigned) int" versus "(s)size_t" format string argument
+mis-matches on 32-bit systems; they can be found only on 64-bit
+systems.
-You can, but don't have to, specify RFC 3463 enhanced status codes
-in the output from commands that receive mail from a pipe. If a
-command terminates with non-zero exit status, and an enhanced status
-code is present at the beginning of the command output, then that
-status code takes precedence over the non-zero exit status.
+[Feature 20050716] Improved portability to LP64 systems, by converting
+the type of buffer lengths and offsets from "(unsigned) int" to
+"(s)size_t". This change has zero effect on 32-bit systems. On
+LP64 platforms, however, this change not only eliminates some obscure
+portability bugs, it also eliminates unnecessary conversions between
+32/64 bit integer types, because many system library routines take
+"(s)size_t" arguments or return "(s)size_t" values.
+
+Major changes - safety
+----------------------
+
+[Incompat 20051121] The permit_mx_backup feature still accepts mail
+for authorized destinations (see permit_mx_backup for definition),
+but with other destinations it requires that the local MTA is listed
+as non-primary MX. This prevents mail loop problems when someone
+points the primary MX record at Postfix.
+
+[Incompat 20051011] The Postfix local(8) delivery agent no longer
+updates its idea of the Delivered-To: address while it expands
+aliases or .forward files. With deeply nested aliases or .forward
+files, this can greatly reduce the number of queue files and cleanup
+process instances. To get the earlier behavior, specify
+"frozen_delivered_to = no".
-You can, but don't have to, specify RFC 3463 enhanced status codes
-in Postfix access maps, header/body_checks REJECT actions, or in
-RBL replies. For example:
+The frozen_delivered_to feature can help to alleviate a long-standing
+problem with multiple deliveries to recipients that are listed
+multiple times in a hierarchy of nested aliases. For this to work,
+only the top-level alias should have an owner- alias, and none of
+the subordinate aliases.
- REJECT 5.7.1 You can't go here from there
+[Incompat 20050828] When a header/body_checks or message_reject_characters
+rule rejects mail that was submitted with the Postfix sendmail
+command (or re-queued with "postsuper -r"), the returned message
+is now limited to just the message headers, to avoid the risk of
+exposure to harmful content in the message body or attachments.
-The status 5.7.1 means "no authorization, message refused", and is
-the default for access maps, header/body_checks REJECT actions, and
-for RBL replies.
+[Incompat 20051202] The Postfix SMTP daemon will not receive mail
+from the network if it isn't running with postfix mail_owner
+privileges. This prevents surprises when, for example, "sendmail
+-bs" is configured to run as root from xinetd.
-If you specify your own enhanced status code, the Postfix SMTP
-server will automatically change a leading '5' digit (hard error)
-into '4' where appropriate. This is needed, for example, with
-soft_bounce=yes.
projects / thirdparty / postfix.git / commitdiff
