Documentation: the connection caching limitation for SMTP
over TLS is now obsolete. File: proto/CONNECTION_CACHE_README.html.
+
+20180701
+
+ Incompatibility: the tlsproxy(8) daemon now requires a zero
+ process limit in master.cf (this setting is provided with
+ the default master.cf file). See RELEASE_NOTES for how to
+ change the tlsproxy process limit. File: tlsproxy/tlsproxy.c.
C\bCl\bli\bie\ben\bnt\bt-\b-s\bsi\bid\bde\be T\bTL\bLS\bS c\bco\bon\bnn\bne\bec\bct\bti\bio\bon\bn r\bre\beu\bus\bse\be
Historically, the Postfix SMTP client has supported multiple deliveries per
-connection only for plaintext connections. Postfix 3.4 introduces the ability
-to make multiple deliveries per TLS-encrypted connection. This is primarily to
-improve mail delivery performance for destinations that throttle clients when
-they don't combine deliveries.
+plaintext connection. Postfix 3.4 introduces support for multiple deliveries
+per TLS-encrypted connection. Multiple deliveries per connection improve mail
+delivery performance, especially for destinations that throttle clients that
+don't combine deliveries.
To enable multiple deliveries per TLS connection, specify:
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
+Incompatble change with snapshot 20180701
+=========================================
+
+To avoid performance loss under load, the tlsproxy(8) daemon now
+requires a zero process limit in master.cf (this setting is provided
+with the default master.cf file). As tlsproxy(8) processes become
+too busy handling TLS connections, more processes will automatically
+be added. By default, a tlsproxy(8) process will retire after several
+hours.
+
+To set the tlsproxy process limit to zero:
+
+# postconf -F tlsproxy/unix/process_limit=0
+# postfix reload
+
Major changes with snapshot 20180617
====================================
It supports all Postfix TLS security levels including dane and
dane-only.
-With connection reuse enabled as described above, the Postfix SMTP
-client uses the tlsproxy(8) server to encrypt a connection (even under
-low-traffic conditions). The tlsproxy(8) service was introduced in
-Postfix 2.8, to support STARTTLS in postscreen(8).
-
-Under high-traffic conditions, the Postfix SMTP client will use the
-scache(8) connection cache to store and retrieve open connections.
-This part already existed for plaintext SMTP, and it works in the
-same way for TLS-encrypted connections.
+The implementation of TLS connection reuse relies on the same
+scache(8) service as used for delivering plaintext SMTP mail, the
+same tlsproxy(8) daemon as used by the postscreen(8) service for
+inbound connections, and relies on the same hints from the qmgr(8)
+daemon. It reuses the configuration parameters described in
+CONNECTION_CACHE_README.
The following illustrates how TLS connections are reused:
<h3><a name="client_tls_reuse">Client-side TLS connection reuse</a> </h3>
<p> Historically, the Postfix SMTP client has supported multiple
-deliveries per connection only for plaintext connections. Postfix
-3.4 introduces the ability to make multiple deliveries per TLS-encrypted
-connection. This is primarily to improve mail delivery performance
-for destinations that throttle clients when they don't combine
+deliveries per plaintext connection. Postfix 3.4 introduces support
+for multiple deliveries per TLS-encrypted connection. Multiple
+deliveries per connection improve mail delivery performance,
+especially for destinations that throttle clients that don't combine
deliveries. </p>
<p> To enable multiple deliveries per TLS connection, specify:</p>
<h3><a name="client_tls_reuse">Client-side TLS connection reuse</a> </h3>
<p> Historically, the Postfix SMTP client has supported multiple
-deliveries per connection only for plaintext connections. Postfix
-3.4 introduces the ability to make multiple deliveries per TLS-encrypted
-connection. This is primarily to improve mail delivery performance
-for destinations that throttle clients when they don't combine
+deliveries per plaintext connection. Postfix 3.4 introduces support
+for multiple deliveries per TLS-encrypted connection. Multiple
+deliveries per connection improve mail delivery performance,
+especially for destinations that throttle clients that don't combine
deliveries. </p>
<p> To enable multiple deliveries per TLS connection, specify:</p>
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20180624"
+#define MAIL_RELEASE_DATE "20180701"
#define MAIL_VERSION_NUMBER "3.4"
#ifdef SNAPSHOT
CA_MAIL_SERVER_SLOW_EXIT(tlsp_drain),
CA_MAIL_SERVER_RETIRE_ME,
CA_MAIL_SERVER_WATCHDOG(&var_tlsp_watchdog),
+ CA_MAIL_SERVER_UNLIMITED,
0);
}
projects / thirdparty / postfix.git / commitdiff
