the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
-Major changes - compatibility level
------------------------------------
-
-[Feature 20210109] Starting with Postfix version 3.6, the compatibility
-level is "3.6". In future Postfix releases, the compatibility level will
-be the Postfix version that introduced the last incompatible change. The
-level is formatted as 'major.minor.patch', where 'patch' is usually
-omitted and defaults to zero. Earlier compatibility levels are 0, 1 and 2.
-
-This also introduces main.cf and master.cf support for the <=level,
-<level, and other operators to compare compatibility levels. With the
-standard <=, <, etc. operators, compatibility level 3.10 would be less
-than 3.9. which is undesirable.
-
-Major changes - delivery logging
---------------------------------
-
-[Incompat 20200531] Postfix delivery agents now log an explicit record
-when delegating delivery to a different Postfix delivery agent.
-
-For example, with "best_mx_transport = local", an SMTP delivery
-agent will now log when a recipient will be delivered locally. This
-makes the delegating delivery agent visible, where it would otherwise
-have remained invisible, which would complicate troubleshooting.
-
- postfix/smtp[pid]: queueid: passing <recipient> to transport=local
-
-This will usually be followed by logging for an actual delivery:
+Major changes - internal protocol identification
+------------------------------------------------
- postfix/local[pid]: queueid: to=<recipient>, relay=local, ...
+[Incompat 20200920] Internal protocols have changed. You need to
+"postfix stop" before updating, or before backing out to an earlier
+release, otherwise long-running daemons (pickup, qmgr, verify, tlsproxy,
+postscreen) may fail to communicate with the rest of Postfix, causing
+mail delivery delays until Postfix is restarted.
-Other examples: the local delivery agent defers mailbox delivery
-through mailbox_transport or through fallback_transport.
+This change does not affect message files in Postfix queue directories,
+only the communication between running Postfix programs.
-Major changes - dns lookups
----------------------------
+With this change, every Postfix internal service, including the postdrop
+command, announces the name of its protocol before doing any other I/O.
+Every Postfix client program, including the Postfix sendmail command,
+will verify that the protocol name matches what it is supposed to be.
-[Feature 20200509] The threadsafe resolver API (res_nxxx() calls) is now
-the default, not because the API is threadsafe, but because new features
-are being added there.
+The purpose of this change is to produce better error messages, for
+example, when someone configures the discard daemon as a bounce
+service in master.cf, or vice versa.
-To build old style, build with:
+This change may break third-party programs that implement a
+Postfix-internal protocol such as qpsmtpd. Such programs have never
+been supported. Fortunately, this will be an easy fix: look at the
+first data from the cleanup daemon: if it is a protocol announcement,
+you're talking to Postfix 3.6 or later. That's the only real change.
- make makefiles CCARGS="-DNO_RES_NCALLS..."
+Major changes - tls
+-------------------
-This is also the default for systems that are known not to support
-the threadsafe resolver API.
+[Incompat 20200705] The minimum supported OpenSSL version is 1.1.1,
+which will reach the end of life by 2023-09-11. Postfix 3.6 is
+expected to reach the end of support in 2025. Until then, Postfix
+will be updated as needed for compatibility with OpenSSL.
-Major changes - error logging
------------------------------
+The default fingerprint digest has changed from md5 to sha256 (Postfix
+3.6 with compatibility_level >= 3.6). With a lower compatibility_level
+setting, Postfix defaults to using md5, and logs a warning when a Postfix
+configuration specifies no explicit digest type.
-[Incompat 20200531] Postfix programs will now log "Application error"
-instead of "Success" or "Unknown error: 0" when an operation fails with
-errno == 0.
+Export-grade Diffie-Hellman key exchange is no longer supported,
+and the tlsproxy_tls_dh512_param_file parameter is ignored,
-Major changes - internal protocol identification
-------------------------------------------------
+[Feature 20200906] The tlstype.pl helper script by Viktor Dukhovni
+reports TLS information per message delivery. This processes output
+from the collate.pl script. See auxiliary/collate/README.tlstype and
+auxiliary/collate/tlstype.pl.
-[Incompat 20200920] Internal protocols have changed. You need to
-"postfix stop" before updating, or before backing out to an earlier
-release, otherwise long-running daemons (pickup, qmgr, verify, tlsproxy,
-postscreen) may fail to communicate with the rest of Postfix, causing
-warnings or timeouts.
+Major changes - compatibility level
+-----------------------------------
-The purpose of this change is to produce better error messages, for
-example, when someone configures the discard daemon as a bounce
-service in master.cf, or vice versa.
+[Feature 20210109] Starting with Postfix version 3.6, the compatibility
+level is "3.6". In future Postfix releases, the compatibility level will
+be the Postfix version that introduced the last incompatible change. The
+level is formatted as 'major.minor.patch', where 'patch' is usually
+omitted and defaults to zero. Earlier compatibility levels are 0, 1 and 2.
-This change will break third-party programs that implement a
-Postfix-internal protocol such as qpsmtpd. This is not a Postfix bug:
-programs that depend on Postfix internal details have never been
-supported.
+This also introduces main.cf and master.cf support for the <=level,
+<level, and other operators to compare compatibility levels. With the
+standard <=, <, etc. operators, compatibility level 3.10 would be less
+than 3.9, which is undesirable.
-Major changes - known tcp ports
--------------------------------
+Major changes - services(5) override
+------------------------------------
-[Feature 20210418] The new "known_tcp_ports" configuration parameter
-reduces Postfix dependency on the services(5) database. On some systems
-the port 465 service is called "smtps", and on other systems it is called
-"submissions". The default known_tcp_ports value is "lmtp=24, smtp=25,
-smtps=submissions=465, submission=587".
+[Feature 20210418] Postfix no longer uses the services(5) database
+to look up the TCP ports for SMTP and LMTP services. Instead, this
+information is configured with the new known_tcp_ports configuration
+parameter (default: lmtp=24, smtp=25, smtps=submissions=465,
+submission=587). When a service is not specified in known_tcp_ports,
+Postfix will still query the services(5) database.
Major changes - local_login_sender_maps
---------------------------------------
specify any sender envelope address.
This feature is enforced by the postdrop command. When no UNIX login
-name is available, the Postfix postdrop command will prepend "uid:"
-to the numerical UID and use that instead.
+name is available, the postdrop command will prepend "uid:" to the
+numerical UID and use that instead.
This feature ignores address extensions in the user-specified
envelope sender address.
To stop the reminder, configure the respectful_logging parameter to
"yes" or "no", or configure "compatibility_level = 3.6".
-Major changes - smtpd_sasl_mechanism_list
+Major changes - threaded bounces
+--------------------------------
+
+[Feature 20201205] Support for threaded bounces. This allows mail
+readers to present a non-delivery, delayed delivery, or successful
+delivery notification in the same email thread as the original
+message.
+
+Unfortunately, this also makes it easy for users to mistakenly delete
+the whole email thread (all related messages), instead of deleting
+only the delivery status notification.
+
+To enable, specify "enable_threaded_bounces = yes".
+
+Other changes - smtpd_sasl_mechanism_list
-----------------------------------------
[Feature 20200906] The smtpd_sasl_mechanism_list parameter (default:
!external, static:rest) prevents confusing errors when a SASL backend
announces EXTERNAL support which Postfix does not support.
-Major changes - threaded bounces
+Other changes - delivery logging
--------------------------------
-[Feature 20201205] Support for threaded bounces. This allows mail readers
-to present a bounce, delay, or success delivery notification in the same
-email thread as the original message.
+[Incompat 20200531] Postfix delivery agents now log an explicit record
+when delegating delivery to a different Postfix delivery agent.
-Unfortunately, this also makes it easy for users to mistakenly delete
-the whole email thread (all related messages), instead of deleting
-only the delivery status notification.
+For example, with "best_mx_transport = local", an SMTP delivery
+agent will now log when a recipient will be delivered locally. This
+makes the delegating delivery agent visible, where it would otherwise
+have remained invisible, which would complicate troubleshooting.
-To enable, specify "enable_threaded_bounces = yes".
+ postfix/smtp[pid]: queueid: passing <recipient> to transport=local
-Major changes - tls
--------------------
+This will usually be followed by logging for an actual delivery:
-[Incompat 20200705] The minimum OpenSSL version is 1.1.1, which will
-reach the end of life by 2023-09-11.
+ postfix/local[pid]: queueid: to=<recipient>, relay=local, ...
-The default digest has changed from md5 to sha256 (Postfix 3.6 with
-compatibility_level >= 3). With a lower compatibility_level setting,
-Postfix defaults to using md5, and logs a warning when a Postfix
-configuration specifies no explicit digest type.
+Other examples: the local delivery agent will log a record that it
+defers mailbox delivery through mailbox_transport or through
+fallback_transport.
-Export-grade Diffie-Hellman key exchange is no longer supported,
-and the tlsproxy_tls_dh512_param_file parameter is ignored,
+Other changes - error logging
+-----------------------------
-[Feature 20200906] The tlstype.pl helper script by Viktor Dukhovni
-reports TLS information per message delivery. This processes output
-from the collate.pl script. See auxiliary/collate/README.tlstype and
-auxiliary/collate/tlstype.pl.
+[Incompat 20200531] Postfix programs will now log "Application error"
+instead of "Success" or "Unknown error: 0" when an operation fails with
+errno == 0, i.e., the error originates from non-kernel code.
+
+Other changes - dns lookups
+---------------------------
+
+[Feature 20200509] The threadsafe resolver API (res_nxxx() calls)
+is now the default, not because the API is threadsafe, but because
+this is the API where new features are being added.
+
+To build old style, build with:
+
+ make makefiles CCARGS="-DNO_RES_NCALLS..."
+This is the default for systems that are known not to support the
+threadsafe resolver API.
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
-# -o smtpd_client_restrictions=$mua_client_restrictions
-# -o smtpd_helo_restrictions=$mua_helo_restrictions
-# -o smtpd_sender_restrictions=$mua_sender_restrictions
-# -o smtpd_recipient_restrictions=
-# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+# Instead of specifying complex smtpd_<xxx>_restrictions here,
+# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
+# here, and specify mua_<xxx>_restrictions in main.cf (where
+# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
+# -o smtpd_client_restrictions=
+# -o smtpd_helo_restrictions=
+# -o smtpd_sender_restrictions=
+# -o smtpd_relay_restrictions=
+# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
-# Choose one: enable smtps for loopback clients only, or for any client.
-#127.0.0.1:smtps inet n - n - - smtpd
-#smtps inet n - n - - smtpd
-# -o syslog_name=postfix/smtps
+# Choose one: enable submssions for loopback clients only, or for any client.
+#127.0.0.1:submssions inet n - n - - smtpd
+#submssions inet n - n - - smtpd
+# -o syslog_name=postfix/submissions
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
-# -o smtpd_client_restrictions=$mua_client_restrictions
-# -o smtpd_helo_restrictions=$mua_helo_restrictions
-# -o smtpd_sender_restrictions=$mua_sender_restrictions
-# -o smtpd_recipient_restrictions=
-# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+# Instead of specifying complex smtpd_<xxx>_restrictions here,
+# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
+# here, and specify mua_<xxx>_restrictions in main.cf (where
+# "<xxx>" is "client", "helo", "sender", "relay", or "recipient").
+# -o smtpd_client_restrictions=
+# -o smtpd_helo_restrictions=
+# -o smtpd_sender_restrictions=
+# -o smtpd_relay_restrictions=
+# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
projects / thirdparty / postfix.git / commitdiff
