Import Postfix 3.8.4 (last was 3.7.3)

December 22, 2023: 3.8.4/3.7.9

Import Postfix-3.7.3 (previous version was 3.5.2)

This is the Postfix 3.7 (stable) release.

The stable Postfix release is called postfix-3.7.x where 3=major
release number, 7=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.

New features are developed in snapshot releases. These are called
postfix-3.8-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.

The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.

If you upgrade from Postfix 3.5 or earlier, read RELEASE_NOTES-3.6
before proceeding.

License change

This is the Postfix 3.5 (stable) release.

The stable Postfix release is called postfix-3.5.x where 3=major
release number, 5=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.

New features are developed in snapshot releases. These are called
postfix-3.6-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.

The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.

If you upgrade from Postfix 3.3 or earlier, read RELEASE_NOTES-3.4
before proceeding.

License change

branches: 1.1.1.8.12;
The stable Postfix release is called postfix-3.0.x where 3=major
release number, 0=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.

New features are developed in snapshot releases. These are called
postfix-3.1-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.

The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.

If you upgrade from Postfix 2.10 or earlier, read RELEASE_NOTES-2.11
before proceeding.

Notes for distribution maintainers

branches: 1.1.1.7.6; 1.1.1.7.10;
Import Postfix 2.11.1. The main changes since version 2.10.* are:
- Support for PKI-less TLS server certificate verification with DANE
(DNS-based Authentication of Named Entities) where the CA public key
or the server certificate is identified via DNSSEC lookup. This
requires a DNS resolver that validates DNSSEC replies. The problem
with conventional PKI is that there are literally hundreds of
organizations world-wide that can provide a certificate in anyone's
name. DANE limits trust to the people who control the target DNS
zone and its parent zones.
- A new postscreen_dnsbl_whitelist_threshold feature to allow clients
to skip postscreen tests based on their DNSBL score. This can
eliminate email delays due to "after 220 greeting" protocol tests,
which otherwise require that a client reconnects before it can
deliver mail. Some providers such as Google don't retry from the
same IP address, and that can result in large email delivery delays.
- The recipient_delimiter feature now supports different delimiters,
for example both "+" and "-". As before, this implementation
recognizes exactly one delimiter character per email address, and
exactly one address extension per email address.
- Advanced master.cf query/update support to access service attributes
as "name = value" pairs. For example to turn off chroot on all
services use "postconf -F '*/*/chroot = n'", and to change/add a
"-o name=value" setting use "postconf -P 'smtp/inet/name = value'".
This was developed primarily to allow automated tools to manage Postfix
systems without having to parse Postfix configuration files.

branches: 1.1.1.6.2;
Import Postfix 2.10.2. Major changes since version 2.9.* are:
- Separation of relay policy (with smtpd_relay_restrictions) from spam policy
(with smtpd_{client, helo, sender, recipient}_restrictions), which makes
accidental open relay configuration less likely. The default is backwards
compatible.
- HAproxy load-balancer support for postscreen(8) and smtpd(8). The nginx
proxy was already supported by Postfix 2.9 smtpd(8), using XCLIENT commands.
- Support for the TLSv1 and TLSv2 protocols, as well as support to turn them
off if needed for inter-operability.
- Laptop-friendly configuration. By default, Postfix now uses UNIX-domain
sockets instead of FIFOs, and thus avoids MTIME file system updates on an
idle mail system.
- Revised postconf(1) command. The "-x" option expands $name in a parameter
value (both main.cf and master.cf); the "-o name=value" option overrides
a main.cf parameter setting; and postconf(1) now warns about a $name that
has no name=value setting.
- Sendmail-style "socketmap" lookup tables.

Import Postfix 2.9.5. Major changes since version 2.8.x:
- Support for long, non-repeating, queue IDs (queue file names). The
main benefit of non-repeating names is simpler logfile analysis. See
the description of "enable_long_queue_ids" in postconf(5) for
details.
- Memcache client support, and support to share postscreen(8) and
verify(8) caches via the proxymap server. Details about memcache
support are in memcache_table(5) and MEMCACHE_README.
- Gradual degradation: if a database is unavailable (can't open, most
read or write errors) a Postfix daemon will log a warning and
continue providing the services that don't depend on that table,
instead of immediately terminating with a fatal error. To terminate
immediately when a database file can't be opened, specify
"daemon_table_open_error_is_fatal = yes".
- Revised postconf(1) command. It warns about unused parameter
name=value settings in main.cf or master.cf (likely mistakes),
understands "dynamic" parameter names such as names that depend on
the name of a master.cf entry (finally, "postconf -n" shows all
parameter settings), and it can display main.cf and master.cf in a
more user-friendly format (postconf -nf, postconf -Mf).
- Read/write deadline support in the SMTP client and server to defend
against application-level DOS attacks that very slowly write or read
data one byte at a time.

branches: 1.1.1.4.2; 1.1.1.4.8;
Import Postfix version 2.8.4. Changes since version 2.8.3:
- Performance: a high load of DSN success notification requests could
slow down the queue manager. Solution: make the trace client
asynchronous, just like the bounce and defer clients.
- The local(8) delivery agent ignored table lookup errors in
mailbox_command_maps, mailbox_transport_maps, fallback_transport_maps
and (while bouncing mail to alias) alias owner lookup.
- Workaround: dbl.spamhaus.org rejects lookups with "No IP queries" even
if the name has an alphanumerical prefix. We play safe, and skip both
RHSBL and RHSWL queries for names ending in a numerical suffix.
- The "sendmail -t" command reported "protocol error" instead of "file
too large", "no space left on device" etc.
- The Postfix Milter client reported a temporary error instead of
"file too large" in three cases.

Import Postfix 2.8.1. Changes since version 2.7.*:
Postfix stable release 2.8.0 is available. This release continues the
move towards improving code and documentation, and making the system
better prepared for changes in the threat environment.

The postscreen daemon (a zombie blocker in front of Postfix) is now
included with the stable release. postscreen now supports TLS and can
log the rejected sender, recipient and helo information. See the
POSTSCREEN_README file for recommended usage scenarios.

Support for DNS whitelisting (permit_rhswl_client), and for pattern
matching to filter the responses from DNS white/blacklist servers
(e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]).

Improved message tracking across SMTP-based content filters; the
after-filter SMTP server can log the before-filter queue ID (the
XCLIENT protocol was extended).

Read-only support for sqlite databases. See sqlite_table(5) and
SQLITE_README.

Support for 'footers' that are appended to SMTP server "reject"
responses. See "smtpd_reject_footer" in the postconf(5) manpage.

branches: 1.1.1.2.2;
Import Postfix 2.7.1. Major changes since Postfix 2.6.6:
- Improved before-queue content filter performance. With
"smtpd_proxy_options = speed_adjust", the Postfix SMTP server
receives the entire message before it connects to a before-queue
content filter. Typically, this allows Postfix to handle the same
mail load with fewer content filter processes.
- Improved address verification performance. The verify database is now
persistent by default, and it is automatically cleaned periodically. Under
overload conditions, the Postfix SMTP server no longer waits up to 6 seconds
for an address probe to complete.
- Support for reputation management based on the local SMTP client IP address.
This is typically implemented with "FILTER transportname:" actions in access
maps or header/body checks, and mail delivery transports in master.cf with
unique smtp_bind_address values.

branches: 1.1.1.1.2; 1.1.1.1.4;
Import Postfix 2.6.2.

This is the Postfix 3.5 (stable) release.

The stable Postfix release is called postfix-3.5.x where 3=major
release number, 5=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.

New features are developed in snapshot releases. These are called
postfix-3.6-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.

The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.

If you upgrade from Postfix 3.3 or earlier, read RELEASE_NOTES-3.4
before proceeding.

License change

The stable Postfix release is called postfix-3.0.x where 3=major
release number, 0=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.

New features are developed in snapshot releases. These are called
postfix-3.1-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.

The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.

If you upgrade from Postfix 2.10 or earlier, read RELEASE_NOTES-2.11
before proceeding.

Notes for distribution maintainers

branches: 1.1.1.7.6; 1.1.1.7.10;
Import Postfix 2.11.1. The main changes since version 2.10.* are:
- Support for PKI-less TLS server certificate verification with DANE
(DNS-based Authentication of Named Entities) where the CA public key
or the server certificate is identified via DNSSEC lookup. This
requires a DNS resolver that validates DNSSEC replies. The problem
with conventional PKI is that there are literally hundreds of
organizations world-wide that can provide a certificate in anyone's
name. DANE limits trust to the people who control the target DNS
zone and its parent zones.
- A new postscreen_dnsbl_whitelist_threshold feature to allow clients
to skip postscreen tests based on their DNSBL score. This can
eliminate email delays due to "after 220 greeting" protocol tests,
which otherwise require that a client reconnects before it can
deliver mail. Some providers such as Google don't retry from the
same IP address, and that can result in large email delivery delays.
- The recipient_delimiter feature now supports different delimiters,
for example both "+" and "-". As before, this implementation
recognizes exactly one delimiter character per email address, and
exactly one address extension per email address.
- Advanced master.cf query/update support to access service attributes
as "name = value" pairs. For example to turn off chroot on all
services use "postconf -F '*/*/chroot = n'", and to change/add a
"-o name=value" setting use "postconf -P 'smtp/inet/name = value'".
This was developed primarily to allow automated tools to manage Postfix
systems without having to parse Postfix configuration files.

branches: 1.1.1.6.2;
Import Postfix 2.10.2. Major changes since version 2.9.* are:
- Separation of relay policy (with smtpd_relay_restrictions) from spam policy
(with smtpd_{client, helo, sender, recipient}_restrictions), which makes
accidental open relay configuration less likely. The default is backwards
compatible.
- HAproxy load-balancer support for postscreen(8) and smtpd(8). The nginx
proxy was already supported by Postfix 2.9 smtpd(8), using XCLIENT commands.
- Support for the TLSv1 and TLSv2 protocols, as well as support to turn them
off if needed for inter-operability.
- Laptop-friendly configuration. By default, Postfix now uses UNIX-domain
sockets instead of FIFOs, and thus avoids MTIME file system updates on an
idle mail system.
- Revised postconf(1) command. The "-x" option expands $name in a parameter
value (both main.cf and master.cf); the "-o name=value" option overrides
a main.cf parameter setting; and postconf(1) now warns about a $name that
has no name=value setting.
- Sendmail-style "socketmap" lookup tables.

Import Postfix 2.9.5. Major changes since version 2.8.x:
- Support for long, non-repeating, queue IDs (queue file names). The
main benefit of non-repeating names is simpler logfile analysis. See
the description of "enable_long_queue_ids" in postconf(5) for
details.
- Memcache client support, and support to share postscreen(8) and
verify(8) caches via the proxymap server. Details about memcache
support are in memcache_table(5) and MEMCACHE_README.
- Gradual degradation: if a database is unavailable (can't open, most
read or write errors) a Postfix daemon will log a warning and
continue providing the services that don't depend on that table,
instead of immediately terminating with a fatal error. To terminate
immediately when a database file can't be opened, specify
"daemon_table_open_error_is_fatal = yes".
- Revised postconf(1) command. It warns about unused parameter
name=value settings in main.cf or master.cf (likely mistakes),
understands "dynamic" parameter names such as names that depend on
the name of a master.cf entry (finally, "postconf -n" shows all
parameter settings), and it can display main.cf and master.cf in a
more user-friendly format (postconf -nf, postconf -Mf).
- Read/write deadline support in the SMTP client and server to defend
against application-level DOS attacks that very slowly write or read
data one byte at a time.

branches: 1.1.1.4.2; 1.1.1.4.8;
Import Postfix version 2.8.4. Changes since version 2.8.3:
- Performance: a high load of DSN success notification requests could
slow down the queue manager. Solution: make the trace client
asynchronous, just like the bounce and defer clients.
- The local(8) delivery agent ignored table lookup errors in
mailbox_command_maps, mailbox_transport_maps, fallback_transport_maps
and (while bouncing mail to alias) alias owner lookup.
- Workaround: dbl.spamhaus.org rejects lookups with "No IP queries" even
if the name has an alphanumerical prefix. We play safe, and skip both
RHSBL and RHSWL queries for names ending in a numerical suffix.
- The "sendmail -t" command reported "protocol error" instead of "file
too large", "no space left on device" etc.
- The Postfix Milter client reported a temporary error instead of
"file too large" in three cases.

Import Postfix 2.8.1. Changes since version 2.7.*:
Postfix stable release 2.8.0 is available. This release continues the
move towards improving code and documentation, and making the system
better prepared for changes in the threat environment.

The postscreen daemon (a zombie blocker in front of Postfix) is now
included with the stable release. postscreen now supports TLS and can
log the rejected sender, recipient and helo information. See the
POSTSCREEN_README file for recommended usage scenarios.

Support for DNS whitelisting (permit_rhswl_client), and for pattern
matching to filter the responses from DNS white/blacklist servers
(e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]).

Improved message tracking across SMTP-based content filters; the
after-filter SMTP server can log the before-filter queue ID (the
XCLIENT protocol was extended).

Read-only support for sqlite databases. See sqlite_table(5) and
SQLITE_README.

Support for 'footers' that are appended to SMTP server "reject"
responses. See "smtpd_reject_footer" in the postconf(5) manpage.

branches: 1.1.1.2.2;
Import Postfix 2.7.1. Major changes since Postfix 2.6.6:
- Improved before-queue content filter performance. With
"smtpd_proxy_options = speed_adjust", the Postfix SMTP server
receives the entire message before it connects to a before-queue
content filter. Typically, this allows Postfix to handle the same
mail load with fewer content filter processes.
- Improved address verification performance. The verify database is now
persistent by default, and it is automatically cleaned periodically. Under
overload conditions, the Postfix SMTP server no longer waits up to 6 seconds
for an address probe to complete.
- Support for reputation management based on the local SMTP client IP address.
This is typically implemented with "FILTER transportname:" actions in access
maps or header/body checks, and mail delivery transports in master.cf with
unique smtp_bind_address values.

branches: 1.1.1.1.2; 1.1.1.1.4;
Import Postfix 2.6.2.

The stable Postfix release is called postfix-3.0.x where 3=major
release number, 0=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.

New features are developed in snapshot releases. These are called
postfix-3.1-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.

The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.

If you upgrade from Postfix 2.10 or earlier, read RELEASE_NOTES-2.11
before proceeding.

Notes for distribution maintainers

Import Postfix 2.11.1. The main changes since version 2.10.* are:
- Support for PKI-less TLS server certificate verification with DANE
(DNS-based Authentication of Named Entities) where the CA public key
or the server certificate is identified via DNSSEC lookup. This
requires a DNS resolver that validates DNSSEC replies. The problem
with conventional PKI is that there are literally hundreds of
organizations world-wide that can provide a certificate in anyone's
name. DANE limits trust to the people who control the target DNS
zone and its parent zones.
- A new postscreen_dnsbl_whitelist_threshold feature to allow clients
to skip postscreen tests based on their DNSBL score. This can
eliminate email delays due to "after 220 greeting" protocol tests,
which otherwise require that a client reconnects before it can
deliver mail. Some providers such as Google don't retry from the
same IP address, and that can result in large email delivery delays.
- The recipient_delimiter feature now supports different delimiters,
for example both "+" and "-". As before, this implementation
recognizes exactly one delimiter character per email address, and
exactly one address extension per email address.
- Advanced master.cf query/update support to access service attributes
as "name = value" pairs. For example to turn off chroot on all
services use "postconf -F '*/*/chroot = n'", and to change/add a
"-o name=value" setting use "postconf -P 'smtp/inet/name = value'".
This was developed primarily to allow automated tools to manage Postfix
systems without having to parse Postfix configuration files.

branches: 1.1.1.6.2;
Import Postfix 2.10.2. Major changes since version 2.9.* are:
- Separation of relay policy (with smtpd_relay_restrictions) from spam policy
(with smtpd_{client, helo, sender, recipient}_restrictions), which makes
accidental open relay configuration less likely. The default is backwards
compatible.
- HAproxy load-balancer support for postscreen(8) and smtpd(8). The nginx
proxy was already supported by Postfix 2.9 smtpd(8), using XCLIENT commands.
- Support for the TLSv1 and TLSv2 protocols, as well as support to turn them
off if needed for inter-operability.
- Laptop-friendly configuration. By default, Postfix now uses UNIX-domain
sockets instead of FIFOs, and thus avoids MTIME file system updates on an
idle mail system.
- Revised postconf(1) command. The "-x" option expands $name in a parameter
value (both main.cf and master.cf); the "-o name=value" option overrides
a main.cf parameter setting; and postconf(1) now warns about a $name that
has no name=value setting.
- Sendmail-style "socketmap" lookup tables.

Import Postfix 2.9.5. Major changes since version 2.8.x:
- Support for long, non-repeating, queue IDs (queue file names). The
main benefit of non-repeating names is simpler logfile analysis. See
the description of "enable_long_queue_ids" in postconf(5) for
details.
- Memcache client support, and support to share postscreen(8) and
verify(8) caches via the proxymap server. Details about memcache
support are in memcache_table(5) and MEMCACHE_README.
- Gradual degradation: if a database is unavailable (can't open, most
read or write errors) a Postfix daemon will log a warning and
continue providing the services that don't depend on that table,
instead of immediately terminating with a fatal error. To terminate
immediately when a database file can't be opened, specify
"daemon_table_open_error_is_fatal = yes".
- Revised postconf(1) command. It warns about unused parameter
name=value settings in main.cf or master.cf (likely mistakes),
understands "dynamic" parameter names such as names that depend on
the name of a master.cf entry (finally, "postconf -n" shows all
parameter settings), and it can display main.cf and master.cf in a
more user-friendly format (postconf -nf, postconf -Mf).
- Read/write deadline support in the SMTP client and server to defend
against application-level DOS attacks that very slowly write or read
data one byte at a time.

branches: 1.1.1.4.2; 1.1.1.4.8;
Import Postfix version 2.8.4. Changes since version 2.8.3:
- Performance: a high load of DSN success notification requests could
slow down the queue manager. Solution: make the trace client
asynchronous, just like the bounce and defer clients.
- The local(8) delivery agent ignored table lookup errors in
mailbox_command_maps, mailbox_transport_maps, fallback_transport_maps
and (while bouncing mail to alias) alias owner lookup.
- Workaround: dbl.spamhaus.org rejects lookups with "No IP queries" even
if the name has an alphanumerical prefix. We play safe, and skip both
RHSBL and RHSWL queries for names ending in a numerical suffix.
- The "sendmail -t" command reported "protocol error" instead of "file
too large", "no space left on device" etc.
- The Postfix Milter client reported a temporary error instead of
"file too large" in three cases.

Import Postfix 2.8.1. Changes since version 2.7.*:
Postfix stable release 2.8.0 is available. This release continues the
move towards improving code and documentation, and making the system
better prepared for changes in the threat environment.

The postscreen daemon (a zombie blocker in front of Postfix) is now
included with the stable release. postscreen now supports TLS and can
log the rejected sender, recipient and helo information. See the
POSTSCREEN_README file for recommended usage scenarios.

Support for DNS whitelisting (permit_rhswl_client), and for pattern
matching to filter the responses from DNS white/blacklist servers
(e.g., reject_rhsbl_client zen.spamhaus.org=127.0.0.[1..10]).

Improved message tracking across SMTP-based content filters; the
after-filter SMTP server can log the before-filter queue ID (the
XCLIENT protocol was extended).

Read-only support for sqlite databases. See sqlite_table(5) and
SQLITE_README.

Support for 'footers' that are appended to SMTP server "reject"
responses. See "smtpd_reject_footer" in the postconf(5) manpage.

branches: 1.1.1.2.2;
Import Postfix 2.7.1. Major changes since Postfix 2.6.6:
- Improved before-queue content filter performance. With
"smtpd_proxy_options = speed_adjust", the Postfix SMTP server
receives the entire message before it connects to a before-queue
content filter. Typically, this allows Postfix to handle the same
mail load with fewer content filter processes.
- Improved address verification performance. The verify database is now
persistent by default, and it is automatically cleaned periodically. Under
overload conditions, the Postfix SMTP server no longer waits up to 6 seconds
for an address probe to complete.
- Support for reputation management based on the local SMTP client IP address.
This is typically implemented with "FILTER transportname:" actions in access
maps or header/body checks, and mail delivery transports in master.cf with
unique smtp_bind_address values.

branches: 1.1.1.1.2; 1.1.1.1.4;
Import Postfix 2.6.2.