1The stable Postfix release is called postfix-2.6.x where 2=major 2release number, 6=minor release number, x=patchlevel. The stable 3release never changes except for patches that address bugs or 4emergencies. Patches change the patchlevel and the release date. 5 6New features are developed in snapshot releases. These are called 7postfix-2.7-yyyymmdd where yyyymmdd is the release date (yyyy=year, 8mm=month, dd=day). Patches are never issued for snapshot releases; 9instead, a new snapshot is released. 10 11The mail_release_date configuration parameter (format: yyyymmdd) 12specifies the release date of a stable release or snapshot release. 13 14If you upgrade from Postfix 2.4 or earlier, read RELEASE_NOTES-2.5 15before proceeding. 16 17Major changes - multi-instance support 18-------------------------------------- 19 20[Feature 20090121] Support for managing multiple Postfix instances. 21This can automatically apply your "postfix start" etc. command to 22multiple Postfix instances, including upgrades to new Postfix 23versions. Multi-instance support allows you to do the following 24and more: 25 26- Simplify post-queue content filter configuration by using separate 27 Postfix instances before and after the filter. This simplifies 28 trouble shooting and performance tuning. 29 30- Implement per-user content filters (or no filter) via transport 31 map lookups instead of content_filter settings. Mail for some 32 users can be sent directly from the before-filter instance to the 33 after-filter instance. 34 35- Test new configuration settings (on a different server IP address 36 or TCP port) without disturbing production instances. 37 38- Each additional Postfix instance uses a few files and directories, 39 plus memory for an extra master daemon and queue manager. The 40 pickup daemon is needed only if you use local submission or 41 "postsuper -r". 42 43Best of all, nothing changes when you use only one Postfix instance. 44 45The MULTI_INSTANCE_README file presents an introduction to 46multi-instance management. Multi-instance support is based on an 47API that is described in the postfix-wrapper(5) manual page. 48 49Major changes - milter support 50------------------------------ 51 52[Feature 20090428] The following improvements have been made to the 53Milter implementation: 54 55- Improved compatibility of the {mail_addr} and {rcpt_addr} macros. 56 57- Support for the {mail_host}, {mail_mailer}, {rcpt_host} and 58{rcpt_mailer} macros. 59 60- Milter applications can now request rejected recipients with the 61SMFIP_RCPT_REJ feature. Rejected recipients are reported with 62{rcpt_mailer} = "error", {rcpt_host} = enhanced status code, and 63{rcpt_addr} = descriptive text. This feature requires "milter_protocol 64= 6" or higher (default as of Postfix 2.6). 65 66- Milters can now replace the envelope sender address with the 67SMFIR_CHGFROM request, and can add recipients with SMFIR_ADDRCPT_PAR. 68These implementations ignore ESMTP command parameters and log a 69warning message as follows: 70 71 warning: 100B22B3293: cleanup_chg_from: ignoring ESMTP arguments "whatever" 72 warning: 100B22B3293: cleanup_add_rcpt: ignoring ESMTP arguments "whatever" 73 74[Incompat 20090428] The default milter_protocol setting is increased 75from 2 to 6; this enables all available features up to and including 76Sendmail 8.14.0. The new milter_protocol setting may break 77compatibility with older Milter libraries or applications, and may 78cause Postfix to log warning messages such as: 79 80 warning: milter inet:host:port: can't read packet header: Unknown error : 0 81 82 warning: milter inet:host:port: can't read packet header: Success 83 84 warning: milter inet:host:port: can't read SMFIC_DATA reply 85 packet header: No such file or directory 86 87To restore compatibility, specify "milter_protocol = 2" in main.cf. 88 89Major changes - security 90------------------------ 91 92[Incompat 20080726] When a mailbox file is not owned by its recipient, 93the local and virtual delivery agents now log a warning and defer 94delivery. Specify "strict_mailbox_ownership = no" to ignore such 95ownership discrepancies. 96 97Major changes - smtp server 98--------------------------- 99 100[Feature 20080212] check_reverse_client_hostname_access, to make 101access decisions based on the unverified client hostname. For 102safety reasons an OK result is not allowed. 103 104[Feature 20090210] With "reject_tempfail_action = defer", the Postfix 105SMTP server immediately replies with a 4xx status after some temporary 106error, instead of executing an implicit "defer_if_permit" action. 107 108[Feature 20090215] The Postfix SMTP server automatically hangs up 109after replying with "521". This makes overload handling more 110effective. See also RFC 1846 for prior art on this topic. 111 112[Feature 20090228] The Postfix SMTP server maintains a per-session 113"improper command pipelining detected" flag. This flag can be tested 114at any time with reject_unauth_pipelining, and is raised whenever 115a client command is followed by unexpected commands or message 116content. The Postfix SMTP server logs the first command pipelining 117transgression as "improper command pipelining after <command> from 118<hostname>[<hostaddress>]". 119 120[Feature 20090212] Stress-dependent behavior is enabled by default. 121Under conditions of overload, smtpd_timeout is reduced from 300s 122to 10s, smtpd_hard_error_limit is reduced from 20 to 1, and 123smtpd_junk_command_limit is reduced from 100 to 1. This will reduce 124the impact of overload for most legitimate mail. 125 126[Feature 20080629] The Postfix SMTP server's SASL authentication 127was re-structured. With "smtpd_tls_auth_only = yes", SASL support 128is now activated only after a successful TLS handshake. Earlier 129Postfix SMTP server versions could complain about unavailable SASL 130mechanisms during the plaintext phase of the SMTP protocol. 131 132[Incompat 20080510] In the policy delegation protocol, certificate 133common name attributes are now xtext encoded UTF-8. The xtext decoded 134attributes may contain any UTF-8 value except non-printable ASCII 135characters. 136 137Major changes - performance 138--------------------------- 139 140[Feature 20090215] The Postfix SMTP server automatically hangs up 141after replying with "521". This makes overload handling more 142effective. See also RFC 1846 for prior art on this topic. 143 144[Feature 20090212] Stress-dependent behavior is enabled by default. 145Under conditions of overload, smtpd_timeout is reduced from 300s 146to 10s, smtpd_hard_error_limit is reduced from 20 to 1, and 147smtpd_junk_command_limit is reduced from 100 to 1. This will reduce 148the negative impact of server overload for most legitimate mail. 149 150[Feature 20090109] Specify "tcp_windowsize = 65535" (or less) to 151work around routers with broken TCP window scaling implementations. 152This is perhaps more convenient than collecting tcpdump output and 153tuning kernel parameters by hand. With Postfix TCP servers (smtpd(8), 154qmqpd(8)), this feature is implemented by the Postfix master(8) 155daemon. 156 157To change this parameter without stopping Postfix, you need to first 158terminate all Postfix TCP servers: 159 160 # postconf -e master_service_disable=inet 161 # postfix reload 162 163This immediately terminates all processes that accept network 164connections. Then you enable Postfix TCP servers with the updated 165tcp_windowsize setting: 166 167 # postconf -e tcp_windowsize=65535 master_service_disable= 168 # postfix reload 169 170If you skip these steps with a running Postfix system, then the 171tcp_windowsize change will work only for Postfix TCP clients (smtp(8), 172lmtp(8)). 173 174Of course you can also do "postfix stop" and "postfix start", 175but that is more disruptive. 176 177Major changes - tls 178------------------- 179 180[Incompat 20090428] The Postfix SMTP client(!) no longer tries to 181use the obsolete SSLv2 protocol by default, as this may prevent the 182use of modern SSL features. Lack of SSLv2 support should never be 183a problem, since SSLv3 was defined in 1996, and TLSv1 in 1999. You 184can undo the change by specifying empty main.cf values for 185smtp_tls_protocols and lmtp_tls_protocols. The Postfix SMTP server 186maintains SSLv2 support for backwards compatibility with ancient 187clients. 188 189[Feature 20081010] Controls for the protocols and ciphers that 190Postfix will use with opportunistic TLS. The smtp_tls_protocols, 191smtp_tls_ciphers, and equivalent parameters for lmtp and smtpd 192provide global settings; the SMTP client TLS policy table provides 193ciphers and protocols settings for specific peers. Code by Victor 194Duchovni. Details are given in the TLS_README and postconf(5) 195documents. 196 197[Feature 20081108] Elliptic curve support. This requires OpenSSL 198version 0.9.9 or later. 199 200Major changes - address verification 201------------------------------------ 202 203[Incompat 20080428] Postfix SMTP server replies for address 204verification have changed. unverified_recipient_reject_code and 205unverified_sender_reject_code now handle "5XX" rejects only. The 206"4XX" rejects are now controlled with unverified_sender_defer_code 207and unverified_recipient_defer_code. 208 209[Feature 20080428] Finer control over the way Postfix reports address 210verification failures to remote SMTP clients. 211 212- unverified_sender/recipient_defer_code: the numerical Postfix 213 SMTP server reply code when address verification failed due 214 to some temporary error. 215 216- unverified_sender/recipient_reject_reason: fixed text that Postfix 217 will send to the remote SMTP client, instead of sending actual 218 address verification details. 219 220Major changes - dsn 221------------------- 222 223[Feature 20090307] New "lmtp_assume_final = yes" flag to send correct 224DSN "success" notifications when LMTP delivery is "final" as opposed 225to delivery into a content filter. 226 227Major changes - file organization 228--------------------------------- 229 230[Incompat 20080207] According to discussions on the mailing list, 231too many people are breaking newly installed Postfix by overwriting 232the new /etc/postfix files with versions from an older release, and 233end up with a broken configuration that cannot repair itself. For 234this reason, postfix-script, postfix-files and post-install are 235moved away from /etc/postfix to $daemon_directory. 236 237Major changes - header rewriting 238-------------------------------- 239 240[Incompat 20090330] Postfix now adds (Resent-) From:, Date:, 241Message-ID: or To: headers only when clients match 242$local_header_rewrite_clients. Specify "always_add_missing_headers 243= yes" for backwards compatibility. Adding such headers can break 244DKIM signatures that cover headers that are not present. For 245compatibility with existing logfile processing software, Postfix 246will log ``message-id=<>'' for messages without Message-Id header. 247 248Major changes - lmtp client 249--------------------------- 250 251[Feature 20090307] New "lmtp_assume_final = yes" flag to send correct 252DSN "success" notifications when LMTP delivery is "final" as opposed 253to delivery into a content filter. 254 255Major changes - logging 256----------------------- 257 258[Incompat 20090330] Postfix now adds (Resent-) From:, Date:, 259Message-ID: or To: headers only when clients match 260$local_header_rewrite_clients. Specify "always_add_missing_headers 261= yes" for backwards compatibility. Adding such headers can break 262DKIM signatures that cover headers that are not present. 263 264This changes the appearance of Postfix logging: to preserve 265compatibility with existing logfile processing software, Postfix 266will log ``message-id=<>'' for messages without Message-Id header. 267 268Major changes - mime 269-------------------- 270 271[Feature 20080324] When the "postmap -q -" command reads lookup 272keys from standard input, it now understands RFC822 and MIME message 273format. Specify -h or -b to use headers or body lines as lookup 274keys, and specify -hm or -bm to simulate header_checks or body_checks. 275 276Major changes - miscellaneous 277----------------------------- 278 279[Feature 20090109] Support to selectively disable master(8) listener 280ports by service type or by service name + type. Specify a list of 281service types ("inet", "unix", "fifo", or "pass") or "name.type" 282tuples, where "name" is the first field of a master.cf entry and 283"type" is a service type. Examples: to turn off the main SMTP 284listener port, use "master_service_disable = smtp.inet"; to turn 285off all TCP/IP listeners, use "master_service_disable = inet". 286Changing this parameter requires "postfix reload". 287 288Major changes - sasl 289-------------------- 290 291[Feature 20090418] The Postfix SMTP server passes more information 292to the Dovecot authentication server: the "TLS is active" flag, the 293server IP address, and the client IP address. 294 295[Feature 20080629] The Postfix SMTP server's SASL authentication 296was re-structured. With "smtpd_tls_auth_only = yes", SASL support 297is now activated only after a successful TLS handshake. Earlier 298Postfix SMTP server versions could complain about unavailable SASL 299mechanisms during the plaintext phase of the SMTP protocol. 300 301