1The stable Postfix release is called postfix-2.2.x where 2=major 2release number, 2=minor release number, x=patchlevel. The stable 3release never changes except for patches that address bugs or 4emergencies. Patches change the patchlevel and the release date. 5 6New features are developed in snapshot releases. These are called 7postfix-2.3-yyyymmdd where yyyymmdd is the release date (yyyy=year, 8mm=month, dd=day). Patches are never issued for snapshot releases; 9instead, a new snapshot is released. 10 11The mail_release_date configuration parameter (format: yyyymmdd) 12specifies the release date of a stable release or snapshot release. 13 14Main changes with Postfix version 2.2 15------------------------------------- 16 17This is a summary of the changes. These and more are detailed in 18the following sections of this document. 19 20- TLS and IPv6 support are now built into Postfix, based on code 21from third-party patches. 22 23- Extended query interface for LDAP, MySQL and PostgreSQL with free 24form SQL queries, and domain filters to reduce unnecessary lookups. 25 26- SMTP client-side connection reuse. This can dramatically speed 27up deliveries to high-volume destinations that have some servers 28that respond, and some non-responding mail servers. 29 30- By default, Postfix no longer rewrites message headers in mail 31from remote clients. This includes masquerading, canonical mapping, 32replacing "!" and "%" by "@", and appending the local domain to 33incomplete addresses. Thus, spam from poorly written software no 34longer looks like it came from a local user. 35 36- When your machine does not have its own domain name, Postfix can 37now replace your "home network" email address by your ISP account 38in outgoing SMTP mail, while leaving your email address unchanged 39when sending mail to someone on the local machine. 40 41- Compatibility workarounds: you can now selectively turn off ESMTP 42features such as AUTH or STARTTLS in the Postfix SMTP client or 43server, without having to "dumb down" other mail deliveries, and 44without having to use transport maps for outgoing mail. 45 46- Remote SMTP client resource control (the anvil server). This 47allows you to limit the number of connections, or the number of 48MAIL FROM and RCPT TO commands that an SMTP client can send per 49unit time. 50 51- Support for CDB, SDBM and NIS+ databases is now built into Postfix 52(but the CDB and SDBM libraries are not). 53 54- New SMTP access control features, and more. 55 56Major changes - critical 57------------------------ 58 59BEFORE upgrading from an older release you MUST stop Postfix, unless 60you're running a Postfix 2.2 snapshot release that already has 61Postfix 2.2 IPV6 and TLS support. 62 63AFTER upgrading from an older release DO NOT copy the old 64master.cf/main.cf files over the new files. Instead, you MUST let 65the Postfix installation procedure update the existing configuration 66files with new service entries. 67 68[Incompat 20041118] The master-child protocol has changed. The 69Postfix master daemon will log warnings about partial status updates 70if you don't stop and start Postfix. 71 72[Incompat 20041023, 20041009] The queue manager to delivery agent 73protocol has changed. Mail will remain queued if you do not restart 74the queue manager. 75 76[Incompat 20050111] The upgrade procedure adds the tlsmgr service 77to the master.cf file. This service entry is not compatible with 78the Postfix/TLS patch. 79 80[Feature 20040919] The upgrade procedure adds the discard service 81to the master.cf file. 82 83[Feature 20040720] The upgrade procedure adds the scache (shared 84connection cache) service to the master.cf file. 85 86Major changes - IPv6 support 87---------------------------- 88 89[Feature 20050111] Postfix version 2.2 IP version 6 support based 90on the Postfix/IPv6 patch by Dean Strik and others. IPv6 support 91is always compiled into Postfix on systems that have Postfix 92compatible IPv6 support. On other systems Postfix will simply use 93IP version 4 just like it did before. See the IPV6_README document 94for what systems are supported, and how to turn on IPv6 in main.cf. 95 96[Incompat 20050111] Postfix version 2.2 IPv6 support differs from 97the Postfix/IPv6 patch by Dean Strik in a few minor ways. 98 99- Network protocol support including DNS lookup is selected with 100the inet_protocols parameter instead of the inet_interfaces parameter. 101This is needed so that Postfix will not attempt to deliver mail via 102IPv6 when the system has no IPv6 connectivity. 103 104- The lmtp_bind_address6 feature was omitted. The Postfix LMTP 105client will be absorbed into the SMTP client, so there is no reason 106to keep adding features to the LMTP client. 107 108- The CIDR-based address matching code was rewritten. The new 109behavior is believed to be closer to expectation. The results may 110be incompatible with that of the Postfix/IPv6 patch. 111 112[Incompat 20050117] The Postfix SMTP server now requires that IPv6 113addresses in SMTP commands are specified as [ipv6:ipv6address], as 114described in RFC 2821. 115 116Major changes - TLS support 117--------------------------- 118 119[Feature 20041210] Postfix version 2.2 TLS support, based on the 120Postfix/TLS patch by Lutz Jaenicke. TLS support is not compiled 121in by default. For more information about Postfix 2.2 TLS support, 122see the TLS_README document. 123 124[Incompat 20041210] Postfix version 2.2 TLS support differs from 125the Postfix/TLS patch by Lutz Jaenicke in a few minor ways. 126 127- main.cf: Use btree instead of sdbm for TLS session cache databases. 128 129 Session caches are now accessed only by the tlsmgr(8) process, 130 so there are no concurrency issues. Although Postfix still has 131 an SDBM client, the SDBM library (1000 lines of code) is no longer 132 included with Postfix. 133 134 TLS session caches can use any database that can store objects 135 of several kbytes or more, and that implements the sequence 136 operation. In most cases, btree databases should be adequate. 137 138 NOTE: You cannot use dbm databases. TLS session objects are too 139 large. 140 141- master.cf: Specify unix instead of fifo for the tlsmgr service type. 142 This change is automatically made by the Postfix upgrade procedure. 143 144 The smtp(8) and smtpd(8) processes use a client-server protocol 145 in order to access the tlsmgr(8)'s pseudo-random number generation 146 (PRNG) pool, and in order to access the TLS session cache databases. 147 Such a protocol cannot be run across fifos. 148 149[Feature 20050209] The Postfix SMTP server policy delegation protocol 150now supplies TLS client certificate information after successful 151verification. The new policy delegation protocol attribute names 152are ccert_subject, ccert_issuer and ccert_fingerprint. 153 154[Feature 20050208] New "check_ccert_maps maptype:mapname" feature 155to enforce access control based on hexadecimal client certificate 156fingerprints. 157 158Major changes - SMTP client connection cache 159-------------------------------------------- 160 161[Feature 20040720] SMTP client-side connection caching. Instead of 162disconnecting immediately after a mail transaction, the Postfix 163SMTP client can save the open connection to the scache(8) connection 164cache daemon, so that any SMTP client process can reuse that session 165for another mail transaction. See the CONNECTION_CACHE_README 166document for a description of configuration and implementation. 167 168This feature introduces the scache (connection cache) server, which 169is added to your master.cf file when you upgrade Postfix. 170 171[Feature 20040729] Opportunistic SMTP connection caching. When a 172destination has a high volume of mail in the active queue, SMTP 173connection caching is enabled automatically. This is controlled 174with a new configuration parameter "smtp_connection_cache_on_demand" 175(default: yes). 176 177[Feature 20040723] Per-destination SMTP connection caching. This 178is enabled with the smtp_connection_cache_destinations parameter. 179The parameter requires "bare" domain names or IP addresses without 180"[]" or TCP port, to avoid a syntax conflict between host:port and 181maptype:mapname entries. 182 183[Feature 20040721] The scache(8) connection cache manager logs cache 184hit and miss statistics every $connection_cache_status_update_time 185seconds (default: 600s). It reports the hit and miss rates for 186lookups by domain, as well as for lookups by network address. 187 188Major changes - address rewriting 189--------------------------------- 190 191[Feature 20050206] Support for address rewriting in outgoing SMTP 192mail (headers and envelopes). This is useful for sites that have a 193fantasy Internet domain name such as localdomain.local. Mail 194addresses that use fantasy domain names are often rejected by mail 195servers. 196 197The smtp_generic_maps feature allows you to replace a local mail 198address (user@localdomain.local) by a valid Internet address 199(account@isp.example) when mail is sent across the Internet. The 200feature has no effect on mail that is sent between accounts on the 201local machine. The syntax is described in generic(5) and a detailed 202example is in the STANDARD_CONFIGURATION_README document, the section 203titled "Postfix on hosts without a real Internet hostname". 204 205[Feature 20041023] By default, Postfix no longer rewrites message 206headers in mail from remote clients. This includes masquerading, 207canonical mapping, replacing "!" and "%" by "@", and appending the 208local domain to incomplete addresses. Thus, spam from poorly written 209software no longer looks like it came from a local user. 210 211By default, Postfix rewrites message header addresses only when the 212client IP address matches the local machine's interface addresses, 213or when mail is submitted with the Postfix sendmail(1) command. 214 215Postfix rewrites message headers in mail from other clients only 216when the remote_header_rewrite_domain parameter specifies a domain 217name (such as "domain.invalid"); this domain is appended to incomplete 218addresses. Rewriting also includes masquerading, canonical mapping, 219and replacing "!" and "%" by "@". 220 221To get the behavior before Postfix 2.2 (always append Postfix's own 222domain to incomplete addresses in message headers, always subject 223message headers to canonical mapping, address masquerading, and 224always replace "!" and "%" by "@") specify: 225 226/etc/postfix/main.cf: 227 local_header_rewrite_clients = static:all 228 229If you must rewrite headers in mail from specific clients then you 230can specify, for example, 231 232/etc/postfix/main.cf: 233 local_header_rewrite_clients = permit_mynetworks, 234 permit_sasl_authenticated, permit_tls_clientcerts, 235 check_address_map hash:/etc/postfix/pop-before-smtp 236 237Postfix always appends local domain information to envelope addresses 238(as opposed to header addresses), because an unqualified envelope 239address is effectively local for the purpose of delivery, and for 240the purpose of replying to it. 241 242Full details are given in ADDRESS_REWRITING_README, and in the 243postconf(5) manual. For best results, point your browser at the 244ADDRESS_REWRITING_README.html file and navigate to the section 245titled " To rewrite message headers or not, or to label as invalid". 246 247[Incompat 20050212] When header address rewriting is enabled, Postfix 248now updates a message header only when at least one address in that 249header is modified. Older Postfix versions first parse and then 250un-parse a header so that there may be subtle changes in formatting, 251such as the amount of whitespace between tokens. 252 253[Incompat 20050227] Postfix no longer changes message header labels. 254Thus, FROM: or CC: are no longer replaced by From: or Cc:. 255 256[Feature 20040827] Finer control over canonical mapping with 257canonical_classes, sender_canonical_classes and 258recipient_canonical_classes. These specify one or more of 259envelope_sender, header_sender, envelope_recipient or header_recipient. 260The default settings are backwards compatible. 261 262Major changes - SMTP compatibility controls 263------------------------------------------- 264 265[Feature 20041218] Fine control for SMTP inter-operability problems, 266by discarding keywords that are sent or received with the EHLO 267handshake. Typically one would discard "pipelining", "starttls", 268or "auth" to work around systems with a broken implementation. 269Specify a list of EHLO keywords with the smtp(d)_discard_ehlo_keywords 270parameters, or specify one or more lookup tables, indexed by remote 271network address, with the smtp(d)_discard_ehlo_keyword_address_maps 272parameters. 273 274Note: this feature only discards words from the EHLO conversation; 275it does not turn off the actual features in the SMTP server. 276 277Major changes - database support 278-------------------------------- 279 280[Feature 20050209] Extended LDAP, MySQL and PgSQL query interface 281with free form SQL queries, the domain filter optimization that was 282already available with LDAP and more. This code was worked on by 283many people but Victor Duchovni took the lead. See the respective 284{LDAP,MYSQL,PGSQL}_README and {ldap,mysql,pgsql}_table documents. 285 286[Feature 20041210] You can now dump an entire database with the new 287postmap/postalias "-s" option. This works only for database types 288with Postfix sequence operator support: hash, btree, dbm, and sdbm. 289 290[Feature 20041208] Support for CDB databases by Michael Tokarev. 291This supports both Michael's tinycdb and Daniel Bernstein's cdb 292implementations, but neither of the two implementations is bundled 293with Postfix. 294 295[Feature 20041023] The NIS+ client by Geoff Gibbs is now part of 296the Postfix source tree. Details are given in the nisplus_table(5) 297manual page. 298 299[Feature 20040827] Easier use of the proxymap(8) service with the 300virtual(8) delivery agent. The virtual(8) delivery agent will 301silently open maps directly when those maps can't be proxied for 302security reasons. This means you can now specify "virtual_mailbox_maps 303= proxy:mysql:whatever" without triggering a fatal error in the 304virtual(8) delivery agent. 305 306Major changes - remote SMTP client resource control 307--------------------------------------------------- 308 309[Incompat 20041009] The smtpd_client_connection_limit_exceptions 310parameter is renamed to smtpd_client_event_limit_exceptions. Besides 311connections it now also applies to per-client message rate and 312recipient rate limits. 313 314[Feature 20041009] Per SMTP client message rate and recipient rate 315limits. These limit the number of MAIL FROM or RCPT TO requests 316regardless of whether or not Postfix would have accepted them 317otherwise. The user interface (smtpd_client_message_rate_limit and 318smtpd_client_recipient_rate_limit) is similar to that of the existing 319per SMTP client connection rate limit, and the same warnings apply: 320these features are to be used to stop abuse, and must not be used 321to regulate legitimate mail. More details can be found in the 322postconf(5) manual. 323 324Major changes - remote SMTP client access control 325------------------------------------------------- 326 327[Feature 20050209] The Postfix SMTP server policy delegation protocol 328now supplies TLS client certificate information after successful 329verification. The new policy delegation protocol attribute names 330are ccert_subject, ccert_issuer and ccert_fingerprint. 331 332[Feature 20050208] New "check_ccert_maps maptype:mapname" feature 333to enforce access control based on hexadecimal client certificate 334fingerprints. 335 336[Feature 20050203] New "permit_inet_interfaces" access restriction 337to allow access from local IP addresses only. This is used for the 338default, purist, setting of local_header_rewrite_clients (rewrite 339only headers in mail from this machine). 340 341[Feature 20050203] New "sleep time-in-seconds" pseudo access 342restriction to block zombie clients with reject_unauthorized_pipelining 343before the Postfix SMTP server sends the SMTP greeting. See postconf(5) 344for example. This feature is not available the stable Postfix 2.2 345release, but it is documented here so that it will not get lost. 346 347[Feature 20041118] New "smtpd_end_of_data_restrictions" feature 348that is invoked after the client terminates the SMTP DATA command. 349The syntax is the same as with "smtpd_data_restrictions". In the 350SMTPD policy delegation request, the message size is the actual 351byte count of the message content, instead of the message size 352announced by the client in the MAIL FROM command. 353 354Major changes - SASL authentication 355----------------------------------- 356 357[Feature 20040827] Better SMTP client control over the use of SASL 358mechanisms. New smtp_sasl_mechanism_filter mechanism to shorten the 359list of SASL mechanisms from a remote server to just those that the 360local SASL library can actually use. 361 362Major changes - header/body patterns 363------------------------------------ 364 365[Feature 20050205] REPLACE action in header_checks and body_checks, 366to replace a message header or body line. See header_checks(5) for 367details. 368 369Major changes - local delivery 370------------------------------ 371 372[Feature 20040621] Control over the working directory when executing 373an external command. With the pipe(8) mailer, specify directory=pathname, 374and with local(8) specify "command_execution_directory = expression" 375where "expression" is subject to $home etc. macro expansion. The 376result of macro expansion is restricted by the set of characters 377specified with execution_directory_expansion_filter. 378 379Major changes - mail delivery attributes 380---------------------------------------- 381 382[Feature 20041218] More client attributes for delivery to command 383with the local(8) and pipe(8) delivery agents: client_hostname, 384client_address, client_protocol, client_helo, sasl_method, sasl_sender, 385and sasl_username. With local(8), attribute names must be specified 386in upper case. 387 388Major changes - package creation 389-------------------------------- 390 391[Feature 20050203] To create a ready-to-install package for 392distribution to other systems you can now use "make package" or 393"make non-interactive-package", instead of invoking the internal 394postfix-install script by hand. See the PACKAGE_README file for 395details. 396 397Major changes - performance 398--------------------------- 399 400[Incompat 20050117] Only the deferred and defer queue directories 401are now hashed by default, instead of eight queue directories. This 402may speed up Postfix boot time on low-traffic systems without 403compromising performance under high load too much. Hashing must be 404turned on for the defer and deferred queue directories, because 405those directories contain lots of files when undeliverable mail is 406backing up. 407 408[Incompat 20040720] The default SMTP/LMTP timeouts for sending RSET 409are reduced to 20s. 410 411Major changes - miscellaneous 412----------------------------- 413 414[Feature 20050203] Safety: Postfix no longer tries to send mail to 415the fallback_relay when the local machine is MX host for the mail 416destination. See the postconf(5) description of the fallback_relay 417feature for details. 418 419[Incompat 20041023] Support for the non-standard Errors-To: return 420addresses is now removed from Postfix. It was already disabled by 421default with Postfix version 2.1. Since Errors-To: is non-standard, 422there was no guarantee that it would have the desired effect with 423other MTAs. 424 425[Feature 20040919] A new discard(8) mail delivery agent that makes 426throwing away mail easier and more efficient. It's the Postfix 427equivalent of /dev/null for mail deliveries. On the mail receiving 428side, Postfix already has a /dev/null equivalent in the form of the 429DISCARD action in access maps and header_body_checks. 430 431[Feature 20040919] Access control for local mail submission, for 432listing the queue, and for flushing the queue. These features are 433controlled with authorized_submit_users, authorized_mailq_users, 434and with authorized_flush_users, respectively. The last two controls 435are always permitted for the super-user and for the mail system 436owner. More information is in the postconf(5) manual. 437 438[Incompat 20040829] When no recipients are specified on the command 439line or via the -t option, the Postfix sendmail command terminates 440with status EX_USAGE and produces an error message instead of 441accepting the mail first and bouncing it later. This gives more 442direct feedback in case of a common client configuration error. 443 444