1This is the Postfix 3.8 stable release. 2 3The stable Postfix release is called postfix-3.8.x where 3=major 4release number, 8=minor release number, x=patchlevel. The stable 5release never changes except for patches that address bugs or 6emergencies. Patches change the patchlevel and the release date. 7 8New features are developed in snapshot releases. These are called 9postfix-3.9-yyyymmdd where yyyymmdd is the release date (yyyy=year, 10mm=month, dd=day). Patches are never issued for snapshot releases; 11instead, a new snapshot is released. 12 13The mail_release_date configuration parameter (format: yyyymmdd) 14specifies the release date of a stable release or snapshot release. 15 16If you upgrade from Postfix 3.6 or earlier, please read RELEASE_NOTES-3.7 17before proceeding. 18 19Dual license 20------------ 21 22As of Postfix 3.2.5 this software is distributed with a dual license: 23in addition to the historical IBM Public License (IPL) 1.0, it is 24now also distributed with the more recent Eclipse Public License 25(EPL) 2.0. Recipients can choose to take the software under the 26license of their choice. Those who are more comfortable with the 27IPL can continue with that license. 28 29Major changes with Postfix 3.8.4 30================================ 31 32Security: the Postfix SMTP server optionally disconnects a remote 33SMTP client that sends a 'bare newline' line ending in SMTP. This 34prevents an SMTP smuggling attack on recipients at a Postfix server. 35For background, see https://www.postfix.org/smtp-smuggling.html 36 37Sites concerned about SMTP smuggling attacks should enable this 38feature in Internet-facing Postfix servers. For compatibility with 39non-standard clients, Postfix by default excludes clients in 40mynetworks from this countermeasure. 41 42The default settings are: 43 44 # Optionally disconnect remote SMTP clients that send bare newlines, 45 # but allow local clients with non-standard SMTP implementations 46 # such as netcat, fax machines, or load balancer health checks. 47 # 48 smtpd_forbid_bare_newline = no 49 smtpd_forbid_bare_newline_exclusions = $mynetworks 50 51This feature is back-ported from Postfix 3.9, with the difference 52that "smtpd_forbid_bare_newline = no" by default. 53 54Major changes with Postfix 3.8.1 55================================ 56 57Security: the Postfix SMTP server optionally disconnects remote 58SMTP clients that violate RFC 2920 (or 5321) command pipelining 59constraints. The server replies with "554 5.5.0 Error: SMTP protocol 60synchronization" and logs the unexpected remote SMTP client input. 61Specify "smtpd_forbid_unauth_pipelining = yes" to enable. This 62feature is enabled by default in Postfix 3.9 and later. 63 64Workaround to limit collateral damage from OS distributions that 65crank up security to 11, increasing the number of plaintext email 66deliveries. This introduces basic OpenSSL configuration file support, 67with two new parameters "tls_config_file" and "tls_config_name". 68Details are in the postconf(5) manpage under "tls_config_file" and 69"tls_config_name". 70 71Major changes - documentation and code cleanup 72---------------------------------------------- 73 74There are numerous small fixes to Postfix documentation, and small 75code-health changes that should not affect documented behavior but 76may improve Postfix behavior for malformed input, or that make 77Postfix easier to maintain. See the HISTORY file for details. 78 79Major changes - SRV support 80--------------------------- 81 82[Feature 20230214] Support to look up DNS SRV records in the Postfix 83SMTP/LMTP client, Based on code by Tomas Korbar (Red Hat). 84 85For example, with "use_srv_lookup = submission" and "relayhost = 86example.com:submission", the Postfix SMTP client will look up DNS 87SRV records for _submission._tcp.example.com, and will relay email 88through the hosts and ports that are specified with those records. 89 90See https://www.postfix.org/postconf.5.html#use_srv_lookup for more 91details, including how to selectively use SRV in a configuration 92that connects to multiple ISP accounts. 93 94SRV support may also be useful inside a cloud-based infrastructure 95when Postfix needs to deliver mail to services that run on a 96dynamically-allocated port. 97 98Major changes - TLS support 99--------------------------- 100 101[Incompat 20230304] This introduces the following changes: 102 103- Postfix treats the "export" and "low" cipher grade settings as 104 "medium". The "export" and "low" grades are no longer supported 105 in OpenSSL 1.1.1, the minimum version that Postfix requires. 106 107- Postfix default settings now exclude the following deprecated or 108 unused ciphers (SEED, IDEA, 3DES, RC2, RC4, RC5), digest (MD5), 109 key exchange algorithms (DH, ECDH), and public key algorithm 110 (DSS). 111 112[Feature 20230108] New configuration parameter tls_ffdhe_auto_groups 113for finite-field Diffie-Hellman ephemeral (FFDHE) support in TLS 1141.3 with OpenSSL 3.0. 115 116Major changes - attack resistance 117--------------------------------- 118 119[Feature 20240312] the Postfix SMTP server can now aggregate 120smtpd_client_*_rate and smtpd_client_*_count statistics by network 121block, as specified with smtpd_client_ipv4_prefix_length (default 12232, no aggregation) and smtpd_client_ipv6_prefix_length (default 12384, aggregation by /84 network blocks). The latter raises the bar 124for a memory exhaustion attack. 125 126[Feature 20221023] Unconditionally disable a CPU resource attack 127requesting TLS renegotiation. There's no good reason to support 128this in the middle of an SMTP connection. 129 130Major changes - bit rot 131----------------------- 132 133[Incompat 20221228] Postfix documentation and code have been converted 134to use "grep -E" and "grep -F" instead of the historical forms 135"egrep" and "fgrep". To build Postfix on a system that supports 136only the historical forms, run the script auxiliary/fix-grep/fix-grep.sh 137to revert this change. 138 139Major changes - configuration checks 140------------------------------------ 141 142[Feature 20240406] The postconf command now warns for #comment in 143or after a Postfix parameter value. Postfix programs do not support 144#comment after other text, and treat that as input. 145 146Major changes - database support 147-------------------------------- 148 149[Incompat 20220509] The PostgreSQL client encoding is now configurable 150with the "encoding" Postfix configuration file attribute. The default 151is "UTF8". Previously the encoding was hard-coded as "LATIN1". 152 153Major changes - logging 154----------------------- 155 156[Incompat 20230308] The postfix(1) and postlog(1) commands now 157produce stderr logging even when stderr is not connected to a 158terminal. This eliminates an inconsistency, and makes these programs 159easier to use in some automated procedures. The canonical example 160is to capture output from "postmulti -p status" to figure out which 161instances are or are not running. 162 163Major changes - source code organization 164---------------------------------------- 165 166[Incompat 20220507] Most global/mkmap*.[hc] files are moved to the 167util directory; only global/mkmap_proxy.* remains. The old file 168organization was designed before support for dynamically-loadable 169databases was added, and that code suffered from complexity. 170 171