1This is the Postfix 3.5 (stable) release. 2 3The stable Postfix release is called postfix-3.5.x where 3=major 4release number, 5=minor release number, x=patchlevel. The stable 5release never changes except for patches that address bugs or 6emergencies. Patches change the patchlevel and the release date. 7 8New features are developed in snapshot releases. These are called 9postfix-3.6-yyyymmdd where yyyymmdd is the release date (yyyy=year, 10mm=month, dd=day). Patches are never issued for snapshot releases; 11instead, a new snapshot is released. 12 13The mail_release_date configuration parameter (format: yyyymmdd) 14specifies the release date of a stable release or snapshot release. 15 16If you upgrade from Postfix 3.3 or earlier, read RELEASE_NOTES-3.4 17before proceeding. 18 19License change 20--------------- 21 22This software is distributed with a dual license: in addition to the 23historical IBM Public License 1.0, it is now also distributed with the 24more recent Eclipse Public License 2.0. Recipients can choose to take 25the software under the license of their choice. Those who are more 26comfortable with the IPL can continue with that license. 27 28Major changes - multiple relayhost in SMTP 29------------------------------------------ 30 31[Feature 20200111] the Postfix SMTP and LMTP client support a list 32of nexthop destinations separated by comma or whitespace. These 33destinations will be tried in the specified order. 34 35The list form can be specified in relayhost, transport_maps, 36default_transport, and sender_dependent_default_transport_maps. 37 38Examples: 39/etc/postfix/main.cf: 40 relayhost = foo.example, bar.example 41 default_transport = smtp:foo.example, bar.example. 42 43NOTE: this is an SMTP and LMTP client feature. It does not work for 44other Postfix delivery agents. 45 46Major changes - certificate access 47---------------------------------- 48 49[Feature 20190517] Search order support for check_ccert_access. 50Search order support for other tables is in design (canonical_maps, 51virtual_alias_maps, transport_maps, etc.). 52 53The following check_ccert_access setting uses the built-in search 54order: it first looks up the client certificate fingerprint, then 55the client certificate public-key fingerprint, and it stops when a 56decision is made. 57 58/etc/postfix/main.cf: 59 smtpd_mumble_restrictions = 60 ... 61 check_ccert_access hash:/etc/postfix/ccert-access 62 ... 63 64The following setting, with explicit search order, produces the 65exact same result: 66 67/etc/postfix/main.cf: 68 smtpd_mumble_restrictions = 69 ... 70 check_ccert_access { 71 hash:/etc/postfix/ccert-access { 72 search_order = cert_fingerprint, pubkey_fingerprint } } 73 ... 74 75Support is planned for other certificate features. 76 77Major changes - dovecot usability 78--------------------------------- 79 80[Feature 20190615] The SMTP+LMTP delivery agent can now prepend 81Delivered-To, X-Original-To and Return-Path headers, just like the 82pipe(8) and local(8) delivery agents. 83 84This uses the "flags=DORX" command-line flags in master.cf. See the 85smtp(8) manpage for details. 86 87This obsoletes the "lmtp_assume_final = yes" setting, and replaces 88it with "flags=...X...", for consistency with the pipe(8) delivery 89agent. 90 91Major changes - forced expiration 92--------------------------------- 93 94[Feature 20200202] Support to force-expire email messages. This 95introduces new postsuper(1) command-line options to request expiration, 96and additional information in mailq(1) or postqueue(1) output. 97 98The forced-to-expire status is stored in a queue file attribute. 99An expired message is returned to the sender when the queue manager 100attempts to deliver that message (note that Postfix will never 101deliver messages in the hold queue). 102 103The postsuper(1) -e and -f options both set the forced-to-expire 104queue file attribute. The difference is that -f will also release 105a message if it is in the hold queue. With -e, such a message would 106not be returned to the sender until it is released with -f or -H. 107 108In the mailq(1) or postqueue(1) -p output, a forced-to-expire message 109is indicated with # after the queue file name. In postqueue(1) JSON 110output, there is a new per-message field "forced_expire" (with value 111true or false) that shows the forced-to-expire status. 112 113Major changes - haproxy2 protocol 114--------------------------------- 115 116[Feature 20200112] Support for the haproxy v2 protocol. The Postfix 117implementation supports TCP over IPv4 and IPv6, as well as non-proxied 118connections; the latter are typically used for heartbeat tests. 119 120The haproxy v2 protocol introduces no additional Postfix configuration. 121The Postfix smtpd(8) and postscreen(8) daemons accept both v1 and 122v2 protocol versions. 123 124Major changes - logging 125----------------------- 126 127[Incompat 20191109] Postfix daemon processes now log the from= and 128to= addresses in external (quoted) form in non-debug logging (info, 129warning, etc.). This means that when an address localpart contains 130spaces or other special characters, the localpart will be quoted, 131for example: 132 133 from=<"name with spaces"@example.com> 134 135Older Postfix versions would log the internal (unquoted) form: 136 137 from=<name with spaces@example.com> 138 139The external and internal forms are identical for the vast majority 140of email addresses that contain no spaces or other special characters 141in the localpart. 142 143Specify "info_log_address_format = internal" for backwards 144compatibility. 145 146The logging in external form is consistent with the address form 147that Postfix 3.2 and later prefer for table lookups. It is therefore 148the more useful form for non-debug logging. 149 150Major changes - IP address normalization 151---------------------------------------- 152 153[Incompat 20190427] Postfix now normalizes IP addresses received 154with XCLIENT, XFORWARD, or with the HaProxy protocol, for consistency 155with direct connections to Postfix. This may change the appearance 156of logging, and the way that check_client_access will match subnets 157of an IPv6 address. 158