1This is the Postfix 3.6 (stable) release. 2 3The stable Postfix release is called postfix-3.6.x where 3=major 4release number, 6=minor release number, x=patchlevel. The stable 5release never changes except for patches that address bugs or 6emergencies. Patches change the patchlevel and the release date. 7 8New features are developed in snapshot releases. These are called 9postfix-3.7-yyyymmdd where yyyymmdd is the release date (yyyy=year, 10mm=month, dd=day). Patches are never issued for snapshot releases; 11instead, a new snapshot is released. 12 13The mail_release_date configuration parameter (format: yyyymmdd) 14specifies the release date of a stable release or snapshot release. 15 16If you upgrade from Postfix 3.4 or earlier, read RELEASE_NOTES-3.5 17before proceeding. 18 19License change 20--------------- 21 22This software is distributed with a dual license: in addition to the 23historical IBM Public License 1.0, it is now also distributed with the 24more recent Eclipse Public License 2.0. Recipients can choose to take 25the software under the license of their choice. Those who are more 26comfortable with the IPL can continue with that license. 27 28Major changes - internal protocol identification 29------------------------------------------------ 30 31[Incompat 20200920] Internal protocols have changed. You need to 32"postfix stop" before updating, or before backing out to an earlier 33release, otherwise long-running daemons (pickup, qmgr, verify, tlsproxy, 34postscreen) may fail to communicate with the rest of Postfix, causing 35mail delivery delays until Postfix is restarted. 36 37This change does not affect message files in Postfix queue directories, 38only the communication between running Postfix programs. 39 40With this change, every Postfix internal service, including the postdrop 41command, announces the name of its protocol before doing any other I/O. 42Every Postfix client program, including the Postfix sendmail command, 43will verify that the protocol name matches what it is supposed to be. 44 45The purpose of this change is to produce better error messages, for 46example, when someone configures the discard daemon as a bounce 47service in master.cf, or vice versa. 48 49This change may break third-party programs that implement a 50Postfix-internal protocol such as qpsmtpd. Such programs have never 51been supported. Fortunately, this will be an easy fix: look at the 52first data from the cleanup daemon: if it is a protocol announcement, 53you're talking to Postfix 3.6 or later. That's the only real change. 54 55Major changes - tls 56------------------- 57 58[Incompat 20200705] The minimum supported OpenSSL version is 1.1.1, 59which will reach the end of life by 2023-09-11. Postfix 3.6 is 60expected to reach the end of support in 2025. Until then, Postfix 61will be updated as needed for compatibility with OpenSSL. 62 63The default fingerprint digest has changed from md5 to sha256 (Postfix 643.6 with compatibility_level >= 3.6). With a lower compatibility_level 65setting, Postfix defaults to using md5, and logs a warning when a Postfix 66configuration specifies no explicit digest type. 67 68Export-grade Diffie-Hellman key exchange is no longer supported, 69and the tlsproxy_tls_dh512_param_file parameter is ignored, 70 71[Feature 20200906] The tlstype.pl helper script by Viktor Dukhovni 72reports TLS information per message delivery. This processes output 73from the collate.pl script. See auxiliary/collate/README.tlstype and 74auxiliary/collate/tlstype.pl. 75 76Major changes - compatibility level 77----------------------------------- 78 79[Feature 20210109] Starting with Postfix version 3.6, the compatibility 80level is "3.6". In future Postfix releases, the compatibility level will 81be the Postfix version that introduced the last incompatible change. The 82level is formatted as 'major.minor.patch', where 'patch' is usually 83omitted and defaults to zero. Earlier compatibility levels are 0, 1 and 2. 84 85This also introduces main.cf and master.cf support for the <=level, 86<level, and other operators to compare compatibility levels. With the 87standard <=, <, etc. operators, compatibility level 3.10 would be less 88than 3.9, which is undesirable. 89 90Major changes - services(5) override 91------------------------------------ 92 93[Feature 20210418] Postfix no longer uses the services(5) database 94to look up the TCP ports for SMTP and LMTP services. Instead, this 95information is configured with the new known_tcp_ports configuration 96parameter (default: lmtp=24, smtp=25, smtps=submissions=465, 97submission=587). When a service is not specified in known_tcp_ports, 98Postfix will still query the services(5) database. 99 100Major changes - local_login_sender_maps 101--------------------------------------- 102 103[Feature 20201025] Fine-grained control over the envelope sender address 104for submission with the Postfix sendmail (or postdrop) commands. 105 106The local_login_sender_maps parameter (default: static:*) specifies 107a list of lookup tables that are searched by the UNIX login name, and 108that return a list of allowed envelope sender patterns separated by 109space or comma. The default is backwards-compatible: every user may 110specify any sender envelope address. 111 112This feature is enforced by the postdrop command. When no UNIX login 113name is available, the postdrop command will prepend "uid:" to the 114numerical UID and use that instead. 115 116This feature ignores address extensions in the user-specified 117envelope sender address. 118 119Besides the special pattern "*" which allows any sender address, 120there are "<>" which matches an empty sender address, and the 121"@domain" wildcard pattern. More information about those can be found 122in the postconf(5) manpage. 123 124Example: 125 126/etc/postfix/main.cf: 127 # Allow root and postfix full control, anyone else can only 128 # send mail as themselves. Use "uid:" followed by the numerical 129 # UID when the UID has no entry in the UNIX password file. 130 local_login_sender_maps = 131 inline:{ { root = *}, { postfix = * } }, 132 pcre:/etc/postfix/login_senders 133 134/etc/postfix/login_senders: 135 # Allow both the bare username and the user@domain forms. 136 /(.+)/ $1 $1@example.com 137 138Major changes - order of relay and recipient restrictions 139--------------------------------------------------------- 140 141[Incompat 20210131] With smtpd_relay_before_recipient_restrictions=yes, 142the Postfix SMTP server will evaluate smtpd_relay_restrictions before 143smtpd_recipient_restrictions. This is the default behavior with 144compatibility_level >= 3.6. 145 146This change makes the implemented behavior consistent with existing 147documentation. There is a backwards-compatibility warning that allows 148users to freeze historical behavior. See COMPATIBILITY_README for 149details. 150 151Major changes - respectful logging 152---------------------------------- 153 154[Feature 20210220] Postfix version 3.6 deprecates terminology 155that implies white is better than black. Instead, Postfix prefers 156'allowlist', 'denylist', and variations on those words. This change 157affects Postfix documentation, and postscreen parameters and logging. 158 159To keep the old postscreen logging set "respectful_logging = no" 160in main.cf. 161 162Noel Jones assisted with the initial transition. 163 164Changes in documentation 165------------------------ 166 167Postfix documentation was updated to use 'allowlist', 'denylist', etc. 168These documentation changes do not affect Postfix behavior. 169 170Changes in parameter names 171-------------------------- 172 173The following postscreen parameters replace names that contain 'blacklist' 174or 'whitelist': 175 176 postscreen_allowlist_interfaces 177 postscreen_denylist_action 178 postscreen_dnsbl_allowlist_threshold 179 180These new parameters have backwards-compatible default settings 181that support the old parameter names, so that the name change should 182not affect Postfix behavior. This means that existing management tools 183that use the old parameter names should keep working as before. 184 185This compatibility safety net may break when some management tools 186use the new parameter names, and some use the old names, such that 187different tools will disagree on how Postfix works. 188 189Changes in logging 190------------------ 191 192The following logging replaces forms that contain 'blacklist' or 193'whitelist': 194 195 postfix/postscreen[pid]: ALLOWLIST VETO [address]:port 196 postfix/postscreen[pid]: ALLOWLISTED [address]:port 197 postfix/postscreen[pid]: DENYLISTED [address]:port 198 199To avoid breaking logfile analysis tools, Postfix keeps logging the old 200forms by default, as long as the compatibility_level parameter setting 201is less than 3.6, and the respectful_logging parameter is not explicitly 202configured. As a reminder, Postfix will log the following: 203 204 postfix/postscreen[pid]: Using backwards-compatible default setting 205 respectful_logging=no for client [address]:port 206 207To keep logging the old form, make the setting "respectful_logging = 208no" permanent in main.cf, for example: 209 210 # postconf "respectful_logging = no" 211 # postfix reload 212 213To stop the reminder, configure the respectful_logging parameter to 214"yes" or "no", or configure "compatibility_level = 3.6". 215 216Major changes - threaded bounces 217-------------------------------- 218 219[Feature 20201205] Support for threaded bounces. This allows mail 220readers to present a non-delivery, delayed delivery, or successful 221delivery notification in the same email thread as the original 222message. 223 224Unfortunately, this also makes it easy for users to mistakenly delete 225the whole email thread (all related messages), instead of deleting 226only the delivery status notification. 227 228To enable, specify "enable_threaded_bounces = yes". 229 230Other changes - smtpd_sasl_mechanism_list 231----------------------------------------- 232 233[Feature 20200906] The smtpd_sasl_mechanism_list parameter (default: 234!external, static:rest) prevents confusing errors when a SASL backend 235announces EXTERNAL support which Postfix does not support. 236 237Other changes - delivery logging 238-------------------------------- 239 240[Incompat 20200531] Postfix delivery agents now log an explicit record 241when delegating delivery to a different Postfix delivery agent. 242 243For example, with "best_mx_transport = local", an SMTP delivery 244agent will now log when a recipient will be delivered locally. This 245makes the delegating delivery agent visible, where it would otherwise 246have remained invisible, which would complicate troubleshooting. 247 248 postfix/smtp[pid]: queueid: passing <recipient> to transport=local 249 250This will usually be followed by logging for an actual delivery: 251 252 postfix/local[pid]: queueid: to=<recipient>, relay=local, ... 253 254Other examples: the local delivery agent will log a record that it 255defers mailbox delivery through mailbox_transport or through 256fallback_transport. 257 258Other changes - error logging 259----------------------------- 260 261[Incompat 20200531] Postfix programs will now log "Application error" 262instead of "Success" or "Unknown error: 0" when an operation fails with 263errno == 0, i.e., the error originates from non-kernel code. 264 265Other changes - dns lookups 266--------------------------- 267 268[Feature 20200509] The threadsafe resolver API (res_nxxx() calls) 269is now the default, not because the API is threadsafe, but because 270this is the API where new features are being added. 271 272To build old style, build with: 273 274 make makefiles CCARGS="-DNO_RES_NCALLS..." 275 276This is the default for systems that are known not to support the 277threadsafe resolver API. 278