1The stable Postfix release is called postfix-2.7.x where 2=major 2release number, 7=minor release number, x=patchlevel. The stable 3release never changes except for patches that address bugs or 4emergencies. Patches change the patchlevel and the release date. 5 6New features are developed in snapshot releases. These are called 7postfix-2.8-yyyymmdd where yyyymmdd is the release date (yyyy=year, 8mm=month, dd=day). Patches are never issued for snapshot releases; 9instead, a new snapshot is released. 10 11The mail_release_date configuration parameter (format: yyyymmdd) 12specifies the release date of a stable release or snapshot release. 13 14If you upgrade from Postfix 2.5 or earlier, read RELEASE_NOTES-2.6 15before proceeding. 16 17Incompatibility with Postfix 2.7.2 18---------------------------------- 19 20Postfix no longer appends the system-supplied default CA certificates 21to the lists specified with *_tls_CAfile or with *_tls_CApath. This 22prevents third-party certificates from getting mail relay permission 23with the permit_tls_all_clientcerts feature. 24 25Unfortunately this change may cause compatibility problems when 26configurations rely on certificate verification for other purposes. 27Specify "tls_append_default_CA = yes" for backwards compatibility. 28 29Major changes - performance 30--------------------------- 31 32[Feature 20100101] Periodic cache cleanup for the verify(8) cache 33database. The time between cache cleanup runs is controlled with 34the address_verify_cache_cleanup_interval (default: 12h) parameter. 35Cache cleanup increases the database access latency, so this should 36not be run more often than necessary. 37 38[Feature 20091109] Improved before-queue filter performance. With 39"smtpd_proxy_options = speed_adjust", the Postfix SMTP server 40receives the entire message before it connects to a before-queue 41content filter. This means you can run more SMTP server processes 42with the same number of running content filter processes, and thus, 43handle more mail. This feature is off by default until it is proven 44to create no new problems. 45 46This addresses a concern of people in Europe who want to reject all 47bad mail with a before-queue filter. The alternative, an after-queue 48filter, means they would have to discard bad mail (which is illegal) 49or bounce bad mail (which violates good network citizenship). 50 51NOTE 1: When this feature is turned on, a filter cannot selectively 52reject recipients of a multi-recipient message. It is OK to reject 53all recipients of the same multi-recipient message, as is deferring 54or accepting all recipients of the same multi-recipient message. 55 56NOTE 2: This feature increases the minimum amount of free queue 57space by $message_size_limit. The extra space is needed to save the 58message to a temporary file. 59 60To keep the performance overhead low, the same temporary file is 61reused with successive mail transactions (the file is of course 62truncated before reuse, so there is no information leakage). 63 64Major changes - sender reputation 65--------------------------------- 66 67[Feature 20100117] The FILTER action in access maps or header/body_checks 68now supports sender reputation schemes that dynamically choose the 69SMTP source IP address. Typically, mail is split into classes, and 70all mail in class X is sent out from an SMTP client IP address that 71is reserved for class X. 72 73This is implemented by specifying FILTER actions with empty next-hop 74destinations in access maps or header/body_checks, and by configuring 75in master.cf one Postfix SMTP client for each SMTP source IP address, 76where each client has its own "-o myhostname" and "-o smtp_bind_address" 77settings. 78 79[Feature 20091209] sender_dependent_default_transport_maps, a 80per-sender override for default_transport. The original motivation 81is to use different output channels (with different source IP 82addresses) for different sender addresses, in order to keep their 83IP-based reputations separate from each other. 84 85The result value syntax is that of default_transport, not transport_maps. 86Thus, sender_dependent_default_transport_maps does not support the 87special transport_maps result value syntax for null transport, null 88nexthop, or null email address. 89 90This feature makes sender_dependent_relayhost_maps pretty much 91redundant (though sender_dependent_relayhost_maps will often be 92easier to use because that is the only thing people want to override). 93 94Major changes - address verification 95------------------------------------ 96 97[Incompat 20100101] The verify(8) service now uses a persistent 98cache by default (address_verify_map = btree:$data_directory/verify_cache). 99To disable, specify "address_verify_map =" in main.cf. 100 101When periodic cache cleanup is enabled (the default), the verify(8) 102server now requires that the cache database supports the "delete" 103and "sequence" operations. To disable periodic cache cleanup specify 104a zero address_verify_cache_cleanup_interval value. 105 106[Feature 20100101] Periodic cache cleanup for the verify(8) cache 107database. The time between cache cleanup runs is controlled with 108the address_verify_cache_cleanup_interval (default: 12h) parameter. 109Cache cleanup increases the database access latency, so this should 110not be run more often than necessary. 111 112Major changes - content filter 113------------------------------ 114 115[Incompat 20100117] The meaning of an empty filter next-hop destination 116has changed (for example, "content_filter = foo:" or "FILTER foo:"). 117Postfix now uses the recipient domain, instead of using $myhostname 118as in Postfix 2.6 and earlier. To restore the old behavior specify 119"default_filter_nexthop = $myhostname", or specify a non-empty 120next-hop content filter destination. 121 122This compatibility option is not needed with SMTP-based content 123filters, because these always have an explicit next-hop destination. 124 125With pipe-based filters that specify no next-hop destination, the 126compatibility option restores the FIFO order of deliveries. Without 127the compatibility option, the delivery order for filters without 128next-hop destination changes to round-robin domain selection. 129 130[Feature 20100117] The FILTER action in access maps or header/body_checks 131now supports sender reputation schemes that dynamically choose the 132SMTP source IP address. Typically, mail is split into classes, and 133all mail in class X is sent out from an SMTP client IP address that 134is reserved for class X. 135 136This is implemented by specifying FILTER actions with empty next-hop 137destinations in access maps or header/body_checks, and by configuring 138in master.cf one Postfix SMTP client for each SMTP source IP address, 139where each client has its own "-o myhostname" and "-o smtp_bind_address" 140settings. 141 142[Feature 20091109] Improved before-queue filter performance. With 143"smtpd_proxy_options = speed_adjust", the Postfix SMTP server 144receives the entire message before it connects to a before-queue 145content filter. This means you can run more SMTP server processes 146with the same number of running content filter processes, and thus, 147handle more mail. This feature is off by default until it is proven 148to create no new problems. 149 150This addresses a concern of people in Europe who want to reject all 151bad mail with a before-queue filter. The alternative, an after-queue 152filter, means they would have to discard bad mail (which is illegal) 153or bounce bad mail (which violates good network citizenship). 154 155NOTE 1: When this feature is turned on, a filter cannot selectively 156reject recipients of a multi-recipient message. It is OK to reject 157all recipients of the same multi-recipient message, as is deferring 158or accepting all recipients of the same multi-recipient message. 159 160NOTE 2: This feature increases the minimum amount of free queue 161space by $message_size_limit. The extra space is needed to save the 162message to a temporary file. 163 164To keep the performance overhead low, the same temporary file is 165reused with successive mail transactions (the file is of course 166truncated before reuse, so there is no information leakage). 167 168Major changes - milter 169---------------------- 170 171[Feature 20090606] Support for header checks on Milter-generated 172message headers. This can be used, for example, to control mail 173flow with Milter-generated headers that carry indicators for badness 174or goodness. For details, see the postconf(5) section for 175"milter_header_checks". Currently, all header_checks features are 176implemented except PREPEND. 177 178Major changes - multi-instance support 179-------------------------------------- 180 181[Incompat 20090606] The "postmulti -e destroy" command no longer 182attempts to remove files that are created AFTER "postmulti -e 183create". It still works as expected immediately after creating an 184instance by mistake. Trying to automatically remove other files 185is too risky because Postfix-owned directories are by design not 186trusted. 187 188