xref: /netbsd-src/external/ibm-public/postfix/dist/RELEASE_NOTES (revision 48360965f30c307b6836d0d898d15ce6c1d9b387)
1The stable Postfix release is called postfix-2.7.x where 2=major
2release number, 7=minor release number, x=patchlevel.  The stable
3release never changes except for patches that address bugs or
4emergencies. Patches change the patchlevel and the release date.
5
6New features are developed in snapshot releases. These are called
7postfix-2.8-yyyymmdd where yyyymmdd is the release date (yyyy=year,
8mm=month, dd=day).  Patches are never issued for snapshot releases;
9instead, a new snapshot is released.
10
11The mail_release_date configuration parameter (format: yyyymmdd)
12specifies the release date of a stable release or snapshot release.
13
14If you upgrade from Postfix 2.5 or earlier, read RELEASE_NOTES-2.6
15before proceeding.
16
17Incompatibility with Postfix 2.7.2
18----------------------------------
19
20Postfix no longer appends the system-supplied default CA certificates
21to the lists specified with *_tls_CAfile or with *_tls_CApath. This
22prevents third-party certificates from getting mail relay permission
23with the permit_tls_all_clientcerts feature.
24
25Unfortunately this change may cause compatibility problems when
26configurations rely on certificate verification for other purposes.
27Specify "tls_append_default_CA = yes" for backwards compatibility.
28
29Major changes - performance
30---------------------------
31
32[Feature 20100101] Periodic cache cleanup for the verify(8) cache
33database. The time between cache cleanup runs is controlled with
34the address_verify_cache_cleanup_interval (default: 12h) parameter.
35Cache cleanup increases the database access latency, so this should
36not be run more often than necessary.
37
38[Feature 20091109] Improved before-queue filter performance.  With
39"smtpd_proxy_options = speed_adjust", the Postfix SMTP server
40receives the entire message before it connects to a before-queue
41content filter. This means you can run more SMTP server processes
42with the same number of running content filter processes, and thus,
43handle more mail. This feature is off by default until it is proven
44to create no new problems.
45
46This addresses a concern of people in Europe who want to reject all
47bad mail with a before-queue filter. The alternative, an after-queue
48filter, means they would have to discard bad mail (which is illegal)
49or bounce bad mail (which violates good network citizenship).
50
51NOTE 1: When this feature is turned on, a filter cannot selectively
52reject recipients of a multi-recipient message.  It is OK to reject
53all recipients of the same multi-recipient message, as is deferring
54or accepting all recipients of the same multi-recipient message.
55
56NOTE 2: This feature increases the minimum amount of free queue
57space by $message_size_limit. The extra space is needed to save the
58message to a temporary file.
59
60To keep the performance overhead low, the same temporary file is
61reused with successive mail transactions (the file is of course
62truncated before reuse, so there is no information leakage).
63
64Major changes - sender reputation
65---------------------------------
66
67[Feature 20100117] The FILTER action in access maps or header/body_checks
68now supports sender reputation schemes that dynamically choose the
69SMTP source IP address. Typically, mail is split into classes, and
70all mail in class X is sent out from an SMTP client IP address that
71is reserved for class X.
72
73This is implemented by specifying FILTER actions with empty next-hop
74destinations in access maps or header/body_checks, and by configuring
75in master.cf one Postfix SMTP client for each SMTP source IP address,
76where each client has its own "-o myhostname" and "-o smtp_bind_address"
77settings.
78
79[Feature 20091209] sender_dependent_default_transport_maps, a
80per-sender override for default_transport. The original motivation
81is to use different output channels (with different source IP
82addresses) for different sender addresses, in order to keep their
83IP-based reputations separate from each other.
84
85The result value syntax is that of default_transport, not transport_maps.
86Thus, sender_dependent_default_transport_maps does not support the
87special transport_maps result value syntax for null transport, null
88nexthop, or null email address.
89
90This feature makes sender_dependent_relayhost_maps pretty much
91redundant (though sender_dependent_relayhost_maps will often be
92easier to use because that is the only thing people want to override).
93
94Major changes - address verification
95------------------------------------
96
97[Incompat 20100101] The verify(8) service now uses a persistent
98cache by default (address_verify_map = btree:$data_directory/verify_cache).
99To disable, specify "address_verify_map =" in main.cf.
100
101When periodic cache cleanup is enabled (the default), the verify(8)
102server now requires that the cache database supports the "delete"
103and "sequence" operations.  To disable periodic cache cleanup specify
104a zero address_verify_cache_cleanup_interval value.
105
106[Feature 20100101] Periodic cache cleanup for the verify(8) cache
107database. The time between cache cleanup runs is controlled with
108the address_verify_cache_cleanup_interval (default: 12h) parameter.
109Cache cleanup increases the database access latency, so this should
110not be run more often than necessary.
111
112Major changes - content filter
113------------------------------
114
115[Incompat 20100117] The meaning of an empty filter next-hop destination
116has changed (for example, "content_filter = foo:" or "FILTER foo:").
117Postfix now uses the recipient domain, instead of using $myhostname
118as in Postfix 2.6 and earlier.  To restore the old behavior specify
119"default_filter_nexthop = $myhostname", or specify a non-empty
120next-hop content filter destination.
121
122This compatibility option is not needed with SMTP-based content
123filters, because these always have an explicit next-hop destination.
124
125With pipe-based filters that specify no next-hop destination, the
126compatibility option restores the FIFO order of deliveries. Without
127the compatibility option, the delivery order for filters without
128next-hop destination changes to round-robin domain selection.
129
130[Feature 20100117] The FILTER action in access maps or header/body_checks
131now supports sender reputation schemes that dynamically choose the
132SMTP source IP address. Typically, mail is split into classes, and
133all mail in class X is sent out from an SMTP client IP address that
134is reserved for class X.
135
136This is implemented by specifying FILTER actions with empty next-hop
137destinations in access maps or header/body_checks, and by configuring
138in master.cf one Postfix SMTP client for each SMTP source IP address,
139where each client has its own "-o myhostname" and "-o smtp_bind_address"
140settings.
141
142[Feature 20091109] Improved before-queue filter performance.  With
143"smtpd_proxy_options = speed_adjust", the Postfix SMTP server
144receives the entire message before it connects to a before-queue
145content filter. This means you can run more SMTP server processes
146with the same number of running content filter processes, and thus,
147handle more mail. This feature is off by default until it is proven
148to create no new problems.
149
150This addresses a concern of people in Europe who want to reject all
151bad mail with a before-queue filter. The alternative, an after-queue
152filter, means they would have to discard bad mail (which is illegal)
153or bounce bad mail (which violates good network citizenship).
154
155NOTE 1: When this feature is turned on, a filter cannot selectively
156reject recipients of a multi-recipient message.  It is OK to reject
157all recipients of the same multi-recipient message, as is deferring
158or accepting all recipients of the same multi-recipient message.
159
160NOTE 2: This feature increases the minimum amount of free queue
161space by $message_size_limit. The extra space is needed to save the
162message to a temporary file.
163
164To keep the performance overhead low, the same temporary file is
165reused with successive mail transactions (the file is of course
166truncated before reuse, so there is no information leakage).
167
168Major changes - milter
169----------------------
170
171[Feature 20090606] Support for header checks on Milter-generated
172message headers.  This can be used, for example, to control mail
173flow with Milter-generated headers that carry indicators for badness
174or goodness. For details, see the postconf(5) section for
175"milter_header_checks". Currently, all header_checks features are
176implemented except PREPEND.
177
178Major changes - multi-instance support
179--------------------------------------
180
181[Incompat 20090606] The "postmulti -e destroy" command no longer
182attempts to remove files that are created AFTER "postmulti -e
183create".  It still works as expected immediately after creating an
184instance by mistake.  Trying to automatically remove other files
185is too risky because Postfix-owned directories are by design not
186trusted.
187
188